Patent application number | Description | Published |
20090157866 | TRANSPARENT AUTO-DISCOVERY OF NETWORK DEVICES LOGICALLY LOCATED BETWEEN A CLIENT AND SERVER - Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake. | 06-18-2009 |
20100162174 | Flat Navigation of Information and Content Presented on User Monitor - A method of presenting information on a display monitor within a computing environment includes accessing a website containing a related collection of electronic pages, crawling the website to obtain raw image data for at least some of each of the pages, porting the raw image data into a template so that each of the crawled pages is converted into a corresponding information panel containing a mapping of the content of its respective corresponding page, and displaying each of the information panels on a respective display monitor so all of the panels are viewable to a user in a single screen shot. Related methods, apparatus, and systems are further provided. | 06-24-2010 |
20100169331 | ONLINE RELEVANCE ENGINE - Information is automatically located which is relevant to source content that a user is viewing on a user interface without requiring the user to perform an additional search or navigate links of the source content. The source content can be, e.g., a web page or a document from a word processing or email application. The relevant information can include images, videos, web pages, maps or other location-based information, people-based information and special services which aggregate different types of information. Related content is located by analyzing textual content, user behavior and connectivity relative to the source. The related content is scored for similarity to the source. Content which is sufficiently similar but not too similar is selected. Similar related content is grouped to select representative results. The selected content is filtering in multiple stages based on attribute priorities to avoid unnecessary processing of content which is filtered out an early stage. | 07-01-2010 |
20100241687 | CLIENT-CENTERED USAGE CLASSIFICATION - User input actions from one or more user input devices can be received, and unfiltered user input information about the user input actions can be collected at a client computing environment. The unfiltered user input information can be filtered to produce filtered user input information. The filtered user input information can exclude personal information and include non-personal information. In addition, a user profile can be created using the filtered user input information. | 09-23-2010 |
20100262547 | USER INFORMATION BROKERING - User information corresponding to a plurality of users can be received at a user information collector computing environment and stored in a user information computer database. A general offer from a purchaser to purchase at least part of the user information can be received at a user information broker. Also at the broker, individual offers for the users can be processed. Each of the individual offers can be an offer to purchase access by the purchaser to user information corresponding to one of the users. Acceptances of the individual offers can be received by the broker from accepting users. A broker payment to the broker can be received from the purchaser, and a user payment can be sent to each of the accepting users. In addition, user information corresponding to the accepting users can be sent to the purchaser. User information data mining can also be done. | 10-14-2010 |
20110201386 | Rating Effort Input Device - A rating mechanism may calculate a rating based on a user's effort and duration of input to an input mechanism. The more effort and time a user exerts, the more extreme the rating. In one embodiment, a mobile telephone may have a wheel, slider, or other mechanism that may change a rating based on how fast and how long a user may activate the input mechanism. In another embodiment, the rating may be based on how furiously an accelerometer within a device is activated, such as by shaking the device repeatedly. | 08-18-2011 |
20110252281 | TRANSPARENT AUTO-DISCOVERY OF NETWORK DEVICES LOGICALLY LOCATED BETWEEN A CLIENT AND SERVER - Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake. | 10-13-2011 |
20110314017 | TECHNIQUES TO AUTOMATICALLY MANAGE SOCIAL CONNECTIONS - Techniques to manage social connections are described. An apparatus may comprise a processor communicatively coupled to a memory. The memory may be arranged to store a social analysis component that when executed by the processor is operative to receive a list of members in a social network, receive at least one relationship indicator derived from multiple member attributes of a member, and generate a social identifier based on the relationship indicator, the social identifier representing a social connection type for a social connection or potential social connection between two or more members of the list of members in the social network. Other embodiments are described and claimed. | 12-22-2011 |
20120238285 | Wireless Identifiers for Proximity Applications - A proximity matching system may use broadcast wireless identifiers transmitted by users' devices to match users with other nearby users. The identifiers may be collected by a plurality of agents, then the identifiers may be matched with pre-defined profiles to generate physically proximate users by a remote service. The group of proximate users may be provided to various applications and consumed with summarized properties or individual properties, depending on the approved privacy settings as selected by the users. In some embodiments, the broadcast wireless identifiers may be personal area network identifiers, local area network identifiers, cellular network identifiers, or other broadcast identifier. In some embodiments, the agents may not establish a peer to peer or other connection with the broadcasting device. The agents may be fixed or mobile agents, and the proximity of users may be generated through links between nearby agents in a meshed fashion. | 09-20-2012 |
20120323347 | PROMOTING EXPLORATION - Exploration outside of a person's normal area may be detected and rewarded. In one example, a game (or other type of application) may be built around such exploration. A device carried by a user (pursuant to appropriate permission obtained from the user) may report the user's location to a presence detector. The presence detector may use this information to build a heat map, indicating the user's areas of common presence. When the location information received from the device indicates that the user has ventured outside of the user's area of common presence, this exploration event may be rewarded with an increase in the user's score. The user's score may be published on social media. | 12-20-2012 |
