Abstract: Embodiments of the disclosure include systems and methods for secure storage and/or retrieval of customer secrets by, e.g., a cloud services provider. According to methods, secret data that is to be securely stored may be transmitted, along with an initialization vector, to an encryption service for encryption using a private key stored on in a remote key vault. The encrypted data can be returned and stored, in its encrypted form, in a secure storage along with the initialization vector data. To retrieve the securely stored data, embodiments disclose retrieving the encrypted form of the data and transmitting it, along with its related initialization vector data, to the encryption service for decryption using the private key stored in the remote key vault. The decrypted data can then be made available to a requesting product service.

Abstract: A technique for managing communications over a network maintains multiple network paths simultaneously, exchanging the same data redundantly through the network paths and allowing a receiver to select one of the network paths as its source of data. In the event that a first, currently-selected network path becomes weak, for example, the receiver automatically and seamlessly switches its source of data to a second network path, while the first network path remains operational.

Abstract: Techniques are disclosed for providing messaging participant identity leak prevention. An example methodology implementing the techniques includes, receiving, by a computing device, a message from a sender to a recipient via a software application running on the computing device, the software application having a non-confidential messaging view and a confidential messaging view. The method also includes determining a message type of the message, the message type is one of a non-confidential message or a confidential message, and displaying the message in the confidential messaging view of the software application in response to a determination that the message type indicates a confidential message, the confidential messaging view being distinct from the non-confidential messaging view, wherein messaging participant identity information is obfuscated in the display of the message in the confidential messaging view.

Abstract: Embodiments described include systems and methods for generating and displaying live objects for network applications. Live objects may be created from applications (apps) that are served from and/or hosted on one or more servers, such as web applications and software-as-a-service (SaaS) applications, and shared with one or more recipients. The objects may be loaded or accessed as if they were normal network applications, and the recipients may see the latest or “live” version of content as shown to the live object creator, including user- or device-specific data of the creator, under full access policy control, without requiring access to credentials of the live object creator.

Abstract: Techniques are provided for secure message passing. A sender process has a clear (non-encrypted) text message to pass to a recipient process as an encrypted message. The sender generates a message encryption key (MEK) for encrypting the message and sends the MEK to a first intermediary process, which encrypts the MEK. The sender uses the MEK to encrypt the message and passes both the encrypted message and the encrypted MEK to a second intermediary process. The second intermediary verifies that the sender is authorized to send messages and retains the encrypted message and the encrypted MEK. The second intermediary passes the encrypted message and the encrypted MEK to the recipient, which requests decryption of the encrypted MEK from the first intermediary. The first intermediary then decrypts the MEK and returns it to the recipient. Finally, the recipient decrypts the message using the MEK.

Abstract: The present disclosure is directed generally to systems and methods for providing load balancing as a service. A load balancer executing on a device intermediary to a server and a plurality of clients can receive a request from an agent executing on the server. The request can be to initiate establishment of a transport layer connection. The load balancer can accept the request to establish the transport layer connection with the server. The load balancer can receive a request to access the server from a client of the plurality of clients. The load balancer can forward the request to the server via the transport layer connection established between the load balancer and the server responsive to the request of the server.

Abstract: A client device may, as part of a remote access or cloud-based network environment, access a resource either by using a connection to a gateway or by using a connection that bypasses the gateway. Which connection is used may be based on the network location of the resources provided by the network environment and network location of the client device. For example, if the client device and a resource are located at the same network location or connected to the same local network, the client device may access the resource by using a connection that bypasses the gateway. If the client device and the resource are located at different network locations or are connected to different local networks, the client device may connect to the gateway to access the resource.

Abstract: A technique for securely rendering content downloaded over a network includes parsing a downloaded web page into a DOM (Document Object Model) tree and splitting the DOM tree into multiple DOM instances, where each DOM instance is dedicated to a respective type of web content. The technique processes each DOM instance using a respective render engine, which implements the security policy on the respective type of web content by blocking or altering content, and/or by limiting functionality that may be used in connection with the content.

Abstract: Embodiments of the present disclosure describe a system and method for dynamically duplicating network packets onto a reliable link. Network devices can be connected by a primary link and by a secondary link. As the network quality of the first link degrades, the system can adaptively duplicate network packets onto the second link. As a high priority link, the secondary link can have less total bandwidth when compared to the primary link. Accordingly, all the traffic traversing the primary link may not be able to be duplicated onto the secondary link to preserve network reliability when the quality of the first link degrades. The present solution can effectively manage the bandwidth of the secondary link and set duplication rates that control the duplication of the packets onto the secondary link.

Abstract: Techniques proactively deploy analytics to a computerized edge device. The techniques involve receiving data from the edge device. The data is conveyed through the edge device from a set of sensors disposed at a particular location. The techniques further involve performing analytics on the data to identify a set of edge device rules that defines a set of actions for the edge device to carry out under a set of predefined conditions potentially sensed by the set of sensors. The techniques further involve providing a command to the edge device. The command (i) includes the set of edge device rules and (ii) directs the edge device to, at a future time, start operating according to the set of edge device rules to protect against unsuccessful deployment of the command to the edge device due to subsequent delayed communication between the processing circuitry and the edge device.

