Abstract: Aspects of the subject disclosure may include, for example, obtaining data pertaining to a plurality of user equipment and a plurality of network resources, analyzing the data to identify that a first user equipment included in the plurality of user equipment is a reduced capability device, based on the analyzing, allocating first network resources included in the plurality of network resources to the first user equipment, resulting in a first allocation, and based on the analyzing, allocating second network resources included in the plurality of network resources to a second user equipment included in the plurality of user equipment, resulting in a second allocation. Other embodiments are disclosed.

Abstract: Techniques for managing digital messages to and from a proxy message address are disclosed. A system receives a message directed to a particular destination address. The system replaces any source address included in the message with a proxy address. When the system receives a reply to the message, the reply is directed to the proxy address. The system analyzes message data to identify a target address for the reply message. The system identifies contextual data associated with the reply message. The system transmits the reply message, and the contextual data, to the target address.

Abstract: The present invention relates to the generation of analytics information in a mobile network. To this end, the invention proposes network entities and corresponding methods that support the analytics generation. In particular, the network entities and methods facilitate the gathering of information required for the analytics generation. In particular, a network entity for analytics generation is configured to obtain network slice association (NSA information and/or user plane association (UPA) information from one or more other network entities, wherein the NSA information indicates a relation between an Access Network (AN) property and a Core Network (CN) property, and the UPA information indicates a network entity configured to transmit data traffic to and/or from a user equipment in the network. Further, the network entity is configured to provide analytics information, the analytics information being based on the obtained NSA information and/or UPA information.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for using cryptographic techniques to enhance data security and privacy and increase computational efficiency in selecting digital components are described. In one aspect, a method includes receiving, by an MPC computer of a group of MPC computers configured to perform computations of a secure MPC protocol to select digital components for distribution to client devices, a first secret share of location information indicating a location of a client device. The MPC computer generates, by performing the computations of the secure MPC protocol in collaboration with one or more second computers of the group of MPC computers, a first secret share of a selection result including data identifying a selected digital component that is selected from candidate digital components that are candidates based at least in part on the location of the client device.

Abstract: A device includes one or more processors configured to receive an authentication request from a requestor. The one or more processors are also configured to determine, based on content of the authentication request, an ingress mode of the authentication request. The one or more processors are further configured to select, based on the ingress mode, a particular authentication mode from a plurality of authentication modes. The one or more processors are also configured to generate an authentication token based on the particular authentication mode.

Abstract: Methods and systems for managing operation of a data processing system are disclosed. Hardware resources of the data processing system may issue a command for execution by a channel card of the data processing system. The channel card may be manufactured by a vendor different to a manufacturer of the data processing system. A management controller of the data processing system may identify and screen the command based on vendor software for the channel card (e.g., proprietary software of the vendor). The vendor software may be usable to facilitate use of a non-standard feature of the channel card. When the vendor software indicates that the command implicates use of the non-standard feature, the command may be modified by the management controller. The modified command may be used to initiate execution of the non-standard feature by the channel card to facilitate provisioning of a computer-implemented service.

Abstract: A system of aggregating servers includes a first aggregating server that establishes a session for linking with a first system; a second aggregating server that establishes a session linking with a second system; wherein the first and second aggregating servers replicate mutually structured data provided by the first and/or second system, to provide access to the structured data of the respective systems for the first and second aggregating servers; and coordinate the respective sessions of the system of aggregating servers with the first and/or second system to prevent improper access to the at least first system to be aggregated and/or the at least second system to be aggregated.

Abstract: Methods, storage systems and computer program products implement embodiments of the present invention that include initially defining a set of protective actions. Upon detecting, by a security server on a network, an incident including one or more alerts indicating malicious activity by one or more computing devices on the network, extracting a set of features indicating measurable characteristics of the incident are extracted from the alerts. Based on the alerts, respective counts for the features for the detected incident are computed and based on the features and their respective counts, a score indicating a magnitude of malicious activity for the detected incident is computed. A given feature having a highest impact on the score is identified, and a given protective action is selected based on the score, the identified feature and its respective count. Finally, the selected protective action is initiated with respect to at least some of the devices.

Abstract: A machine learning model is trained using information pertaining to accesses of data items at a software-as-a-service (SaaS) management platform. A first training input is generated. The first training input includes access data identifying multiple data items accessed at the SaaS management platform using a subset of user accounts of multiple user accounts associated with a client organization. A first target output is generated. The first target output identifies for each user account, information identifying a respective job title associated with the client organization. The training data is provided to train the machine learning model on (i) a set of training inputs including the first training input, and (ii) a set of target outputs including the first target output.

Abstract: Techniques for data security transactions using software container machine readable configuration data are described, including receiving at a platform in response to a query, an artifact associated with a software container, parsing the artifact to identify source code of the software container and a supply chain, invoking a scoring engine configured to generate a score associated with a component of the software container and an aggregate score of the software container, the aggregate score being based on a security tool being included with the software container, and generating a report from the platform, the report being associated with the software container and the report including an attestation comprising the score and the aggregate score.

