Abstract: A method, computer program product and system uses a tiered priority system having three types of callout messages for use by a transaction processing system: (i) callout with a reserved path; (ii) callout with priority; and (iii) default priority callout with sharing mode. An online transaction program (OTP) issues a “reserve call” associated with a “callout with a reserved path”. In response, a reserve call processor initiates an asynchronous request to build an express socket path, and returns a special dispatchable unit of work identifier (special DUOW ID). The OTP subsequently issues any number of callouts to be sent on the express socket path using the special DUOW ID. A callout with priority dynamically allocates a path for sending a callout message, without queuing. A sharing mode combines a group of callout messages (types (i), (ii), and/or (iii) above) into a single TCP/IP send without queuing.

Abstract: Selecting resources for a cloud service can include defining a specific resource provider constraint parameter, determining a parameter value for the specific resource provider constraint parameter, analyzing a plurality of specific resource providers and selecting a specific resource provider from the plurality of available specific resource providers based on the analysis and using a best-fit model.

Abstract: A network switch includes a plurality of internal ports, a plurality of external ports, an event handler, an action engine, and an event processor. The event handler detects an event and, in response, assembles a construct that includes event parameters. The action engine uses the construct to generate an event syntax. The event processor executes the event syntax to automatically configure the communication between the plurality of internal ports and the plurality of external ports. A first event may include the connection of a cable to a first external port and result in each of the plurality of internal ports communicating with the first external port. A second event may include the connection of a cable to a second external port and result in a first subset of internal ports communicating with the first external port and a second subset of internal ports communicating with the second external port.

Abstract: An Ethernet switch includes at least two interconnected Ethernet switch modules, with each of the Ethernet switch modules having a number of ingress/egress ports configured to receive or output Ethernet packets from and to end systems and interconnected Ethernet switch modules, and a forwarding function configured to modify a packet header of received Ethernet packets by encoding the identity of the ingress port at which the respective Ethernet packet has been received in identification bits of the packet header.

Abstract: A system and a method for analyzing a plurality of data packets where the data packets are analyzed to determine which of a number of subsequent process(es) is/are to further analyze the data packets. Information identifying the subsequent process(es) is added to a FIFO. An unknown data packet type is not immediately recognizable, whereby a storage location is reserved in the FIFO, and the data packet is fed to a separate characterizing process deriving the information relating to the relevant process(es), which information is subsequently fed to the relevant storage location in the FIFO, so that the order of data packets represented in the FIFO is the order of receipt of the data packets. From the FIFO, information is fed to a work list or storage of the relevant subsequent processes to process the pertaining data packets. This processing may also be in the chronological order of receipt of the data packets.

Abstract: Examples include techniques for virtual Ethernet switching of a multi-node fabric. In some examples, first Ethernet links coupled with a group of Ethernet gateways are link aggregated. The group of Ethernet gateways couple with respective individual physical switch ports of a fabric switch of a multi-node fabric to form a default logical gateway to provide an uplink between a virtual Ethernet switch and an Ethernet network external to the multi-node fabric. Also, one or more individual Ethernet gateways coupled with respective individual physical switch ports of the fabric switch may be arranged to provide one or more respective downlinks between the virtual Ethernet switch and one or more Ethernet nodes external to the multi-node fabric via respective second Ethernet links coupled with the one or more individual Ethernet gateways.

Abstract: A configurable advertisement count and skew timer in a virtual router can be used to improve the speed with which a backup virtual router assumes the role of master upon the master router's failure. Enhanced VRRP packets having a type other than one may be used to cause MAC address movement from a failed master router to a backup router assuming the role of master router without placing an undue load on other routers in the network, such as by dropping the enhanced VRRP packets having a type other than one without processing the packets in the control plane of a receiving virtual router.

