Abstract: A markup language document is generated and stored within a network, the network including a client, and one or more storage locations. A markup language document is generated, and policy information is accessed, wherein the policy information defines a content-filtering policy, a security policy and a storage location policy for the markup language document. A portion of the markup language document that is subject to security is determined, based on the content-filtering policy as defined in the policy information. A storage location is identified for storage of the markup language document from among the one or more storage locations, based on the storage location policy as defined in the policy information. Security is applied to the determined portion of the markup language document based on the security policy as defined in the policy information. The markup language document is stored on the identified storage location.

Abstract: The present disclosure is directed to network communication between a sender and a receiver. Network communication is established between the sender and the receiver using a first acknowledgment mechanism for signifying receipt of data by the receiver. The first acknowledgment mechanism is selected from one of a receiver positive acknowledgment mechanism (RPA) and a receiver negative acknowledgment mechanism (RNA). Communication information is monitored, wherein the communication information indicates at least a current state of performance for network communication. Based on the communication information, a message is exchanged between the sender and the receiver to negotiate a switchover to a second acknowledgment mechanism for signifying receipt of data by the receiver. The second acknowledgment mechanism is selected from the other of the receiver positive acknowledgment mechanism (RPA) and the receiver negative acknowledgment mechanism (RNA).

Abstract: A markup language document is generated and stored within a network, the network including a client, and one or more storage locations. A markup language document is generated, and policy information is accessed, wherein the policy information defines a content-filtering policy, a security policy and a storage location policy for the markup language document. A portion of the markup language document that is subject to security is determined, based on the content-filtering policy as defined in the policy information. A storage location is identified for storage of the markup language document from among the one or more storage locations, based on the storage location policy as defined in the policy information. Security is applied to the determined portion of the markup language document based on the security policy as defined in the policy information. The markup language document is stored on the identified storage location.

Abstract: Sending signed e-mail messages. An output data stream is created for streaming a signed e-mail message, and streamed attachment data is read. In response to receiving a portion of the read streamed attachment data, the received portion of the attachment data is digested to generate a digest value, and the received portion of the attachment data is sent to a mail server via the output data stream. The received portion of the attachment data is smaller than the size of the attachment data. The digest value is updated as additional portions of the streamed attachment data are received and digested. In response to sending all attachment data to the mail server, a signer generates the signature data by signing the digest value using a signer's private key, and the generated signature data is sent to the mail server via the output stream.

Abstract: A device includes a software agent that discovers a controller. Current state information indicating upgradeable files currently installed on the device is maintained. The agent sends the current state information to the controller, and the controller sends the current state information to a repository, via the Internet. The repository determines upgradeable files currently installed on the device based on the current state information, and checks for file updates for the upgradeable files. The repository sends file update information to the controller. The file update information includes file update locations. The controller sends the file update information to the agent, and the agent requests the controller to retrieve file updates. The controller retrieves each file update from its file update location on the Internet. The controller sends a notification to the agent when the file updates are retrieved, and the agent retrieves the file updates from the controller.

Abstract: Content filtering of e-mail in a network environment. The network environment includes a client machine, a policy server and an e-mail server. An e-mail message is authored at the client machine. Filter policy information is obtained by the client machine from the policy server, wherein the filter policy information defines a filtering policy for filtering of e-mail messages. The filter policy information is applied to the e-mail message by the client machine so as to effect the filtering policy. The filtered e-mail message is secured by the client machine, such as by securing based on a key obtained by the client machine from a key store. The secure e-mail message is sent by the client machine to a recipient via the e-mail server.

Abstract: The present disclosure is directed to performing mass transfer of data over plural connections established between a sender and a recipient connected to the sender via a network. Data is sent from the sender to the recipient by divided sending of the data over the plural connections. The optimal number of connections between the sender and the recipient is autotuned by closing an existing connection when a detection is made that a bottleneck to mass transfer of data exists in an I/O storage system of the recipient, and by opening a new connection when the I/O storage system of the recipient is writing data faster than data is received from the network.

Abstract: The present disclosure is directed to network communication between a sender and a receiver. Network communication is established between the sender and the receiver using a first acknowledgment mechanism for signifying receipt of data by the receiver. The first acknowledgment mechanism is selected from one of a receiver positive acknowledgment mechanism (RPA) and a receiver negative acknowledgment mechanism (RNA). Communication information is monitored, wherein the communication information indicates at least a current state of performance for network communication. Based on the communication information, a message is exchanged between the sender and the receiver to negotiate a switchover to a second acknowledgment mechanism for signifying receipt of data by the receiver. The second acknowledgment mechanism is selected from the other of the receiver positive acknowledgment mechanism (RPA) and the receiver negative acknowledgment mechanism (RNA).

Abstract: A method for obtaining resource restriction information of a client application's resource includes: receiving authentication information from one of a plurality of authentication modules; identifying a client application's resource and authentication module based on the received authentication information; locating a policy store that is associated with the identified client application's resource, the policy store containing resource restriction information for each of the plurality of authentication modules; and obtaining the resource restriction information associated with the identified authentication module from the policy store.

Abstract: Sending signed e-mail messages. An output data stream is created for streaming a signed e-mail message, and streamed attachment data is read. In response to receiving a portion of the read streamed attachment data, the received portion of the attachment data is digested to generate a digest value, and the received portion of the attachment data is sent to a mail server via the output data stream. The received portion of the attachment data is smaller than the size of the attachment data. The digest value is updated as additional portions of the streamed attachment data are received and digested. In response to sending all attachment data to the mail server, a signer generates the signature data by signing the digest value using a signer's private key, and the generated signature data is sent to the mail server via the output stream.

Abstract: A method for establishing and maintaining a connection by a client to a server within a network includes creating a socket for connecting to the server, based on authentication information associated with the client, and connecting to the server using the socket. In addition, the method includes saving the authentication information associated the client. The method further includes in a case where subsequent connection to the server is requested by the client, reconnecting to the server via the socket, based on the saved authentication information. An apparatus for establishing and maintaining a connection by a client to a server within a network is also provided.

Abstract: A method for establishing and maintaining a connection by a client to a server within a network includes creating a socket for connecting to the server, based on authentication information associated with the client, and connecting to the server using the socket. In addition, the method includes saving the authentication information associated the client. The method further includes in a case where subsequent connection to the server is requested by the client, reconnecting to the server via the socket, based on the saved authentication information. An apparatus for establishing and maintaining a connection by a client to a server within a network is also provided.

Abstract: A device includes a software agent that discovers a controller. Current state information indicating upgradeable files currently installed on the device is maintained. The agent sends the current state information to the controller, and the controller sends the current state information to a repository, via the Internet. The repository determines upgradeable files currently installed on the device based on the current state information, and checks for file updates for the upgradeable files. The repository sends file update information to the controller. The file update information includes file update locations. The controller sends the file update information to the agent, and the agent requests the controller to retrieve file updates. The controller retrieves each file update from its file update location on the Internet. The controller sends a notification to the agent when the file updates are retrieved, and the agent retrieves the file updates from the controller.

Abstract: A method for obtaining resource restriction information of a client application's resource includes: receiving authentication information from one of a plurality of authentication modules; identifying a client application's resource and authentication module based on the received authentication information; locating a policy store that is associated with the identified client application's resource, the policy store containing resource restriction information for each of the plurality of authentication modules; and obtaining the resource restriction information associated with the identified authentication module from the policy store.