Abstract: Apparatuses, methods, and systems are disclosed for network slice authentication. One apparatus includes a processor that provides an application layer and a non-access stratum (“NAS”) layer and a transceiver for communicating with a mobile communication network. The processor receives, at an application at the application layer, network slice authentication information for a subscribed service and stores the network slice authentication information at an application module. The processor associates the network slice authentication information with single network slice selection assistance information (“S-NSSAI”) and registers the application with the NAS layer, said registration pointing to the associated S-NSSAI. Additionally, the transceiver that exchanges, via the NAS layer, authentication messages with an authentication, authorization, and accounting (“AAA”) server for network slice authentication information.

Abstract: Techniques of dynamic authentication scheme selection in distributed computing systems are disclosed herein. One example technique includes analyzing a received authentication request for an indicator of an authentication scheme that is supported by a computing service submitting the authentication request. The example technique can also include determining whether the authentication scheme associated with the indicator is also supported by the authentication service and in response to determining that the authentication scheme associated with the indicator is also supported by the authentication service, initiating an authentication process with the computing service according to the authentication scheme that is supported by both the computing service and the authentication service. As such, the authentication scheme can be dynamically selected at the authentication service for the received authentication request.

Abstract: A user device may detect a message received via a messaging platform of one or more messaging platforms. The user device may determine that the message is from a second user based on a match between a user identifier associated with the message and a second user identifier corresponding to the messaging platform for the second user. The user device may transmit message data that includes: message content of the message, and information that identifies the messaging platform used to transmit the message. The user device may receive task information that indicates a task type for a task determined from the message content, a task priority for the task, and information that identifies the second user, and information that identifies the messaging platform. The user device may present the task information via a user interface of the cross-platform messaging application executing on the user device.

Abstract: Disclosed are system architectures and techniques for securely embedding private content via dynamically-set security policy. A streaming service stores associations of particular streaming content with security policies that each specify domains allowed to initiate streaming from the streaming service. Requests for the streaming content are received from user-agents. The streaming service identifies respective security policies associated with each of the streaming content indicated by each of the requests and dynamically sets each security policy in a response. The responses are transmitted back to the user-agent where the security policy is enforced. In some instances, the streaming service is an application streaming service that hosts respective applications for different entities for streaming application content, and the security policies specify domains allowed to initiate application streaming from the application streaming service for the corresponding hosted application.

Abstract: Techniques are described for analyzing information network traffic to identify distinct devices connected to a network based on characteristics exhibited by the devices. Techniques may analyze some or all of network characteristics, device behavioral patterns, and/or device characteristics detected in network traffic. One or more of these characteristics, may be assigned to a profile associated with a device. This profile, by establishing one or more patterns of behavior and/or characteristics, may be used as a “fingerprint” to uniquely identify a device connected to a network even for devices that employ randomized identifiers, such as MAC addresses, that would otherwise obscure unique identification of the device. Profiles exhibiting similar patterns of behaviors and/or characteristics may be identified and merged to avoid duplicate identification of a same device.

Abstract: A method including communicating, by a first device in communication with a second device in a mesh network, meshnet data with the second device based at least in part on utilizing a meshnet local port dedicated for communicating the meshnet data; and transmitting, by the first device to a control infrastructure device, a binding request based at least in part on utilizing the meshnet local port, the binding request requesting the control infrastructure to determine a currently allocated public port associated with the first device. Various other aspects are contemplated.

Abstract: Systems and methods authenticate storage devices. In one implementation, a computer-implemented method is provided for authenticating a storage device. According to the method, a manifest that identifies a destination is receive. A transfer station reads a digital signature from the storage device. The digital signature is validated and, based on the validation of the digital signature, a transfer of one or more files from the storage device via the transfer station is authorized to the destination identified in the manifest.

Abstract: Media, methods, and systems are provided for a shim to enable dynamic selection of RTC during virtual events. A virtual event may be created, and an RTC provider may be selected for the virtual event. A connection request to connect to the RTC provider may be received from a client device. Thereafter, connection data may be signaled to the client device. A signaling message may be received from the client device. The signaling message may be intercepted and translated by the shim. The signaling message may then be transmitted to a signaling server for connecting to the RTC provider. Changes of state of the virtual event may be monitored to determine if a new RTC provider should be leveraged.

Abstract: Methods, apparatuses, and computer program products for synchronization of live streams from web-based clients are disclosed. The method may include transmitting, to a plurality of clients broadcasting a plurality of media streams, an instruction to reproduce a synchronization signal. The method may include receiving, via the plurality of media streams, a plurality of recordings of the synchronization signal. The method may include determining one or more delays associated with the plurality of media streams based at least in part on the plurality of recordings of the synchronization signal. The method may include adjusting a timing of one or more of the plurality of media streams to synchronize the plurality of media streams, the adjusting based at least in part on the received plurality of recordings and the determined one or more delays. The method may include re-encoding the plurality of media streams into a combined stream.

Abstract: Some embodiments provide a set of one or more network controllers that communicates with a wide range of devices, ranging from switches to appliances such as firewalls, load balancers, etc. The set of network controllers communicates with such devices to connect them to its managed virtual networks. The set of network controllers can define each virtual network through software switches and/or software appliances. To extend the control beyond software network elements, some embodiments implement a database server on each dedicated hardware. The set of network controllers accesses the database server to send management data. The hardware then translates the management data to connect to a managed virtual network.