Abstract: A message management service can enable a client to search and retrieve of messages from one or more messaging services. The message management service can stage delivery of results to the client to reduce response time for identification of messages satisfying a query. Initially, the message management service can send information descriptive of results, which the client can display. The message management service can send subsequent responses including supplemental information associated with a result and/or actual messages.

Abstract: A graphical user interface on a display device of a computer enables communications using a computer service. The graphical user interface includes a list of potential message recipients selected by a user as significant to the user. The graphical user interface also includes a mobile device identifier associated with one or more of the listed potential message recipients and a user account identifier associated with one or more of the listed potential message recipients. At least one of the listed potential recipients includes a mobile device identifier as the only available conduit for data delivery to the potential message recipient using the computer service.

Abstract: Methods, devices, and systems for facilitation of electronic message management involve receiving a message generated from a user of one communication system, augmenting the message with data indicative of the user, communicating the augmented message to a second communication system, and presenting the message to a user of the second communication system such that the message is separate from other received messages not having data indicative of the first user.

Abstract: A system for dynamic message routing on a topic between publishing nodes and subscribing nodes includes a plurality of message queues, at least one topic/node table, a subscribing module, a publishing module, and other modules to send messages between one or more publisher and one or more subscribers. Methods include: a method for publishing a message on a topic, a method for forwarding a message on a topic, a method for subscribing to messages on a topic, a method for automatically removing subscribers, a method for direct publishing of messages, and methods for optimizing message transmission between nodes.

Abstract: In one embodiment, a computer-implemented method is provided, comprising: creating at least a portion of an instant messaging application that is configured to cooperate with an apparatus, the instant messaging application, when executed, configured to cause a device to: display an instant messaging interface including a communicant message user interface element and a send user interface element, and receive, from the apparatus and utilizing a communications agent on the device configured to receive incoming messages addressed to a communicant identifier associated with a user of the instant messaging application, one or more user interface elements including a first button.

Abstract: A method, computer program product, and system for peer to peer communication is provided. The embodiment may include receiving a message from a first user intended for a second. It may include determining whether the second user is in a do not disturb (DND) state. It may also include overriding the DND state of the second user. Overriding the DND state may include receiving static message information and user characteristics. Overriding the DND state may include determining if a critical situation (critsit) exists. Overriding the DND state may include determining a message critsit value for the users. Overriding the DND state may include adding the first user and the second to a critsit users list. The embodiment may include overriding the DND state of the second user if both users are on the same list. The embodiment may include transmitting messages from the first user to the second user.

Abstract: A communication management system manages the exchange of messages between devices using different communication networks and/or protocols. A sender device may transmit a message (e.g., a short message service “SMS” message) to a destination associated with a traditional “landline” phone number. The message may be delivered over a traditional landline phone network. The communication management system can receive the message via the phone network, process the message, and provide the message to one or more electronic devices over a packet switched network, such as a local area network or the Internet. The electronic devices may use chat-based application software to process and display the message, provide robust message handline functionality, and facilitate responses to the message.

Abstract: A method, computer program product, and computer system for sending, from a first computing device, an email digest in an email message to a second computing device at a first point in time, wherein the email digest includes one or more content items for display at the second computing device when the email digest in the email message is accessed. An action is determined to be performed on a content item of the one or more content items at a second point in time that is after the first point in time. The content item of the one or more content items in the email digest is filtered from the email message based upon, at least in part, determining that the action is performed on the content item of the one or more content items at the second point in time.

Abstract: A method, computer program product, and system is provided for tracking ongoing chat sessions. In an implementation, a method may include receiving, by one or more computing devices, an annotation of an ongoing group chat session. The method may also include associating, by the one or more computing devices, the annotation with the ongoing group chat session. The method may further include displaying, by the one or more computing devices, the annotation in a user interface associated with the ongoing group chat session. The method may also include receiving, by the one or more computing devices, at least one comment associated with the annotation from one or more participants of the ongoing group chat session.

