Abstract: A telecommunication and multimedia management apparatus and method that supports voice and other media communications and that enables users to: (i) participate in multiple conversation modes, including live phone calls, conference calls, instant voice messaging or tactical communications; (ii) review the messages of conversations in either a live mode or a time-shifted mode and to seamlessly transition back and forth between the two modes; (iii) participate in multiple conversations either concurrently or simultaneously; (iv) archive the messages of conversations for later review or processing; and (v) persistently store media either created or received on the communication devices of users. The latter feature enables users to generate or review media when either disconnected from the network or network conditions are poor and to optimize the delivery of media over the network based on network conditions and the intention of the users participating in conversations.

Abstract: Embodiments provide an apparatus and method for mediating uploadable content.

Abstract: A system and method are presented for detecting messages relevant to users in a collaborative environment. In a unified collaboration system, large volumes of messages between a plurality of users in a group may be monitored for relevance to a particular user. Analytics may be applied to the content of the messages to determine which of the plurality of users are relevant and should be alerted. Alerts may notify relevant users that there are messages which may require attention. Non-relevant information in messages may also be hidden or filtered for a user. In an embodiment, users and subject matters may be linked together. For example, words in a message may be related to specific sub-topics of a group and may be associated with a user over time based on when the word is used and which users respond.

Abstract: A system and method for delaying messages posted to Social Media Websites based on a set or predetermined time period by the Social Media User whereby the Social Media User creates a message, determines when the message should be posted and whether that time should be randomized to within a preset time window, sends the message to a central server for storage, and has the central server post the message to the Social Media Website at the predetermined time.

Abstract: Examples described include software hosting systems able to provide software as a service to client systems through a firewall and/or to client systems which do not have web service capability. Examples include mailbox migration systems for migrating mailboxes from a source messaging system (e.g. a Lotus Notes system) to a destination messaging system. Software hosting systems described herein may maintain an action buffer including a next action to be performed by the source messaging system, and wait for data (e.g. messaging system content) to be returned and stored in a data buffer. Communication between the software hosting system and the source messaging system may occur over a communication channel which may be operated through a firewall using HTTP.

Abstract: This is a novel system and method(s) that provides a means for a social networking site by utilizing a photograph and posting the photograph on a storefront window or any window that can be posted on. The photograph may depict a user. The photograph may have a link displayed on it or near it. When the link is scanned with a personal mobile device, the link will connect our website to the personal mobile device. Now, content from our website will be displayed on the personal mobile device's screen. The content may be a digital image of the photograph that is posted on the storefront window. We also utilize exposure. We believe that when a human gains exposure then their exposure may help them achieve fame.

Abstract: A method for collecting and analyzing data related to Social Media Websites and making the results of the collected and analyzed data available to Social Media Candidate through the constant crawling of Social Media Websites, aggregating new updates, and providing the new updates to Social Media Candidates in a single deliverable form customizable by the Social Media Candidate for a given followee.

Abstract: Systems and methods for selectively providing messages to users equipment (UEs) are disclosed. Different types of messages can be associated with different statuses for each UE based on user preferences, network settings, or plan parameters. UEs can be available to receive some types of messages, but not other types of messages, depending on the UE's current connection type, location, or plan parameters. Messages sent to multiple UEs associated with the same service account can be sent based on the availability of each UE to receive the message. Messages are not sent to UEs that are not available to receive that type of message. UEs connected to a common network can enable messaging services to other UEs associated with a common service account or network identity. Messaging services can be available despite each UEs availability to other types of messages.

Abstract: A network overlay system can include a data transport module having a network interface and a translation module configured to generate offload processing addresses for the network packet data; a system bus; at least one host processor connected to the system bus; and at least one offload processor module coupled to the system bus and configured to receive network packet data associated. Offload processor modules include processing circuits associated with at least one of the offload processing addresses that are configured to encapsulate the network packet data for transport on a logical network or decapsulate the network packet data received from the logical network. The offload processing circuits encapsulate or decapsulate network packet data independent of any host processor.

