Abstract: A method and apparatus are provided for embedding cloud demands with shared protection in a software-defined flexible-grid optical transport network. The method includes mapping working virtual nodes of the cloud demands over physical nodes of the network. The method further includes mapping backup virtual nodes of the cloud demands over the physical nodes. The method also includes mapping working virtual links of the cloud demands over physical routes of the network. The method additionally includes mapping backup virtual links of the cloud demands over the physical routes. The mapping steps are performed by an optical-defined controller having a processor.

Abstract: A method in a computing device for locality sensitive load balancing between servers includes receiving a packet and querying a plurality of Bloom filters, using keys based upon a plurality of header field values of the packet, to generate a plurality of candidate servers. A subset of the candidate servers were generated due to false positive matches occurring from some of the plurality of Bloom filters. One server of the plurality of servers is identified as the destination for the packet based upon identifying the subset of candidate servers within an entry of a false positive table. Each false positive table entry identifies, for a flow of packets, servers that are falsely included in sets of candidate servers generated by the plurality of Bloom filters for packets of that flow. The packet is transmitted to the first server.

Abstract: A traffic adjustment method and an apparatus, which relate to the communications field, so that statistics on traffic of a receiving apparatus that needs to receive a first multicast packet can be accurately collected in a process of multicast packet transmission. A specific solution is as follows: A sending apparatus sends a first multicast packet, and determines whether an identity of a first receiving apparatus is in a receiving list of a first group, and if the identity of the first receiving apparatus is in the receiving list of the first group, the sending apparatus acquires multicast traffic of the first receiving apparatus, and subtracts the multicast traffic of the first receiving apparatus from preset traffic allocated to the first receiving apparatus to obtain corrected traffic of the first receiving apparatus.

Abstract: One embodiment of the present invention provides a switch. The switch includes a virtual local area network (VLAN) configuration module. During operation, the VLAN configuration module maps local resources of the switch and/or locally coupled end device information to a global VLAN identifier, wherein the global VLAN is persistent across a fabric switch. The fabric switch is operable to accommodate a plurality of switches and operates as a single logical switch.

Abstract: A method for generating a switch fabric topology, comprising constructing a first switch fabric topology, modifying the first switch fabric topology to generate a second switch fabric topology, wherein modifying the first switch fabric topology comprises isolating center stage sets of the first switch fabric topology, and replacing each of the isolated center stage sets with a single × switching element to generate the second switch fabric topology, wherein is an integer representing a radix of the switching element determined in connection with the constructing of the first switch fabric topology.

Abstract: A method for generating a switch fabric topology, comprising constructing a first switch fabric topology, modifying the first switch fabric topology to generate a second switch fabric topology, wherein modifying the first switch fabric topology comprises isolating center stage sets of the first switch fabric topology, and replacing each of the isolated center stage sets with a single × switching element to generate the second switch fabric topology, wherein is an integer representing a radix of the switching element determined in connection with the constructing of the first switch fabric topology.

Abstract: An apparatus for sharing a serial communication port between a plurality of communication channels is described. The apparatus comprises a transceiver that manages communications over the serial communication port. The apparatus also includes a multiplexer coupled to the transceiver, wherein the multiplexer multiplexes the plurality of communication channels. The apparatus also includes identification information circuitry coupled to the multiplexer, wherein the identification information circuitry adds identification information to data from the plurality of communication channels that enables the plurality of communication channels to share the serial communication port. The serial communications port and the multiplexer permit communication between integrated circuits that meet at least one latency metric for the plurality of communication channels when the plurality of communication channels are active.

Abstract: Embodiments of the invention describe flexible (i.e., elastic) data center architectures capable of meeting exascale, while maintaining low latency and using reasonable sizes of electronic packet switches, through the use of optical circuit switches such as optical time, wavelength, waveband and space circuit switching technologies. This flexible architecture enables the reconfigurability of the interconnectivity of servers and storage devices within a data center to respond to the number, size, type and duration of the various applications being requested at any given point in time.

Abstract: A method and system is implemented in a network node that functions as a controller for a domain in a split architecture network. The domain comprises a plurality of flow switches, where the plurality of flow switches implement a data plane for the split architecture network and the controller implements a control plane for the split architecture network that is remote from the data plane. The method and system configure the plurality of flow switches to efficiently handle each type of broadcast packet in the domain of the split architecture network without flooding the domain with the broadcast packets to thereby reduce a number of broadcast packets forwarded within the domain.

