Abstract: One embodiment provides a system and method for facilitating a dynamic policy engine with recursive key selection. During operation, the system can receive, at a network device, a user request to create a policy table, the user request including multiple groups of policy fields and specifying an amount of hardware resource for the policy table. The system can in response to determining that an amount of unallocated hardware resource is less than the amount of hardware resource specified in the user request, free a portion of allocated hardware resources and allocate the specified amount of hardware resource for the policy table. The system can identify, based on the user request, an optimized matching policy template that accommodates the multiple groups of policy fields. The system can then configure, based on the optimized matching policy template, one or more hardware template registers; and create the policy table.

Abstract: This invention is directed to a computerized system for encryption and transmission of digital information comprising: an encryption server in communications with a sender computer device and a recipient computer device; and, a set of encryption server computer readable instructions included on the encryption server that, when executed by a processor, preform the steps of: receiving an original information set from the sender computer device, generating a sender key, encrypting a portion of the original information set with the sender key, generating an key pair having a public and private key pair, encrypting the sender key with the public key of the key pair, encrypting the private key of the key pair with a master key, generating a hyperlink to the encrypted portion of the original information set, transmitting the hyperlink to the recipient computer device.

Abstract: As described herein, a system, method, and computer program are provided for orchestrating loosely coupled services. A plurality of services are registered, wherein a first service of the plurality of services is a consumer of a second service of the plurality of services. A status of each service of the plurality of services is monitored. Operation of the plurality of services is orchestrated, based on the status of each service of the plurality of services, including at least notifying the first service of a status of the second service for affecting operation of the first service.

Abstract: The present invention relates generally to the provision of targeted advertisements in media. Systems and methods are described which facilitate addressable and non-addressable distribution of assets across a plurality of distribution networks and platforms. In this regard, an advertiser may be able to place a single order for advertising through a media distribution platform that allocates and distributes the asset via multiple channels such as internet streaming, websites (e.g., banners, pop-ups, overlays, etc.), cable, satellite, etc.

Abstract: A system and method for optimized generation of a single page application for multi-page applications is provided. A shell application is fetched for hosting a user interface (UI) associated with one or more child applications. The shell application is associated with multiple pre-defined frames. The shell application maintains a bi-directional communication with the child application until the UI associated with the child application remains hosted in the shell application. Further, UI extensions associated with the UI of the child applications are fetched. The UI extensions are in the form of one or more pre-defined UI visualization formats. Each of the fetched UI extensions are discrete UI extensions functioning independently of the other. Lastly, the UI extensions are deployed in the pre-defined frames associated with the shell application to generate a single page application.

Abstract: The present technology relates to an information processing device, an information processing method, a transmitter, a transmission method, a receiver, and a reception method which can provide setting information necessary for each receiver. An information processing device of one aspect of the present technology holds non-common setting information that is not common setting information among setting information used in transmitters for setting for transmitting information in association with identification information of the respective transmitters. In addition, the information processing device transmits, to a receiver that has received identification information transmitted from a predetermined transmitter using common setting information that is setting information common in the plurality of transmitters, the non-common setting information associated with the identification information received by the receiver.

Abstract: A system for providing a second screen experience to an end user is disclosed. The system may include a first media device including one or more processors configured to receive a broadcast signal encoded with steganographic metadata, extract a payload from the steganographic metadata, and transmit a steganographic metadata signal, the steganographic metadata signal including the extracted payload. The system may further include a second media device including one or more processors configured to receive the steganographic metadata signal from the first media device, determine one or more data identifiers within the received steganographic metadata signal, and execute one or more actions based on the one or more data identifiers.