Abstract: A method for identifying a conversation thread among electronic communications. The method includes a computer processor identifying that a user is accessing a first electronic communication from a plurality of electronic communications. The method further includes a computer processor analyzing meta-data of the first electronic communication to identify a unique identifier included in the meta-data. The method further includes a computer processor determining that the unique identifier is associated with content included in the first electronic communication that was copied from a second electronic communication. The method further includes a computer processor providing the user that is accessing the first electronic communication access to the second electronic communication.

Abstract: A system and method of security for emoji based actions. The system and method may include processes such as obtaining a first text associated with an emoji image and a second text, determining to implement a security measure based at least in part on the first text associated with the emoji image, and determining a security level based at least in part on the second text.

Abstract: Systems and methods for displaying electronic messages are disclosed. In some embodiments, a method includes, at a computing device, concurrently displaying (i) a user interface object that represents a group of messages and (ii) one or more first indicia of a number of messages that have a predefined display status, in the group of messages while foregoing displaying more than one message of the group of messages. The method also includes receiving a selection of the user interface object; and, in response to receiving the selection of the user interface object, displaying messages in the group of messages. The method further includes, in accordance with displaying the messages in the group of messages, modifying the one or more displayed first indicia of the number of messages, which have the predefined display status, in the group of messages.

Abstract: A method for synchronizing a mobile device with a message mailbox is described. The method includes: sending a request to the server to identify an initial subset of most recently received messages from among a plurality of messages for synchronization; retrieving the initial subset of messages from the server; and retrieving, from the server, messages belonging to a conversation that includes at least one of the messages in the initial subset, prior to retrieving more recently received messages that do not belong to any conversation that includes at least one of the messages in the initial subset.

Abstract: A system and method for generating a notification email within the framework of standard email messaging protocols employs custom headers providing a short, informative notification of the subject of the email.

Abstract: A message identifier collector may collect message identifiers identifying sent messages having been sent by originating devices and identifying received messages of the sent messages that have been received at corresponding recipient devices. A message identifier matcher may match a sent message identifier for a sent message of the sent messages with a received message identifier for a corresponding received message of the received messages at a corresponding recipient device, and a delivery notification generator may send a delivery notification to an originating device of the originating devices that originally sent the sent message, thereby indicating receipt of the message at the corresponding recipient device. A delivery notification network path along which the message identifiers and the delivery notification are sent is different from a message delivery network path along which the message is sent.

Abstract: Embodiments of techniques and systems for sharing user information between proximate devices are described. In embodiments, a first device may identify a physically-proximate device that may receive user information. Upon receiving an indication that a user of the first device may desire to share user information with a user of the second device, a determination may be made as to whether the two users have matching interests. In embodiments, the interest match determination may be made by a separate interest match evaluator. Upon determination of an interest match, the first device may then send a request to share user information to the second device. If a user of the second device approves the request, user information for the user of the first device may be shared with the user of the second device. Other embodiments may be described and claimed.

Abstract: Technology is disclosed for detecting, classifying, and/or enforcing rules on social networking activity. The technology can scan and collect social content data from one or more social networks, store the social content data, classify content data posted to a social network, create and apply a set of social data content rules to future posted social content data.

Abstract: A document management system monitors proposed recipients for documents and provides recommendations on alterations to the distribution set, such as by adding or removing recipients.

Abstract: Disclosed are systems and methods for improving interactions with and between computers in content generating, searching, hosting and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods automatically identify and communicate media content to users as the media content is uploaded to the internet. The disclosed systems and methods leverage an internet hosted data firehose in order to build and communicate streams of content that are relevant to users' determined interests. Real-time analysis of the continuous stream of content results in curated media streams being created and communicated to users thereby stimulating social interactivity between users and automating the discovery of other users on a network.

