Abstract: The invention provides, in some aspects, digital data processing methods of generating digital content pieces (e.g., email messages or portions thereof) that are customized in accord with individual recipient behaviors. Such methods include the step of generating and digitally transmitting to a digital data devices of a recipient a digital content piece that (i) has a call to action to which the recipient can respond and (ii) that has a plurality of features selected so as to maximize a probability, P(b1,b2, . . . ,bM,x1,x2, . . . ,xM), that the recipient will respond to that call to action, where that probability is defined by the relation P(b1,b2, . . . ,bM,x1,x2, . . . ,xM)=exp(?j=1, . . . ,Mbjxj)/(1+exp(?j=1, . . . ,Mbjxj)) where x1,x2, . . . ,xM are values for each of a plurality, M, of features characterizing the digital content piece and/or the recipient, b1,b2, . . . ,bM are respective coefficients for each of the values x1,x2, . . . ,xM.

Abstract: Example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to implement a queuing system with an adjustable scalability/reliability level.

Abstract: Provided are an information processing method and apparatus being applicable to a first electronic device, comprising establishing a communication link between the first and a second electronic device; displaying a first communication interface; judging whether a predetermined condition is satisfied; and displaying a second communication interface when it is judged that the predetermined condition is satisfied; wherein the second communication interface comprises a first area and a second area, the first and second areas are at least partially overlapped, and the first area comprises a first subarea and/or a second subarea, the second subarea is used for displaying first information acquired by the first electronic device, the first subarea is used for displaying second information acquired by the second electronic device, the second area is used for displaying shared information, and at least a part of the shared information is simultaneously displayed on the first and second electronic device.

Abstract: The described embodiments include a message server that is configured to send, to multiple receiving electronic devices, corresponding messages that each include a payload acquired from a single request message received from a client electronic device. In these embodiments, the request message received from the client electronic device includes a push token for each of the receiving electronic devices and the payload. Upon receiving the request message, the message server generates, for a receiving electronic device associated with each push token, a message that includes the payload. The message server then sends each message to the corresponding receiving electronic device. In this way, the message server “fans out,” to the multiple receiving electronic devices, corresponding messages that each include the payload from the single request message.

Abstract: An instant messaging client application is executed on a first terminal, to participate in threads of instant messaging between user terminals over a packet-based network, each thread comprising exchanging text-based messages between the user terminals of a selected group of contacts comprising the first user and at least one second user. A digital record of the messages is maintained in a data storage medium. A further text-based message is received from one of the second terminals over the packet-based network, comprising a citation of a cited one of the text-based messages previously transmitted over the packet-based communication network and stored in the storage medium. The further message is processed at the first terminal so as, by reference to the storage medium, to recover a context of the cited message in relation to others of the text-based messages in the respective thread.

Abstract: A telecommunication and multimedia management apparatus and method that supports voice and other media communications and that enables users to: (i) participate in multiple conversation modes, including live phone calls, conference calls, instant voice messaging or tactical communications; (ii) review the messages of conversations in either a live mode or a time-shifted mode and to seamlessly transition back and forth between the two modes; (iii) participate in multiple conversations either concurrently or simultaneously; (iv) archive the messages of conversations for later review or processing; and (v) persistently store media either created or received on the communication devices of users. The latter feature enables users to generate or review media when either disconnected from the network or network conditions are poor and to optimize the delivery of media over the network based on network conditions and the intention of the users participating in conversations.

Abstract: A method for presenting an attachment within an email message on a display of a portable electronic device includes displaying the email message using a messaging application, sending a conversion request to an attachment server in order to view the attachment in an attachment viewer of the portable electronic device, receiving a converted attachment from the attachment server; and upon receiving the converted attachment from the attachment server, inserting a thumbnail image in a message body of the email message.

