Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for implementing biased bonding. In one aspect, a method includes estimating an offered load. Data are transmitted over a first communications link of two or more different types of communications links while the estimated offered load is less than or equal to a specified amount. A determination is made that the estimated offered load has exceeded the specified amount. In response to the determination data are transmitted over both of the first communications link and a second communications link of the two or more different types of communications links in response to determining that the estimated offered load has exceeded the specified amount.

Abstract: A new approach is proposed that contemplates systems and methods to support automatic timing adjustment of a plurality of paths carrying metadata of incoming data packets in a network switch to meet their respective timing constraints. First, the paths for transmitting different pieces of metadata of incoming packets are identified in the network switch. Once the metadata paths are identified, the proposed approach identifies the timing constraints that the metadata paths need to satisfy in order for the network switch to function properly. The proposed approach then calculates the current delays of the metadata paths and determines optimal timing values of each of the metadata paths in order to meet the timing constraints. The optimal timing values of the metadata paths are then compared to the current delays of the metadata paths to identify the paths which current delay values need to be adjusted.

Abstract: A plurality of packets that belong to a data flow are received and are distributed to two or more packet processing elements, wherein a packet is sent to a first packet processing element. A first instance of the packet is queued at a first packet processing element according to an order of the packet within the data flow. The first instance of the packet is caused to be transmitted when processing of the first instance is completed and the first instance of the packet is at a head of a queue at the first ordering unit. A second instance of the packet is queued at a second ordering unit. The second instance of the packet is caused to be transmitted when processing of the second instance is completed and the second instance of the packet is at a head of a queue at the second ordering unit.

Abstract: Methods and apparatus for equitable distribution of excess shared-resource throughput capacity are disclosed. A first and a second work target are configured to access a shared resource to implement accepted work requests. Admission control is managed at the work targets using respective token buckets. A first metric indicative of the work request arrival rates at the work targets during a time interval, and a second metric associated with the provisioned capacities of the work targets are determined. A number of tokens determined based on a throughput limit of the shared resource is distributed among the work targets to be used for admission control during a subsequent time interval. The number of tokens distributed to each work target is based on the first metric and/or the second metric.

Abstract: Described herein are various technologies pertaining to a computing system architecture that facilitates construction of virtual motherboards and virtual storage devices. A computing system includes a plurality of computing nodes and a plurality of storage nodes, where the computing nodes are disaggregated from the storage nodes. The computing nodes include respective system on chip modules. The computing nodes and the storage nodes are communicatively coupled by way of a full bisection bandwidth network, where each storage node is allocated network bandwidth that at least matches the maximum input/output speed of the storage node. Responsive to receipt of a client request, computing nodes are allocated to the client and exposed to an application of the client as a motherboard. Likewise, storage nodes are allocated to the client and exposed to the application of the client as a larger storage device.

Abstract: A process migration method comprising executing a computer program on current computing resources, in a current partition of computations to parallel processes, each parallel process carrying out at least one computation; communicating current partition data to intermediate computing resources; using the intermediate computing resources to calculate new partition data including a new allocation of computations to processes for use on changed computing resources; and migrating the process execution to the changed computing resources by communicating the new partition data to the changed computing resources.

Abstract: A method is intended for scheduling reservations of resources in a packet-switched communication network comprising end-nodes (H1-H3) and core network switches (S1-S2). This method comprises the steps of: including a time information to each request, issued by an end-node (H1) and forwarded by at least one core network switch (S1), and requesting a resource reservation for receiving a stream defined by specifications at a time which is represented by this time information, and storing the time information, which is included into each forwarded end-node request in correspondence with the associated stream specifications, into at least one related database managed by a core network switch (S1) which participates to the request forwarding.

Abstract: Electronic information is made available to access requestors based on anticipated demand. Electronic information stored on a first storage medium is identified for transport. A determination is made to store the electronic information on a second storage medium that is more accessible to the access requestors. The determination is based on an anticipated demand of the access requestors for the electronic information. The anticipated demand is determined based at least on information that is not particular to any single access requestor. The electronic information then is stored on the second storage medium and the access requestors are provided access to the electronic information from the second storage medium.

Abstract: A real-time sharing method, apparatus and system, which relate to the online application field to solve the problem that a user cannot actively send a request to another terminal by using a terminal according to a personal requirement to implement real-time sharing of resources of an online application of another terminal. The real-time sharing method for sharing of an online application includes: receiving a browsing request message sent by a first terminal, where the browsing request message carries an identifier of a second terminal; acquiring, according to the identifier of the second terminal, virtual machine information of a virtual machine that provides an online application service for the second terminal; and sending, to the first terminal, resource information sent to the second terminal by the virtual machine corresponding to the virtual machine information.

