Abstract: A network interface controller (NIC) executes a set of instructions with respect to received data communications packet and generates output data associated with the execution of the set of instructions. The NIC stores the output data in a location that is accessible to an operating system.

Abstract: In one aspect, the invention is a computer program product residing on a computer readable medium having a plurality of instructions stored thereon. The instructions when executed by the processor, cause that processor to schedule a network-based media event; and to invite an attendee to attend the network-based media event. Other aspects of the invention includes a process and a method.

Abstract: A method and apparatus for instant messaging based on a user interface is provided. The method comprises providing a window having a plurality of regions in the user interface, wherein the plurality of regions comprise at least one navigation region, and at least one message region to display one or more dialog windows; receiving a navigation input within navigation region; navigating among the one or more dialog windows based on the navigation input; and displaying the one or more dialog windows in the message region.

Abstract: A communication device receives an out-of-office message regarding a first contact. An application executing on the communication device displays a name of the first contact and an out-of-office indication regarding the first contact without displaying said out-of-office message.

Abstract: A system and method for delivering content in real-time using advanced messaging technology that reduces the risk of content being lost or dropped in transmission. The system and method utilize a custom, simplified XML format to deliver real-time textual, numeric, and metadata content directly to subscribers. The XML tag set specifies all of the information needed to package, process, and distribute real-time content messages and includes an advanced tagging structure that allows granular content customization. Messages are built on the fly using multi-channel data processing techniques. The XML delivery system and method offers an array of real-time market-specific page-based “Alert” services and aggregated newswires with accompanying real-time numeric data feeds. These feeds contain proprietary assessments and other price data across a broad spectrum of global and regional commodity markets, including oil, petrochemicals, metals, electric power, natural gas, coal, and risk.

Abstract: The present invention relates to the use of unstructured and untagged text message protocols to form a text message body that can be used to transmit and receive semi-structured, or structured text message bodies, which optionally may also use various, widely used Markup Languages. The semi-structure, or structure used within the text message body can be a format, such as, but not limited to, partitioning and/or comma delimited values, etc. The tagging for use with the text message body can be a protocol, such as, but not limited to, Extensible Markup Language (XML).

Abstract: A method for identifying a spam mail and a mail server using the method are provided. The method includes: when receiving a mail, retrieving a mail header of the mail; obtaining reference servers from a received line of the mail header; obtaining mail forwarding information of a mail forwarding host of each of the reference servers, and obtaining mail receiving information of a mail receiving host of each of the reference servers; comparing the mail forwarding information of an i-th reference server with the mail receiving information of an (i?1)-th reference server; and when the mail forwarding information of the i-th reference server is completely different from the mail receiving information of the (i?1)-th reference server, identifying the mail as the spam mail.

Abstract: According to one embodiment, a system includes an interface, a memory, and a processor. The interface receives, from a first device associated with a requesting user, a request. The requesting user is associated with an enterprise group. The enterprise group comprises a plurality of users. The memory is operable to store e-mail information for each of the plurality of users in the enterprise group. A processor is communicatively coupled to the interface and the memory and is operable to determine, based on the request and the e-mail information, one or more expert users in the enterprise group to provide a response to the request.

Abstract: Message management services can include processing an email to identify relevant content from among all content in the email and converting the identified relevant content into a simple, easy-to-read format. For example, message management services can apply multiple parsing strategies to an email. Each strategy can attempt to parse the email to identify relevant content and to output results that include any identified relevant content and an associated confidence score. The results having the highest confidence score can be selected. The identified relevant content included in the selected results can be converted into a flat string with stylings and links for displaying relevant content of the email in a simple, easy-to-read format.

Abstract: An email update system dynamically updates the content of an email when the originator of an email has sent the email, and the originator later determines that the email requires editing. The updating may take place transparent to the recipient and without the introduction of duplicative content into the recipient's email program. The email update system comprises a delta engine program and a delta temporary storage in a sender's computer, a queue manager program and an intermediate email queue in a server computer, and a recipient email retrieval program in a recipient's computer.

