Abstract: Example apparatus and methods provide a device (e.g., smartphone) that is more secure for electronic commerce. An example device includes a trusted platform module (TPM) that stores a public key and a private key. The device is provisioned with account information, user information, and device information. The TPM uses the account, user, and device information to acquire attestation credentials and endorsement credentials. The device uses the account, user and device information along with the attestation credentials and endorsement credentials to acquire limited use keys (LUKs) that are encrypted with the public key. The LUKs will only be decrypted as needed to support an actual transaction at the time of the transaction. Before decrypting an LUK, the TPM will authenticate a user of the device at the time of the transaction using. for example, a personal identification number (PIN), fingerprint, or other personal information.

Abstract: Example apparatus and methods provide a device (e.g., smartphone) that is more secure for electronic commerce. An example device includes a trusted platform module (TPM) that stores a public key and a private key. The device is provisioned with account information, user information, and device information. The TPM uses the account, user, and device information to acquire attestation credentials and endorsement credentials. The device uses the account, user and device information along with the attestation credentials and endorsement credentials to acquire limited use keys (LUKs) that are encrypted with the public key. The LUKs will only be decrypted as needed to support an actual transaction at the time of the transaction. Before decrypting an LUK, the TPM will authenticate a user of the device at the time of the transaction using. for example, a personal identification number (PIN), fingerprint, or other personal information.

Abstract: Techniques to allocate virtual network addresses are described. An apparatus may include a virtual network address management module. The virtual network address management module may be capable of determining an approximate age for a virtual network address, referred to herein as a virtual network address age value. The virtual network address management module may include a virtual network address assignment module, a virtual network address age generator and a message filter module. The virtual network address assignment module may be arranged to assign a virtual network address to a device at a virtual network address assignment time. The virtual network address age generator may be arranged to receive a message arrival time for a message with the virtual network address, and determine a virtual network address age value for the virtual network address with the virtual network address assignment time and the message arrival time.

Abstract: Architecture that facilitates transport high availability for messaging services by providing the ability of a receiving entity (e.g., receiving message transfer agent (MTA)) to detect if a sending entity (e.g., sending MTA or client) is a legacy sending entity. When the receiving entity detects that the sending entity is a legacy system, by advertising transport high availability capability to the sending entity, if the sending entity does not opt-in to this capability, the receiving entity keeps the sending entity client “on hold”, that is, waiting for an acknowledgement (ACK) until the receiving entity delivers the message to the next hops (immediate destinations). This approach maintains at least two copies of the message until the message is successfully delivered (to the next hop(s)). Hence, if the legacy sending entity or the receiving entity fails, the message is still delivered successfully.

Abstract: Failover systems and methods for providing redundant backup of data transmitted over a network to provide transport high availability of electronic data. The present invention relates to creating redundant backup copies of electronic data as well as transmission of the backup copies over a network in the event of a failure of a network component.

Abstract: Techniques to allocate virtual network addresses are described. An apparatus may include a virtual network address management module. The virtual network address management module may be capable of determining an approximate age for a virtual network address, referred to herein as a virtual network address age value. The virtual network address management module may include a virtual network address assignment module, a virtual network address age generator and a message filter module. The virtual network address assignment module may be arranged to assign a virtual network address to a device at a virtual network address assignment time. The virtual network address age generator may be arranged to receive a message arrival time for a message with the virtual network address, and determine a virtual network address age value for the virtual network address with the virtual network address assignment time and the message arrival time.

Abstract: A method for reviewing effectiveness of a rules system applying one or more rules to communication traffic of a group of users. The method analyzes a log containing one or more communications reviewed by the rules system to determine if the communications in the log conforms to the communications policy. The method also identifies one or more of the rules of the rules system violated by the communications when the analyzing the log determines that at least one of the communications in the log does not conform to the communications policy. Other methods determine the effectiveness of planned modifications to a rules system.

Abstract: A transmitting gateway may utilize a retrieved domain-specific key to secure an outbound message, and a receiving gateway may utilize another retrieved domain-specific key to authenticate and validate the secured message.