Abstract: A method for interactive splitting of a post of a social collaborative environment is provided. The method comprises, in response to a selection of a portion of the post, splitting the post at a location of at least one of a boundary of the selection or within the selection into a first segment and a second segment. A tool is utilized to split the post at the location of at least one of the boundary of the selection or within the selection into the first segment and the second segment. An input box configured to receive a response to the post is presented in an interactive post editing interface of the post, wherein the presentation of the input box occurs in a space defined between the first segment and the second segment. The response can be inserted in the space defined between the first segment and the second segment.

Abstract: The disclosure describes systems and methods delivering communications associated with delivery conditions in which the occurrence of the delivery condition is determined by monitoring information received from a plurality of sources via multiple communication channels. The message delivery systems allow messages to be delivered to any “Who, What, When, Where” from any “Who, What, When, Where” upon the detection of an occurrence of one or more “Who, What, When, Where” delivery conditions. A message (which may be any data object including text-based messages, audio-based message such as voicemail or other audio such as music or video-based prerecorded messages) is delivered in accordance with delivery conditions based on any available data, including topical, spatial, temporal, and/or social data.

Abstract: The present invention relates to a method for resolving, for device management, a uniform resource identifier (URI) indicating a particular node and an apparatus therefor, the method comprising the steps of: finding one or more MO instances in accordance with a management object identifier (MOID) and MO instance information comprised in the URI; and finding the particular node within the one or more MO instances by means of a path, comprised in the URI, from the MO instance root node to the particular node, wherein if the MO instance information comprises a management object instance identifier (MIID), then the step for finding one or more MO instances comprises finding a unique MO instance having the MOID and MIID, and, if an MO instance having the MOID and MIID does not exist or exists in multiples, then returning an error.

Abstract: A communication method includes automatically sending a DHCP discovery request to a DHCP server after power on; receiving network configuration parameters assigned by the DHCP server responding to the DHCP discovery request; and sending a predefined domain name query request for a predefined domain name according to a network address of a DNS server included in the network configuration parameters. The domain name query request passes through a wireless controller. The method also includes, after the wireless controller intercepts the predefined domain name query request by monitoring domain name query requests passing through the wireless controller, receiving a simulated domain name query reply packet from the wireless controller responding to the predefined domain name query, wherein the domain name query reply packet includes a predefined network address corresponding to the predefined domain name; and communicating with the wireless controller according to the predefined network address.

Abstract: Systems and methods are described to enable adaptive handling of domain resolution requests originating from a virtual private cloud (VPC) networking environment. An administrator of the VPC can provide a set of rules specific to the VPC that designates how requests for a domain name should be handled. The rules may specify, for example, that a request for a given domain name should be routed to a particular domain name server, which may include a private domain name server, should be dropped, or should be routed according to a default behavior (e.g., a public domain name system). Resolution requests originating in the VPC can be associated with a VPC identifier. When an adaptive resolution system receives the request, it can retrieve rules associated with the VPC identifier, and apply the rules to determine further routing for the request.

Abstract: A proxy server for an authoritative nameserver of a domain receives a query from a requesting device directed to the authoritative nameserver for a resource record associated with the domain. The proxy server receives the query from the requesting device instead of the authoritative nameserver for the domain. The proxy server determines that a cached record for the queried resource record is in cache available to the proxy server but is expired, and queries the authoritative nameserver of the domain for the resource record. In response to determining that the authoritative nameserver of the domain failed to respond with the queried resource record, the proxy server accesses, in the cache available to the proxy server, the cached record for the resource record that is expired, and transmits the expired cached record for the resource record to the requesting device.

Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.

Abstract: The invention discloses a method and device for recognizing an IP address of a specified category, a defense method and system, wherein the method for recognizing an IP address of a specified category comprises the following steps: collecting behavior record data of several IP addresses (S101); extracting preprocessing data from the collected behavior record data, the extracted preprocessing data comprising at least address information of an IP address and time information of a behavior (S102); analyzing the extracted preprocessing data to obtain behavior-time distribution data of a user using the IP address (S103); and recognizing an IP address of a specified category at least according to the behavior-time distribution data of a user using the IP address (S104). By employing the invention, an IP address of a certain category can be located more accurately locate and the accuracy for recognizing an IP address is improved.

