Abstract: A method for using a user device. The method includes obtaining, during a fingerprint learning phase, a historical portion of user activity data associated with user activity of a user using the user device, analyzing, by a computer processor of the user device, the historical portion to generate a fingerprint of the user, wherein the fingerprint represents characteristics of the user activity, obtaining, during a fingerprint matching phase subsequent to the fingerprint learning phase, an ongoing portion of the user activity data, analyzing, by the computer processor and based on the fingerprint, the ongoing portion to determine a match, wherein the match is determined at a time point within the fingerprint matching phase, and unlocking, by the computer processor and in response to determining the match, a locked data item for access, therein the locked data item is stored on the user device.

Abstract: A method for profiling network traffic of a network. The method includes capturing packets based at least on a common source IP address shared by each of the packets, where said each packet is assigned a source timestamp by a source of said each packet and further assigned a capture timestamp by a packet capturing device, identifying a first portion of the packets as a first flow and a second portion of the packets as a second flow, extracting a first monotonic timestamp-pair (MTSP) sequence and a second MTSP sequence from the first flow and the second flow, respectively, comparing the first MTSP sequence and the second MTSP sequence to generate a result, and determining, based on the result, whether the first flow and the second flow are generated by a single host of the network.

Abstract: Presented herein are network traffic/flow monitoring techniques for identifying a primary/core domain that is representative of the service being accessed by a series/set of network flows, and grouping networking traffic flows that result from the user's accessing of the core domain. In one example, a plurality of core domains each corresponding to a primary web service configured to be directly accessed by network flows via one or more networks is identified. For each of the plurality of core domains, one or more models of traffic activity resulting from access to the corresponding primary web service by a network flow is generated. Based on the models of traffic activity, real-time network traffic flows are associated to a selected one of the core domains.

Abstract: A method for profiling network traffic. The method includes capturing, from the network traffic using a packet capturing device, a plurality of packets, identifying a first portion of the plurality of packets as a first flow based at least on a common Internet Protocol (IP) address assigned to each packet of the first flow by a network address translation (NAT) device, extracting, by a hardware processor separate from the NAT device and based on an NAT profile of the NAT device, a first data item from the first flow, wherein the first data item is inserted into the first flow by the NAT device for identifying a first host device coupled to the NAT device, and determining, by the hardware processor based on the first data item, that the first flow is generated by the first host device.

Abstract: A method for profiling network traffic. The method includes capturing, from the network traffic using a packet capturing device, a plurality of packets, identifying a first portion of the plurality of packets as a first flow based at least on a common Internet Protocol (IP) address assigned to each packet of the first flow by a network address translation (NAT) device, extracting, by a hardware processor separate from the NAT device and based on an NAT profile of the NAT device, a first data item from the first flow, wherein the first data item is inserted into the first flow by the NAT device for identifying a first host device coupled to the NAT device, and determining, by the hardware processor based on the first data item, that the first flow is generated by the first host device.

Abstract: A method for profiling network traffic. The method includes capturing, from the network traffic using a packet capturing device, a plurality of packets, identifying a first portion of the plurality of packets as a first flow based at least on a common Internet Protocol (IP) address assigned to each packet of the first flow by a network address translation (NAT) device, extracting, by a hardware processor separate from the NAT device and based on an NAT profile of the NAT device, a first data item from the first flow, wherein the first data item is inserted into the first flow by the NAT device for identifying a first host device coupled to the NAT device, and determining, by the hardware processor based on the first data item, that the first flow is generated by the first host device.

Abstract: A method for profiling network traffic of a network. The method includes capturing packets based at least on a common source IP address shared by each of the packets, where said each packet is assigned a source timestamp by a source of said each packet and further assigned a capture timestamp by a packet capturing device, identifying a first portion of the packets as a first flow and a second portion of the packets as a second flow, extracting a first monotonic timestamp-pair (MTSP) sequence and a second MTSP sequence from the first flow and the second flow, respectively, comparing the first MTSP sequence and the second MTSP sequence to generate a result, and determining, based on the result, whether the first flow and the second flow are generated by a single host of the network.

Abstract: Providing a shared interface among a plurality of compute units is disclosed. A plurality of compute units is determined and a shared interface for the plurality of compute units is provided, wherein incoming traffic is received by any of the plurality of compute units. Also, the packet is received at the shared interface for a plurality of compute units. The packet is encapsulated using a first header, wherein the first header specifies one of the plurality of compute units, and wherein the one of the plurality of compute units is selected independent of an interface address associated with the shared interface.

Abstract: A method for profiling network traffic of a network. The method includes capturing packets based at least on a common source IP address shared by each of the packets, where said each packet is assigned a source timestamp by a source of said each packet and further assigned a capture timestamp by a packet capturing device, identifying a first portion of the packets as a first flow and a second portion of the packets as a second flow, extracting a first monotonic timestamp-pair (MTSP) sequence and a second MTSP sequence from the first flow and the second flow, respectively, comparing the first MTSP sequence and the second MTSP sequence to generate a result, and determining, based on the result, whether the first flow and the second flow are generated by a single host of the network.

