Abstract: There is disclosed methods, apparatuses and computer program products for an authentication procedure in a unicast device to device communication. In accordance with an embodiment the method comprises receiving from an initiating device a request to establish a unicast device to device communication between the initiating device and a target device; sending from the target device an authentication request to the initiating device for authenticating the initiating device; receiving from the initiating device an authentication response to the authentication request including one or more parameters related to the authentication; providing information of the one or more parameters to the application; examining by an application in the target device whether the one or more parameters can be accepted; and if the examining reveals that at least one of the one or more parameters cannot be accepted, sending an authentication failure message to the initiating device.

Abstract: Devices, system and methods build a mesh virtual private network (VPN) in a hybrid cloud cluster having a private and a public cloud with connected network nodes. Each node has an operating system (OS) to discover nodes of the VPN by determining IP addresses and port addresses of the nodes from data received from discovery agents. An internal discovery agent of each of the nodes determines IP addresses and port addresses of the nodes. A node discovery agent located within a node determines IP addresses and port addresses of other nodes. An external discovery agent located outside the cluster determines IP addresses and port addresses of nodes. A VPN configuration data generator of the OS generates VPN configuration data of the clouds using the IP addresses and port addresses. A VPN builder of the OS builds a configuration of the VPN of the hybrid cluster using the VPN configuration data.

Abstract: The present invention is related to systems and methods that improve the security of computer networks. These systems and methods may be utilized in various applications such as electronic commerce, secure document access, and electronic authentication. The systems and methods include methods for accessing secure accounts without the use of passwords in order to eliminate the need for passwords. In addition, systems and methods further deter automated attacks online using email authentication.

Abstract: Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Abstract: A method including utilizing, by a VPN server, a first exit IP address to transmit a first query to a host device for retrieving data of interest requested by the user device; predicting or determining, by the VPN server, potential overloading of the VPN server; establishing, by the VPN server based on predicting or determining a breach, a secure connection with a secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to enable the secondary server to transmit a second query to request the data of interest based at least in part on utilizing a second exit IP address, different from the first exit IP address is disclosed. Various other aspects are contemplated.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: Randomizations of a web page may be generated in advance and provided to a client. The client may store the randomizations in its cache. Multiple randomizations for the same web page may be provided to the client and stored in the client's cache. When a request for a web page is made, it is determined if the client has any cached randomizations. Randomizations for the probable next web page to be requested by the client may be provided to the client for storage in the cache. For example, the probability that a link will be clicked or a website visited may be determined. Those web pages and websites with higher probabilities may be determined. Randomizations for those web pages are then provided to the client for use.

Abstract: A native application on a client computing device enables secure user authentication via an identity provider (IdP) for accessing services of a web service provider. The native application forwards a redirect request generated by a main gateway of the service provider and including an IdP uniform resource locator (URL) to a system browser of the client computing device. The redirect request directs the system browser to a broker gateway of the service provider that registers an authentication response handler and redirects the system browser to the IdP URL to enable a user of the native client computing device to authenticate. After the broker gateway receives an IdP authentication response from the IdP following authentication by the user, the broker gateway provides the IdP authentication response to the native application for providing back to the main gateway. The main gateway finally processes the authentication response to complete the authentication request.

Abstract: A server node is configured to assume a server role in a particular message exchange with a client node. The server node registers, with a resource directory node, security information (e.g., security capabilities and/or security preferences) of the server node. The server node may also register information about a resource that the server node hosts. The client node determines, from the resource directory node, the security information (e.g., security capabilities and/or security preferences) of the server node. The client node then sets up a secured connection with the server node using the determined security information (e.g., security capabilities and/or security preferences).

Abstract: Systems and methods of reducing remote procedure calls in multimedia content delivery are described. A client device can request and receive digital content for presentation via an application executing on the client device in a sandboxed media environment. A markup interpreter executing on the client device can intercept, prior to receipt by the application executing in the sandboxed media environment, the content item. The markup interpreter can parse the content item to extract an identifier of a script. The markup interpreter can identify the script stored in a local cache on the client device separate from the sandboxed media environment. The markup interpreter can construct a modified content item. The markup interpreter can forward the modified content item to the application executing on the client device in the sandboxed media environment to cause the application to execute the modified content item.

