Abstract: Systems and methods for mitigating network attacks include, responsive to detection of malicious traffic in a network, causing creation of an isolated network slice in the network where the isolated network slice is a set of connection resources that are allocated to a flow of traffic and that spans a plurality of network devices in the network; and causing rerouting of the malicious traffic from a source node of the malicious traffic to a deceptive network resource along the isolated network slice.

Abstract: Wireless communications systems and methods related to uplink buffer management are provided. In some aspects, a user equipment receives a synchronization acknowledgment message destined for a device tethered to the user equipment and transmitted by an application server at a network to which the user equipment is connected. In some aspects, the synchronization acknowledgment message includes an application server receiver window size indicating available buffer space in a receive buffer of the application server. The user equipment can modify the application server receiver window size in the received synchronization acknowledgment message prior to transmitting the received synchronization acknowledgment to the tethered device.

Abstract: Apparatus and method provide for wagering across multiple gaming operators operating at respective locations, using respective accounts accessible according to a location of a player.

Abstract: Systems and methods for predicting throughput in a network are described herein. The systems and methods use, in some examples, impaired DNS lookup times to predict what a throughput measurement would have been at the time of the issue had a measurement been taken. Using impaired DNS lookup times rather than constantly measuring throughput can reduce the workload of the cellular network while also reducing the storage capacity needed to measure throughput values for all of the devices using the cellular network. Throughput prediction may be used in other ways, including, but not limited to, device testing and assessment.

Abstract: The present disclosure discloses a method and system for sharing a multi-protocol port and a server, where a designated field for storing a listening structure is newly added to a listening structure of an HTTP protocol. The method includes: writing, with respect to a target port, a listening structure of an RTMP protocol into the designated field of the HTTP protocol if the HTTP protocol and the RTMP protocol share the target port; detecting a target protocol corresponding to a connection request when the connection request is received by the target port; and reading the listening structure of the RTMP protocol from the designated field to obtain configuration information of the RTMP protocol if the target protocol is the RTMP protocol, and processing the connection request using the configuration information of the RTMP protocol.

Abstract: Examples described herein relate to a method for managing data management policies of resources. An example includes detecting a movement of a resource from a first resource group protected by a first data management policy to a second resource group protected by a second data management policy. Further, in response to detection of the movement of the resource, a data management policy of the second resource group may be upgraded if first data management policy provides an enhanced level of copy data management over the second data management policy.

Abstract: Apparatus for data communication includes a network interface for connection to a packet data network and a host interface for connection to a host computer, which includes a central processing unit (CPU) and a host memory. Packet processing circuitry receives, via the host interface, from a kernel running on the CPU, associations between multiple remote direct memory access (RDMA) sessions and multiple different User Datagram Protocol (UDP) 5-tuple, which are assigned respectively to the RDMA sessions, and receives from an application running on the CPU a request to send an RDMA message, using a selected group of one or more of the RDMA sessions, to a peer application over the packet data network, and in response to the request, transmits, via the network interface, one or more data packets using a UDP 5-tuple that is assigned to one of the RDMA sessions in the selected group.

Abstract: An anchor vehicle includes a network device configured to access a network using dedicated wireless connectivity, and a processor. The processor is programmed to: receive a request for accessing the network using the dedicated wireless connectivity from a connected vehicle; determine whether the connected vehicle has consented to monitoring compliance with a warranty of the connected vehicle; and provide, to the connected vehicle, access to the dedicated wireless connectivity via the anchor vehicle in response to determining that the connected vehicle has consented to monitoring the compliance with the warranty of the connected vehicle.

Abstract: A Dynamic Host Configuration Protocol (DHCP) server includes a memory storing computer-readable instructions, and a processor configured to execute the computer-readable instructions to determine a media access control (MAC) address associated with a client, determine the MAC address associated with the client is a randomized MAC address, and assign an IP address the client from a DHCP IP server pool. The processor assigns an IP address to the client from a DHCP IP server pool using one of identifying, in a DHCP server table, at least one host name of the client and assigning a previously assigned IP address to the at least one host name of the client, and when the host name of the client is not available, assigning the IP address using a first lease with a first duration shorter than a default lease duration used for non-randomized MAC addresses.