Abstract: A Service Routing Agent and methods are disclosed that classify and route data service requests. One embodiment includes a control circuit and at least one orchestrator, processor, and service handler circuit. The control circuit performs a process to: receive a configuration of at least one service handler circuit, initialize a list of service handler circuits and associated applications, program the at least one processor to listen for data service requests associated with the application, receive a data service request, and determine whether a service handler circuit associated with the application has been activated; when the service handler circuit has been activated, forwards the data service request to the service handler circuit, and when the service handler circuit has not been activated, request that the service handler circuit be activated, and then forwards the data service request to the service handler circuit. The Service Routing Agent reports updated traffic statistics.

Abstract: A communication control device, includes a memory; and a processor coupled to the memory and the processor configured to: store, in the memory, instructions of standby processing in a specific processing order, when a network coupling is being established to perform communication, acquire a specific instructions, update, in the memory, the instructions of standby processing based on a type of the specific instructions, a type of the instructions of standby processing and a relationship specified by order in which the specific instructions are acquired, and after an establishment of the network coupling is completed, perform the instructions of standby processing in a specific processing order.

Abstract: A system and method for interactivity testing of text-based customer communications which allows for interactivity testing of different forms of text-based communications with a contact center including two-factor authentication testing, multi-modal communication testing, and load testing.

Abstract: An information processor includes: a user information acquiring unit acquiring user information for identifying a user; a display; a viewing time measuring unit measuring a viewing time during which a previously-registered user views contents information on the display; and a controller. The controller determines whether the user is the registered user, based on the user information and registered user information for identifying the registered user. When the user is the registered user, the controller causes the display to display the contents information, causes the viewing time measuring unit to measure the viewing time, compares a cumulative viewing time that is a total of the viewing times cumulated within a period of time with a viewing limit time that is a previously-set upper limit of the cumulative viewing time, and gives the registered user a warning when the cumulative viewing time is equal to or longer than the viewing limit time.

Abstract: User interface elements relating to fitness may be shared between user devices. These user interface elements may be updated based at least in part on activity data of users associated with the user devices. Once a sharing relationship between at least two users has been established, updates corresponding to user interface elements may be shared between the users via their respective user devices.

Abstract: An approach for publishing posts on a social network through one or more user accounts with different levels of attribution is disclosed. A secure user account publishes a post through a programmatically linked buffer user account. The secure user account and the buffer user account are programmatically linked. Posts published via the buffer user account can be modified to add attribution image data or other visual indicators of the original post creator.

Abstract: An apparatus to facilitate memory map security in a system on chip (SOC), is disclosed. The apparatus includes a micro controller to receive a request to grant a host device an access to a memory device and perform an alias checking process to verify accuracy of a memory map of the memory device.

Abstract: Distributing a configuration to a first terminal, including establishing, on initiative of the first terminal, a connection between the first terminal and a server, which is configured to redirect connection requests received by the server on a communication port to the first terminal. The communication port is derived from an identifier of the first terminal received in a message establishing the connection. When the identifier of the terminal is associated with a plurality of terminals, the method includes generating and storing control data in association with the identifier of the terminal, transmitting, via the connection, a control message to the first terminal, which includes the control data, receiving, from a second terminal, a confirmation message including the control data and an identifier of the second terminal, and when the second terminal is a trusted terminal, and transmitting customized parameters to the first terminal to access the server.

Abstract: A system for integrating wireless service providers' core networks with Wi-Fi radios using a Wireless Services Gateway (WSG). The WSG can allow wireless device users to seamlessly connect to a network such as the internet using both cellular phone antennae as well as Wi-Fi radio antennae while still utilizing their preferred wireless service provider's core network system of billing, authenticating and policy decision making. This system can allow for data transmission of wireless devices through Wi-Fi instead of through cellular antennae, thus increasing bandwidth and data transmission rates.