20130013805 | TRANSPARENT AUTO-DISCOVERY OF NETWORK DEVICES LOGICALLY LOCATED BETWEEN A CLIENT AND SERVER - Discovery of intermediate network devices is performed using a technique that piggybacks upon the existing standard TCP (Transport Control Protocol) “SACK” (Selective Acknowledgment) option in a SYN/ACK packet so that discovery information may be shared between pair-wise-deployed peer intermediate devices when a TCP/IP connection (Transport Control Protocol/Internet Protocol) is first established between network endpoints using a conventional three-way handshake. Use of the SACK option is combined with another technique which comprises modifying the original 16-bit value of the TCP receive window size to a special arbitrary value to mark a SYN packet as being generated by a first peer device. The marked SYN when received by the second peer device triggers that device's discovery information to be piggybacked in the SACK option of the SYN/ACK packet. The first device then piggybacks its discovery information in the SACK option of the ACK packet which completes the three-way handshake. | 01-10-2013 |
Patent application number | Description | Published |
20090313536 | Dynamically Providing Relevant Browser Content - A requested content page is provided with additional relevant content that is dynamically generated. A page originally requested by a browser application is generated and examined to determine key words, address information, and other information for which relevant content may be retrieved. The other information may not be part of the original page content, but it can be the relation between the content page and other pages. The relevant content is determined based on the results of the content page examination. After retrieving the relevant content, the retrieved content is embedded into the requested content page and provided to the requesting user. The retrieved relevant content may be provided with the requested content page in a designated portion within the requested content page, near related content in the page, and/or displayed in response to user input as a pop-up window or in a preview pane. Relevant content can be determined, retrieved and embedded in a content page by a relevant content engine implemented as a server application, client application or browser application plug-in. | 12-17-2009 |
20090313558 | Semantic Image Collection Visualization - A service provides an image collection as a visual preview of content pages having a link in or otherwise related to a current page. A first content page is provided to a user and may have one or more links to additional content pages. Each of the related content pages may have one or more images. Selected images of the one or more content pages are provided in an image collection. The images may be positioned in rows, columns, or some other manner within the collection. The image collection is prepared dynamically from related content pages when the current page is loaded and does not require any software in the currently content page to be changed as the linked content pages change. | 12-17-2009 |
20120239584 | NAVIGATION TO DYNAMIC ENDPOINT - Turn-by-turn directions can guide a user to a dynamic destination, such as a person or a rendezvous location. The turn-by-turn directions enable one user to follow another or, alternatively, multiple people to rendezvous with each other. The selection can be via identifiers used in network contexts, such as social networking Individuals can select the circumstances under which their location can be revealed. Turn-by-turn directions enabling following utilize anticipated locations or predictions of likely destinations based on historical and contextual information. Turn-by-turn directions enabling rendezvous reference a rendezvous location, which is either the same for all users, or which differs among them. Also, the directions can reference intermediate, “staging”, locations from which further intermediate, or ultimate, destinations can be routed to. | 09-20-2012 |
20120295645 | DELAYED AND TIME-SPACE BOUND NOTIFICATIONS - Architecture that enables alerts and notifications to have priorities and time/space durations. Non-critical alerts can be displayed in a non-obtrusive manner and alert/notifications coalesced. Alerts/notifications can be assigned priorities, thereby enabling the alerts/notifications to be non-intrusive to the user. Methods include detecting when the user is using a mobile phone (or other suitable device) and then sending the alert/notification in response to the detected use based on threshold criteria relative to an accumulated sum of alerts/notifications, and an importance level (e.g., of each). Additionally, alert/notification priority can be changed (e.g. elevated, lowered) according to time (when) and space (where), thereby enabling the user to be intrusively notified based on the level, even if not previously signaled. Time and space bounds (criteria) can be assigned to alerts/notifications for merger/grouping and/or set to be auto-dismissed if no longer applicable. | 11-22-2012 |
20120310527 | ASYMMETRIC DYNAMIC GEO-FENCING - Architecture that enables location based notifications (e.g., geo-fences) using standard polygons the capture of complex regions. As applied to geo-fencing, it extends geo-fencing beyond the mere representation of the virtual perimeter (fenced) area. More specifically, the architecture takes into consideration geographical and demographical features, such as the layout of the roads and streets, the types of available of transportation (e.g., car, bus, walk, biking, etc.), the traffic conditions, and the dynamic properties of a point of interest (POI) such as opening hours, total wait time, etc. More specifically, the architecture enables the dynamic modification of polygon geo-fence based on POI properties, dynamic modification of polygon geo-fence based on road/street layout, dynamic modification of polygon geo-fence based on means of transportation, dynamic modification of polygon geo-fence based on traffic conditions, dynamic modification of polygon geo-fence based on user's state, and dynamic recalculation of regions and directions tailored to user interests. | 12-06-2012 |