Abstract: A switching device comprising a plurality of ingress ports and a plurality of egress ports. The switching device is arranged to receive data packets through said ingress ports and to forward received data packets to respective ones of said egress ports. The switching device is further arranged to: determine a first time at which a first cell of a selected data packet is to forwarded to one of said egress ports, determine a further time at which a respective further cell of the selected data packet is to be forwarded to said one of said egress ports, store data indicating that said respective further cell is to be forwarded at said determined further time, forward said first cell at said first time, and forward said further cell of said selected data packet at said determined further time.

Abstract: A system comprises a network interface to receive a stream of packets from a network, insert each of the packets into a buffer in memory of a graphics processing unit using direct memory access, assign each of the packets an index representing an offset indicating a location in the memory of the graphics processing unit, determine that a pre-configured buffer flow capacity has been reached regarding a first buffer in the graphics processing unit, and transmit an interrupt to the graphics processing unit corresponding to the pre-configured buffer flow capacity regarding the first buffer in the graphics processing unit. The graphics processing unit is connected to the network interface over a bus and starts a first kernel specific to the first buffer in response to the interrupt.

Abstract: A disclosed relay apparatus includes: a generator that generates, upon receipt of a first packet that includes a first identifier of a virtual machine that is newly executed in an information processing apparatus connected to the relay apparatus from the information processing apparatus, a second packet that includes a second identifier of the virtual machine, which is different from the first identifier, and requests to set relay for the virtual machine; and a processing unit that sets the relay for the virtual machine by using the second identifier of the virtual machine, which is included in the second packet generated by the generator or received from the information processing apparatus.

Abstract: In some embodiments, an apparatus includes a switch fabric having at least a first switch stage and a second switch stage, an edge device operatively coupled to the switch fabric and a management module. The edge device is configured to send a first portion of a data stream to the switch fabric such that the first portion of the data stream is received at a queue of the second switch stage of the switch fabric via the first switch stage of the switch fabric. The management module is configured to send a flow control signal configured to trigger the edge device to suspend transmission of a second portion of the data stream when a congestion level of the queue of the second switch stage of the switch fabric satisfies a condition in response to the first portion of the data stream being received at the queue.

Abstract: To re-establish a direct tunnel between an access node and a gateway router in a wireless network, a control node that provides mobility management on behalf of mobile stations detects restart of the gateway router. In response to detecting restart of the gateway router, the control node sends context information regarding a previously established direct tunnel to the gateway router to enable the gateway router to re-establish the direct tunnel.

Abstract: A first processor assigns switches and/or switch ports to a virtual stack according to configuration information and stores the virtual topography of the virtual stack in a mapping table. The mapping table correlates switches, switch ports, computer processors, and virtual stacks. The first processor receives a data unit from a first switch that includes a source address and a destination address. The destination address identifies a switch and switch port. The first processor compares the destination address to the mapping table to determine a second computer processor and sends the data unit to the second computer processor, the second computer processor corresponding to a switch and/or switch port identified in the destination address of the data unit.

Abstract: Allocation of buffers for a TCP proxy session between a client and a server by a service gateway includes monitoring dynamic network behaviors for server and client side sessions of the TCP proxy session; and allocating capacity for a server side buffer and capacity for a client side buffer in a memory buffer based on the dynamic server side network behaviors, the dynamic client side network behaviors, and a weighted average of a capacity of the memory buffer. In one approach to the allocation, the gateway determines whether an available capacity of the server or client side buffer is sufficient to store a data packet. If not sufficient, the allocated capacity of the server or client side buffer is increased based on measurements of the dynamic network behaviors and the weighted average, and the available capacity of the server or client side buffer is adjusted accordingly.

Abstract: In one embodiment, a method is provided. The method of this embodiment provides storing a packet header at a set of at least one page of memory allocated to storing packet headers, and storing the packet header and a packet payload at a location not in the set of at least one page of memory allocated to storing packet headers.

Abstract: A server system hosts a plurality of conversations, each having an identified set of participants. For a respective conversation, the server accesses the conversation in which a user is a participant. The server obtains a conversation profile for the conversation, the conversation profile based on information including content of the conversation and user-specific term weights for at least a plurality of terms in the content of the conversation. The server accesses a plurality of entity profiles that are based on content and/or structure in other conversations in which the user is a participant. The server compares at least a subset of the entity profiles to the conversation profile to identify a set of entities having entity profiles that best match the conversation profile, generates a suggestion for the user including a suggested entity from the identified set of entities; and sends the suggestion to the client system for display to the user.

Abstract: Technologies and implementations for providing real-time targeted messages are generally disclosed.