Abstract: This disclosure discloses an addressing communication method and electronic device based on a media access control address. The method includes: a first device sets a UID of the first device according to its MAC address, and stores an association relation between respective description information, including the UID, of the first device; when intercepting a query request, used to query an IP address, of a second device, determines whether the MAC address of the first device is a MAC address, included in the query request, of a to-be-queried device; if yes, transmits an IP address of the first device to the second device so that the second device communicates with the first device according to the IP address. The disclosure may simplify related operations of configuring and maintaining the UID, lower configuration and maintenance costs, and decrease the risk of failures in a system without affecting communications.

Abstract: Network architecture supports hosting and content distribution on a global scale. The architecture allows a Content Provider to replicate and serve its most popular content at an unlimited number of points throughout the world. The inventive framework comprises a set of servers operating in a distributed manner. The actual content to be served is preferably supported on a set of hosting servers (sometimes referred to as ghost servers). This content comprises HTML page objects that, conventionally, are served from a Content Provider site. A base HTML document portion of a Web page is served from the Content Provider's site while one or more embedded objects for the page are served from the hosting servers, preferably, those hosting servers near the client machine. By serving the base HTML document from the Content Provider's site, the Content Provider maintains control over the content.

Abstract: A method and apparatus for setting a network rule entry are described. The method for setting a network rule entry includes: detecting, by the first device, whether the first domain name which is requested to resolve by a domain name resolution request of the second device is matched with a preset second domain name, herein the second device is a device which is mounted beneath the first device; acquiring, by the first device, an IP address corresponding to the first domain name from a response of a resolution request when the first domain name is matched with the second domain name; and setting, by the first device, an IP address in a rule entry corresponding to the second domain name as the IP address corresponding to the first domain name.

Abstract: The present disclosure relates to a communication ID allocation method and system of a battery management module. The system according to the present disclosure includes a first to nth battery management modules sequentially connected through a communication interface, wherein each battery management module designates itself as a master module or a slave module depending on whether or not a pulse signal is received from a battery management module at a higher level, and each battery management module allocates its communication ID according to a pulse width of the pulse signal received from the battery management module at a higher level, generates a pulse signal having the pulse width corresponding to the communication ID of the battery management module at a lower level, and outputs the generated pulse signal to the battery management module at a lower level.

Abstract: The invention relates to a telecommunications assembly (10) and a method for traversing an application layer gateway firewall (40) during the establishment of an RTC communication connection between an RTC client (20) and an RTC server (30) using a proprietary RTC signalling protocol, wherein the firewall (40) has no specific knowledge of the proprietary RTC signalling protocol.

Abstract: Techniques for unobtrusively protecting against large-scale data breaches over time are described. A security gateway coupled between clients and servers receives data object (DO) access requests from the clients on behalf of users of an enterprise. Each of the users is allocated a budget for each of one or more time periods. The security gateway determines an access cost for each DO access request based on characteristics of the DO request, where lower access costs are indicative expected DO access consumption for users of the enterprise, and charges the determined access cost against the budget for that user corresponding to the time period when the DO access request was received. Alert messages are transmitted based on different ones of the users exceeding their budget(s), and the transmission of the DO access requests to the data object servers is not prevented.

Abstract: In one aspect, a computerized system useful for implementing a cloud-based multipath routing protocol to an Internet endpoint includes an edge device that provides an entry point into an entity's core network. The entity's core network includes a set of resources to be reliably accessed. The computerized system includes a cloud-edge device instantiated in a public-cloud computing platform. The cloud-edge device joins a same virtual routing and forwarding table as the edge device. The cloud-edge device receives a set of sources and destinations of network traffic that are permitted to access the edge device and the set of resources.

Abstract: Techniques related to preventing large-scale data breaches utilizing differentiated data object (DO) protection layers are described. A security gateway placed within a communication path between client end stations and servers receives DO access requests from the client end stations. The DOs are divided into a first subset that are currently classified as active and a second subset that are currently classified as inactive based upon a likelihood of further legitimate access to the DOs. Those of the DO access requests for DOs determined to be in the first subset are subjected to a first protection layer utilizing zero or more protection mechanisms. Those of the plurality of DO access requests for DOs not in the first subset are subjected to a second protection layer utilizing one or more protection mechanisms. Large-scale data breaches are efficiently prevented without disruption to legitimate DO access requests.

Abstract: A system for packaging digital media and distributing digital media to exhibitors is described, which system enables distribution by utilizing media content booking, media content packaging, encryption, and delivery components.