20120316774 | AUTOMATIC NAVIGATION TO A PRIOR KNOWN LOCATION - The disclosed architecture facilitates the capture of data associated with a specific geographic location, as captured by a mobile device of a user at the geographic location, for the purpose of guiding the user back to that specific geographic location. When applied to vehicles or other types of user mobility (e.g., walking) the architecture automatically detects that a user has controlled a means of transportation to a stationary (or parked) state, such as associated with a parked car. When the stationary state is reached, the location is detected (e.g., using user device sensing systems). Detection can include recording images, sounds, speech, geolocation data, etc., associated with the location and/or means of transportation. The user can configure a reminder to activate at the location to assist in the user recalling the location when returning to the means of transportation. | 12-13-2012 |
20120317615 | USE OF USER LOCATION INFORMATION FOR REMOTE ACTIONS - Architecture that provides location broker services which share the user location with other parties (e.g., based on user consent). Stationary computing devices can also determine the location of the user operator and interact accordingly. In one embodiment, the user location is retrieved from the user mobile device (e.g., smart phone) and is transmitted to other mobile or non-mobile devices with which the user interacts. Moreover, existing infrastructure and systems can be employed using a device driver that emulates the user location so that any software that uses the location services does not need modification. | 12-13-2012 |
20130091197 | MOBILE DEVICE AS A LOCAL SERVER - Architecture that embeds a server (a local server) inside a mobile device operating system (OS) close to the data (but under the OS services) such that the server has access to native capabilities, and offers an Internet-like frontend with which a browser or application can communicate. The local server appears as a web server, and small programs can be pushed into the local server from the browser or a remote server such that the local server can be made to perform work more effectively. Local and remote events can be triggered such as launching a browser (or other application(s)), initiating remote server calls, triggering battery save mode, locking the phone, etc. The local server can run a script execution environment such as node.js, an event driven I/O model where callbacks are invoked to handle emergent conditions (e.g., explicit requests, state changes, etc.). | 04-11-2013 |
20130097440 | EVENT SERVICE FOR LOCAL CLIENT APPLICATIONS THROUGH LOCAL SERVER - In server/client architectures, the server application and client applications are often developed in different languages and execute in different environments specialized for the different contexts of each application (e.g., low-level, performant, platform-specialized, and stateless instructions on the server, and high-level, flexible, platform-agnostic, and stateful languages on the client) and are often executed on different devices. Convergence of these environments (e.g., server-side JavaScript using Node.js) enables the provision of a server that services client applications executing on the same device. The local server may monitor local events occurring on the device, and may execute one or more server scripts associated with particular local events on behalf of local clients subscribing to the local event (e.g., via a subscription model). These techniques may enable development of local event services in the same language and environment as client applications, and the use of server-side code in the provision of local event service. | 04-18-2013 |
20130152186 | FILTERING KERNEL-MODE NETWORK COMMUNICATIONS - Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. | 06-13-2013 |
20130263127 | PERSISTENT AND RESILIENT WORKER PROCESSES - In the field of computing, many scenarios involve the execution of an application within a virtual environment (e.g., web applications executing within a web browser). In order to perform background processing, such applications may invoke worker processes within the virtual environment; however, this configuration couples the life cycle of worker processes to the life cycle of the application and/or virtual environment. Presented herein are techniques for executing worker processes outside of the virtual environment and independently of the life cycle of the application, such that background computation may persist after the application and/or virtual environment are terminated and even after a computing environment restart, and for notifying the application upon the worker process achieving an execution event (e.g., detecting device events even while the application is not executing). Such techniques may heighten the resiliency and persistence of worker processes and expand the capabilities of applications executing within virtual environments. | 10-03-2013 |
20140024354 | PREDICTION FOR POWER CONSERVATION IN A MOBILE DEVICE - Architecture that facilitates power conservation in mobile devices such as cell phones using prediction. The architecture is an algorithmic-based solution that transforms infrequently-captured geolocation data of an entity into a continuous probable location approximation. Given the location history and additional data about the recent location of the mobile device, the current location of the device can be estimated with some probability. Additionally, given the location history and additional data about the recent location of the device, the probability of the device actually being at a given point on a map is computed. | 01-23-2014 |
20140173592 | INVERSION-OF-CONTROL COMPONENT SERVICE MODELS FOR VIRTUAL ENVIRONMENTS - In the field of computing, many scenarios involve the execution of an application within a virtual environment of a device (e.g., web applications executing within a web browser). Interactions between applications and device components are often enabled through hardware abstractions or component application programming interfaces (API), but such interactions may provide more limited and/or inconsistent access to component capabilities for virtually executing applications than for native applications. Instead, the device may provide hardware interaction as a service to the virtual environment utilizing a callback model, wherein applications within the virtual environment initiate component request specifying a callback, and the device initiates the component requests with the components and invokes associated callbacks upon completion of a component request. This model may enable the applications to interact with the full capability set of the components, and may reduce blocked execution of the application within the virtual application in furtherance of application performance. | 06-19-2014 |