Abstract: A network device including a main bridge, a first bridge, a controller, and an Ethernet port is provided. When the Ethernet port is connected to a mesh network, the processing unit performs the following steps: controlling the Ethernet port to transmit a first broadcast packet; when the Ethernet port receives a second broadcast packet, parsing the second broadcast packet to extract the packet path information to determine whether a path loop exists; determining, according to the Ethernet interface weight (EIW), the slave interface uplink weight (SIUW), and the master device weight (MW) carried by the first broadcast packet and the second broadcast packet, (1) whether the network device plays a master device role, (2) whether the bridge of the Ethernet port is set as the main bridge or the first bridge, and (3) whether the Ethernet port allows data transmission.

Abstract: The disclosure herein describes a virtual extensible local area network (VXLAN) gateway. During operation, the VXLAN gateway receives, from a physical host, an Ethernet packet destined for a virtual machine residing in a remote layer-2 network broadcast domain that is different from a local layer-2 network broadcast domain where the physical host resides. The VXLAN gateway then determines a VXLAN identifier for the received Ethernet packet. The VXLAN gateway further encapsulates the Ethernet packet with the virtual extensible local area network identifier and an Internet Protocol (IP) header, and forwards the encapsulated packet to an IP network, thereby allowing the packet to be transported to the virtual machine via the IP network and allowing the remote layer-2 network broadcast domain and the local layer-2 network broadcast domain to be part of a common layer-2 broadcast domain.

Abstract: A file storage application that processes file operations is communicably connected with a block storage application that processes block operations by establishing multiple communication sessions between the file storage application and the block storage application. Multiple logical volumes provided by the block storage application are exposed to the file storage application over the multiple communication sessions established between the file storage application and the block storage application using a total number of logical paths to the logical volumes that is equivalent to the total number of the logical volumes provided by the block storage application to the file storage application.

Abstract: SaaS for content portion selection a.k.a. content curation using conventional web browsers with no software installation: for enabling a user to select portions of content are disclosed. The user selected portions of content, or references to them, are stored in a repository and are made available for subsequent viewing to a potentially larger universe of users. Neither group of users: the ones selecting the portions of content, nor those viewing the previously selected portions of content, need to install any special software to avail all these benefits.

Abstract: The subject technology receives a transaction for performing an operation on a distributed database, the transaction associated with an account. The subject technology identifies a tenant corresponding to the account associated with the transaction. The subject technology retrieves a set of encryption keys based at least in part on the account and the tenant. The subject technology determines a derived encryption key using a cryptographic hash function applied to a hybrid tenant master encryption key and a local random generated identifier. The subject technology encrypts a record value and a key value associated with transaction using the derived encryption key. The subject technology determines a tree structure associated with the tenant. The subject technology determines a non-leaf node using a tenant prefix of the tenant. The subject technology inserts the encrypted record value, and the encrypted key value at a leaf node below the non-leaf node of the tree structure.

Abstract: An information management system may store information related to tasks to be performed by workers in an organization. Workers in the organization may communicate with the information management system using email messages. The information management system may not require a login or authentication procedure, and workers may interact with the information management system without the need to log in to the information management system. The information management system may receive an email message from a worker that indicates a request for a report. The information management system may determine whether to transmit the report to the worker based on whether the worker is appropriately registered with the information management system, and/or whether the worker has administrative privileges. The information management system, in response to a positive determination, may transmit the report to the email address from which the requesting email message was sent.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A method including receiving, by an infrastructure device from a virtual private network (VPN) server, a request for a VPN operating system for installation on a volatile memory associated with the VPN server; determining, by the infrastructure device, that the VPN server is authenticated to receive the VPN operating system based at least in part on authentication information received in association with the request; and transmitting, by the infrastructure device to the VPN server, the VPN operating system for installation on the volatile memory based at least in part on determining that the VPN server is authenticated to receive the VPN operating system. Various other aspects are contemplated.

