Abstract: Provided is a process of determining whether remote direct memory access requests are authorized, including: receiving a request to authorize a remote direct memory access request (RDMA) session between a first computing device and a second computing device; receiving a user credential from the second computing device; receiving a computing-device attribute indicator based on a plurality attributes of the second computing device; accessing access-control criteria corresponding to the received request in an access-control policy repository; and determining based on the accessed access-control criteria, the computing-device attribute indicator, and the user credential, to authorize the requested RDMA session.

Abstract: Systems and methods for replicating data from a production server to a backup server include recording at least one operation on one or more data items stored in a volume of a production server. The operation may be recorded as at least one journal event in a memory. A determination may then be made regarding whether a system malfunction incident has occurred in the production server and if so, a first set of journal events may be transferred from the memory to an auxiliary storage at a first time instant. At a second time instant, a second set of journal events recorded in the memory between the first and second time instants may be transferred to the auxiliary storage. At one journal event stored in the auxiliary storage unit may then be sent for replication to a backup server.

Abstract: Methods and systems for monitoring containerized applications are disclosed herein. In one aspect, a containerized application that includes application program instructions and application runtime environment components is installed within an application server. An application manager determines an operational configuration of the containerized application within the application server. The application manager determines a monitor container image based, at least in part, on the determined operational configuration and an application container image of the containerized application. The application manager installs the monitor container image as a containerized monitor application that includes monitor program instructions and monitor runtime environment components that operate as a distinct execution unit managed by the same virtualization engine and the operating system kernel that manage runtime processes of the containerized application.

Abstract: Objects in a website of a dark web, which is accessible over an anonymous network, are searched for information associated with an entity. A threat level is determined based, at least in part, on, and a transaction initiated in a system associated with the entity is detected. The transaction is determined to be associated with an elevated degree of risk based, at least in part, on the threat level. Modifying an authentication requirement for the transaction is based, at least in part, on the elevated degree of risk.

Abstract: A packet is received at a first component of a system including a plurality of components, where one or more of the plurality of components are each hosted on a respective one of a plurality of software containers. The packet is processed to determine context information for the packet and a first destination for the packet is determined based on the context information, where the first destination includes a second one of the plurality of components, and the second component is hosted on a first one of the plurality of software containers. A routing table is appended to the packet and a record of the routing table is populated to indicate routing to the second component. The packet is sent with the routing table to the second component.

Abstract: Aspects of an application program's execution which might be subject to non-determinism are performed in a deterministic manner while the application program's execution is being recorded in a virtual machine environment so that the application program's behavior, when played back in that virtual machine environment, will duplicate the behavior that the application program exhibited when originally executed and recorded. Techniques disclosed herein take advantage of the recognition that only minimal data needs to be recorded in relation to the execution of deterministic operations, which actually can be repeated “verbatim” during replay, and that more highly detailed data should be recorded only in relation to non-deterministic operations, so that those non-deterministic operations can be deterministically simulated (rather than attempting to re-execute those operations under circumstances where the outcome of the re-execution might differ) based on the detailed data during replay.

Abstract: Provided is a process of validating data to be stored in a graph database, the process including: obtaining a first node to be stored in a graph database, the first node having a relationship to a second node corresponding to an edge; obtaining a node type of the first node having a respective node-type schema; forming a polymorphic schema, based on the node-type schema, specifying criteria to qualify as a valid instance of the node type; validating the first node with the polymorphic schema; and in response to validating the first node, storing the first node and the edge in the graph database.

Abstract: An embodiment includes initiating a first migration of data rows in a source dataset in a source storage device to a target dataset in a target storage device, wherein a block size defined for the target dataset is different than a block size defined for the source dataset. The embodiment also includes, during the first migration, receiving a user request for access to a first data row in the source dataset, determining that the first data row was migrated to a first target block in the target dataset, loading the first target block from the target dataset into a first buffer in memory, and responding to the user request using the first data row in the first target block. In specific embodiments a device type that defines the source storage device is different than a device type that defines the target storage device.

Abstract: A network device associated with a database management system receives information associated with a customer support ticket. Based on information in the database management system, a direct relationship between the received customer support ticket and a customer support ticket in the database may be determined. A graph including nodes representing customer support tickets is generated based on information in the database. Edge prediction is performed on the graph to derive relationships among the nodes in the graph. A predictive relationship between customer support tickets is derived. A relationship data set based on the direct relationship between the customer support tickets and based on the predictive relationship between the customer support tickets is generated. The relationship data set associated with the customer support ticket is communicated to the user device.

Abstract: Systems and methods may include receiving, by an expert system, performance data for a monitored system. The systems and methods may include generating a prediction for the monitored system in response to determining that the performance data satisfies a condition. The prediction may identify an anomaly that is predicted to occur. The systems and methods may include receiving, by a filter system, the prediction, information identifying the condition, and user information. The user information may include user preference information and user feedback information. The systems and methods may include determining a filter criteria based on the user information. The filter criteria may be based on the preferences for predictions to be provided to the user and on the historical user feedback regarding the historical predictions. The systems and methods may include providing the prediction to the user in response to determining that the particular prediction satisfies the filter criteria.