Abstract: A method for ensuring media stream security in an IP Multimedia Subsystem network is disclosed. The method includes: assigning an end-to-end media stream security key for a calling User Equipment (UE) or a called UE, by a network device with which the calling UE or the called UE is registered, respectively, and transmitting the media stream security key to a network device with which the opposite end is registered; encrypting the end-to-end media stream security key using a session key shared with the calling UE or the called UE respectively, and transmitting the encrypted end-to-end media stream security key to the calling UE or the called UE, respectively, via a session message; encrypting or decrypting a media stream, by the calling UE or the called UE, respectively, using the end-to-end media stream security key.

Abstract: A server system can include a plurality of servers interconnected by a network. Each server can include a server processor, a socket configured to receive a module, and at least one removable computation module configured for insertion into the socket. Each computation module can include first processing circuits mounted on the computation module and configured to at least decrypt data packets received by the server independent of the server processor and second processing circuits mounted on the computation module and configured to form a virtual switch for switching the data packets.

Abstract: A method of encoding and encrypting input data (D1) to generate corresponding encoded and encrypted data (E2) is provided. At least a first data block of the input data (D1) is encoded to generate a first encoded data block. The at least first encoded data block is then encrypted using at least one key to provide a first encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Moreover, a first seed value is generated for use in encrypting a next encoded data block to provide a next encoded and encrypted data block for inclusion in the encoded and encrypted data (E2). Furthermore, a next seed value is generated for use in encrypting a subsequent encoded data block, in a sequential repetitive manner until each data block of the input data (D1) is encoded and encrypted into the encoded and encrypted data (E2).

Abstract: The present invention relates to a system and method for interlocking intrusion information. An intrusion information interlocking system includes at least one interlocking client which is connected to a client system which collects session information of intrusion in different network domains to transmit the intrusion information collected by the client system to the control system and requests analysis information on the intrusion information in accordance with a request of the client system to provide the analysis information to the client system, and an interlocking server which is connected to a control system which analyzes intrusion information to transmit the intrusion information of different network domains provided from one or more interlocking clients to the control system, stores the intrusion analysis information from the control system, and shares the stored intrusion analysis information with the interlocking client in accordance with the request of the interlocking client.

Abstract: A computer-implemented method for managing a personal data store is described for binding one or more identities of different types associated with a user. The computer-implemented method is implemented in a trust system including one or more processing devices communicatively coupled to a network. The computer-implemented method includes receiving one or more self-asserted first attributes by the user and second attributes asserted by an Attribute Provider; utilizing one or more of the first attributes and the second attributes as inputs to obtain and/or produce one or more cryptographically signed attributes signed by an associated Attribute Provider; storing the first attributes, the second attributes, and the one or more cryptographically signed attributes in a personal data store associated with the user; and utilizing one or more of the first attributes, the second attributes, and the one or more cryptographically signed attributes to respond to a request from a Relying Party.

Abstract: Methods and apparatuses are disclosed for secure network communications. An exemplary method may include sending a handshake request message to a server. The handshake request message contains a first random number encrypted by using a first public key and first service request data encrypted by using the first public key. The method may also include receiving a handshake response message replied from the server. The handshake response message contains the first service response data encrypted by using the first random number and a second random number encrypted by using the first random number. The method may further include decrypting the handshake response message by using the first random number to obtain the first service response data and the second random number. In addition, the method may include calculating a session key used in a session with the server in accordance with the first random number and the second random number.

Abstract: In an example embodiment, a mobile security offloader (MSOL) is provided. Within the MSOL, a mobile device identification component is used to receive unencrypted data from a mobile device in a mobile radio network and to determine a mobile device identification of the mobile device from the unencrypted data. A security profiles directory interface then uses the mobile device identification to retrieve a security profile corresponding to the mobile device identification from a security profiles directory, the security profile identifying a security protocol for encrypting data from the mobile device corresponding to the mobile device identification. An encryption engine is used to encrypt the unencrypted data using the security protocol identified in the security profile. A packet switched network interface is then used to route the encrypted data to a secured server identified in the data via a packet switched network.

