Inventors list

Assignees list

Classification tree browser

Top 100 Inventors

Top 100 Assignees


Network resources access controlling

Subclass of:

709 - Electrical computers and digital processing systems: multicomputer data transferring

709227000 - COMPUTER-TO-COMPUTER SESSION/CONNECTION ESTABLISHING

Patent class list (only not empty are listed)

Deeper subclasses:

Entries
DocumentTitleDate
20090193130Web-Based Access to Data Objects - Providing a mobile device with web-based access to data objects is disclosed. Authentication information is sent from a mobile device to a relay server. The relay server executes a connection application to establish a connection to a web access server. The authentication information is provided to the web access server associated with a data store hosting a data object. Upon authentication, the data object is provided to the relay server from the data store. The data object is then provided to the mobile device.07-30-2009
20090193129Systems and Methods for Fine Grain Policy Driven Cookie Proxying - The present solution enables a client that is not configured to use cookies to access resources of the server that uses cookies for communications with the clients. An intermediary deployed between a client and a server intercepts and modifies transmissions between the client and the server to compensate for the mismatch in configuration of the cookies between the client and the server. The present disclosure relates to a method for managing cookies by an intermediary for a client. An intermediary receives a response from a server to a request of a client. The response may comprise a uniform resource locator (URL) and a cookie. The intermediary may modify the response by removing the cookie from the response and inserting a unique client identifier into the URL. The intermediary may store the removed cookie in association with the unique client identifier and forward the modified response to the client.07-30-2009
20110196977DYNAMIC SERVICE GROUPS BASED ON SESSION ATTRIBUTES - Service groups are dynamically created and members are dynamically assigned. A network element receives a request for a subscriber session and transmits an authentication request to a AAA server. The network element receives an authentication reply from the AAA server that includes dynamic service group configuration information that indicates that the subscriber session should be part of a service group and defines the criteria for the network element to dynamically create and join that subscriber session to a service group if an appropriate service group does not exist or dynamically join that subscriber session to an existing service group. The network element derives a dynamic service group identifier from attributes of the subscriber session based on instructions in the dynamic service group configuration information. Based on that dynamic service group identifier and service group attribute information in the configuration information, the network element dynamically creates and joins the subscriber session to a service group if an appropriate service group does not exist or dynamically joins the subscriber session to an existing appropriate service group.08-11-2011
20110202671Method and Apparatus for Mobility Agent Recovery - Techniques for recovering Mobile Internet Protocol (IP) session(s) of a mobility agent in a Mobile IP network are described herein. In one embodiment of the invention, for each mobility session associated with a mobility agent, the mobility agent distributively backs up mobility agent specific information to the mobility agent peer associated with that mobility session. The mobility agent specific information is not used by the mobility agent peer. Upon the mobility agent inadvertently losing at least one mobility session, the mobility agent recovers the stored mobility agent specific information associated with those sessions from the mobility agent peers respectively associated with those sessions. Other methods and apparatuses are also described.08-18-2011
20100115115Contact Details Service - A method for a user to advise related entities with respect to a consumer service of their contact details wherein the user submits data to a Contact Details Registration Service to register their use of the consumer service; the Contact Details Registration Service allocating the user with a unique identification indicia and transmitting same to the user for subsequent use in communications with the Contact Details Registration Service and/or any related entities of the consumer service registered with the Contact Details Registration Service; the data submitted by the user including their contact details and having at least an address to which correspondence is to be sent, the contact details being associated with the unique identification indicia of the user by the Contact Detail Registration Service and stored in a database; and the user's contact details being accessible to the consumer service, or related entities thereof, upon provision of the user's associated unique identification identifier to the Contact Details Registration Service database, wherein the Contact Details Registration Service database maintains a record of related entity requests for the contact details of the user.05-06-2010
20090043902PACKET DATA NETWORK CONNECTIVITY DOMAIN SELECTION AND BEARER SETUP - A network device includes a packet data name (PDN) description generator that generates a PDN descriptor. The PDN descriptor includes at least one of a PDN identifier and a PDN gateway identifier. A transmit module transmits the PDN descriptor to a remote device before bearer setup of the network device by a remote network. A receive module receives a reply signal from the remote network that indicates the bearer setup based on the PDN descriptor. A control module communicates with a PDN gateway based on the reply signal.02-12-2009
20130080649SECURE RESOURCE NAME RESOLUTION - Techniques for securing name resolution technologies and for ensuring that name resolution technologies can function in modern networks that have a plurality of overlay networks accessible via a single network interface. In accordance with some of the principles described herein, a set of resolution parameters may be implemented by a user, such as an end user or an administrator, to be used during a name resolution process for securing the process and/or for conducting the process in an overlay network. In some implementations, the set of resolution parameters may be maintained as a table of rules, and used to govern name resolution processes. For example, resolution parameters may be created that govern a DNSSEC session, or that govern how to communicate with networks implemented with Microsoft's Direct Access overlay technologies, or that govern communications using any other networking technology.03-28-2013
20100042735CROSS-DOMAIN AUTHENTICATION - Providing services within a network of service providers sharing an authentication service and a set of business rules. A central server receives a first request from a first server to provide a first service to a user via a client without forcing the user to present credentials. In response to the received first request, the central server stores data identifying the first service on the client. The central server further receives a second request from a second server to provide a second service to the user via the client after the user presents the credentials to the second service. After receiving the second request and the presented credentials, the central server allows the user access to the second service. In response to allowing the user access to the second service, the central server further allows the user access to the first service as a result of the stored data.02-18-2010
20100042734PROXY SERVER ACCESS RESTRICTION APPARATUS, SYSTEMS, AND METHODS - Apparatus, systems, and methods disclosed herein disallow connections from one or more remote clients associated with an Internet protocol (IP) address for a period of disallowance if a number of connection requests from the one or more clients associated with the IP address exceeds a threshold number during a threshold time period. Other embodiments are described and claimed.02-18-2010
20100325298AUTHENTICATION MODES FOR AN OPTICAL TRANSCEIVER MODULE - Methods for authenticating an optical transceiver module to a host are disclosed. The transceiver comprises a receive signal line for transferring data from the transceiver to the host and a transmit signal line for transferring data from the host to the transceiver in preparation for transmission to a communications network. The transceiver includes a controller having a processor in communication with the host, and a first memory register assignable by the processor. A consolidated laser driver/post amplifier is also included and features a pattern generator and a data switch. The pattern generator produces a string of bit values that serve as an authenticating data portion. The data switch selectively inputs the authenticating data portion to the receive signal line of the transceiver according to the state of the first memory register, enabling the authenticating data portion to be received by the host, thereby authenticating the transceiver.12-23-2010
20090157888COOPERATIVE PROXY AUTO-DISCOVERY AND CONNECTION INTERCEPTION - In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at the server-side proxy and untransformed at the client-side proxy, a method and apparatus for a discovering proxy to transparently discover its position in a proxy pair by using proxy signals to indicate to other proxies that could pair with the discovering proxy. A discovering proxy might determine that it is a client-side proxy by receipt of a packet from client without a proxy signal. A discovering proxy might determine that it is a server-side proxy by receipt of a packet from server without a return proxy signal. Once a proxy pair is discovered, that proxy pair might transform traffic from the server to the client or vice versa, transforming the traffic at one proxy of the proxy pair and untransforming the traffic at the other proxy of the pair.06-18-2009
20100106846METHOD AND APPARATUSES FOR MAKING USE OF VIRTUAL IMS SUBSCRIPTIONS COUPLED WITH THE IDENTITY OF A NON SIP COMPLIANT TERMINAL FOR NON-REGISTERED SUBSCRIBERS - The present invention relates to an overlay system between a GSM and IMS network, making use of virtual IMS subscriptions, which are temporary coupled with the identity of a non SIP compliant terminal, when the non SIP compliant terminal makes a call, is called or invokes an IMS service during the call, for the purpose of initiating a SIP session providing an IMS service to the terminal.04-29-2010
20100287289METHOD AND SYSTEM OF SECURING ELECTRONIC DEVICE - A method of securing electronic device includes connecting a first electronic device saving an initial network environment parameter to a network. The first electronic device detects an actual network environment parameter in the network. The first electronic device uploads data information stored therein to a predetermined second electronic device through the network when the actual network environment parameter is different from the initial network environment parameter. The first electronic device deletes the data information stored therein.11-11-2010
20100095011System and Method for Remote Authentication Dial In User Service (RADIUS) Prefix Authorization Application - An apparatus comprising a client node configured to communicate with a server node and a plurality of mobile nodes, wherein the client node is configured to obtain Prefix Authorization (PA) for the mobile node from the server node using a Remote Authentication Dial In User Service (RADIUS) protocol. Also disclosed is a network component comprising at least one processor configured to implement a method comprising sending an Access-Request message to an Authentication, Authorization, and Accounting (AAA) PA server using a RADIUS protocol, receiving an Access-Accept message from the AAA PA server using the RADIUS protocol if the Access-Request message is accepted by the AAA PA server, and receiving an Access-Reject message from the AAA PA server using the RADIUS protocol if the Access-Request message is not accepted by the AAA PA server.04-15-2010
20120166664SALES DATA PROCESSOR AND COMPUTER READABLE MEDIUM - A sales data processor includes a connection unit to which a recording medium is connected. The recording medium has stored thereon access information for accessing a server device and identification information for identifying the sales data processor. A CPU of the sales data processor reads the access information and the identification information stored on the recording medium. And a communication unit of the sales data processor is authenticated by the server device based on the read access information and identification information, to communicate with the server device.06-28-2012
20120166663Method And Apparatus For Registering A Mobile Object On A Foreign Network - A method and apparatus for registering a mobile object on a foreign network are disclosed. A first virtual machine at a first router on a foreign network executes a mobile object and generates a care-of-name for the mobile object. The foreign object agent communicates the care-of-name to a home object agent located on a home network. The home object agent creates a mobility binding for the mobile object by using the care-of-name.06-28-2012
20090307362SYSTEM AND METHOD FOR GLOBALLY AND SECURELY ACCESSING UNIFIED INFORMATION IN A COMPUTER NETWORK - A client stores a first set of workspace data, and is coupled via a computer network to a global server. The client may be configured to synchronize portions of the first set of workspace data with the global server, which stores independently modifiable copies of the portions. The global server may also store workspace data which is not downloaded from the client, and thus stores a second set of workspace data. The global server may be configured to identify and authenticate a user seeking global server access from a remote terminal, and is configured to provide access to the first set or to the second set. Further, services may be stored anywhere in the computer network. The global server may be configured to provide the user with access to the services. The system may further include a synchronization-start module at the client site (which may be protected by a firewall) that initiates interconnection and synchronization with the global server when predetermined criteria have been satisfied.12-10-2009
20090307361SYSTEM AND METHOD FOR CONTENT RIGHTS BASED ON EXISTENCE OF A VOICE SESSION - Systems and methods are provided for granting digital content access rights to shared content based on the existence of a voice session, such as a mobile telecommunications voice call, between users. In general, in the preferred embodiment, a voice session is established between a first user and a second user via associated devices. Either automatically upon establishment of the voice session or upon request by the first user, access rights to content shared by the first user are granted to the second user. The content shared by the first user may be content hosted by the device of the first user, another device associated with the first user, a third-party service, or the like. The access rights granted to the second user allow access to the content shared by the first user while the voice session between the first and second users is active.12-10-2009
20090307360DETECTION OF UNCATEGORIZED WEB-BASED PROXY SITES - In embodiments of the present invention improved capabilities are described for the detection of uncategorized web-based proxy sites, where an action may be provided in association with access to restricted network locations. In a step A, a network location access request may be received from a computing facility. In a step B, a URL database may be assessed that contains categorized URLs and it may be determined that a URL associated with the network location access request is previously uncategorized URL. In a step C, it may be determined that the URL associated with the network location access request includes a secondary URL. In a step D, the URL database may be accessed that contains categorized URLs and it may be determined that the client is restricted from accessing the secondary URL. In a step E, the action may be provided in association with the network location access request as a previously uncategorized proxy website when steps B, C, and D are all met.12-10-2009
20130060955AUTHENTICATION BASED ON RANDOM BITS IN SATELLITE NAVIGATION MESSAGES - A system and methods for location authentication are presented. A subset of demodulated server received navigation signals are selected synchronized to client bit frames to provide synchronized server bit frames. A function of the synchronized server bit frames is computed to provide a server signature set. A client signature set and the server signature set are compared to provide a comparison result, and a location of a client device is authenticated based on the comparison result.03-07-2013
20090276534Enterprise Device Policy Management - Methods and systems for managing policies of portable data storage devices in conjunction with a third-party service are disclosed. One or more candidates of a plurality of members in an enterprise may be identifying via the third-party service. Each of the plurality of members may be associated with a respective portable data storage device. An indication provided by the third-party service of one or more candidate devices may be obtained. The one or more candidate devices may each be a portable data storage device associated with a respective candidate. Policies of the one or more candidate devices may be modified.11-05-2009
20120117259DEVICES, SYSTEMS AND METHODS OF SETTING MACHINES - A machine setting device connected to a first machine, including a machine communicate unit, receiving a first machine signal of the first machine; a signal transform unit, transforming the first machine signal into a machine analysis signal with a normal format according to a normal communicate interface; a storage unit, storing an authentication data; and a processor, a processor, authenticating the first machine according to the authentication data and the machine analysis signal, and generating an authentication success signal if authentication is successful, wherein the machine communicate unit sends a machine return signal to the first machine according to the authentication success signal.05-10-2012
20120117258TECHNIQUES TO DEPLOY AND UNDEPLOY CONTENT TO AND FROM WEB SERVERS - Techniques to deploy and undeploy content to and from web servers are described. In some embodiments, a method to deploy content to a web server may include selecting multiple files to deploy to one or more web servers, selecting one or more destinations for the one or more multiple files, copying one or more existing files from the one or more web servers to be replaced by the multiple files, creating a backup batch using the one or more existing files and publishing the multiple files to the one or more web servers. Other embodiments are described and claimed.05-10-2012
20090265473Topology Management in Peer-to-Peer Content Distribution Clouds - A topology management process is implemented in peer-to-peer content distribution clouds using tracker nodes. Tracker nodes have information about available peers and assist peers in finding other peers to connect to. Various algorithms for use at the tracker nodes are described for selecting which peers to return as potentials for forming connections to. In addition, architectures and algorithms to allow efficient scaling of tracker nodes in peer-to-peer clouds are described.10-22-2009
20090234957MANAGING DATABASE CONNECTIONS - The present invention provides a method for managing a database connection, comprising the steps of: in responsive to a connection request of a first application, allocating an available connection for the first application; if there is no available connection, selecting a held connection being used by a second application; backing up connection context of the held connection; releasing the held connection; and allocating the held connection for the first application. Since connection context of the application has been restorably backed up, a connection of the application can be cut off and the connection re-scheduled when necessary. As a result, the connection utilization rate is enhanced. The present invention further provides a device and system that can manage a database connection based on the technology of connection pools.09-17-2009
20120271960SYSTEM AND METHOD FOR PROVIDING PRINT READY CONTENT TO A PRINTING DEVICE - A script file is maintained on a server system. The script file captures semantics of a task previously performed by a user on a web browser. The server system executes the script file to reproduce the task in response to a request for print ready content where the request is associated with performing the task. The server system converts content obtained from reproducing the task into print ready content and provides the print ready content via a network connection to a printing device.10-25-2012
20090019171METHOD, DEVICE AND SYSTEM FOR DETERMINING MAIL CLASS - The present invention discloses a method, device and system for determining a mail class. The method for determining a mail class includes: reading a mail head of a mail with an unknown class; extracting a first field in compliance with a first preset condition from the mail head; vectorizing combinations of the first field and its presentation forms into a first preset number of first feature vectors; taking the first feature vectors as input to a preset predictive algorithm for calculation with use of data stored for a pre-established behavior model to derive a calculation result; and determining the mail class of the mail with an unknown class from the calculation result.01-15-2009
20120233343MEDIA DEVICE PRESENCE MANAGEMENT - A media player may be adapted to manage presence information distribution and access to facilitate media communication between compatible devices. Devices connecting in an ad-hoc or other network topology include a plurality of presence settings that determine how or if the device appears to be available for communication to other devices over the network. Additionally, the presence settings identify other, specific devices or groups of devices that may communicate with a device. By comparing the presence settings of a sending device with the settings of a receiving device, the receiving device may determine a presence state for all devices within communication range.09-13-2012
20090006636System & method for automatically registering a client device - A system and method for policy-based registration of client devices is provided. Policy-based registration may use registration keys to register devices on a network. For example, registration keys may include policy assignments, folder assignments, group assignments, or other assignments for registering, identifying, and managing the device on the network. Devices can register one or more times (e.g., using one or more registration keys), resulting in the device being added to any number of folders and groups. Further, the policies may be used to control a registration process or to enforce registration rules. As such, administrators can construct folders or groups of devices with a set of keys, providing a consistent mechanism to easily register and manage a device.01-01-2009
20080294786NON-BLOCKING OF HEAD END INITIATED REVOCATION AND DELIVERY OF ENTITLEMENTS IN A NON-ADDRESSABLE DIGITAL MEDIA NETWORK - A system, apparatus, and method are directed towards managing entitlement/right revocation and delivery to be performed within a non-addressable media network. Such networks may include for example a client device behind a network address translation (NAT) device, employs non-addressable satellite components, or so forth. A server notifies clients that entitlements, revocations, or the like are available by sending a request for communications with the client. The client initiates a connection to receive the entitlements, or the like, and then disconnects from the server. If the client fails to initiate a connection, the server may continue to send a request for a connection, or even change encryption keys to the content to prevent access by the client. In one embodiment, failure to receive an acknowledgement response from the server of a connection with the client, or from the client, may result in invocation of a revocation failure action.11-27-2008
20120102212METHOD, APPARATUS AND SYSTEM FOR PLATFORM IDENTITY BINDING IN A NETWORK NODE - Embodiments of apparatuses, articles, methods, and systems for binding various platform identities for a policy negotiation are generally described herein. Other embodiments may be described and claimed.04-26-2012
20120317298SCRIPTING ENVIRONMENT FOR NETWORK DEVICE - A network device includes a controller and a scripting environment. The controller is for controlling a plurality of network devices. The scripting environment is for implementing an interface between the controller and a management system based on a script.12-13-2012
20110191485ROLE BASED ACCESS CONTROL UTILIZING SCOPED PERMISSIONS - Systems and methods authorizing access to storage system resources are presented herein. A scoped permission assignment can be associated with an operation related to a type of at least one resource. The scoped permission assignment can be assigned to a role; and the role can be associated with user(s). A resource, or one or more resources of a resource group, can be associated with user(s) or user group(s). Further, a user can be authorized to perform the operation on the resource and/or one or more resources based on, at least in part, permission assignments directly granted to the user or granted in a role of the user. In addition, one or more resource flags can be assigned to the one or more resources. Accordingly, the user can be authorized to perform the operation based on, at least in part, the one or more resource flags and the scoped permission assignment.08-04-2011
20110283007Aggregation application written as a module or an extention of another application - Machine, method for use and method for making, and corresponding products produced thereby, as well as data structures, computer-readable media tangibly embodying program instructions, manufactures, and necessary intermediates of the foregoing, each pertaining to digital aspects of a computerized aggregation system. The system can include a user computer system interposed between a segment of a network allowing communication between the user computer system and at least one server system, and other segments allowing communication between the user computer system and a plurality of third party server systems. The one server system enables the user computer system to access the plurality of other servers. The access permits forming an aggregation of information obtained from the third party server systems.11-17-2011
20090106433ACCESS SYSTEM INTERFACE - An access system provides identity management and/or access management services for a network. An application program interface for the access system enables an application without a web agent front end to read and use contents of an existing encrypted cookie to bypass authentication and proceed to authorization. A web agent is a component (usually software, but can be hardware or a combination of hardware and software) that plugs into (or otherwise integrates with) a web server (or equivalent) in order to participate in providing access services.04-23-2009
20110173339 NETWORK SERVICE ACCESS METHOD AND ACCESS GATEWAY EQUIPMENT - The present invention includes a network service access method. In one embodiment, such a method comprises: forwarding the domain name resolution requests to a local domain name server of each Internet service provider providing services through access link corresponding with the Internet service provider; receiving Internet Protocol address on the domain name resolution requests which the local domain name server of each Internet service provider returned from the corresponding access link; selecting the Internet Protocol address according to line state of the access link of each Internet service provider providing services and returning the selected Internet Protocol address to the user equipments; and visiting network services by the access link of the Internet service provider returning the selected Internet Protocol address.07-14-2011
20110289231Plug-in Connector System for Protected Establishment of a Network Connection - A plug-in connector system for a data communication interface comprising a network connector and a network socket is equipped with an integrated authentication function that is independent of network communication. The authentication is undertaken independently of the data transmission or the data communication. The enabling is undertaken by a physical connection between the contacts of the network socket, where the network connector associated therewith is established after successful authentication.11-24-2011
20090276533Authentication Option Support for Binding Revocation in Mobile Internet Protocol version 6 - A network component comprising at least one processor configured to implement a method comprising sending a message comprising an authentication mobility option to a mobile node, wherein the message is configured to revoke a mobility binding for the mobile node is disclosed. Also disclosed is a system comprising a home agent configured to send a binding revocation indication (BRI) to a mobile node and receive a binding revocation acknowledgement (BRA) from the mobile node, wherein the BRI comprises a first authentication mobility option and the BRA comprises a second authentication mobility option. Included is a method comprising receiving a BRI message comprising an authentication mobility option from a home agent, analyzing the authentication mobility option, and sending a BRA message to the home agent.11-05-2009
20110296043Managing Shared Sessions in a Shared Resource Computing Environment - Sharing and exchanging sessions between devices and users in a Shared Resource Computing (SRC) environment are disclosed. Example systems include a shared resource computing server and a plurality of peripheral devices. The SRC server (“SRC Box”) may include functionality configured to share and exchange sessions between the peripheral devices and the users, including functionality to map graphical representations of sessions to sessions and to map graphical representations of users to users, and functionality to display the representations of sessions and users within a graphical user interface. Alternate embodiments may also include functionality for transferring a saved session between devices.12-01-2011
20100153567Method and Apparatus for Providing Network Based Services to Non-registering EndPoints - Many of the current IMS standards and enriched services were originally designed for the individual subscribers that are serviced by the wireless network. However, the IMS standards do not fully address the problem of providing the IMS enriched services and features to business PBX customers or wholesale customers that do not directly register to the IMS network. The present invention discloses a method for providing IMS enriched services and features to business PBX customers or wholesale customers through the use of a static provisioning and registration method.06-17-2010
20100030907Method and Arrangement for the Composition of a First and a Second Communication Access Network - A method and an associated arrangement for the registration of a first communication access network N02-04-2010
20110219133REGISTER CLUSTERING IN A SIP-BASED NETWORK - In one embodiment, a method can include: receiving a request for service in a first edge proxy; applying a hash function to a source address of an endpoint; and forwarding the request to a second edge proxy in response to a first result of the hash function, or servicing the request in the first edge proxy in response to a second result of the hash function.09-08-2011
20110219134Method and Arrangment for Controlling Sessions in a Communication Network - A method and an apparatus in a multimedia network node (09-08-2011
20110219132METHOD, SYSTEM AND APPARATUS FOR CONFIGURING A DEVICE FOR INTERACTION WITH A SERVER - A method to a method, system and apparatus for configuring a device for interaction with a server is provided. An intermediation infrastructure mediates registration traffic between any of a plurality of application servers hosting a server-side application and any of a plurality of computing devices executing a client-side application that corresponds to the server-side application. The intermediation infrastructure receives account registration information, including an account identifier and a server identifier, from an application server that is hosting an account. Any one of the computing devices can access the intermediation infrastructure using the account identifier and thereby determine the server identifier and thereafter direct communications with the application server can be effected.09-08-2011
