Abstract: A keyless access system for securely authorizing access to a resource via a dynamic interface that user equipment (“UE”) may access using a changing access identifier without the UE installing or executing any specialized applications or code. The secure authorization of visitor access may include periodically modifying the access identifier, providing access activation data with a first access identifier to a UE in response to a triggering action, providing the dynamic interface to the UE in response to the access activation data automatically directing a browser of the UE to the first access identifier, receiving UE authorization data that is entered using a keypad or login screen of the dynamic interface, and providing access to the resource based on the first access identifier being associated with the resource, the UE authorization data authorizing access to the resource, and the access being provided before an expiration time.

Abstract: Secure handsfree proximity-based access control is provided by a system that includes system devices located near different secured resources. Each system device may broadcast a changing unique identifier to user devices in wireless range of the system device. The system may also include an application that runs on each user device, and that obtains a signal strength measurement in response to receiving or detecting a current identifier advertised from a system device. The application may request access to a secured resource over one or more available wireless networks in response to satisfying the signal strength threshold. The system may include an access control unit that authorizes access to the secured resource based on the earliest arriving request, and further based on an identifier of the request matching to the current identifier, and the current identifier not having been previously used to obtain access to the secured resource.

Abstract: A keyless access system for securely authorizing access to a resource via a dynamic interface that user equipment (“UE”) may access using a changing access identifier without the UE installing or executing any specialized applications or code. The secure authorization of visitor access may include periodically modifying the access identifier, providing access activation data with a first access identifier to a UE in response to a triggering action, providing the dynamic interface to the UE in response to the access activation data automatically directing a browser of the UE to the first access identifier, receiving UE authorization data that is entered using a keypad or login screen of the dynamic interface, and providing access to the resource based on the first access identifier being associated with the resource, the UE authorization data authorizing access to the resource, and the access being provided before an expiration time.

Abstract: Some embodiments provide an end-to-end federated CDN solution that assimilates a transparent caching server that is operated by a transparent caching server operator into a CDN that independently operates CDN caching servers. Specifically, the logs from the transparent caching server are assimilated into the CDN by aggregating the logs from the transparent caching server and processing the transparent caching server logs to identify network usage for content of a CDN content provider customer that is delivered by the transparent caching server. The network usage is then combined with the network usage that tracked by the CDN caching servers in order to provide comprehensive report metrics for the content provider customer and to bill the content provider customer for all network usage related to delivering the content provider customer's content irrespective of whether the content was delivered by a transparent caching server or a CDN caching server.

Abstract: A device may include a wire interface (e.g., port), a detection circuit and a microcontroller. The detection circuit may include a resistor, a comparator, and wiring connecting the resistor to the wire interface and to a first input of the comparator. The microcontroller may provide a test signal to the resistor, and a threshold signal to a second input of the comparator. The test signal passes through the resistor and continues to the wire connector and the comparator first input with little to no change or attenuation when the wire interface is disconnected, but is attenuated when the wire interface is connected to a wire with capacitance charging and discharging based on the test signal. The comparator may compare the voltage of a resulting signal at the wire interface to the threshold signal voltage, and depending on the comparison may detect if a wire is connected to the wire interface.

Abstract: A device may include a wire interface (e.g., port), a detection circuit and a microcontroller. The detection circuit may include a resistor, a comparator, and wiring connecting the resistor to the wire interface and to a first input of the comparator. The microcontroller may provide a test signal to the resistor, and a threshold signal to a second input of the comparator. The test signal passes through the resistor and continues to the wire connector and the comparator first input with little to no change or attenuation when the wire interface is disconnected, but is attenuated when the wire interface is connected to a wire with capacitance charging and discharging based on the test signal. The comparator may compare the voltage of a resulting signal at the wire interface to the threshold signal voltage, and depending on the comparison may detect if a wire is connected to the wire interface.

