Abstract: A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.

Abstract: Techniques for proxy based network access are discussed herein. In some examples, the techniques can be implemented in a network proxy device for Citizens Broadband Radio Service (CBRS). A base station or a domain proxy device may manage or otherwise use CBRS resources by exchanging signaling messages with a Spectrum Access System (SAS). The base station or domain proxy device may transmit signaling messages in a first private network to a network device bridging the first private network and a second private network with limited access to a public network. The network device send proxy message(s) in response to the signaling messages to the SAS and can establish an encrypted session layer or application layer tunnel between the base station and/or domain proxy device. The proxy based network access preserves secure networks while still allowing limited messaging with other public or private networks.

Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.

Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.

Abstract: In a method of mapping a real-world process control environment, a mobile device is registered at a reference location, and 3D positions and orientations of the mobile device are tracked using an inertial measurement unit. A user input indicating that a new node is to be added to a 3D map of the process control environment is detected, and a 3D position of a real-world object relative to the reference location is determined, or caused to be determined, based on a tracked 3D position and orientation of the mobile device. A node database is caused to add the new node to the 3D map of the process control environment, at least by causing the 3D position of the real-world object to be stored in association with the new node.

Abstract: A network device includes a shelf configured to support interface cards on a front side; a control module including a first frame and a printed circuit board disposed to the first frame, wherein the control module is configured to connect on a rear side of the shelf; and a cooling module including a second frame and cooling fans disposed to the second frame, wherein the second frame is configured slidingly connect to the first frame on the rear side of the shelf.

Abstract: A system for securing electronic devices includes a processor, non-transitory machine readable storage medium communicatively coupled to the processor, security applications, and a security controller. The security controller includes computer-executable instructions on the medium that are readable by the processor. The security application is configured to determine a suspicious file from a client using the security applications, identify whether the suspicious file has been encountered by other clients using the security applications, calculate a time range for which the suspicious file has been present on the clients, determine resources accessed by the suspicious file during the time range, and create a visualization of the suspicious file, a relationship between the suspicious file and the clients, the time range, and the resources accessed by the suspicious file during the time range.

Abstract: Systems and methods for a hybrid control and cooling module with an independently removable cooling section for a network device. A control module for a network device includes a frame. A printed circuit board is disposed on the frame. Connectors are configured to operably connect the printed circuit board to mid-plane connectors of a shelf of a network device. A control module mounting system is disposed on the frame and is configured to slidably mount the control module to a shelf of a network device. A cooling module guidance system is disposed on the frame and is configured to slidably mount thereon a cooling module for a network device.

Abstract: Systems and methods for a hybrid control and cooling module with an independently removable cooling section for a network device. A control module for a network device includes a frame. A printed circuit board is disposed on the frame. Connectors are configured to operably connect the printed circuit board to mid-plane connectors of a shelf of a network device. A control module mounting system is disposed on the frame and is configured to slidably mount the control module to a shelf of a network device. A cooling module guidance system is disposed on the frame and is configured to slidably mount thereon a cooling module for a network device.

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.

Abstract: Systems and techniques are provided for detecting rogue base stations and preventing malicious actors from intercepting and stealing data traffic from mobile devices through rogue base stations. Upon connecting to a newly detected base station for a cellular network service, a mobile device attempts to validate the cellular base station with a validation server before any data is transmitted over the new connection. If the mobile device does not receive a confirmation of validity from the validation server, the mobile device would identify the cellular base station as a rogue base station, disconnect from the rogue base station, and search for a valid base station for connection to the cellular network.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: A system includes a processor and a computer-readable medium storing instructions for execution. The instructions include generating a cryptographic pair of user public and private keys for a user. The instructions include registering an identity of the user with an identity provider, transmitting the user public key, and receiving a user certificate from the identity provider. The instructions include signing a trust certificate for a web server, including an address and a public key of the web server, with the user private key. The instructions include, in response to an access request from the user specifying a second web server: obtaining a second trust certificate from the second web server; and establishing a connection with the second web server in response to successful verification of a signature of the second trust certificate using a public key corresponding to a trusted contact of the user.

Abstract: Among other things, this document describes systems, devices, and methods for improving the delivery of resources embedded on a web page. In one embodiment, a content delivery network analyzes markup language documents that clients have requested to embedded resources, such as linked references to images, scripts, fonts, cascading style sheets, or other types of content. This analysis may be conducted on the content server and/or asynchronously, in a dedicated analytical environment, to produce delivery instructions. Where embedded resources have hostnames for which the content delivery network is authoritative, and where certain conditions are met, servers can be instructed to push additional certificates for such hostnames over the primary connection. When embedded resources have hostnames for which the platform is not authoritative, and where certain conditions are met, servers can be instructed to pre-fetch and push such resources with a signature from the authoritative origin.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: Distribution and management of services in virtual environments is described herein. In one or more implementations, a service distribution and management model is implemented in which system services and applications are seamlessly distributed across multiple containers which each implement a different runtime environment. In one or more implementations, a system for distributing access to services in a host operating system of a computing device includes a host operating system configured to implement a host runtime environment, and one or more services implemented by the host operating system. The system further includes a service control manager configured to enable communication between a client stub of a service implemented in a client runtime environment and a service provider of the service that is implemented in a service runtime environment that is separate from the first client runtime environment.

Abstract: Methods, non-transitory computer readable media, and apparatuses for automated processing of hybrid electronic invoice data include identifying at least a first type of charge data from one or more other types of charge data in received hybrid electronic invoice data based on one or more parsing techniques. The first type of charge data is disassembled from the received hybrid electronic invoice data based on the identification. The disassembled first type of charge data is adjudicated based on execution of one of a plurality of sets of adjudication procedures identified to correspond to the disassembled first type of charge data. The received hybrid electronic invoice data is transformed with the adjudicated first type of charge data. The transformed electronic invoice data is provided for additional processing.

Abstract: Automatic sorting and propagating of information relating to electronic documents is presented. With regard to an electronic document, such as an incoming message, an enhanced information management component (EIMC) can analyze the document to identify a file folder associated with a subject to which the document relates. Based on interaction with or tagging of the document in a first user interface (UI) and predefined user preferences, the EIMC can propagate information relating to the subject and/or document to a second UI. The EIMC can archive the document in the identified file folder automatically or in response to as little as one UI control manipulation. The EIMC can analyze audio or video content to facilitate tagging and archiving of such content using the first UI and propagation of information relating to such content and/or related subject to a second UI.

Abstract: In a method of providing virtual enhanced vision to a user of an augmented reality (AR) mobile device, it is determined that a first node associated with a map of a process control environment corresponds to a first real-world object currently within a field of view of a camera of the AR mobile device. A relationship between the first node and one or more other nodes is determined, with the relationship indicating that one or more other objects corresponding to other nodes are at least partially obscured by the first object. At least partially in response to determining the relationship, one or more digital models or images depicting the other object(s) is/are retrieved from memory. A display of the AR mobile device is caused to present the retrieved digital models or images to the user while the first object is in the field of view of the camera.

Abstract: In a method of mapping a real-world process control environment, a mobile device is registered at a reference location, and 3D positions and orientations of the mobile device are tracked using an inertial measurement unit. A user input indicating that a new node is to be added to a 3D map of the process control environment is detected, and a 3D position of a real-world object relative to the reference location is determined, or caused to be determined, based on a tracked 3D position and orientation of the mobile device. A node database is caused to add the new node to the 3D map of the process control environment, at least by causing the 3D position of the real-world object to be stored in association with the new node.