Abstract: A baseline of behavior is received for a set of containers utilized by the Kubernetes manager from a cluster agent. The processes running on the set containers and network traffic generated by the set of containers, to identify anomalous behavior relative to the baseline. Subsequent to the container updates, and responsive to detecting the anomalous behavior exceeds a threshold for a specific container, anomalous data is sent to the cluster agent including an identification and version of the specific container and a description of abnormal behavior. The cluster agent determines a new rule is necessary to define the new behavior and distributes the new rule to the plurality of Kubernetes managers that are affected.

Abstract: A system comprising: at least one training unit for one or more data owners collaborating to the system for storing private data and at least one encrypted model, said training unit being implemented as a trusted execution environment; at least one aggregator unit for each model owner collaborating to the system for storing and executing code of a training algorithm, said aggregator unit being implemented as a trusted execution environment; at least one administration unit for controlling communication and synchronization between the at least one training unit and the at least one aggregator unit, said administration unit being implemented as a trusted execution environment; wherein the communication between the at least one training unit and the at least one aggregator unit is encrypted.

Abstract: A system can generate a risk assessment associated with an identity element used in interactions associated with a user entity. For example, the system can receive historical data related an identity element associated with a user entity, the identity element used in a set of interactions associated with the user entity. The system can generate a binomial distribution of the historical data associated with the identity element. The system can determine, based at least in part on the binomial distribution of the historical data, a risk indicator associated with the identity element. The system can control, based at least in part on the risk indicator associated with the identity element, an interaction involving a target entity and the user entity using the identity element.

Abstract: During operation, a computer system may establish a connection with an electronic device. Then, the computer system may receive, from a port in a firewall, a packet associated with the electronic device, where the packet includes an IP address of the electronic device. Moreover, the computer system may provide, to the port, a response addressed to the IP address. Next, the computer system may receive an acknowledgment associated with the electronic device that indicates that the response was received. Furthermore, the computer system may provide, addressed to the electronic device, a second IP address of a second electronic device and a second port in a second firewall associated with the second electronic device. Additionally, the computer system may provide, addressed to the second electronic device, the IP address of the electronic device and the port in the firewall.

Abstract: A sample file that is associated with malware and a first modification model of a plurality of modification models to alter the sample file are selected. The first modification model generates a modification configuration based on the sample file. The modification configuration identifies a modification to be performed on the sample file. The sample file and the modification configuration are provided to a modification engine to generate a modified sample file. The modification configuration is adjusted based on the first modification model in response to receiving a classification from a classification model that identifies the modified sample file as being free of malware.

Abstract: Invalid data is prevented from being input to a machine-learned information processing device from outside. An information processing device functioning as a firewall for a machine learning server is provided. The information processing device includes an input data check unit and an output data check unit. The input data check unit includes an input data analysis unit and an input data filtering unit. The output data check unit includes an output data analysis unit and an output data filtering unit. The input data analysis unit is configured to analyze input data to be input to the machine learning server. The input data filtering unit is configured to filter out less valid data from the input data. The output data analysis unit is configured to analyze output data outputted from the machine learning server. The output data filtering unit is configured to filter out less valid data from the output data.

Abstract: Techniques for making network path performance measurements by utilizing multi-layer tunneling are described. In a distributed environment that includes one or more nodes configured to inject network traffic (compute nodes) and one or more nodes that are not configured to inject network traffic (router nodes), techniques are disclosed that allow for the measurement of performance metrics across network segments that include at least one router node. In certain implementations, with one or more router nodes configured with a tunnel termination endpoint and/or a locally-relevant label-to-port mapping, performance metrics between router nodes or between router nodes and compute nodes can be measured. Performance metrics that may be measured using the techniques disclosed herein include network latency, packet loss, and jitter. In addition, the techniques may be used for fault isolation.

Abstract: Described herein are systems for providing a digital interactive experience. This includes a host server, a publisher receiving an application stream and a plurality of media streams corresponding to a first plurality of users in a publishing group, each of the media streams comprising at least one selected from the group of an audio stream and a video stream, the publisher sending the plurality of media streams to a subscriber, and the subscriber composing the application stream and at least two of the plurality of media streams into a composite stream and sending the composite stream to the first plurality of users in the publishing group, wherein the composite stream is sent simultaneously as the plurality of media streams is received.

Abstract: Various embodiments provide systems and methods for automating an SD-WAN setup process.

Abstract: Language used by a specific user in a specific context is gathered. The language used by the specific user in the specific context is language gathered from a plurality of previously captured electronic communication sessions. For example, the language of the specific user is captured from previous voice, video, and/or text communication sessions. A machine learning process based on the language gathered from the plurality of previously captured electronic communication sessions is trained. The trained machine learning process is used to determine if the specific user is actually participating in an electronic communication session or if a potential imposter is likely posing as the specific user in the electronic communication session. In response to determining that the potential imposter is likely posing as the specific user in the electronic communication session, an action is taken to secure the electronic communication session.