Abstract: Disclosed are systems and methods for performing entry access over two or more networks. The two or more networks are leveraged to accelerate the entry access and provide redundancy. Performance over each of the two or more networks is tracked in order to allow a mobile device to exchange entry access messaging over the particular network providing fastest start-to-unlock time. The mobile device can alternatively exchange the entry access messaging simultaneously over the two or more networks to create a race condition whereby the fastest start-to-unlock time is obtained without monitoring network performance. Performing the entry access messaging exchange over the two or more networks also ensures reliability in the event a particular network is down or congested, an authorization device on a particular network is down or overloaded, a radio of a mobile device communicating over a particular network is disabled or slow performing.

Abstract: Secure handsfree proximity-based access control is provided by a system that includes system devices located near different secured resources. Each system device may broadcast a changing unique identifier to user devices in wireless range of the system device. The system may also include an application that runs on each user device, and that obtains a signal strength measurement in response to receiving or detecting a current identifier advertised from a system device. The application may request access to a secured resource over one or more available wireless networks in response to satisfying the signal strength threshold. The system may include an access control unit that authorizes access to the secured resource based on the earliest arriving request, and further based on an identifier of the request matching to the current identifier, and the current identifier not having been previously used to obtain access to the secured resource.

Abstract: Some embodiments provide a multi-tenant over-the-top multicast solution that integrates the per user stream customizability of unicast with the large scale streaming efficiencies of multicast. The solution involves an application, different multicast groups streaming an event with different customizations, and a manifest file or metadata identifying the different groups and customizations. The solution leverages the different multicast groups in order to provide different time shifts in the event stream, different quality level encodings of the event stream, and different secondary content to be included with a primary content stream. The application configured with the manifest file or metadata dynamically switches between the groups in order to customize the experience for a user or user device on which the application executes. Switching from multicast to unicast is also supported to supplement available customizations and for failover.

Abstract: Secure handsfree proximity-based access control is provided by a system that includes one or more system devices located near different secured resources. Each system device may broadcast a changing unique identifier to user devices in wireless range of the system device. The system may also include an application that runs on each user device, and that obtains a signal strength measurement in response to receiving or detecting a current identifier advertised from a system device. The application may request access to a secured resource over one or more available wireless networks in response to satisfying the signal strength threshold. The system may include an access control unit that authorizes access to the secured resource based on the earliest arriving request, and further based on an identifier of the request matching to the current identifier, and the current identifier not having been previously used to obtain access to the secured resource.

Abstract: The solution is directed to access control systems and verifying proximity of a user to an access point that the user is wirelessly requesting access to. The proximity verification is based on placing proximity hubs adjacent to the different access points. Each proximity hub advertises a different unique identifier that changes periodically over a short-range wireless network and can be detected with a mobile device if the mobile device is physically within a short distance from the proximity hub. The unique identifier changes based on a rolling code. A user is permitted access to a restricted access point in response to the mobile device sending over a different long-range wireless network, the unique identifier advertised from a proximity hub adjacent to a desired access point and user access credentials authenticating access privileges of the user to the desired access point.

Abstract: A two-part security method and system is provided to prevent unauthorized access to a secured resource via a relay attack that uses at least one intermediary device to relay signaling from an authorized access device to the secured resource despite the access device being out-of-range of the secured resource. The first part involves detecting a relay attack by encrypting signaling between the access device and the secured resource, and by detecting when the signaling is modified as a result of an intermediary device inserting data or modifying the data of the signaling exchanged between the access device and the secured resource. The second part involves detecting a relay attack based on environmental data from the access device that identifies a feature of an environment in which the access device is located, and the environmental data mapping to a location that is not within a specified location of the secured resource.

Abstract: Provided is an office receptionist system formed from a distributed set of system valets and a system concierge. The system valets record and pass human inquiries at various points of ingress and egress to the system concierge. The system concierge parses each inquiry, determines the type of inquiry being made, and further determines whether the inquiry provides sufficient information for the determined inquiry type. The sufficiency of the inquiry is determined from a rule set that further defines different data sources from which the system concierge obtains data elements for generating a response to the inquiry as well as the actions to perform as part of responding to the inquiry. The response is returned to the system valet originating the inquiry for playback thereon.