20100082825INTEGRATING ENTERPRISE IDENTITY AUTHORIZATION IN CONFERENCES - Disclosed herein are embodiments for validating a user joining a conferencing session. According to various embodiments, a first identifier is received. A user is identified from a plurality of users based at least in part on the first identifier. A second identifier is received that corresponds to the first identifier and the user and the user is validated based on both the first identifier and the second identifier. The user may then join the conferencing session, with the user's identity being revealed to others attending the conferencing session.04-01-2010
20090193131COMMUNICATION NETWORK SYSTEM AND METHOD FOR PROVIDING A SERVICE BROKER FUNCTION, AND SERVICE BROKER APPARATUS - The disclosure provides a system for providing service broker function including: a user subscription data server coupled to a service broker entity, configured to save user subscription data; a service control entity coupled to the service broker entity, configured to provide a service for the user; a session control entity coupled to the service broker entity, configured to provide a session control and registration service; and the service broker entity, having at least one of the following functions: controlling a current communication to be triggered to a specific service control entity, providing an interaction management capability for a plurality of services, providing a capability that combines a plurality of services into a new blended service, providing a dialogue management capability, providing a user management capability, providing an intercepting capability, providing a charging capability, and providing a uniform management capability for IMS application services and non-IMS application services.07-30-2009
20090222565Centralized Publishing of Network Resources - Techniques for centralized publishing of network resources within computer networks are described. Publication of and access to the network resources are controlled from a single, centralized location, advantageously improving the uniformity of network administration responsibilities, and overall robustness of the network.09-03-2009
20100115114User Authentication for Social Networks - Systems and methods are provided for social networks that can verify that enrolled users are not misrepresenting facts about themselves such as age and gender. Verification can be performed, for example, by reference to biometric templates stored during the user enrollment process. The biometric templates can also be used to authenticate users logging into the social network to prevent user impersonation. The ability of some users to communicate to other users of the social network can be limited to only certified users, and even to those certified users that match a criterion, such as gender or age.05-06-2010
20100169500SYSTEMS, METHODS, AND APPARATUS FOR MATCHING A CONNECTION REQUEST WITH A NETWORK INTERFACE ADAPTED FOR USE WITH A WITH A DISPERSED DATA STORAGE NETWORK - A gateway module translates access requests from client computers into commands for a plurality of slice servers storing data for a dispersed data storage network. The gateway program maintains a plurality of gateway modules, each providing a different access protocol to the dispersed data storage network, and each also maintaining one or more virtual storage vaults.07-01-2010
20090089444METHOD, DEVICE AND SYSTEM FOR CONNECTING TO URL RESOURCE - A method, device, and system for connecting to a URL resource is disclosed. The method includes: receiving a connection request carrying a URL number from a User Equipment; resolving the URL number to obtain a corresponding URL and returning the corresponding URL to the User Equipment; and connecting, by the User Equipment, to a corresponding URL resource, upon receiving the URL. The invention enables an existing User Equipment with a poor input capability to connect to a URL resource, and improves the efficiency of the User Equipment to access the URL resource.04-02-2009
20090150553METHOD AND SYSTEM FOR USE IN COORDINATING MULTIMEDIA DEVICES - Some embodiments of the present invention provide methods for use in playing back content. Some of these methods access a content package comprising media content to be locally played back; detect, as defined by the content package, whether a remote secondary device is available with which a connection can be established; determine whether an authorization to establish the connection has been confirmed; establish, when the authorization is confirmed, a communication connection; determine, as instructed by the content package and when the communication with the secondary device is established, whether one or more commands are received from the secondary device; and implement, as instructed by the content package and when it is determined that the one or more commands are received from the secondary device, the one or more commands in controlling playback experience of the media content.06-11-2009
20120110199Method of Using Tokens and Policy Descriptors for Dynamic on Demand Session Management - Tokens and policy descriptors are used for dynamic on demand session management in a distributed and scalable architecture for on demand sessions and resource management. The architecture includes an on demand client, a purchase server, and a session manager. A purchase token is generated at the purchase server and assigned to the on demand client. The purchase token represents at least one requested asset. In response to an on demand session set-up request corresponding to the purchase token from the on demand client to the session manager, the purchase token is expanded to generate at least one dynamic policy management descriptor for the on demand session. This provides token-based purchase authorization and policy management for on demand services.05-03-2012
20120110198LICENSE MANAGEMENT SYSTEM AND FUNCTION PROVIDING DEVICE - A function providing device provides a function to an information processing device. The function providing device is connected to a license management device that manages a connection license which allows the information processing device to use the function. The function providing device determines, when a connection request is received from the information processing device, whether the information processing device is assigned with a connection license; sends a connection license assignment determination request to the license management device when the information processing device making the connection request is determined as not being assigned with a connection license; and controls whether to authorize connection of the information processing device based on a determination result obtained at the determining or a determination result received from the license management device indicating whether a connection license is assigned to the information processing device making the connection request.05-03-2012
20080270621CONTENT REPRODUCING APPARATUS FOR REPRODUCING CONTENT USING NETWORK SERVICE - A content reproducing apparatus includes: a disc drive device that reproduces content recorded on a recording medium; a network controller that controls data transmission between an external server specified by the content reproduced by the disc drive device; a content protection encoder/decoder unit that: (1) encodes a request to be sent to the external server via a proxy server that decodes the request; and (2) decodes a response from the external server being transmitted in response to the request decoded by the proxy server, the response being encoded by the proxy server; and a controller that controls the network controller and the content protection decode/encoder unit.10-30-2008
20080270619Method and Apparatus for Use in Off-Line P2p Communication - A method for use in off-line P2P communication to be executed in a communication network system is proposed, comprising: receiving a request for registering off-line P2P communication service from a UE; judging whether the UE satisfies the predefined requirements for performing off-line P2P communication according to the request; generating an authentication information according to the judgment result, the authentication information indicating whether the UE can use off-line P2P communication service; sending the authentication information to the UE.10-30-2008
20100088422DYNAMIC ALLOCATION OF A QUOTA OF CONSUMER NODES CONNECTING TO A RESOURCE NODE OF A PEER-TO-PEER NETWORK - A method for determining a quota for connecting a plurality of consumer nodes to a resource node. The method comprises periodically determining the quota of consumer nodes acceptable for receiving connection requests by the resource node; receiving a connection request from a consumer node to connect to the resource node; and determining based on the quota whether to accept the connection request. In one embodiment the resource node and the consumer nodes are connected in a realtime peer-to-peer network, and the resource node is adapted to distribute multimedia content to the consumer nodes over the network.04-08-2010
20090094372SECRET USER SESSION MANAGING METHOD AND SYSTEM UNDER WEB ENVIRONMENT, RECORDING MEDIUM RECORDED PROGRAM EXECUTING IT - The present invention provides a secure user session managing method and system between a client and a server connected through network in web environment. The user session managing method includes: allowing the server to receive a first HTTP request including a cookie from the client, wherein the cookie includes a client authentication value and the client authentication value is calculated by using a shared key stored in the client and session information included in a HTTP response transmitted right before to the client; comparing a server authentication value with the client authentication value included in the cookie, wherein the server authentication value is calculated by employing the session information and the shared key stored in the server; and determining a transmitter's authentication failure or success of the client according to the result of the comparison. User session can be secured by applying the challenge-response authentication algorithm to the HTTP protocol.04-09-2009
20100121965Protocol for Program during Startup Sequence - A system and a method are disclosed to determine if a client (e.g., an accessory (or peripheral)) is appropriately licensed for interoperation with a host (e.g., host computer). The client communicatively couples the host and receives a contract from the host. The client computes a checksum of the contract and compares the checksum of the contract with a previously stored version of the contract or a checksum of the contract to determine a match. If there is no match, the host communicatively decouples the client in response to the determination being a no match. If there is a match, the client transmits a contract response to the host and awaits host authorization. Once authorized the client transmits enumeration data to the host.05-13-2010
20090300196Web-based security and filtering system for inbound/outbound communications with proxy chaining - A customizable system for filtering web-based HTTP requests for outbound and inbound access to web sites. An administrative module in a user computer configures a range of access levels for inbound and outbound communications and has list maintenance functions. Users attempting to access an unfriendly site are anonymously forwarded to a friendly site or the request is terminated. A first proxy server in each user computer of a LAN has access to the WWW, has a customizable friendly and unfriendly outbound list, one of which is active and a customizable friendly and unfriendly inbound list, one of which is active. A second HTTP proxy server without an administrative module or friendly or unfriendly lists is between the first proxy server and the Internet as a LAN gateway or at an ISP domain, the second proxy being capable of communicating to a proxy of a destination or directly to a destination.12-03-2009
20100082826NETWORK AUTHORIZATION METHOD AND APPLICATION THEREOF - A network authorization method is disclosed. The network authorization method includes the following steps. After a third server receives a client account from a client, the third server generates and replies a client session ID to the client. Transmit the client session ID to the client. After the client transmits a log-in session ID to a service server, receive the log-in session ID from the service server. Compare the client session ID with the log-in session ID. When the client session ID is the same with the log-in session ID, transmit an authorized signal to the service server to make the service server allow the client to log in.04-01-2010
20100082828NODE REPUTATION BASED ON KNOWLEDGE OF PSTN CALLS - A system may provide trust relationship information for a telephone number, where the trust relationship information may indicate whether one or more nodes consider a target node as including or as being associated with a VoIP call agent for the telephone number based on demonstrated knowledge of a PSTN call. The system may determine a target trust relationship to the target node based on the trust relationship information, where the target trust relationship indicates a level of trust a validating node has in the target node being associated with or including the VoIP call agent for the telephone number, and where validating node and the one or more nodes may be in different respective administrative domains of a network.04-01-2010
20100082827Method and apparatus for access to a computer unit - A computer unit (04-01-2010
20100100633Method, Apparatus And System For Obtaining Logon Information - A method and system for obtaining logon information are provided, and the method includes: receiving a request for logon information from a value-added service client; sending the request for the logon information to an Instant Messaging (IM) client corresponding to the value-added service client; receiving the logon information from the IM client; and sending the logon information to the value-added service client.04-22-2010
20090254669TERMINAL AND METHOD FOR SELECTING SECURE DEVICE - A mobile terminal and method for selecting a secure device, are discussed. According to an embodiment, the method includes acquiring secure device selection information for each of at least one secure device associated with the mobile terminal; receiving a request for establishing a communication connection with a secure device from a server, the request including at least one of first information and second information, the first information associated with the server, the second information associated with the request or with a content included in the request; comparing the secure device selection information with at least one of the first and second information; and establishing a communication connection between the server and one of the at least one secure device based on the comparison result.10-08-2009
20100100631Mobility Protocol Selection in a Multi-Internet Protocol Mobility Environment - Aspects describe selection of a mobility protocol after a mobile device has been authenticated with a network. Selection of mobility protocol after authentication can mitigate the amount of time needed to implement the mobility protocol. The mobility protocols include a simple IP protocol, a proxy mobile IP protocol, and a client mobile IP protocol. Implementation of simple IP protocol and proxy mobile IP protocol are performed in a similar manner from the perspective of a mobile device. If IPCP negotiation is successful, proxy mobile IP protocol or simple IP protocol can be selected. If IPCP negotiation is not successful, client mobile IP protocol can be selected.04-22-2010
20090287835METHOD AND APPARATUS FOR FACILITATING COMMUNICATION IN A CONTENT CENTRIC NETWORK - One embodiment of the present invention provides a system for facilitating communication in a content centric network (CCN). During operation, the system receives at a first node from an interest owner an interest in a piece of content. The interest indicates a structured name for the content. Furthermore, the name is unique and persistent with respect to the content, and where the name includes authentication information for the content. Next, the system determines whether content available at the first node satisfies the interest. If so, the system sends the content to the interest owner. Otherwise, the system marks the interest as pending, and forwards the interest to a second node in the network based on the interest. After receiving content from the second node in response to the forwarded interest, the system un-marks the interest as pending and sends the content to the interest owner.11-19-2009
20110196978SERVICE PROVIDING SYSTEM AND SERVICE PROVIDING METHOD - A service providing server collects call session information that identifies communication established between terminals and service usage IDs that identify the terminals for each terminal. Then, the service providing server identifies call session information pieces indicating the same communication and associates Web services with each other. When the service providing server provides the associated Web services to the terminals, the service providing server identifies service usage IDs that identify the terminals and control provision of the Web services so that each Web service is provided according to history information stored in a history information database in association with service usage IDs.08-11-2011
20090292815METHOD, DEVICE AND SYSTEM OF OBTAINING NETWORK INFORMATION USING DEVICE AS SERVICE CREDENTIAL - Method, device and system of obtaining the network information using the device as the service credential, which use the device without power supply and display, in which presetting the configuration files containing the information connected to the network, after connecting the device with the online data process device, establishing the information interacting channel between the data process device and the information server to obtain, download the related information. The device as the service credential can be used to store the information, or display, print and output the special network service information by the data process device, and the device can be used as the service object of the special information network and take the voucher function of service.11-26-2009
20080209057System and Method for Improved Internet Content Filtering - Briefly, the present invention provides a system and methods for filtering internet content. The system has an internet connection filter device that filters information being transmitted on the connection between one or more computers and the internet. The device stores rules on permissible and impermissible categories of content in local memory. The device detects and holds back DNS and ‘get’ requests from the one or more computers to the internet. The device requests the categories of content associated with the URL's in the DNS and ‘get’ requests from and internet server. The device applies the locally stored rules to the DNS and ‘get’ requests based on the categories of content received from the internet server.08-28-2008
20090276535MEDIA STREAMING OF WEB CONTENT DATA - Methods for streaming web content data via a computer-readable medium. The web content data comprises one or more media samples. The media samples are encoded in a streaming media format as a web component stream. The web component stream is combined with other component streams comprising additional data other than web content data into a presentation stream. The presentation stream is transmitted via a media server to a client. Rendering commands, which are included in one or more rendering samples encoded in the web component stream along with the media samples, coordinate synchronization between the media samples and the additional data when the client renders the presentation stream.11-05-2009
20090287837INFORMATION RECORD INFRASTRUCTURE, SYSTEM AND METHOD - A data security apparatus and method for controlling access to records provided within automated electronic databases, each record having an associated set of access rules, comprising: receiving, by a security processor, a request for access to records associated with at least one of an entity, attribute, and datum from a requestor; determining a set of records associated with the requested entity, attribute, or datum, contained in the automated electronic databases; authorizing access to the records within the determined set of records based on compliance with the associated set of access rules; defining an economic compensation rule, satisfaction of which is required for qualification for access to the set of records; selectively permitting access to records in dependence on satisfaction of the compensation rule; communicating the access permissions to the host automated electronic databases; and logging the request for retrieval and a respective access of each record.11-19-2009
20090287836AJAX PROXY INDIRECTION FOR EXTERNAL DOMAIN REQUESTS - An Ajax proxy indirection technique enables a local, front-end proxy server to handle Ajax requests from an Ajax client that must be serviced by an external Ajax server in an external domain, instead of a local Ajax back-end server exposing itself to the external domain. The front-end proxy server accepts the Ajax client's request and forwards it to the local Ajax back-end server. The proxy server asks the local AJAX server for the credentials to be used in the “external” AJAX request. The local Ajax back-end server then responds to the proxy server with meta-data for the external domain request that the proxy will make to the external domain. The proxy server uses the credentials of the “external” AJAX request to make the external request to the external Ajax server in the external domain. The proxy server performs any authentication and necessary domain mapping with the external Ajax server before sending a response from the external Ajax server back to the client.11-19-2009
20100146133Apparatus, System, and Method for Data Synchronization in a Multi-Path Environment - An apparatus, system, and method are disclosed for synchronizing inbound and outbound data in an environment that offers multiple data pathways. When an attempt to send data by a host computer fails, the host computer notifies a secondary device with a separate network connection of the failure. The secondary device attempts to send the data over its separate network connection. If the secondary device fails to send the data, the host computer generates new attempts to send the data over its network connection. The secondary device does the same if the host computer continues to fail in its attempts to send the data. When either the host computer or the secondary device sends the outbound data, it notifies the other of the successful send. The devices then stop further attempts to transmit the data. For inbound data, the host computer and secondary device obtain unique identifiers for inbound data items, compare them, and request from the other those inbound data items that it has not received.06-10-2010
20100138552EDGE PEER DEVICE, PAN GATEWAY DEVICE, SUPER PEER DEVICE, AND P2P NETWORK-BASED INTERCONNECTION METHOD - An edge peer device, includes a first peer device connection management unit for allowing the edge peer device to participate in a peer-to-peer (P2P) network, and establishing a pipe connection to other edge peer device or the PAN gateway device to transmit or receive contents; a first peer device authentication unit for performing authentication of the edge peer device and PAN gateway device; and a first advertisement management unit for generating and storing advertisements and indexing the generated advertisements to transmit the indexed advertisements to the super peer device. Further, the edge peer device includes a first PAN device management unit for requesting and receiving a list of PAN devices from the PAN gateway device to manage the PAN device list; a first PAN service management unit for managing and providing services included in the PAN device list; and a first P2P communication unit for performing P2P communication with the super peer device and other peer devices.06-03-2010
20100299442Message Handling in an IP Multimedia Subsystem - A method and apparatus for handling a Session Initiation Protocol communication in an IP Multimedia Subsystem (IMS) network. A Proxy Call Session Control Function (11-25-2010
20080250149Methods And System For Providing Concurrent Access To A Resource In A Communication Session - Methods and a system are described for providing concurrent access to a resource in a communication session. For example, a method includes receiving a message including a request for a communication session between first and second participants represented in a presence service by first and second participant tuples. The request includes first and second participant ids representing the first and second participants and a resource id representing a resource to be concurrently accessed by the participants during the communication session. The method includes monitoring a status of the participants using the presence service. The method includes determining whether the participants are available for a communication session according to their status. The method includes determining whether the resource is available for concurrent access by the participants. The method includes establishing a communication session according to the determination and providing concurrent access to the resource to the participants during the communication session.10-09-2008
20090100184PROTECTING CONTEXT SENSITIVE INFORMATION FROM BEING TRANSMITTED FROM AN INSTANT MESSAGE CLIENT - In a method and system for protecting context sensitive information from being transmitted from an instant message client, at least one policy is received that includes an entry of one or more disallowed terms and is associated with at least one action. Words typed into an IM message of the IM client by a user are then monitored in real-time. In response to any of the words typed into the IM message matching any of one or more disallowed terms, the action associated with the policy is automatically performed. According to one embodiment, an example action that may be associated with the policy and that is automatically performed may include temporarily halting transmission of the IM message, and displaying a warning message to the user, for example.04-16-2009
20080281974PROVIDING PERSONALIZED RESOURCES ON-DEMAND OVER A BROADBAND NETWORK TO CONSUMER DEVICE APPLICATIONS - A method and system for providing personalized information to applications executing on consumer devices by: building a consumer preferences profile on a consumer device using predefined associations between consumer preference attributes and application events (including user input); summarizing the consumer preferences profile into a profile summary when applications require a new personalized data resource; requesting a personalized data resource from a centralized database of data resources over the broadband network by including application context information along with the profile summary in the request; analyzing data resource groups in the centralized database to find a candidate set of data resources according to resource rules in the resource groups; selecting a personalized data resource from the candidate set of data resources that matches the profile summary and context information; and delivering the selected personalized data resource to the requesting application over the broadband network. Personalized data resources may include resource selection information, graphic images, text content, formatting information, video clip data, click-to-call data, and scripts and procedures.11-13-2008
20100005181METHOD AND SYSTEM FOR CONTROLLING A TERMINAL ACCESS AND TERMINAL FOR CONTROLLING AN ACCESS - A method and a system for controlling terminal access, and a terminal for controlling access are provided. The method includes: receiving a policy configuration sent by a server on a network side; modifying local setting according to the policy configuration; and controlling an access authority of the terminal according to the modified local setting. Thus, when terminal access control is needed for a terminal connected to the network, the policy configuration can be delivered to the agent of the terminal, so that the agent controls an access authority of the terminal according to the policy configuration. Thereby, the convenient and flexible separation of the pre-authentication domain and the post-authentication domain is realized for different terminals, so as to meet the requirements for access control of multiple terminals.01-07-2010
20080250150NETWORKED DISPLAY DEVICE - A networked display device includes a memory, a network transmission module, a processing unit, an operational interface and a screen. The memory is to store a plurality of websites. The processing unit is to connect with one of the websites through the network transmission module to download at least a brief content and at least a URL from the website. The operational interface is to generate a command to have the processing unit to access data in the respective URL. The screen is to display the data.10-09-2008
20080250147Proximity Check Server - This invention provides a method, proximity check server (10-09-2008
20080235385Selective use of anonymous proxies - A method and apparatus for selectively using an anonymous proxy. A user request for content is received. A determination is made as to whether the user request satisfies context criteria. When the user request satisfies the context criteria, the user request is forwarded to an anonymous proxy. When the user request does not satisfy the context criteria, the request is sent directly to a content provider.09-25-2008
20080235384Web service for coordinating actions of clients - Architecture for providing communications resources of a network for client intercommunications. A client that desires to communicate makes a request to an arbitrary communications server node by the announcing of identifying information. The web service “parks” the request until the identifying information is ready. A second client can ultimately interact with the first client by sending identifying information and following the same lookup path to find the location at which the first client request is “parked”. A continuous hash is employed that enables a client to negotiate services of a resource and via which resource multiple clients can rendezvous for communications. The continuous hash minimizes the disruption to clients already accessing network resources. A resource is brought online or taken offline without dramatically impacting ongoing use of currently operational resources. In the event a hosting resource fails, the clients repeat the lookup process and re-converge on a new server.09-25-2008
20080235383Methods, Systems, Products, And Devices For Generating And Processing DNS Friendly Identifiers - When a request having a keyword is received, a domain name having the keyword can be generated and a network resource corresponding to the domain name can be requested wherein the network resource is adapted to extract the keyword from the domain name. In turn, when a request having a first domain name is received, a second domain name having the first domain name can be generated and a network resource corresponding to the second domain name can be requested wherein the network resource is adapted to extract the first domain name from the second domain name.09-25-2008
20080209055DATA COMMUNICATION SYSTEM - A data communication system includes an address book provided with an address table having registered therein transmitter information of information via a facsimile and a mail and a user ID correlated with the transmitter information, and an ID information read unit configured to authenticate the user ID, and it conducts a search as to whether a registration has been made in the address book according to the authentication processing of the user ID and the transmitter information of the receipt information, and notifies the reception and permits an output the image data by a registrant having the user ID to whom confidentiality is specified when there is the transmitter information corresponding to the registration with confidentiality.08-28-2008
