Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

Abstract: Apparatus, systems, and methods for managing a network. One or more network devices on a network and a QoS policy are periodically evaluated. A QoS operational status of the network is evaluated and a remediation action is implemented based on the evaluation of the QoS operational status of the network and the evaluation of the QoS policy, the remediation action comprising adjusting a bandwidth allocation for each of one or more queues.

Abstract: Systems, computer program products, and methods are described herein for source independent but source value dependent transfer monitoring.

Abstract: A packet filtering system uses linked zero-based binary search trees to filter received packets. The binary search trees may be generated from filter conditions defining filter parameters for filtering packets.

Abstract: A Third Generation Partnership Project (3GPP) based network, such as an enterprise private 3GPP network, is operative to provide a guest onboarding of a device using a realm-based discovery of an identity provider and a mutual authentication of identity federation peers. A secure connection may be established between the peers so that the device may be authenticated based on credentials associated with a Subscriber Identity Module (SIM) provided by its Mobile Network Operator (MNO). Credentials may be extended to those associated with embedded SIMs (eSIMs), digital certificates from private enterprises, login and passwords, and identities from a wide range of identity providers. After device authentication, the 3GPP-based network is operative to select and enforce access policies according to an identity or other attribute of the device.

Abstract: A computer-implemented method of providing targeted content to a user includes generating a query index from a data corpus, the query index including a plurality of market segment-based queries, wherein each market segment-based query of the plurality of queries is configured to provide targeted content on a browser user interface of a user determined to be within a corresponding market segment.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: An approach for publishing posts on a social network through one or more user accounts with different levels of attribution is disclosed. A secure user account publishes a post through a programmatically linked buffer user account. The secure user account and the buffer user account are programmatically linked. Posts published via the buffer user account can be modified to add attribution image data or other visual indicators of the original post creator.

Abstract: An electronic device can implement a zero-latency digital assistant by capturing audio input from a microphone and using a first processor to write audio data representing the captured audio input to a memory buffer. In response to detecting a user input while capturing the audio input, the device can determine whether the user input meets a predetermined criteria. If the user input meets the criteria, the device can use a second processor to identify and execute a task based on at least a portion of the contents of the memory buffer.

Abstract: A device management apparatus includes a communicator transmitting and receiving various types of data to and from the device; a management ID issuer issuing a unique management ID to the device; a storage that stores device specifying information of the device, the device specifying information including the management ID and predetermined device identification information; a display displaying, in a list of devices to be managed, the device to which the management ID is issued; and a controller controlling the communicator, the management ID issuer, the storage, and the display, where when the communicator has received a connection request from a device via the network, the controller judges whether the device has a management ID, and if the device has no management ID, the controller controls the management ID issuer to issue a unique management ID to the device and controls the communicator to transmit the unique management ID.

Abstract: It is proposed a technical solution to leverage the characteristics and generally speaking, the performance of DLT networks. This solution proposes building a federation of DLT networks which work together regardless of the underlying technologies to guarantee data consistency, wider consensus and enhanced trust. The proposed solution includes, among others, a distributed transport mechanism for the exchange of control data between the different networks of the federation; and the spread and storage of “proofs of history” of the network to protect and validate the connected networks integrity.

Abstract: The present disclosure provides data-driven methods and apparatuses for predicting user inquiries. One exemplary method includes: collecting user behavior data and pre-processing the user behavior data when a user inquiry is received; extracting candidate user behavior data that is contributive to the user inquiry from the pre-processed user behavior data; screening the candidate user behavior data based on a set target behavior data set, and selecting candidate user behavior data that is contained in the target behavior data set; inputting the screened candidate user behavior data into a trained classifier model; and predicting an inquiry category to which the user inquiry belongs. One exemplary apparatus includes a pre-processing module, an extraction module, and a prediction module. The method and the apparatus embodiments of the present disclosure can improve the efficiency and accuracy of the prediction.

Abstract: Media, methods, and systems are disclosed for mitigating network resource contention. Event scheduling details are received regarding one or more virtual events. In response to determining that an upcoming virtual event will begin within a predetermined time threshold, various steps are performed. First, a predicted number of event participants is determined. Next, database artifacts associated with the upcoming virtual event are prefetched. Then static event display resources are accessed prior to a start of the upcoming virtual event, and the database artifacts and the static event display resources are cached. A network protocol request to access network resources is received from a client device. The database artifacts and the static event display resources are pushed to a client-side cache associated with the client device, and a minimal network response is transmitted to the client device.