Abstract: A method and apparatus for representing a conversation of related messages is provided. In a message collection user interface for displaying messages sent and received by a communications device, a dynamic session placeholder is used for a respective conversation of related messages. The message collection user interface is displayed including any dynamic session placeholders in the list of messages. As messages from the conversation are occasioned, the dynamic session placeholder is updated. When the message collection is displayed, it is displayed in accordance with the updated session placeholder.

Abstract: Examples of systems and methods for context based virtual area creation are described. Some examples provide a quick and easy way for users to wrap virtual areas around contexts of interest. Examples of such contexts may be defined in terms of one or more of content, people, and real-world location. The virtual areas support realtime communications between communicants (e.g., one or more of text chat, voice, video, application sharing, and file sharing) and provide a persistent historical repository for interactions in the virtual area. Summaries of activities and other events in virtual areas typically are published in realtime so that other communicants can readily obtain a quick summary of the activities occurring in a particular context and decide whether or not to join or otherwise participate in those activities.

Abstract: Methods and devices for providing presence based messaging are disclosed. For example, a method receives a message including a message content, an identifier of a recipient and a presence parameter. The presence parameter may comprise a speed parameter pertaining to a speed of a device associated with the recipient or a mood parameter pertaining to a mood of the recipient. The method then stores the message and delivers the message to the device associated with the recipient when the presence parameter is satisfied.

Abstract: Embodiments of the disclosure relate to performing correction on incoming messages. Embodiments include receiving a message from a sender and determining if a portion of the message has been auto-corrected by the sender. Embodiments also include performing a correction on the portion of the message that was auto-corrected by the sender and storing the correction made by the receiver for each individual sender.

Abstract: Methods, systems, and apparatus, including computer programs for receiving, from a first client device, a request for messages of a first channel of a plurality of channels starting at a position in the first channel, wherein each channel comprises a respective ordered plurality of messages stored in one or more respective buffers according to the order, each buffer having a respective time-to-live; receiving, from one of the second client devices, a response message comprising one or more messages of the first channel that are at or after the position in the order; and sending the messages to the first client device.

Abstract: The invention relates to handling a message addressed to a client terminal, which client terminal includes a messaging client for handling said messages. The method includes the steps of receiving a message addressed to the client terminal, said message including content destined to an “upper level” application, the “upper level” application being an application, which is separate from the messaging client, obtaining capability information relating to said client terminal, checking whether said capability information includes information about “upper level” applications the client terminal supports, and conducting an action responsive to said checking phase.

Abstract: The present invention relates to electronic mail. In particular, it relates to a method and system for processing electronic mail, wherein mails are stored in a space efficient way by removing redundancy from the content. Prior art is known for doing a limited version of this on a mail client.

Abstract: Aspects of the present invention associate an unsent electronic message with a target file that is attached to a first stored electronic message. A command to attach a file to the unsent electronic message is received. A list identifying one or more files attached to one or more stored electronic messages is displayed. The target file is one of the one or more files. An input identifying the target file is received. One of the target file and a file that identifies a location of the target file on a storage device is attached to the unsent electronic message.

Abstract: Facial recognition algorithms may identify the faces of one or more people in a digital image. Multiple types of communication may be available for the different people in the digital image. A user interface may be presented indicating recognized faces along with the available forms of communication for the corresponding person. An indication of the total number of people available to be communicated with using each form of communication may be presented. The user may have the option to choose one or more forms of communication, causing the digital image to be sent to the recipients using the selected forms of communication. An individual may have provided information for facial recognition of the individual to a service. Based on the information, the service may recognize that the individual is in an uploaded picture and send the digital image to the user account of the individual.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for receiving a write request from a publisher comprising a channel name wherein the channel identified by the channel name comprises an ordered plurality of messages stored in buffers, each buffer having a predetermined time-to-live and being assigned to a respective node, identifying a first node and a first buffer stored on the first node based on the channel name of the request that has available storage for storing messages and wherein the first buffer has a time-to-live that has not expired, and sending a write grant to the publisher wherein the grant comprises identification of the first node and the first buffer, and wherein the publisher is configured to send messages to the first node for storage in the first buffer based on the grant until the first buffer is full or its time-to-live has expired.

Abstract: Systems and methods for handling messages in which a list comprising a plurality of conversations is provided. A first conversation in the plurality of conversations is identified. The first conversation is configurable to occupy a single line in the list and comprises a plurality of messages. This plurality of messages shares a common set of characteristics that meets a predefined criterion. Responsive to receiving a designation of a predefined user action, the predefined user action is applied, without human intervention, to each message in the plurality of messages.

Abstract: A mobile device for accessing content stored on a remote server over a mobile network includes a processor configured to direct the mobile device to send a request directing a management server to initiate a transaction.