Abstract: A restriction request message, including a restriction parameter for a secondary account, is received from a device that is associated with a primary account, via a network node that is outside of a secure authorization network. A replenishment request message, including a password and an account replenishment parameter for the secondary account, is also received via a network node that is outside of the authorization network. Authentication is performed based on the password, and the restriction parameter for the secondary account is identified responsive to receiving the replenishment request message. Responsive to determining that the account replenishment parameter satisfies the restriction parameter, a replacement key is generated and associated with the account replenishment parameter for the secondary account.

Abstract: The invention provides systems and methods for managing mobile devices of supported by different platforms. In some embodiments, the invention provides this management capability by utilizing one or more agents or modules native to the platforms themselves to provide interaction with individual mobile. In some embodiments, the invention provides an abstraction layer by which management tasks or other functions relating to mobile devices of different types may be generally defined and translated for application to mobile devices supported by different platforms. In some embodiments, the invention utilizes existing organizational structure of an enterprise or organization to define management permission for mobile device administrators and end users as well as to define policy configuration schemes for mobile devices. In some embodiments, the invention tracks the lifecycle of mobile devices within an enterprise or organization as assets within the organization.

Abstract: A tool can be designed that identifies differences or gaps in coverage between network management systems without deploying both network management systems (i.e., an already deployed network management system and a comparison network management system). This “certification gap analyzer” can analyze the coverage of the current network management system in comparison with the certification of the comparison network management system and identify gaps in coverage between devices and device components (collectively referred to hereinafter as “managed objects”) certified in the different network management systems. The certification gap analyzer can present a comparison of coverage of managed objects by leveraging naming patterns of managed objects.

Abstract: Provided is a process, including: assigning different instances of a single-tenant application among a plurality of instances of the single-tenant application to different computing sessions with different client computing devices associated with different tenant user accounts; while the plurality of instances of the single-tenant application are executing, determining that a workload of the plurality of instances of the single-tenant application satisfies a first threshold condition; in response to the determination, automatically provisioning an added instance of the single-tenant application; and assigning the added instance of the single-tenant application to a session with a given client computing device.

Abstract: Methods and devices for pre-generating session keys for securing transactions are provided. A plurality of session cryptographic keys are generated from a master cryptographic key and a respective plurality of possible values of a transaction counter. The session cryptographic keys are encrypted to provide a plurality of encrypted session cryptographic keys, which are stored in the user terminal. The master cryptographic key is deleted from the user terminal after the session keys are generated. To secure a transaction, a cryptogram is generated based on one of the encrypted session cryptographic keys and transaction data for the transaction, and the cryptogram is transmitted to a transaction terminal. The transaction counter is updated, and the encrypted session cryptographic key is deleted from the user terminal.

Abstract: According to one embodiment of the disclosure, a method includes receiving, from a first requestor, a request to create a cooperative synthetic identity case for an original identity. The method includes determining whether a cooperative synthetic identity case has already been created for the original identity. The method also includes generating a case identifier that uniquely identifies the cooperative synthetic identity case. The method further includes associating the case identifier with an expiration period. The method also includes storing the cooperative synthetic identity case, the case identifier, and the expiration period to a memory. The method also includes sending the case identifier to the first requestor.

Abstract: Provided is a process including: receiving a request from a first computing device to register another computing device; sending to the first computing device a registration code; receiving the registration code from a second computing device; sending an instruction to the designated application to send a value indicative of access to a cryptographic key; receiving from the designated application the value indicative of access to the cryptographic key; determining, based on the received value, that the received registration code was sent by the designated application and not another untrusted application.

Abstract: An electronic artifact is accessed which includes content of a particular type of media. Text is determined corresponding to the content and natural language processing is performed on the text to identify at least a subset of words in a statement within the text and determine meanings of each word in the subset of words. A context image is generated for the electronic artifact based on the natural language processing, where the context image includes a graph including nodes corresponding to the subset of words and the context image defines relationships between the subset of words.

Abstract: A computer program product according to some embodiments causes a processor to perform operations including disassembling executable code of an application program to provide disassembled code, identifying first wrapping code in the disassembled code, receiving second wrapping code, generating a consolidated application wrapper that manages operation of both the first wrapping code and the second wrapping code, inserting the second wrapping code and the consolidated application wrapper into the disassembled code to form modified disassembled code, and assembling the modified disassembled code to form modified executable code.

Abstract: A client device facilitates user navigation through a plurality of separate, but intercommunicating application programs that make up an integrated solution, to allow the user to perform desired functions or actions associated with those application programs using minimal effort. In particular, the user's navigation between the application programs are monitored as the user navigates the application programs to perform or invoke a desired function. Information related to the navigation to, and invocation of, the desired function is then stored for subsequent use in creating a list of navigational paths for the user. The navigational paths comprise hyperlinks to the desired functions that, when selected by the user, will navigate the user directly to the desired functions. The navigational paths may be ranked according to their frequency of use by the user.