Abstract: A method and system are described for establishing an end-to-end route for data to traverse a wireless network, including calculating a link cost function, calculating a quantized link cost function using the calculated link cost, function, calculating a quantized cost of each of a plurality, of end-to-end routes for data to traverse the wireless network, wherein the plurality of end-to-end routes include routes between a same set of nodes in the wireless network, wherein, the quantized cost of each of the plurality of end-to-end routes for data to traverse the wireless network is performed using the quantized link cost function and selecting one of the plurality of end-to-end routes, for data to traverse the wireless network based on the quantized cost of each of the plurality of end-to-end routes. Also described is a node in a wireless network configured to participate in the establishment of a bi-directional end-to-end route for data to traverse the wireless network.

Abstract: Provided is a secure apparatus for protecting the integrity of a software system and a method thereof. The apparatus comprises: a template repository for storing templates required for generating an agent module; a template generator for randomly selecting one template from said template repository and generating a new agent module according to the selected template; and a transceiver for sending said new agent module to an external apparatus communicating with said secure apparatus to update a current agent module which is running in said external apparatus, wherein said current agent module is used to verify the integrity of said software system running in said external apparatus. The secure apparatus can protect software in an insecure environment with a high software protection level to prevent the software from being tampered or bypassed.

Abstract: An apparatus and a method for securely submitting a request and an apparatus and a method for securely processing a request. The apparatus for securely submitting a request includes a request pre-submitting component and a request confirmation component. The request pre-submitting component sends a request with a unique identifier to a server and sends an alarm message containing the unique identifier and a request description to the request confirmation component. The request confirmation component contains a key inaccessible to other components in a client. It pops up a request confirmation window, on which the request description is displayed, in response to the alarm message and generates a request confirmation message associated with the request by using the key and the unique identifier.

Abstract: A plurality of templates for web application server firewall rules are generated. A vulnerability report for the web application is obtained. At least one web application server firewall rule is generated, using the vulnerability report and at least one of the plurality of templates. The at least one web application server firewall rule is tested. The at least one web application server firewall rule is deployed to run on the web application server firewall.

Abstract: A method for managing a working task based on a communication message. The method may include the steps of: in response to receiving a communication message, matching the communication message using a matching rule; determining an application managing a working task associated with the communication message according to the matching result; prompting the user to perform an operation on the application managing the working task.

Abstract: Disclosed is an apparatus for managing a working task based on a communication message. The apparatus may include a rule matching module configured to, in response to receiving a communication message, match the communication message using a matching rule. An application determining module is configured to determine an application managing a working task associated with the communication message according to the matching result. A prompting module is configured to prompt the user to perform an operation on the application managing the working task.

Abstract: A runtime vulnerability defense method, system, and computer readable article of manufacture tangibly embodying computer readable instructions for executing the method for cross domain interactions for a Web application. The method includes: creating a first and second iFrame object by the Web application which belong to a lower domain; creating an object O by the first iFrame object; sharing the created object O by the second iFrame object; promoting the domain of the second iFrame object to an upper domain; creating in the shared object O a source accessing function for submitting to a third party server a request to access the content of the third party server; and creating in the shared object O a sanitization function for sanitizing the response received from the server.

Abstract: A computer-implemented method, apparatus, and article of manufacture for security validation of a user input in a computer network application. The method includes: providing a subset of security rules of a server-side protection means to a pre-validation component deployed at a client side, so as to enable security validation of a user input on the client side by the pre-validation component; validating the user input based on at least one of the security rules; determining, in response to detecting a user input violation and that a violated security rule has not been provided to the pre-validation component, the user as a first class of users; determining, in response to detecting the user input violation and that the violated security rule has been provided to the pre-validation component, the user as a second class of users; and performing different security protection actions to the first and second class of users.

Abstract: At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model is identified. The HTTP message model includes a plurality of message model sections. Additional steps include parsing a representation of the at least one of an HTTP request message and an HTTP response message into message sections in accordance with the message model sections of the HTTP message model; and binding a plurality of security rules to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition. The given condition is based, at least in part, on a corresponding given one of the message sections. A further step includes processing the at least one of an HTTP request message and an HTTP response message in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided.

Abstract: A method, system and an article of manufacture tangibly embodying a computer readable program for protecting Web application data between a server and a client. A response created by the Web application for the client is backed up and modified by adding capturing code for capturing a user action, user data of the client, or combination thereof. The modified response is sent to the client and a request submitted by the client and the user action and/or user data captured by the capturing code is received. A verifying request is generated according to the received user action and/user data captured by the capturing code and the backup of the response. The request submitted by the client is verified according to the verifying request and the verified request is sent to the Web application of the server.