Abstract: A method includes accessing a database comprising a respective non-linear scalability model for each of a plurality of physical resources and each of a plurality of virtual resources in a virtualization environment. The method also includes generating a respective capacity consumption model for each of the plurality of virtual resources based on the non-linear scalability models. The method further includes determining a deviation from a predetermined threshold range in the respective capacity consumption model for a first virtual resource in the plurality of virtual resources. The method additionally includes determining a slope of the respective capacity consumption model for the first virtual resource, and determining a sizing recommendation for components of the first virtual resource based on the slope and the deviation. The method also includes modifying at least one of the components of the first virtual resource based on the sizing recommendation.

Abstract: A system and method for collision detection and avoidance that converts a probabilistic, packet based communications system into a deterministic packet based communications system. The system and method operates in packet, frame, or datagram based network environments that support different levels of forwarding priority, for example, IP networks and Ethernet networks.

Abstract: A network switch comprises a plurality of packet processing units configured to process a received packet through multiple packet processing stages based on search result of a table. The network switch further comprises one or more memory units configured to maintain the table to be searched and provide the search result to the packet processing units. The network switch further comprises a table managing unit configured to accept a plurality of rules on bulk update to the table specified by a control unit, and perform the bulk update on the table based on the rules specified by the control unit without the control unit accessing the table directly for the bulk update.

Abstract: Transferring instant messaging sessions includes receiving a selection, from a user within a user interface, of at least one instant messaging session from among multiple instant messaging sessions to transfer from a first instant messaging controller on a first device to at 5 least a second instant messaging controller on a second device, where the user is signed on concurrently to the first instant messaging controller on the first device and the second instant messaging controller on the second device. At least a portion of the selected instant messaging session is transferred from the first instant messaging controller on the first device to the second instant messaging controller on the second device and the transferred portion of 10 the instant messaging session is made perceivable on the second instant messaging controller on the second device.

Abstract: A context-driven publication option is received over a network at an adaptive publish subscribe broker from a publishing network device. The context driven publication options are presented over the network to a subscribing network device. A selection of a context-driven subscription is received over the network at the adaptive publish/subscribe broker from the subscribing network device. A publication configured for network management and operations is received at the adaptive publish/subscribe broker. Publications are filtered at the adaptive publish/subscribe broker for the subscribing network device according to the selection of the context-driven subscription.

Abstract: Techniques to interact with an application via messaging are described. An apparatus may comprise an application support component and a communication component. The application support component may be operative to generate an image representing a state of an application and to update the state of the application according to a text command. The communication component may be operative to transmit the image to a client device via a messaging system as an image attachment to a first message and to receive a second message from the client device via the messaging system, the second message comprising the text command. Other embodiments are described and claimed.

Abstract: A device is configured to receive a message associated with a group chat. The group chat may include a communication session among a set of user devices including a first user device and a second user device. The device is configured to receive an indication that the message is confidential and designate the message as a confidential messaged based on the indication. The device is configured to determine that the first user device is authorized to display the message and that the second user device is not authorized to display the message. The device is configured to provide the confidential message to the first user device for display as part of the group chat, and to provide a blocked version of the confidential message to the second user device for display as part of the group chat.

Abstract: An electronic messaging system is provided to generate and send electronic messages that contain adaptive content to customize the electronic messages for each recipient. The system operates to receive an adaptive content asset and a content rule, select a set of adaptive content elements from the adaptive content asset based upon the content rule, and send a content locator to an author computing device to permit the author computing device to include the content locator in the electronic message and send the electronic message to a recipient computing device.

Abstract: A computer-implemented method can include accessing a micro-blog to retrieve a real-time copy of the micro-blog thread and delivering the real-time copy of the micro-blog thread for display in an e-mail message.

Abstract: An e-mail processing system includes: a non-persistent or random memory storing a message queue map having a plurality of message queues, an input handler, and an output handler. Each message queue includes a plurality of data nodes, and each data node represents one message intended for delivery to a respective domain. The input handler comprises instructions for: (i) obtaining an incoming first e-mail, (ii) digesting the incoming first e-mail into a first data node representing the incoming first e-mail, and (iii) analyzing the first data node to determine a first message queue in the number of message queues based at least on the destination domain of the first data node, and (iv) appending the first data node to the plurality of data nodes in the first message queue. The output handler processes a data node in a message queue in the message queue map to send e-mail to an intended recipient.