Abstract: Systems and methods include receiving a traceroute packet at a relay node; responding to the traceroute packet with a first data structure inside the traceroute packet that indicates a propagation mode at the node and an operation type performed at the node, receiving subsequent traceroute packets from the initiator node with a second data structure inside the subsequent traceroute packets with data used to indicate changes in a header of the subsequent traceroute packets, and forwarding the subsequent traceroute packets with the changes to the header based on the data. The systems and methods can include utilizing the first data structure to determine the changes in the header of the subsequent traceroute packets. This can be used in Multiprotocol Label Switching (MPLS), Segment Routing (SR), and Internet Protocol (IP), where a TTL/Hop Limit propagation is limited.

Abstract: The present disclosure relates to computer-implemented methods, software, and systems for generating access tokens at an authentication server based on authorization codes. A first authorization server from a set of authorization servers receives a request for authorization of a request to access a resource by a resource owner. The first authorization server validates the request for authorization of the request to generate an authorization code. In response to successful validation of the request for authorization to generate the authorizaction code, the first authorization server generates a single-use authorization code by signing the generated authorization code with a unique private key. A unique public key is maintained for verifying the signed authorization code. The single-use authorization code is generated in a self-contained format.

Abstract: A computing system receives, from a client device, a first request for access to a single page application associated with the computing system. A gateway of the computing system intercepts the first request before it reaches a shell service associated with the single page application. The gateway sends a second request for the single page application to the shell service. Based on the single page application request, the gateway determines that the shell service is experiencing a failure. Responsive to determining that the shell service is experiencing a failure, the gateway retrieves, from a content delivery network, a uniform resource locator (URL) associated with a time-lapse hypertext markup language (HTML) of the single page application. The gateway redirects the client device to the time-lapse HTML of the single page application using the URL.

Abstract: A method is disclosed. The method comprising receiving, by a processor computer from a coordination computer, a push transfer instruction message comprising a recipient address associated with a recipient, a data item, and a time period for transferring the data item to a recipient account associated with the recipient address. The method also includes storing, by the processor computer, the push transfer instruction message. After the time period, the push transfer instruction message comprising the data item is transmitted to a recipient authorizing entity computer associated with the recipient address to transfer the data item.

Abstract: Systems and methods are provided for generating demonstration gameplay streaming via a cloud gaming system. The method includes executing a game from a library of games managed by the cloud gaming system. The executing causing the game to launch and progress to a gaming session where modules of the game are pre-loaded and waiting for interactive input of the game. The method includes advancing, by the cloud gaming system, in the game from a level to a later level in the game. Then pausing the game on the cloud gaming system and generating a post that is indicative of the game and the later level. The post being displayed on a website, and wherein the executing of the game, the advancing and the pausing being processed by the cloud gaming system without user input. In some embodiments, other users can advance the gameplay, and other users can resume play from where they left off, without needed to re-load the game.

Abstract: Embodiments as disclosed herein may provide systems and methods for component integration and security. In particular, in one embodiment, a native component that presents a network based interface may be on a device, where that native component may expose a network based interface for access by other components. This native component can then be accessed through the network based interface. To address security concerns and other issues, the native component may be configured to determine if a received request is associated with the same user space and only respond to requests originating from the same user space.

Abstract: A method for identifying devices on a network, comprising: determining, by a discovery application, a prioritized discovery plan including a plurality of tiers of requests, each of the tiers specifying one or more probes for targeting specific types of devices. For each of the tiers in the prioritized discovery plan: the method further comprises causing, by the discovery application, one or more of the probes specified for the tier to transmit targeted requests to a set of active addresses on the network. Upon receiving responses from at least a subset of the one or more addresses, the method comprises identifying, by the discovery application, one or more devices connected to the network based on the responses to the targeted requests. The method further comprises removing, by the discovery application, addresses corresponding to the identified one or more devices from the set of active addresses on the network.

Abstract: A node configured as any of a proxy, a Secure Web Gateway, and a Secure Internet Gateway is configured to perform steps of establishing a connection with a user device having a user associated with a tenant; obtaining policy for the user; monitoring traffic between the user device and the Internet including snooping session keys for any encrypted traffic; analyzing the traffic based on the policy including utilizing the session keys on the encrypted traffic; and one of allowing, blocking, or limiting the traffic based on the analyzing.