Abstract: Methods and arrangements for imparting a communications delay. A delay is dynamically determined for sending an outgoing communication. The determining includes using information derived from a determination of a prevailing activity level of a sender, and the determined delay is applied to the outgoing communication.

Abstract: An exemplary method includes at least one computing device maintaining data representative of a user profile associated with a first user of a first mobile device, detecting that the first mobile device and a second mobile device associated with a second user are located in a geographic vicinity, determining, in response to the detecting that the first mobile device and the second mobile are located in the geographic vicinity, that the second user matches at least one criterion defined within the user profile associated with the first user, and automatically storing, in response to the determining, contact information corresponding to the second user.

Abstract: A method and system for managing electronic messaging which includes monitoring an electronic message generated by a plurality of users. The electronic message including content. A criteria is determined for setting a status of the electronic message, and the criteria includes a change of the content of the electronic message. A change of the content of the electronic message is detected based on the criteria. The status of the electronic message is set, and the status is indicated to the plurality of users of the electronic message.

Abstract: Embodiments of the present invention provide a service forwarding method and device. The method includes receiving an uplink packet of a base station that is sent by a user-end provider edge (UPE) device over a transport tunnel. The uplink packet carries an Internet Protocol (IP) address of the base station and an identifier of the transport tunnel. The method further includes establishing a mapping relationship between the IP address of the base station and the identifier of the transport tunnel according to the uplink packet, and sending a downlink service packet to the UPE device over the transport tunnel according to the mapping relationship. A destination IP address of the downlink service packet is the IP address of the base station.

Abstract: Techniques for an exponential moving maximum (EMM) filter for predictive analytics in network reporting are disclosed. In some embodiments, a process for predictive analytics in network reporting using an EMM filter includes pre-processing network-related data by performing exponential moving maximum (EMM) filtering on the network-related data; and determining predictive analytics based on the EMM filtered network-related data.

Abstract: A method, device and system for obtaining a local domain name are provided. A Dynamic Host Configuration Protocol (DHCP) request from a User Equipment (UE) is received, in which the request carries an option for indicating returning a domain name of a local domain where the UE is located; and the domain name of the local domain where the UE is located is obtained according to the DHCP request, and the domain name of the local domain where the UE is located is carried in a DHCP reply message to be returned to the UE. A device and system for obtaining a local domain name are also provided, which solve the problem that a user is incapable of obtaining a local domain name after full authentication, so that a UE can perform fast re-authentication during a handover, thereby reducing a handover delay and improving the user experience.

Abstract: Techniques and mechanisms to enable addressing of components accessed via a control interface. In an embodiment, a plurality of identifiers is logically split into first and second pools. The first pool is available for assigning to allow addressing of components while such components are active with respect to some functionality. The second pool is available for assigning to allow addressing of components while such components are passive with respect to some functionality. In another embodiment, different respective identifiers of the first pool pool are assigned each of first one or more of the plurality of components, and a respective identifier of the second pool is assigned to each of second one or more of the plurality of components. Any two of the second one or more components that have the same address default are assigned different respective identifiers of the second pool.

Abstract: Methods and systems for maintaining NAT session management on a multi-core device are disclosed. A first core of the multi-core device that is intermediary between a plurality of clients and a plurality of servers may insert a NAT session into a local outbound session table stored in a memory of the first core. The first core may determine that a second core of the multi-core device will serve as a receiving core for a response to the request from the server to the client. The first core may insert the NAT session into a global session table responsive to determining that the second core will serve as the receiving core.

Abstract: A computer system (100) is arranged to run at east one user-oriented operating system (153) (e.g. Windows, LINUX, etc.) on which a plurality of user-oriented applications (152) (e.g. Word processor, web browser, spreadsheet application, etc.) may run, the computer system being further arranged to run a secondary program supporting environment (154), (155) (e.g. computer BIOS, Hypervisor, basic LINUX operating system micro-kernel, etc.). The computer system (100) is arranged to run the secondary program supporting environment (154), when the main user-oriented operating system is not miming in either or both of the following situations: prior to loading the main operating system at boot-up time of the system or when a user wishes to log back into his/her operating system after having previously logged out or having been logged out automatically and/or during a sleep mode of the computer system.

Abstract: A system and method for web filtering, including: generating an institutional policy dashboard that enables an institution that issued a computing device to a minor user to select a set of institutional web access policies sanctioned by the institution; generating a parental policy dashboard that enables a parent of the minor user to select to a set of parental web access policies sanctioned by the parent; filtering web content accessed by the minor user via the computing device by enforcing the parental and the institutional web access policies; and reporting to the parent a set of web accesses undertaken by the minor user via the computing device.