Abstract: A method, executed by one or more processors, includes receiving a message that is addressed to a user, determining, via one or more sensors, whether the user is occupied with an attention critical situation, and conducting a user-directed response process responsive to determining that the user is not occupied with an attention critical situation. In some embodiments, the user-directed response process includes conducting a text substitution process on the message, presenting an abbreviated version of the message and a list of response options to the user, determining a response option that is selected by the user, and sending a response to the message that corresponds to the response option that is selected by the user. In some embodiments, the list of response options includes a plurality of message-dependent formulated responses, a null response, and a spoken response. A corresponding apparatus and computer program product are also disclosed herein.

Abstract: Embodiments of systems and methods for geo-location of a computing resource are generally described herein. In some embodiments, a first computing device determines a geographical location of the first device. The first device accesses an identifier of a second computing device and associates the location with the second device. The first device transmits a notification of the location being associated with the second device to the second device. In response to receiving the notification, the second device periodically transmits a message to the first device. The second device may detect a disconnection of a wired connection coupling the second device with an external system. In response to the detection, the second device ceases the periodic transmission of the message. The first device dissociates the location from the second device based on an elapsed time period since reception of a most recent one of the messages exceeding a predetermined time period.

Abstract: The invention generally relates to a communication and notification system and method thereof, and more particularly to a method and system for providing, tracking, sending reminders, and receiving communications/notifications in response to end-users in a variety of commercial market segments, e.g., medical, governmental compliance and criminal.

Abstract: A distribution list identifies a plurality of recipient addresses for electronic messages. Normal updates to the distribution list can be performed via update commands from an authorized address that is stored in association with the distribution list as authorized to update the distribution list. When a removal command is received from a specific recipient address, which is not authorized to update the distribution list, the specific address can be removed from the distribution list. When an addition command is received from the specific address, a new address can be added to the distribution list. Before sending an outbound electronic message, the distribution list is resolved to the current set of recipient addresses.

Abstract: A method, apparatus, and system for automatically prompting a user to sign up for a microblog. The method includes acquiring follow requests that are sent by multiple microblog users to a to-be-invited use. The method also includes creating pre-follow relationships according to the follow requests, and saving the pre-follow relationships between the to-be-invited user and the microblog users that send the follow requests, to generate a pre-follow relationship table. The method also includes sending, in a case in which the number of all pre-follow relationships corresponding to the to-be-invited user is greater than or equal to a first threshold, a prompt message to the to-be-invited user, so as to prompt the to-be-invited user to sign up for the microblog.

Abstract: In one embodiment, a method includes identifying one or more first users of the social-networking system that are connected to a second user within the social-networking system; inferring one or more applications of interest to the second user based at least in part on information associated with one or more applications installed on one or more client systems of the first users; generating one or more recommendations corresponding to one or more of the applications of interest to the second user; ranking the recommendations based on social-graph information of the second user relative to the one or more first users; and sending one or more of the ranked recommendations to one or more client devices of the second user.

Abstract: In one aspect, a computer-implemented method for managing Domain Name System (DNS) information is provided. The method uses a computing device having a processor and a memory. The method includes receiving, in the memory, source DNS data from a plurality of DNS systems including at least first source data from a first source system and second source data from a second source system. The method also includes identifying, by the processor, an inconsistency between the first source data and the second source data. The inconsistency includes an inconsistency type. The method further includes determining a solution to the inconsistency by applying one or more rules from a plurality of inconsistency rules based at least in part on the inconsistency type associated with the inconsistency. The method also includes resolving the inconsistency using the determined solution including generating resultant DNS data.

Abstract: Facilitating content accessibility via different communication formats is disclosed. In some embodiments, in response to receiving a content request from an IPv6 enabled client, the requested content is provided to the IPv6 enabled client in IPv6 format, wherein the requested content is originally obtained in IPv4 format from an IPv4 enabled server and translated into IPv6 format.