Abstract: A system for and method of media encapsulation is presented. The method may include receiving, via an audio digitizer, a plurality of packets of data and compressing, via a codec, the plurality of packets of data. The method may also include queuing the plurality of packets of data in a queue and encrypting, via a filter, payloads of at least two of the plurality of packets of data in the queue into a single payload. The method further include transmitting the single payload in a single encrypted data packet.

Abstract: The subject matter described herein includes methods, systems, and computer program products for performing deep packet inspection at an endpoint. According to one method, a data portion of a data packet is examined at an inspection point located at an endpoint or mobile terminal of a communications network. A user profile associated with the endpoint or mobile terminal is provided that defines one or more actions or criteria to be applied to the data packet. An action related to the data packet is performed based on the examined data portion and the user profile.

Abstract: The disclosure relates to a telecommunication method for communicating scoring data over a network, comprising: sending, by a client application of a mobile telecommunication device, a request to a remote system via the network, the request comprising a user-ID of a user authenticated to the client application; in response to receiving the request, computing request-triggered, time-stamped scores selectively for physical objects assigned to the user; and selectively in case one of the current request-triggered scores differs from a request-triggered score computed in response to the last request of the same user for the same organization and the same physical object, returning the current and the previously computed request-triggered scores to the client application; regularly and independent of receiving the request, computing, by the remote system, scheduler-triggered, time-stamped scores of a plurality of physical objects irrespective of the user said physical object are assigned to, and comparing each sch

Abstract: Systems and methods are disclosed for securely identifying a computing device via a web browser utilizing a customized digital font. In particular, in one or more embodiments, the disclosed systems and methods generate a customized digital font and install the customized digital font on a computing device. Moreover, the disclosed systems and methods utilize the customized digital font to identify the computing device. In particular, one or more embodiments include systems and methods that identify an element of a webpage rendered by the computing device utilizing the customized digital font and identify the client device based on the rendered element of the webpage.

Abstract: A method for routing IP packets with IPSec AH authentication is disclosed. The method includes locating overlay edge routers between private domains and their associated NAT routers. Outbound packets from a source private domain are modified by its overlay edge router to include IPSec AH authorization data computed using IP source and destination addresses that match a packet's final source and destination IP address upon final NAT translation immediately prior to delivery to a host of a destination private domain.

Abstract: A system has ??2 servers. At least each of a set of authentication servers stores a key-share ski of secret key sk, shared between q of the ? servers, of a key-pair (pk, sk). An access control server sends an authentication value to a subset of the authentication servers. The authentication value was formed using a predetermined function of a first ciphertext for a user ID and a second ciphertext produced by encrypting a password attempt under public key pk using a homomorphic encryption algorithm. The authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID. Each authentication server in the subset produces a decryption share dependent on the authentication value using the key-share ski. The access control server uses decryption shares to determine if the authentication value decrypts to the predetermined value, if so permitting access to a resource.

Abstract: A mobile secure login method comprises steps of 1) displaying a machine readable graphic form encoded with a sign in URL and a unique token on a browser, wherein the said machine readable graphic form comprises at least one of a 1D barcode, a 2D barcode, a PDF417, an QR code, a Data Matrix code, an Aztec code, and OCR symbol; 2) scanning the said machine readable graphic form using a mobile device; 3) transmitting a sign in credential through a channel associated with the unique token to the browser from the mobile device, wherein the sign in credential comprises at least one of a username, a password, and a PKI signed challenge; 4) autofilling in the sign in credential at the sign in page to enable the browser to login to a secure website automatically.

Abstract: A system and method where a computing device reads an authentication phrase from a single data field user input. The authentication phrase input will typically be checked against a registered user database in order to determine whether the new input matches currently registered phrases. Should the user enter an authentication phrase that currently doesn't match any existing phrases, the user will typically be asked to try again. However, in cases where the user enters a matching authentication phrase, the user typically will be matched in the registered user database and gain access to further information about the user from a second database. Then the user is authenticated into a multi-user computer applications and systems and logged in.

Abstract: A self-adaptive communication method for an encryption dongle, comprising: an upper-layer software platform sets communication mode information of self, when connection of an encryption dongle to a host is detected, acquires communication mode information of the encryption dongle, determines whether or not the communication mode information of self matches the communication mode information of the encryption dongle, if yes, then communicates with the encryption dongle via an interrupt transmit pipeline, and if not, then transmits a communication instruction to the encryption dongle via a control transmit pipeline; the encryption dongle sets a communication mode identifier on the basis of the communication mode information of the upper-layer software platform in the communication instruction, and, the encryption dongle resets and resets communication mode information of self on the basis of the communication mode identifier.