Abstract: A medical treatment machine, such as a dialysis machine (e.g., a home dialysis machine, such as a home hemodialysis machine or a home peritoneal dialysis machine) can receive a digital prescription file that defines parameters of a medical treatment to be administered to a patient. The digital prescription file can be prepared and delivered in such a way that the medical treatment machine can confirm that the issuer (e.g., provider) of the digital prescription file is an authorized issuer without having any a priori knowledge of the particular issuer. The digital prescription file can be delivered irrespective of the inherent security (or lack thereof) of the transmission medium in a tamper-evident format using minimal resources necessary to verify the validity of the digital prescription file and its issuer. The digital prescription file may be delivered to the dialysis machine using a network cloud-based connected health system.

Abstract: Some embodiments relate to a selection method enabling a first user of an IP network to select one client device from a plurality of client devices of a second user connected to the IP network. The method comprises the client device of the first user sending a request to the second user the request being of a dedicated type or having a header containing a dedicated indicator. At least one of the client devices of the second user that has received the request responds to the first user message via a request indicating the technical capabilities of the client device of the second user and requests the client device of the first user to supply the technical capabilities of that client device of the first user. The method may have applications to IMS networks.

Abstract: A method and apparatus is disclosed for transferring digital content from a computing cloud to a computing device and generating recommendations for the user of the computing device.

Abstract: A game apparatus for selectively providing motivation to specific users to continue playing a game, which may include a log information retrieval unit that retrieves log information associated with user identification information related to a plurality of registered users, a game processing unit that starts playing a game and progresses the game based on operation information by the registered users, an index value calculation unit that calculates, for each of the registered users, an index value indicating a possibility that the registered users will not perform a predetermined action within a predetermined period based on the log information retrieved by the log information retrieval unit, and a privilege granting unit that grants a predetermined privilege providing an advantage in the game to a specific user of the plurality of registered users based on the index value calculated by the index value calculation unit for each of the registered users.

Abstract: Techniques for natural language processing based on user context include identifying a context of a user and responsive to receiving a request from the user intended for processing by a natural language processing (NLP) model, accounting for the context of the user in relation to the request. A result from the NLP model having accounted for the context of the user is provided.

Abstract: A communication platform exchanges digital data within a value added chain by at least one order. Each individual order corresponds to a collaborative process and has an order structure. The collaborative process and order structure digital data are usable in communication platform modules. The communication platform also has an order structure module configuring at least one such order structure and allocating to one or more user groups for each order structure authorization to generate and/or accept such order; a client module generating, providing or releasing at least one such order, or allocating at least one user group ID to the order(s); a contractor module confirming, declining, or accepting such order and adapting the order status information; and a generic application programming interface connecting the communication platform modules such that order structure digital data is usable in all modules, and any order structure orders can be interconnected.

Abstract: In general, embodiments of the technology relate to a method and system for implementing a dynamic content type (DCT) in a content management system. More specifically, embodiments of the technology relate to using a DCT in order to change and/or extend the functionality of the content management system.

Abstract: Systems, methods, and software can be used for establishing a tunneling connection over restrictive networks. One example of a method includes selecting, at an endpoint, at least one protocol to be used to establish a tunneling connection between the endpoint and a server. The at least one protocol is one of transmission control protocol (TCP) or user datagram protocol (UDP). The method further includes transmitting data between the endpoint and the server over the tunneling connection by using the selected at least one protocol.

Abstract: A system and method for providing a secure image load. The system includes a microcontroller. The microcontroller has a plurality of physically modifiable internal components (PMIC). Each of the plurality of PMICs can only be modified one time. The system further includes an image loader configured to load a boot image from the memory of the microcontroller, and a checksum calculator configured to calculate a checksum value for the boot image. The system further includes a checksum burner configured to modify the plurality of PMICs to create a binary representation of the checksum value for the image. A checksum value is calculated for the image. This checksum value is written to the microcontroller. The value is burned into the microcontroller using the PMICs. Further, responses to the checksum mismatch are burned into the microcontroller using the PMICs that are present in the microcontroller.

