Abstract: Methods and systems are described herein for performing privacy-preserving operation of a system for acquiring non-fungible tokens (NFTs) using on-chain data. In particular, a user feed initialization system may determine that a privacy-preserving login is requested and may receive an on-chain address associated with a cryptography-based storage application (e.g., an address associated with a crypto wallet of a user) and determine, based on the on-chain address, NFTs that the user's cryptography-based storage application controls (e.g., NFTs that the user owns). The user feed initialization system may use on-chain data associated with the NFTs (e.g., via interrogating the on-chain programs associated with the NFTs that the user owns) to identify (e.g., via a machine learning model) other NFTs that the user may desire to acquire.

Abstract: A data managing method. Metadata including a sharing policy is applied to a data file on a computing device. A sharing of the data file from the computing device via a network to a platform hosted by a computing system is detected. It is determined whether the platform is in compliance with the sharing policy, and it is reported whether the platform is in compliance with the sharing policy.

Abstract: A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: Systems and methods for device type classification system include a rules engine and a machine learning engine. The machine learning engine can be trained using device type data from multiple networks. The machine learning engine and the rules engine can receive data for devices on a network at a first point in time. The data can be submitted to a rules engine and the machine learning engine, which each produce device type probabilities for devices on the network. The device type probabilities from the rules engine and the machine learning engine can be processed to determine device types for one or more devices on the network. As more data becomes available at later points in time, the additional data can be provided to the rules engine and the machine learning engine to update the device type determinations for the network.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A method for controlling application enabling includes receiving from a user an indication of data for sharing and an indication of one or more recipients with which to share the data. A multidimensional zone is determined based on the indication of the data and the indication of the one or more recipients. A request from the user to enable an application via a computing device is detected. Data permission requirements of the application are accessed, and a multidimensional coordinate is determined based on the data permission requirements of the application. The multidimensional zone is compared to the multidimensional coordinate, and the user is notified via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate. An affirmation of the request is received from the user via the computing device, and the application is enabled responsive to the affirmation of the request.

Abstract: Methods and apparatus for controlling transmission of a base station, such as a Femto cell, based on the determined quality of a backhaul connection to a network are disclosed. In particular, a quality of a backhaul connection of a base station to a node in a communication network is determined. Based on this quality determination, transmission from the base station is either limited or stopped when the determined quality fails to meet a predefined condition. The degradation in quality of the backhaul connection, for example, affects the ability of the base station to offer sufficient service to access terminals. By limiting or stopping wireless transmission of the base station when the backhaul quality is degraded, access terminals either currently accessing the base station or attempting to connect to the base station can then more efficaciously hand off to another base station or access point.

Abstract: A method for controlling application enabling includes receiving from a particular user an indication of data for sharing and an indication of one or more recipients with which to share the data. A multidimensional zone is determined based on the indication of the data and the indication of the one or more recipients. A request from the particular user to enable a particular application via a computing device is detected. Data permission requirements of the particular application are accessed, and a multidimensional coordinate is determined based on the data permission requirements of the particular application. The multidimensional zone is compared to the multidimensional coordinate, and the particular user is notified via the computing device of the comparing of the multidimensional zone to the multidimensional coordinate. An affirmation of the request is received from the particular user via the computing device, and the particular application is enabled responsive to the affirmation of the request.

Abstract: A data managing method. Metadata including a sharing policy is applied to a data file on a computing device. A sharing of the data file from the computing device via a network to a platform hosted by a computing system is detected. It is determined whether the platform is in compliance with the sharing policy, and it is reported whether the platform is in compliance with the sharing policy.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: A method of selecting devices on a private network for security protection via a network security device comprises classifying devices on the private network into devices that are sometimes protected and devices that are always either protected or not protected. Threats are monitored, the threats comprising at least one of a macro security event and a local security event, the macro security event detected by one or more external systems and the local security event detected by one or more devices local to the private network. When a threat is detected, it is determined whether the detected threat is a threat to one or more devices on the private network classified as devices that are sometimes protected, and if the detected threat is determined to be a threat to the one or more devices that are sometimes protected the one or more devices are protected.

Abstract: A method for enabling secure communication. The method includes providing a first virtual network function (“VNF”) at a first network location and providing a second VNF at a second network location. A first Layer 3 virtual private network (“L3 VPN”) tunnel is constructed by the first VNF and the second VNF between the first network location and the second network location, and a first local area network (“LAN”) at the first network location and a second LAN at the second network location are connected by the first L3 VPN tunnel. Further provided is a method for establishing a secure communication environment.

Abstract: A method of identifying malicious activity in a sequence of computer instructions includes monitoring data flows from a public network to one or more networked devices on a private network and to one or more honeypots that appear to the public network to be devices on the private network, representing each such data flow as a word, and the sequence of data flows as comprising an n-gram of two or more words. The data flows are characterized with a likelihood of being malicious based on their statistical association with the one or more honeypots relative to their statistical association with one or more networked devices. Identified malicious activity is used to train a network device to identify malicious data flows and prevent them from reaching devices on the private network.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: A method for applying electronic data sharing settings. The method includes determining a first image or a first plurality of images shared by a user to a first network-enabled application. A first plurality of image components are extracted from the first image or the first plurality of images, and access by the first network-enabled application to a second image or a second plurality of images stored on a computing device of the user is enabled based on the first plurality of image components extracted from the first image or the first plurality of images. A method for controlling internet browsing is further provided.

Abstract: A recommendation engine can provide recommendations with respect to an application and can provide insights to a user of a computing device. The recommendation engine can receive a prediction based on user engagement with the application during an initial period of time (e.g., a trial period) as to whether the user will convert use of the application to a paid basis (e.g., a subscription or license to the application). An action can be recommended based on the prediction. The recommendation engine can provide insights to a user based on a score associated with the insight. The score can be determined by measuring previous user interactions with the insight over a period of time.

Abstract: A method includes monitoring data security events on mobile computing devices and positions of the mobile computing devices when the plurality of data security events occurred. A plurality of demographic information of the plurality of geographic positions are determined and a classifier is trained based on the data security events and demographic information. A particular mobile computing device is determined to be located at a particular geographic location and particular demographic information of the particular geographic location is determined. The classifier is applied to the particular demographic information and a particular security risk prediction of the particular geographic location is generated. A particular security measure is activated on the particular mobile computing device based on the particular security risk prediction.

Abstract: Programmatic mechanisms that enable the automatic assignment of categories to network entities based on observed evidence. Agents gather observation data that identifies observations made by agents about the network and a plurality of nodes of the network. The agents provide the observation data to a classification module, which assigns a device category to the nodes of the network based on the observation data and a probabilistic node model. The probabilistic node model considers several probabilities to ascertain a recommended device category for a particular node, such as probabilities based on a manufacturer of a node, an operating system executing on a node, information about other nodes in the local vicinity of a node, and an administrator web page associated with a node. The classification module may also assign a particular network category to the network based on the observation data and a probabilistic network model.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.