Abstract: Control of messages in a publish/subscribe system is described. A publishing system creates a message for publishing to multiple subscribers via a broker system. The message and associated metadata are provided. The metadata defines control of the message and relates to control of publishing of the message, by the broker system, and/or control of use of the message, by a subscribing system. The message is published with the metadata. A broker system receives the message and analyses the metadata with respect to a subscriber. Based on the analysis, restrictions are applied to delivery of the message to the subscriber. A subscribing system receives the message and analyses the metadata with respect to the subscriber. Based on this second analysis, restrictions are applied to use of the message by the subscriber.

Abstract: A user may select an attachment for an electronic message from a most recently used (MRU) list of files. For example, when a user is composing an electronic message, they may select a file to attach to the message from the MRU list. The recently used files that are included within the MRU list may be related to or more applications/locations and/or one or more computing devices. For example, the MRU list may include files accessed by one or more different authoring applications and/or files that have recently been accessed/created that are associated with the user.

Abstract: Embodiments of the present invention disclose a mood information processing method and apparatus. The method includes: first determining a mood information mode that corresponds to an application program, acquiring mood information of a message sender if the mood information mode that corresponds to the application program is transmitting a mood or correcting a mood, and then sending the mood information of the message sender to a message receiver. The embodiments of the present invention are applicable to outputting mood information of a user in an application program.

Abstract: Embodiments are directed towards multi-level entity classification. An object associated with an entity is received. In one embodiment the object comprises and email and the entity comprises the IP address of a sending email server. If the entity has already been classified, as indicated by an entity classification cache, then a corresponding action is taken on the object. However, if the entity has not been classified, the entity is submitted to a fast classifier for classification. A feature collector concurrently fetches available features, including fast features and full features. The fast classifier classifies the entity based on the fast features, storing the result in the entity classification cache. Subsequent objects associated with the entity are processed based on the cached result of the fast classifier. Then, a full classifier classifies the entity based on at least the full features, storing the result in the entity classification cache.

Abstract: A social media system and method is described for providing post feed to user interface wherein users have greater capability of managing the feeds from user interface provided on their device. Connection strength to users is set both manually by the user as well as automatically by an interest algorithm. Similarly connection strength to subject categories of interest is set both manually by the user as well as automatically by an interest algorithm. The mentioned social media system and method also processes and provides ways of determining related Topics and group them under predefined or user defined specified categories. To further enhance user experience, the system presents separate feeds on segmented sections of the interface.

Abstract: A social networking system aggregates two or more stories having at least one common characteristic to create an aggregated story unit. Each story describes an action performed on an object over the social networking system or external to the social networking system. The aggregated story unit includes one or more input elements allowing a viewing user to interact with the aggregate story unit as a whole or with individual stories in the aggregated story unit. The input elements included in the aggregated story unit may be based on the types of the actions or of the objects described by stories in the aggregated story unit and on one or more input policies.

Abstract: Collecting online group chat messages. The method may include receiving a message associated with an online group chat session between chat participants. The method may also include determining the received message satisfies at least one message collection rule. The method may further include recording the received message to at least one message table based on each chat participant mentioned in the received message. The method may also include determining a first chat participant chooses to open a private chat session with at least one second chat participant. The method may further include identifying recorded messages within the message tables associated with the at least one second chat participant. The method may also include displaying the identified recorded messages in a private chat session sub-window.

Abstract: Control of messages in a publish/subscribe system is described. A publishing system creates a message for publishing to multiple subscribers via a broker system. The message and associated metadata are provided. The metadata defines control of the message and relates to control of publishing of the message, by the broker system, and/or control of use of the message, by a subscribing system. The message is published with the metadata. A broker system receives the message and analyses the metadata with respect to a subscriber. Based on the analysis, restrictions are applied to delivery of the message to the subscriber. A subscribing system receives the message and analyses the metadata with respect to the subscriber. Based on this second analysis, restrictions are applied to use of the message by the subscriber.

Abstract: Method for information transmitting/receiving and terminal therefor are provided. In one embodiment, an information transmitting method includes: selecting a target transmission mode from transmission modes for a to-be-transmitted short message according to a received selection command, wherein the transmission modes include a disappear-after-reading transmission mode, a regular direct-display transmission mode and/or a regular transmission mode; upon detecting that the target transmission mode is the disappear-after-reading transmission mode, adding a disappear-after-reading tag to the to-be-transmitted short message; and transmitting the to-be-transmitted short message added with the disappear-after-reading tag to the information receiving device, therefore the information receiving device deletes the content in the short message according to the disappear-after-reading tag thereof after the short message has been read.

