Abstract: Techniques are presented for detecting and remediating security events. One method includes ingesting signals and telemetry from various tools like Software as a Service (SaaS), Endpoint Detection and Response (EDR), Mobile Device Management (MDM), and Secure Access Service Edge (SASE). Live session graphs are created for users, mapping all application token sessions. The system collects data from multiple sources to construct detailed graphs that represent user sessions, application usage, device employment, and third-party application tokens. This helps identify both legitimate and suspicious sessions, reducing false positives and enhancing effectiveness. Session graphs are analyzed to detect security threats, identify suspicious activities, and determine appropriate responses. Further, remediation tools are provided to address security events manually or automatically through established policies.

Abstract: Methods, systems, and computer programs are presented for stitching a meta session with an underlying trail fragmented across multiple distributed sessions. One method includes receiving telemetry signals from entities in a session environment that includes at least one identity of a user engaged with applications via respective meta sessions. An underlying trail for each meta session is determined, where the underlying trail is fragmented across two or more sessions with two or more entities. For a first meta session with a first application for the identity of the user, several operations are performed, including correlating a signal hierarchy based on the telemetry signals; constructing, based on the correlated signal hierarchy, a session hierarchy underlying the first meta session distributed across the one or more entities; determining a posture of the first meta session based on the constructed session hierarchy; and enforcing a security policy based on the determined posture.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: A bearing assembly of a power generation structure including, a rail; and a housing adapted to support the rail; where the housing includes a fixed housing portion attached to a support beam, and an adjustable housing portion attached to rail, where a low friction material is present at an interface between an exterior surface of rail and an interior surface of the adjustable housing portion, where the adjustable housing portion is capable of self-aligning adjustment of at least a portion of the rail out of alignment with a central axis of the support beam.

Abstract: Aspects of the present disclosure are directed to extracting textual information from image documents. In one embodiment, a system, upon receiving a request to extract textual information from an image document, a digital processing system performs character recognition based on content of the image document using multiple approaches to generate corresponding texts. The texts are then combined to determine a result text representing the textual information contained in the image document. The result is then provided as a response to the request.

Abstract: The present disclosure relates to systems and methods for in-transit protocol translation. Specifically, various approaches are described for translating protocols for intermediate networks in a way by which there is no need of support for encapsulation/decapsulation at the end hosts and does not require any changes to end hosts or transit networks. Various embodiments include intercepting traffic between one or more source client devices and a transit network; detecting a first communication protocol used by the one or more source client devices in the traffic; translating the traffic from the first communication protocol to a second communication protocol; and forwarding the traffic to the transit network using the second communication protocol.

Abstract: A method implemented via a cloud-based system for network slicing in a 5G network includes connecting with a device that connects to the 5G network, wherein the cloud-based system includes a plurality of nodes interconnected to one another and including one or more nodes integrated in a user plane of the 5G network; inline monitoring traffic between the device and destinations including any of the Internet, cloud services, private applications, edge compute, Multiaccess Edge Compute (MEC), public/private data centers, and public/private clouds; and enforcing bandwidth control, in the 5G network, to a defined Quality of Service for a slice associated with the device.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion.

Abstract: A bearing assembly of a power generation structure including, a rail; and a housing adapted to support the rail; where the housing includes a fixed housing portion attached to a support beam, and an adjustable housing portion attached to rail, where a low friction material is present at an interface between an exterior surface of rail and an interior surface of the adjustable housing portion, where the adjustable housing portion is capable of self-aligning adjustment of at least a portion of the rail out of alignment with a central axis of the support beam.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The present disclosure relates to systems and methods for cloud-based 5G security network architectures intelligent steering, workload isolation, identity, and secure edge steering. Specifically, various approaches are described to integrate cloud-based security services into Multiaccess Edge Compute servers (MECs). That is, existing cloud-based security services are in line between a UE and the Internet. The present disclosure includes integrating the cloud-based security services and associated cloud-based system within service provider's MECs. In this manner, a cloud-based security service can be integrated with a service provider's 5G network or a 5G network privately operated by the customer. For example, nodes in a cloud-based system can be collocated within a service provider's network, to provide security functions to 5G users or connected by peering from the cloud-based security service into the 5G service provider's regional communications centers.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.

Abstract: A method and system to control a refrigeration unit (104) in response to a cargo load (108) in a refrigerated container includes providing a plurality of sensors disposed within the refrigerated container, providing a cargo load temperature range and a cargo load excursion time limit corresponding to the cargo load, receiving a plurality of temperature readings corresponding to the cargo load via the plurality of sensors, operating the refrigeration unit in a power saving mode in response to the plurality of temperature readings within the cargo load temperature range, and operating the refrigeration unit in a standard mode in response to the plurality of temperature readings outside the cargo load temperature range for longer than the cargo load excursion time limit.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.

Abstract: Systems and methods for checking proper airflow within a container (307) having a refrigeration unit (320) are provided. The system includes one or more sensors (358) located within the container configured to measure at least one airflow characteristic, and a controller (360) in communication with the one or more sensors. The controller is configured to store predetermined information related to airflow within the container, wherein the predetermined information includes minimum airflow criteria related to the at least one airflow characteristic, receive data from the one or more sensors, compare the received data with the predetermined information, and provide an indicator when the comparison indicates that the received data does not meet or exceed the minimum airflow criteria.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.

Abstract: The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to configuring the IDP to use a proxy-URL for forwarding an assertion generated when a user logs into the SP, in place of an assertion consumer service (ACS)-URL of the SP. It also relates to configuring an assertion proxy, at the proxy-URL, to use the SP's ACS-URL for forwarding the assertion to the SP. It further relates to inserting the assertion proxy in between the user's client and an ACS of the SP by forwarding the assertion to the SP's ACS-URL to establish a federated SSO authenticated session through the inserted assertion proxy.