Abstract: Systems, method sand computer program products for facilitating the automatic deletion of received emails after a user-selectable time period has elapsed are disclosed. In various embodiments, email messages contain a header field referred to as an “Expiration Time” header field that dictates the length of time the email will reside in a designated Inbox prior to its automatic deletion by an email server. The server is able to automatically delete the received email as long as the email is residing in a folder that is synched to the server. A user receiving the email has access to the Expiration Time Header field and can modify its value if desired and allowed by the sender. The user can move the retrieved email to a folder that is not synched to the server, thus preventing the email from being automatically deleted by the server.

Abstract: Querying for devices based on location is disclosed. A request to send a push notification to a location is received. One or more bucket indexes to search for the presence of a device identifier are determined. The one or more bucket indexes are searched for the presence of the device identifier. One or more device identifiers are received in response to the search. The push notification is sent to one or more devices associated with the received one or more device identifiers.

Abstract: The a user interface (UI) residing in a mobile environment, which has a possibility of indicating after reading each message whether or not the message is divergent from the normal/general level as to the importance of the message. Advantageously, the user does not need to do the indication every time when reading the mail. In the interface, after a given mail has been read (or a part of the given mail has been read), there occurs a possibility to choose between two alternatives: interesting or non-interesting. Advantageously, there is not required other extra work from the user. Gradually, a mail agent collects information about what kind of mail the user prefers and does not prefer. The result will be a prearranged list by preference in the incoming mail. Any mail similar to the ones previously indicated as important will appear first to the user. The applied algorithm in the methods and systems is based on statistical analysis of the linguistic contents of the mail.

Abstract: An example of an information sharing system includes at least one processor configured to: accept posting information on a content posted by each of a plurality of users; display the accepted posting information on a first screen; and display, on a second screen, the posting information, which is to be displayed on the first screen and which is posted by one of the plurality of users whose status satisfies a condition on usage of the content.

Abstract: A messaging platform forms an interactive message with one or more components and broadcasts the interactive message to client devices associated with accounts. The interactive message has a plurality of states that update based on event data received from a content source. While the event is in progress, the messaging platform receives event data relating to the event and transitions to an updated state based on the received event data. When the interactive message transitions to the updated state, the messaging platform updates the interactive message broadcast to the client devices. The interactive message may include interactive components that accounts may use to perform various interactions with the event, the content source, or each other.

Abstract: A method and apparatus of processing communications with end users are disclosed. One example method may include detecting a message or post on a website over the Internet that matches a monitoring company's keywords or rules and processing the message by parsing the message and performing a natural language interpretation of the message and processing the parsed message to determine the user's topic of interest. In response, the method may further provide generating a response to the message based on the user's requested objective and sending the response to the user acknowledging the user's topic of interest. Live agents may be notified to check the status of a message and continually override automated message responses to ensure the integrity of the responses.

Abstract: Methods and systems for obtaining service directory information for a remote service including sending a service endpoint query to a remote service requesting a directory of locations within the service. In response to service endpoint query, obtaining the service directory information includes receiving a service endpoint response from the remote service in response to the service endpoint query when the service endpoint query is successful. The service endpoint response includes a directory length field that indicates a number of directory entries. The service endpoint response also includes one or more directory entries indicating one or more locations with the remote service as numerically limited by the directory length field.

Abstract: A method for providing access to an Internet resource includes receiving a DNS query including a hostname to be resolved, receiving status data, invoking a code by a name indicated by the hostname, conveying the status data to the code, receiving from the code a selection of an infrastructure, and generating a DNS response directing a resolution to the infrastructure.

Abstract: A method, non-transitory computer readable medium, and traffic management computing device that obtains one or more parameters for a packet. Firewall policies each corresponding to a logical firewall are applied to the parameters for the packet. A policy log for each of at least a subset of the firewall policies or a hit count for one or more of rules in an access list of each of the subset of the firewall policies is generated. The policy log includes an indication of one or more actions corresponding to at least one rule in the access list of each of the subset of the firewall policies, wherein the at least one rule matches one or more of the parameters of the packet. At least one of the generated policy log or hit counts for one or more of the at least a subset of the firewall policies is output.