20080250148Member Activation - A method and system are herein disclosed for registering a member at a targeted web-based information management system using a reduced amount of member and system interaction to confirm and establish the member's contact information. Generally, the method may communicate permission to solicit a potential member to the information management system. In one embodiment, the member previously communicated permission to receive solicitations from other systems to another web-based information management system. The method may communicate the permission from another web-based system to the present system. The permission may include member identification and/or demographic data. The method may communicate a solicitation message from the system to the member, the solicitation message comprising at least a portion of the member identification data. The member may then communicate a confirmation message to the targeted web-based information management system, wherein the confirmation message is in reply to the solicitation message and includes the portion of the member identification data. Using the confirmation, the system may then match the portion of the member identification data from the confirmation message to the portion of the member identification data from the confirmation message.10-09-2008
20100146134Communication device, communication method and program - There is provided a communication device, comprising, a communication unit which mediates a communication connection with another communication device, a memory unit which stores connection history information which indicates history of a connection party connected via the communication unit and connection restriction information to limit the number of connection party changes, and a determination unit which determines connection acceptability with a new connection party based on the connection history information and the connection restriction information stored in the memory unit.06-10-2010
20080270620Reporting influence on a person by network-available content - Embodiments include a system, a device, an apparatus, a method, and a computer program product. A method includes assessing a behavioral influence with respect to possible matters of interest to other parties including a third-party by network-available content on a person accessing the network-available content. The method also includes generating a user influence report responsive to the assessed behavioral influence. At least one characteristic of the user influence report includes differentiating between (i) a behavioral influence on the person resulting from the person activating a link included in the network-available content to another network-available content owned by the third-party, and (ii) another behavioral influence on the person. The method further includes transmitting information derived from the user influence report.10-30-2008
20100005183Method, System and Apparatus for Converting Media Contents - A method, system and apparatus for converting media contents are disclosed. The method includes these steps: a media conversion apparatus receives a media conversion service request from a media application terminal, where the media conversion service request carries a media content ID and playing capability information of the media application terminal; the media conversion apparatus sends a media content transmission request carrying the media content ID to the content source device; and the media conversion apparatus receives a media content identified by the media content ID from the content source device, converts the received media content according to the playing capability information of the media application terminal, and sends the converted media content to the media application terminal.01-07-2010
20100005182Distributed Selection of a Content Server - A method for directing a client to a content server containing desired content by providing the client with an address shared by a plurality of content servers, each of which has a copy of the desired content. The client is then served from an optimal, or closest available content server selected from the plurality of content servers. This optimal content server is selected on the basis of an optimal path from the client to the shared address.01-07-2010
20090063691Access rights used for resource discovery in peer-to-peer networks - Secure resource discover in peer-to-peer networks involves creating a resource discovery record associated with a computing resource of a user device that is made available via the user device to peers of a peer-to-peer network. The resource discovery record describes the computing resource and may be independent of native service discovery mechanisms of the peer-to-peer network. An access right record is created that controls the ability of one or more contacts to gain access to the resource discovery record. The resource discovery record is sent to the one or more contacts via the peer-to-peer network. The one or more contacts can use the resource discovery record to access the computing resource via the peer-to-peer network in accordance with the access right record.03-05-2009
20120072606CONTROLLABLE INTERFACE FOR PROVIDING SECURE ACCESS TO EXTERNAL COMPUTING RESOURCES - A system is provided for controlling data communication between a computing device and a network access device over a physical medium. The network access device may be configured for providing access of the computing device to a remote computing resource over a network link. The system involves a Media Access Control (MAC) device for performing a MAC protocol to support data communication between the computing device and the network access device and a physical layer (PHY) device that connects the MAC device to the physical medium. Data path circuitry is provided between the PHY device and the MAC device for transferring signals from the computing device to the network access device, and from the network access device to the computing device. The data path circuitry is controlled to establish a unidirectional signal transfer mode between the computing device and the network access device by preventing the signals from being transferred to the network access device.03-22-2012
20090125633SERVER INITIATED SECURE NETWORK CONNECTION - In general, the invention is directed to techniques for establishing secure connections with devices residing behind a security device. In accordance with the techniques, a managed device initiates a transmission control protocol (TCP) session to establish a TCP session with a management device such that the management device acts as the TCP server and the managed device acts as a TCP client. Once established, the managed device sends a role reversal message specifying an identity of the managed device via the TCP session. Upon receiving the role reversal message, the management device initiates a secure connection over the TCP session in accordance with a secure protocol such that the management device acts as the secure protocol client and the managed device acts as the secure protocol server. By properly establishing the secure session, each of the devices assumes the proper roles and administrators may more easily configure the devices.05-14-2009
20090164649ACCESS CONTROL UNIT - [Means for Solution] Access-control-rule application means (06-25-2009
20090177789SYSTEM AND METHOD FOR COMMUNICATING WITH TOOLS IN A CLOSED, SECURE PRODUCTION NETWORK - A system and method for providing connectivity to a closed, secure production network, and computer program products for executing the same and, more particularly, to a system and method for securely communicating with remote tools. The system comprises a self-configuring server configured to create separate, isolated networks for a vendor specific toolset and query a client for connection information such that the self-configuring server can engage an identified vendor specific toolset on one of the separate isolated networks by mimicking the connection information of the client.07-09-2009
20090287834METHOD AND SYSTEM FOR ALLOCATING ON-DEMAND RESOURCES USING A CONNECTION MANAGER - A method and system provide a user-friendly mechanism that allows the user to access remote on-demand resources through a network only when the resources are required. These on-demand resources are accessed using a connection manager that is enabled on a client when, for example, the user moves a mouse cursor to an active edge of the client computer screen. Once enabled, the connection manager allows the user access to any on-demand resources to which the user has authorization. These on-demand resources can be freed from the user when they are no longer needed, so that these resources can be used by other users.11-19-2009
20090287833Security-Based Presentation in Client Application Software - Methods and apparatus, including computer program products, for security-based presentation in client application software. A network includes one or more client systems coupled to one or more servers, a server including an application adapted to compare a request received from a client application for particular data, metadata and descriptors, together with authorization information, against the access control codes, keys or lists stored in a server-based set of tables or lists and use the results of the comparison to reply to the request affirmatively with the data, metadata and descriptors or negatively with either an error code, error message or null result.11-19-2009
20090177791REMOTE DEVICE COMMUNICATION PLATFORM USER INTERFACE - Enabling a user interface (UI) for management of a host device from a client device. A connection is established between the host device and the client device via a web portal. The host device and the client device are without a host management software installed thereon. A content window is displayed on the client device in response to the established connection with the host device. A client status display area is displayed on the client device indicating at least a connection status with the host device. A corresponding host status display area is displayed on the host device indicating a connection status with the client device. The displayed client status display area specifically identifies the client device and defines client parameters for receiving messages during management of the host device. The displayed host status display area specifically identifies the host device and defines host parameters for receiving messages during interaction with the client device.07-09-2009
20090327504WIRELESS DEVICE, AND CONTROL METHOD FOR WIRELESS DEVICE - According to one embodiment, a wireless device includes a communication circuit configured to perform communication with a hosts, an acquisition module configured to perform mutually authentication with the hosts by performing communication therewith to acquire each item of host information which being unique to each of the mutually authenticated hosts, storage device configured to stored host information corresponding to each of the mutually authenticated hosts and connection priority information associate with the corresponding-each item of the host information, a control module configured to determine whether or not connection requests to hosts corresponding to received beacons from the communication circuit in response to connection priority information stored in the storage device when the communication circuit has received the beacon from the hosts.12-31-2009
20090327503Connection Management System For Multiple Connections - In one embodiment a computing system comprises one or more processors, a display device coupled to the computing system, a connection client module, at least one remote access client module, a memory module communicatively connected to the one or more processors and comprising logic to; receive a service request from a user via a remote connection client coupled to the connection server, wherein the service request comprises at least one user credential, authenticate the at least one user credential, retrieve at least one user profile associated with the user, connection data for at least one remote system and at least one policy associated with the at least one user profile, transmit the at least one user profile, at least one remote system and the connection data for at least one remote system and at least one policy associated with the at least one user profile from the connection server to the remote connection client.12-31-2009
20090187667Transmitting Information Across Firewalls - A mechanism provides a layered communication stack. A connection manager manages the actual transfer of data through a single point-to-point connection crossing a respective firewall. A sessions manager multiplexes multiple sessions over the connection. A routing manager exploits the sessions manager for building a routing table dynamically. A routed sessions manager implements routed sessions between two applications at opposite ends of the system; the routed sessions manager exploits the sessions manager to let the data navigate through the firewalls, and it exploits the routing manager to address the data correctly from source to destination.07-23-2009
20090187666METHOD AND SYSTEM FOR CONTROLLING A COMPUTER APPLICATION PROGRAM - Aspects of the invention relate to a computer-implemented method of controlling a computer application program in a computer system configured for electronically communication with a client. The computer system is configured to have access to a first request set of one or more allowable requests corresponding to a first application state of the computer application program. The computer application program may run on the computer system or on one or more other computer systems. A client request is received at the computer system for the computer application program. The computer application program is in the first application state in relation to said client (using e.g. the client connection). The client request is analysed to determine if the client request matches one of the allowable requests corresponding to the first application state of the computer application program. The computer application program is controlled by instructing this program to execute the client request only if the client request matches an allowable request of the first request set.07-23-2009
20090144436REVERSE NETWORK AUTHENTICATION FOR NONSTANDARD THREAT PROFILES - A client-server communication protocol permits the server to authenticate the client without requiring the client to authenticate the server. After establishing the half-authenticated connection, the client transmits a request and the server performs or responds accordingly. A network management system and environment where this protocol can be used is also described and claimed.06-04-2009
20090024750MANAGING REMOTE HOST VISIBILITY IN A PROXY SERVER ENVIRONMENT - Embodiments of the present invention address deficiencies of the art in respect to the visibility of an IP address for a remote resource behind a proxy server and provide a novel and non-obvious method, system and computer program product for managing remote host visibility in a proxy server environment. In one embodiment of the invention, a method for managing remote resource visibility in a proxy server environment can be provided. The method can include establishing a secure connection between a proxy server and a destination server, proxying different connections between different remote hosts and the destination server through the proxy server, providing remote host information for each of the different remote hosts, including IP address, port and protocol, for example, to the destination server over the secure connection, and mapping each provided IP address to an IP address for a corresponding one of the proxied different connections.01-22-2009
20090024751INTERMEDIARY SERVER, METHOD FOR CONTROLLING INTERMEDIARY SERVER, AND PROGRAM FOR CONTROLLING INTERMEDIARY SERVER - The invention relates to an intermediary server that intermediates between at least one authentication server that performs authentication and a plurality of devices that performs various kinds of processing in accordance with the result of the authentication performed by the authentication server. The invention provides, as an aspect thereof, the intermediary server that includes: a request reception unit that receives authentication request data from any of the plurality of devices, the authentication request data being created in a predetermined common data format in such a manner that the authentication request data contains, without any limitation thereto, identification information that was inputted into the above-mentioned one of the plurality of devices; an authentication server communication unit that transmits the received identification information to the authentication server in a data format that can be processed by the authentication server and then receives, from the authentication server, the result of authentication performed by the authentication server on the basis of the transmitted identification information; and a result transmission unit that transmits the received result of the authentication to the above-mentioned one of the plurality of devices that is the original sender of the authentication request data.01-22-2009
20090210544APPARATUS AND METHOD FOR CONTROLLING ACCESS IN p2p NETWORK - An apparatus and method to control access in a P2P (peer-to-peer) network. The apparatus for controlling access in a P2P network includes an attribute processing module to obtain an attribute of a service requestor and to determine an access control policy for the service requestor based on the obtained attribute; and an access control module to control the provision of a service to the service requester according to the access control policy. If a service provider is unable to obtain the attribute of the service requester, the service provider obtains the attribute of the service requester from at least one peer in the network.08-20-2009
20090210543System and Method for Subscription Resource Discovery - A system and method for providing an end-user network with information regarding access network resources allocated to specific services. The access network includes a Resource Management System (RMS) for managing service bindings in the access network. A Resource Discovery Client (RDC) associated with the end-user network sends a resource discovery request to a Resource Discovery Server (RDS) associated with the access network. The RDS receives the resource discovery request and obtains service binding information from the RMS. The service binding information indicates access network resources that are allocated to specific services. The RDS then sends a response to the RDC, and includes the information regarding access network resources allocated to specific services. The RDC may send the information to user devices in the end-user network.08-20-2009
20090198822Partially replicated, locally searched peer to peer file sharing system - Controlling access to a file includes selecting, by a first network node in a peer to peer file sharing system, a file to make available for sharing with a second network node in the peer to peer file sharing system, the file being stored on the first network node. The first network node sends index information associated with the selected file to the second network node. The second network node subsequently performs a local search of a set of index information associated with a set of files stored in the peer to peer file sharing system to locate the index information for the selected file; and requests a copy of the selected file from the first network node using the index information.08-06-2009
20090049183Method of Client-Side Form Authentication - A method of form authentication enables a user to be automatically authenticated to a web application without being prompted for login credentials. Particularly, by use of “client-side” processing, the number and variety of web applications that can be successfully authenticated against may be increased. Client-side processing allows the login page scripting to execute prior to the form authentication process. The ability to execute client-side logic prior to authentication may significantly increase the number of web applications that can be successfully background authenticated against.02-19-2009
20090055545Roles and relationship based security in a group-centric network - Exemplary systems and methods for providing security in a group-centric network are provided. In exemplary embodiments, a request to access a webpage associated with a group or individual is received. The user security level for a user requesting access to the webpage is then determined. One or more security settings associated with data on the webpage is also determined. Based on the user security level and the one or more security settings, an appropriate level of access and functionality for data on the webpage is provided to the user.02-26-2009
20120079124Access Control in Client-Server Systems - A telecommunications network and a method of operating the same. The network is shared by two or more organizations, the network including at least a server and a client. The server is adapted to transmit to the client a proxy communications object comprising a definition of the rights and privileges of an organization to use the network. When the organization initiates a request to the server it does so via the proxy object on the client. The proxy object enables a comparison of the contents of request and the definition of the rights and privileges and enables forwarding of the request to the server only when the request and the rights and privileges granted to the requesting organization are consistent with each other. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource.03-29-2012
20080263217CONNECTION CONTROL IN THIN CLIENT SYSTEM - In a first exemplary aspect of the present invention, a thin client server system includes thin client servers, which comprises clients which are grouped into client groups based on client data; thin client terminals which are allocated with terminal data and are grouped into terminal groups based on the terminal data, wherein users are allocated with user identifiers and are grouped into user groups based on the user identifiers, and each of the client groups is predetermined for at least one of one of the terminal groups and one of the user groups, and a connection control server interposed between the thin client servers and the thin client terminals. The connection control server determines connectable client groups based on a specific user identifier of a specific user, and a specific terminal data of a specific one of the thin client terminals used by the specific user, determines a desired client of at least a desired one of the connectable client groups based on a status of each of the clients. The specific thin client terminal connects with the desired client based on the client data of the desired client.10-23-2008
20080263216REMOTE PORTLET CONSUMER WITH ENHANCED RESOURCE URL PROCESSING - The present invention is directed to a method and system to be performed by a WSRP consumer portal server for accessing a remote network resource addressed by a respective resource URL in a web portal infrastructure comprising at least a WSRP Consumer Portal connectable to a client Browser requesting the remote network resource, and a remote communication partner. A method for accessing remote network resources, a WSRP consumer portal includes: in response to an incoming client request for a web page, determining if remote portlets are comprised of said requested web page; for remote portlets sending a request for a respective portlet markup to a producer of said remote portlets; receiving a response to said request comprising a markup document including encoded representations of network URLs of a respective remote network resource; searching said response for producer encoded resource URLs of remote network resources, resulting in a set of found URLs; generating for each producer encoded resource URL a set of rewritten URLs, wherein each rewritten URL provides an access performable by said client to said remote resource; generating from said received markup document a new markup document comprising an executable code fragment, having the function to be executed by the client to select a specific rewritten URL out of said set of rewritten URLs; and sending a newly assembled web page comprising said new markup document for remote portlets and an unchanged markup document for non-remote portlets.10-23-2008
20080263215TRANSPARENT SECURE SOCKET LAYER - Various systems, apparatus, and methods include an apparatus comprising a transparent proxy coupled to a plurality of non-configured clients and coupled to one or more servers, the transparent proxy operable to intercept a request for a secured connection to a first server of the one or more servers, the request from a first non-configured client of the plurality of non-configured clients and including a server name indication extension, and to supply a proper certificate to the first non-configured client including the server name indication extension as a common name in the proper certificate.10-23-2008
20080263214Systems and Methods for Rapid Integration of Data Storage Subsystems - A computer system includes a computer processor and logic instructions for rapid integration of data storage subsystems. An adapter factory is instantiated in response to a request from a client computer. The adapter factory is configured to provide a generic persistent data storage (Pds) adapter interface to the client computer. The Pds adapter interface interfaces to a specific adapter. The Pds adapter interface is configured to invoke corresponding data source operations in the specific adapter. A generic Pds data source interface is configured between the specific adapter and a specific data source.10-23-2008
20090100183Detection of Missing Recipients in Electronic Messages - A computer-implemented method of identifying a missing recipient of an electronic message can include identifying at least one user specified as a recipient of an electronic message and accessing a data store comprising measures of correlation between a plurality of users, wherein the plurality of users comprises the recipient of the electronic message. One or more users not designated as a recipient of the electronic message and having a measure of correlation, with at least one recipient of the electronic message, that exceeds a predetermined threshold can be identified as a potential missing recipient of the electronic message. An indication that a recipient may have been excluded from the electronic message can be output.04-16-2009
20090100185Position Identification Method and System - The present invention is directed to a system and method for collecting and maintaining an up-to-date database of points of interests, whereby agents of the points of interests, such as owners or operators of hotels or restaurants, can register their point of interest onto the database by uploading their contact information and physical address. Subsequently, on a periodic basis, the agents of the points of interests may log into the system and update their information, such as operating hours. The collected data is then made accessible to the general public and can be searched through using a variety of search criteria.04-16-2009
20090100181APPARATUS, METHOD AND COMPUTER PROGRAM FOR ESTABLISHING A SERVICE SESSION - A method of establishing a service session via a server with a secondary entity of a first user having a primary entity associated with a subscription is disclosed. The method comprises sending a unique identifier of the first user's subscription from the secondary entity to the server; receiving from the server a symbol sequence to the secondary entity; enabling sending of the symbol sequence from the primary entity to the server such that the server is able to match that the received symbol sequence and the sent symbol sequence are identical, wherein a match confirms that the secondary entity is authenticated if the primary entity is authenticated; and setting up the service session on the secondary entity. An entity, server, and corresponding method for the server, as well as computer programs for the entities and the server are also disclosed.04-16-2009
20100121964METHODS FOR IDENTIFYING AN APPLICATION AND CONTROLLING ITS NETWORK UTILIZATION - In embodiments of the present invention improved capabilities are described for improving network quality of service, such as through controlling the bandwidth consumed by a client computing facility. To affect this, the software applications operating through the client computing facility may be identified to determine which applications are requesting network access, and confirming which are permitted only restricted bandwidth when making network communications. The requesting software application that is permitted only restricted bandwidth may then be allowed to make the network communications through a bandwidth restricted network connection.05-13-2010
20090013084METHOD AND APPARATUS FOR CONTROLLING MULTIPLE SYSTEMS IN A LOW BANDWIDTH ENVIRONMENT - A method of controlling one or more client systems by means of one or more server systems, comprising the steps of identifying a set of system control actions that occur as a result of carrying out a particular function on the server system, which function is required to be replicated on the one or more client systems; and sending the set of system control actions to any client system which is connected to the server system to configure the client system to carry out the system control actions and thereby causing the client system to carry out the particular function on the client system.01-08-2009
20090106434COMMUNITY NETWORK - The community network may be configured to deliver relevant, informative, and useful content regarding the client to individual users of the community. Further, individual users may be provided an opportunity to communicate with one another and to invite new users into their community. Additionally, users may collaborate with one another and with the sponsoring client. The community network system includes a set of software applications designed to support multiple clients through domains set up by a system administrator. The domains are secure partitions within the system which are accessible to unique communities of users and configured with specific tools and user roles for each client's purposes. Further, each user is assigned a role in the system based on the features and privileges that the client wishes to make available to that user in the system.04-23-2009
20090106435DATA TRANSMISSION AND RECEPTION SYSTEM WITH ACCURATE TIME INFORMATION - A data transmission and reception system for sending and receiving data between a sender and a receiver via a network. The system includes an authorizing server maintaining time information and authorizing a sender server after subjecting the sender server to examination and after the sender server is licensed by the authorizing server to issue electronic postmarks. The sender server is connected to a network to send data via the network, wherein the sender server is authorized by the authorizing server to issue the electronic postmarks. A receiver server is connected to the network to receive the data from the sender server via the network. The sender server issues the time information and attaches the time information to the data to be sent from the sender server.04-23-2009
20090240823System and Method for Controlling Access Rights to Network Resources - A system and method for securing access to network resources are described. One embodiment includes an exemplary method for securing access to a network element and can include associating a network element with a set of data, and configuring a portion of the data to be responsive to a first subset of access rights. In accordance with other embodiments, an exemplary method and system provide for selection of an appropriate security to govern access by a user to network resources.09-24-2009
20090222566Name System in Communication Network, and Naming Method - A name system and method in a communication network, includes a technique for implementing naming in which security is ensured in an Internet environment and a personal network in which a user can access his own device or data.09-03-2009
20090259759TERMINAL DEVICE, NETWORK CONNECTION METHOD, AND COMPUTER READABLE MEDIUM HAVING PROGRAM STORED THEREIN - A virtual machine system including a user virtual machine for operating a user environment, and a service virtual machine for controlling the user virtual machine, and performing network connection is constructed on a terminal device capable of being connected to a network, and the service virtual machine controls the network use by the user virtual machine depending on the security of the network to which the terminal device is directly connected.10-15-2009
20100274913WIRELESS ACCESS SYSTEM, WIRELESS ACCESS METHOD AND ACCESS POINT APPARATUS - A wireless access system having the first access point apparatus storing authentication information, the second access point apparatus which accesses the first access point apparatus based on an address stored in advance, acquires authentication information from the first access point apparatus, stores and transmits this acquired authentication information to a network at the time of an authentication request and an authentication server which carries out authentication processing to the second access point apparatus based on authentication information received via a network from the second access point apparatus and authentication information of the first access point apparatus stored in advance.10-28-2010