Abstract: A method for reducing data transfer connections is provided. The method may include receiving data requests associated with devices. The method may further include collecting data associated with the devices based on the data requests. Additionally, the method may include identifying applications for receiving the collected data. The method may also include generating datasets based on the collected data and the identified applications, wherein the datasets include collected data that is combined based on a commonality for transmission to one or more common applications. The method may further include generating passwords for the datasets. The method may also include encrypting the passwords. The method may further include generating data blocks, including a dataset, the generated and encrypted passwords, and UUIDs for each application. The method may also include transmitting the data blocks to the identified applications.

Abstract: An intrusion detection system (“IDS”) device is described that includes a flow analysis module to receive a first packet flow from a client and to receive a second packet flow from a server. The IDS includes a forwarding component to send the first packet flow to the server and the second packet flow to the client and a stateful inspection engine to apply one or more sets of patterns to the first packet flow to determine whether the first packet flow represents a network attack. The IDS also includes an application identification module to perform an initial identification of a type of software application and communication protocol associated with the first packet flow and to reevaluate the identification of the type of software application and protocol according to the second packet flow. The IDS may help eliminate false positive and false negative attack identifications.

Abstract: Disclosed are systems and methods to perform coordinated blocking of source addresses, such as an Internet Protocol (IP) addresses, across a plurality of network appliances (e.g., gateways). In one disclosed embodiment the method and system temporarily alter a configuration of one or more network appliances (based on user defined configuration parameters) to allow communication from a “blocked” IP address for a period of time. A network appliance can then “receive” an email and perform analysis and provide results of the analysis to a reputation service. Thereby, the temporarily allowed communication can be used to learn information about a threat which would not have been available if all communication from that IP address had actually been blocked at the network appliance.

Abstract: A network filter is implemented so that filter terms that include intra-term OR conditions and converted to sub-terms that include only logical AND conditions. In one implementation, a device may include logic to receive a filter definition including one or more terms, at least some of the terms including logical OR conditions, that define how network traffic through the device is to be filtered, the logic expanding the one or more terms in the filter such that terms that contain logical OR conditions are expanded into a plurality of sub-terms that each contains only logical AND conditions. The device may further include a ternary content-addressable memory (TCAM) programmed to include a separate entry corresponding to each of the sub-terms.

Abstract: A first DNS server receives, from a client device, a DNS query for a domain name and transmits, to a second DNS server, the DNS query for the domain name. The first DNS server receives, from the second DNS server, an answer to the DNS query that is unsigned. The first DNS server signs the received answer to the DNS query and transmits, to the client device, the signed DNS answer.

Abstract: To grant or deny access rights to a user attempting to access a protected system or secured electronic data, an access right evaluation process is carried out among all applicable policies including those embedded in the secured electronic data. In a preferred embodiment, the access right evaluation process is invoked only when a system being accessed is protected or a file being accessed is detected to be in a secured format. Further, the access right evaluation process is configured preferably to operate transparently to the user. The access right evaluation may be advantageously used in systems or applications in which devices, mediums or electronic data are secured and can be restrictively accessed by those who are authenticated and have proper access privilege.

Abstract: A server is operated to securely convey information to a user via a network by receiving, from the user, a user selected presentation form representing one of a user selected specific voice and a user selected specific background image. Information for presentation to the user is received from another user and incorporated into the user selected presentation form. The information incorporated in the user selected presentation form is transmitted to the user via the network for presentation to the user.

Abstract: In embodiments of the present invention, improved secure exchange system features include a federated search facility, hybrid encryption management (adjustable encryption key management), anonymous IRM, disassembled storage of data as chunks rather than files, asynchronous notification process/integrated file upload and messaging, an identity facility, multi-factor authentication, dynamic access authorization, and various enhancements to a customizable exchange system.