Abstract: A method of allowing secured access for a web browser of a client computer device to local resources wherein a web server hosting a shipping application executes the shipping application in response to web page requests received from the web browser, the method comprising the steps of: requesting directly to a shipping server agent by the web browser a usage of a web service of the shipping server agent for accessing the local resources, requesting directly to the shipping application by the shipping server agent an authorization for the usage of a web service by the web browser, providing an authorization response from the shipping application directly to the shipping server agent regarding the usage of a web service by the web browser, and accessing local resources by the shipping server agent according to the requesting by the web browser.

Abstract: A server receives from a browser executing on a client device an HTTP request. The server transmits a response to the HTTP request to the browser. The response includes code that when executed by the browser, executes a non-HTTP layer 7 protocol client that communicates with a non-HTTP layer 7 protocol service at an external network. The server receives, from the non-HTTP layer 7 protocol client executing in the browser, data related to the non-HTTP layer 7 protocol service. The server proxies the data related to the non-HTTP layer 7 protocol service over a layer 4 tunnel that is interfaced with the non-HTTP layer 7 protocol service. The server logs event data received from the non-HTTP layer 7 protocol client executing in the browser.

Abstract: A method for an electronic device for managing one or more browsing tabs of a browsing sessions is provided. The method receives a request for a browsing tab. The method determines whether to process the request for the browsing tab locally on the electronic device based on one or more parameters associated with at least one of the electronic device or a destination associated with the request. When it is determined to process the request locally, the method performs the browsing tab locally on the electronic device. However, when it is determined not to process the request locally, the method sends the request for the browsing tab to a remote server to perform the browsing tab remotely on the remote server.

Abstract: A system for introducing live content into an electronic mail message comprising at least one dynamic live content area sent through an e-mail service provider system comprises memory and a click manager. The memory includes live content comprising image data and expiration data. The click manager receives an indication of the opening of the message by a recipient, wherein the click manager accesses the memory to retrieve live content and send the retrieved live content for rendering in the dynamic live content area of the e-mail message opened by the one of the plurality of recipients.

Abstract: A wearable camera is to be worn by a user and includes: a capturing unit configured to capture and read a code in which fixed information and variable information of the user are registered; and a processor configured to extract the fixed information and the variable information of the user based on a read result of the capturing unit. The processor is configured to register the extracted fixed information and variable information of the user in a memory, and permit the user to use the wearable camera based on the registration in the memory.

Abstract: A load balancer receives a sequence of requests for computing service and distributes the requests for computing service to a computing node in an ordered list of computing nodes until the computing node reaches its maximum allowable compute capability. Responsive to an indication that the computing node has reached its maximum allowable compute capability, the load balancer distributes subsequent requests for computing service to another computing node in the ordered list. If the computing node is the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to a computing node other than one of the computing nodes in the ordered list of computing nodes. If the computing node is not the last computing node in the ordered list, the load balancer distributes a subsequent request for computing service to another computing node in the ordered list of computing nodes.

Abstract: Disclosed are various approaches for sharing uniform resource locators (URLs) and enforcing browser restrictions along with a shared URL. Browser restrictions can be identified by appending commands to the shared URL that instruct the receiving browser to activate certain browser restrictions. Browser restrictions can also be enforced using a URL restriction validator, which is a server process that can facilitate enforcement of browser restrictions along with a shared URL.

Abstract: A packet sending method includes generating, by a network device, a first packet, and sending the first packet. The first packet includes a first packet header, a second packet header, and protected data. The first packet header includes an indication field. The indication field indicates that the first packet includes the second packet header. The second packet header includes a type field. The type field indicates a first protection protocol. The protected data is protected by using the first protection protocol.

Abstract: Techniques of dynamic authentication scheme selection in distributed computing systems are disclosed herein. One example technique includes analyzing a received authentication request for an indicator of an authentication scheme that is supported by a computing service submitting the authentication request. The example technique can also include determining whether the authentication scheme associated with the indicator is also supported by the authentication service and in response to determining that the authentication scheme associated with the indicator is also supported by the authentication service, initiating an authentication process with the computing service according to the authentication scheme that is supported by both the computing service and the authentication service. As such, the authentication scheme can be dynamically selected at the authentication service for the received authentication request.

Abstract: The method and system may determining whether an authentication function operating on an authentication node on a network has degraded performance such as when the traffic is being partially throttled. In response to determining that the authentication function operating on the authentication node on a network is being partially throttled, a re-direct message may be communicated to at least one edge device on the network that requests of the authentication function on the authentication node be re-directed to a different authentication node.