Abstract: Included are embodiments for ReNAT communications address communications. Some embodiments include a network operations center (NOC) that includes a ReNAT twin NAT that translates between a customer-assigned private IP address and a unique private IP (UPIP) address. The NOC may additionally include a ReNAT VPN component coupled to the ReNAT twin NAT, where the ReNAT VPN provides a source IP address to the ReNat twin NAT. The NOC may include logic that when executed by a processor, causes the processor to facilitate communication between a user workstation on a private network and a remote computing device, wherein facilitating communication includes receiving the data from the user workstation via a traditional VPN portal, wherein address translation has been performed by a ReNAT twin NAT client on the user workstation.

Abstract: An in-band signaling method that enables secure updates of a care-of-IP address for a mobile host that roams between access networks. In the illustrative embodiment described herein, a mobile host includes an intelligent interface that handles IP networking functions and tunnels IP packets between the mobile host and the mobile host's home agent/remote access server (HA/RAS) transparently, as if the mobile host established a connection to a communicating or destination host (DST) from the home network (where the HA/RAS resides). In accordance with an aspect of the invention, there is provided an in-band signaling method that employs encrypted three-way handshake signaling messages that are embedded in encapsulated IP packets to enable care-of IP address updates. This method can effectively protect mobile hosts from denial-of-service attacks and is transparent to NAT/NAPT firewalls.

Abstract: A system for transmitting ArchestrA information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first ArchestrA Galaxy and/or from a first historian in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to a second ArchestrA Galaxy and/or to a second historian in the second security domain.

Abstract: Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g.

Abstract: An asset management system is presented. The management system includes monitoring devices able to provide asset data across firewalls without requiring reconfiguration of the firewalls. The asset data pass through a forwarding service that instantiates a virtual tunnel comprising a communication channel between the monitoring devices and remote asset management engines. The asset management engines can also be located behind firewalls. As the management engines aggregate asset data, the engines can present one or more alerts via a management interface.

Abstract: An aspect of the present disclosure provides deep packet inspection (DPI) of network packets for keywords of a vocabulary. In one embodiment, a mapping specifying association of respective keywords to corresponding unique pattern codes is maintained, with each pattern code being shorter in length compared to the corresponding keyword and being computed based on a formula. Upon receiving a network packet, a token (containing a sequence of characters) present in the network packet is first identified and the formula then applied to the identified token to generate a token code. The token is determined to match a specific keyword when the token code equals the pattern code corresponding to the specific keyword in the mapping.

Abstract: Network fabric devices capable of participating in an anonymity protocol can be configured to operate as virtual circuit end-points where the node routes packets between a virtual circuit associated with a hidden service address and a port-level channel. Through management of the virtual circuit end-points, the network fabric devices participate as a hop in a virtual circuit, host hidden services, or operate as an interface to hidden services while reducing latency and truly hiding hidden services.

Abstract: An apparatus with one or more masking rules stored in a memory receives unmasked data associated with a first session identifier via a network and converts the received unmasked data into masked data by applying the one or more masking rules to the unmasked data. The apparatus generates a first mapped identifier associated with the unmasked data and first session identifier. The apparatus also receives, via a network, a second mapped identifier associated with a second session identifier. Upon receiving the second mapped identifier and second session identifier, the apparatus determines whether the second session identifier corresponds to the first session identifier and finds the first mapped identifier corresponding to the received second mapped identifier. The apparatus retrieves and sends the unmasked data associated with the first mapped identifier.

Abstract: Methods may display a URI of a resource. Methods may determine the presence of a non-public data element in the URI. Methods may generate a random number in response to the determination of the presence of the non-public data element. Methods may compute a resultant number based on the exclusive or of the random number and the non-public data element. Methods may substitute the resultant number for the non-public data element in the URI. Methods may transmit the URI and the random number to a server. Methods may receive a resource from the server, in response to the transmission of the URI and the random number to the server. Methods may compute the non-public data element using the random number and the resultant number. Methods may substitute the non-public data element for the resultant number in the URI. Methods may re-determine the URI of the resource.