20140324856 | APPLICATION DISCOVERABILITY - Architecture that enables the discovery of relevant applications, where the relevance is personalized to the user and user interests. New, relevant, and interesting applications are personalized to the user based on friends and/or people with whom the user shares common interests (e.g., social networks), based on queries for a popular application within a geographical area, and/or collaborative filtering. Moreover, users who employ the disclosed architecture can maintain anonymity to prevent the exposure of personal identifying details. Social-based application discovery, location-based application discovery, anonymous-profile-based application discovery, and collaborative-filtering-based application discovery, are provided. Application installs, uninstalls, and frequency of user interaction are also available, as well as privacy modes for privacy protection. | 10-30-2014 |
20150058628 | FILTERING KERNEL-MODE NETWORK COMMUNICATIONS - Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. | 02-26-2015 |
Patent application number | Description | Published |
20080282313 | MULTI-PROFILE INTERFACE SPECIFIC NETWORK SECURITY POLICIES - Computer-readable medium having a data structure stored thereon for defining a schema for expressing a network security policy. The data structure includes a first data field including data defining a parameter to be applied based on the network security policy. The network security policy defines at least one of the following: a firewall rule and a connection security rule. The data structure also includes a second data field having data specifying restrictions of the parameter included in the first data field. The parameter in the first data field and the restrictions in the second data field form the schema for expressing the network security policy to be processed. The network security policy manages communications between a computing device and at least one other computing device. | 11-13-2008 |
20080289026 | Firewall installer - Embodiments of the invention are directed to a firewall installer that receives a set of configuration instructions for configuring a firewall in a declarative format that describes one or more rules to be implemented by the firewall, and that automatically configures the firewall. Providing a firewall installer that is capable of configuring a firewall based upon declarative input rather than procedural process-oriented input facilitates administration of a firewall by allowing an administrator to specify desired firewall configuration at a higher, declarative level and frees the administrator from the need to specify procedures for implementing configuration changes in the firewall. In one embodiment of the invention, the firewall installer can receive and store input for configuring a firewall even when the firewall is not running, such that the firewall executes on those configuration changes when it next comes online. | 11-20-2008 |
20080289027 | Incorporating network connection security levels into firewall rules - Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts. | 11-20-2008 |
20090006847 | Filtering kernel-mode network communications - Some embodiments of the invention are directed to techniques for determining whether a process on a computer system that is sending or receiving data, or is attempting to send or receive data, with another computer system is executing in kernel mode or user mode and providing an indicator of this determination to a security engine. In some embodiments, such an indication is provided to a security engine (e.g., a firewall) that implements a security policy based at least in part on whether the sending or receiving process is in kernel mode or user mode, and filter communications based on a process' operating mode. This enables a security engine to maintain security policies of greater specificity and thus improve security of a computer system. | 01-01-2009 |
20090007219 | Determining a merged security policy for a computer system - Embodiments of the invention described herein are directed to a mechanism for determining whether at least one operation will be effective in view of at least one security policy. In exemplary implementations, determining whether at least one operation will be effective in view of at least one security policy may comprise determining a merged security policy for a computer system by merging security policies for the computer system from two or more sources. The security policies may be security policies set by a user and/or an administrator of the computer system, may be security policies of a computer network to which the computer system is connected, or may be security policies of one or more other computer systems that are above the computer system in a computer network hierarchy. | 01-01-2009 |
20090007251 | Host firewall integration with edge traversal technology - A host firewall can determine and consider whether unsolicited traffic is inbound from beyond the edge of the network and allow or block such traffic based at least in part upon this characteristic. In one implementation, an edge traversal parameter can be set on a host firewall rule, which typically includes other parameters such as port, protocol, etc. If the unsolicited traffic received via an edge traversal interface matches a host firewall rule that has the edge traversal criterion, then the firewall does not block the traffic. On the other hand, if the unsolicited traffic received via an edge traversal interface fails to satisfy the edge traversal criterion on any firewall rule, then the firewall blocks the traffic. | 01-01-2009 |
20120185929 | INCORPORATING NETWORK CONNECTION SECURITY LEVELS INTO FIREWALL RULES - Embodiments of the present invention are directed to establishing and/or implementing firewall rules that may employ parameters based on connection security levels for a connection between devices. A firewall may thus provide greater granularity of security and integrate more closely with other security methods to provide better overall security with fewer conflicts. | 07-19-2012 |