Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: Methods, systems, computer program products and data structures are described which allow a client to communicate with a server even though multiple proxies that require different authentication data must be traversed to allow such communication. In operation, the client first authenticates to a first proxy using authentication data appropriate for the first proxy. The client then authenticates to a second proxy using different authentication data that is appropriate for the second proxy. This proxy authentication continues through as many proxies as necessary until the client is in communication with the server.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.

Abstract: An external client securely accesses a private corporate network using a communications device, but without the communications device being required to communicate through the private corporate network when communicating with resources external to the private corporate network. The external client establishes a connection with the private corporate network over the public network such as the Internet using, for example, Transmission Control Protocol (TCP). The external client then provides security to the connection by running, for example, the Secure Socket Layer (SSL) protocol over the TCP protocol. During the ensuing session with the private corporate network, the communications device establishes a subsequent connection(s) with the external resource.

Abstract: An expert proxy server is described that is coupled to a number of wireless devices through a wireless network, and to a number of server computer systems through an external network such as, for example, the Internet. The expert proxy server acts as an agent for a wireless device by providing a service for the wireless device. Specifically, the expert proxy server determines that a service is to be provided to the wireless device. Next, the expert proxy server identifies an application that provides the service and then communicates with the identified application that provides the service. The expert proxy server compiles the results of the communication with the application and then transmits the compilation to the wireless device over the wireless network. Thus, the relatively smaller bandwidth of the wireless network is preserved by transmitting a minimal amount of information over the wireless network while leaving more extensive communications to occur over higher bandwidth external networks.

Abstract: Methods, systems, and computer program products for authenticating a mobile client that may have an input system optimized for numeric input. A mobile gateway receives authentication credentials from a mobile client and uses an authentication filter to map the authentication credentials according to pre-established criteria. The authentication filter may change the domain name, the username, or both. Then, the mapped authentication credentials are sent to a network that includes the content server being accessed. Any access privileges granted to the mobile client are based on the mapped authentication credentials. The mobile gateway may be configured to accept connections only from known servers. Mobile authentication credentials may be maintained in one or more domains, possibly having a trust relationship, or may be stored in a separately administered credential database.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: An expert proxy server is described that is coupled to a number of wireless devices through a wireless network, and to a number of server computer systems through an external network such as, for example, the Internet. The expert proxy server acts as an agent for a wireless device by providing a service for the wireless device. Specifically, the expert proxy server determines that a service is to be provided to the wireless device. Next, the expert proxy server identifies an application that provides the service and then communicates with the identified application that provides the service. The expert proxy server compiles the results of the communication with the application and then transmits the compilation to the wireless device over the wireless network. Thus, the relatively smaller bandwidth of the wireless network is preserved by transmitting a minimal amount of information over the wireless network while leaving more extensive communications to occur over higher bandwidth external networks.

Abstract: Methods, systems, computer program products and data structures are described which allow a client to communicate with a server even though multiple proxies that require different authentication data must be traversed to allow such communication. In operation, the client first authenticates to a first proxy using authentication data appropriate for the first proxy. The client then authenticates to a second proxy using different authentication data that is appropriate for the second proxy. This proxy authentication continues through as many proxies as necessary until the client is in communication with the server.

Abstract: Architecture for generating and maintaining a terminal services connection from an external client to an internal intranet client behind a firewall and/or router. The external user is first authenticated after which the external client is passed to a remote user portal. A listing of available internal computers is presented to the external client user, the selection of one that initiates an intranet server to create a listening socket thereon, and a socket on the selected internal client. The server creates a thread that manages the terminal services connection between the external client and the internal client by listening for traffic and forwarding the traffic between the ports.

Abstract: A flexible gateway accommodates data transfer from a data origination device over a wide variety of networks to a wide variety of destination devices, even if those networks use different protocols, and even if the devices recognize different data formats. Thus, the gateway can perform work previously requiring numerous gateways. After the gateway receives information from a data source, the gateway identifies the specific device type and the specific network type to which the information is to be routed. The gateway then calls device and network drivers associated with the specific device and network identified with the destination device. These drivers then manipulate the data using the device driver into the format recognized by the destination device, and then provide the manipulated data to the destination device over the identified network using the compatible protocol. Thus, the destination device properly receives and interprets the information provided by the data source.