Abstract: An apparatus for use in an identity management system includes a storage device; a network interface; and a processor, the storage device storing software instructions for controlling the processor to: process a request, received via a network interface, for an exclusive claim to a unique identifier associated with an individual; verify the individual's claim to the unique identifier is proper; if the individual's claim is verified, create a user account, wherein the user account is associated with the respective individual's claimed unique identifier; provide a look up service for responding to external queries regarding whether individual unique identifiers of the type claimed by the individual have been claimed; and provide proof of the identity of the individual based on the individual's exclusive claim to the claimed unique identifier in response to a request to provide said proof if authorized by the individual through the user account.

Abstract: In an embodiment, a statistical approach for augmenting signature detection in a Web application firewall includes receiving a new request including a parameter in a uniform resource identifier (URI), tokenizing the new request, and determining a compound probability that tokens in a value that is associated with the parameter of the URI and that is included in the new request are associated with an attack. The compound probability is determined based at least in part on component probabilities of tokens of historical values associated with the parameter of the URI.

Abstract: Embodiments of the present invention provide a video content display method, a client, and a storage medium. The video content display method comprises: upon receipt of a startup instruction, measuring the current state parameter; if the current state parameter meets a preset display condition, reading pre-loaded video data, the preset display condition being used for determining whether to display the video content to be displayed of the pre-loaded video data; embedding the pre-loaded video data into the current information flow to obtain an information flow to be displayed; and in response to the startup instruction, playing back a target video corresponding to the information flow to be displayed to realize the display of said video content.

Abstract: Techniques are provided for identifying duplicate usages of configuration values in Network Management Interfaces (NMIs). Network administrators may inadvertently enter duplicate values such as Internet Protocol addresses in one or more NMIs. A browser extension captures a configuration value and determines whether it has been used already, such as by accessing a database with the value and a field type. If it has been used, summary and/or detailed information can displayed on the NMI describing the duplicate usages. The summary display can be a hyperlink which indicate a number of duplicate usages in other views and NMIs. When the hyperlink is selected, a pop-up display can provide detailed information by rendering the other views in a read-only mode, of a same NMI or other NMIs. To render the views, a Document Object Model and Cascading Style Sheet Object Model of the views can be accessed.

Abstract: An edge switching device of an edge switching system includes: a remaining lease time information obtainment unit configured to obtain remaining lease time information for each of user terminals from a DHCP server; a submission order determination unit configured to determine a submission order for user configuration information in order from a shortest remaining lease time; a user configuration information submission unit configured to submit, to a backup system edge router, user configuration information of each of the user terminals, according to the determined submission order; and a reconnection inducement instruction unit configured to send, to the DHCP server, an instruction to send reconnection inducement information to the user terminals for which the user configuration information has been submitted.

Abstract: A service management system communicates via wide area network with gateway devices located at respective user premises. The service management system remotely manages delivery of application services, which can be voice controlled, by a gateway, e.g. by selectively activating/deactivating service logic modules in the gateway. The service management system also may selectively provide secure communications and exchange of information among gateway devices and among associated endpoint devices. An exemplary service management system includes a router connected to the network and one or more computer platforms, for implementing management functions. Examples of the functions include a connection manager for controlling system communications with the gateway devices, an authentication manager for authenticating each gateway device and controlling the connection manager and a subscription manager for managing applications services and/or features offered by the gateway devices.

Abstract: The subject technology provides an in-place encoding of a network identifier that compresses the network identifier without mapping the network identifier to a another server or service, such as URL shortening service. The network identifier may be compressed using segmented encoding operations that segment the network identifier, and encode the characters of the network identifier using a first set of encoding operations for a first portion of the network identifier and a second set of encoding operations for a second portion of the network identifier. Template encoding may also be provided for network identifiers that conform to a predefined template format.

