Abstract: A method for heterogeneous execution engines in a network centric process control system. The network centric process control system includes a plurality of nodes and each node includes one or more control service components, a middleware service component, a middleware API subcomponent, an address space subcomponent, and a communication component, where each control service component, middleware service component, and communication component is a separate executable running in a separate operating system process as provided by a real time operating system of each node.

Abstract: Systems and methods of automatically creating and operating a Maintenance End Point (MEP) include, at a slave/reactive network device, receiving an Operations, Administration, and Maintenance (OAM) Protocol Data Unit (PDU) with a destination Media Access Control (MAC) address equal to an interface address of the slave/reactive network device; automatically creating the MEP based on the received OAM PDU and attributes contained in a header of the OAM PDU, wherein the MEP is with a master/active network device; and operating an OAM session with the master/active network device including exchanging Continuity Check Messages (CCMs) with an interval learned from received CCMs from the master/active network device. The systems and methods can further include automatically deleting the MEP responsive to failing to receive any OAM PDUs from the master/active network device during the operating for a predetermined time.

Abstract: A method may include obtaining, from a user device, a first feedback from a first predetermined party regarding a data loss prevention (DLP) event through a graphical user interface (GUI). The method may further include determining whether the DLP event is authorized using the first feedback. The method may further include transmitting, automatically in response to determining that the DLP event is not authorized, a request for a second feedback by a second predetermined party using the GUI. The second predetermined party may be selected for the request automatically according to a routing queue. The method may further include obtaining, in response to transmitting the request for the second feedback, a selection of a security action regarding the DLP event using the GUI. The method may further include transmitting, automatically in response to the selection of the security action, a command that initiates the security action.

Abstract: The present invention reduces the time required for inspecting packets and detecting unauthorized commands. An intrusion prevention device (3) is connected to a communication network (9-1) in which a packet including a command for a device to be controlled is transmitted according to a predetermined rule. An analysis table storage part (34) stores an analysis table comprised of a predetermined number of slots for storing a predetermined number of commands together with time information. An input part (31) extracts the command from the packet detected from the communication network (9-1). A parse part (32) inserts the command into the analysis table. An analysis part (33) analyzes whether or not the plurality of commands stored in the respective slots of the analysis table follow the predetermined rule. A notification part (35) outputs an alarm when an analysis result indicates an abnormality. An output part (36) determines whether to pass or discard the packet according to the analysis result.

Abstract: Disclosed herein are systems and methods for connecting a Domain Name System (DNS) secure resolution protocol. In one aspect, an exemplary method comprises, by a protection module, determining a DNS query from a client, determining a fulfillment of at least one condition for connecting the DNS secure resolution protocol, wherein the at least one condition is obtained from a database, and connecting the DNS secure resolution protocol for the client when the at least one condition for connecting the DNS secure resolution protocol is fulfilled.

Abstract: An approach for publishing posts on a social network through one or more user accounts with different levels of attribution is disclosed. A secure user account publishes a post through a programmatically linked buffer user account. The secure user account and the buffer user account are programmatically linked. Posts published via the buffer user account can be modified to add attribution image data or other visual indicators of the original post creator.

Abstract: A system and method for endpoint selection in a global accelerator system. The global accelerator system includes client devices communicating with a global access point to access various endpoints that can host services. The access points may calculate ranked lists of the plurality of endpoints based on a selection algorithm for the access points and select, for each access point, one of the plurality of endpoints based on the ranked lists before routing the received packets to the selected endpoints by each respective access point.

Abstract: A method comprises collecting device data and connection data corresponding to a plurality of connected devices in a system, and identifying a plurality of network connections between two or more of the plurality of connected devices from the device data and the connection data. In the method, one or more configuration issues across one or more of the plurality of network connections are detected, and a visualization of a topology of the plurality of connected devices in the system is generated. The visualization comprises a depiction of the plurality of connected devices, the plurality of network connections and the one or more configuration issues.

Abstract: A system configured to receive input declaring structure and operation of a web application, including declarations of components of the web application and a declaration of a navigation-mode setting of the web application, and to generate and store, in interrelated tables of a database, a representation of the web application, including references to underlying scripts interpretable to define structure and operation of the components, and including a property record defining the navigation-mode setting. Further, the computing system is configured to receive, from a client device, a request for the web application and to responsively generate based on the stored representation, and output, a data representation defining the structure and operation of the web application, including the navigation-mode setting, for use by the web browser to render the web application including applying the indicated navigation mode.

Abstract: A client-server computer system includes a client-side application executing on a computing device, operative to communicate with a native application executing on the computing device to obtain and store a multi-media content file generated using the native application in a native content file format. A server includes a server-side application operative to communicate with the client-side application, and operative to: create an association between the multi-media content file, a recipient computing device, and a courier tracking number; determine that delivery of a parcel associated with the courier tracking number has occurred; and transmit the multi-media content file in the native content file format to the recipient device in response to determining that delivery of the parcel has occurred.