Abstract: A system and method for verifying security best practices on a computer or for multiple computers on a network. A master test engine drives the verification process. The master test engine accesses a primary manifest data file which describes verification tests to be performed by each of the computers to be tested. To execute the tests within the primary manifest data file, one or more test executables are created. The text executables are run by local test engines which are located on each one of the computers on which tests are conducted. The local test engines drive the security tests on the computers, and access locally stored manifest data files, which are created and updated via the primary manifest data file.

Abstract: Methods, systems, and computer program products for authenticating a mobile client that may have an input system optimized for numeric input. A mobile gateway receives authentication credentials from a mobile client and uses an authentication filter to map the authentication credentials according to pre-established criteria. The authentication filter may change the domain name, the username, or both. Then, the mapped authentication credentials are sent to a network that includes the content server being accessed. Any access privileges granted to the mobile client are based on the mapped authentication credentials. The mobile gateway may be configured to accept connections only from known servers. Mobile authentication credentials may be maintained in one or more domains, possibly having a trust relationship, or may be stored in a separately administered credential database.

Abstract: Methods, systems, computer program products and data structures are described which allow a client to communicate with a server even though multiple proxies that require different authentication data must be traversed to allow such communication. In operation, the client first authenticates to a first proxy using authentication data appropriate for the first proxy. The client then authenticates to a second proxy using different authentication data that is appropriate for the second proxy. This proxy authentication continues through as many proxies as necessary until the client is in communication with the server.

Abstract: Methods, systems, and computer program products for negotiating a secure end-to-end connection using a proxy server as an intermediary. The client first negotiates a secure connection between the client and the proxy so that any credentials exchanged will be encrypted. After the exchange of authentication credentials, the secure client-proxy connection is altered so that no further encryption takes place. The client and server then negotiate a secure end-to-end connection through the proxy, with the secure end-to-end connection being encapsulated within the insecure client-proxy connection. In this way, the overhead of creating a separate client-proxy connection for the secure end-to-end connection may be avoided, but the insecure client-proxy connection introduces only minimal overhead because it no longer encrypts any data that it carries.

Abstract: Methods, systems, and computer program products for synchronizing data stored at one or more message clients with data stored at a message server where the message clients may receive update notifications and may represent the data using different data structures than the message server uses to represent the same data. A token is associated with each data change that occurs at the message server. The message server sends each change and associated token to the message clients. When the message clients request a synchronization, the tokens they received are returned to the message server for comparison with the tokens the message server sent to the message clients. If the message clients do not return a particular token, the message server determines that the clients did not receive the corresponding change and resends the change to the message clients. Tokens may also be used to divide a change into one or more portions, with only one portion being provided initially.

Abstract: An external client securely accesses a private corporate network using a communications device, but without the communications device being required to communicate through the private corporate network when communicating with resources external to the private corporate network. The external client establishes a connection with the private corporate network over the public network such as the Internet using, for example, Transmission Control Protocol (TCP). The external client then provides security to the connection by running, for example, the Secure Socket Layer (SSL) protocol over the TCP protocol. During the ensuing session with the private corporate network, the communications device establishes a subsequent connection(s) with the external resource.

Abstract: A system and method are provided for remotely managing memory in a programmable portable information device, such as a programmable watch, from an external computer. The portable information device has an optical sensor and a rewritable data memory. The computer has a frame-scanning graphics display device and a memory with a capacity larger than that of the device memory. The device memory is mapped into a portion of the computer memory to create a virtual device memory therein. An input device for the computer is provided to permit a user to enter programming changes to be made to the information device,. The programming changes alter the virtual device memory within the computer memory from an initial arrangement to a modified arrangement. Upon modification, a memory manager resident in the computer determines what memory transactions are effective to change the virtual device memory from its initial arrangement to its modified arrangement.