Abstract: Systems and methods are provided for migration of workspaces configured in an IHS (Information Handling System). According to one embodiment, an IHS includes a workspace orchestration service that is executed to manage deployment of workspaces on the IHS; and computer-executable instructions to receive a request to migrate a first workspace from the IHS to a computing platform external to the IHS. Upon receipt of the request, the instructions instantiate a second workspace on the computing platform while the first workspace continues to operate on the IHS, and when the second workspace has been instantiated, copy one or more state-based parameters from the first workspace to the second workspace. When the state-based parameters have been configured on the second workspace, commence operation on the second workspace.

Abstract: Techniques for maintaining and curating memories stored as data objects are described. A computing device receives a data object. The computing device analyzes, using a model, the data object to determine one or more classifications for the data object. The computing device stores the data object and the one or more classifications for the data object in a storage component of the computing device.

Abstract: A method of assigning IP addresses to devices of a building control network includes receiving a selection of selected devices of a plurality of devices from a user interface. The selected devices are displayed in a predetermined order on a display. A proposed static IP address for a first device in the predetermined order of the selected devices is received from the user interface. A static IP address is sequentially assigned to each of the selected devices following the first device in accordance with the predetermined order, assuming the subnet mask has been confirmed as valid. The selected devices in the predetermined order along with the assigned static IP addresses for each of the selected devices are displayed on the display. The assigned static IP address for each of the selected devices are downloaded to the corresponding one of the selected devices.

Abstract: An environment includes at least two network devices and a plurality of downstream devices or networks. The downstream devices or networks are communicatively coupled to network interfaces of the network devices using a plurality of data cables. The data cables each comprise a switch device configured to switch communication paths to the coupled network devices. Each of the data cables communicatively couple each of the network devices to one of the plurality of downstream devices or networks so that each of the downstream devices or networks has a communications path to each of the network devices and a switchable communications path from each of the network devices. The network devices do not arbitrate active/passive status via direct communication. Based on data contained in a reply packet indicating that a request packet sent by the first network device was acknowledged, the first network device determines that the first network device is an active network device.

Abstract: An authorization entity in a communication system comprising a service-based architecture receives a request from a service consumer in the communication system for access to a given service type. The authorization entity obtains an access token that identifies a plurality of service producers for the given service type and sends the access token to the service consumer.

Abstract: Aspects of the subject disclosure may include, for example, analyzing data to identify that the data is associated with an online game, translating, based on the analyzing, a first address associated with the data to a second address that is different from the first address, and transmitting the data to a communication device using the second address. Other embodiments are disclosed.

Abstract: An example embodiment may involve communicating with a server to separately access first and second records of sessions between the server and computing devices of a network, the first record including a first set of fields not present in the second record and the second record includes a second set of fields not present in the first record; identifying a common field present the first and second records; correlating information across the first and second records using the common field; using a set of license misuse criteria to identify, from the correlated information, (i) a set of the sessions that meets the set of criteria and (ii) a network address of a target device involved in the set of sessions; identifying the target device using the network address; and storing an indication identifying the target device as a potential source of misuse of licensed software executable on the server.

Abstract: A transparent proxy for malware detection includes a monitor module, a protocol determination module, a challenge generation module, a response determination module, and a data control module. The monitor module examines data originating from an application towards a remote server. The protocol determination module identifies the protocol type used for the data. The challenge generation module produces a challenge for the application based upon the protocol type, sends the challenge to the application, and maintains a state related to the data and the challenge. The response determination module makes a determination if an automatic non-interactive application response is received in response to the challenge from the application. The data control module allows the first data to continue to the remote server when the determination is valid. The data control module reports malware detection and blocks the data to continue to the remote server when the determination is invalid.

Abstract: A method for mitigating outbound electronic message spam includes determining whether an outbound electronic message to a recipient sent from an electronic messaging account of a sender has at least a predetermined number of indicators of compromise. The outbound electronic message is sent to the recipient using an IP address from a first pool of service delivery IP addresses based on a determination that the message has less than the predetermined number of indicators of compromise. The outbound electronic message is sent to the recipient using an IP address from a second pool of service delivery IP addresses based on a determination that the message has at least the predetermined number of indicators of compromise. The method may further include providing a notification of a possible compromise of the electronic messaging account and the notification may include a request to modify a security feature of the electronic messaging account.