Abstract: A user can share (show) multimedia information while simultaneously communicating (telling) with one or more other users over a network. Multimedia information is received from at least one source. The multimedia information may be manually and/or automatically annotated and shared with other users. The multimedia information may be displayed in an integrated live view simultaneously with other modes of communication, such as video, voice, or text. A simultaneous sharing communication interface provides an immersive experience that lets a user communicate via text, voice, video, sounds, music, or the like, with one or more other users while also simultaneously sharing media such as photos, videos, movies, images, graphics, illustrations, animations, presentations, narratives, music, sounds, applications, files, and the like. The simultaneous sharing interface enables a user to experience a higher level of intimacy in their communication with others over a network.

Abstract: An electronic device displays an image or video associated with a session of a messaging application. The device displays a message received from a user associated with the session over the image or video. In response to receiving a second message, the device displaces display of the first message with display of the second message, and displays the first message at a second location, also over the image or video. The device also displays an image icon associated with the image or video over the image or video. In response to receiving a second image or video, the device displays a second image icon over the first image or video. In response to the user selecting the second image or video, the device replaces display of the first image or video with the second image or video, while maintaining the display of the messages and image icons.

Abstract: An approach is provided in which a request is received from a requestor to send a new email message to one or more recipients on behalf of a selected joint sender group (JSG). The selected JSG includes multiple JSG members with one of the JSG members being the requestor. Permissions corresponding to the JSG are then retrieved and compared to the requestor and the contents of the new email message are identified. The new email message is then sent to the recipients in response to determining, based on the comparison, that the requestor has permission to send the new email message on behalf of the selected JSG. On the other hand, the sending of the new email message is inhibited in response to determining that the requestor lacks permission to send the new email message on behalf of the selected JSG.

Abstract: Systems and methods for receiving a communication on one or more user devices within a vehicle and redirecting the communications based at least in part on one or more user profiles associated with occupants of the vehicle is disclosed. The redirection of the communication may further be based at least in part on one or more sensor signals or a drive characteristic associated with the vehicle.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, are described for providing messages to client devices. In certain examples, a stream of messages is provided to a messaging application on a client device at a desired message feed rate. A message download rate of the stream of messages by the messaging application is monitored. A determination is made that the message download rate is less than the desired message feed rate. In response, the stream of messages is provided to a buffer on the client device at the desired message feed rate, and the stream of messages is sent from the buffer to the messaging application at the message download rate. A determination is made that the message download rate is greater than the desired message feed rate and, in response, a stored quantity of messages on the buffer is allowed to decrease.

Abstract: A digital device including a display unit, a communication unit, and a processor to control the display unit, wherein the processor extracts at least one keyword, designates the at least one keyword and extracts at least one application providing additional information.

Abstract: Location-based notification includes establishment of a rally point and subsequent notification of a user when another user enters the rally point. Senders may set up rally points at various physical locations and specify one or more target recipients that are to be notified when the sender enters the rally point. Target recipients may specify communication settings that dictate whether and/or how they wish to receive notifications under a variety of circumstances. When a sender having a computing device enters a rally point location, a notification is sent from the computing device to a location-based notification service, which notifies each of the target recipients in a manner that complies with the target recipient's individual communication settings.

Abstract: An electronic device is provided that easily performs message exchange that exploits the relative position relationship with other vehicles while traveling. The electronic device (2) includes a display unit (11), a wireless communication unit (20) that receives information including positional information of a sender and message information desired by the sender to be transmitted to a correspondence party, a relative position calculation unit (41) that calculates relative position information of the sender relative to an own device based on the positional information, and a display control unit (43) that provides a first display region (111) to the display unit (11) and display message information in the first display region (111), as well as displaying relative position information without displaying a map.

Abstract: A system, method and computer-readable medium for request routing. A DNS server at a content delivery network service provider obtains a DNS query corresponding to a resource requested from a client computing device and associated with a first resource identifier. The first resource identifier includes a first portion with DNS information and a second portion with path information. The DNS server selects a network computing component for processing the requested resource based on the DNS portion of the resource identifier and transmits information identifying the selected network computing component to the client computing device.