Abstract: The present document describes systems and methods that provide pluggable cipher suites. In one embodiment, a client and a server perform a secure transport handshake that negotiates a set of supported cipher suites. The server determines if the cipher suites supported by the client are acceptable. When the server determines that the cipher suites supported by the client are not acceptable, the server provides a pluggable cipher suite to the client. The client runs the pluggable cipher suite in a sandboxed environment, and uses the pluggable cipher suite to add support for one or more additional cipher suites. In some implementations, the pluggable cipher suite is provided by a third-party server.

Abstract: Embodiments include method, systems and computer program products for securing enterprise data in a mobile computing environment. Aspects include receiving, by an application disposed on a mobile computing device, a request to access the enterprise data stored on the mobile computing device in an encrypted format and determining whether the mobile computing device is in communication with an enterprise network. Based on determining that the mobile computing device is in communication with the enterprise network, aspects include transmitting a decryption request to an encryption application disposed on the enterprise network, receiving the enterprise data in an unencrypted format from the enterprise network and granting access to the enterprise data in an unencrypted format to the application. Based on a determination that the mobile computing device is not communication with the enterprise network, aspects also include denying the request to access the enterprise data.

Abstract: A process for the processing of user inquiries in a data network saves user data anonymized at first in an independent process with an independent third-party vendor, which can then be accessed by the use of several incremental encryption and anonymization routines in such a way that, on the one hand the provider is not involved in the data exchange and in other respects even the independent third-party vendor does not have access to the user data at any time, albeit with the result that anonymized customer data, especially information about age, sex and partial postal code, can be kept ready in a database for the mobile end device being used.

Abstract: Methods and systems for secure data offload in a sensor network. The method comprises offloading data indicative of sensor measurements from a wireless sensing device to a gateway device through a first secure communication channel; and storing the data at the gateway device if there is not currently a second secure communication channel established between the gateway device and the management server. The method continues with offloading the data to the management server when the second secure communication channel is established; and reconciling the data at the management server to generate reconciled sensor measurements in which duplicates have been removed.

Abstract: A method and system is provided for efficient interruptible transfer of protected media assets. The method of asset transfer uses a segmented asset transfer paradigm which makes possible the implementation of such features as “watch as you transfer” and “offsetted resumption of interrupted transfers”. Implementation strategies of these features with support for segmented and contiguous media assets are also disclosed.

Abstract: A server module evaluates a circuit based on concealed inputs provided by respective participant modules, to provide a concealed output. By virtue of this approach, no party to the transaction (including the sever module) discovers any other party's non-concealed inputs. In a first implementation, the server module evaluates a garbled Boolean circuit. This implementation also uses a three-way oblivious transfer technique to provide a concealed input from one of the participant modules to the serer module. In a second implementation, the server module evaluates an arithmetic circuit based on ciphertexts that have been produced using a fully homomorphic encryption technique. This implementation modifies multiplication operations that are performed in the evaluation of the arithmetic circuit by a modifier factor; this removes bounds placed on the number of the multiplication operations that can be performed.

Abstract: A method and apparatus for enhancing privacy of a data packet stream between first and second network nodes over a channel having a total bandwidth receives data packets of the data packet stream at the first network node and determines a current bandwidth used by the received data packets. The first node generates multiple spoof packets and interleaves the spoof packets and the received packets to generate an interleaved packet stream having a bandwidth that is greater than the current bandwidth and less than the total bandwidth. The first node transmits the interleaved packet stream to the second network node.

Abstract: A first electronic device is provided. The first electronic device includes a transceiver, and a processor configured to encrypt a part of information related to a second communication based on information related to a first communication performed between the first electronic device and a second electronic device and control the transceiver to transmit information related to the second communication to the second electronic device through the transceiver.