Abstract: A system can receive a request, and identify an attribute-based access control policy comprising a permission policy and a condition policy that is associated with performing an operation with respect to a group of computing resources with a first scope of the operation. The system can determine whether the account satisfies the permission policy for the operation, wherein determining whether the account satisfies the condition policy evaluates to true based on account attributes of the account and resource attributes of the group of computing resources in the first scope of the query operation. The system can, in response to determining that the account satisfies the condition policy, send an indication of the request as constrained by the first scope and a second scope that is based on the condition policy to a service, the service performing the operation to produce a result, and responding to the request with the result.

Abstract: Systems and methods for storage system attack detection and response are described. In an illustrative, non-limiting embodiment, a method may include: obtaining a plurality of count features corresponding to a respective plurality of time points, where the count features include a plurality of count values for data blocks of a storage object; determining, for a first time point, a plurality of corresponding correlation coefficients between a first count feature for the first time point and other count features for other time points; determining a score for the first time point based, at least in part, on the plurality of corresponding correlation coefficients; determining that the score is less than a predetermined threshold; determining, based on the score being less than the predetermined threshold, that the storage object corresponding to the first time point is under an attack; and providing information responsive to the attack to a third party.

Abstract: The disclosure herein describes training a document recommendation model using loss data generated from a linear score difference vector. A training data entry is provided including a query and a set of candidate documents. A document recommendation model generates a set of document prediction scores indicative of a likelihood that the candidate documents are responses to the query and a pairwise score difference matrix is generated using the set of document prediction scores. The pairwise score difference matrix is transformed into a score difference vector using a correct document vector that indicates a correct document among the set of candidate documents. Loss data of the document recommendation model is generated using the score difference vector and the document recommendation model is adjusted using the calculated loss data. Training the document recommendation model based on the linear score difference vector reduces resource usage when compared to training with a difference matrix.

Abstract: Systems and methods for factory management of secured component verification in an Information Handling System (IHS) are described. In an embodiment, an IHS may include: a host processor; a security processor coupled to the host processor; and a memory coupled to the security processor, the memory having program instructions stored thereon that, upon execution by the host processor, cause the security processor to: obtain system information associated with the IHS from the security processor, sign the system information into a Secured Component Verification (SCV) certificate, issue the SCV to a cloud-based verification server. The verification server compares the system information with a stored golden copy of the system information, determines whether the comparison matches, and generates control information based upon the comparison. The host processor receives the control information from the cloud-based verification server, and controls the operation of the IHS based on the control information.

Abstract: Systems and methods are providing for associating portions of data from a first data file to a second data file. The association may be used to generate machine learning libraries or for other purposes. Exemplary embodiments may include a first data file of a text extraction of a dialog between a clinician and a patient and the second data file are clinical notes obtained from the exchange between the clinician and the patient.

Abstract: A method is used for bitmap-based synchronous replication in a data protection system. The method includes, upon re-establishing communication with a first storage node, requesting, by a second storage node, a first bitmap from the first storage node. The method includes determining, by the second storage node, a set of data blocks to change on the first storage node based on the first bitmap and a second bitmap on the second storage node. The method also includes sending, by the second storage node to the first storage node, the set of data blocks.

Abstract: A method comprising: allocating a first memory pool and a second memory pool, the first memory pool being allocated to a first application, and the second memory pool being allocated to a second application; receiving a first request for additional memory, the first request being submitted by the second application; assigning a portion of the first memory pool to the second application, the portion of the first memory pool including a set of memory chunks that are part of the first memory pool, the assigning of the portion including updating a first data structure portion to associate the second application with set of memory chunks; and notifying the second application that the portion of the first memory pool has been assigned to the second application.

Abstract: A method is used for bitmap-based synchronous replication in a data protection system. The method includes, upon re-establishing communication with a first storage node, requesting, by a second storage node, a first bitmap from the first storage node. The method includes determining, by the second storage node, a set of data blocks to change on the first storage node based on the first bitmap and a second bitmap on the second storage node. The method also includes sending, by the second storage node to the first storage node, the set of data blocks.

Abstract: A method comprising: allocating a first memory pool and a second memory pool, the first memory pool being allocated to a first application, and the second memory pool being allocated to a second application; receiving a first request for additional memory, the first request being submitted by the second application; assigning a portion of the first memory pool to the second application, the portion of the first memory pool including a set of memory chunks that are part of the first memory pool, the assigning of the portion including updating a first data structure portion to associate the second application with set of memory chunks; and notifying the second application that the portion of the first memory pool has been assigned to the second application.

Abstract: Described are techniques for processing event occurrence. A first notification may be received regarding a first occurrence of a first event. Responsive to receiving the first notification, first processing may be performed that includes mapping the first event to a first profile, and performing second processing using the first profile to collect first data regarding the first occurrence of the first event.