Abstract: Complex search tasks are performed relative to an LDAP directory with a minimal quantity of LDAP search operations. Search tasks that follow relationships between LDAP entries can be performed, even under circumstances in which those relationships are not represented by the hierarchical structure of the LDAP directory. A client application can specify an LDAP control that the client application sends to the LDAP server along with the LDAP search operation. The LDAP server's receipt of the LDAP control can cause the LDAP server to modify the behavior of the search operation so that the LDAP server follows potentially non-hierarchical specified relationships between the LDAP entries in determining the set of entries to return as results of the search operation. As a result, the LDAP server can return a complete set of related result entries to the client application in response to a single LDAP search operation directed by the application.

Abstract: A firewall system determines whether a protocol used by an incoming data packet is a standard protocol compliant with Request For Comment (RFC) standards. In the event the protocol is RFC compliant, the firewall transmits the packet to the recipient according to firewall policies regarding the standard protocol. If the protocol is not that of an RFC standard, the firewall determines whether the protocol matches an RFC-exception protocol in a RFC-exception protocol database. If the protocol does match an RFC-exception, the firewall may transmit the packet to the recipient according to firewall policies regarding the RFC-exception protocol. If it does not match an RFC-exception, the firewall may transmit the packet or protocol to a support system where it may be quarantined until it is approved based on a decision that the protocol is safe and/or widely adopted.

Abstract: The embodiments described herein recite a geo-location based community of interest (COI) system and method which add the capability to configure Network Connect Devices (NCD) to identify the location of the source and destination IP addresses. The NCDs would then drop any packets that are destined to an IP address outside of its predefined radius. For any sent/received packets, the geo-location position of the remote IP-address on the wide area network (WAN) may be determined. The distance between two points on the earth given their latitudes and longitudes of the devices may be determined. If the distance is greater than the predefined range, the data packets may be denied. If the distance falls within the pre-determined range, the data packets are allowed to reach their destination.

Abstract: Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a directive to implement an appropriate firewall policy for one or more network traffic items based on interaction with one or more action objects by the administrator, the firewall then automatically defines and establishes an appropriate firewall policy.

Abstract: Virtual private network (VPN)-related techniques are described. The techniques provide intuitive mechanisms by which a client device more efficiently establishes a VPN connection. In one example, a client device includes a memory, processor(s), and a VPN handler. The VPN handler is configured to monitor actions initiated by one or more applications executable by the programmable processor(s), and determine whether each of the initiated actions requires a VPN connection via which to transmit outbound data traffic corresponding to a respective application of the one or more applications. The VPN handler is further configured to, in response to a detection that at least one initiated action requires the VPN connection via which to transmit the outbound data traffic, automatically establish the VPN connection to couple the client device to an enterprise network, and transmit the outbound data traffic corresponding to the respective application, via the VPN connection.

Abstract: An intermediary network device receives a request for a secure communication session between an endpoint server and an endpoint client through the network device. The secure session between the endpoint server and the endpoint client is divided into a first session and a second session. The first session is between the endpoint server and the network device. The second session is between the network device and the endpoint client. The network device receives a first session ticket from the endpoint server. A session state of a proxy client in the first session, including the first session ticket, is determined. The network device also determines a session state of a proxy server in the second session. The combination of the session state of the proxy client, including the first session ticket, and the session state of the proxy server are encapsulated as part of a second session ticket.

Abstract: Methods and systems disclosed provide for creating private networks for secured communication between devices. The devices can communicate with each other over a secure tunnel created for a closed circle of devices. Furthermore, the methods and systems can enable offline communication between devices on a private network.

Abstract: Network request anonymizing nodes (“NRANs”) may be described herein. The NRANs may act as anonymizing proxies by generating additional anonymizing network requests to help anonymize a network request sent by a requesting computing node. By generating the additional anonymizing network request, the NRANs may cause a relatively large number of similar network requests to be transmitted in an approximately contemporaneous fashion with the transmission of the network request. The NRANs may receive indication of network requests via a secure anonymization proxy tunnel, which may be established through transmission of an anonymizing proxy request from the requesting computing node to the NRANs. The secure anonymization proxy tunnel may be established between a secure enclave of the requesting computing node and secure enclaves of the NRANs. Other embodiments may be described and/or claimed.