Abstract: A virtual network (VN) realization method and system are provided. The method includes setting a VN-AP in a data center network and/or a broadband network. A service deployment and management function entity receives a VN service request from a user to generate feature information of the VN; a PC/VM automatically discovers the VN-AP, the automatically discovered VN-AP generates the VN forwarding table entry of the PC/VM after the PC/VM passes the identity authentication of the VN, and performs tunnel encapsulation according to the VN forwarding table entry to forward a packet from the PC/VM. By discovering a VN-AP for processing a VN automatically, the disclosure realizes the automatic and rapid deployment of the VN.

Abstract: In particular embodiments, a method includes intercepting a remote desktop connection request and connecting to a network gateway based on the remote desktop connection request. A first connection with a server is initiated via the network gateway using a first communication protocol. A plurality of cryptographic contexts are exchanged with the server. A token encrypted using one of the plurality of cryptographic contexts is received from the server. The token is sent from a client device to the server or a proxy to authenticate the client device, and a second connection is initiated with the server, via the proxy, using a second communication protocol.

Abstract: Methods and systems for processing video data are disclosed herein and may comprise receiving within a single mobile multimedia processor chip integrated within a mobile device, a secure key from an off-chip device integrated within the mobile device. The secure key may be decrypted within the single mobile multimedia processor chip, utilizing an on-chip key. The decrypted secure key may be stored within the single mobile multimedia processor chip. The received encrypted data may be decrypted within the single mobile multimedia processor chip, using the stored, decrypted secure key. The on-chip key may be stored within a one-time programmable (OTP) memory in the single mobile multimedia processor chip. The stored on-chip key may be retrieved from the OTP memory for the decrypting. The stored decrypted received secure key may be encrypted utilizing the on-chip key stored within the single mobile multimedia processor chip.

Abstract: A method includes identifying a trusted computer network. The method also includes monitoring a plurality of active network connections. The method further includes determining that the trusted computer network is unavailable by determining that the plurality of active network connections does not comprise the trusted computer network. The method additionally includes, in response to determining that the trusted computer network is unavailable, securing sensitive data documents. Securing the sensitive data documents includes, for each data document of a plurality of data documents, determining a respective classification of a plurality of classifications. The plurality of classifications includes a sensitive classification based on predetermined criteria. Securing the sensitive data documents also includes encrypting particular data documents having the sensitive classification.

Abstract: Multi-tenant and single-tenant methodologies are blended into a single solution to provide cost savings of multi-tenancy along with data security and privacy of a single-tenant environment. The cloud infrastructure is partitioned to include a first set of servers, and a second set of servers. The first set of servers are dedicated to a first operation, such as data presentation, while the second set of servers are dedicated to a second operation, such as data processing. The first set is operated in a multi-tenant operating mode, while the second set is operated in a single-tenant operating mode. Thus, the first set is available for general use, presenting data from any of the server(s) in the second set. The second set, in contrast, is dedicated to individual tenants. Preferably, each tenant has dedicated server(s) in the second set, which functions like a traditional, single-tenant environment providing inherent security and privacy guarantees.

Abstract: Methods and systems to facilitate real time communications via a telephonic apparatuses that support data communications. In one embodiment, a telephonic apparatus includes: a network interface to submit a query over a data communication network and to receive a listing with embedded information about the query; and a call module coupled to the network interface, the call module to embed the information about the query in a call signaling message for a telephonic connection according to the listing.

Abstract: Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application.

Abstract: Various embodiments are generally directed to techniques to distribute encrypted packets among multiple cores in a load-balanced manner for further processing. An apparatus may include a processor component; a decryption component to decrypt an encrypted packet to generate a decrypted packet from the encrypted packet, the encrypted packet comprising a header that comprises at least one field of information; a hash component to generate a header hash from the at least one field of information during decryption of at least a portion of the encrypted packet by the decryption component, the header hash comprising a smaller quantity of bits than the at least one field of information; and a distribution component to select a first core of multiple cores coupled to the processor component based on the header hash and to transmit the decrypted packet to the first core from the processor component. Other embodiments are described and claimed.

Abstract: A distributed computing environment utilizes a cryptography service. The cryptography service manages keys securely on behalf of one or more entities. The cryptography service is configured to receive and respond to requests to perform cryptographic operations, such as encryption and decryption. The requests may originate from entities using the distributed computing environment and/or subsystems of the distributed computing environment.

Abstract: Storing a key to an encrypted file in a kernel memory is disclosed. Authentication data may be received and authentication credentials of the authentication data may be stored in a file. The file may be encrypted and a key to the encrypted file may be generated. The encrypted file may be stored in a user space and the key may be stored in a kernel space. The key may be retrieved from the kernel space and applied to the encrypted file in the user space to decode the encrypted file and subsequently access the authentication credentials stored in the encrypted file.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session with. The server transmits the encrypted premaster secret to another server for decryption. The server receives the decrypted premaster secret and continues with the handshake procedure including generating a master secret from the decrypted premaster secret and generating one or more session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server.