Abstract: Provided herein are systems and methods of controlling access to a web-based application. Such a system may include an access determination server, an authorization control system, and a first web-based application accessible over a network to a first user device of a first user. The processing device of the access determination server receives application request information from the authorization control system, the application request information including an identifier of the first web-based application and an identifier of the first user, determines an access response based on the application request information and access information feed, transmits the access response to the authorization control system, receives an access result from the authorization control system, the access result being based on a response from a second user device to a notification, and stores the access result in an access information feed system.

Abstract: An identity federation and security token translation module and method for operable engagement with a web application or an internet information service (IIS). A first server includes computer-executable instructions defining the identity federation and security token translation module for managing and facilitating a creation of a custom security principal object for a user requesting access to the web application. A data cache stores the custom security principal object in a non-transitory computer readable media. The identity federation and security token translation module may be changed without making changes to the web application or the IIS.

Abstract: To validate a user's identity a network validation server receives a smartphone image of a preexisting user credential, including both a user biometric and a unique identifier associated with the credential and stores them in a database. The validation server also receives the unique identifier from a registrar network device seeking to validate the user, and in response transmits a validation code to the user's smartphone for display by the user's smartphone and/or the registrar's network device for display by the registrar's network device. The validation server additionally receives confirmation from the registrar's network device that a validation code displayed on the user's smartphone is the transmitted validation, thereby confirming that the user has been validated by the registrar.

Abstract: According to one embodiment, a communication apparatus is provided. The communication apparatus receives first content including first additional information from a first terminal, generates second additional information, adds the second additional information to second content, and transmits the second content to a second terminal. The second additional information includes an authentication code unique to blocks in the second content and the communication apparatus and a signature unique to the authentication code. The communication apparatus generates receipt information and transmits the receipt information to an external apparatus when a transmission source of the first content is verified to be the first terminal based on the first additional information.

Abstract: An apparatus controls transfer apparatuses that transfer a packet transmitted and received by terminals in a network. Upon receiving detection information notified from a server that detects unauthorized communication of a terminal by using the packet, the apparatus identifies the terminal and a type of the unauthorized communication, based on the detection information. The apparatus determines a transfer apparatus to be controlled, by referencing first information that stores information identifying the transfer apparatus in association with the terminal, and determines a control to be performed on the transfer apparatus by referencing second information that stores information on the control in association with the type of the unauthorized communication.

Abstract: Method for authenticating a user, comprising the steps of a)providing a central server (101), in communication with at least one authentication service provider (110,120,130), arranged to authenticate users via a respective authentication web interface, and at least one user service provider (150), arranged to provide user services to users via a respective user service web interface; b) providing, for a particular user and using a web browser in an electronic device (170,180), access to the authentication web interface, and upon an authentication of the user, the central server placing a cookie on the electronic device identifying the authentication service provider; c) providing, for the user and using the same web browser executed from the same electronic device, access to the user service web interface, and as a result providing the said cookie to the central server; d) identifying, based upon the said cookie, the authentication service provider; e) redirecting the web browser to the authentication servic

Abstract: Methods and systems of communicating with secure endpoints included within a secured network from a mobile device external to the secured network is disclosed. The method includes initiating a VPN-based secure connection to a VPN appliance, and initializing a stealth-based service on the mobile device. the method further includes transmitting user credential information from the mobile device to a VDR broker via the VPN appliance, and receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected status. The method also includes communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance and through the VDR to the one or more secure endpoints within a community of interest based on the user credential information transmitted to the VDR broker.

Abstract: In some embodiments, a method is provided for storing data in a storage device associated with a first electronic device. The first electronic device can receive a request for data from a remote electronic device. The request for data can include pairing information, which can be used to confirm the remote electronic device as an approved paired device. The request for data can also include authentication information, which can be used to authenticate the request for data. The first electronic device can retrieve the data from the storage device and transmit the data in encrypted form to the remote electronic device.