Abstract: An information handling device has a first connection unit, a Web application executing unit to generate a device operating command, a second connection unit, an application authentication processing unit to generate a platform authenticator, an application origin information attacher to attach origin information of the web application to the platform authenticator, and a third connection unit to establish a connection for transmitting the device operating command and the platform authenticator attached with the origin information to the second communication device in order to transmit the device operating command and the platform authenticator attached with the origin information.

Abstract: A system and a method is provided for establishing a session key in a context of communications between entities, the identifiers of which are generated cryptographically and for which one of the entities is highly resource-constrained. It includes assigning to assistant entities of the resource-constrained entity, the highest-consuming asymmetric cryptography operations.

Abstract: A mobile device for accessing content stored on a remote server over a mobile network is provided. The mobile device includes a processor configured to direct the mobile device to receive at least a portion of a list initiated by the remote server, the list identifying folders or files stored on the remote server, process a selection to identify one of the folders or files on the list having the content on the remote server, and send a request directing a management server to initiate a transaction including an identifier indicating the one of the folders or files having the content on the remote server that is to be sent as the attachment to the destination.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for storing and retrieving encrypted data. In one aspect, a method includes receiving, at a server computer separate from a user device, a first encrypted resource encrypted by use of a public encryption key, wherein the public encryption key is paired with a private encryption key according to an asymmetric encryption key scheme; retrieving, by the server computer, a second encrypted resource encrypted by use of the public key; augmenting, by the server computer, the first encrypted resource with the second encrypted resource to form an encrypted data tuple; encrypting, by the server computer, the encrypted data tuple; and storing, by the server computer, the encrypted data tuple as the second encrypted resource.

Abstract: The subject matter described in this specification includes a computer-readable medium storing instructions that cause one or more processors to perform various operations including receiving, from a first client device associated with a user account of a first user, a request for sharing a key. The key is associated with the user account of the first user, and permits access to a resource. The operations include generating, at a server, one or more representations of the key, transmitting the representations of the key to the first client device, and receiving, from a second client device associated with a user account of a second user, a request to access the key. The request to access the key is derived from one of the one or more representations of the key. The operations further include communicating, to the second client device, a message indicating whether access to the key has been granted.

Abstract: A method comprising the use of a bootstrapping protocol to define a security relationship between a first server and a second server, the first and second servers co-operating to provide a service to a user terminal. A bootstrapping protocol is used to generate a shared key for securing communication between the first server and the second server. The shared key is based on a context of the bootstrapping protocol, and the context is associated with a Subscriber Identity Module (SIM) associated with the user terminal and provides a base for the shared key. A method of the invention may, for example, be employed within a computing/service network such as a “cloud”, and in particular for communications between two servers in the cloud that are co-operating to provide a service to a user.

Abstract: A system providing a service to a service receiving apparatus includes a management information storage that stores management information including service identification information, user authentication information of a user, and device authentication information of the service receiving apparatus that are associated with each other; an authentication information receiving unit that receives, as authentication information, at least one of user authentication information and device authentication information from the service receiving apparatus; an authentication unit that performs authentication by referring to the management information storage based on the received authentication information; an obtaining unit that obtains process target data from an external service based on an entry request from the service receiving apparatus that has been successfully authenticated; and a conversion unit that converts the obtained process target data into output data with a data format that the service receiving appar

Abstract: The present invention relates to a security management system of a computer network, which includes a center server and two or more relay servers. The relay servers receives at least some of data stored in the center server and stores the received at least some of data. A first relay server stores access authentication information and transmits data requested by the client to the client, when access information received from a client does not match with the access authentication information. The center server transmits a ‘block relay’ command to the first relay server and a ‘start relay’ command to a second relay server, when the center server receives information on the malicious access. Accordingly, the second relay server performs a relay function instead of the first relay server.

Abstract: Approaches are described for automatically generating new security credentials, such as security tokens, which can involve automatically re-authenticating a user (or client device) using a previous security token issued to that user (or device). The re-authentication can happen without any knowledge and/or action on the part of the user. The re-authentication mechanism can invalidate and/or keep track of the previous security token, such that when a subsequent request is received that includes the previous security token, the new security token can be invalidated, and the user caused to re-authenticate, as receiving more than one request with the previous security token can be indicative that the user's token might have been stolen.