Abstract: Systems and methods for email synchronization may include a computing device with a token bucket. The token bucket allows for temporary storage of tokens, each token authorizing a synchronization of at least one email application running on the computing device. The device may determine a frequency of received email communications associated with an email account managed by the at least one email application and hosted by an email server. The determining may be based on one or more characteristics associated with the token bucket. The determined frequency may be compared with a threshold value. When the determined frequency is equal to or lower than the threshold value, a push communication channel may be established with the email server, the push communication channel for receiving server-initiated email push communications. The at least one email application may be synchronized with the email account by receiving push communications using the push communication channel.

Abstract: A method, non-transitory computer readable medium and a communication device display an email message by receiving at least one incoming email message, determining the incoming email message originates from a different time zone than the time zone in which the communication device is currently located, and displaying the incoming email message in a prioritized position within a message listing. The incoming email may be displayed at a top of the message list, regardless of reception order. When a plurality of incoming email messages that originate from different time zones are received, each incoming email message is displayed in the message listing according to an absolute or relative time distance from the communication device. When the incoming email message has been read, the read email message is moved to a normal position within the message list.

Abstract: A system can receive a request for a transport service from a first device. The request can include a user identifier associated with a first user of the first device, contact information associated with a second user, and a pickup location information. The system can make a determination whether a user account associated with the second user is stored in a user database using the contact information in the request. Based on the determination, the system can select a messaging protocol to transmit data to a second device associated with the contact information. The system can transmit a message corresponding to the transport service to the second device using the selected messaging protocol.

Abstract: The disclosed embodiments include systems and methods for providing a notification upon the occurrence of a trigger event associated with playing media content over a network. An exemplary method may include transmitting access to a media content data file to a computing device associated with a content receiver, playing the data file at the computing device, and transmitting an electronic notification to another computing device when the trigger event occurs.

Abstract: According to one exemplary embodiment, a processor-implemented method for informing a user that an important unread email (IUE) will be removed from an online communication inbox, wherein the IUE is a high priority email determined by an algorithm is provided. The method may include determining, by the processor, if the online communication inbox associated with the user has received the IUE. The method may also include determining if an email removal event associated with the received IUE will occur within a threshold time. The method may then include displaying a notification to the user of the email removal event based on determining that the email removal event will occur within the threshold time.

Abstract: According to one exemplary embodiment, a processor-implemented method for informing a user that an important unread email (IUE) will be removed from an online communication inbox, wherein the IUE is a high priority email determined by an algorithm is provided. The method may include determining, by the processor, if the online communication inbox associated with the user has received the IUE. The method may also include determining if an email removal event associated with the received IUE will occur within a threshold time. The method may then include displaying a notification to the user of the email removal event based on determining that the email removal event will occur within the threshold time.

Abstract: Techniques are provided for proposing automatic corrections of online identifiers, such as an email address or a subject name of a directory entry or a certificate. In an embodiment, one or more computers store domain correction records. Each domain correction record comprises a misspelled domain name and candidate domain name corrections. The computers detect that an unprocessed online identifier is not contained in a plurality of known online identifiers. The unprocessed online identifier comprises a misspelled domain name. Each known online identifier of the plurality of known online identifiers comprises a domain name. The computers retrieve, based on the misspelled domain name of the unprocessed online identifier, from the plurality of domain correction records, a matching domain correction record having a same misspelled domain name as the unprocessed online identifiers. A client device displays the one or more candidate domain name corrections of the matching domain correction record.

Abstract: Wireless Charging Smart-Gem Jewelry System and Associated Cloud Server comprising a wearable electronic gemstone capable of sensing the emotional state and bodily vital signs of the user and being wirelessly charged and a mobile device capable of communicating with the electronic gemstone such that a cloud server manages communications between members of a social network wearing the electronically smart gemstone. The disclosed Jewelry System provides a custom gemstone with symbol-carved light effects, wireless charging of the stone electronics through universal audio jack of any mobile device, and electrical stimulation of the user along with visual triggers as a specific mode of social interaction.

Abstract: An example processor-implemented method for retrieving a video in accordance with the present disclosure is receiving an entry of a name tag identifying a first user in a video application, assigning a second user as a contact to the first user based on the received entry of the name tag in the video application, receiving, by a viewing module of the video application, an image of a still frame extracted from a portion of a video, wherein the name tag is associated with the still frame, and the video is associated with the first user, generating, by the viewing module of the video application, a trigger based on the received image, identifying the video based on the generated trigger, and providing permission for the second user to receive the video based on a verification that the second user is a contact of the first user.