Abstract: Methods and systems for processing cryptographically secured connections by a gateway, between a client and a server, are performed. Upon receiving TCP and TLS/SSL handshakes associated with a client side connection, from a client (client computer) to the gateway, a probing connection is established. The probing connection completes the handshakes, and based on the completion of the handshakes, the gateway renders a decision, to bypass, block or inspect, the connections between the client and the server, allowing or not allowing data to pass through the connections between the client and the server.

Abstract: A server system can include an internal computer network including at least one client server configured to establish a data transfer connection to an external computer network, and at least one proxy server system positioned between the internal computer network and the external computer network. The proxy server system can include a proxy server positioned between a first firewall and a second firewall, where the first firewall is positioned between the first proxy server and the internal computer network, and the second firewall is positioned between the proxy server and the external computer network. The server system can develop and maintain a proxy server system that includes a whitelist of sites deemed necessary and/or desirable for system operation. The whitelist can be updated as a user works with and uses the system. Such updates can take place continuously in real or near-real time or periodically as frequently as desired.

Abstract: A system includes multiple different types of monitor resources to monitor attributes of communication through a gateway of subscriber domain. The communication system receives identities of communication devices operated in a network of a subscriber domain and, via a first monitor resource, monitors traffic flow associated with the communication devices. A second monitor resource of the communication system monitors latency associated with communications from the gateway resource to the communication devices. A third monitor resource of the communication system monitors spectral energy in upstream and downstream ports of the communication system to determine a health of same. A communication management resource communicates the monitored information to a remote management resource that provides modeling, storage, and/or display of the respective monitor to a user.

Abstract: A method includes acquiring, based on a restaurant ID, menu information indicating dishes provided by a restaurant corresponding to the restaurant ID from a second server related to the restaurant via a network, transmitting identification information stored in an information terminal to a first server, acquiring allergy information related to a user from a first server based on the identification information, generating, based on the menu information and the allergy information, a personalized menu arranged for the user so as to include allergen-free or allergen-controlled dishes according to the allergy information, displaying the personalized menu for accepting an order of a dish in the restaurant, the second operation screen being displayed on a display of the information terminal of the user, and transmitting ordered-dish information representing the dish selected from the personalized menu and a seat ID to the second server.

Abstract: A data management system stores data related to a plurality of users. The data management system initially stores the data in an encrypted format. The data management system automatically periodically re-encrypts the data in accordance with a re-encryption policy. The re-encryption policy includes re-encryption periodicity data defining a periodicity for automatically re-encrypting the data.

Abstract: This disclosure describes techniques for network file sharing. In one example, this disclosure describes systems and techniques for enabling network file sharing by processing server message block protocol messages. In one example, the systems and techniques for processing server message block protocol messages include transport layer processing of server message block protocol messages.

Abstract: The present disclosure provides systems and methods for authenticated control of content delivery. The method includes receiving a request for an item of content from a computing device, the request comprising a security token associated with the computing device and an identifier of a group of domains, identifying the group of domains from the identifier, and retrieving a security key associated with the group of domains. The method further includes decrypting a signature of the security token, identifying an authentication string, determining that the authentication string matches a server authentication string, and identifying characteristics of the security token. The characteristics of the security token include a confidence score. The method further includes comparing the confidence score of the security token to a threshold, determining that the confidence score does not exceed the threshold, and preventing transmission of content to the computing device.

Abstract: Methods and systems for controlled data extraction in a computer network, with: monitoring data from at least one program running on a node of the computer network, determination of at least one data portion from the monitored data, where the data portions are selected upon identification of at least one of: application and server events, code line execution, file access and data calls, moving of the determined at least one data portion to a data sink, analyzing of the data on the data sink to determine at least one segment for modification, and modifying the at least one segment.