Abstract: A transmitting node may utilize a shared secret to secure at least an encapsulated address component of an outbound message, and a receiving gateway may utilize the shared secret to authenticate and validate the secured addressed component of the received message.

Abstract: A processor 104 executes computer-executable instructions to receive messages 302; store 304 the received messages in a foreground memory 108; process 306 the stored messages in the foreground memory 108; send 306 the processed messages; move 308 the sent messages to a background memory 110; evaluate 310, 312 the messages in the background memory with respect to a parameter; and delete 314 selected messages in the background memory as a function of the evaluating. Alternatively, a message queue may be used to track lost messages.

Abstract: Multiple independent MTAs transmit messages such that if one of the MTAs fails, the other MTAs may continue to transmit messages. Multiple independent message stores are provided such that if one of the message stores fails, messages on the other message stores may continue to be transmitted. Multiple notification agents monitor the message stores for new messages and notify one of the MTAs when a new message is available for transmission.

Abstract: An asynchronous conversation state machine asynchronously sends and asynchronously receives messages for storing in batches in an intermediate storage. A synchronous storage engine receives the batches of messages from the intermediate storage. Particular batches of messages are stored in the storage engine based on their parameters.

Abstract: Techniques for eliminating duplicate/redundant scanning of email messages while the email message traverses the various servers within an email infrastructure are provided. Some techniques utilize a message hygiene stamp that is transported with the email message as the email message enters an enterprise and is routed within the enterprise until the email message reaches the end user inbox. The filters comprise logic that enables the filters to annotate the result of their filtering or other processing in corresponding message hygiene stamps. The message hygiene stamps allow the filters to determine whether the email message has already been processed by the filter within the email infrastructure.

Abstract: Systems and methods are described which provide enhanced stability, increased predictability, reduced transmission costs, and which conserve bandwidth in routing messages over computer networks. The systems and methods further include providing improved transmission of messages wherein the messages are transmitted to nodes closest to a target delivery node. If delivery is possible to a target node, the message transmission stops at the point of failure in the network, wherein delivery to the target node is accomplished at a later time or the message is returned to the sender.

Abstract: Failover systems and methods for providing redundant backup of data transmitted over a network to provide transport high availability of electronic data. The present invention relates to creating redundant backup copies of electronic data as well as transmission of the backup copies over a network in the event of a failure of a network component.

Abstract: A workflow manager application transfers message data received from an originating device via a communication network to a target application for processing. A graphical user interface displays the received message data and allows the user to view and designate one or more target applications for processing the message data. The workflow manger application is responsive to user input to transfer message data to the designated one or more target applications for processing the message data. Alternatively, the workflow manager application analyzes received message data to identify one or more target applications, and transfers the message data to the identified one or more target applications for processing.

Abstract: Within a mail transfer agent of a message transfer system, a message is received and if the recipient entity resolves to a number of recipients exceeding a specified quantity, the original message is not processed. Instead, at least two messages are created, with each of the created messages addressed to a subset of the original set of recipients. The created messages are returned to the calling module for processing.

Abstract: Within a mail transfer agent of a message transfer system, a message is received and if the recipient entity resolves to a number of recipients exceeding a specified quantity, the original message is not processed. Instead, at least two messages are created, with each of the created messages addressed to a subset of the original set of recipients. The created messages are returned to the calling module for processing.

Abstract: Within a mail transfer agent of a message transfer system, a message is received and if the recipient entity resolves to a number of recipients exceeding a specified quantity, the original message is not processed. Instead, at least two messages are created, with each of the created messages addressed to a subset of the original set of recipients. The created messages are returned to the calling module for processing.

Abstract: Prior to sending a message to an extensibility point, the message is wrapped with a wrapper object associated with the extensibility point. The wrapper object can be validated by the extensibility point when the extensibility point is ready to commence its operation on the message. Validation of the wrapper object enables the extensibility point to access the message. The wrapper object can later be invalidated by the extensibility point when the extensibility point has completed its operation on the message. Invalidation of the wrapper object denies the extensibility point access to the message.