Abstract: The present disclosure generally relates to interfaces and techniques for media playback on one or more devices. In accordance with some embodiments, an electronic device includes a display, one or more processors, and memory. The electronic device receives user input and, in response to receiving the user input, displays, on the display, a multi-device interface that includes: one or more indicators associated with a plurality of available playback devices that are connected to the device and available to initiate playback of media from the device, and a media playback status of the plurality of available playback devices.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: A system and method for selling product is provided. In accordance with one aspect, shoppers using an Internet-based commerce site may request custom designed products rather than mass produced products from willing sellers. Shoppers may provide terms under which the custom good must be manufactured. Various systems and methods may also provide a platform for shoppers and sellers to negotiate terms and/or to incorporate negotiated terms into such requests. According to some embodiments, the system and method for selling product facilitates fabrication, delivery and payment for customized goods. In one embodiment, requests for customized goods may be fulfilled by multiple sellers. One example includes multiple sellers fulfilling a custom request, and another includes multiple sellers each producing a part of a desired quantity for a custom request, among other options. One aspect also includes allowing shoppers to request custom made products from one or more manufacturers.

Abstract: According to examples, an apparatus may include a processor that may identify a navigation event responsive to a URL being entered into an address bar of a web browser, the URL having a domain and a URL component, and may determine whether the web browser received an instruction to navigate to a return URL, in which the return URL includes a suffix domain for a proxy and does not include the URL component. The processor may also, based on a determination that the web browser received the instruction to navigate to the return URL, generate a modified URL by appending the suffix domain to the URL to restore context of the URL for the proxy and navigate the web browser to the modified URL.

Abstract: The technology disclosed relates to a network security system (NSS) that reduces latency in security enforcement. The NSS comprises a deployer. The deployer periodically updates performance bypass lists deployed to endpoint routing clients running on devices. The performance bypass lists identify exempt connection identifiers that are not subject to routing through a traffic inspection proxy (abbreviated TIP) and being used by the endpoint routing clients to classify incoming connection access requests as non-exempt or exempt. The TIP, in dependence upon the performance bypass list-based classification by the endpoint routing clients, inspects non-exempt incoming connection access requests and applies a policy, and remains agnostic to exempt incoming connection access requests.

Abstract: A method for an information processing apparatus includes searching for a printer, determining whether a printer detected by the searching is capable of executing a process according to a predetermined specification conforming to Internet Printing Protocol, and setting the information processing apparatus so as to generate a print job to be sent to the detected printer according to the predetermined specification, based on a determination that the detected printer is capable of executing the process according to the predetermined specification. Downloading of software to be used for generating a print job to be sent to the detected printer is facilitated, based on a determination that the detected printer is not capable of executing the process according to the predetermined specification.

Abstract: Described embodiments provide systems and methods for pushing session information to a newly joined node in a cluster of nodes. In the cluster, each node may maintain a session table of existing sessions. One or more nodes may detect a new node has joined the cluster. Each node, responsive to the detection, may apply a hash function on a tuple of each session of the existing sessions in the session table of the node to determine whether one or more existing sessions are identified to be owned by the new node as a result of the hash function. Each node, responsive to identifying that one or more sessions are to be owned by the new node, may push corresponding session information to the new node. The new node may become configured to receive a packet corresponding to the one or more sessions and to process the packet.

Abstract: In one embodiment, a cloud computer system is disclosed for controlling a plurality of remote devices comprising a cloud server including a cloud based operating system comprising a data model stored in a computer memory. The data model includes commands performed by a plurality of remote devices in a remote system and, for each remote device, one or more operations for triggering processes executed by the remote device. The cloud based operating system generates a set of instructions from the plurality of commands and corresponding operations to control a portion of the remote devices to perform a task.

Abstract: A network sanitization technology for enforcing a network edge and enforcing particular communication functions for untrusted dedicated-function devices such as internet protocol (IP) IP cameras. An untrusted network device is isolated from a network by a network sanitization system such that it cannot communicate with the network. Communications from the untrusted device are intercepted by the system and only allowed communications are used. Allowed communications are used to create new communications according to an allowed framework. Sanitization device may be in small two-port package with visual indicia indicating the untrusted device and the network side. The device may use and provide power over Ethernet (PoE) PoE to device. Abstract is not to be considered limiting.