Abstract: Computer systems and methods in various embodiments are configured for improving the security and efficiency of server computers interacting through an intermediary computer with client computers that may be executing malicious and/or autonomous headless browsers or “bots”.

Abstract: In some examples, a vehicle head unit of a vehicle includes at least one processor; and at least one module operable to: responsive to authenticating a first user at a vehicle head unit of a vehicle, establish a session with a first user identifier, the first user identifier associated with the first user; responsive to authenticating a second user at the vehicle head unit, associate a second user identifier with the session, the second user identifier associated with the second user, wherein the first and second user identifiers are concurrently associated with the session; generate data while the first and second user identifiers are concurrently associated with the session; and store, based on the first user identifier and the second user identifier, the data to both a first user account associated with the first user identifier and a second user account associated with the second user identifier.

Abstract: A tool for credential validation using multiple computing devices. The tool select at least one challenge question. The tool selects two or more user owned devices, wherein selecting the two or more user owned devices includes querying a database for each user owned device associated with a user account. The tool presents the at least one challenge question to the two or more user owned devices. The tool determines whether the at least one response received from the two or more user owned devices is a correct response relative to the at least one challenge question.

Abstract: Methods and apparatus, including computer program products, related to relationship-based authorization. In general, data characterizing a request for authorization to a computer-based resource is received, and the authorization may be provided based on one or more relationships of a requesting principal. A determination may be made as to whether a requesting principal is authorized, which may include determining whether the requesting user has a relationship with a principal that has management rights of the computer-based resource and determining whether the relationship allows for an access, such as a use of the computer-based resource, if the requesting principal has a relationship with the other principal. If there is no such relationship, a determination may be made as to whether an organization of the requesting principal has a relationship with the other principal that allows for the access.

Abstract: Systems, methods, and computer program products are provided for managing applets. A first request to personalize the first applet is received over a communications network. A second request including a command requesting at least a portion of the second applet data is communicated to the second applet. At least a portion of the second applet data is communicated to the first applet. One or more values of the first applet data are replaced with one or more values of at least the portion of the second applet data.

Abstract: The technology described in this document can be embodied in a computer implemented method that includes receiving, at a processing device, information about one or more assets associated with a network of devices. The method also includes generating, for at least one of the assets, a security token that is based at least on a portion of the received information about the corresponding asset. The security token can be configured to identify a home network defined for the asset, and to restrict access to the corresponding asset upon detecting an occurrence of an unauthorized activity involving the asset. The method further includes storing, in a storage device, information about the security token and information linking the security token to the corresponding asset, and initiating integration of the security token with the corresponding asset.

Abstract: Systems and methods for strong user authentication for accessing protected networks. An example method may include: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from the nonce server; and transmitting, to a virtual private network (VPN) server, a VPN connection request using the cryptographic nonce.

Abstract: A computer system and associated methods for verifying user identities online. Identity claims made by a requestor of an online access and/or a trusted transaction may be verified by associating digital credentials to verified personal identification information (PII) retrieved from real world events. PII item(s) may be retrieved from third-party verified identity information sources. Verified personal attributes related to PII items may be identified and correlated with the requestor's digital credentials, and stored to a verified identity record. Additional digital credentials for the same requestor may be similarly identified, correlated, and stored to the verified identity record. A subsequent transaction request by a person claiming the requestor's identity may be compared with the verified identity record. An identity match indicator and/or a match confidence score may be created and used to determine the risk that the identity claim by the person requesting the transaction is false.

Abstract: A system and method for authenticating user requests issued from embedded applets running on web-accessible user devices. The server system generates authentication tokens associated with user credentials, in response to user requests for HTML pages that include the embedded applets. The server system stores the authentication tokens on the server system, and includes the authentication tokens in URLs within applet tags in the HTML pages returned to the user devices. When the applets download and request content from the server system, the applets supply the previously included authentication tokens in the URLs that identify the requested content. Upon finding a match between the applet-supplied authentication tokens and the stored authentication tokens, the server identifies the user as a trusted user, and responds with the requested content. This can be used to eliminate HTTP-based authentication challenges for subsequent user access.