Abstract: Presented herein are methodologies for implementing application security. A method includes generating an extraction vector based on a plurality of application security rules to be enforced, transmitting the extraction vector to a first agent operating on a first network device and to a second agent operating on a second network device; receiving, separately, from the first agent and from the second agent, first metadata generated by the first agent and second metadata generated by the second agent by the agents applying the extraction vector to network traffic passing, respectively, through the first network device and the second network device. The first metadata includes a transaction ID assigned by the first agent, and the second metadata includes the same transaction ID. The method further includes correlating the first metadata with the second metadata based on the transaction ID to construct a transactional service graph for the network traffic.

Abstract: Systems and methods address automated temporally based configuration management of a procurement/deployment process that may be used at one or more data centers. A set of current configuration attributes and current parameter settings are maintained for a one or more data centers. Information may be obtained from a purchasing system describing a future device. Prior to actual arrival of the future device, the configuration for that future device may be defined. Upon detection of the uniquely identified future device being communicatively coupled to a management network, the previously defined configuration may be applied. Abstraction from a high-level to vendor specific configuration commands may also be incorporated to allow management of devices from multiple vendors.

Abstract: A processor-implemented method for linking identifiers to generate a unique entity identifier for deduplicating high-speed data streams in real time, the method comprising (i) obtaining one or more data streams with an identifier from independently controlled entities, wherein the one or more data streams comprises timestamp data and location indexed data that partially characterizes an activity of an entity, (ii) determining home location or internet protocol address of the entity by analyzing data obtained from the one or more data streams, (iii) clustering entity devices based on an association between an internet protocol address, a real-time event, a period of time or a location, (iv) disambiguating the clusters of entity devices into sub-clusters that resolve to an entity by analyzing data streams until a candidate pair of identifiers is obtained, (v) generating score for the candidate pair using a machine learning classifier to discern the candidate pair of identifiers into to same or different entity,

Abstract: A method performed by a user plane, UP. The method includes determining whether a redirect message should be sent to a user equipment, UE, that has transmitted a first message intended for a first server, wherein the determining comprises: i) receiving a message transmitted by the first server and determining, based on the message, whether a redirect message should be sent to the UE or ii) detecting a timeout with respect to the first server; and, as a result of determining that redirect message should be sent to the UE, sending to the UE the redirect message, wherein the redirect message is configured to cause the UE to send a second message to a second server.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for providing user interface development tools. In one aspect, a method includes receiving, from a client device, network request data that specifies, for each of multiple network requests that were transmitted from the client device to a server during a user session, a requested user interface element and a load time that indicates a duration of time between a time at which the network request was initiated and a time at which the user interface element was loaded in a user interface at the client device. An interactive interface is generated. The interactive interface includes a session replay area that presents playback of visual changes of the one or more user interfaces that occurred during the user session and a network request area that presents a list of network requests that were transmitted during the user session.

Abstract: Techniques are provided for security measures for extended sessions. Request data for a request is received from a client computing device to a web server system. The request comprises a session identifier (ID) for a session between an authenticated user and the web server system. It is determined, based on the request data, that the client computing device is a single-user device. It is determined, based on the request data, that the client computing device is not compromised. In response to determining that the client computing device is a single-user device and that the client computing device is not compromised, extension of the session between the authenticated user on the client computing device and the web server system is caused.

Abstract: A rule for transferring data over a communication network is changed for each communication apparatus without spending time and cost. In a communication system in which a plurality of communication apparatuses are connected to a network, at least one of the plurality of communication apparatuses includes rule storage means for storing a plurality of transfer rules for transferring data over the network, transfer means for transferring data incoming over the network in accordance with one of the plurality of transfer rules, and rule switching means for switching one transfer rule to another transfer rule when the communication apparatus receives a notification from the outside.

Abstract: Systems and methods are provided for assigning client requests to one or more computer-implemented knowledge/database servers. Each server stores data as a directed acyclic graph of datums connected with a single type of relationship. The system includes a plurality of clients coupled to at least one router, wherein each client includes a graphical user interface and a processor configured to analyze inputted data, a plurality of routers configured to assign requests input though the plurality of clients to a plurality servers, at least one logger configured that includes a storage medium and is configured to store the requests, and a plurality of servers configured to perform tasks indicated by the requests.

Abstract: A Method and apparatus for resilient Decoy Routing without conspiring Autonomous Systems by instead using a DHT routing table is described. In one embodiment of the present invention, there would exist a set of Decoy Routing Nodes which would be connected via a DHT's routing table. This would enable decoy routing nodes to not depend on a predefined list. Traditionally, Decoy Routing depends upon either a pre-configured list of computer systems to connect to or is wholly dependent upon BGP to happen to route to friendly Autonomous Systems that understand the true intent of the packet being routed. This method and apparatus solves these problems by providing a means to use a dynamic routing table, provided by a DHT to ensure that a packet can be delivered to computer systems that understand how to do decoy routing. This approach further ensures that the routing table being used is one that is kept up to date automatically as a function of the DHT providing the routing table.

Abstract: In some embodiments, a method inserts, by a first computing device, a first value for a capability in a first message that is used in a process to automatically exchange capability values with a second computing device. The first value for the capability indicates the first computing device requires a default route to reach the second computing device as a next hop for sending a packet to a destination. The first computing device sends the first message to the second computing device; and receives a second value for the capability in a second message from the second computing device. The second value indicating the second computing device will send the default route to reach the second computing device. When the default route is received from the second computing device, the first computing device stores the default route from the second computing device in a route table.