Abstract: A mobile application development system includes a developer portal that receives an application from a developer and provides a routing library to the developer to augment the application. An offline analysis system analyzes the application to (i) determine a set of activities that a handler within the application is programmed to resume in response to respective resumption requests from a host operating system and (ii) determine parameters for each of the activities. The offline analysis system generates a set of links that each corresponds to a respective one of the activities. The routing library, installed as part of the augmented application onto a user device, receives a link, from the user device's operating system, that identifies a first activity. The routing library includes instructions for generating a first resumption request based on parameters corresponding to the first activity and transmitting the first resumption request to the augmented application's handler.

Abstract: The subject technology receives image data including a representation of a physical item. The subject technology analyzes the image data to determine an object corresponding to the physical item. The subject technology extracts product metadata based on the determined object. The subject technology sends, to a server, the product metadata to determine second product metadata associated with the product metadata. The subject technology receives, from the server, the second product metadata, the second product metadata including additional information related to the physical item. The subject technology causes display, at a client device, the additional information related to the physical item based at least in part on the second product metadata.

Abstract: An information processing apparatus includes: a processor configured to: when detecting an unauthorized access to a file or a directory, set a range including at least the specific file or directory subjected to the unauthorized access as a recording range in which access logs are recorded; and after setting the recording range, update or maintain the recording range according to at least a load on a resource used to record the access logs.

Abstract: In accordance with one disclosed method, a computing system may cause a first computing device to display a first notification of a first event detected at a monitored location, and may cause a second computing device to display a second notification of a second event detected at the monitored location. The computing system may additionally cause the second computing device to cease display of the second notification in response to a change of status of the first event.

Abstract: A virtual network function (VNF) controller (or module) instantiates two or more VNFs in a communication network to support a network service where the two or more VNFs include at least a first VNF and a second VNF. The VNF controller assigns a priority value to each VNF base on an overall network impact, a physical location of at least one network resource allocated to the respective VNF, a type of service to be implemented by the respective VNF and a customer impact based on how many customers would be using the respective VNF. The VNF controller monitors network resources allocated to each VNF. The VNF controller further determines the first VNF requires additional network resources and releases the network resources allocated to the second VNF based on respective priority values. The VNF controller further allocates the network resources released by the second VNF to the first VNF.

Abstract: The disclosure provides an approach for cross-network communication by self-replicating applications. Embodiments include identifying, by a first instance of a self-replicating application on a first computing device having a first network connection to a parent component, a second computing device that is connected to the first computing device via a second network connection. Embodiments include self-replicating, by the first instance of the self-replicating application, across the second network connection to produce a second instance of the self-replicating application on the second computing device. Embodiments include initiating, by the first instance of the self-replicating application, a proxy tunnel on the first computing device. Embodiments include receiving, by the proxy tunnel, a first communication from the second instance of the self-replicating application via the second network connection.

Abstract: Embodiments of this application disclose a method for sharing data in a local area network and an electronic device. The method is as follows: A first electronic device establishes a wireless connection to a wireless access point, and receives, from a first port, access request information of a second electronic device forwarded by using the wireless access point, where the first port is a serving port for a local area network shared access protocol, and the second electronic device also establishes a wireless connection the wireless access point; the first electronic device verifies validity of the second electronic device; and if succeeds, the first electronic device sends access response information to the second electronic device, so that shared data in the first electronic device is accessed from the second electronic device, where the access response information includes an internal storage directory and a common file directory.

Abstract: Methods and systems for managing a premises are disclosed. An interface device and a premises system may be located at the premises. The interface device may receive a signal from a premises device of the premises system. An indication of the premises device may be output via a user interface. Configuration information may be associated with the premises device. The interface may monitor and control the premises device.

Abstract: The present disclosure is related to Just-In-Time (JIT) services, that discloses a method and system for providing JIT services to automotive users. A Point of Interest (PoI) service aggregator system may receive a service request from an automotive user, including one of: information related to a preferred PoI service provider, request to recommend PoI service providers, or request to list PoI service providers based on user query. Based on service request, the PoI service aggregator system may perform one of: dynamically on-boarding the preferred PoI service provider, recommending PoI service providers, or providing PoI service providers based on user query. Thereafter, a real-time synchronization may be established between a candidate PoI service provider and the automotive user to enable the candidate PoI service provider to determine arrival events including an estimated time of arrival and non-arrival events of the automotive user, to provide JIT service to the automotive user.

