Abstract: A system and method for increasing email productivity based on an analysis of the content of received email messages. The system includes a content analysis engine that analyzes the content of a received email message using natural language processing techniques. A prioritization module produces a priority score and a priority level for the message using a prioritization knowledge base. A message sorting module produces a set of suggested folders for the message using a sorting knowledge base. A junkmail module produces a junkman score for the message using a junkmail knowledge base. The prioritization knowledge base, the sorting knowledge base, and the junkmail knowledge base are updated with feedback from the user for each received email message, which allows the system to learn in real-time the user's preferences.

Abstract: A method of providing a user interface with recipient status information, in one aspect, may comprise detecting a message (e.g., online message such as instant messaging, chat, etc.) being initiated by a first user to a second user; gathering information associated with the second user; analyzing the gathered information; predicting a state of the second user based on the analyzing; and determining a notification action based on the predicted state of the second user, the notification action notifying the first user of the second user's state; and presenting a notification comprising one or more of graphical, textual, auditory, or tactile indications or combinations thereof to the first user.

Abstract: A method of providing a user interface with recipient status information, in one aspect, may comprise detecting a message (e.g., online message such as instant messaging, chat, etc.) being initiated by a first user to a second user; gathering information associated with the second user; analyzing the gathered information; predicting a state of the second user based on the analyzing; and determining a notification action based on the predicted state of the second user, the notification action notifying the first user of the second user's state; and presenting a notification comprising one or more of graphical, textual, auditory, or tactile indications or combinations thereof to the first user.

Abstract: Embodiments of the present disclosure disclose methods, apparatuses, and systems for exchanging electronic business card. One of the methods includes: receiving a first request message sent by a first terminal, wherein the first request message includes first condition information, a first electronic business card, and first location information of the first terminal; selecting a second request message from at least one request message received during a preset period of time, according to the first location information, the first condition information, and the time when the first request message was received; sending an electronic business card corresponding to the second request message to the first terminal; and sending the first electronic business card to a second terminal, wherein the second request message was sent by the second terminal. The methods, the apparatuses, and the systems can be directed to simplify the process of exchanging electronic business cards.

Abstract: Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed.

Abstract: The present invention relates to an electronic device for communication within a network, comprising a first interface (6) enabling communication with at least one further electronic device (1a, 1b, 1c, 1d, 1e) within a network (8) according to a first communication standard, a storage (5) for storing a first address of the at least one further electronic device (1a, 1b, 1c, 1d, 1e), said first address relating to the first communication standard, and a controller (4) for requesting a second address from said at least one further electronic device (1a, 1b, 1c, 1d, 1e), said second address relating to a second communication standard within said network (8), wherein the second address is stored together with the first address in the storage (5). The present invention further relates to a method for operating an electronic device.

Abstract: A processor-based system and method comprising a private tunnel connector operable to receive a network connection request, test the connection request for private network information, generate network connection information in response to the test, and respond to the network connection request with the network connection information. The testing may include accessing a DNS server for private network information, and receiving private domain information from a private domain server. The private tunnel connector is further operable to connect to a private domain server that is coupled to the private network connector through the Internet. The private domain server may include private cloud information such that users may create and access one or more private clouds using tunneling technologies. Domain servers and host machines may employ various encryption schemes to facilitate adding public Internet resources to the private cloud.

Abstract: Techniques are disclosed for dynamically determining or learning hostnames. According to embodiments described herein, a solicitation message is received at a first network device. Based on the solicitation message, a hostname is determined for a second network device that sent the solicitation message. A first network address is also determined for the second network device that sent the solicitation message. A mapping between the hostname and the first network address is stored at the first network device.

Abstract: Examples disclosed herein relate to naming of cloud components. The examples enable generating, for a first node of a cloud infrastructure comprising a plurality of nodes, a first node name associated with a first fixed Internet Protocol (IP) address that is assigned to the first node, the first node name identifying the cloud infrastructure and a first control plane to which the first node belongs; generating, for a second node of the cloud infrastructure, a second node name associated with a second fixed IP address that is assigned to the second node, the second node name identifying the cloud infrastructure and a second control plane to which the second node belongs; and causing information related to the cloud infrastructure to be published to the plurality of nodes of the cloud infrastructure, the information related to the cloud infrastructure comprising the first node name and the second node name.