Abstract: Techniques to authenticate a client to a proxy through a domain name server intermediary are described. In one embodiment, for example, a client apparatus may comprise a data store and a network access component. The data store may be operative to store a network configuration file, the network configuration file containing a client-specific secret. The network access component may be operative to transmit a communication request from the client device to a proxy server, the communication request directed to a destination server distinct from the proxy server, and to receive a response to the communication request from the destination server based on a determination by the proxy server that the client is authorized to use the proxy server, the determination based on the client having previously sent an encoding of a client-specific secret to a domain name server embedded within a lookup domain of a domain name request. Other embodiments are described and claimed.

Abstract: A method for handling hyper-text transfer protocol (“HTTP”) requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a destination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a received result of the URL policy processing, transmitting the client request to the destination server.

Abstract: A network device is provided. The network device is connected to a number of slave network devices. Each slave network device communicates with the network device by using an Internet protocol (IP) address. The network device includes an Internet protocol security (IPsec) module and a network address translation (NAT) module. The IPsec module establishes an IPsec tunnel to a network gateway in the Internet and retrieves an IPsec IP address corresponding to the IPsec tunnel. The NAT module converts the IP addresses of the slave network devices to the IPsec IP address, such that the slave network devices use the IPsec IP address to communicate with the network gateway through the IPsec tunnel.

Abstract: In an embodiment, a method includes registering applications and network services for notification of an out-of-band introduction, and using the out-of-band introduction to bootstrap secure in-band provisioning of credentials and policies that are used to control subsequent access and resource sharing on an in-band channel. In another embodiment, an apparatus implements the method.

Abstract: Method(s) and system(s) for providing privacy to personal information of end users while utilizing recommendation services and personalized content are described. According to the present subject matter, the system(s) implement the described method(s) for providing privacy to personal information of end users. The method for privacy protection includes receiving user consumption data associated with one or more end users where the user consumption data comprises at least a slice of interest profile and associated interest group id of the slice of interest profile; and where the user consumption data is received through a network anonymization layer. The method may further include routing the user consumption data to an interest group aggregator node from amongst a plurality of intermediary nodes based on distributed hash table routing mechanism, and wherein the interest group aggregator node is associated with the interest group id present in the user consumption data.

Abstract: Methods, apparatuses, and computer program products are provided for facilitating the secure transmission and storage of data. In this regard, a method is provided that comprises causing data encrypted by a sender system to be received at a service provider system; causing the data as encrypted by the sender system to be stored at the service provider system; receiving a request for the data from a recipient system; determining the recipient system is authorized to receive the data; and causing the data as encrypted to be transmitted to the sender system.

Abstract: Various aspects of the disclosure relate to providing secure containers or data vaults for data of one or more managed applications. In some embodiments, each managed application may be assigned its own private data vault and/or may be assigned a shared data vault that is accessible to at least one other managed application. As the managed application executes, calls for access to the data may be intercepted and redirected to the secure containers. Data stored in a secure container may be encrypted according to a policy. Other aspects relate to deleting data from a secure container, such as via a selective wipe of data associated with a managed application. Further aspects relate to configuring and creating the secure containers, retrieving key information required to encrypt/decrypt the data stored in the secure containers, and publishing the managed applications, policy information and key information for download to a mobile device.

Abstract: A method and system for providing a secure communication network using an electrical distribution grid is disclosed. A device connected to the electrical distribution grid initiates a request for a secured key token by signaling an intelligent communicating device residing at or near an edge of the grid. The intelligent communicating device forwards the request to a receiver at a distribution substation on the electrical grid. This receiver enhances the properties of the request such that a grid location for the request can be inferred. The enhanced request is forwarded to a server at the distribution substation, which compares the request grid location to a Grid Map and Policies of known secure grid locations. Any inconsistencies between the grid location inferred from the enhanced request and the Grid Map and Policies locations are considered evidence of tampering, and the server rejects the request.

Abstract: In a method of selectively applying a data encryption function, a CoAP client and a CoAP server perform a DTLS handshake process. The CoAP client generates a CoAP message when the DTLS handshake process has been completed, and then indicates that encryption does not need to be applied to the CoAP message. The CoAP client generates only the authentication value of the CoAP message via a DTLS record layer protocol. The CoAP client sets the value of the specific field of a DTLS record layer protocol header to a specific value via the DTLS record layer protocol. The CoAP client sends the CoAP message and the authentication value to the CoAP server.