Abstract: An aspect of the present disclosure relates to a computer-implemented method for routing a bursty data flow comprising a series of one or more data packets over a converged network comprising a plurality of communication networks, the method comprising, for each of the series of data packets in turn: selecting which one of the plurality of communication networks to transmit that data packet over by: (i) obtaining flow statistics indicating a current flow state of the bursty data flow; and (ii) selecting the one of the plurality of communication networks in dependence on said flow statistics; then initiating transmission of the data packet over that one of the plurality of communication networks. Further aspects relate to a data processing system, a computer program, a computer-readable data carrier and a data carrier signal.

Abstract: Ransomware attack (RWA) detection is performed during an incremental or differential backup of a system of folders or directories of a computer or network of computers via an electronic network. The RWA detection includes processing incremental or differential backup metadata acquired during the incremental or differential backup to determine whether a RWA alert is issued. RWA remediation is performed at least in part on the RWA alert being issued. The RWA alert may be issued based on processing of the incremental or differential backup metadata to identify candidate new files and candidate deleted files in which the candidate new files are candidates for being encrypted copies of the candidate deleted files. RWA alert criterion may be based on counts of new versus deleted files in a folder or directory, and comparison of file sizes of the new versus deleted files.

Abstract: A method of accessing objects with fine-grained access control (FGAC) in a relational database management system (RDBMS) storing a segmented column-major database. For each object with access restrictions, an artificial neural network (ANN), is trained by generating an equally distributed segment map of segmented data entries, so that the map reproduces the row disposition in the unsegmented object. When a user access request is received, these ANNs are referred to determine if any of the objects to be accessed are subject to access restrictions. If that is the case, then the ANN creates a pseudo-view construct of its associated object which is limited to data entries that the user has permission to access. The pseudo-views are then injected into the user access request to embed the fine-grained access controls for subsequent processing of the request, which can then proceed without further regard to user-specific access restrictions.

Abstract: Methods, systems, and devices for data processing are described. Some systems may support data processing permits and cryptographic techniques tying user consent to data handling. By tying user consent to data handling, the systems may comply with data regulations on a technical level and efficiently update to handle changing data regulations and/or regulations across different jurisdictions. For example, the system may maintain a set of data processing permits indicating user consent for the system to use a user's data for particular data processes. The system may encrypt the user's data using a cryptographic key (e.g., a cryptographic nonce) and may encrypt the nonce using permit keys for any permits applicable to that data. In this way, to access a user's data for a data process, the system may first verify that a relevant permit indicates that the user complies with the requested process prior to decrypting the user's data.

Abstract: A system configured to synchronize the displays of multiple infusion pumps is provided. In some embodiments, the system includes a plurality of infusion pumps in communication with a server. An individual infusion pump synchronizes its internal clock by communicating with the server. Based on the synchronized internal clock, the infusion pump determines the current time, calculates a parameter based on the current time, and causes screen content corresponding to the calculated parameter to be displayed.

Abstract: Embodiments include herein are directed towards a method for electronic circuit design. Embodiments may include enabling data transmission between plurality of protocol adapters, each of the protocol adapters including one ingress port and one egress port, wherein the ingress port of each of the plurality of protocol adapters maintains an active connection with a single egress port at one time. Embodiments may further include transmitting data between the plurality of protocol adapters using a distributed routing matrix that provides an interface between the plurality of protocol adapters.

Abstract: Methods, systems, and devices for providing for providing computer implemented services using managed systems are disclosed. To improve the likelihood of the computer implemented services being provided, a subscription based model may be used to manage the managed systems. The subscription model may utilize a highly accessible service to obtain information regarding capabilities of managed systems to present information regarding all potential solutions that the managed systems may provide. In some cases, subscription decisions may be based on inaccurate information. To reduce the impact of such decisions, entities that are more likely to have access to accurate information may elect to honor or reject subscription decisions made by entities that are more likely to have access to inaccurate information.

Abstract: Systems and methods for using a device wallet identifier are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for generating a device wallet identifier may include: (1) receiving a wallet identifier for an electronic wallet or payment application executed by an electronic device; (2) retrieving an issuer identifier for a customer associated with the electronic wallet or payment application; (3) generating a device wallet identifier; and (4) storing a mapping of the device wallet identifier to the issuer identifier for the customer.

Abstract: In a remote control system (101), a terminal (121) waits for an instruction to be transmitted from a mediation device (111) by a browser, a virtual desktop, or the like. A remote controller (131) sends, to the mediation device (111), identification information that identifies the terminal (121) to be controlled and a service to be received by that terminal (121). If the terminal (121) identified by the sent identification information is waiting, the mediation device (111) transmits, to the waiting terminal (121), an instruction specifying the service identified by the sent identification information. The waiting terminal (121) sends, to a server (171) related to the service specified in the transmitted instruction, a request related to the service specified in the transmitted instruction. Note that it is possible to configure such that the server (171) provides the service after performing a confirmation that the terminal (121) that sends the request is the terminal (121) to be controlled.