20100161819INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, AND INFORMATION PROCESSING METHOD - A first information processing apparatus receives file information from a second information processing apparatus when the information processing apparatus switches into a power saving state. If the first information processing apparatus receives, from a third information processing apparatus, a file process request packet in terms of a file stored in the second information processing apparatus, the first information processing apparatus stores the received file process request packet. When the second information processing apparatus returns into the normal power state, the first information processing apparatus transfers the stored file process request packet to the second information processing apparatus.06-24-2010
20100161820MULTI-PROTOCOL AUTHENTICATION AND AUTHORIZATION IN COMPUTER NETWORK ENVIRONMENTS - A multi-protocol authentication and authorization system including a request interceptor configured to receive from a requestor a first request using a first transport protocol and a second request using a second transport protocol, and an authenticator for validating a digest received from the requestor, where the request interceptor is configured to authenticate the requestor if the digest is valid and if at least one multi-protocol criterion applied to the requests is met.06-24-2010
20090125632METHOD AND SYSTEM FOR CONTROLLING CLIENT ACCESS TO A SERVER APPLICATION - A method and system for controlling access to an application being executed by a server. A time interval between the server's receipt times of a first request and a second request. The first and second requests are included in multiple requests for an access to the application. An adjustment value is selected based on the time interval and multiple historical time intervals. Each historical time interval is between the server's receipt times of two requests of the multiple requests. The two requests' receipt times are prior to the first and second requests' receipt times. An accumulator is adjusted with the adjustment value, resulting in the accumulator's value exceeding a predefined threshold. Access to the application is controlled via a warning, a delay in responding to the second request, a temporary halt in processing, or a permanent access denial in response to the accumulator's value exceeding the threshold.05-14-2009
20100161816IDENTITY INFORMATION SERVICES, METHODS, DEVICES, AND SYSTEMS - A system provides various features for facilitating the management of data used for facilitating trust in otherwise anonymous transactions.06-24-2010
20100153565CONNECTION MANAGEMENT IN LINE-OF-BUSINESS - Facilitating communication from web service clients to line of business applications. A method includes method obtaining a connection from a connection pool. The connection pool pools line of business connections available for accessing a line of business application. The method further includes using the connection, transferring messages between a web service client and the line of business application.06-17-2010
20080307101Method and apparatus for executing web services through a high assurance guard - In accordance with an embodiment, a method of executing web services through a high assurance guard includes transmitting a target service request having routing information from the source security domain to a source one-way high assurance guard (HAG) service, inspecting the target service request in the source one-way HAG service to determine if the target service request violates at least one rule governing communications transmitted from the first security domain, transmitting the target service request to a destination one-way HAG service in the destination security domain via a one-way HAG according to the routing information if the target service request does not violate the at least one rule and discarding the second target service request if the target service request violates the at least one rule, and providing the target service request to the target service.12-11-2008
20100180040Incrementally Changing the Availability of a Feature - Techniques are described to incrementally change the availability of a feature of a software service to clients over a network based on a configuration setting indicating the proportion of the clients that is eligible to receive the feature. In an implementation, a client rank is generated for a client on the network based on a client identification that identifies the client and a feature identification that identifies the feature. The feature may then be made available to the clients via the network if a comparison of the client rank with the configuration setting indicates that the client is eligible to access the feature.07-15-2010
20100017526Method and System for Establishing a Dedicated Session for a Member of a Common Frame Buffer Group - A method for establishing a dedicated session for a member of a common frame buffer group includes the step of transmitting, by a server agent, via at least one frame buffer channel, a first frame buffer update to each generated by one of the plurality of associated clients. The method includes the step of detecting an event generated by one of the plurality of associated clients. The method includes the step of removing, by the server agent, the one of the plurality of associated clients, from the plurality of associated clients. The method includes the step of establishing, by the server agent, a second frame buffer channel between the removed one of the plurality of associated clients and the server agent. The method includes the step of transmitting a second frame buffer update, by the server agent, to the removed one of the plurality of associated clients via the second frame buffer channel.01-21-2010
20100262703IDENTITY MANAGEMENT SERVICES PROVIDED BY NETWORK OPERATOR - Techniques are disclosed for enabling operators of communication networks to provide one or more identity services such as, for example, an authentication service. For example, in a communication network, assume that a first computing device is a client device, a second computing device is an application server, and a third computing device is a server under control of an operator of the communication network. A method may comprise the following steps. In response to the first computing device issuing a resource request to the second computing device and the first computing device providing a first identifier to the second computing device for use in authenticating the first computing device to the second computing device, and in response to the second computing device being unable to authenticate the first computing device, the third computing device assisting in the authentication of the first computing device to the second computing device when a correlation exists between the first identifier sent by the first computing device and a second identifier used by the first computing device to access the communication network as a subscriber, wherein the second computing device is able to reply to the resource request sent by the first computing device upon a successful authentication assisted by the third party computing device.10-14-2010
20100262705METHOD AND DEVICE FOR TRANSMITTING NETWORK RESOURCE INFORMATION DATA - A method and device for transmitting network resource information data are provided by the present invention. The method for transmitting network resource information data includes: step 1, transmitting, by a transport layer function entity, the network resource information data including network topology and variation status information, network link bandwidth utilization status information to a transport control layer function entity; and step 2, the transport control layer function entity creating network resource status data according to the collected network resource information data, and performing resource admission control and path selection to a session according to the network resource status data, wherein, the network resource information data further comprises a traffic class and service mode information of the traffic class, resource and utilization status information of the traffic class. Therefore by using the present invention, the manner for performing resource admission control according to a single bandwidth parameter is changed and the admission control of the network resource and the resource distribution can be performed more comprehensively and exactly.10-14-2010
20100262704System and Method for Determining Trust for SIP Messages - A method for performing registration is provided. The method includes receiving a server timeout message, the server timeout message including at least a field set to a value equal to a value received during a first registration. The method further includes initiating restoration procedures by performing a second registration in response to receiving the server timeout message.10-14-2010
20100161817SECURE NODE IDENTIFIER ASSIGNMENT IN A DISTRIBUTED HASH TABLE FOR PEER-TO-PEER NETWORKS - A multi-party commitment method is provided whereby a joining node uses contributions provided by contributor nodes in a peer-to-peer overlay network to generate a node identifier. The joining node generates a first contribution and sends a join request to an introducer node (or a plurality of contributor nodes), where the join request seeks to obtain one or more contributions for generating the node identifier within an identifier space of the overlay network. A hash of the first contribution may be included as part of the join request. In response, the joining node may receive a plurality of contributions, wherein the contributions are bound to each other and the first contribution by a prior external multi-node commitment operation. The joining node can then generate its node identifier as a function of the first contribution and the received contributions. Consequently, collusion between nodes and malicious manipulation during ID generation can be frustrated.06-24-2010
20100153568METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR PROVIDING A LOCAL PROXY FOR ACCESSING WEB SERVICES - A method, apparatus, and computer program product are provided for providing a local proxy for accessing web services. An apparatus may include a processor configured to receive, at a proxy service implemented on the apparatus, a first HTTP request from a HTTP protocol client application executed on the apparatus. The first HTTP request may be directed to a first network location, wherein the HTTP client application is associated with the first network location. The processor may be further configured to determine whether the first HTTP request includes an indication of a second network location for circumventing a same-origin policy. The processor may additionally be configured to transmit a second HTTP request to the second network location when the first HTTP request includes an indication of a second network location. Corresponding methods and computer program products are also provided.06-17-2010
20100228870METHOD OF MONITORING NETWORK AND INTERNET CONNECTIONS IN A REAL-TIME ENVIRONMENT TO DETECT UNAUTHORIZED NETWORK CONNECTIONS AND UNAUTHORIZED NETWORK ACTIVITY WITHIN A 32/64-BIT MICROSOFT PC OR SERVER OPERATING SYSTEM - A method of monitoring all network communications, which includes a real-time analysis and intercepting of all connections, and determining whether those network connections, including all connections across the Internet, are authorized or unauthorized connections. If a connection is unauthorized, the connection may be terminated in a real-time environment and the logical communications port for authorized connections is re-established.09-09-2010
20100161818ENHANCED CONTENT SHARING FRAMEWORK - An enhanced content sharing framework, in which a presence table indexing content globally stored on a respective home network, and policy information identifying users who are authorized to access the respective home network are received from first and second home network manager devices that respectively manage first and second home networks that each comprises one or more content rendering devices and content storing devices. A message is received from a user requesting that particular content be provided from the first home network to a particular content rendering device or content storing device of the second home network. Based on the presence table of the first home network, it is determined that the particular content is stored on the first home network, and, based on the policy information of the first home network, it is determined that the user is authorized to access the particular content on the first home network.06-24-2010
20100153569System and Method for a Virtual Hosted Operating System - A system and method enabling a virtual hosted operating system which provides many of the functions normally associated with a physical computer as a “virtual computer” service available from a web browser by leveraging and seamlessly aggregating third-party web services.06-17-2010
20100146132Methods, Systems, And Computer Program Products For Accessing A Resource Having A Network Address Associated With A Location On A Map - Methods and systems are described for accessing a resource having a network address associated with a location on a map. In one aspect, a map representing a network address space and a geospatial region is provided on a client configured for accessing a network addressable space. A map location in the map corresponds to a geospatial location of the resource provider in the geospatial region and to a network address of the resource provider in the network address space. The client receives resource access information for accessing the resource from the resource provider. The client determines the geospatial location of the resource provider based on the resource access information. The client associates at least a portion of the resource access information with a map location corresponding to the geospatial location of the resource provider. Access to the resource is provided, via the map, based on the resource access information.06-10-2010
20090077250Computer and Access Control Method in a Computer03-19-2009
20090077249Method and device for implementing remote control of a terminal - Disclosed are a method and a device for remote control of a terminal, in which authentication information is requested from the control terminal after a control request for a controlled terminal is received; and when the identification information from the control terminal is correct, dynamic identification information of the controlled terminal for a control service is obtained and sent to the control terminal. The method and the device according to certain embodiments do not require a dedicated dynamic domain name resolution server. The communication costs of a user may be reduced. Since a successful authentication is a precondition for obtaining dynamic identification information, the communication security is improved.03-19-2009
20090077247SYSTEM AND METHOD FOR OPTIMIZING DOWNLOAD USER SERVICE DELIVERY TO ROAMING CLIENTS - A system and method for providing MBMS content distribution using unicast bearers. According to various embodiments, MBMS download user services are delivered to pieces of user equipment by delivering a FLUTE file delivery table via an OMA Push message. One of a number of different additional actions may be used in the delivery of the MBMS download user services. These actions include (1) making a single HTTP GET request using simple URL-encoding format to retrieve all files of the FDT; (2) making a single HTTP GET request using “group” field of FDT in URL-encoding to retrieve a logical group of files of the FDT; (3) making pipelined HTTP GET requests where each HTTP GET request retrieves at least one file of the FDT; (4) making serialized HTTP GET requests where each HTTP GET request retrieves at least one file of the FDT; (5) making pipelined HTTP GET requests where each HTTP GET request retrieves at least one logical group of files of the FDT; (6) making serialized HTTP GET requests where each HTTP GET request retrieves at least one logical group of files of the FDT; (7) delivering the serviceID of the MBMS user service in the above mentioned OMA PUSH message but not including the serviceID in the FLUTE FDT; (8) an HTTP request to de-register the MBMS UE from the BM-SC for stopping the unicast delivery of the MBMS download user service; and (9) delivering the FDT Instance ID of the FDT Instance in an OMA Push message.03-19-2009
20090077246LOAD BALANCING AND ADMISSION SCHEDULING IN PULL-BASED PARALLEL VIDEO SERVERS - A pull-based parallel video server system and method of implementation useful in an on-demand video system includes a plurality of slave admission schedulers operating in parallel with a master admission scheduler to back up the master admission scheduler that controls access to an array of pull-based video servers according to a protocol that accounts for jitter and loss of packets, as well as network delays. A transport protocol is provided that improves video data throughput under such conditions. To determine the architecture and functional requirements of the redundant admission schedulers, an analytical tool in the form of a performance model has been developed that incorporates network delays, delay jitters and packet losses on the communication links between the clients, schedulers and servers.03-19-2009
20100217880INFORMATION REQUEST AND ACCESS - The technology includes a method and a system for generating a request for information. A communication module receives first information from a first user and transmits a request for second information to a second user. A form control module determines if second information is needed to complete an information form based on the first information and a form parameter associated with the information form and generates the request for second information to the second user based on the determination of the second information and a second access control parameter associated with the second user.08-26-2010
20100241756METHOD OF AUTHENTICATION CONTROL OF ACCESS NETWORK IN HANDOVER OF MOBILE NODE, AND SYSTEM THEREOF - Provided are a method and a system for controlling access authentication in the process of a handover. The method of controlling access authentication in the process of handover of a mobile node in a network that consists of a core network and a plurality of access networks, the method comprising: when the mobile node initially accesses a first access network, performing access authentication of the mobile node and registering and managing the authentication information by using a user profile server, and searching for a host channel adaptor adjacent to the mobile node and transmitting identification, a profile, and authentication information of the mobile node to a network access server, in which the searched host channel adaptor is mounted, by using a mobility control server; when the mobile node moves to a second access network, performing a handover procedure and performing re-access authentication procedure by transferring authentication information regarding the handover to a network access server which is included in the second access network; and after performing the re-access authentication procedure, searching for a host channel adaptor adjacent to the mobile node and transmitting authentication information to a network access server which includes the searched host channel adaptor by using the mobility control server. Accordingly, an access delay time in the process of a handover can be reduced.09-23-2010
20100205316AUTHENTICATION OF THE GEOGRAPHIC LOCATION OF WIRELESS COMMUNICATION DEVICES - What is disclosed is a method of operating a wireless communication network to authenticate a geographic location of a wireless communication device. The method includes transferring an authentication key for delivery to a service node, obtaining the geographic location of the wireless communication device, and authenticating the geographic location to create authenticated location information for the wireless communication device. The method also includes wirelessly transferring the authenticated location information to the wireless communication device, wirelessly receiving the authenticated location information from the wireless communication device for delivery to the service node, and transferring the authenticated location information for delivery to the service node, wherein the service node processes authenticated location information and the authentication key to identify the geographic location of the wireless communication device.08-12-2010
20100217882Method, system and apparatus for accessing a Layer-3 session - A method for accessing a Layer-3 session is disclosed according to an embodiment of the present invention. A session access concentrator in an access network of a user establishes an access session with a remote system, a Session Transport Protocol (STP) session with a session network server (SNS) in home network of the user, and a mapping relation between the access session of the remote system and the STP session, and then forwards messages between the remote system and the SNS according to the mapping relation. According to the embodiments of the present invention, application scenarios of the IP session are extended, so that the problem of technique limitations on the IP session concerning a VPDN and a wholesale scenario is solved.08-26-2010
20100217881WIRELESS TERMINAL DEVICE, WIRELESS CONNECTION METHOD, AND PROGRAM - A wireless terminal device which can be connected to a wireless LAN service to which the terminal can be connected without regard to the identifier for specifying a wireless LAN service, a wireless connection method, and a program are provided. A wireless terminal device (08-26-2010
20090043903VALIDATING USER INFORMATION PRIOR TO SWITCHING INTERNET SERVICE PROVIDERS - Inconveniences in switching from one Internet service provider (ISP) to another ISP are remedied by providing streamlined approaches that facilitate the migration from one ISP to another ISP. In one embodiment, user information is validated prior to migrating from the old ISP to the new ISP, thereby ensuring proper transfer of information from the old ISP to the new ISP.02-12-2009
20090043901Bootstrapping Method For Setting Up A Security Association - In one embodiment, a method of the invention has the steps of: (A) establishing an access-layer security association (SA) between a mobile node (MN) and an authentication authorization accounting (AAA) server; (B) deriving a secondary key from an extended master session key (EMSK) corresponding to the access-layer SA; (C) providing the secondary key to a home agent; and (D) based on the secondary key, establishing an SA corresponding to an Open System Interconnection (OSI) layer higher than the access layer for securing communications between the home agent and a selected network node. In various embodiments, the selected network node can be (i) the MN, (ii) a proxy node configured on behalf of the MN, or (iii) a proxy node configured on behalf of the home agent.02-12-2009
20100241755PERMISSION MODEL FOR FEED CONTENT - Permission access model techniques are described. In an implementation, an association between data that is publicly accessible and a member of a social network service is formed. The association is combined with a permission control that is operable to control access to the association independent of access to the data.09-23-2010
20100235526SYSTEM AND METHOD FOR REDUCING CLOUD IP ADDRESS UTILIZATION USING A DISTRIBUTOR REGISTRY - System and method for providing cloud computing services are described. In one embodiment, the system comprises a cloud computing environment comprising resources for supporting cloud workloads, each cloud workload having associated therewith an internal cloud address; and a routing system disposed between external workloads of an external computing environment and the cloud workloads, the routing system for directing traffic from an external cloud address to the internal cloud addresses of the cloud workloads. The routing system comprises a virtual router configured to function as a network address translator (“NAT”); a distributor connected between the virtual router and the cloud workloads; and a distributor registry accessible by the distributor for maintaining information comprising at least one of port mappings, cloud address mappings, and cloud workload configuration information.09-16-2010
20100306394Systems and Methods to Make a Resource Available Via A Local Network - Methods and systems for making a resource available are disclosed. In a particular method, identification information associated with a portable device within a particular coverage area is received. A resource associated with the portable device is determined based on the identification information. An authentication message identifying the resource to a device is sent. Access control information is received from the device. The access control information indicates that access to the resource should be enabled via a local network. The resource is made available via the local network.12-02-2010
20100153566MONITORING REQUESTED CONTENT - Requested content is monitored and metadata for the content is accessed and reported to an administrator communication device. The reported metadata may be indicative of a classification of the requested content, an address of the requested content, a title of the requested content, or portions (e.g., video images) of the requested content. Administrators are enabled to receive dynamic updates regarding requested and received content in real time and may block viewer requested content or send messages to the viewer that are related to the content.06-17-2010
20100250758COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND SERVER MANAGEMENT APPARATUS - A communication system which causes a terminal apparatus to access a server apparatus via a network includes a server management apparatus between the network and at least one server apparatus. The server management apparatus performs processing of establishing a session for a communication partner terminal via a control apparatus of the network using a predetermined signaling protocol to obtain a use permission of the network on behalf of the server apparatus.09-30-2010
20100088423ESTABLISHING AND MAINTAINING A CONNECTION BY A CLIENT TO A SERVER WITHIN A NETWORK - A method for establishing and maintaining a connection by a client to a server within a network includes creating a socket for connecting to the server, based on authentication information associated with the client, and connecting to the server using the socket. In addition, the method includes saving the authentication information associated the client. The method further includes in a case where subsequent connection to the server is requested by the client, reconnecting to the server via the socket, based on the saved authentication information. An apparatus for establishing and maintaining a connection by a client to a server within a network is also provided.04-08-2010
20100250759WORKSTATION VIRUS LOCKDOWN IN A DISTRIBUTED ENVIRONMENT - Systems and methods for insuring that a client computer has up-to-date virus protection are provided, and include initiating a boot sequence pursuant to a boot image on a client computer for accessing a network, accessing a remote management server according to a preliminary instruction from the boot image, determining whether the client includes a latest virus file and forwarding the latest virus file if the client does not include the latest virus file.09-30-2010
20120144050METHODS FOR ACCESSING EXTERNAL NETWORK VIA PROXY SERVER - A network manager establishes a network connection with a local area network (LAN) using a gateway device that interfaces the LAN with the Internet. A request is transmitted to the gateway device via the network connection to access a Web server of the Internet. A response page received from the Internet via the gateway device is examined to determine whether the response page is a redirect page, or if the response page is from a domain different from that was requested, from a Web proxy server that requires a user to log in, in order to access the Web server. It is determined whether credentials associated with the user required for the login page have been previously cached locally. The cached credentials of the user is automatically provided in response to the redirect page without user intervention to log into the Web proxy server, if it is determined that the credentials have been previously cached locally.06-07-2012
20090248883APPARATUS AND METHODS FOR MANAGING WIDGETS IN A WIRELESS COMMUNICATION ENVIRONMENT - Apparatus and methods relating to mobile widgets. In particular, apparatus and methods for integrating network services and/or network resources with widget capabilities, managing mobile widgets, providing portability to mobile widgets, and generating content with respect to a mobile widget. In one aspect, a method for integration of network services and/or resources with widget capabilities is provided. The method may include providing for an interface between a widget management component and at least one of a network resource or a network service. The method may also include accessing, at the widget management component via the interface, at least one of a network resource or network service. Further, the method may include integrating the network resource or the network service with a widget functionality.10-01-2009
20090327502SOFTWARE-BASED ALIASING FOR ACCESSING MULTIPLE SHARED RESOURCES ON A SINGLE REMOTE HOST - In order to allow a single user registered on a single local host or other machine to access multiple shared resources on a remote host, an aliasing mechanism is employed so that multiple concurrent connections can be established by the user to a single remote host, with each connection using a different identity. Each connection can therefore be used to access a different shared resource on the remote host. In some illustrative examples, a user's identifier such as his or her machine log-in identification may be associated with two or more resource sharing aliases. As a result, two or more resource sharing sessions can be established by the user with a single remote host, with each of the sessions using a different one of the aliases. The resource sharing sessions are usually established in accordance with a resource sharing protocol such as the Server Block Message (SBM) protocol.12-31-2009
20110066738METHODS AND APPARATUS FOR CONTROLLING SWITCHING BETWEEN RESOURCES AND/OR COMMUNICATING RESOURCE CHANGE INFORMATION IN A WIRELESS COMMUNICATIONS SYSTEM - Methods and apparatus for controlling switching between resources and/or communicating resource change information in a wireless communications system are described. Various methods and apparatus are well suited for use in a decentralized wireless communications network, such as a decentralized peer to peer wireless network, where an individual communications device self allocates resources and makes resource switching decisions. A first communications device may decide that there is a need to switch from the first communications resource corresponding to a first identifier to a second communications resource corresponding to a second identifier, e.g., because of interference. The first communications device generates and transmits a broadcast change signal indicating a change from the first communications resource associated with the first identifier to a second communications resource associated with the second identifier. In some embodiments, the resource change signal is transmitted on at least one of the first and second communications resources.03-17-2011
20110131338SERVICE-BASED ROUTING FOR MOBILE CORE NETWORK - System(s), method(s), and device(s) that enable establishment of data session based in part on services are presented. When establishing a data session for a communication device, the desired mobility gateway can be dynamically assigned via a specified policy mechanism or provisioned using a predefined service policy table, where particular services are linked with respective identifiers associated with respective mobility gateways. A communication device can reference the service policy table to locate a service that is to be used for the data session and can identify an identifier(s) linked to the service(s) and associated with a mobility gateway(s). The identifier(s) can be received and used to facilitate selecting one or more respective mobility gateways for the data session(s). The service policy table can be automatically pushed to the communication device or the communication device can initiate a download of the service policy table when the default data connection is established.06-02-2011