Abstract: Systems and methods for performing decoupled authorization, whereby authorizing access permissions of a user to a resource is performed separate and independent from authorizing intent of the user to access the resource. Once both authorizations are successfully completed within a specified timeout interval, the access state of the resource is changed, thereby granting the user access to the resource. The decoupled authorizations are independently performed over different networks, in response to different triggers, or by leveraging different hardware. Access to the resource can therefore be provided prior to the user arriving before the resource, with little to no action by the user, and without comprising security as the resources will remain restricted or locked if the either of the user's intent or access permissions cannot be verified.

Abstract: Near field detection using a magnetometer is disclosed. A transmitter may distort magnetometer measurements of Earth's magnetic field by producing rapid but controlled fluctuations to encode a specific message in a manipulated magnetic field. When a mobile device is brought in range of the transmitter, a magnetometer of the mobile device detects that manipulated magnetic field. An application running on the mobile device forms messages based on the magnetometer output. In response to detecting the specific message, the application may execute an action on the mobile device or a remote device. NFC read-based near field detection similarly involves the application accessing an NFC chip of the mobile device, and scanning for one or more particular NFC tags that are read by the NFC chip. In response to detecting a particular NFC tag, the application executes an action on the mobile device or a remote device.

Abstract: Near field detection using a magnetometer is disclosed. A transmitter may distort magnetometer measurements of Earth's magnetic field by producing rapid but controlled fluctuations to encode a specific message in a manipulated magnetic field. When a mobile device is brought in range of the transmitter, a magnetometer of the mobile device detects that manipulated magnetic field. An application running on the mobile device forms messages based on the magnetometer output. In response to detecting the specific message, the application may execute an action on the mobile device or a remote device. NFC read-based near field detection similarly involves the application accessing an NFC chip of the mobile device, and scanning for one or more particular NFC tags that are read by the NFC chip. In response to detecting a particular NFC tag, the application executes an action on the mobile device or a remote device.

Abstract: Some embodiments move the task of selecting between different transit provider paths from the network level to the application level. Some embodiments perform network level configurations involving a destination network router advertising over a first transit provider path, a unique first address identifying a destination network server as reachable via the first path and advertising over a second transit provider path, a unique second address identifying the destination network server as reachable via the second path. Some embodiments further perform application level configurations involving a source network server passing a first packet to the destination network server over the first path by addressing the first packet to the first address and passing a second packet to the destination network server over the second path by addressing the second packet to the second address. The path selection may be based on policies accounting for congestion, performance, and other metrics.

Abstract: Disclosed are systems and methods for updating a distributed system device with an update that a system controller fragments and propagates to the system device by way of two or more third party clients. The system controller manages client access rights to a service accessible at different distributed system devices. The system controller has first network connectivity with which to remotely distribute different fragments of an update to different clients. Each system device controls access to the service at different a site and has (i) second network connectivity with which the different clients propagate different fragments of the update to the system device upon entering communication range with the system device, (ii) memory storing different sets of fragments for the update based on different times at which the clients propagate the fragments, and (iii) a processor applying the update once all fragments of the update to the memory.

Abstract: Some embodiments provide a director agent, a server agent, and a specialized hand-off protocol for improving scalability and resource usage within a server farm. A first network connection is established between a client and the director agent in order to receive a content request from the client from which to select a server from a set of servers that is responsible for hosting the requested content. A second network connection is established between the server agent that is associated with the selected server and a protocol stack of the selected server. The first network connection is handed-off to the server agent using the specialized hand-off protocol. The server agent performs network connection state parameter transformations between the two connections to create a network connection through which content can be passed from the selected server to the client without passing through the director.

Abstract: Secure handsfree proximity-based access control is provided by a system that includes one or more system devices located near different secured resources. Each system device may broadcast a changing unique identifier to user devices in wireless range of the system device. The system may also include an application that runs on each user device, and that obtains a signal strength measurement in response to receiving or detecting a current identifier advertised from a system device. The application may request access to a secured resource over one or more available wireless networks in response to satisfying the signal strength threshold. The system may include an access control unit that authorizes access to the secured resource based on the earliest arriving request, and further based on an identifier of the request matching to the current identifier, and the current identifier not having been previously used to obtain access to the secured resource.