Abstract: A digital community platform that enables a first user to connect to a second user. More specifically, a system that helps a first user expand the first user's professional network by using proprietary algorithms and data archetypes to find and recommend new connections from the user's professional network community. Further, the system coaches the user, step-by-step, through networking experiences and includes message builders that are designed to help the user write common networking communications. The system also enables the user to manage follow-up tasks in a professional and timely manner. The system provides analytics and insights that allow a community manager to understand their network community, its user demographics, engagement activities, and user outcomes.

Abstract: In one embodiment, note is received from a first user, comprising a message and a first location. The first location may be specified by the first user. A number of second users are identified based on a respective second location of each identified second user being within a threshold distance of the first location. The message of the note is sent to the identified second users. When the message is sent, it is determined whether a current location of the first user is within a predetermined distance from the first location. If the current location is within the predetermined distance, a notification is sent to the first user informing the first user that the message has been sent to the identified second users.

Abstract: A system and method for providing a social networking service to a plurality of devices. A social networking server for facilitating social information exchange among the plurality of devices through a socially aware network. A social profiles manager is coupled to the social networking server that creates and manages individual centric profiles of the plurality of devices. The individual centric profiles of the plurality of devices are social representation of individual devices within the socially aware network. The plurality of devices are identifiable by other participants and the social networking server through their social profiles.

Abstract: Various techniques for managing backup for domain nameservers are disclosed herein. In one embodiment, a method includes receiving a nameserver record associated with a domain name. The nameserver record containing addresses of an active nameserver and a passive nameserver. The method also includes determining if the active nameserver is reachable by contacting the active nameserver based on the address of the active nameserver in the nameserver record. In response to determining that (i) the active nameserver is unreachable and (ii) the nameserver record does not include an address of an additional active nameserver, the method includes contacting the passive nameserver for resolving the domain name based on the address of the passive nameserver in the nameserver record.

Abstract: A method includes a management host server causing a power distribution unit to apply standby power to at least one server management module having at least one service processor; the management host server receiving an IP address request from the at least one server management module; the management host server network assigning the IP address and associates the at least one server management module with the assigned IP address; and the management host server issuing a command to the at least one server management module to store a client ID as a location sensor value wherein a geographic map can be created using the client ID.

Abstract: A method includes a management host server causing a power distribution unit to apply standby power to at least one server management module having at least one service processor; the management host server receiving an IP address request from the at least one server management module; the management host server network assigning the IP address and associates the at least one server management module with the assigned IP address; and the management host server issuing a command to the at least one server management module to store a client ID as a location sensor value wherein a geographic map can be created using the client ID.

Abstract: An exemplary network controller may be configured to perform ARP mediation through passively learning MAC addresses on client sides and keeping track of IP/MAC/Attachment point associations, hijacking ARP requests received by the core nodes through a packet_in operation or a redirection to other agents, injecting proxy ARP replies that provide target MAC information without the actual target being involved, and possibly programming the network nodes with the static ARP responding rule for a specified duration.

Abstract: The present disclosure recites a network address allocation method which including steps: calculating a preset number Npre of the addresses of the network according to a number L of layers of the network; comparing Npre with a maximum number N of the addresses of the network; calculating a maximum available number Cmax of the sub-nodes of each node and a maximum number NA of the network address to be allocated in the network according to the compare result of the Npre and the N; calculating the addresses Cskip(i) of the nodes of the layer i to be allocated according to Cmax and NA, wherein i is in the range of 1˜L; allocating Cskip(i) to each node of the layer i of the network. The present disclosure also provides a Network device for Network address allocation.

Abstract: Described herein are systems, devices, techniques and products for managing the dynamic assignment of media access control (MAC) addresses to wireless network devices, such as by identifying a dynamically assigned MAC address before, after, or during a wireless association process and communicating the dynamically assigned MAC address to a wireless network device. Also disclosed are systems, devices, techniques and products for preventing a denial of service attack on a wireless access point's association table, such as by requiring devices that associate with a wireless access point to respond to a query from the wireless access point shortly after association.

Abstract: In general, in one aspect, the disclosure describes a Universal Plug and Play (UPnP) Remote Access Server (RAS) to provide a communication channel between UPnP Remote Access Clients (RACs) connected thereto. The UPnP RAS maintains local discovery information for UPnP devices connected to a local network and remote discovery information for remote UPnP devices communicating therewith. The UPnP RAS provides the remote UPnP devices communicating therewith with the local discovery information and the remote discovery information. The remote discovery information is utilized by a first remote UPnP device to discover a second UPnP device and vice versa. After discovery, a first remote UPnP device can communicate with a second UPnP device and vice versa.