20090319677SYSTEM AND METHOD FOR SHARING INFORMATION AND CAUSING AN ACTION BASED ON THAT INFORMATION - A physical objects tracking system and a method for sharing information about objects and causing an action based on that information is provided. Short range communication networks collect data which identify physical objects and attributes associated with the objects. Long range communication networks provide both central data processing equipment, which is hosted by a trusted third party, for aggregating and storing the collected data and user terminals for enabling authorized user to access the data processing equipment and to evaluate the aggregated data. The authorized user is enabled to define a business rule, which specify a matching condition and an action. The matching condition is matched against the aggregated data and if it is determined that the matching condition is fulfilled, the action is executed. Embodiments implementing an auto-ID clearing and risk management process and a secondary market process are introduced.12-24-2009
20090210542SIMPLIFIED PROTOCOL FOR CARRYING AUTHENTICATION FOR NETWORK ACCESS - Methods and system for simplified Protocol for Carrying Authentication for Network Access (sPANA) are disclosed. In the broadband architecture such as Broadband forum or WiMAX forum, a Network Access server (NAS) is one IP hop away from a user. Therefore, it is possible to relax the need in PANA to obtain an IP address prior to authentication. A PANA client (PaC) may use an unspecified IP address (e.g. 0.0.0.0 in TPv4) as a source address for authentication. A PANA Authentication Agent (PAA) may use an IP broadcast address as a network layer destination address (e.g. oxffffffff). The present invention defines PANA Attribute-Value Pairs (AVPs) and procedures that allow a Challenge-Handshake Authentication Protocol (CHAP) exchange to occur in PANA. The PANA CHAP support may facilitate smooth migration from Point-to-Point Protocol (PPP) sessions to IP sessions in a DSL Broadband network environment. The sPANA can be desirably compatible with the PANA.08-20-2009
20090150552METHOD AND APPARATUS FOR MANAGEMENT AND TRANSMISSION OF CLASSIFIED CONDITIONAL ACCESS APPLICATION TO PROVIDE DOWNLOADABLE CONDITIONAL ACCESS SYSTEM SERVICE - A method and apparatus for management and transmission of a classified conditional access application to provide Downloadable Conditional Access System (DCAS) service according to disclosed embodiments is an effective managing method according to a type of a conditional access module in a software version in the DCAS. In particular, it relates to a method and apparatus which can continuously provide Pay per View (PPV) service during movement in a DCAS service operator (SO) network, such as maintaining independence of CAS SO in DCAS, provide adaptability to adapt to a variety of policies of the SO, and install an optimum application in a terminal.06-11-2009
20090319678REMOTE COMMUNICATION SYSTEM AND METHOD USING MODIFIED SEMAPHORE FLAGS - A remote communication system and method are disclosed. An environment is identified defining a plurality of semaphore flags communicated between a first and a second computer as part of a remote session (i.e., the first computer remotely controlling the second computer via the remote session), with each semaphore flag defining an action associated with the remote session. A first application, via a unidirectional communication with the environment, modifies at least one semaphore flag associated with the environment (e.g., modifying commands to open or close files, keyboard scan codes, cursor position, mouse position, clipboard data, screen resolution, or channel administration), wherein the modified semaphore flag is extracted by an interceptor associated with the second computer and, the interceptor, based on a look-up, executes a pre-defined action affecting the remote session, wherein the pre-defined action being different than the modified semaphore flag's associated action.12-24-2009
20090113063AUTHENTICATION METHOD AND APPARATUS FOR INTEGRATING TICKET-GRANTING SERVICE INTO SESSION INITIATION PROTOCOL - In an authentication method for integrating ticket-granting service into session initiation protocol, a server provides session initiation protocol and ticket-granting services between a calling facility and a called facility, and the method includes enabling the calling facility to obtain a first ticket from the server, and subsequently issue an INVITE message containing the first ticket attached thereto to the server. If the server verifies that the first ticket be issued by the server itself, the server examines the registration status of the called facility in the server. If the status of the called facility is registered, identity authentication of the calling facility and called facility proceeds according to a predetermined ticket authentication procedure. If the authentication is successful, the called facility can establish a communication session with the calling facility.04-30-2009
20090113062Efficient network monitoring and control - In one embodiment, a method for monitoring traffic associated with users in a network includes assigning a trust level to each of the users, monitoring traffic associated with each of the users, and analyzing the monitored traffic. A level of monitoring is based on the trust level of the user. A user's trust level is modified if the analyzed traffic indicates that the user is operating outside of specified network usage parameters. An apparatus for monitoring traffic associated with users in a network is also disclosed.04-30-2009
20100223389Enabling Trusted Conferencing Services - Architecture for providing a superuser privilege in a conferencing environment. A pre-configured entity such as a bot program receives special conferencing privileges. A request can be identified as originating from a trusted service and an associated predetermined set of privileges passed to the service. The trusted service can impersonate a user, and join a conference using its own identity or using the identity of a user. Conference control rules can be enforced on the trusted user (e.g., no other users can eject or mute this entity). Moreover, the trusted service can (optionally) hide itself from the conference roster to remain invisible to all participants.09-02-2010
20080228932APPLYING POLICIES FOR MANAGING A SERVICE FLOW - A method and an access domain node identify and manage a type of service offered by a service provider to user domains. A service template is prepared by the service provider, comprising an address of a server and a protocol identifier, as well as policies for controlling traffic for the service. Upon set up of a connection between a user domain and the service provider, an address of the user domain is added to the service template to produce a service flow management set. Every data packet exchanged between the user domain and the server, in either direction, is related to a service data flow for a given service type by checking for a match between a source address, a destination address, and a protocol type contained therein, with an appropriate service type. Policies from the service flow management set are used to manage the flow of data packets.09-18-2008
20100306395SERVICE PROVIDING METHOD - The frequency of reading, by users, Web sites managed by Web masters is increased. A server computer of a service provider providing a variety of services can be accessed from one of the Web sites of registered Webmasters. The server computer registers a client who has accessed it through one of the Web sites. Only when the registered client accesses the service provider through the Web site, the client can receive any one of the services.12-02-2010
20100312904DETECTION OF REQUIRED PASSWORD AUTHENTICATION IN A NETWORK - A client device interrogates an access point on a network to request an initial connection to the network. Without using a browser, the client device determines if the connection failed due to a lack of authorization for the client device to connect to the network.12-09-2010
20090037593SERVER FOR AUTHENTICATING CLIENTS USING FILE SYSTEM PERMISSIONS - A computer system comprises a server that serves a plurality of clients and performs client authentication and authorization during client login to the server enabled by file system permissions of User Domain Sockets (UDS).02-05-2009
20100325296AUTHENTICATION APPARATUS, AUTHENTICATION METHOD, AND DATA USING METHOD - An apparatus for authenticating a request includes a receiving unit, an acquiring unit, a determining unit, and a permitting unit. The receiving unit receives a request for a service-related process from a service user via a communication device. The request contains process request information indicating the contents of the requested process and connection identification information unique to the communication device. The acquiring unit acquires the connection identification information contained in the received request. The determining unit determines whether the connection identification information acquired by the acquiring unit exactly corresponds to connection identification information of a communication device that has established an authorized connection. When the two pieces of the connection identification information are determined to exactly correspond to each other, the permitting unit permits performing a process that corresponds to the process request information, which is contained in the request received by the receiving unit.12-23-2010
20100325294ENFORCING COMMUNICATION SECURITY FOR SELECTED RESOURCES - A secure resource enforcer is configured to identify and provide selected secure resources. The secure resource enforcer includes a determining module configured to determine whether a resource of a web page that is requested in a first request by a client computer requires a secure connection based on a type of the resource that is requested. The secure resource enforcer also includes a redirecting module configured to redirect the client computer to a secure socket for the resource when the resource requires the secure connection. The secure resource enforcer further includes a receiving module configured to receive a second request from the client for the resource over the secure socket and a secure resource providing module configured to provide the requested resource to the client over the secure socket.12-23-2010
20100332669METHOD AND APPARATUS FOR CREATING TRUSTED COMMUNICATION USING CO-EXPERIENCE DATA - An approach is provided for determining the level of trust among users of a social network with respect to their co-experiences from communicating with each other without violating their privacy.12-30-2010
20110113148METHOD AND APPARATUS FOR PROVIDING A MEETING POINT AND ROUTES FOR PARTICIPANTS TO A PROPOSED MEETING - A method including causing determination of locations of participants to a proposed meeting. The method further includes determining a meeting point and proposed routes of the participants to the meeting point based on the locations of the participants; and electronically providing, to the participants, the meeting point and the proposed routes for display.05-12-2011
20110113147ENHANCED HUMAN INTERACTIVE PROOF (HIP) FOR ACCESSING ON-LINE RESOURCES - A method is provided for protecting an on-line resource using a HIP challenge. The method includes receiving a request to access the on-line resource from a remote client. A HIP challenge is presented to a user associated with the remote client. If a successful response to the HIP challenge is received from the user, a previous response pattern of the user is compared to known response patterns of humans and machines. The user is allowed to access to the on-line resource if the comparison indicates that the user is likely a human.05-12-2011
20100023630SYSTEM AND METHOD FOR GLOBALLY AND SECURELY ACCESSING UNIFIED INFORMATION IN A COMPUTER NETWORK - A client stores a first set of workspace data, and is coupled via a computer network to a global server. The client may be configured to synchronize portions of the first set of workspace data with the global server, which stores independently modifiable copies of the portions. The global server may also store workspace data which is not downloaded from the client, and thus stores a second set of workspace data. The global server may be configured to identify and authenticate a user seeking global server access from a remote terminal, and is configured to provide access to the first set or to the second set. Further, services may be stored anywhere in the computer network. The global server may be configured to provide the user with access to the services. The system may further include a synchronization-start module at the client site (which may be protected by a firewall) that initiates interconnection and synchronization with the global server when predetermined criteria have been satisfied.01-28-2010
20110087791SYSTEM AND METHOD FOR MANAGING REGISTRATION OF SERVICES FOR AN ELECTRONIC DEVICE - The present disclosure described herein relates to a device and method for managing access to a server. The method comprises: receiving a request from the device for access to servers in a network; generating and sending access requests to servers from an interface entity, where the access requests are produced from analyzing at least one capability of the device; monitoring for responses from the servers to the access requests; extracting access information from the responses; and generating and sending a response to the request for access to the device, the response including the access information from the responses from the servers.04-14-2011
20110145425TRUSTED NETWORK MANAGEMENT METHOD BASED ON TCPA/TCG TRUSTED NETWORK CONNECTION - A trusted network management method based on TCPA/TCG trusted network connection is provided. A trusted management agent and a trusted management system are installed and configured on a managed host and a managing host respectively and verified to be creditable locally; when the managed host and the managing host have not yet connected into a trusted network, they connect into the trusted network separately by using a method based on TCPA/TCG trusted network connection and then performs authentication and key negotiation procedure between the trusted management agent and the trusted management system; when the managed host and the managing host have not yet performed the user authentication and key negotiation procedure, they perform user authentication and key negotiation procedure, then realize the remote creditability of the trusted management agent and the trusted management system, and finally, perform network management.06-16-2011
20110145424SYSTEMS AND METHODS FOR REAL-TIME VIEWING AND MANIPULATION OF INFORMATION HOSTED ON THIRD-PARTY SYSTEMS, INCLUDING METRICS, FALSE ACKNOWLEDGEMENTS, AND AUTO-COMPLETION FOR INPUTTING INFORMATION OVER A NETWORK - Systems and methods for real-time viewing and manipulation of information hosted on third-party systems are described. The system and methods enable property managers to create, edit and delete real estate vacancy postings on multiple sites from a single account, view metrics associated with the postings, and shift the administrative burdens associated with the unreliability of third-party systems to the system itself.06-16-2011
20100011113METHODS AND APPARATUS FOR PROVIDING ACCESS TO PERSISTENT APPLICATION SESSIONS - Methods and apparatus for providing remote access to two or more application sessions in which authentication information associated with a user is received, a plurality of application sessions already associated with the user are identified in response to the information, and a client computer operated by the user is connected to the plurality of application sessions.01-14-2010
20090031033System and Method for User to Verify a Network Resource Address is Trusted - A system, method and computer program product for a user to verify that a network resource address is trusted. At least one entity registration is stored at a server. Each entity registration comprises an identity of an entity and entity addressing information associated with the identity of the entity. The existence of at least one entity whose identity is included in the at least one entity registration is confirmed. A query comprising a target addressing information is received from a client. If the target addressing information matches the entity addressing information, the identity of the entity associated with the entity addressing information is determined and a result comprising the identity of the entity associated with the entity addressing information matching the target addressing information is transmitted to the client. If no entity addressing information matches the target addressing information, an indication of such is transmitted to the client.01-29-2009
20100070638SYSTEM AND A METHOD FOR SECURED DATA COMMUNICATION IN COMPUTER NETWORKS BY PHANTOM CONNECTIVITY - The present invention provides a system for providing a higher level security to data communication in computer networks, said system comprising; an organizational network, at least a third party network, at least a phantom server with an intermediate data storage, a toggling means disposed to isolate the organizational network from the third party network and said toggling means further disposed to permit secured data communication between the organizational network and the third party network through the phantom server. A method for providing a higher level security to data communication in computer networks by effecting the transmission of data between organizational network and the third party network by toggling means through phantom server.03-18-2010
20100070640METHOD AND SYSTEM FOR ALLOWING ACCESS TO PRESENTATION MATERIALS FOR A MEETING - A method for allowing access to presentation materials for one or more meetings may include receiving a call from a meeting participant using a communications device. The meeting participant may use the communications device to call a prearranged teleconference number to participate in the meeting via the communications device. The method may also include sending a prompt to the meeting participant's communications device to request if the meeting participant needs to access and acquire the presentation materials to participate in the meeting. In response to the meeting participant requesting to access and acquire the presentation materials, a response may be sent to the meeting participant. In accordance with one embodiment of the present invention, the response may include sending the presentation materials to a destination entered in the communications device by the meeting participant. In accordance with another embodiment of the present invention, the response may include sending access information to the communication device for the user to access the presentation materials. The method may further include connecting the meeting participant to the meeting for participation via the communications device, if the meeting is already in progress.03-18-2010
20100064050CONTENT DELIVERY SYSTEM USING WIRELESS PORTABLE TERMINAL AND DELIVERY METHOD THEREFOR - To reduce time to point a directional wireless portable terminal (WPT) to an access point (AP) when data is downloaded from the AP to the WPT, a user points the WPT to the AP, performs a first operation and transmits a request of authentication and download to the AP. The AP requests a server to perform the authentication and the download. The server transmits information on a current situation to the AP. The AP calculates time required until the download can be started based on content capacity and the like and transmits information on the calculated time to the WPT. The WPT displays countdown until the download can be started. During that time, the server performs the authentication and, if successful, delivers content to the AP. When the download can begin, the user performs a second operation and transmits a request of re-authentication and download to the AP.03-11-2010
20100057925Method For Processing A Network Service Request, And Network Element Comprising A Means For Processing Said Request - In a method for processing a network service request, a first network element that is logically closest to a user requesting the network service manages a file into which data can be entered in respect of a user authorization to receive the network service. A network element includes a device for allowing and blocking transmission of a network service to a user requesting the network service. The device can be switched in accordance with the authorization data contained in the data memory.03-04-2010
20090216891Communication bandwidth control method for a broadcast communication system, a server and a user terminal used in a broadcast communication system, and a program - A method transmitting and receiving data other than voice data and preventing deterioration in quality of communication voice data due to transmission and reception of the other than voice data, and utilizing a limited communication bandwidth when a plurality of users conduct the broadcast communication through common use of the conference room on the network. Upon a user terminal transmitting second data, verifying whether any of a plurality of identified user terminals has a right of transmission of first data. The method further includes that upon a user terminal having the a transmission right of first data, setting a value obtained by subtracting the communication bandwidth required for transmission of the first data from the communication bandwidth which each user terminal can use as the communication bandwidth for transmission of the second data. Upon no user terminal having a transmission right of first data, setting a communication bandwidth that each user terminal can use as the communication bandwidth for transmission of the second data.08-27-2009
20090216892SYSTEM AND METHOD FOR HANDLING DIGITAL CONTENT DELIVERY TO PORTABLE DEVICES - Systems and methods to download digital data files are provided. A particular method includes sending authentication data and a request to download a digital data file from a portable computing device to a remote network device via a first network access point. A first portion of the digital data file is received at the portable computing device. The first portion does not include a remaining portion of the digital data file. Communication is established between the portable computing device and a second network access point after communication is lost between the portable computing device and the first network access point and before the remaining portion of the digital data file is received. The remaining portion of the digital data file is received at the portable computing device without sending a second request related to downloading the digital data file.08-27-2009
20090216890METHOD FOR THE TRANSMISSION OF INFORMATION WITH IMPROVED PERENNIALITY - A method is provided for the transmissions of information between at least a first and a second communication means. The method includes in saving at least one set of information in an intermediate element. The method also includes defining a plurality of client groups, using an identifier in order to designate at least one group of clients that are authorized to access the information set, and at least one filtering step, which is intended to prevent a user that does not belong to the group from accessing the information. The method enables the integrity of the contained in the intermediate element to be substantially secured, by selecting clients that are authorized to access the information.08-27-2009
20100070639Network Clone Detection - Each client device among a group of client devices whose access to a network is controlled by the same Network Access Control server will have a unique physical address. However, the same physical address may exist among a group of client devices controlled by different Network Access Control server. To detect and block clone devices from obtaining service, each Network Access Control server will have its own identifier and this identifier is one of the authorization parameters used by the Dynamic Host Configuration Protocols server for determining whether the request for an IP address is from an authorized client device.03-18-2010
20100064049CONTRIBUTION AWARE PEER-TO-PEER LIVE STREAMING SERVICE - A method of admitting a joining contribution-aware peer to a peer-to-peer network is described including receiving a plurality of system parameters at the joining peer, the plurality of system parameters further including a system resource index and determining an entitled incoming degree value for the joining peer, the determined entitled incoming degree reflecting a value of the system resource index. Also described is a bootstrap node for a contribution-aware peer-to-peer network including a processor device and a network interface device coupled to the processor device, the network interface device being adapted to be coupled to a communication network, the processor device being adapted to receive a request for potential parent peer identification information from the communication network through the network interface device and whereas the processor device is adapted to respond with a plurality of device identification values and a system parameter.03-11-2010
20100057923Maintaining Client Affinity in Network Load Balancing Systems - Described is a technology in a network load balancing system (node cluster), by which client affinity is preserved across cluster configuration changes, including for new connections from a previous client. Each node maintains a list of the clients that are to remain (have affinity, or “stickiness”) with that node, including following bucket redistribution resulting from convergence. Each affinity list is communicated during convergence so that other nodes may build an exception list or lists. Via a node's exception list, the node that owns a bucket corresponding to a client knows of the affinity with another node and thus drops any packets from that client. Affinity may expire, whereby the node having affinity with that client releases it and notifies the node owning the bucket for that client that the client is no longer to be treated as an exception.03-04-2010
20100057924ACCESS POINT FOR IMPROVED CONTENT DELIVERY SYSTEM - A deployment and distribution model improves content delivery with a business incentive for placement of kiosks with one or more wireless access points in public locations so that portable media players (PMPs) can receive media content (e.g., audio, video, text, haptic content, etc.). In addition, coordination between subscribing users of PMPs, vendors who provide kiosks, and a network central controller of a content distribution system allow for prepositioning of video content at the kiosks through economically desirable low data rate communication links from the network (e.g., dial-up modem, DSL, etc.); coordinated queuing of downloads (e.g., partial downloads) between kiosk to PMP, peer-to-peer (P2P) downloading between PMPs, and uploads from PMP to kiosk; billing/crediting to correspond with such participation in the distribution; and changing priority/selection of prepositioning of content at kiosks to reflect a clientele profile.03-04-2010
20090031034Methods and systems for proofing ldentities using a certificate authority - A digital certificate is provided to a customer having an electronic account linked to the customer's physical address. Using the digital certificate, the customer performs electronic transactions with a third party. A proofing workstation receives a request from a third party to validate the digital certificate. The proofing workstation communicates with a proofing server that maintains a list of valid certificates and a list of revoked certificates. The proofing server sends a response to the proofing workstation, where it is received by the third party.01-29-2009
20110252153SECURELY PROVIDING SESSION KEY INFORMATION FOR USER CONSENT TO REMOTE MANAGEMENT OF A COMPUTER DEVICE - Embodiments of the invention are generally directed to systems, methods, and apparatuses for providing information used in verifying user consent to a remote management session. In some embodiments, a session key is provided by a management engine of a computer device in response to an indication that a session is needed to remotely mange operations of the computer device. In some embodiments, information based on the session key is displayed in a secure sprite, where the integrity of information is protected at least in part by the isolation of the management engine from other resources of the computer device.10-13-2011
20100250757REDIRECTION OF A REQUEST FOR INFORMATION - A method is provided in one example embodiment and includes identifying a first data center configured to receive a request initiated by an end user. The method also includes detecting a presence of a wide area application service (WAAS) and identifying a second data center. The method further includes signaling, in response to the presence of the WAAS, to redirect data packets associated with the request to the second data center. In more specific embodiments, the signaling includes adding a TCP option to packets of a session associated with the end user to inform components of redirecting capabilities of a WAAS element. The detecting can include recognizing a transmission control protocol (TCP) option in detecting the presence of the WAAS. The TCP option can be used to identify capabilities of a WAAS element that is involved in servicing the request of the end user.09-30-2010
20090100182METHOD AND SYSTEM FOR SECURELY REQUESTING DOWNLOAD OF CONTENT TO A USER DEVICE FROM ANOTHER DEVICE - A method and system includes a first web service client generating a first message with first security portion and communicating the first message and first security portion to a second web service client. The second web service client generates a response to the first message at the second web service client when the first security portion is valid and communicates the response to the first web service. The second web service generates a user device request at the second web service when the first security portion is valid and communicates the user device request to a conditional access management center. The conditional access system generates a control word and communicates the control word to the user device. The conditional access system generates a status signal and communicates the status signal to the second web services client when a control word is sent to the user device. The second web service device generates a formatted response message from the first web services client to the second web services client in response to the status signal.04-16-2009
20110153853REMOTE APPLICATION PRESENTATION OVER A PUBLIC NETWORK CONNECTION - Web access over a public network for applications that operate on virtual desktops on a plurality of servers is facilitated. Through the web access the user is provided with the information necessary to establish a connection with an application by way of the virtual desktop. Applications that the user is authorized to access are determined and those applications that the user is not authorized to access are filtered out. The applications associated access control list is used for determining the user's access to discover an application.06-23-2011
20110153854SESSION MIGRATION BETWEEN NETWORK POLICY SERVERS - A policy device grants access to a client device, without authenticating the client device, when the client device provides a session identifier to the policy device that was previously granted to the client device by a second policy device upon authenticating the client device by the second policy device. In one example, a policy device includes a network interface that receives a session identifier from a client device, wherein the policy device comprises an individually administered autonomous policy server, and an authorization module that grants the client device access to a network protected by the policy device based on the session identifier without authenticating the client device by the policy device. In this manner, the client device need not provide authentication information multiple times within a short time span, and the policy device can deallocate resources when a session migrates to a second policy device.06-23-2011
20110153852SYSTEM AND METHOD FOR VALUING AND RATING INTELLECTUAL PROPERTY ASSETS - A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards.06-23-2011
20110153851SYSTEM AND METHOD FOR ADJUSTING INTAKE BASED ON INTELLECTUAL PROPERTY ASSET DATA - A comprehensive platform for merchandising intellectual property (IP) and conducting IP transactions is disclosed. A standardized data collection method enables IP assets to be characterized, rated and valuated in a consistent manner. Project management, workflow and data security functionality enable consistent, efficient and secure interactions between the IP Marketplace participants throughout the IP transaction process. Business rules, workflows, valuation models and rating methods may be user defined or based upon marketplace, industry or technology standards.06-23-2011