Abstract: Described embodiments provide systems and methods for data encryption. A server communicating data with a client can determine a level of data encryption on the data that the server is capable of handling according to resources available to the server. A level of data encryption can include a type of encryption and a strength of the type of data encryption. The server can receive a level of data encryption on the data that the client is capable of handling according to resources available to the client. The server can identify a level of data encryption with which the server and the client agree to proceed, according to the determined level of data encryption and the received level of data encryption. The server, following a predefined interval, can identify an updated level of data encryption with which the server and the client agree to proceed.

Abstract: A computer system and method for providing location-based application access is provided. For example, the computer system includes a processor configured to receive a connection request for access to a distributed workspace, the connection request including location information for a client device. The processor can access metadata for each of a plurality of location-based applications, the metadata including location information for each of the applications defining at least one physical location where each of the applications can be accessed. The processor can compare the location information against the metadata for each of the applications and determine one or more applications that match the location information for the client device. The processor then can organize each of the applications that have associated location information that matches the location information into a listing of available applications and transmit the listing of available applications for display to a user of the client device.

Abstract: Secure shared access to encrypted data in a data store is facilitated by using a data control server (DCS) to maintain a data storage reference table (DSRT) for shared data units present in a shared data pool hosted by least one data storage device, and accessible to a plurality of computing entities. The DSRT specifies for each shared data unit identifier information, location information for accessing the shared data unit in the shared data pool, and a hash value which has been computed for the shared data unit. The DCS selectively facilitates a decryption operation by providing hash values which serves as a basis for deriving a decryption key for decrypting shared data units which have been identified.

Abstract: Methods and systems for content resolution adjustment for passive display devices are described herein. Passive display devices such as a passive magnifying device (e.g., a screen magnifier) or a projector (e.g., a built-in mobile phone projector) are useful in enlarging photos, documents, videos, etc. for view for small-sized small-screen device screens. However, optimal content resolution for the small-screen device screens may not be optimal for the passive display devices. Particularly, when a small-screen device receives content from a remote computing device, the initial content resolution may not be optimal even for the small-screen device screen because of low transmission speed and/or low bandwidth of a connection with an original data source.

Abstract: A computer system may include at least one client computing device configured to run a first Software as a Service (SaaS) application session within a first browser. Further, a server may cooperate with the at least one client computing device to store a series of browser commands executed by the first browser during the first SaaS application session, and run a second SaaS application session within a second browser on the at least one client computing device replicating a state of the first SaaS application session based upon the series of stored browser commands.

Abstract: Methods, systems, and computer-readable media for optimizing web pages using a rendering engine are presented. In some embodiments, a cloud service computing platform may receive, via a communication interface and from a user device, a request for a web page. Subsequently, the cloud service computing platform may retrieve, via the communication interface, and from a server, the web page. Further, the cloud service computing platform may render, using a headless browser, the web page to identify a plurality of content parts associated with the web page. Next, the cloud service computing platform may optimize the plurality of content parts associated with the web page. Additionally, the cloud service computing platform may transmit, via the communication interface and to the user device, the plurality of optimized content parts associated with the web page. Subsequently, the user device may render the plurality of optimized content parts associated with the web page.

Abstract: Described embodiments provide systems and methods for using a call chain to identify dependencies among a plurality of microservices. A device intermediary to a plurality of microservices can receive a first request to access a first microservice. The processing of the first request can cause the first microservice to communicate a second request to a second microservice. A first unique identifier can be generated for the first request to the first microservice and the device can establish a call chain for identifying a plurality of requests to a first microservice through a last microservice of the plurality of microservices accessed responsive to the first request. The device can forward the first request including the call chain to the first microservice and the second request including the call chain to the second microservice. The device can identify, via the call chain, that the first microservice depends on the second microservice.

Abstract: Described embodiments provide deployment of updates to multiple clients. A device may provide, to each client of a first plurality of clients, a software update to be executed at the client. The device can transmit, subsequent to providing the software update, to each of the first plurality of clients, a request to check a status of the client. The device can receive from at least one of the first plurality of clients, a response to the request indicative of operational health of the client subsequent to providing the software update to the client. The device determines an operational health statistic of the first plurality of clients subsequent to providing the software update to the first plurality of clients and provides, to each client of a second plurality of clients, the software update to be executed at each client responsive to determining that the operational health statistic satisfies a predetermined threshold.

Abstract: Systems and methods for obtaining access to a session with a remote cloud service server. The methods comprising: receiving, by a first client computing device, a user unique identifier from a mobile device located in proximity to the first client computing device; and performing facial recognition operations by the first client computing device subsequent to the reception of the user unique identifier. The facial recognition operations comprise: capturing an image of the mobile device's user; and analyzing the image to obtain a user name associated with the facial features represented therein. A determination is made as to whether the user name matches the user unique identifier. If so, a first session with the remote cloud service server is automatically launched.

Abstract: Methods and systems for scrubbing log files using scrubbing engines are described herein. For example, a local scrubbing server may receive a plurality of log messages from an application executing on a cloud server. Then, the local scrubbing server may store the plurality of log messages in an in-memory queue of the cloud server. After, the local scrubbing server may scrub a log message from the in-memory queue based on determining whether the log message satisfies criteria information. Further, the local scrubbing server may transmit, to a central service computing platform, the log message. Subsequently, the central service computing platform may receive, from the local scrubbing server, the log message. Additionally, the central service computing platform may perform a second review of the log message. Then, the central service computing platform may transmit, to a third party logging service, the log message.