Abstract: A request addressed to a particular resource is received and a determination is made that the request should be redirected to a man-in-the-middle gateway within the network. A first encrypted connection is established between the client device and the man-in-the-middle gateway, and a second encrypted connection between the man-in-the-middle gateway and the server. The resource is modified into a modified resource by changing pointers within the particular resource to point to a location in a domain associated with the man-in-the-middle gateway within the network. The modified resource is served.

Abstract: A method, system, and computer program product for providing protected remote access from a remote access client to a remote access server over a computer network through a plurality of inspections. A remote access configuration file is created for the remote access client. A digital hash of the configuration file is then generated. The digital hash is compared with a configuration file stored at a predefined web location. If the comparison results in a match between the digital hash and the stored configuration file, a digital hash comparison is performed between an encrypted remote access configuration file and an encrypted configuration file stored at the predefined web location. If the plurality of inspections are passed, the remote access client is released from a quarantine state and a virtual private network (VPN) connection to the remote access server is established.

Abstract: Systems and methods for managing (for example, creating, transmitting, delivering, encrypting, storing, and the like) secure SMS (short message service) and secure MMS (multimedia messaging service) communications are disclosed.

Abstract: A device includes a security process unit (SPU) associated with a logical ring of SPUs. The SPU receives a packet with an address associated with a malicious source, and creates, based on the packet, an entry in a data structure associated with the SPU. The entry includes information associated with the packet. The SPU provides an install message to a next SPU in the logical ring. The install message instructs the next SPU to create the entry in another data structure, and forward the install message to another SPU. The SPU receives the install message from a last SPU, and sets a state of the entry to active in the data structure based on receiving the install message from the last SPU. The SPU performs a particular action on another packet, associated with the malicious source, based on the setting the state of the entry to active.

Abstract: A method and system for key management. The method includes receiving, by a control domain on a server, a request for a tenant key, and obtaining an authorization secret from a management service, where the management service is external to the server. The method further includes, in response to the request, decrypting, after obtaining the authorization secret, an encrypted platform master key to obtain a platform master key, decrypting an encrypted tenant key to obtain the tenant key using the platform master key, and providing the tenant key to an entity that issued the request.

Abstract: Systems and method for sending a first alphacode to a first participant over a secure channel. Sending a second alphacode to a second participant over a secure channel. Receiving a first encoded message, a second encoded message, and a plaintext message. The first encoded message is based on the first alphacode and the second encoded message is based on the second alphacode. Generating a first ciphertext based on the first alphacode and the plaintext message. Comparing the first ciphertext to the first encoded message and determining the authenticity of the first encoded message based at least on the comparing to the first ciphertext. Comparing the second ciphertext to the second encoded message and determining the authenticity of the second encoded message based at least on the comparing to the second ciphertext. Sending a first confirmation to the first participant and sending a second confirmation to the second participant.

Abstract: A server establishes a secure session with a client device where a private key used in the handshake when establishing the secure session is stored in a different server. During the handshake procedure, the server receives a premaster secret that has been encrypted using a public key bound with a domain for which the client device is attempting to establish a secure session. The server transmits the encrypted premaster secret to the different server for decryption along with other information necessary to compute a master secret and session keys for the secure session. The different server decrypts the encrypted premaster secret, generates the master secret, and generates session keys that are used in the secure session for encrypting and decrypting communication between the client device and the server and transmits those session keys to that server.

Abstract: Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. Signaling methods are used to notify virtual machine instances of serialization events in order to prevent keying material from being stored persistently.