20120303831Systems and Methods for Authorizing Services in a Telecommunications Network - A computer-implemented method for authorizing access by a user device to at least one service offered over an Internet Protocol (IP) network is provided. A server receives a message from the user device. The message indicates that the user device is configured to support the at least one service. The server then retrieves from a database policy data associated with the user device. The server validates based on the policy data that the user device is authorized to advertise the at least one service and the at least one service is available for access by the user device. If the at least one service is unauthorized or unavailable for access by the user device, the server modifies the message to indicate one or more authorized and available services for the user device without including the at least one service.11-29-2012
20120303830DATA PROCESSING DEVICE AND DATA PROCESSING METHOD - The data processing device includes a registration data receptor which receives first registration data sent from a client, a URL generator which generates a URL which includes the first registration data, a URL notification unit which notifies the client of the URL, a login URL processor which receives the URL from the client, and extracts the URL from the first registration data while displaying to the client a login screen corresponding to the URL, an authentication request receptor which receives an authentication request which includes second registration data sent from the client, and an authentication enforcement unit which judges whether to authenticate the client according to whether the first registration data and the second registration data match.11-29-2012
20120303829SYSTEMS AND METHODS TO PROVIDE ACCESS TO A NETWORK - A network access system for use with a charging station is provided. The network access system is configured to receive at least one signal representative of a network. The network access system is also configured to prompt a user for at least one input. Moreover, the network access system is configured to receive the input from the user, wherein the input includes a confirmation to receive access to the network. The network access system provides at least one unique identifier to the user to enable the user to receive access to the network within a distance from the charging station while a battery is being charged.11-29-2012
20120303827Location Based Access Control - A policy enforcement system may use device location as a parameter for granting or denying access to a resource. An access policy may include location parameters that may permit or deny access to the resource based on the physical location of the device. In some cases, the location may be authenticated by a server that may verify the device's location. The access policy may grant or deny full or partial access to the resource, which may be a data resource, such as a file, database, URL, or other information, an application resource, or a physical resource such as a network or a peripheral device. The policy enforcement system may use the device location for regulatory compliance, restricting access to sensitive information, or as a primary or secondary condition for limiting access to a resource.11-29-2012
20110060840APPARATUS, METHOD AND COMPUTER PROGRAM PRODUCT FOR GUARANTEED CONTENT DELIVERY INCORPORATING PUTTING A CLIENT ON-HOLD BASED ON RESPONSE TIME - An apparatus, method and computer program product for guaranteeing network client-server response time while providing a way of putting the client on-hold when the response time temporarily prohibits access to the requested server. The apparatus is implemented within an interface unit connecting a plurality of servers and an on-hold server to the Internet, which is connected to a plurality of clients. According to one aspect of the invention, the method includes the steps of opening a connection between a client and the interface unit; determining which server the client desires a page from; determining the current response time of the requested server; if the response time is acceptable then opening a connection between the interface unit and the requested server if no free connection is open between the interface unit and the requested server; allowing the client to access information on the requested server-via the connections; and closing the connection between the client and the interface unit while keeping open the connection between the interface unit and the requested server. Alternatively, if the response time is not acceptable, then putting the client on-hold by redirecting the client to an on-hold server until the response time of the requested server becomes acceptable. According to a “on-hold distribution” aspect of the invention, the interface unit determines the on-hold preference of the client and selects the server hosting that on-hold preference. According to another aspect of the invention, instead of utilizing the interface unit, each server has the intelligence to put the client on-hold when applicable.03-10-2011
20110016219SYSTEM AND METHOD FOR DYNAMIC SECURITY PROVISIONING OF COMPUTING RESOURCES - The present invention facilitates the dynamic provisioning of computing and data assets in a commodity computing environment. The invention provides a system and method for dynamically provisioning and de-provisioning computing resources based on multi-dimensional decision criteria. By employing specialized computing components configured to assess an asset and requestor of an asset, a provisioning engine is able to transform the input from the computing components into a specific configuration of computing resource provisioning and security controls. According to the rules and policies applying to a security domain, the provisioning engine may dynamically allocate computing resources in a manner that is both safe and efficient for the asset.01-20-2011
20100262706Network Security Using Trust Validation - In certain embodiments, a method includes receiving a communication session request from a requesting node. The communication session request is received via a network facilitating communication among a number of nodes. A number of trust level values associated with the requesting node are accessed. Each of the number of trust level values is received from one of the number of nodes. The method further includes determining, based on a voting technique and the accessed trust level values associated with the requesting node, a validated trust level associated with the requesting node. The method further includes determining, based on the validated trust level associated with the requesting node, whether to allow the communication session request received from the requesting node.10-14-2010
20110258333CLOUD CONNECTOR KEY - A cloud connector key includes a network interface configured to connect to a network, a mass storage interface configured to connect to a network isolated device, and a computation module operatively connected to the network interface and the mass storage interface. The computational module is configured to connect to a cloud repository using the network interface by obtaining, from storage on the cloud connector key, a network address of the cloud repository, requesting connection to the cloud repository using the network address, and authenticating, using credentials in the storage on the cloud connector key, to an account in the cloud repository. The computational module is further configured to transfer a file between the account in the cloud repository and a network isolated device via the mass storage interface.10-20-2011
20110153855METHOD OF DEFENDING AGAINST BATTERY EXHAUSTION ATTACK AND WIRELESS COMMUNICATION DEVICE AND RECORDING MEDIUM USING THE METHOD - Provided is a method of defending against a battery exhaustion attack on a wireless communication device. The method includes: determining whether a battery exhaustion attack against a first wireless communication device occurred based on a connection state between the first wireless communication device and at least one second wireless communication device; if it is determined to be a battery exhaustion attack against the first wireless communication device, defending the battery exhaustion attack using a communication module of the first wireless communication device; and if it is determined that the is no a battery exhaustion attack against the first wireless communication device, performing communication between the first wireless communication device and the at least one second wireless communication device according to the connection state.06-23-2011
20120203919METHOD AND APPARATUS FOR CONTROLLING CONNECTION BETWEEN DEVICES - A method and apparatus for controlling connection between devices includes detecting a first device, determining whether the first device is included in a device list, obtaining information related to the first device from a second device, and establishing a connection with the first device based on the information from the second device.08-09-2012
20120203918LOW POWER WIRELESS NETWORK FOR TRANSPORTATION AND LOGISTICS - Embodiments of methods and devices are disclosed for enabling network devices to join a network. These embodiments generally include a first network device, which is joined to the network, sending authentication information. If the authentication information is determined as valid by a second network device, the second network device sends a join request toward the first network device. During or after the joining process, the first and second network devices can share scheduling information. These embodiments enable a network to have additional security while consuming low amounts of power.08-09-2012
20090248882Virtual social group management system, virtual social group management method, and computer program - An SNS system is provided with: a user attribute storage unit that stores user attributes for each user; a community attribute storage unit that stores a community grade rank for each community; an access allowance/rejection determination unit that determines whether or not to allow a user to access a community based on the community grade rank of the community and the user attributes of the user; and a community viewing processing unit that executes a process for distributing the content uploaded in the community to the user in the case where the access allowance/rejection determination unit has determined to allow the user to access the social group, and does not execute the process for distributing the content uploaded in the community to the user in the case where the access allowance/rejection determination unit has determined to prohibit the user from accessing the social group.10-01-2009
20090240822System and Method for Controlling Access Rights to Network Resources - A system and method for securing access to network resources are described. One embodiment includes an exemplary method for securing access to a network element and can include associating a network element with a set of data, and configuring a portion of the data to be responsive to a first subset of access rights. In accordance with other embodiments, an exemplary method and system provide for selection of an appropriate security to govern access by a user to network resources.09-24-2009
20090210541EFFICIENT CONFIGURATION OF LDAP USER PRIVILEGES TO REMOTELY ACCESS CLIENTS WITHIN GROUPS - A method and system for restricting remote access by users of directory access protocol client systems without using an directory access protocol “netgroup” option by defining a “remote_allowed” attribute for a entire user group, which, if enabled, allows granting of all remote access requests to all clients, but which, if disabled, allows granting of remote access requests to client systems specifically listed in a “hosts” attribute. In this manner, directory administrators may configure remote access rights for groups of users without having to perform cumbersome and tedious “netgroup”. Subsequent to granting access, the authentication, such as a log in, may be performed on the user. The invention is particularly useful for Lightweight Directory Access Protocol (LDAP) systems, where the “hosts” attribute can list client systems by Internet Protocol address, by hostname, or a by combination of address and hostname.08-20-2009
20090177790CONFIGURATION OF A PEER GROUP - Embodiments of the present invention relate to systems and methods for configuring computing devices to join a peer group. A peer group may be created on a subnetwork by a computing device. When a new computing device enters the subnetwork, it may join the peer group and be given access to the shared resources on the peer group and associated computing devices, using a communications layer and an authorization layer. Allowing a new computing device to join a peer group includes inviting the new device to join and then challenging the device for a passkey of the peer group. After joining the peer group, the computing device will be able to access and share resources with the peer group and other computing devices associated with the peer group.07-09-2009
20090144437Securing a Server in a Dynamic Addressing Environment - A dynamic address router may provide dynamically updated routing to a device with a dynamic network address as well as provide a security certificate for the device. The device may be routed using a subordinate domain name. The principal domain name and a security certificate may be held by a single service provider that may enable a simple setup and configuration mechanism, as well as to guarantee the authenticity of the security holder even though the holder may connect through a dynamic address connection.06-04-2009
20080320153Resource Management Device For a Communications Network With Inter-Node Connections Associated With Shared Resource Preemption Rights and Resource Access Priority Rights - A device (D) is dedicated to the management of resources in a communications network comprising nodes (LER, LCR) connected together via connections. This device (D) comprises management means (MG) designed to define the connections and associate the connections with resources so that these connections can be setup when necessary. The management means (MG) are also required, according to a selected criterion, to associate each connection with either a first state in which it has a preemption right on selected resources shared at least partially with at least one other connection, although not authorized to use them, or a second state in which it is authorized to use the selected resources in order to setup this connection.12-25-2008
20080215742METHOD AND APPARATUS FOR DYNAMICALLY ADJUSTING RESOURCES ASSIGNED TO PLURALITY OF CUSTOMERS, FOR MEETING SERVICE LEVEL AGREEMENTS (SLAs) WITH MINIMAL RESOURCES, AND ALLOWING COMMON POOLS OF RESOURCES TO BE USED ACROSS PLURAL CUSTOMERS ON A DEMAND BASIS - A method (and system) for managing and controlling allocation and de-allocation of resources based on a guaranteed amount of resource and additional resources based on a best effort for a plurality of customers, includes dynamically allocating server resources for a plurality of customers, such that the resources received by a customer are dynamically controlled and the customer receives a guaranteed minimum amount of resources as specified under a service level agreement (SLA). The best effort is defined in the SLA as a range of service to be provided to the customer if server resources are currently available.09-04-2008
20100325295COMMUNICATION APPARATUS - In a general connection service using the PPPoE protocol, since user determination cannot be performed before a PPP authentication phase, even when a connection request is received from an invalid user, an access server and an authentication server operate under loaded conditions. Accordingly, an invalid user list is held in the access server, and user information is added to a PADI packet. In this arrangement, an invalid user can be determined at early stages and the packet can be deleted, thereby the load can be reduced. Further, regarding the invalid user, pseudo-connection completion is made and an occurrence of retry is prevented, thereby the load can be reduced.12-23-2010
20080256249CLIENT AGENTS FOR OBTAINING ATTRIBUTES FROM UNAVAILABLE CLIENTS - A computer system and methods for creating an agency relationship among clients of a computer system with respect to personal privileged, or otherwise sensitive permissions and/or attributes, is described. The system and methods allow a querying client to obtain permission and/or attributes from a queried client, even if the queried client is unavailable.10-16-2008
20080256250Sub-tree access control in network architectures - A logical network directory database compliant with the X.500 standard for a directory data system is disclosed. The network directory database provides a source of subscriber and service data accessible by various control and management processes that require subscriber information. The network directory database may be extensible across various communications service providers and IT domain. Further, the disclosed network directory database may be applied to new and existing services, such as, IP Multimedia Subsystem, Unlicensed Mobile Access (UMA) and other IP services.10-16-2008
20100325297APPARATUS, SYSTEM, AND METHOD FOR FACILITATING ELECTRONIC COMMUNICATION AND PRIVACY OF ELECTRONIC RECORDS BASED ON A PERSONAL CONTACT - An apparatus, system, and method are disclosed for facilitating electronic communication and privacy of electronic records based on a personal contact. A token giver gives a token to a token receiver through a personal contact. The purpose of the token is to facilitate communication between the token giver and token receiver. The token includes a token identifier that is uniquely associated with the token. The apparatus includes a receiver module for receiving the token identifier from the token receiver. In response to receiving the token identifier, a channel module establishes an electronic communication channel between the token giver and the token receiver. A transfer module provides, to the token receiver, initial electronic content customized for the token identifier. In response to a request from either the token receiver or the token giver, a transfer module brokers an electronic content transfer between the token receiver and the token giver via the electronic communication channel.12-23-2010
20100332668Multimodal proximity detection - Systems and methods for proximity detection between electronic devices are disclosed. One or more electronic devices transmit signals to a proximity server, which determines whether the first electronic device may be proximate the second electronic device. The proximity server transmits a signal to the first electronic device and the second device, and in response to the signal, the first and second electronic devices activate an environmental sensor, collect at least one sample of environmental data, extract at least one feature set of the environmental data, generate a first obscured feature from the feature set, transmit the first and second obscured feature sets to the proximity server. The proximity server uses the first obscured feature set and the second obscured feature set to determine whether the first electronic device and the second electronic device are proximate.12-30-2010
20110264816 METHOD FOR ACCESS CONTROL WITHIN A NETWORK AND A NETWORK - For allowing an effective handling of obligations a method for access control within a network, especially for control of access of a subject to a resource of the network, is disclosed, wherein a PEP (Policy Enforcement Point) sends an access request for evaluation to a PDP (Policy Decision Point) and wherein the PDP sends a reply which contains at least one obligation to the PEP. Whereby for specifying obligations a meta-language as for example OASIS XALML is used.10-27-2011
20100332670METHOD OF CONTROLLING DEVICE CONNECTED TO UNIVERSAL PLUG AND PLAY HOME NETWORK VIA INTERNET, AND SYSTEM AND DEVICE FOR THE METHOD - A method, system, and device for controlling a device connected to a UPnP (universal plug and play) home network using the Internet is provided. This method includes: subscribing to the external device outside the UPnP home network and informing the external device of control information about the device connected to the UPnP home network; converting a third-party notification message about control of the device connected to the UPnP home network, the third-party notification message being received from the external device via the Internet, into a control message with respect to a device that provides a web-based user interface or a device that provides no web-based user interfaces; and transmitting the control message to the device that provides a web-based user interface or the device that provides no web-based user interfaces.12-30-2010
20110035505CAPTCHA-FREE THROTTLING - One embodiment provides a system that throttles access to a web resource. During operation, a throttle server receives a request to access the web resource. The request is associated with a computing device used by a user and is redirected from a server providing the web resource. The throttle server then determines whether the computing device has previously accessed a restricted resource different from the web resource corresponding to the request based on the presence or absence of a unique mark associated with the computing device. Based on the determination, the throttle server subsequently generates a response indicating whether the computing device meets a predetermined requirement for accessing the web resource, and sends the response to the server providing the web resource, thereby facilitating access throttling to the web resource.02-10-2011
20100293282IDENTIFICATION, STORAGE AND DISPLAY OF LAND DATA ON A WEBSITE - Disclosed is a land website that provides a personalized database on which data can be stored, retrieved, customized and communicated (e.g., by e-mail) relating to a particular piece of property. The database can be accessible via a password and a security code over the Internet and may be encrypted for transmission. Land websites can be established that contain image data, map libraries, virtual tours, legal descriptions, title information, e-documents, actual pictures of property and various other information. Unique 3-D imaging of composite images can be provided on the land website as well as fly-around composite 3-D images. The land website provides a unique way of packaging information relating to a piece of land in a single, accessible location. A boundary applet tool is provided on the land website portal that allows a user to simply and easily draw boundaries around the property of interest and then submit an order for more detailed information about the property of interest. Various map data and image data are provided to assist the user in drawing the boundaries. Acreage amounts are automatically calculated based upon the size and area drawn by the user. Properties of interest can be easily accessed by a global coordinate system or by searching on map data that is provided on a wide range of scales.11-18-2010
20110072142USE OF PROXY SERVERS AND PSEUDONYMOUS TRANSACTIONS TO MAINTAIN INDIVIDUAL'S PRIVACY IN THE COMPETITIVE BUSINESS OF MAINTAINING PERSONAL HISTORY DATABASES - A system is provided that preserves data privacy for the Individual—I and Private Data Owner (PDO) while granting data access to the User—U and Accessor who need such data to perform their usual and customary business functions. The method and system completely control the User's access to the Private Data Owner's Private Data by replacing Identifying Information for the User—U, Individual—I, Accessor and PDO with pseudonyms. This assures the overall privacy of individuals, throughout the course of collecting, storing, accessing, analyzing and sharing detailed private records among different organizations engaged in providing and/or consuming services and/or products. Access Control Rule Sets (“ACRS”) consist of instructions which prescribe the terms and conditions for permitting Users to access the PDO's Pseudonymized and Actual Private data in accordance with the rules governing their authorization to access such data.03-24-2011
20120311167NON-INTRUSIVE SINGLE SIGN-ON MECHANISM IN CLOUD SERVICES - A method and apparatus for Single Sign-on, wherein the user accesses a platform server and at least one service provider on the platform server. The method includes intercepting a request sent by the user via a client browser and extracting a domain name included in the request. If the domain name is an original domain name of the platform server, a global session ID is generated for uniquely identifying a session between the user and the platform server. A new domain name of the platform server associated with the global session ID is generated and the URL in the request is redirected to a new URL including the new domain name of the platform server. The request, including the new URL of the platform server, is forwarded to the platform server.12-06-2012
20100121967SYSTEM AND METHOD FOR DEVICE MANAGEMENT SECURITY OF TRAP MANAGEMENT OBJECT - The present invention relates to a system and method for device management security, and more particularly to a system and method for device management security of a trap management object (Trap MO), which can prevent a non-authorized device management server from indirectly controlling device management of a mobile terminal through use of the Trap MO defined in Open Mobile Alliance Device Management (OMA DM). To this end, when a DM client receives a request to register a notification target MO as a recipient node registration from a DM server, the DM client determines if the DM server has authority for both addition and execution and allows only an authorized DM server to register a recipient node in the Trap MO, so that only a DM server having authority for execution of an MO can execute the MO and control the device management of a mobile terminal. Accordingly, it is possible to enhance device management security of the mobile terminal against non-authorized DM servers.05-13-2010
20100121966REPEATER AND REPEATING METHOD THEREOF - According to one embodiment, a repeater receives content data from a sender device through a first content protection technology and transmits the content data to another device through a second content protection technology. The repeater includes a receiver, a preparation module, and a transmitter. The receiver receives identification information that identifies a device compliant with the second content protection technology through the second content protection technology. The preparation module prepares an identification information list based on the first content protection technology that contains the identification information based on the second content protection technology received by the receiver and identification information based on the first content protection technology that identifies the repeater. The transmitter transmits the identification information list to the sender device through the first content protection technology.05-13-2010
20120210011APPARATUS AND METHODS FOR ACCESS SOLUTIONS TO WIRELESS AND WIRED NETWORKS - A method, apparatus, and system in which a module may have both an embeddable portion and a cooperating downloadable portion scripted to plug in and be integrated into an existing Terms and Condition page of a public Wi-Fi and/or wired network. The module is scripted to cause an injection of a third-party captive portal and authentication flow when the client device with a resident browser application contacts a host gateway or other host controller to undergo a sign on experience as a guest to access/connect into a public Wi-Fi and/or wired network. The module is also scripted to direct the web browser back to the Terms and Condition page once the web browser of the client device has been through the third-party captive portal and authentication flow and its associated one or more web pages that are parsed and rendered by the web browser.08-16-2012
20110138067Cluster View Performance - A system and method of constructing cluster views may involve determining that a process such as an application server process having an IP address is stopped. Another IP address may be assigned to the process in response to determining that the process is stopped, wherein the other IP address is dedicated to processes that are stopped. If a connection request for the process is received at the other IP address, the connection request may be actively refused. The active refusal may significantly reduce the amount of time required to generate cluster views.06-09-2011
20090300197Internet Protocol Communication System, Server Unit, Terminal Device, and Authentication Method - According to one embodiment, there is provided an Internet Protocol communication system provided with terminal devices configured to mutually communicate with one another via an IP network and a server unit which performs digest authentication in response to authentication requests transmitted from the terminal device. The server unit comprises an authentication processing module which transmits challenge values to terminal devices of authentication request sources, and verifies response values returned to the challenge values, and a determination module which determines results of the digest authentication on the basis of the results of the verification. At least one of the terminal devices comprises an authentication client module which generates the response values by using a defined algorithm in accordance with user passwords input by users, and with device passwords stored in advance, and returns the response values to the server unit.12-03-2009
20090300195METHODS AND APPARATUS FOR NETWORK TRAFFIC DISTRIBUTION BASED ON RANDOM NUMBER VALUES - In one embodiment, a method includes receiving a routing distribution profile associated with a set of network resources disposed between a source endpoint and a destination endpoint. The set of network resources is within a session over Internet Protocol (SoIP) network. A distribution function is defined based on the routing distribution profile and based on a range of random number values. The distribution function is used to route via a network resource from the set of network resources a request to establish a session between the source endpoint and the destination endpoint.12-03-2009
20090292816Device and Method for Secured Communication - Devices and methods are provided for securing communication between a traffic management center (TMC) and a traffic controller via utilization of a field security device. In one embodiment, the field security device transmits a device identifier to the TMC upon being powered up or connected to the traffic controller. The device identifier is generally based on a combination of user-configurable and non-user-configurable parameters of the field security device. In response to the TMC authenticating the device identifier, the field security device establishes a secure private network (SPN) between the field security device and the TMC.11-26-2009
20090292814FEDERATION AND INTEROPERABILITY BETWEEN SOCIAL NETWORKS - Communications between social networks are enabled via authentication that provides single-sign-on (SSO) authentication of users such as individual users or social networks or social network services that desire access to network resources on a particular social network. The particular network requests authentication of the requesting user(s), and based on an authentication result the particular network provides or denies access to the resources. A social network services database maintains a listing of resources of different social networks, that a user can search to determine where to find resources on other networks. The user can then query the social networks hosting those resources or their social network services for access, and the networks or services can authenticate the user before granting access according to any conditions that the hosting social networks or social network services may choose to apply.11-26-2009
20100017525ELECTRONIC SUPPLY CHAIN MANAGEMENT - In some embodiments a method for correlating supply chain network information received from supply chain network components controlled by different entities includes receiving connection agent information indicating access point identifiers associated with network access points; receiving provisioning information including physical location identifiers identifying venues at which the network access points reside; receiving network authorization request and response records, wherein the network authorization request and response records include data associated with the connection agent information and the provisioning data. The method can also include determining an association between one of the physical location identifiers that identifies one of the venues and one of the access point identifiers associated with one of the network access points, the determining including, selecting, based on the common data, the physical location identifier from the provisioning information; and selecting, based on the common data, the one of the access point identifiers from the connection agent information.01-21-2010