Abstract: A permissions management system (PMS) defines the permissions associated with a user and thereby the activities the user can perform with any specific object and/or application or class of objects and/or applications. However, such a PMS requires an administrator to either authorise each permission individually or default permissions to a configuration previously established. The former is time consuming and the latter does not eliminate the former in establishing the roles initially or new roles or custom configurations. According, methods and systems for automating the establishment of permissions and their ongoing maintenance are presented based upon an initial discovery phase of actions performed by either the user or an administrator followed by an automated harmonization phase and a verification phase. This verification phase may employ human interactions or be automated exploiting an artificial intelligence engine.

Abstract: An example method of implementing server-driven notifications to mobile applications is provided. The method includes registering a mobile computing device with a notification server. The notification server is associated with a set of workflow servers that each correspond to one or more respective mobile applications. The method further includes receiving a first message associated with a first workflow server of the set of workflow servers. The first message includes a first payload identifying a first mobile application running on the mobile computing device and a first application-specific event associated with the first mobile application. The first mobile application corresponds to the first workflow server. The method further includes translating the first payload into a first local notification for the first mobile application.

Abstract: The variable domain data access control system and method described herein use the same variable domain to describe a data security model and a variable domain data model, such as a product configuration model. A variable domain is a set of resource data that can be described using a logical relationship data structure. The variable domain utilizes logical relationship expressions, such as a Boolean logic language, to define resource data in terms of parts, rules and/or attributes, and any other property that can be accessed for viewing, manipulation, or other purposes. The data security model represents an access control list (ACL) that includes security attributes as resource data and uses the same data structure and logical relationship expressions as an associated variable domain data model. An application, such as a configuration engine, can be used to create controlled access to the variable domain data model using the data security model.

Abstract: Systems and methods for facilitating an identification of an application that runs on a platform are provided.

Abstract: The technology disclosed herein enables user participation in a communication session using prerecorded messages. In a particular embodiment, a method includes determining a first context of a first prerecorded message from a user. In real-time during a communication session that exchanges user communications between a plurality of participants, the method includes determining a session context of the user communications and determining that the first context corresponds to the session context preceding a first insertion point in the user communications. The method further includes inserting the first prerecorded message into the user communications at the first insertion point.

Abstract: A system including a network interface and a processing circuit is provided. The processing circuit includes one or more processors coupled to non-transitory memory. The processing circuit is structured to receive a request for a multiple custody linkage between user devices. The multiple custody linkage includes a digital connection between the user devices that allows shared access to a resource. The resource includes at least one of a physical object or information. The processing circuit is further structured to perform a validation process based on information in the request for the multiple custody linkage to determine if a violation of a security protocol exists. The security protocol is associated with security of the resource. The processing circuit is further structured to, in response to determining no violation of the security protocol exists, activate the multiple custody linkage between the user devices to allow the shared access to the resource.

Abstract: Systems and methods are provided for sharing authentication information. The systems and methods include retrieving, with a messaging application, a list of applications that are installed on a user device; searching the list of applications to identify a given application within the list of applications that is configured to share authentication information with the messaging application; and in response to identifying the given application within the list of applications, generating for display within a graphical user interface of the messaging application an option to authorize the messaging application to share authentication information with the given application.

Abstract: A patient support apparatus includes a frame, patient support surface, memory having a first key stored therein, a transceiver, and a controller. The transceiver wirelessly communicates with a medical device over a first mesh network using the first key. The controller transmits a request message over the first mesh network to the medical device via the transceiver. The request message includes an identifier identifying the patient support apparatus and a request to join a second mesh network different from the first mesh network. The controller receives a second key input over the first mesh network, uses the second key input to generate a second key, and to use the second key to communicate over the second mesh network. In some instances, the second key input originates from a cloud-based server storing a list of authorized devices for a particular healthcare facility.

Abstract: A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products for selecting a test suite for an API. In one embodiment, a computing entity or apparatus is configured to receive test patterns and heuristics, receive an input API, the input API comprising API specifications, parse the input API to extract the API specifications, and based at least in part on the extracted API specifications and the test patterns and heuristics, select a test suite, wherein the test suite is programmatically generated using a machine learning model and comprises one or more test routines, one or more data values, and one or more expected results.