Abstract: Methods and systems are described for providing conditional access to a service. One or more tasks may be associated with a user profile. The one or more tasks may be indicated as required to be completed to access the service. The one or more tasks may have associated deadlines. If a task is not completed by the deadline, then any device associated with the user profile may be blocked from access to the service.

Abstract: A system includes a memory device and a processor, operatively coupled to the memory device, to perform operations including receiving a request to provide a post-secrets-provisioning service with respect to a device, in response to receiving the request, determining whether to authorize the request, in response to authorizing the request, obtaining a set of secrets data corresponding to the device, and providing the post-secrets-provisioning service by performing a cryptographic function utilizing the set of secrets data.

Abstract: Disclosed are various embodiments for delegating authentication to certificate authorities. A connector service identifies a certificate request from a messenger service. The certificate request includes a credential identifier for a certificate authority. An authentication credential is retrieved using the credential identifier. A certificate request and the certificate authority authentication credential are transmitted to the certificate authority. A certificate is retrieved and provided as a response to the certificate request.

Abstract: This disclosure describes techniques for managing the replication of a secret across different regions. A secrets management system (SMS) may be used to manage replication of secrets across different regions of the cloud that are in different geographic locations. Different input mechanisms, such as an API, a UI, or a CLI may be utilized to manage the replication of secrets. In some examples, upon detection of a replication message, the SMS reads the message, identifies the secret, and performs an action involving the secret. For instance, a secret identified within the replication message is accessed from the current region, and the secret is re-encrypted using a customer specified KMS key using customer credentials. The secret is then packaged into a secret replication message. An SRS in the replicated region reads this new secret replication message, accesses the secret that was replicated, and saves the secret in the replicated region.

Abstract: A system and a method of providing security to an in-vehicle network are provided. The method efficiently operates multiple detection techniques to maintain robustness against malicious message detection while increasing overall detection efficiency.

Abstract: Systems and methods for implementing multi-factor system-to-system authentication using secure execution environments. An example method comprises: determining, by a first computing system, using a secure execution environment, a measure of one or more computing processes running on the first computing system; presenting, to a second computing system, a first authentication factor derived from the measure; computing, using the secure execution environment, a second authentication factor derived from at least one of: one or more first data items received from the second computing system, one or more confidential second data items received from one or more third computing systems, or one or more public data items received from one or more fourth computing systems; and presenting the second authentication factor to the second computing system.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that provide for an improved, more efficient, and more stable system of networked computing devices. The embodiments disclose an apparatus and system that enable client devices to selectively grant to third party applications permissions to access group-based communication objects of a group-based communication system. The apparatus and system further enable client devices to selectively grant to third party applications permissions to take specific actions with regards to the group-based communication objects within the system. To accomplish the improvements, the disclosed systems, apparatuses, and computing devices maintain a record of the permissions granted to third party applications in a permissions table stored in a computer storage device.

Abstract: Verification system and methods are provided for allowing database server responses to be verified. A proxy device may maintain a data structure (e.g., a Merkle B+-tree) within a secure memory space (e.g., an Intel SGX enclave) associated with a protected application. In some embodiments, the data structure may comprise hashed values representing hashed versions of the data managed by the database server. The proxy may intercept client requests submitted from a client device and forward such requests to the database server. Responses from the database server may be verified using the data structure (e.g., the hashes contained in the Merkle B+-tree). If the data is verified by the proxy device, the response may be transmitted to the client device.

Abstract: A communication device management device includes: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: detect a change in possibility/impossibility of communication with a communication device, based on a response from the communication device to a confirmation signal to be transmitted at every predetermined time; and perform, when a restriction is imposed on a predetermined function of the communication device in which the communication possibility/impossibility is changed from impossible to possible, the restriction after canceling the restriction of the communication device, and perform, when the restriction of the communication device is not imposed, the restriction of the communication device.

Abstract: A method, non-transitory computer readable medium and device that assists with managing L7 network classification includes receiving a request to access a service by a mobile computing device. Next, application layer network traffic from the requesting mobile computing device is classified based on mobile data associated with the requesting mobile computing device. One or more actions are performed based on the classification.