Abstract: A method for secure data storage in a cloud storage infrastructure comprises providing a set of first upload files to be stored in the cloud storage infrastructure, providing a set of first random noise files, splitting each file of the two sets into a group of fragments, recombining the fragments by randomly intermixing fragments from different groups thus generating a set of second upload files, encrypting each second upload file with a first encryption key and storing each first encryption key in a secure storage location, storing reconstruction information about the set of first upload files, the splitting, the recombining and the first encryption keys in the secure storage location, uploading each second upload file to a respective temporary cloud storage location, repeatedly moving each uploaded second upload file to a new temporary cloud storage location in predetermined intervals of time.

Abstract: Techniques are disclosed for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and prompt the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.

Abstract: A communication method and system for implementing third-party authentication is disclosed. The method includes the steps of receiving a service request from a requesting party; performing a third-party authentication on the service request according to a gray list and obtaining an authentication result; and processing the service request according to the authentication result. The system includes one or more processing elements, for example, user equipment (UE), Proxy Call Session Control Function (PCSCF), Service Call Session Control Function (SCSCF) and Application Server (AS) which cooperate to perform the disclosed method. The present invention implements a third-party control of services based on the gray list, and can effectively manage a variety of services in the communication system.

Abstract: A technique is directed to operating an authentication system. The technique involves receiving an enrollment request to enroll a user in a new authentication procedure in place of an earlier-established authentication procedure. The earlier-established authentication procedure is operative to authenticate the user at a first security level within a range of security levels. The new authentication procedure is operative to authenticate the user at a second security level within the range of security levels, the first security level being at least as high as the second security level within the range of security levels. The technique further involves, in response to the enrollment request, initiating the earlier-established authentication procedure to authenticate the user. The technique further involves, in response to completion of the earlier-established authentication procedure, performing an authentication enrollment operation associated with the new authentication procedure.

Abstract: A method of credential provisioning on a target service utilizes three credential sets: authentication credentials, privileged credentials and provisioned credentials. An intermediate element receives a request from a user client to establish a session with a target service. The request includes authentication credentials. The intermediate element creates provisioned credentials using privileged credentials which are authorized for creating provisioned credentials for accessing the target service. Once provisioned credentials have been created, a dual session communication channel is established between the user client and the target service. The session between the user client and intermediate element is established using the authentication credentials and the session between the intermediate element and the target service is established using the provisioned credentials. Optionally, user authorization to establish a session with the target service is determined prior to creating the provisioned credentials.

Abstract: Embodiments of the present invention disclose a method, a device, and a system for registering a terminal application. In the embodiments of the present invention, a download address information recommending request that is sent by a first terminal and carries a terminal identifier of a second terminal is received; and recommended download address information is returned to the first terminal, where the recommended download address information includes a terminal application download address and authentication information used for performing registration, so that the first terminal sends, to the second terminal, a recommending message carrying the recommended download address information, so as to make the second terminal register according to the terminal application download address and the authentication information used for performing registration. In this solution, less time is consumed and a registration success rate is high, which helps to improve an application activating rate for a user.

Abstract: A system of the present invention uses an identity provider to provide the authentication services for multiple service providers. An identity provider communicates with one or more service providers. A user that wishes to gain access to a service provider is authenticated through the use of the identity provider. A user desiring to access a service provider is first authenticated by the identity provider. The identity provider determines if the user meets the desired class level and provides various information related to the authentication. When the user attempts to access a second service provider that is associated with the same identity provider, the second service provider accesses the identity provider and determines that the user was recently authenticated. The identity provider then transmits the relevant information regarding the authentication process to the second service provider, which can then allow or deny the user access to the second service provider.

Abstract: A user device is provided that includes an authentication application that runs on the user device. A calibration device is also provided that includes authentication algorithm configuration information and an authentication token. The user device is connected to the calibration device to receive the authentication algorithm configuration information and the authentication token. The user device then supplies to a target device to be authenticated an authentication request that includes the authentication token. The user device receives an authentication response from the target device. The user device then analyzes the authentication response with the authentication application based on the authentication algorithm configuration information to determine whether the target device is authenticated.