Abstract: Methods and systems for redirecting client requests are provided. According to one embodiment, a system includes a processor and a memory coupled to the processor and configured to provide the processor with instructions. A request is received from a client capable of communicating via multiple supported communication formats. The request is capable of being serviced by multiple servers each of which are configured to communicate via a different communication format. A server is selected from the multiple servers based on a traffic management policy. The traffic management policy is based on (i) different communication formats available via the multiple servers and (ii) performance expected to be provided to the client as a result of using each of the different communication formats. The client is then redirected to the selected server.

Abstract: A client device (6) may be connected to a network (2) through a private network and one of several connection servers (10, 11, 12, 13) associated with a router (1). In such a configuration a server (5) external to the private network cannot provide a complete routing address for data to be transmitted to the device (6), as it does not have visibility of the control processors (10, 11, 12, 13). To allow such connection to be made, when a connection request for a target client device (6) is transmitted from an external server (5) to the router (1), the router retrieves connection history of the target device (6) from each of the connection servers, and the router 1 then attempts communication with the client device 6 through the connection server (10) reporting the most recent connection.

Abstract: The disclosed computer-implemented method for selecting identifiers for wireless access points may include (1) receiving a request to establish an identifier for a configurable wireless access point, (2) identifying an existing access-point identifier that is used to identify at least one additional wireless access point, (3) determining a physical location of the configurable wireless access point, (4) verifying that the existing access-point identifier is not being used within a predetermined proximity of the physical location of the configurable wireless access point, and (5) assigning the existing access-point identifier to the configurable wireless access point. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An apparatus identifies a request from a user device to access data on a storage server. The apparatus determines a sensitivity level of response data for a response to the request, security context of the response, and a routing action to perform for the response by applying a policy to the sensitivity level of the response data and the security context of the response. The apparatus executes the routing action for the response.

Abstract: Method and apparatus for cross-site scripting defense using document object model template are disclosed. In the method and apparatus, a document object model template is generated based at least in part on representative information for web content. The document object model template is provided for use in determining whether received web content is permissible.

Abstract: A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group.

Abstract: Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs; (iii) establishes a WLAN connection with a WiFi-enabled device based on an AP profile containing (a) authentication information regarding users approved to access the wireless network and (b) information identifying the SSID; (iv) receives WLAN traffic from the WiFi-enabled device through the WLAN connection; and (v) transmits the WLAN traffic to a server of the enterprise via the secure tunnel and the AC.

Abstract: A method comprising using at least one hardware processor for: receiving input from a user with respect to masking of a data element in one or more documents of a java script object notation (JSON) type, wherein the input comprises: an identifier of the data element, and one or more constraints for masking the data element based on the hierarchy of the one or more documents of the JSON-type; and generating a masking rule for the one or more documents of the JSON-type based on the input.

Abstract: A request is received by a provider network from a requestor for data associated with a customer of the provider network. The data is not stored at the provider network, and the request includes a first encryption key. The provider network verifies that the requestor is authorized to request data from the customer of the multi provider network. The provider network sends information pertaining to the requested data to the customer. The provider network also sends the identity of the requestor and the first encryption key. The provider network sends, to the requestor, data that is encrypted, and a decryption key for decrypting the encrypted data.

Abstract: Disclosed is a method for encrypting a digital file, comprising the following steps: generating, when a user requests to download a specified digital file, a key, according to inherent information of the user, inherent information of a client terminal used by the user, and inherent information of the specified digital file; encrypting the specified digital file according to the key that has been generated; and performing decryption according to the key and a corresponding decryption procedure, after an encrypted digital file is downloaded at the client terminal used by the user. The technical solution allows dynamic generation of one key each time the digital file is downloaded, thereby truly realizing “one user, one machine, and one copy of the digital file.

Abstract: A streams manager determines which portions of a streaming application process sensitive data, and when performance of the streaming application needs to be increased, selects based on the sensitive data which portion(s) of the streaming application can be moved to a public cloud. The streams manager then interacts with the public cloud manager to move the selected portion(s) of the streaming application to the public cloud. This may include cloning of processing elements or operators to a public cloud, then splitting tuple attributes so tuple attributes that do not include sensitive data can be processed in the public cloud while tuple attributes that include sensitive data are processed in a secure system. The tuple attributes are then recombined into full tuples in the secure system. The streams manager thus protects the integrity of sensitive data while still taking advantage of the additional resources available in a public cloud.