Abstract: A method for network resource classification and identifying user interests based on the classification. The method uses a provided hierarchy of categories for classifying network resources, wherein each category is assigned a text item describing the category and the method includes obtaining resource description data collections corresponding to the network resources, and generating, using a semantic correlation algorithm, a category score vector of a network resource by comparing the resource description data collection to the text item assigned to each category in the hierarchy of categories, wherein the category score vector comprises a category score for each category in the hierarchy of categories, wherein the category score is determined based on at least a semantic correlation measure between the resource description data collection and the text item assigned to a corresponding category, wherein the plurality of network resources are classified based at least on the category score.

Abstract: A method for accessing (e.g., processing, storing, retrieving, etc.) network traffic data of a network. The method includes using separate data analysis device and data access device for capturing and analyzing network traffic data blocks concurrently and cooperatively to store and retrieve large amount of high speed network traffic data. In particular, the data analysis device and the data access device are synchronized using a linked set containing unique data block identifier and associated packet identifiers. The synchronization allows the data analysis device to focus on the full packet analysis task and the data access device to focus on the full packet storing and retrieving task without analyzing full packet content.

Abstract: Embodiments of the invention provide a method, system, and computer readable medium for classifying network traffic based on application signatures generated during a training phase. The application signatures are generated using (a) seeding flows obtained from a network trace based on a pre-determined selection criterion, and (b) for each seeding flow, a seeded flow group that is obtained from the network trace based on a pre-determined seeding criterion associated with the seeding flow. Specifically, persistent data patterns frequently occurring across multiple seeded flow groups are analyzed to generate the signatures.

Abstract: Providing a shared interface among a plurality of compute units is disclosed. A plurality of compute units is determined and a shared interface for the plurality of compute units is provided, wherein incoming traffic is received by any of the plurality of compute units. Also, the packet is received at the shared interface for a plurality of compute units. The packet is encapsulated using a first header, wherein the first header specifies one of the plurality of compute units, and wherein the one of the plurality of compute units is selected independent of an interface address associated with the shared interface.

Abstract: An input interface system for mapping data packets, each comprising a header portion and a payload portion, from at least one source to at least one destination. An interface method and system between asynchronous data packet flows and synchronized switching systems, which utilize a global common time reference. The synchronized switching systems utilize a time frame switching method based on predefined switching schedules that are responsive to a global common time reference, where the global common time reference is divided into a plurality of contiguous periodic time frames. The asynchronous data packet flows are routed according to information contained in the packets' header. The interface method and system maps the header information of the asynchronous data packet flows to respective time frames that match the predefined switching schedule over the synchronized switching system.

Abstract: The objective of this invention is to provide continuous remote authenticated operations for ensuring proper content processing and management in remote untrusted computing environment. The method is based on using a program that was hidden within the content protection program at the remote untrusted computing environment, e.g., an end station. The hidden program can be updated dynamically and it includes an inseparable and interlocked functionality for generating a pseudo random sequence of security signals. Only the media server that sends the content knows how the pseudo-random sequence of security signals were generated; therefore, the media server is able to check the validity of the security signals, and thereby, verify the authenticity of the programs used to process content at the remote untrusted computing environment. If the verification operation fails, the media server will stop the transmission of content to the remote untrusted computing environment.

Abstract: An input interface system for mapping data packets, each comprising a header portion and a payload portion, from at least one source to at least one destination. An interface method and system between asynchronous data packet flows and synchronized switching systems, which utilize a global common time reference. The synchronized switching systems utilize a time frame switching method based on predefined switching schedules that are responsive to a global common time reference, where the global common time reference is divided into a plurality of contiguous periodic time frames. The asynchronous data packet flows are routed according to information contained in the packets' header. The interface method and system maps the header information of the asynchronous data packet flows to respective time frames that match the predefined switching schedule over the synchronized switching system.

Abstract: An interface method and system between asynchronous data packet flows and synchronized switching systems, which utilize a global common time reference. The synchronized switching systems utilize a time frame switching method based on predefined switching schedules that are responsive to a global common time reference, where the global common time reference is divided into a plurality of contiguous periodic time frames. The asynchronous data packet flows are routed according to information contained in the packets' header. The interface method and system maps the header information of the asynchronous data packet flows to respective time frames that match the predefined switching schedule over the synchronized switching system. The interface system can aggregate multiple asynchronous data packet flows into a single pre-defined switching schedule over the synchronized switching system.

Abstract: An authenticated and metered flow control method provides a network interface with the capability to determine the authenticity of programs used to generate and send data packets, thereby ensuring that users who send data packets are well behaved. The method is based on using a hidden program that was obfuscated into the program used for generating and sending data packets. More specifically, the hidden program generates a pseudo random sequence of security signals that are included in the sequence of data packets that are sent from the user to the network interface. Only the network interface knows how the pseudo random sequence of security signals was generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby verify the authenticity of the programs used to generate and send data packets.

Abstract: This invention discloses a method and system for communication that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated and encrypted within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets. The method further comprises of means for coordinating the initialization of the end station and network interface.

Abstract: The objective of this invention is to ensure that programs that generate and send data packets are well behaved. This invention discloses a method and system that consist of an end station and a network interface, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The method is based on using a hidden program that was obfuscated within the program that is used to generate and send data packets from the end station. The hidden program is being updated dynamically and it includes the functionality for generating a pseudo random sequence of security signals. Only the network interface knows how the pseudo random sequence of security signals were generated, and therefore, the network interface is able to check the validity of the pseudo random sequence of security signals, and thereby, verify the authenticity of the programs used to generate and send data packets.