Abstract: A method for encoding motion-compensated video data includes generating, for a current frame, a high-pass wavelet coefficient based on a function of pixels in a temporally adjacent frame. The operations are repeated for multiple pixels in an array of pixels in the current frame to form an array of high-pass wavelet coefficients. A low-pass wavelet coefficient is generated based on a function of the high-pass wavelet coefficients. A system for coding video data includes a temporal wavelet decomposition module decomposing a pixel into a high-pass coefficient by performing a discrete wavelet transform on the pixel, a function of pixels in a previous frame, and/or a function of pixels in a subsequent frame. The system includes a motion estimation module generating motion vectors associated with the pixels in the previous frame and in the subsequent frame.

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.

Abstract: A method and system for detecting a source-related risk and generating an alert concerning the source-related risk are disclosed. Criteria of the source-related risk are defined. Thresholds associated with the source-related risk are defined. Every operation on an object is detected. If an operation on an object satisfies a criterion among the criteria or if the operation causes to exceed a threshold among the thresholds, an alert is generated for the operation.

Abstract: A process to prepare an olefin from its corresponding alcohol is improved by reacting, under reaction conditions including a first temperature, an aliphatic alcohol and, optionally, diluent water, to form a reaction product including at least a dialkyl ether. The product is then reacted again, under higher temperature to complete the dehydration of the dialkyl ether to the desired olefin. This process is particularly suitable to prepare ethene from ethyl alcohol. The stepped temperature scheme serves to reduce the formation of byproduct aldehydes, which in turn reduces coke formation, fouling, and the need to handle large amounts of water, thereby lowering energy and capital costs.

Abstract: The present invention relates to RF-amide peptides and their use for treating, preventing and curing neurological and metabolic medical disorders. The invention also relates to methods for modulating a G-protein coupled receptor and for identifying substances which modulate the receptor.

Abstract: A method and apparatus are described for determining a route, channel assignment, multiple-in, multiple out stream control and a transmission schedule in a network, including determining the route responsive to long term network conditions and long term traffic conditions of the network, determining the channel assignment, the multiple-in multiple-out stream control, and the transmission schedule responsive to local channel conditions, local link conditions and local traffic conditions of the network and determining if there has been a change in one of the long tem network conditions and the long term traffic conditions of the network.

Abstract: A method, apparatus and computer program product for performing authorization control in a cloud storage system. The method comprises: receiving an access request to a file block, wherein the file block is embedded with tag data comprising at least file block authorization information; retrieving the file block; extracting the file block authorization information from the tag data; determining whether the access request matches the file block authorization information; and performing the access request if the access request matches the file block authorization information. Effective authorization control may be performed in a cloud storage system.

Abstract: A method and system for dynamically providing a composite source information report whenever source information of a composite object is updated. The system includes a subscription handler for receiving a subscription request and generating a subscription query, a means for determining whether source information of an element in a composite object has been edited (added, deleted and/or modified), a source information determining handler for automatically determining source information of an element in a composite object and a composite source information report generation handler for generating a composite source information report and providing the report to users. The system further comprises an authentication handler, an editing handler, an editing monitor, a source information recording handler, subscription source information retrieving handler and a server database.

Abstract: A method and apparatus are described for selecting an access point in a wireless network, including initializing a channel index, recording a received signal power and information contained in one of a beacon message and a probe request response message, calculating an access link metric for each candidate access point, the access link 13 metric being between an end device and each candidate access point on the channel indexed by the channel index responsive to the received signal power and information receiving a path metric between each candidate access point and a gateway, estimating a function using the access link metric and the path metric, selecting one of the candidate access points based on the function and establishing a connection with the selected access point. Also described is a method and apparatus for maintaining a connection with an access point.

Abstract: A method for providing virtual membership cards whereby by a card broker generates a virtual membership card based on the information of a card issuer and the information of a user and sends the virtual membership card to the mobile terminal of the user though a communication network. A virtual membership card system includes a membership management module, for managing card issuer account information, card user account information, and the virtual membership card information and a virtual membership card management module, including a card generation module, for generating a virtual membership card based on the information of the card issuer and the information of the user and a card distribution module, for sending the virtual membership card to the mobile terminal of the user though a communication network. With the present invention, merchants can easily issue, validate and maintain their membership cards, and the user may retrieve, use and manage his/her membership card at any place and at any time.