Abstract: Establishing secure connections from a computing device to secure servers when the computing device starts with an incorrect system clock time that would ordinarily prohibit connection to the secure servers. A method includes attempting to access a plurality of secure servers. The method further includes, from each of the servers in the plurality of secure servers, receiving one or more certificates from the secure servers and metadata which includes a specification of time. The method further includes preventing secure applications from sending sensitive data to the plurality of secure servers until a system time has been approximated. The method further includes, from the secure specifications of time, approximating a current system time. The method further includes accessing another secure server using the approximated current system time and using the approximated current system time to validate a certificate from the other server.

Abstract: According to an embodiment of the present disclosure, a method for tracking a data access route comprising duplicating, by a data access route management device, network data according to access to a database server of a user device and filtering, by the data access route management device, the network data to data related to an access record and a performance record to the database server through at least one pass-through server of the user device and storing the filtered data.

Abstract: An authentication system for authenticating the identity of a requester of access by an unauthorized service client to a secured resource. The system has a messaging gateway having a first set of instructions operable to receive from a requester purporting to be an authorized user of a secured resource a request for limited access to the secured resource by an unauthorized service client for a particular transaction; a server having a second set of instructions operable to determine a key string known to both the secured resource and the authorized user the requestor purports to be, the key string being adapted to provide a basis for authenticating the identity of the requester as the authorized account holder; and a service user interface having a third set of instructions embodied in a computer readable medium operable to receive transaction specific information input into the request by the unauthorized service client.

Abstract: A method can include receiving a request from a requestor to a given resource, which requestor is registered to access a set of one or more resources. The request includes a ticket that includes signature data generated by an authenticating entity in response to authenticating the requestor. The signature data may be decrypted to provide a decrypted signature. The ticket may be validated in response to the request based on evaluating the decrypted signature. A response can be provided to the requestor based on the validation, and the response can grant the requestor access to the given resource if the validation determines the ticket to be authentic and authorized for the given resource or the response can deny the requestor access to the given resource if the validation determines to reject the ticket.

Abstract: Aspects of the disclosure relate to deploying and utilizing a dynamic record identification and analysis computer system with event monitoring components. In some embodiments, a computing platform may receive, from a contact feed generation computer system, one or more contact feeds comprising contact data identifying one or more contacts associated with one or more user accounts. The computing platform may analyze the one or more contact feeds to identify a first subset of user accounts of the one or more user accounts having one or more attributes associated with one or more predetermined account security concern characteristics. Subsequently, the computing platform may add the first subset of user accounts of the one or more user accounts to an alert table maintained by the computing platform, and may send, to an analyst computer system, alert table listing information identifying contents of the alert table maintained by the computing platform.

Abstract: This disclosure provides a method, performed in a resource-constrained device 60, for establishing a secure session with a service 800 delivered by a server terminal 80 using a security protocol over a communication network. The resource-constrained device 60 is registered at a management terminal 70. The method comprises receiving, from the server terminal 80, a credential associated with the service 800. The method comprises sending, to the management terminal 70, a service approval request 803. The service approval request 803 comprises an identifier of the service 800 and/or the credential. The method comprises receiving, from the management terminal 70, a response 804. The response 804 comprises an indication that the service 800 is approved, and a security context for a resumption of the secure session. The secure session has been established by the management terminal 70. The method comprises initiating the resumption of the secure session with the service 800 using the security context.

Abstract: Methods, systems, and computer readable media may be operable to facilitate the management of connections between one or more client devices and an access point over one or more service sets. An access point may maintain a list of client devices that have successfully associated with a private service set broadcast from the access point, and when a client device from the list attempts to connect to a public service set broadcast from the access point, the access point may deny the client device's attempt to connect to the public service set. Attempts by the client device to join the public service set may be denied for a predetermined number of attempts or a predetermined period of time. Denying an attempt to connect to a public service set may provide a client device with more opportunities to connect to a private service set broadcast from a corresponding access point.

Abstract: A system for creating a service account includes a first server associated with a first application, a second server associated with a second application, and an electronic device that is capable of communicating with the first server and the second server. The electronic device is configured to receive user information by executing the first application and verify or generate a first account corresponding to the first application through interaction with the first server, based on the user information. The electronic device is also configured to generate a second account corresponding to the second application through interaction with the second server, based on at least a portion of the user information if the second application is executed in response to a specified event.