| Patent application number | Description | Published |
|---|
| 20080205288 | Concurrent connection testing for computation of NAT timeout period - Concurrent testing of NAT connections using different timeout values to compute a keep-alive value for the NAT device. Computation of the approximate timeout value is accomplished concurrently over multiple test connections within about a time equivalent to the actual NAT timeout value. The architecture validates the computation of the approximate timeout value by distinguishing NAT connection failure from external failure using a control connection. Moreover, computation of the keep-alive value is performed only once for a given NAT device rather than being an on-going process for that NAT device. When one of the test connections fails, it is determined that the NAT timeout value is less than the test timeout value associated with the failed test connection. Accordingly, a smaller test timeout value is then selected as the keep-alive value for keep-alive processing of the NAT device. | 08-28-2008 |
| 20080209068 | Out-of-band keep-alive mechanism for clients associated with network address translation systems - Architecture for maintaining connection state of network address translation (NAT) devices by employing an out-of-band (OOB) technique externally to application connections without imposing additional requirements on the underlying native application(s). The OOB solution can be applied to arbitrary connections without requiring modification to an application protocol and works with TCP and UDP. A keep-alive (KA) application is employed as an OOB mechanism that injects KA packets that appear to the NAT device to be coming from the native connection. These injected packets fool the NAT device into resetting the inactivity timer for that connection, but do not fool or confuse the native application, which is oblivious to the spoofing. Accordingly, the connection will not terminate due to NAT timeouts, and therefore, a client/server protocol, for example, will not need to generate fake activity packets to keep the connection alive. | 08-28-2008 |
| 20080225865 | Cost reduction of NAT connection state keep-alive - Keep-alive processing for NAT devices and reducing power consumption in wireless clients. A server driven keep-alive mechanism facilitates keep-alive messages to a NAT device currently providing a connection to a mobile client to refresh the NAT state, thereby reducing or eliminating power consumption in a wireless device to respond to the connection with keep-alive packets. In one instance, keep-alive packets are sent to the NAT device to reset the NAT timeout timer, and then to the mobile client. The client responds only when expected keep-alive packets are not received at the client. In another instance, keep-alive packets reset the NAT timer to maintain the connection but are dropped or self-destruct before reaching the mobile client thereby providing the optimum power conservation in the mobile device. Thus, the client is not forced into extra client activity to send or receive wireless data, thereby draining the battery. | 09-18-2008 |
| 20080320566 | Device provisioning and domain join emulation over non-secured networks - Proxy service that enables a domain join operation for a client over a non-secure network. The join operation is achieved with minimal security exposure by using machine identity information rather than user credentials. The proxy only uses permission associated with adding a new machine account to the enterprise directory, and not for adding a user account or take ownership of existing accounts. The proxy enables authentication based on actual machine account credentials to obtain a signed certificate, rather than conventional techniques such as delegation. Moreover, the enrollment process employs an original trust relationship between the device and the proxy rather than requiring or depending on public trust. | 12-25-2008 |
| 20090158397 | Secure Push and Status Communication between Client and Server - Systems and methods of authentication and authorization between a client, a server, and a gateway to facilitate communicating a message between a client and a server through a gateway. The client has a trusted relationship with each of the gateway and the server. A method includes registering the client with the gateway. The client also constructs the address space identifying the gateway and the client. The client communicates the address space to the server. The client receives an identity identifying the server. If the client authorizes to receive a message from the server through the gateway, the client informs the authorization to the gateway. The client puts the identity identifying the server on a list of servers which are authorized to send messages to the client. In addition, the client communicates the list of servers to the gateway. | 06-18-2009 |
| 20090204701 | NODE MONITOR CLIENT CACHE SYNCHRONIZATION FOR MOBILE DEVICE MANAGEMENT - A stateful cache layer is created at a mobile device client that tracks the state on both the mobile device and management service. The states are synchronized between the mobile device and the management service on every management session. Through the statefulness of the cache layer, unauthorized changes on the mobile device are detected and accordingly handled such as internal correction or reporting to the management service for actionable instructions. A cache layer on the management server is configured to identify organizational policy changes that affect specific devices and initiate unsolicited immediate management sessions to update the configuration to the specific devices. | 08-13-2009 |
| 20100138501 | END-TO-END VALIDATION IN A PUSH ENVIRONMENT - In a push environment having a communication path along which a service provides messages to a computing device via a gateway, an inactivity timeout value and a registration timeout value enable the computing device to detect failures in the communication path. An application executing on the computing device registers an application endpoint with the gateway. The application separately subscribes to the service to receive the messages. If there is inactivity in accordance with the inactivity timeout value, the application de-registers and re-registers with the gateway, and unsubscribes and re-subscribes with the service. | 06-03-2010 |
| 20110131172 | IDENTIFYING GEOSPATIAL PATTERNS FROM DEVICE DATA - Determining geospatial patterns from device data collected from a plurality of computing devices. The devices represent, for example, a plurality of sources providing the device data. The device data describes the computing devices and/or environments thereof. Some embodiments present the determined patterns to users for editing, update maps with the edited patterns, and distribute the maps to the users. The maps are stored to create a searchable map library. | 06-02-2011 |