Abstract: A method including receiving, at a virtual private network (VPN) server, an encapsulated packet on one of the ingress addresses wherein the ingress address is associated with the packet information. After processing the packet at the VPN server, the packet source address is transformed to the address of the ingress port before transmitting the packet over a network. The process may be effectuated in the operating system's kernel. The association step may include tracking the ingress port in a data store, or tagging the packet with the ingress address so it can be later used to modify the source address. Transforming may include swapping TCP source and destination port information, changing an IP or TCP header checksum, changing a TCP sequence and acknowledgment number, or changing an IP addresses contained in the data payload.

Abstract: A motor network mapping device is provided. The motor network mapping device includes a processor coupled to a memory device. The motor network mapping device is configured to determine physical distances between a plurality of motors in a network using properties of electronic test signals transmitted through a power line coupled to the plurality of motors. The motor network mapping device is additionally configured to generate a map of physical locations of the motors using the determined physical distances between the plurality of motors and store the map in the memory device.

Abstract: A technique is disclosed in which an MN (mobile node) 100 notifies, to a CN (correspondent node), home network connection information indicative of whether or not it is currently in connection with a home network which has allocated its own plurality of HoAs (home addresses), an address of each HA (home agent) and an ID of each HA in a state associated with the plurality of HoAs. Based on the information received from the MN, the CN grasps the home network with which the MN is currently in connection and makes an inquiry about the condition of the HA and sets an appropriate HoA, judged on the basis of the grasping result or the inquiry result, as a destination address of a packet to be transmitted to the MN.

Abstract: Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed.

Abstract: The invention concerns API proxy based adaptive security. The invention implements adaptive security for API servers, while avoiding data bottlenecks and maintaining client experience. The invention provides methods and configurations for API security that may be employed at proxies for implementing routing decisions involving client messages received at said proxies. The invention also involves generating or collecting at proxies, log information that captures data corresponding to received client messages and responses from API servers—which log information correlates communications between clients, proxies and backend API servers, and includes data relevant for purposes generating API metrics and identifying anomalies and/or indicators of compromise.

Abstract: Network fabric devices capable of participating in an anonymity protocol can be configured to operate as virtual circuit end-points where the node routes packets between a virtual circuit associated with a hidden service address and a port-level channel. Through management of the virtual circuit end-points, the network fabric devices participate as a hop in a virtual circuit, host hidden services, or operate as an interface to hidden services while reducing latency and truly hiding hidden services.

Abstract: The present invention generally relates to systems and methods for extending a chain of trust beyond the DNS. Some embodiments provide a verifier with the ability to validate a chain of trust starting with the trust anchor at the DNS root all the way to a service or object of interest outside the DNS.

Abstract: A first information handling system receives a security challenge and forwards it to a second information handling system. The second information handling system retrieves a private key from a public/private encryption key pair and satisfies the challenge with the private key. The second information handling system forwards the satisfied challenge without divulging the private key. The second information handling system is in a more secure environment than the first information handling system. The challenge may be satisfied by signing the challenge with the private key. Satisfying the challenge may be a step in creating a secure shell connection between the first information handling system and an organization maintaining the first information handling system and the second information handling system.

Abstract: The advanced data protection system is implemented by distributing encrypted data across multiple isolated computing systems and using multi-factor authentication to access remote, protected decryption material. Architectural components include: Client application software reading/writing from/to a client data store executing on a client host computer, client application plug-ins communicating with external authentication devices, server application software reading/write data from/to a server data store executing on a host computer which is physically or virtually isolated from the client host computer, authentication devices, components, or systems integrated with or connected to the client computer and exposing programmatic interfaces to client application software, and secure networking components executing on both hosts that provide secure data exchange.

Abstract: In some aspects, an encryption method comprises encrypting a first portion of a message using a first secret key. The first secret key is generated based on the public key of an entity. A one-way function is used to generate a second secret key from the first secret key, and the first secret key is subsequently discarded. A second portion of the message is encrypted using the second secret key. The encrypted first portion of the message and the encrypted second portion of the message are provided to the entity.

Abstract: In an aspect, a network supporting a number of client devices includes a network device that generates a context for a client device. The client device context may include network state information for the client device that enables the network to communicate with the client device. The client device may obtain, from a network device that serves a first service area of the network, information that includes a first client device context. The client device may enter a second service area of the network served by a second network device. Instead of performing a service area update procedure with the network, the client device may transmit a packet in the different service area with the information that includes the client device context. The client device may receive a service relocation message including information associated with the different network device in response to the transmission.