20110307622Method and System for Secure Server-Based Session Management Using Single-Use HTTP Cookies - A methodology for providing secure session management is presented. After a single-use token has been issued to a client, it presents the token, and the server may identify the client based upon the presented token. However, the token may be used only once without being refreshed prior to re-use, thereby causing the token to be essentially reissued upon each use. The token comprises a session identifier that allows the issuer of the token to perform session management with respect to the receiving entity. Tokens can be classified into two types: domain tokens and service tokens. Domain tokens represent a client identity to a secure domain, and service tokens represent a client identity to a specific service. A domain token may be used with any service within a domain that recognizes the domain token, but a service token is specific to the service from which it was obtained.12-15-2011
20110307620APPARATUS AND METHOD FOR REGISTERING PERSONAL NETWORK - A method for a Personal Network Entity (PNE) to individually join a desired Personal Network (PN) is provided. When the PNE transmits a PN connection request message to a PN gateway, the PN gateway inserts its information into the connection request message and forwards the connection request message to a Converged Personal Network Service (CPNS) server. The CPNS server, upon receipt of the connection request message through the PN gateway, generates and manages information about a PN related to the PN gateway. The information about the PN is provided to the PNE at execution of authentication with the PNE, such that the PNE can determine whether to join the PN.12-15-2011
20110307621METHOD FOR IMPLEMENTING A CONVERGENT WIRELESS LOCAL AREA NETWORK (WLAN) AUTHENTICATION AND PRIVACY INFRASTRUCTURE (WAPI) NETWORK ARCHITECTURE IN A LOCAL MAC MODE - A method for implementing a convergent Wireless Local Area Network (WLAN) Authentication and Privacy Infrastructure (WAPI) network architecture in a local Medium Access Control (MAC) mode is provided and includes the following steps: the MAC function and WAPI function of Access Point (AP) are divided between Wireless Terminal Point (WTP) and Access Controller (AC) to construct a local MAC mode; the convergence of WAPI protocol and the convergent WLAN network architecture is implemented in the local MAC mode; the process of association and connection between STAtion (STA), WTP and AC is performed; the process of notification of the beginning of the execution of the WLAN Authentication Infrastructure (WAI) protocol between AC and WTP is performed; the process of the execution of the WAI protocol between STA and AC is performed; the process of notification of the end of the execution of the WAI protocol between AC and WTP is performed; the process of encrypted communication between WTP and STA is performed by use of WPI.12-15-2011
20120042087SYSTEM AND METHOD FOR LINKING AND SHARING RESOURCES AMONGST DEVICES - A device is enabled to establish a secure and persistent pairing with one another across a communication medium, using credential information that is exchanged out-of-band.02-16-2012
20090031032REGISTER CLUSTERING IN A SIP-BASED NETWORK - In one embodiment, a method can include: receiving a request for service in a first edge proxy; applying a hash function to a source address of an endpoint; and forwarding the request to a second edge proxy in response to a first result of the hash function, or servicing the request in the first edge proxy in response to a second result of the hash function.01-29-2009
20100125670SYSTEMS AND METHODS FOR DATA AUTHORIZATION IN DISTRIBUTED STORAGE NETWORKS - Storage authorization and access control of data stored on a peer-to-peer overlay network is provided. A publishing node stores data on a storage node in the overlay network. The publishing node is adapted to facilitate data storage authorization by generating a resource identifier as a function of a usage string associated with a data type to be stored. A storage request is generated that includes the resource identifier and data to be stored. The storage request may be sent to the storage node. The storage device receives the storage request sent by a publishing node, including a resource identifier and data to be stored. Independent storage authorization is performed by the storage node at an overlay level by verifying the resource identifier. The data in the storage request is stored at the storage node if the resource identifier is successfully verified.05-20-2010
20100100632Sharing Data Within an Instant Messaging Session - Sharing data within an instant messaging session is described. A user participating in an instant messaging session may request a data access key. The key, which provides access to data associated with the user, may then be transmitted via the instant messaging session to one or more other participants in the instant messaging session. The other instant messaging session participants can then use the key to access, via the instant messaging session, the data associated with the user. Users may be granted various levels of access to another user's data.04-22-2010
20110173338PROCESSING SYSTEM AND METHOD FOR CONNECTING A REMOTE USB DEVICE AUTOMATICALLY - A processing system and method for connecting to a remote USB device automatically. The processing system and method provide a user computer to be connected to or disconnected from a USB device via a network system and a USB server connected to the USB device. In the beginning, the user computer finds a USB device for the user computer from the USB server via the network system; when detecting that the user computer issues request messages, the USB server connects the user computer with the USB device, and the USB device executes corresponding services according to the request messages issued by the user computer; in the last, after detecting that the USB device has finished the corresponding services according to the request messages issued by the user computer, the USB server is enabled to disconnect the user computer from the USB device.07-14-2011
20110173337PROACTIVE PRE-PROVISIONING FOR A CONTENT SHARING SESSION - An apparatus includes a communication interface and a controller associated with the communication interface where the controller is further configured to determine an affinity between a first device and at least one other device and create, based at least in part upon the determined affinity, one or more pre-provision packages. These pre-provision packages include data likely to be shared in the event that a content sharing session is ultimately entered into. The one or more pre-provision packages are then provided for storage upon at least one of the first device and the at least one other device. Then, when an indication of a desire for the first device to engage in a content sharing session with the at least one other device is received, access to the one or more pre-provision packages is provided to at least one of the first device and the at least one other device.07-14-2011
20110093604COMMUNICATION SYSTEM, SERVER APPARATUS, INFORMATION COMMUNICATION METHOD, AND PROGRAM - The communication system of the present invention includes a terminal, a first server apparatus that manages movement of the terminal, and a second server apparatus that performs authentication of the terminal. The first server apparatus uses an AAA protocol to transmit a first message that includes a pseudo-NAI of the terminal to the second server apparatus. The second server apparatus records the pseudo-NAI and true-NAI of the terminal in association with each other, and upon receiving the first message from the first server apparatus, uses the AAA protocol to transmit to the first server apparatus a second message that includes the true-NAI that was placed in association with the pseudo-NAI that was included in the first message.04-21-2011
20110093603VIRTUAL FOLDERS FOR TRACKING HTTP SESSIONS - Requests from a client to a network device are authenticated based on a session ID obtained by the network device. Requests may be authenticated by obtaining a session ID value when a session is initiated and transmitting a document to the client that embeds the session ID in such a manner that additional requests to the network device based on the document include the session ID in the request. The additional requests are authenticated based on a determination of whether the session ID is included in the additional requests.04-21-2011
20110093602SYSTEM AND METHOD TO PROVIDE BUILT-IN AND MOBILE VPN CONNECTIVITY - A system and method for facilitating the establishment of a virtual private network between a network and a remote computer, the system having: a mobile device connectable to the remote computer and storing a user profile, virtual private network information, and password information; virtual private network software being located on one of the mobile device and the remote computer; an access point communicating with the network; and communication means for communications between the access point and one of the mobile device and the remote computer, wherein the user profile, virtual private network information, and password information is passed to the virtual private network software upon connection of the mobile device to the remote computer, the virtual private network software using the user profile, virtual private network information, and password information to establish a virtual private network through the communications means and the access point to the network.04-21-2011
20120005357DELEGATE PROCEDURE FOR AN AUTHENTICATION, AUTHORIZATION AND ACCOUNTING PROTOCOL - According to several embodiments of the present invention, an information element for a first server controlling a first session according to an authentication, authorization and accounting protocol related to a bearer is generated, wherein the information element indicates that there is at least one second session according to the authentication, authorization and accounting protocol with at least one second server related to the same bearer, and that delegation of the first and the at least one second sessions is allowed. Alternatively an information element to be sent from a first server to at least one second server which are connected to a client is generated, wherein there is a first session according to an authentication, authorization and accounting protocol with the client related to a bearer, and the information element includes information for at least one second session according to the authentication, authorization and accounting protocol related to the same bearer, and wherein delegation of the first and the at least one second sessions is allowed.01-05-2012
20120011263Using A Virtual Network Interface To Obtain Access To Resources - A first computing device maps a virtual network address for a virtual resource that is accessible to the first computing device to an address of a designated resource that is inaccessible to the first computing device but accessible to a remote second computing device. The first computing device generates a control message that, when acted upon by the second computing device, causes the second computing device to transmit the resource message to the designated resource. The first computing device then attaches the resource message to the control message. The first computing device sends the control message to the second computing device, wherein the second computing device acts on the control message to send the resource message to the designated resource without having a resource driver for the designated resource installed on the second computing device.01-12-2012
20120011262Method and System of Processing Cookies Across Domains - Method and system of processing cross-domain cookies in order to allow a first website to access a cookie of a second website are provided. In one aspect, a method includes: providing a flash cookie of a first website in a user's local computer; reading an ordinary cookie of a second website that is stored in the user's local computer; and writing the ordinary cookie of the second website into the flash cookie of the first website. Based on this method, it is achievable to access and store cookies across domains in the user's local computer. Accordingly, the method enables e-commerce websites to have a more comprehensive collection of user information to provide more reliable references for the e-commerce websites to analyze user information.01-12-2012
20120017000Preventing Conflicts of Interests Between Two or More Groups Using Applications - To prevent conflicts of interest, an information management system is used to make sure two or more groups are kept apart so that information does not circulate freely between these groups. The system has policies to implement an “ethical wall” to separate users or groups of users. The user or groups of user may be organized in any arbitrary way, and may be in the same organization or different organizations. The two groups (or two or more users) will not be able to access information belonging to the other, and users in one group may not be able to pass information to the other group. The system may manage access to documents, e-mail, files, and other forms of information.01-19-2012
20120016999Context for Sharing Data Objects - The present disclosure involves systems, software, and computer implemented methods for providing a context service for sharing data objects among different components. One process includes operations for receiving a data object for inclusion in a hosted context storage and determining user information associated with a client with access to the data object. After the data object and the user information are stored in the hosted context storage, a request for the data object is received from the client. The data object is provided to the client based on an authentication status of the client.01-19-2012
20120017001METHOD AND SYSTEM FOR ASSIGNING ACCESS CONTROL LEVELS IN PROVIDING ACCESS TO NETWORKED CONTENT FILES - A method and system for assigning access control levels when granting access to resources includes a client node, a collection agent, and a policy engine. The client node requests access to a resource. The collection agent gathers information about the client node. The policy engine receives the gathered information and assigns one of a plurality of levels of access responsive to application of a policy to the received information and transmits the information.01-19-2012
20120023246GROUP SESSION MANAGEMENT FOR POLICY CONTROL - At present some situations occur where a policy control at individual user level is not enough. For example, where a plurality of users surpasses a load limit in a certain location area, which could imply a risk of network congestion, policy control decisions in conventional architectures have to be made by submitting corresponding orders for each user affected by the decision, thus resulting in a higher signalling and processing load. To overcome these drawbacks, the present specification provides for new network entities and method to monitor and control a plurality of users, as dynamically determined according to different selection criteria, in order to compile users-related aggregated reports, to establish dynamic group of users whom specific policy control rules can be applied, and to map orders and information between group and user level.01-26-2012
20120023247ANONYMOUS COMMUNICATION SYSTEM, ANONYMOUS COMMUNICATION METHOD, COMMUNICATION CONTROL APPARATUS, TERMINAL APPARATUS AND COMMUNICATION CONTROL PROGRAM - In an anonymous communication system, an anonymous property which a service provider requires and an anonymous property which a user permits are assured. A communication control apparatus 01-26-2012
20120072605System and Method to Detect and Mitigate Distributed Denial of Service Attacks using Random Internet Protocol Hopping - A method includes sending a first redirect instruction to a first client in response to a first session request received at a service address, and establishing a first session with the first client in response to a second session request received at the first redirect address indicated by the first redirect instruction. Additionally, the method includes determining a first service interval has passed, and sending a second redirect instruction to a second client in response to a third session request received at the service address after the first service interval has passed. The method still further includes establishing a second session with the second client in response to the fourth session request received at the second redirect address indicated by the second redirect instruction after the first service interval has passed, and rejecting the fifth session request received from a third client at the first redirect address after the first service interval has passed.03-22-2012
20120158979METHOD AND APPARATUS FOR CONTROLLING ACCESS TO ACCESS POINT IN MOBILE TERMINAL - A method and an apparatus for controlling access to an Access Point AP in a mobile terminal are provided. The method includes storing information of an AP as profile information, determining whether profile information of an accessed AP is stored in the mobile terminal when the mobile terminal accesses the AP, and logging in to the accessed AP based on the stored profile information.06-21-2012
20110066739SYSTEM AND METHOD FOR AUTOMATICALLY INITIATING AND DYNAMICALLY ESTABLISHING SECURE INTERNET CONNECTIONS BETWEEN A FIRE-WALLED SERVER AND A FIRE-WALLED CLIENT - A system and method for automatically and dynamically initiating and establishing secure connections between a Server and a Client using a session control server (SCS). Both the Server and the Client are connected to an untrusted network (such as the Internet) through a Network Address Translator or Translation (NAT) router or a firewall. The SCS, independently trusted by both the Server and the Client, brokers the required connection parameters to establish a secure connection between the Server and the Client. The system and method does not require any user configuration on the Client and eliminates the need for the Server to accept explicit connection requests or packets from the Client, thereby allowing the Server firewall to always remain closed to all inbound traffic.03-17-2011
20110106957Access Control In Client-Server Systems - A telecommunications network and a method of operating the same are described which is a shared by two or more organizations, the network including at least a server and a client. The server is adapted to transmit to the client a proxy communications object comprising a definition of the rights and privileges of an organization to use the network. When the organization initiates a request to the server it does so via the proxy object on the client The proxy object enables a comparison of the contents of request and the definition of the rights and privileges and enables forwarding of the request to the server only when the request and the rights and privileges granted to the requesting organization are consistent with each other. The request relates to modification of a management object maintained at a network resource, the organization having a global right to access the network resource. By this means unwanted accesses to the server may be prevented at the client.05-05-2011
20110099282METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR SESSION INITIATION PROTOCOL (SIP) IDENTITY VERIFICATION - Methods, systems, and computer readable media for verifying the identity of a SIP user seeking to establish a session are disclosed. Methods for verifying the identity of a SIP user seeking to establish a session described herein may be performed at a computing platform that includes a SIP user agent. According to one method, an INVITE message for establishing a session is received, where the INVITE message includes sender identification information and dialog identification information. In response to receiving the INVITE message, a subscription request including the dialog identification information is sent to a second computing platform that includes a user agent identified by the sender identification information in the INVITE message. A response to the subscription request is received and, based on the response to the subscription request, it is determined whether the identity of the sender of the INVITE message can be verified.04-28-2011
20090132718Content Filtering System for a Mobile Communication Device and Method of Using Same - A method of controlling access to content from a mobile client device, the mobile client device being communicably connected to a server device via a communication link, and the method including the steps of: (i) receiving in the mobile client device, an input indicative of the content; (ii) thereafter, processing the received input, wherein said processing includes the mobile client device determining if the received input meets an access criteria, whereby, the mobile client device selectively provides access to the content if the access criteria is determined to have been met.05-21-2009
20120124231METHODS AND APPARATUS FOR CONTROLLING SWITCHING BETWEEN RESOURCES AND/OR COMMUNICATING RESOURCE CHANGE INFORMATION IN A WIRELESS COMMUNICATIONS SYSTEM - Methods and apparatus for controlling switching between resources and/or communicating resource change information in a wireless communications system are described. Various methods and apparatus are well suited for use in a decentralized wireless communications network, such as a decentralized peer to peer wireless network, where an individual communications device self allocates resources and makes resource switching decisions. A first communications device may decide that there is a need to switch from the first communications resource corresponding to a first identifier to a second communications resource corresponding to a second identifier, e.g., because of interference. The first communications device generates and transmits a broadcast change signal indicating a change from the first communications resource associated with the first identifier to a second communications resource associated with the second identifier. In some embodiments, the resource change signal is transmitted on at least one of the first and second communications resources.05-17-2012
20120166662HTTP Proxy based Captive Portal - HTTP-Based Captive Portal. Client requests through a device such as an access point or wired connection are routed through a captive portal switch (CPS). If the CPS determines that the client has not been authenticated, the CPS redirects (NATs) the client request to an internal HTTP proxy. The CPS HTTP proxy terminates the client request and opens a connection to a captive portal server. Thus, for an unauthenticated client, any HTTP request will be routed to the captive portal server. When client authentication at the captive portal server completes, the captive portal server returns a success code, such as embedded in a web page delivered to the client. When the CPS recognizes this success code, it disables the NAT for that client, allowing further requests to be passed through the network. The CPS may be hosted in a separate network appliance, or it may be a process hosted in the AP or on another AP in the network, or on a network device such as a controller or switch.06-28-2012
20120221739ENDPOINT DEVICE AND ARTICLE OF MANUFACTURE FOR APPLICATION TO APPLICATION COMMUNICATION OVER A NETWORK - An endpoint device is provided that includes a processor and non-transitory media encoded with a communication protocol stack; an application that is configured to run on the endpoint device and to send a method call that includes a unique application identifier (AppID) associated with the application and that requests a media connection with another application running on a different endpoint device; an interface configured to, convert the method call to a network message that includes a media request that includes the AppID and that requests the media connection with the different endpoint device and that includes an authorization request that includes the AppID and that requests authorization from an application management server; and use the AppID information associated with the accessed information to route the accessed information to the application associated with the AppID.08-30-2012
20120221738METHOD TO SET UP APPLICATION TO APPLICATION COMMUNICATION OVER A NETWORK BETWEEN APPLICATIONS RUNNING ON ENDPOINT DEVICES - A method is provided to communicate media information over a network comprising: in response to a request from a first application running on a first endpoint device for a media connection with a second application running on a second endpoint device, sending a request over a network for a media connection with the second application; wherein the media connection request includes an application identifier (AppID) associated with the first application; sending an authorization request to an application manager server to obtain authorization for the requested media connection; wherein the authorization request includes the AppID associated with the first application; communicating control information over a control session set up between the first endpoint device and the second endpoint device; wherein the control information includes the AppID associated with the first application; and communicating media information over a media session.08-30-2012
20120317297ESTABLISHMENT OF A PAIRING RELATIONSHIP BETWEEN TWO OR MORE COMMUNICATION DEVICES - A communication device establishes a trusted relationship with one or more remote communication devices by capturing ambient information with both communication devices, which is sent to a comparison system that compares them. The ambient information is used as authorization information. Upon a satisfactory comparison of the ambient information captured by the communication devices, the communication device is notified and a trusted relationship may be established between it and the remote communication device. Once the trusted relationship has been established, a personal area network can be established between the communication devices.12-13-2012
20100064048FIRMWARE/SOFTWARE VALIDATION - The fingerprint value of the firmware or software of a client device is received and the validity of the fingerprint is verified. Network access control device is notified when the fingerprint of the firmware or software from the client device is determined to be not authorized.03-11-2010
20120215931MOBILE ROUTER IN EPS - Message routing between a mobile communication network and wireless devices is enabled by establishing a communication session between a mobile router and the mobile communication network which includes the mobile router being assigned an IP address. A wireless device is authenticated to the mobile communication network through the mobile router so that the wireless device is uniquely identifiable to the mobile communication network. A new packet data network (PDN) connection is established between the wireless device and the mobile communication network over the communication session established with the mobile communication network based on an IP address uniquely assigned to the wireless device by the mobile communication network.08-23-2012
20100174822METHOD AND APPARATUS FOR NETWORK LICENSE ENFORCEMENT - A method for license enforcement is provided. The method includes receiving a request for a license from an instance; determining whether the request for the license is permitted by generating a first response permitting or denying the license request; delivering the request to a server based upon the first response; receiving a server response from the server permitting or denying the license request; and determining whether the request for the license is permitted by generating a second response permitting or denying the license request. An apparatus for performing the method is also disclosed herein.07-08-2010
20100049859Method and Apparatus for Providing Network Resources to Content Providers - A method and an SLA portal (02-25-2010
20100274911NETWORK BASED STORAGE AND ACCOUNTS - Managing information related to an entity. The method includes storing a cache of data particular to an entity. The cache of data is related to the entity and controlled by the entity. The data in the cache of data is organized into a number of distinct subject matters. Access is provided to a portion of the data to a third party. Access is provided based on the third party being a service provider providing services related to the one of the distinct subject matters. Access is provided while restricting access to other portions of the data to the third party. Additional data is received from the third party. The additional data is added from the third party to the cache of data and the additional data is organized into the one of the distinct subject matters such that the additional data is also related to and controlled by the entity.10-28-2010
20100274912Data Management Between Multiple Data Sources - Presented herein are systems and methods that facilitate the portability and management of user data maintained at two or more services. In embodiments, a configurable profile management interface or interfaces are provided to a user, which enable the user to identify data elements that may be maintained across one or more services. In embodiments, a user has the ability to set precedence values by identifying which elements from which service or services should be considered as sources of truth. In embodiments, those sources of truth may be used to propagate changes to one or more services. In embodiments, the profile synchronization functionality may be incorporated within a human resources (HR) system. In embodiments, the user can also configure a schedule for transferring data, can import some or all of the data, and/or can export all or some of the data.10-28-2010
20100274910HOSTED APPLICATION SANDBOX MODEL - An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.10-28-2010
20090077248BALANCING ACCESS TO SHARED RESOURCES - Methods, systems, and computer program products for accessing a shared resource in a data processing system by a plurality of clients are disclosed. In one example, a privilege limit for a privileged use of the shared resource is associated a with each client. A use indicator is measured for each client, which relates to use of the shared resource by the respective client. When a critical condition of the shared resource is detected, the access granted to at least one client is released. Access may then be granted to another client.03-19-2009
20090327501COMMUNICATION ACCESS CONTROL SYSTEM AND METHOD - Disclosed herein are one or more systems and methods to control communication access to a user via one or more communication clients, each of which provides a mode of communication, to communicate with a user, using communication access control items and communication access control conditions associated with each of the communication clients.12-31-2009
20120084451Methods, Apparatuses, And Related Computer Program Product For Network Security - It is disclosed a method (and related apparatus) including selecting, at a first endpoint entity, at least one range of protection to be granted, the range of protection relating to one of a plurality of network elements in at least one access network and at least one core network and to a second endpoint entity, and transmitting, to a network element entity, a signaling message including first establishment information indicating the at least one range of protection to be granted; and a method (and related apparatus) including receiving, at the network element entity, the signaling message from the first endpoint entity, obtaining, from a second endpoint entity and based on the first establishment information, second establishment information indicating protection granted by the second endpoint entity, and signaling, from the network element entity to the first endpoint entity, third establishment information indicating the protection granted to the first endpoint entity.04-05-2012
20120084450Audio challenge for providing human response verification - There is provided a system and method for audio challenges for providing human response verification. There is provided a method comprising receiving a request to verify whether a client is human controlled, generating, using a database, a challenge question and a corresponding answer set, selecting a plurality of images and an audio instruction corresponding to the challenge question, presenting the plurality of images and the audio instruction to the client, receiving a submission to the challenge question from the client, and responding to the request by verifying whether the submission is contained in the answer set to determine whether the client is human controlled. By utilizing easily understood elements such as common shapes and objects, familiar characters, colors, sizes, orientations, and sounds, even young children can solve the challenge question, whereas automated systems are deterred by the complex audio and image analysis required.04-05-2012