Abstract: A method for preventing denial of service attacks which are distributed attacks is applied in a target service provider server, a platform server, and a botnet service provider server. The target service provider server determines a first SDN controller according to an attack protection request, and issues a first flow rule. The target service provider server directs data flow of a network equipment to a first cleaning center and controls the first cleaning center to identify the attacking or malicious element in the data flow according to the first flow rule. The platform server receives the attacking element in the data flow sent by the target service provider server, and regards the same as malicious traffic. The platform server generates an attack report, and sends the attack report to the botnet service provider server to notify the botnet service provider server to clean or filter out the malicious traffic.

Abstract: A client device sends a connection request to a virtual system in a Kubernetes cluster. The connection request identifies the client device and the application to which the request pertains. Based on a tenant associated with the client device, the virtual system connects the client device to an instance of the application. The instance of the application has access to data for the tenant but not for other tenants. Another client device of the tenant sends another connection request to the virtual system for a connection to another application. Because the tenant is the same, the instance of the other application may access the same data as the instance of the first application. In this way, applications for a single tenant may share data while maintaining the security of the data from other tenants.

Abstract: The disclosed technology addresses the need in the art for synchronizing a content library between a content management system and client devices. Each content item in a user's content library is stored on the content management system and a record of each change to the content library is recorded in a content journal. A client device transmits a synchronization request that a portion of the content journal representing unsynchronized changes be processed to update the content library on the client device. The synchronization request includes a content library identifier and a content journal number identifying the content entry in the content journal last processed by the client device. Synchronization commands are sent based on the content entries not processed by the client device. Updated synchronization data representing the processed content entries is sent to the client device after synchronization is completed.

Abstract: A network endpoint receiver controls packet flow from a transmitter. Packets are received via a network in packet traffic according to a push mode, where the transmitter controls pacing of transmitting the packets. Characteristics related to the packet traffic are monitored at the receiver. The monitored characteristics are compared to reception performance parameters, and based on the comparison, a decision is made to switch from the push mode to a pull mode for controlling the packet flow. The receiver transmits a pull mode request packet to the transmitter, where the pull mode request packet indicates a pacing of subsequent packets transmitted by the transmitter to the receiver in accordance with the pull mode. Pacing of further transmitted packets may be controlled by subsequent pull mode request packets sent over time to the transmitter by the receiver. Similarly, the receiver may control additional transmitters to transmit at equal or different rates.

Abstract: Methods, apparatus and articles of manufacture to provide client extensibility during provisioning of a composite blueprint are disclosed. An example virtual appliance in a cloud computing environment includes an orchestrator to facilitate provisioning of a virtual computing resource based on a blueprint, the provisioning associated with an event defined by the blueprint. The example virtual appliance also includes an event broker to maintain a set of subscribers to the event broker, each of the set of subscribers further subscribing to at least one event topic through the event broker, the event broker to trigger a notification of a first subscriber to a first event topic associated with the event when the event broker determines that the first subscriber is a blocking subscriber for the first event topic, the event broker to facilitate modification of the event by a blocking subscriber but not by a non-blocking subscriber.

Abstract: An electronic device, computer program product, and method enable hosting a communication session with customizable roles for participants that provides an adjustable balance of interaction and decorum. A controller configures the electronic device to identify, within an image stream from a next one of two or more second electronic devices that is not currently selected to present to a video communication session, at least one of a speaking movement of a mouth of a non-presenting participant or a gesture by the non-presenting participant to provide an audio input via the next second electronic device. In response to the identified speaking movement or the gesture, a host user interface of the electronic device presents an alert and enables host toggling of a selected one of the electronic device and the two or more second electronic devices to present a corresponding audio and video stream to the video communication session.

Abstract: Techniques are described for generating a specification of security-relevant behavior associated with web services of a cloud provider network. Source code or software development artifacts associated with an implementation of a web service is obtained, where the source code of software development artifacts include an implementation of a request handler for an action of the service. The request handler includes a request authorization component, e.g., which may involve interaction with an identity and access management service of the cloud provider network to authenticate and authorize requests and may further rely upon one or more authorization contexts included in the requests received by the request handler. An interprocedural data flow analyzer is used to analyze a model representation of the bytecode to identify and generate specifications of authorization patterns associated with the request handler.

Abstract: An information processing apparatus includes a transfer part that, in a case where an authentication process for connecting to a preset first storage area fails and transfer of a document processed in accordance with a preset process procedure to the first storage area fails, transfers the document to a second storage area, and in a case where the authentication process succeeds after the document is transferred to the second storage area, transfers the document stored in the second storage area to the first storage area.

Abstract: Systems and methods for hinting an encoder are disclosed in which a server monitors for information related to changes in frame rendering, calculates tolerance boundaries, rolling average frame time, and short-term trends in frame time, and uses those calculations to identify a frame time peak. The server then hints a codec (encoder) to modulate the quality settings of frame output in proportion to the size of the frame time peak. In certain embodiments, a renderer records one or more playthroughs in a game environment, sorts a plurality of frames from one or more playthroughs into a plurality of cells on a heatmap, and collects the list of sorted frames. A codec may then encode one or more frames from the list of sorted frames to calculate an average encoded frame size for each cell in the heatmap, and associate each average encoded frame size with a per-cell normalized encoder quality setting.

Abstract: The disclosed embodiments provide a system that automatically updates a customer-support ticket in an online customer-support system. When the customer-support ticket is created or updated, the system applies a set of triggers, which modify the ticket based on business rules, wherein each trigger performs actions that modify the ticket when conditions for parameters associated with the ticket are satisfied. When applying a trigger to the ticket, the system evaluates the conditions for the trigger by evaluating an associated condition graph, which is a directed graph comprised of condition nodes, wherein each condition node specifies conditions on parameters associated with the ticket. During this evaluation, if a valid path through the condition graph is discovered, which comprises a sequence of satisfied condition nodes from the root node to a null node, the system fires the trigger, which involves performing actions associated with the trigger to update the ticket.