Abstract: A client receives sensitive data to be tokenized. The client queries a token table with a portion of the sensitive data to determine if the token table includes a token mapped to the value of the portion of the sensitive data. If the mapping table does not include a token mapped to the value of the portion of the sensitive data, a candidate token is generated. The client queries a central token management system to determine if the candidate token collides with a token generated by or stored at another client. In some embodiments, the candidate token includes a value from a unique set of values assigned by the central token management system to the client, guaranteeing that the candidate token does not cause a collision. The client then tokenizes the sensitive data with the candidate token and stores the candidate token in the token table.

Abstract: In a method for secure cloud computing, a virtual machine (VM) associated with a client is executed at a computer within a trusted computing cloud. An image including state information of the VM is obtained; storage of the image is arranged; a freshness hash of the image is determined; and the freshness hash is sent to the client. Subsequently, at the same computer or at a different computer within the trusted computing cloud, the stored image may be retrieved; a freshness hash of the retrieved image may be determined; the freshness hash of the retrieved image may be sent to the client; and an indication may be received from the client verifying the integrity of the freshness hash of the stored image.

Abstract: Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name, the response including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting the secure request based at least in part on determining that the secure request is directed to the domain name.

Abstract: A sending device receives a user input indicating that the user wishes to share and open item of content with a receiving device. A near field communication link is opened between the sending device and the receiving device. Metadata for sharing the open data is gathered on the sending device and a permission setting user interface display is displayed, with the user input mechanism that allows a user to set permissions corresponding to the open item. User actuation of the permission setting user input mechanism is received, the permissions are added to the open item, and the metadata is sent to the receiving device over the near field communication link. The metadata includes a location of the open item. The open item can then be accessed by the receiving device, with the permissions applied to the open item.

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing. The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version. The encapsulated communication can be used with various protocols, including a PC5 protocol (such as the PC5 Signaling Protocol) and wireless access in vehicular environments (WAVE) protocols.

Abstract: Device to device (D2D) communication can be performed with packet data convergence protocol (PDCP) based encapsulation without internet protocol (IP) addressing using a PC5 protocol (such as PC5 Signaling Protocol). The non-IP D2D PDCP-encapsulated communication can further include two forms of secure data transfer. A first non-IP D2D PDCP-encapsulated communication can be a negotiated non-IP D2D PDCP-encapsulated communication. A second non-IP D2D PDCP-encapsulated communication can be a non-negotiated non-IP D2D communication. The non-negotiated non-IP D2D PDCP-encapsulated communication can include a common key management server (KMS) version and a distributed KMS version.

Abstract: A virtual file system is described that is implemented in a virtualization platform as a stackable file system layer that intercepts file operations between a hypervisor and a physical file system. The virtual file system encrypts (at least in part) VM files to be stored, organizes the encrypted VM files into VM sets, and then maps and stores the encrypted VM sets into storage pools. Storage and access to files within the VM sets is controlled through the use of administrator-determined policies governing storage, security, access control, authentication, and auditing. The system and method described herein allow a seamless integration between a data center (e.g., a private cloud) and computing resources served across the internet and supported by cloud service providers (e.g., public clouds) while ensuring that the security needs of customers and cloud service providers are met.

Abstract: To enable formation of secure associations between IP-enabled devices when they have not previously connected, a method is proposed where a declaration of ownership of a target device is made by the subscriber of a originating device and that subscriber giving that declaration is authenticated by means of a SIM card, say. The originating device establishes secure connection to a first server. The target device establishes a secure connection to a second server. Provided the first and second servers can establish a conventional IP-type SA (e.g. using IPSec or TLS), there is a chain of secure associations between the two devices. This chain is then used to build a new secure association between originating device and target Device. The first and second servers thus act as proxies for two devices respectively and negotiate the secure association on their behalf. They then transfer the new secure association information securely to the devices using the existing chain of secure associations.

Abstract: In general, in one aspect, the invention relates to a method for reviewing a posting to a secure social network (SSN). The method includes receiving a first media item from a SSN member, evaluating the first media item to identify a first media attribute, and receiving a request to access the first media item from an inmate of a controlled facility. The method further includes retrieving a set of restricted attributes corresponding to the inmate, and determining whether the inmate is allowed to access the media item based on comparing the first media attribute to the set of restricted attributes. When the inmate is allowed to access the media item, granting the inmate access to the media item based on the first determination. When the inmate is not allowed to access the media item, denying the inmate access to the media item based on the first determination.