20120084449DYNAMIC SELECTION OF PACKET DATA NETWORK GATEWAYS - A device receives a PDN connection request from a UE, and exchanges, with a HSS, authentication and authorization information associated with the UE. The device also constructs an APN FQDN based on the authentication and authorization information, and sends a query, that includes the APN FQDN, to a DNS server. The device further receives, from the DNS server, PGW FQDNs that contain the APN FQDN, and compares the PGW FQDNs with a FQDN associated with a SGW. The device determines, based on the comparison, a PGW, associated with a PGW FQDN that is a closest match to the FQDN associated with the SGW, to be a primary PGW for the PDN connection request. The device also determines, based on the comparison, one or more PGWs, residing within a predetermined distance of the SGW, to be one or more backup PGWs for the PDN connection request.04-05-2012
20090019170SYSTEM AND METHOD FOR SECURE COMMUNICATION CONFIGURATION - A communication system including a routing server and gateway server through which digital communication sessions are established along selected network routes based upon security requirements is disclosed. A digital communication request having a security level required is transmitted to a routing server. The routing server then determines a route, if available, having a route security rating sufficient for the specified communication and initiates the communication using the gateway server. The route security score is calculated based upon a table of security ratings associated with a plurality of connected networks segments which comprise a digital communication network.01-15-2009
20080301310SYSTEMS AND METHODS FOR ADVANCED COMMUNICATIONS AND CONTROL - Methods and systems for telecommunications operations and controls include (1) an enhanced text message process or methodology that allows a remote user who does not have, already installed, a specialized voice telephony program to nevertheless place and participate in a voice call, (2) call admission control using a “degrees of separation” metric, (3) real time controlled sharing of contact (buddy) lists, (4) multi-service instance messaging conferences, and (5) “meta buddies” or buddy lists that can be automatically imported and made part of a user's own buddy list.12-04-2008
20080301309Browser initiated reporting of fraud - A method and apparatus for providing safety feedback to web browsers. A web browser contacts a remote server that monitors web site safety and provides a universal resource locator (URL) for a web site the client is about to access. The web site safety or tracking server checks its database for reports of issues related to the URL and provides information on any such issues. The user of the web browser can then make an informed decision about whether to continue the access of the website associated with the URL. The user of the web browser can also send reports of unwanted activities by any website. This information is analyzed and added to the database maintained by the remote server.12-04-2008
20110004693Reputation Mashup - Techniques for reputation mashup are described. Reputation mashup refers to combining, aggregating, collecting, compiling, or otherwise organizing reputation data from multiple sources into a uniform format to facilitate making trust decisions for resources. In an implementation, reputation data for a resource is combined from a plurality of reputation sources. The combined reputation data for the resource is presented to a client to enable a trust determination to be made for the resource. Interaction with the resource by the client is selectively enabled or restricted in accordance with the trust determination made using the combined reputation data.01-06-2011
20110131339DATA ACCESS CONTROL METHOD AND SYSTEM - A data access control method and system. The method includes receiving by a computer processor from a requestor, a request for access to data. The computer processor extracts from the request, a requestor identification string associated with the requestor. The computer processor verifies a match for the requestor identification string, a service requestor identification string, a requestor software component operating process identification string, a requestor server identification string, a requestor hardware device network address and a requestor MAC address, and a requestor hardware device identification string against a plurality of registries. The computer processor generates an access point door associated with a specified logical storage room representation comprising the data. The computer processor enables access to the data via the access point door and the specified logical storage room representation.06-02-2011
20080288648Method and an apparatus to validate a web session in a proxy server - Some embodiments of a method and an apparatus to validate a web session in a proxy server have been presented. In one embodiment, service of predetermined content is offloaded from an application server to a proxy server communicatively coupled between the application server and a client. Using the proxy server, access to the predetermined content by the client may be controlled.11-20-2008
20080320154COOPERATIVE PROXY AUTO-DISCOVERY AND CONNECTION INTERCEPTION - In a network supporting transactions between clients and servers and proxies that are interposable in a network path between at least one client and at least one server, wherein a pair of proxies can modify a packet stream between a client and a server such that packet data from the client to the server is transformed at a client-side proxy of the proxy pair and untransformed at a server-side proxy of proxy pair and such that packet data from the server to the client is transformed at the server-side proxy and untransformed at the client-side proxy, a method and apparatus for a discovering proxy to transparently discover its position in a proxy pair by using proxy signals to indicate to other proxies that could pair with the discovering proxy. A discovering proxy might determine that it is a client-side proxy by receipt of a packet from client without a proxy signal. A discovering proxy might determine that it is a server-side proxy by receipt of a packet from server without a return proxy signal. Once a proxy pair is discovered, that proxy pair might transform traffic from the server to the client or vice versa, transforming the traffic at one proxy of the proxy pair and untransforming the traffic at the other proxy of the pair.12-25-2008
20120324121Inter-Service Sharing of Content Between Users from different Social Networks - Sharing content between users of different social networks includes: in a source social network implemented by at least one processor, receiving shared content uploaded by a source user with an indication of a number of recipients of the shared content; establishing a trusted communication link between the source social network and at least one external social network; and allowing the number of recipients to retrieve the shared content from the source social network via the trusted communication link.12-20-2012
20110060839COMMUNICATION CONTENTION MANAGEMENT DEVICE, AUXILIARY COMMUNICATION CONTENTION MANAGEMENT DEVICE, COMMUNICATION CONTENTION MANAGEMENT SYSTEM, AND COMMUNICATION CONTENTION MANAGEMENT METHOD - The communication contention management device of the present invention includes a connection request receiving unit to receive a connection request to the access point form the auxiliary communication contention management device, an access restriction unit to hold an identifier of the execution environment and an access restriction policy containing a designation of the access point to which the execution environment is allowed or not allowed to be connected and determine whether or not to permit the connection request according to the access restriction policy, and a contention determination unit to determine whether or not to permit the connection request based on an active state and an allocation state held in a connection manager.03-10-2011
20120089742PRESERVING AN AUTHENTICATION STATE BY MAINTAINING A VIRTUAL LOCAL AREA NETWORK (VLAN) ASSOCIATION - A method may include detecting a presence of a first server device; communicating, with the first server device, to obtain information associated with the first server device; sending, to a second server device, a request for authentication services, where the request includes the information associated with the first server device; receiving, from the second server device, a notification that the first server device has been authenticated, where the notification includes a session threshold; and establishing, based on the notification, a session with the first server device by associating the first server device with a virtual local area network (VLAN), where the associating permits network traffic to be received from or sent to the first server device via the VLAN, and where the network node uses the session threshold received from the second server device, instead of a threshold associated with the VLAN, to determine a duration permitted for the session.04-12-2012
20120331165SERVER DEVICE FOR TRANSMITTING AND RECEIVING DATA TO AND FROM CLIENT DEVICE THROUGH ACCESS POINT - A server device for transmitting and receiving data to and from a client device over a wireless communication network including an access point, the server device comprising: wireless connection determining means for determining whether or not the client device is wirelessly communicatively connected over the wireless communication network; security determining means for determining whether or not the client device is securely connected to the access point; and permitting means for permitting an automatic connection of the client device to the server device, when the wireless connection determining means determines that the client device is wirelessly communicatively connected, and when the security determining means determines that the client device is securely connected to the access point.12-27-2012
20120331164LOAD SHARING METHOD, SYSTEM AND ACCESS SERVER - A load sharing method, system, and access server has been disclosed. The load sharing method includes: sending request information to at least two authentication authorization accounting servers, receiving respective state information sent by the at least two authentication authorization accounting servers according to the request information, determining a load sharing ratio among the at least two authentication authorization accounting servers according to the respective state information, and sharing loads among the at least two authentication authorization accounting servers according to the load sharing ratio. The access server can adjust the load sharing ratio among the authentication authorization accounting servers dynamically, which improves user access performance.12-27-2012
20120331163System and Method for Determining Trust for SIP Messages - A method performed by a first network node of an IMS Network is provided. The method includes receiving a Uniform Resource Identifier (URI) in a header field in a first SIP message; receiving a token in the header field in the first SIP message, the token indicative of a type of a network node in a path of the first SIP message; and based on the received token, sending a second SIP message including the received URI, the second message conveying information about the first network node.12-27-2012
20120331162METHOD FOR SHARING CONTENTS USING TEMPORARY KEYS AND ELECTRONIC DEVICE USING THE SAME - An electronic device, a method for sharing content using temporary keys and a display apparatus using the same are provided. The method includes displaying a graphical user interface (GUI) for registering a temporary key; if a temporary key is input via the GUI, transmitting the inputted temporary key to a server; registering the input temporary key with the server; establishing a network connection with the server and at least one other electronic device, if the at least one other electronic device is authenticated by the server via the registered temporary key; and performing one of transmitting the content to the at least one other electronic device and receiving the content from the at least one other electronic device.12-27-2012
20110320621COMMUNICATION NETWORK SYSTEM - The communication network system comprises: a relay device (12-29-2011
20110320620METHOD OF AUTHORIZING AF SESSIONS USING EXTERNAL SUBSCRIBER DATABASE - Various exemplary embodiments relate to a method and related network node including one or more of the following: receiving, at the policy and charging rules node from a requesting entity, a message including a request associated with at least one service data flow (SDF), wherein the request includes at least one requested bandwidth; extracting at least one subscriber identifier from the message; retrieving a subscription record associated with the at least one subscriber identifier; determining whether the request should be fulfilled by performing at least one comparison of the at least one requested bandwidth for the SDF against at least one field of the subscription record; if the request should be fulfilled, establishing the SDF; and if the request should not be fulfilled: generating a response message that indicates that the request was rejected, and transmitting the response message to the requesting entity.12-29-2011
20100169499Trust in Physical Networks - A trust network has at least one transmission medium supporting transmission of data, wherein data transmitted is in at least some instances transmitted in discrete portions, two or more nodes terminating discrete legs in the transmission medium, and trust software executing from a machine-readable medium by a processor on one or more of the two or more nodes. The one or more nodes executing trust software apply trust logic to transmission of the discrete data portions.07-01-2010
20130013797Extended Proximity Indication For Private Cells - A user equipment UE stores a first list of private cells to which the apparatus is authorized to access (e.g., a CSG whitelist). While under control of a serving first cell, the UE determines from a transmission received from a neighbor second cell a physical cell identity PCI of the neighbor cell, then compares the determined PCI to a stored second list to determine whether the UE is authorized to access the neighbor cell. In one embodiment the second list maps PCIs to CSG IDs; if the determined PCI matches one in the second list the CSG ID is selected and it that matches one in the first list the UE is authorized access. In another embodiment the second list is only the PCI of those CSG cells on the UE's first list that are within the area served by the serving cell, so if the determined PCI matches one in the second list the UE is authorized access.01-10-2013
20110161511METHOD AND SYSTEM FOR PROVIDING SECURE HANDLING OF INFORMATION FOR COMPLETE INTERNET ANYWHERE - An Internet capable set-top-box (STB) may be operable to extend a security boundary from the Internet capable STB to an application server to allow support of web browsing operations from the application server. A secure link between the Internet capable STB and the application server may be established. The Internet capable STB may communicate a request for web page information from a secure web server along with cryptographic credentials to the application server, via the secure link. The application server may be allowed to receive the web page information directly from the secure web server and process at least the unsupported portion of the received web page information. The Internet capable STB may then receive the web page information with at least the unsupported portion processed from the application server, via the secure link, for further processing and rendering.06-30-2011
20110161510Method and system for layer-3 subscriber login in a cable data network - A subscriber login server is used for managing a subscriber login session. The login server is associated with a DHCP server for configuring a premise equipment device and operator-managed device. A subscriber login client at the premise equipment device securely communicates login username and password identifiers to the subscriber login server without using PPP technology. The login server retrieves matching identifiers from a RADIUS server and authorizes service with messages to the DHCP server and the CMTS.06-30-2011
20080256251Mechanism for executing server discovery - A mechanism to ensure that the same server/proxy is selected by different server/proxy discovery mechanisms executed in a network control element and a terminal equipment, respectively. A first selection of a server/proxy is executed by a network control element on the basis of a first discovery procedure. Then, a second selection of a server/proxy is started by a terminal equipment on the basis of a second discovery procedure. A relay agent element is used for responding to the request on behalf of a configuration server or for modifying a configuration server response so that the same server/proxy is selected by the network control element and the terminal equipment.10-16-2008
20080244078WEB SERVICES INTERMEDIARY - A proxy operates as an interface between application programs and web services. Each application uses an assigned ID key pair to interface with the proxy. The proxy itself uses a genuine ID/key pair for calling actual web services. Because only the proxy has the real web service key, that key remains secure and confidential. The proxy can filter the web service input and/or output as desired.10-02-2008
20110264815Subnet Box - The invention provides an external in-line device (“Subnet Box”) placed between a network and an access point to achieve secure Wi-Fi communications without needing to modify the access point. The Subnet Box comprises an embedded token and will authenticate users based on pre-stored access rights. In at least one embodiment of the invention, the Subnet Box comprises: a first communications port for intercepting data packets communicated to and from a wired communications network; a second communications port for intercepting data packets communicated to and from a wireless access point, wherein the wireless access point is an edge device of the wired communications network; a database comprising a number of serial numbers each associated with a client token and a secret cryptographic key; and a processor for determining whether a computing device having a client token can access the wired communications network via the wireless access point. The processor establishes a secure tunnel between the computing device and the first communications port.10-27-2011
20080222299Method for preventing session token theft - The present invention relates to a method for preventing the theft of a session token comprising the steps of: (a) detecting a submission of a first request from the client's browser to a protected site; (b) redirecting said first request to the traffic processor for monitoring said first request; (c) forwarding said first request from said traffic processor to said protected site; (d) receiving the response containing the session token from said protected site by said traffic processor; (e) storing said session token in the session table; (f) providing a token index for indexing said session token stored in said session table; (g) modifying the content of said response by changing said session token to said token index; and (h) forwarding the modified response from said traffic processor to said browser.09-11-2008
20130103847Device Provisioning or Pairing Using Graphical Representation of Device Identifier - Provisioning a local device with an account associated with a client device or pairing an accessory device with a local device is disclosed. A client device captures a graphical representation of a local device identifier using an image capture device, identifies the local device identifier and transmits the local device identifier to a remote server. The remote server determines an account associated with the client device and associates the local device identifier with the account. An accessory device includes a graphical representation of an accessory device identifier that is captured by an image capture device of the client device. An accessory device identifier is identified and transmitted to the remote server or to the local device, which associates the accessory device identifier with a local device identifier.04-25-2013
20130132598METHOD AND SYSTEM FOR MANAGING AND DELIVERING DATA - In accordance with at least some embodiments of the present disclosure, methods and apparatuses for delivering data to a plurality of destination nodes are presented. One example method may include in response to a request to deliver the data, determining a first transport for a first destination node based on availability of and/or network condition associated with the first transport, sending the data to the first destination node via the first transport, and determining whether to resend the data based on a delivery option extracted from the request.05-23-2013
20080209056SYSTEM AND METHOD OF SHARING MULTIMEDIA CONTENT - Provided is a system and method of sharing content with a multimedia content server. The multimedia content sharing system includes: a content server providing multimedia content; a slave storing authentication information to be connected to the content server through a network; and a host connected to the content server by using the authentication information of the slave to transmit and receive the multimedia content. According to the system and the method, the host can transmit and receive data to and from a web content server through a network without the operation of an external device. Additionally, the system and the method allow a user to select a storage mode of a slave, and a host to recognize the selected storage mode of a slave automatically, thereby improving convenience for a user. That is, the user does not need to select the communication protocol of a slave for connection between the host and the content server.08-28-2008
20100287291Method and system for user-determined attribute storage in a federated environment - A system is presented for facilitating management of user attribute information at one or more attribute information providers (AIPs), which can manage the user's attribute information in accordance with user-selected or administratively-determined options, including options that are stored in attribute release policies and/or dynamically determined during a transaction. E-commerce service providers (ECSPs), such as online banks or merchants, also maintain a relationship with an AIP such that the ECSP can trust the user attribute information that is provided by the AIP on behalf of the user. The user can complete transactions that require user attribute information at any ECSP without having to have previously established a relationship with that particular ECSP. If the ECSP has a relationship with one of the user's AIPs, then the user will be able to direct the ECSP to an AIP when the ECSP needs user attribute information to complete a transaction for the user.11-11-2010
20100287290Virtual Hotplug Techniques - Methods, systems, apparatuses and program products are disclosed for context sensitive selective control of usage of connection(s) to telecommunications networks, especially Internet and the like.11-11-2010
20100287288Mechanism to Verify Physical Proximity - Two participants may observe periodic data sources available only in the vicinity of physical trust (i.e. a wifi beacon). If an initial test of whether each participant has received the same key is passed, each party may hash the periodic source and communicate it to the other over a non-proximal communication channel (an IP network) and both are able to verify that the other (or agent of the other) is within the same vicinity.11-11-2010
20110238850SYSTEM AND METHOD FOR TRANSLATING APPLICATION PROGRAM NETWORK SERVICE REQUESTS INTO ACTIONS AND PERFORMING THOSE ACTIONS THROUGH THE MANAGEMENT AND/OR CONTROL PLANE RESPONSIVE TO PREVIOUSLY DEFINED POLICIES AND PREVIOUS REQUESTS BY THE SAME OR ANOTHER APPLICATION PROGRAM - Application program network service requests are translated into specific actions that are then performed through the management plane and/or control plane. The translations and resulting actions are responsive to previously defined policies for the communication network, and may further reflect processing of previous service requests by the same or another application program. The amount of resources available for use by a given application program may be predefined based on a globally defined network policy. Each service request obtained from an application program may be translated into multiple actions performed using various specific protocols and/or interfaces provided by either the management plane, the control plane, or both the management and control planes. Reports of network activity, status and/or faults for a requesting application program may be tailored to the requesting program's view of the network, and passed directly and exclusively to the requesting program.09-29-2011
20120259992MINIMAL SYNCHRONIZED NETWORK OPERATIONS - A method for minimal synchronized network operations includes making an initial connection between a client and a network, the initial connection being made through a first access point managed by a home controller, the home controller recording session information and authentication data for the client. A subsequent connection is made between the client and the network through a second access point managed by a second controller, the subsequent connection being made communicating the session information and authentication data between the home controller and the second controller, without client reauthentication, and without disrupting existing communication.10-11-2012
20100306393EXTERNAL ACCESS AND PARTNER DELEGATION - Embodiments disclosed herein extend to the use of external access objects in a multi-tenant environment. First and second tenants contract for operations that users of the second tenant will perform in the first tenant. Identity criteria for the users are determined. These users are mapped to an external access object that represents the second tenant users when performing the operations in the first tenant. The external access object is also associated with the resources and/or data that the users of the second tenant will be allowed access to when performing the operations. The users of the second tenant provide a request for access to the resources and/or data to perform operations. Identity criteria are determined and the users are mapped to an external access object based on the identity criteria. It is determined if the user has permission to access the resources and/or data and perform the operations.12-02-2010
20100318670System and Method for Adapting an Application Source Rate to a Load Condition - A system and method for adapting an application source rate to a load condition are provided. A method for forming a connection includes receiving a service authorization request for service between the first device and the second device, requesting a formation of a first bearer at a first data rate between the first device and the second device, and determining if the first bearer was formed. The method also includes transmitting a first positive response if the first bearer was formed, forming a second bearer at a second data rate if the first bearer was not formed, and completing the connection. The service authorization request includes a request to establish a connection at the first data rate, and the second data rate is different from the first data rate.12-16-2010
20100318669Human Interactive Proof System and Apparatus that Enables Public Contribution of Challenges for Determining Whether an Agent is a Computer or a Human - This patent describes a human, crowdsourced spambot prevention system that is an alternative to CAPTCHA, and is easy for humans to solve but difficult for bots. Humans submit challenges in the form of pictures and questions and answers that reference those images, and as a reward, when those challenges are presented to user agents, the submitter's link is presented as well, with the intent that there is value for a submitter to have his or her link presented to users.12-16-2010
20130159541IMAGE FORMING APPARATUS, MANAGEMENT METHOD THEREOF, AND COMPUTER READABLE RECORING MEDIUM - A method of managing an image forming apparatus provided with a web server includes receiving a connection request for the web server, determining whether a MAC (Media Access Control) address of a user terminal device that has requested the connection is a pre-stored MAC address, and approving the connection of the user terminal device that has requested the connection to the web server if it is determined that the MAC address of the user terminal device that has requested the connection has been pre-stored.06-20-2013
20130159542APPARATUS AND METHOD FOR ESTABLISHING A PEER-TO-PEER COMMUNICATION SESSION WITH A HOST DEVICE - The present invention describes an apparatus and method of establishing a peer-to-peer communication session between a host device and a client device. Routing information of the host device is received from a server via a wide area network, routing information of the client device is provided to the server, and authentication information is provided to the host device via the wide area network. Peer-to-peer communication is transmitted to the client device via the wide area network if the client device is authenticated for peer-to-peer communication by the host device.06-20-2013
20110314170Wireless Device Swap - A method of performing a swap operation. Communication is established between a first UE and a server. Communication is established between the first UE and a second UE. Permission is received at the first UE from the server to perform the swap operation. A swap application is executed to facilitate transfer of an archive file from the first UE to the second UE.12-22-2011
20120005356OPTIMIZED INTERFACE BETWEEN TWO NETWORK ELEMENTS OPERATING UNDER AN AUTHENTICATION, AUTHORIZATION AND ACCOUNTING PROTOCOL - According to several embodiments of the present invention, a single session according to an authentication, authorization and accounting protocol, with a network element carrying out a policy and charging rule function is created, wherein the specific session may be used to manage and/or report policy and/or charging control rules.01-05-2012
20120030366METHOD AND SYSTEM FOR USE IN COORDINATING MULTIMEDIA DEVICES - Some embodiments of the present invention provide methods for use in playing back content. Some of these methods access a content package comprising media content to be locally played back; detect, as defined by the content package, whether a remote secondary device is available with which a connection can be established; determine whether an authorization to establish the connection has been confirmed; establish, when the authorization is confirmed, a communication connection; determine, as instructed by the content package and when the communication with the secondary device is established, whether one or more commands are received from the secondary device; and implement, as instructed by the content package and when it is determined that the one or more commands are received from the secondary device, the one or more commands in controlling playback experience of the media content.02-02-2012
20080250151NETWORK SYSTEM, NETWORK CONNECTING DEVICE, AND NETWORK CONNECTING METHOD - A network system that performs network connection between devices conforming to a predetermined communication standard is disclosed. The system includes client devices including first network starting units that present first identification information including an identifier decided in advance and designating a first network and start the first network and a server. The server includes a reading unit that reads the first identification information, an option presenting unit that presents, as an option of a network connection destination, a client device including the first identification information read by the reading unit, a first network joining unit that joins the first network when the option is selected, and a transmitting unit that transmits, in the first network, a communication encryption key for joining a second network and second identification information designating the second network to the selected client device.10-09-2008
20120303828CLOUD ENABLED VIRTUAL GATEWAY - Various embodiments include methods and systems for a cloud enabled virtual gateway. The virtual gateway can masquerade to a cloud-based application as a gateway at a geographic location. The virtual gateway can also receive a request from the cloud-based application for a device at the geographic location. The virtual gateway can then communicate with a third-party system to satisfy the request where the third-party system is communicatively coupled to the device.11-29-2012

Patent applications in class Network resources access controlling