Abstract: Disclosed is an information display method, a terminal, a security server and a system, which belong to the field of computers. The method comprises: parsing received information which includes corresponding two-dimensional (2D) code carrying content data, the content data containing anti-fake information; acquiring the content data carried in the 2D code, and detecting whether the information is transmitted by a security server according to the anti-fake information contained in the content data; and acquiring content to be displayed corresponding to the information from the security server and displaying the content to be displayed if the information is detected as being transmitted by the security server.

Abstract: A new approach is proposed that contemplates systems and methods to support bulk authentication of an appliance associated with a user to all cloud-based services the appliance intends to access in one transaction instead of authenticating the appliance against each of the services individually. First, the appliance generates and transmits to an authentication service cluster an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster authenticates the appliance for all of the services to be accessed based on the information in the authentication request. Once the appliance is authenticated, the authentication service cluster then retrieves entitlement information of the services to be accessed by the appliance, and identifies the service clusters/nodes that the appliance will connect to for the services with the fastest response time.

Abstract: A method of renewing a plurality of digital certificates includes receiving, at a first time, a request from a user to renew a first digital certificate and determining an expiration date for the first digital certificate. The method also includes receiving, at a second time, a request from the user to renew a second digital certificate and determining an expiration date for the second digital certificate. The expiration date for the second certificate is later than the expiration date for the first certificate. The method further includes determining a new expiration date occurring after the first time and the second time and renewing the first digital certificate. An expiration date for the renewed first digital certificate is equal to the new expiration date. Moreover, the method includes renewing the second digital certificate. An expiration date for the renewed second digital certificate is equal to the new expiration date.

Abstract: A client device for decrypting and decoding media assets through a secure data path. The client device includes a host core and global memory in a common execution environment and a secure core and restricted memory in a secure execution environment. The secure core generates a license challenge only in the context of the secure execution environment and processes a license challenge response that includes a media content decryption key only in the context of the secure execution environment. The secure core decrypts a protected media asset using the media content decryption key only in the context of the secure execution environment such that the decryption key and decrypted media asset will not be in global memory thereby protecting the media asset from unauthorized access.

Abstract: To provide enhanced operation of virtualized computing systems, various systems, apparatuses, methods, and software are provided herein. In a first example, a method of operating a computing system to control access to data resources by virtual machines is provided. The method includes receiving an access token and an instantiation command from an end user system. Responsive to the instantiation command, the method includes instantiating a virtual machine identified by the instantiation command using the access token as user data for the virtual machine during instantiation. The method also includes, in the virtual machine, executing a security module responsive to instantiation that transfers the access token for delivery to an authorization system, receiving credentials responsive to the access token, and accessing a data resource using the credentials.

Abstract: Wireless pairing is automatically performed based on purchase. By providing a unique identifier of a cellular customer, a wireless device may be automatically paired to a residential wireless network. A central database, for example, may store networking credentials associated with residential wireless networks. When the cellular customer purchases the wireless device, a server may query the central database for a cellular telephone number associated with the cellular customer. The server may thus retrieve the networking credentials that are associated with the cellular telephone number.

Abstract: A convenient login method, apparatus and system for automatically detecting and filling in a login field within a web environment or an application are disclosed herein. The convenient login system includes a client, a server, and a terminal. The client detects an ID/PW input field within a login page when a user accesses the login page, outputs a convenient login button, outputs an input box when the user clicks on the convenient login button, and automatically enters an ID/PW in the ID/PW input field. The server receives any one of the telephone number and ID information of the terminal from the client, sends a message to the terminal, receives the ID/PW from the terminal when the mobile program is run, and sends the ID/PW to the client. The terminal runs the mobile program, recombines a segmented and stored ID/PW, and sends the recombined ID/PW to the client via the server.