Abstract: A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information.

Abstract: The methods, apparatuses and systems described herein provide a system for authenticating users, authorization or information during secure transactions. The system may include a transaction device requiring user authentication, a personal communication device, and a wearable authentication device that communicates with both of the other devices. In one aspect, the wearable authentication device may be configured to communicate with the transaction device requiring authentication and the personal communication device through one or more wireless communication technologies, wherein the wearable authentication device may be configured to act as an intermediary between the transaction device and the personal communication device to facilitate the exchange of at least one authentication information or transaction completion information between the personal communication device and the transaction device.

Abstract: A system and method for exchanging identity information and for correlating protected data across independent data systems connected through a network is disclosed. The system contains connectors in communication with protected data systems which house the protected data. Data is correlated between the protected data systems through coincident authentication of both systems by a user. Messages are exchanged which allow the identity exchange system to correlate data based on a session identifier from an authenticated session on one of the protected data systems.

Abstract: A system and method including: receiving, from a client device, an authorization request originating from an authorization module of an application executing on the client device, where the authorization request includes an identifier identifying the client device; causing transmission, based on the identifier, of a verification message to the client device, where the verification message includes a verification code; receiving a confirmation of the verification code from the authorization module of the application executing on the client device; authenticating the application based on the receiving the confirmation of the verification code; determining that the client device identified by the identifier corresponds to a user account including secure user data associated with a user; and transmitting a unique token verifying that the application is authorized to sign into the user account, where: the unique token uniquely identifies the user account to the application, and the secure user data is not shared w

Abstract: An entity may store various levels of sensitive and personal data in a secure computing environment. The entity may create permission rules which allow the data to be shared or not shared depending on the circumstances and situation. As an entity such as a human moves through life, the entity may be in touch with numerous electronic devices that act like sensors. The entity may share a token which may allow a sensor or operator of the sensor to access various levels of the sensitive data stored in the secure computing environment.

Abstract: A method of managing files in a Web-based Distributed Authoring and Versioning (WebDAV)-embedded image forming apparatus and an image forming apparatus that performs the method. The method includes receiving a connection request from the WebDAV client to manage at least one of a file and a directory stored in a storage unit of the image forming apparatus; receiving login information from the WebDAV client, authenticating the received login information of the WebDAV client, receiving a WebDAV command to control the at least one of the file and the directory from the authenticated WebDAV client, and executing a process with respect to the at least one of the file and the directory with reference to the received WebDAV command.

Abstract: A system and method for providing, as a service over a computer network (especially a packet-switched computer network) to a body of merchants connected to the computer network, verification of consumer identification based on data provided over the computer network by scanning devices attached to the computers operated by consumers.

Abstract: Some embodiments set forth systems and methods enabling a first network to use the resources of various second networks in order to localize delivery of the first network content from the various second networks in a secure manner. Some embodiments provide a token-based authentication scheme to ensure that any configured content access restrictions are effectuated at the first network and any of the second networks providing localized content delivery for the first network. The scheme involves a two phase user authentication, wherein the user is separately authenticated at the first network and the redirected to second network using either the same or different set of access restrictions. The first network exchanges a first encryption key with content providers for encrypting/decrypting the first access restriction and a second encryption key with a second network for encrypting/decrypting the second access restriction.

Abstract: A method and an apparatus for processing an authentication request message in a social network are provided. To improve the inefficiency of existing technology in processing user authentication and request to establish social relationship as well as inadequacy of parameters available for said authentication, the disclosed method includes a social network server detecting an authentication request message sent by a first client to a second client requesting to establish a social relationship with the second client. The social network server obtains information social attributes that are common to the first client and the second client, forwards the authentication request message, and sends the obtained information of common social attributes to the second client. The social attribute information is used by the second client to decide whether or not to authenticate the authentication request message.

Abstract: A method can include receiving a request from a requestor to a given resource, which requestor is registered to access a set of one or more resources. The request includes a ticket that includes signature data generated by an authenticating entity in response to authenticating the requestor. The signature data may be decrypted to provide a decrypted signature. The ticket may be validated in response to the request based on evaluating the decrypted signature. A response can be provided to the requestor based on the validation, and the response can grant the requestor access to the given resource if the validation determines the ticket to be authentic and authorized for the given resource or the response can deny the requestor access to the given resource if the validation determines to reject the ticket.