Abstract: Providing a profile as a service is described herein. In an example, a computer system of stores account information for an account with a first service provider and profile information of a profile of the account. The computer system stores access control information that controls access to the account information and the profile information. The computer system receives an information request of a second service provider and determines, based at least in part on the access control information, a permission for the second service provider to access at least a portion of the profile information. The computer system sends, to the second service provider, the portion of the profile information in a response to the information request.

Abstract: Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames.

Abstract: Embodiments of the present disclosure provide a system, including at least one processor and a memory component having instructions stored thereon, which, when executed by the processor, cause the processor to perform operations, including presenting data from a distributed network of data sources via a user interface of a user device, by identifying a set of frames associated with the user, the frames including data from the data sources loaded into frames of a container page, authenticating the set of frames, and generating the container page for display. Operations include facilitating secure communications between the authenticated frames of the container page, by receiving a message from one of the authenticated frames, verifying authenticated status of the sender frame, and transmitting the message to target frames. Operations further include presenting an updated version of the data from the data sources, based on the secure communications, by updating the container page.

Abstract: A system can determine that a mobile device, located at a physical place of business transmits a first electronic communication for redemption of an electronic offer at the physical place of business. The system can further detect a second electronic communication transmitted from the mobile device, which indicates a first identifier. The first identifier can be associated with a verifier of the electronic offer (e.g., a staff member) at the physical place of business. The system can further determine, based on analysis of the first identifier, a second identifier (e.g., contact data, a telephone number, etc.), that corresponds to the verifier, without providing the second identifier to the mobile device. The system can further electronically transmit, utilizing the second identifier, a third electronic communication that indicates information about the redemption of the electronic offer.

Abstract: A method and system for determining a path of data traffic based on a destination Internet Protocol (IP) address, the destination IP address being either private or public and belonging to any one of multiple organizations. In the method and system, a VPN is activated at a telecommunication endpoint. In response to activating the VPN, a service device on a private network interconnects with a VPN gateway. A subscriber identifier associated with the telecommunication endpoint and the destination IP address of one of the multiple organizations is received at a managed service platform. If both the subscriber identifier and the destination IP address of the one of the multiple organizations are not registered in a predetermined policy database at the telecommunication endpoint, a subscriber identified by the subscriber identifier is prompted to register the subscriber identifier associated with the telecommunication endpoint.

Abstract: In one embodiment, a particular device in a deterministic network performs classification of one or more packets of a traffic flow between a source and a destination in the deterministic network. The particular device determines, based on the classification of the one or more packets, a requirement of the traffic flow. The particular device performs, based on the requirement, a packet operation on at least one packet of the traffic flow. The particular device sends packets of the traffic flow towards the destination via two or more paths in the deterministic network.

Abstract: In some implementations, a user device can maintain a multi-device context store. For example, the user device can receive device and/or user context information from multiple devices and store the context information in a local data store. The user device can collect local device and/or user context information and store the context information in the local context store. The user device can receive user/device context queries from client processes and send the client processes user/device context information from multiple devices in response to the queries.

Abstract: Systems and methods for a continuous monitoring of analyte values received from an analyte sensor system are provided. One method for a wireless data communication between an analyte sensor system and a mobile device involves storing identification information associated with a transceiver of the analyte sensor system, the identification information entered by a user of the mobile device via a custom application running on the mobile device; causing the custom application to enter a background mode; searching for advertisement signals; receiving an advertisement signal from the transceiver; authenticating the transceiver based on the identification information; prompting the user to bring the custom application to a foreground mode; causing the custom application to request a confirmation from the user that a data connection with the transceiver is desired; receiving the confirmation from the user; and completing the data connection with the transceiver.

Abstract: Certain aspects of the present disclosure provide techniques for generating a user experience for a software program product based on a knowledge engine. Techniques for generating the user experience include a UI builder tool providing a set of tabular UI views and receiving in each tabular UI view corresponding input data for generating a calculation graph, a completeness graph, and a client UI view. Based on the input data, the UI builder tool and knowledge engine can generate a set of artifact files. The knowledge engine can generate and/or execute the calculation and completeness graphs as defined in the corresponding artifact files. The UI builder tool can generate an instance of the client UI view. With the generated calculation graph(s), completeness graph(s), and an instance of the client UI view, the user experience can be provided to a computing device.