摘要:
Embodiments of the invention provide methods and apparatus for recommending items from a catalog of items to a user by parsing the catalog of items into a plurality of catalog clusters of related items and recommending catalog items to the user from catalog clusters to which items previously preferred by the user belong.
摘要:
Described is a technology by which a seamless automatic connection to an (e.g., corporate) network is made for a client device. Upon detecting a need for a connection to a network, such as by intercepting a communication directed towards a network destination, a list of available connection methods is automatically obtained based on the device's current location data (e.g., LAN or remote) and policy information. An available connection method from the list is selected, e.g., in order, and an attempt is made to establish a connection via that connection method. If the attempt fails, another attempt is made with a different connection method, and so on, until a connection method succeeds. Additional seamlessness from the user's perspective is provided via a credentials vault, by which stored credentials may be retrieved and used in association with the access method being attempted.
摘要:
A network with authentication implemented using a client health enforcement framework. The framework is adapted to receive plug-ins on clients that generate health information. Corresponding plug-ins on a server validate that health information. Based on the results of validation, the server may instruct the client to remediate or may authorize an underlying access enforcement mechanism to allow access. A client plug-in that generates authentication information formatted as a statement of health may be incorporated into such a framework. Similarly, on the server, a validator to determine, based on the authentication information, whether the client should be granted network access can be incorporated into the framework. Authentication can be simply applied or modified by changing the plug-ins, while relying on the framework to interface with an enforcement mechanism. Functions of the health enforcement framework can be leveraged to provide authentication-based functionality, such as revoking authorized access after a period of user inactivity or in response to a user command.
摘要:
In a virtualization environment, a host machine on which a guest machine is operable is monitored to determine that it is healthy by being compliant with applicable policies (such as being up to date with the current security patches, running an anti-virus program, certified to run a guest machine, etc.) and free from malicious software or “malware” that could potentially disrupt or compromise the security of the guest machine. If the host machine is found to be non-compliant, then the guest machine is prevented from either booting up on the host machine or connecting to a network to ensure that the entire virtualization environment is compliant and that the guest machine, including its data and applications, etc., is protected against attacks that may be launched against it via malicious code that runs on the unhealthy host machine, or is isolated from the network until the non-compliancy is remediated.
摘要:
Secure content management is enabled as a cloud-based service through which security protection and policy enforcement may be implemented for both on-premise network users and roaming users. The global SCM service integrates the security functionalities—such as anti-virus, spyware, and phishing protection, firewall, intrusion detection, centralized management, and the like—that are typically provided by enterprise network SCM appliance hardware or servers into a cloud-based service that users reach via Internet-based points-of-presence (“POPs”). The POPs are configured with forward proxy servers, and in some implementations, caching and network acceleration components, and coupled to hubs which provide configuration management and identity management services such as active directory services.
摘要:
Native IPv6 capabilities are provided to an IPv4 network node, device, or endpoint using a hardware interface that supports network communication under a Direct Access model. The Direct Access model supports IPv6 communication with IPsec and enforces Network Access Protection (“NAP”) health requirement policies for endpoints that are network clients. A Direct Access-ready server is enabled using a hardware interface that implements IPv4 to IPv6 translation and optionally IPsec termination capability. A Direct Access-ready client is enabled using a hardware interface that implements IPv4 to IPv6 translation, IPsec termination capability, and which optionally provides NAP (Network Access Protection) capabilities for Direct Access-ready clients that are configured as mobile information appliances. The hardware interface may be implemented as a network interface card (“NIC”) or as a chipset.
摘要:
Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.
摘要:
In aspects, a gateway that sits between a single network protocol client and a server receives a request from the client for a network address of the server. The gateway issues multiple name resolution requests and waits for a first response. Depending on various factors, the gateway determines whether or not to wait for additional responses before responding to the client. If needed, the gateway may obtain an address of a translating device to assist the client in communicating with the server.
摘要:
Methods, systems, and computer-readable media for facilitating personalization of web content is provided, while protecting the privacy of the user data utilized to personalize the user's experience. A privacy vault may collect user data including user activity data, demographic data, and user interests submitted by a user. In one embodiment, the privacy vault operates on a user client device. The privacy vault sends the user data to a community vault that collects user data from multiple users. The community vault generates segment rules that whether a user belongs to a user segment, which expresses a user's interest. The segment rules are then communicated back to the privacy vault, which assigns one or more user segments to the user based on the user data available to the privacy vault and the segment rules. The privacy vault may communicate user segments to one or more content providers that supply personalized content that is selected based on the user segments provided.
摘要:
Methods, systems, and computer-readable media are disclosed for access control. A particular method receives a resource access identifier associated with a shared computing resource and embeds the resource access identifier into a link to the shared resource. The link to the shared resource is inserted into an information element. An access control scheme is associated with the information element to generate a protected information element, and the protected information element is sent to a destination computing device.