Abstract: A rich client performs single sign-on (SSO) to access a web- or cloud-based application. According to the described SSO approach, the rich client delegates to its native application server the task of obtaining a credential, such as a SAML assertion. The native server, acting on behalf of the user, obtains an assertion from a federated identity provider (IdP) that is then returned to the rich client. The rich client provides the assertion to a cloud-based proxy, which presents the assertion to an identity manager to attempt to prove that the user is entitled to access the web- or cloud-based application using the rich client. If the assertion can be verified, it is exchanged with a signed token, such as a token designed to protect against cross-site request forgery (CSRF). The rich client then accesses the web- or cloud-based application making a REST call that includes the signed token. The application, which recognizes the request as trustworthy, responds to the call with the requested data.

Abstract: Systems and methods for selective proxification of applications are disclosed. One or more computer readable storage media may be encoded with instructions executable by one or more processing units of a computing system. The instructions encoded on the computer readable storage media may comprise authenticating a single sign-on access at a proxy server, receiving a request at the proxy server to access an application on an application server requiring authentication, accessing the application on the application server, authenticating a user to the application without additional authentication input from the user, and selectively providing a proxified session between the user and the application.

Abstract: A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access.

Abstract: The disclosed computer-implemented method for logging out of cloud-based applications managed by single sign-on services may include (1) identifying an attempt by a single sign-on service to log a user out of a set of cloud-based applications, (2) in response to identifying the attempt to log the user out of the set of applications, tracking a logout status of each application within the set of cloud-based applications by, for each application (a) identifying a logout request sent by the single sign-on service to the application and (b) determining whether the application has sent a logout response to the single sign-on service that verifies that the user has been successfully logged out of the application, and (3) determining that the user is still logged into at least one application managed by the single sign-on service by determining that the application did not send a logout response to the single sign-on service.

Abstract: A method for managing the installation of an application on an electronic device is disclosed. In one aspect, the method includes seeking the authenticity of a second signature using the public authentication key of a certificate, the certificate being authenticated if at least one of the second sub-signatures is considered authentic during implementation of the search.

Abstract: The management of credentials subject to a lockout policy can include dynamically determining appropriate lockout thresholds and other such values appropriate for a current situation. For example, the number of incorrect password attempts allowed before an account lockout can be based at least in part upon the amount of time that has passed since a most recent password change. There might be an unlimited number of attempts allowed for a short period after a password change, followed by a decreasing number of permissible attempts over a subsequent period of time. In some embodiments the number of correct attempts received after a password change can affect the number of incorrect attempts allowed. Further, if an incorrect attempt matches a previously correct password then that attempt might not count toward the number of incorrect attempts compared against the threshold, at least for a determined period of time after a password change.

Abstract: A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described.

Abstract: A method for protecting stored account data from unauthorized access includes receiving data elements corresponding to an account of a user, identifying a plurality of signals in the data elements, and determining a signal value for each of the signals. The signals correspond to various characteristics of the account. The method also includes assigning a plurality of weights (according to various criteria) to at least a subset of the signal values to yield a set of weighted signal values, and using the set of weighted signal values to assign an account value to the account. The method further includes using the account value to select a security-related action or a storage-related action that corresponds to the account value, and instructing data storage facilities from which the data elements were received to automatically implement the selected security related action or the selected storage-related action.

Abstract: A method for determining if a user of a computer system is a human. A processor receives an indication that a computer security program is needed and acquires at least one image depicting a first string of characters including at least a first and second set of one or more characters. A processor assigns a substitute character to be used as input for each of the second set of one or more characters. A processor presents the at least one image and an indication of the substitute character and when to use the substitute character to the user. A processor receives a second string of characters from the user. A processor determines whether the second string of characters substantially matches the first string of characters based on the substitute character assigned to each of the second set of one or more characters and determines whether the user is a human.

Abstract: A technique to reassign one or more stored elements of web application client state information is provided in an HTTP-based client upon receipt of an HTTP redirect in response to a request-URI. One or more stored elements associated to the request-URI are saved in or in association with the client. Upon receipt of an HTTP 301 (permanent) redirect, the client automatically reassigns (re-associates) the one or more stored elements to the redirect domain when the redirect can be verified as authentic (e.g., to originate from the application to which the client is attempting to connect).

Abstract: A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device.