Abstract: An embodiment features an RSA process in which the private key is separated into shares. Decryption (and authentication and other RSA objectives) may be accomplished by successive modular exponentiation of, for example, a ciphertext or a signature.

Abstract: A method of using a single, one-time pre-distributed and pre-authenticated symmetric Whitenoise key structure or other exponential key or deterministic random number generator to establish secure key-based communications between a first source computer and a second destination computer (endpoint, sensor or smart component) to provide continuous, dynamic, one-time-pad authentication throughout a session (not just at sign-in or login). By polling ahead in an exponential key stream with specific indexes, pointers or dynamic offsets the method creates an infinite number of identifiable one-time-pad tokens that have never been created or used before and deterministic, random key streams of functionally limitless length that will easily outlive the life of the person or device deploying it. The source and destination computers each with an identical copy of a unique pre-distributed symmetric stream cipher key and a first valid offset.

Abstract: An electronic device is provided. The electronic device includes a processor, and a memory configured to store a messenger application, wherein the processor is configured to output the messenger application on the display and output a list of chat rooms joined based on a first user account on the display, and wherein the list of the plurality of chat rooms comprises a first chat room, in which the electronic device participates, and a second chat room in which another electronic device participates.

Abstract: A strong authentication token supporting multiple instances associated with different users and protected by a user identity verification mechanism is disclosed. A multi-instance strong authentication token may be adapted to generate dynamic credentials using cryptographic secrets that are specific to a particular instance stored in the token. A method and a system to secure remotely accessible applications using strong authentication tokens supporting multiple instances are disclosed. A method for loading additional tokens into a multi-instance authentication token is disclosed.

Abstract: A method, apparatus, article of manufacture, and a memory structure for providing a security infrastructure that permits the programming of limited hardware resources that can accept newly downloaded applications and securely support a very large number of services offered by content providers each have the potential to utilize their own independent CAS/DRM system. The CE device owner can consume content from a variety of sources and enable switching among different and existing CAS/DRM security profiles as required by the content provider applications loaded in CE devices.

Abstract: Certain embodiments provide means for managing automated access to computers, e.g., using SSH user keys and other kinds of trust relationships. Certain embodiments also provide for managing certificates, Kerberos credentials, and cryptographic keys. Certain embodiments provide for remediating legacy SSII key problems and for automating configuration of SSH keys, as well as for continuous monitoring.

Abstract: A method for generating a secret key via a reciprocal communication channel connecting a first communication node and a second communication node, wherein the first communication node obtains a first sample by a measurement of the communication channel, the first communication node performs a quantization of the first sample, the first communication node performs a matching of the quantized sample with the second communication node via the communication channel, during the matching, the first communication node obtains and quantizes a second sample by a second measurement of the communication channel and the communication nodes obtain the key from the samples by a privacy amplification.

Abstract: A client confirmation method and system for identifying data traffic transmitted over a network controlled by an operator, the data traffic being associated with at least one client, the client confirmation system comprising: a client confirmation application configured to identify at least one client address; an authenticator configured to authenticate the at least one client identified by the at least one client address by analysing data usage information generated by the at least one client, wherein the data usage information is further known to the operator; and a traffic associator configured to associate data traffic transmitted over the network with the at least one client identified by the at least one client address.

Abstract: In an aspect, a network supporting client devices includes one or more network nodes implementing network functions. Such network functions enable a client device to apply a security context to communications with the network when the client device is not in a connected mode. The client device obtains a user plane key shared with a user plane network function implemented at a first network node and/or a control plane key shared with a control plane network function implemented at a second network node. The client device protects a data packet with the user plane key or a control packet with the control plane key. The data packet includes first destination information indicating the first network node and the control packet includes second destination information indicating the second network node. The client device transmits the data packet or control packet.

Abstract: A system and method validates user supplied photographs and/or characteristics using a video, audio or series of images of the user responding to instructions, and uses such validation in searching and/or matching.

Abstract: A plurality of virtual computing resources is detected to have been provisioned. Credentials are distributed to the plurality of virtual computing resources. A credentials map that maps the credentials to the plurality of virtual computing resources is updated. The credentials for the plurality of virtual computing resources are activated to enable the plurality of virtual computing resources to use the credentials to authenticate to a second computer system that manages a resource service, with the credentials being inaccessible to resources of the resource service. A virtual computing resource of the plurality of virtual computing resources is detected to been deprovisioned, and the credentials for the virtual computing resource are deactivated.