Abstract: A computer implemented method for accessing one or more files including scanning a storage device using a processor for one or more signed files in response to the storage device coupling to a machine, authenticating one or more of the signed files, and configuring the processor to access accessible files from the storage device in response to authenticating one or more of the signed files.

Abstract: A method of controlling job authority of an image forming apparatus that supports a P2P connection includes: storing a profile of a wireless device that is P2P connected to the image forming apparatus in the image forming apparatus; receiving and storing job authority information corresponding to the profile; when the wireless device requests the image forming apparatus to execute an operation, setting a job authority of the wireless device by using the profile and the job authority information; and checking the job authority of the wireless device by the image forming apparatus, and executing the requested job when the wireless device has the authority to perform the requested job.

Abstract: A verification server is configured to communicate with a usage target system via a first communication channel and an information terminal device via a second communication channel. The verification server includes: a unit for registering personal information of a user for using a usage target system; a unit for receiving, via the second communication channel, system identification information of the usage target system and a restriction code from an information terminal device owned by a use; a unit for generating an internal system password for the usage target system; a unit for receiving, via the first communication channel, a plurality of characters from the usage target system, the plurality of characters being inputted by a user into the usage target system; and a unit for determining whether the plurality of characters are legitimate based on the internal system password and the system identification information.

Abstract: In various embodiments, a computer-implemented method for sharing tasks over one or more computer networks is disclosed. The method includes providing a task created on a first computer system located in a first network, the task comprising content information and metadata information. The task can be shared with a user of a second network that is different from the first network. The method can include transmitting the metadata information of the task to a second computer system in the second network over the one or more computer networks without transmitting the content information, the metadata information comprising at least a task identifier. The method can include receiving a request from the user to access the task. The method can include verifying that the user is a task participant. The content information of the task can be securely presented to the user over the one or more computer networks.

Abstract: Methods and systems for authenticating a security device for providing a secure access and transaction authorization to a remote network location are provided. The security device is authenticated by installing private security software on the security device. In order to authorize a transaction, a transaction authorization is performed using the security device by display a QR (Quick Response) code from an authorization server on a user terminal and scanning the QR code into the security device. After scanning the QR code, an OTA (One-Time-Authorization) code is sent from the security device to the authorization server for verifying the transaction. Embodiments of the present invention provide increased security and privacy. A corresponding system for authenticating a security device and preforming secure and private transactions is also provided.

Abstract: A method for granting trusted applications (SP1_WL) of a Service Provider (SP1, SP2)access to applications (appSP1.1, appSP1.2; appSP2.1) of that Service Provider (SP1, SP2) that have been stored in a secure element (SE) comprises: the Service Provider (SP1, SP2) transmits a request (REQ1) for granting access to its applications to a Trusted Service Manager (TSM); the Trusted Service Manager (TSM) generates an access right code (AC1) and transmits it to both the Service Provider (SP1, SP2) and a service manager (SM) in the secure element (SE); the Service Provider (SP1, SP2) generates the trusted application (SP1_WL), provides it with the access right code (AC1) and sends it to the secure element (SE); the trusted application (SP1_WL) connects to the service manager (SM) with the access right code (AC1) whereupon the service manager (SM) grants the wallet (SP1_WL) access to the applications (appSP1.1, appSP1.2; appSP2.1).

Abstract: An API counting process that sets a limit number for an API used by a client, and when an access token is issued in response to a request from an authority delegation destination and a request to verify the issued access token is received, manages an API usage limit number on a client-by-client basis in accordance with the usage limit number for each API set for the authority delegation destination, is executed. The API usage number is incremented (S5.2), compared with the usage limit number (S5.3), and the access token verification is considered to have failed in the case where the limit has been exceeded.

Abstract: A mobile terminal device includes a display control module 100 performing display control on display modules 11 and 21 and a setting module 100 setting an icon to be kept secret according to a setting operation. In this arrangement, the display control module 100 performs control such that the secret icon set by the setting module 100 is not included in an icon display screen.