Abstract: A storage virtualization environment is provided that includes a system for dynamically updating a virtual volume in associated with a host system. The system may include a set of storage devices, each of which includes physical block addresses that store data associated with the virtual volume and a network switch system connecting the host system and the set of storage devices. In one embodiment, the network switch system includes a set of storage processors each maintaining virtual volume objects including at least one of (i) first tier objects reflecting a relationship between the physical block addresses and one or more logical partitions of virtual volume data, and (ii) second tier objects reflecting a logical configuration of the virtual volume. Further, the network switch system uses the virtual volume objects to dynamically update the virtual volume during runtime of the network switch system.

Abstract: A method, which may be implemented by an apparatus and/or computer program(s), for a data relay server comprises receiving a request to relay data for a videoconference between a videoconference server protected by a firewall and N videoconference clients not protected by the firewall, wherein N?1; creating a connection pool in response to the request to relay the data for the videoconference comprising accepting a plurality of first connections from the videoconference server; accepting a plurality of second connections from each of the N videoconference clients after creating the connection pool; associating each of the second connections from each of the N videoconference clients with a different one of the first connections in the connection pool; and relaying the data for the videoconference between the videoconference server and the N videoconference clients over the first and second connections.

Abstract: A firewall protects an Ethernet network from a first larger network, e.g., the Internet. A first server on the Ethernet network stores an encrypted private key, decrypts the private key using a passphrase, and communicates with clients on the first network using the private key. A second server on the Ethernet network determines whether an intrusion has occurred from the first network into the first server and provides the passphrase to the first server only when no intrusion has occurred from the first network into the first server. The invention can be realized in apparatuses, methods, and/or instruction sets.

Abstract: A videoconferencing method having corresponding apparatus and computer programs comprises receiving exchanging audiovisual data for a videoconference with a videoconference server; identifying a physical location of a videoconference client; and either sending an indicator of the location to the server, which obtains physical location video data for the location comprising satellite photographs of the location and sends the data to other videoconference clients, or obtaining the data and sending the data to the server, which sends the data to other videoconference clients in the videoconference.

Abstract: Systems consistent with the present invention perform quiescence of a network storage system in a storage virtualization environment including a virtualization layer that interfaces between a host and at least one storage device, wherein the virtualization layer defines at least one virtual volume comprising objects defining a mapping to data in the at least one storage device and storing information about a state of the at least one storage device in a virtualization database that is distributed across more than one processor in the virtualization layer. A quiescence instruction may be implemented to maintain reliability and scalability of the storage virtualization environment.

Abstract: Methods and systems consistent with the present invention provide distributed storage systems that are scalable, secure, available, and manageable. These storage systems may utilize a single storage switch and allow resource sharing while securely separating customer data. A snapshot capability may be provided to capture a point-in-time image of the stored data and to track changes made to the stored data relative to a point-in-time image.

Abstract: A communication protocol stack for enabling multimedia communication between communicating devices where multiple port communication data is tunneled through a single TCP port is provided. The communication protocol stack includes, at an application level, the capability to identify whether received communication data is for a communication port. If the received communication data is for the communication port, then the communication protocol stack includes the ability to forward identification data regarding the received communication data to a table in advance of forwarding the received communication data to a driver level of the communication protocol stack. A method, computer readable medium, and a system for tunneling port traffic through a single HTTP port are also provided.

Abstract: Methods and systems for tunneling data associated with a packet based multimedia communication standard are provided. The method includes intercepting a library call associated with the multimedia communication standard in a modified TCP/IP stack and registering identification data associated with the library call. A modified Transmission Control Protocol/Internet Protocol (TCP/IP) header is appended over a pre-existing header of a data packet related to the identification data. The method also provides for transmitting the data packet having the TCP/IP header through a firewall. The TCP/IP header includes a TCP SEQ number and a TCP ACK number to provide a stateful connection.

Abstract: A storage virtualization environment is provided that includes a network switch system for initializing a virtual volume in a system including a host system, and storage devices. The network switch system includes storage processors including first and second tier storage processors and a Virtualization Coherency Manager (VCM) for receiving storage connectivity identifying which storage processors are connected to selected ones of the storage devices. Further, the network switch system includes a master storage processor for creating a logical tree based on the storage connectivity information, the logical tree reflecting a virtual volume of data distributed across the storage devices and includes (i) first tier objects representing partitions of the virtual volume data and (ii) second tier objects representing a logical configuration of the virtual volume.

Abstract: A method for call-logging is provided. The method includes monitoring packet headers transmitted from and received by a port associated with a computer device. Next, the port number of the computer device is determined. Subsequently, an identification is made as to whether a communication channel for passing data has been established. If the communication channel has been established and the port number is determined to be associated with an H.323 application then the method moves on to record call start time. When the communication channel is terminated the method proceeds to record the call end time. Thereafter, the call duration is determined by subtracting the call start time from the call end time. After that, a calendar application is invoked and the call duration is logged into the calendar application.