Abstract: Concepts and technologies are disclosed for an identity vault service. According to one aspect disclosed herein, an identity vault service system can collect self-attested and operator-attested user information. The operator-attested user information can be associated with a user and a mobile telecommunications service provided to the user by a mobile network operator. The system can create a trusted digital identity of the user based upon the self-attested and operator-attested user information. The system can receive an identity access request from a third party. The request can be for access to at least a portion of the trusted digital identity for use by the third party in performance of an act. The system can send a consent request to a user device and can receive a consent response that indicates whether the user permits access to at least the portion of the trusted digital identity of the user.

Abstract: The described technology is generally directed towards an autonomous topology management scheme in a wireless communications network that establishes a hierarchical structure from a peer-to-peer network without assistance from the wireless network. A group of user equipments negotiate with each other to elect a local manager that acts as a base station by which other user equipments of the group can access network resources. Described is an example voting scheme by which the negotiation process elects the local manager for a term.

Abstract: A mechanism that dynamically creates a new access policy for a set of database servers when a policy violation has been identified in a database access response issued by any database in the set. The new access policy is then propagated in real-time and instantiated across the set of database servers so as to inoculate the other database servers and pre-empt any new compromise of information based on the intruder's actions that were found to have produced the policy violation in the first instance. Thus, the approach uses a response policy violation at one database server of a set to trigger generation of a new request access policy that is then instantiated across one or more other database servers. This response policy violation-to-request access policy instantiation occurs in substantially real-time so that the intruder cannot use a prior successful access request to obtain information from other databases using a similar strategy.

Abstract: To facilitate redundancy in a distributed control system architecture used in an industrial automation environment, a user workstation is connected to multiple enterprise access switches. Separate physical connections established between an application server and the enterprise access switches are configured into a single virtual interface for the application server to provide physical media redundancy between the application server and the enterprise access switches. Redundancy switches are connected to the enterprise access switches and to a first LAN and a second LAN, and are assigned unique IP addresses but communicate using a same default gateway IP address to serve as redundant default gateways. The redundancy switches are configured with a redundancy protocol that enables transmission of duplicate data packets over the first LAN and the second LAN.

Abstract: In general, in one aspect, the disclosure describes a Universal Plug and Play (UPnP) Remote Access Server (RAS) to provide a communication channel between UPnP Remote Access Clients (RACs) connected thereto. The UPnP RAS maintains local discovery information for UPnP devices connected to a local network and remote discovery information for remote UPnP devices communicating therewith. The UPnP RAS provides the remote UPnP devices communicating therewith with the local discovery information and the remote discovery information. The remote discovery information is utilized by a first remote UPnP device to discover a second UPnP device and vice versa. After discovery, a first remote UPnP device can communicate with a second UPnP device and vice versa.

Abstract: A computer-implemented method is provided for managing and sharing picture files. In one embodiment of the present invention, the method comprises providing a server platform and providing a datastore on the server platform for maintaining full resolution copies of the files shared between a plurality of sharing clients. A synchronization engine is provided on the server platform and is configured to send real-time updates to a plurality of sharing clients when at least one of the sharing clients updates or changes one of said files. A web interface may also be provided that allows a user to access files in the datastore through the use of a web browser.

Abstract: The secure management of attachments is described. In one example, files are identified for attachment to a message through a secure content application extension. Rather than directly attaching the files to the message, a resource locator or link to the files is generated, and the resource locator is inserted into the message. The message is then forwarded for distribution to client devices based on an addressee list for the message. The distribution of and access to the files is managed separately by a management service. The management service can notify the client devices to retrieve the files based on a file access schedule. At each of the client devices, users can access the files through a secure content file application extension using the resource locator during the file access schedule. Thus, the files are distributed through secure content file applications and not as direct attachments to messages.