Abstract: Content is transmitted within a range of the user's legitimate use while limiting the number of equipment to which the content is transmitted at the same time. A content using apparatus periodically transmits an exchange key and the corresponding key ID using a command. Only while receiving the key ID at predetermined reception cycles, a content providing apparatus maintains the corresponding exchange key. When not periodically receiving the key ID, the content providing apparatus destroys the corresponding exchange key. After that, when receiving a command including the key ID, the content providing apparatus returns a response including information indicating that the exchange key has become invalid.

Abstract: This document describes various techniques for distributing credentials based on hardware profiles. A resource access request including a hardware profile is transmitted to a remote entity having access to a previous hardware profile and a credential useful to access a resource is received if at least a portion of the hardware profile matches the previous hardware profile.

Abstract: A communication device and method for authentication of a message being transmitted from the communication device. The method includes receiving, by a messaging utility, content of a message provided for transmission from the communication device. Based on a determination that the message requires user authentication before the message is transmitted to a recipient, the method further includes selecting, based on contextual data, one or more biometric capturing components of the communication device; triggering at least one selected biometric capturing component to capture a corresponding biometric input from a user of the communication device; and transmitting the message when the biometric input as belonging to an authorized user of the communication device. In one embodiment, a clearinghouse service authenticates a biometric input from a user of the communication device in order to certify the user and/or the message.

Abstract: In embodiments of the present invention improved capabilities are described for managing access to a secure exchange environment managed by an intermediate business entity through a user email identity, the method comprising establishing a secure exchange server hosted by an intermediate business entity, wherein communications and access to a collection of files established by a first business entity are managed for a second business entity; and establishing an email effectivity facility that allows a user of the first business entity to specify a condition for email-based access to at least one resource in the collection of files, wherein the condition expresses (a) an effective period for using an email providing access to the resource and (b) a condition of email access to the resource by a designated individual of the second business entity, wherein the access permission was assigned using a specific email address of the designated individual.

Abstract: A computer-implemented method for managing access to services provided by wireline service providers may include (1) receiving at least one request from a subscriber device to authorize access to at least one service, (2) authenticating the subscriber device with an access gateway of a wireline service provider based at least in part on the request, (3) generating a unique session identifier that uniquely identifies the subscriber device during a service-access session, (4) delivering the unique session identifier to a management server of the wireline service provider to enable the management server to authenticate the subscriber device with at least one network device that provides the service based at least in part on the unique session identifier, and then (5) facilitating access by the subscriber device to the service provided by the network device during the service-access session. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: In the present invention, a start request terminal transmits start request information including participation restriction information to a management system. A transmission/reception unit of the management system transmits participation authentication information for authenticating participation in an established session to a middle-of-conference participation terminal. A transmission/reception unit of a participation request terminal transmits, to the management system, participation request information for requesting participation of the participation request terminal in an established session and participation authentication information which is input with the terminal in accordance with the participation authentication information transmitted to the terminal.

Abstract: A communication service accessible on a web that authenticates user credential information of a first user to authorize a request in order to perform a communication with at least a second user; the first user requesting to the communication service to generate a hyperlink that is associated to its address and provides the generated hyperlink to at least a second user; the latter requesting to initiate said requested communication with said first user by directly clicking on said provided hyperlink, wherein the identity of said at least second user is maintained anonymous and the identity of said first user is done based on the information provided on said hyperlink; said communication between said at least second user and said first user being authorized by and a first server.

Abstract: A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to the system via an application on a mobile communication device. If the correct verification code is communicated by the user, the user receives via the application a verification message containing another verification code, which the user submits to a website or on-line form or to another verification system for authentication.

Abstract: Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed.

Abstract: Disclosed are an apparatus and method of performing automated administrative operations on a mobile device. One example method may include determining via a hosted server that an action needs to be performed by a mobile device under management. The method may further include generating a message via the hosted server, the message includes the action, and transmitting the message to the mobile device under management, and receiving a result message from the mobile device under management responsive to the transmitted message, the result message indicating that the action has been satisfied.

Abstract: A proxy server receives a synchronization request from an application program resident on a user device. The proxy server determines that the user device requires removal of application program data and synchronizes the application program resident on the user device with a null account that is associated with application program.