Abstract: An asset tracking system has a plurality of anchors. A tag communicates with the anchors as it is moved by a user being tracked by the system, and data based on communication between the tag and at least one of the anchors is transmitted to a server. The server determines a location of the tag based on the data and detects an occurrence of an event based on the location. The server also transmits to each of the anchors a tag alert message having a tag identifier identifying the tag and an event indicator associated with the occurrence of the event. At least one of the anchors transmits the tag identifier and the event indicator to the tag, which issues a warning to the user in response to tag alert message.

Abstract: According to one aspect, a system for locating application-specific data that includes a server, a broker, and an agent. An operator may define a command using the server, and this command may be sent to the broker. The broker may then send the command to the agent operating on an end-point system. The agent may then conduct an application-specific data search on the end-point system in respect of the user command. Search results may then be sent to the broker. The broker may then sent the search results to the server.

Abstract: A chat system implementing AI-based support chat profiles may receive and process one or more user chat inputs from a user terminal. The chat system may select a support chat profile based on the processed user chat input. The chat system may generate one or more AI chat responses based on the processed user chat input and the support chat profile. The chat system may determine a confidence level of each AI chat response. The chat system may generate a support response. In response to the confidence level of the AI chat response being greater than a predetermined level, the support response may be generated to comprise the AI chat response.

Abstract: A mechanism is described for dynamically facilitating tracking of targets and generating and communicating of messages at computing devices according to one embodiment. An apparatus of embodiments, as described herein, includes one or more capturing/sensing components to facilitate seeking of the apparatus, where the apparatus is associated with a user, and recognition/transformation logic to recognize the apparatus. The apparatus may further include command and data analysis logic to analyze a command received at the apparatus from the user, where the command indicates sending a message to the apparatus. The apparatus may further include message generation and preparation logic to generate the message based on the analysis of the command, and communication/compatibility logic to communicate the message.

Abstract: A method, apparatus, system, and computer program product for processing messages. A message is received from a producer by a computer system. The message is sent to a consumer by the computer system. The message is sent to a set of consumers in addition to the consumer by the computer system in response to an adverse condition being present for the consumer after sending the message the consumer. A set of actions is performed in response to the adverse condition being present in the set of consumers receiving the message.

Abstract: Techniques for detecting spam accounts in a system are described. When a system creates a user profile, the system may ingest a blocked communications list. The system may determine how many times each blocked communications number represented in the ingested blocked communications list is included in blocked communications lists of various users of the system. If a blocked communications number represented in the ingested blocked communications list is included in at least a threshold number of other blocked communications lists, the system may mark the communications number as spam at a system level and engage in appropriate mitigation techniques (e.g., throttle the phone numbers activity, disable the phone number's ability to communicate with system devices, etc.).

Abstract: A method for providing a proof-of-work challenge based on hash mining for reducing spam attacks comprising: receiving an email message from a client device; determining a level of trustworthiness of the client device; generating a challenge message based on the determined trustworthiness of the client device; transmitting the challenge message to the client device; receiving a response to the challenge message from the client device; and forwarding the email to one or more recipients when the response to the challenge message is correct.

Abstract: In accordance with an embodiment, a system and method provides a messaging service implementing a unit-of-order guarantee in a multitenant application server environment. The system and method of implementing unit-of-order utilizes an improved path service for routing all messages having a particular unit-of-order to the same member of the cluster. The improved path service allows for scalability of the cluster and reduced resource utilization, thereby improving the performance of a clustered computing system providing the messaging service.

Abstract: Provided are systems, methods, and media for optimized processing of message responses from multiple email recipients. An example method includes receiving, by a message exchange system, an email message from a sender that is to be transmitted to a plurality of recipients. The method includes receiving, by the message exchange system, a number of commitment messages from one or more recipients of the plurality of recipients. The method includes transmitting by the message exchange system, in response to detecting that the number of received commitment messages is equal to a requested number of responses, a first alert to a subset of recipients of the plurality of recipients indicating that the subset of recipients do not need to respond to the email message, in which the subset of recipients are the recipients who did not transmit a commitment message to the message exchange system.

Abstract: A server includes volatile and non-volatile memories for storing messages received from a client device. A message reception module of the server stores a message received from a first client device in the volatile memory for an extended time period based on an indicator included in the message. The message reception module deletes the message from the volatile memory based on detection of a triggering event or stores the message in the non-volatile memory based on not detecting the triggering event before the extended time period has expired. The triggering event may include the message having been read by all specified recipients of the message. The indicator may be included in the message based on a relationship of the message to other messages. The message including the indicator may be related to other messages as part of a same conversation that has been determined to be suitable for short-term storage.

Abstract: A system and method for dynamic email addressing is disclosed. A proprietary mail transfer agent and processors within a proprietary environment including a persona processor enable email users to define email addresses, both in terms of which email addresses are recognized or not, and which email addresses should be organized according to persona. In another aspect, email users choose to be conditionally notified of the arrival of a new message via push notifications. Users choose to receive push notifications only for personas users deem important enough to interrupt current activity. According to an embodiment, push notifications are generated and sent via any current user communication channel.

Abstract: Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed.

Abstract: In one embodiment, a method includes a device receiving a request to create a group messaging thread to include at least three users. The device may determine that at least the first user, who is a minor, and the second user are not directly connected within a social graph. The device may instruct the messaging applications of the users to place the group messaging thread in a pending state. One or more approval requests may be sent to one or more recipients, respectively, for connecting the first user and the second user. When the requests are approved, the device may establish a connection between the first and second users in the social graph. Then, the device may determine that the first user is directly connected to both the second and third users, and instruct the messaging applications of the users to place the group messaging thread in an enabled state.

Abstract: A method for event-based comment grouping for content items is disclosed. The method includes identifying, by a processing device, user comments corresponding to a content item, the user comments comprising playback timestamps having selectable links to access a portion of the content item that is associated with a respective time interval, dividing the content item into a plurality of content item segments that are associated with respective time intervals, grouping the user comments to associate with respective content item segments based on the playback timestamps of the user comments, selecting a content item segment of the content item segments based on interactions with the user comments, and providing a subset of the grouped user comments associated with the selected content item segment for display during playback of the content item.

Abstract: Methods and apparatus for connection redistribution in load-balanced systems that include multiple load balancers each serving multiple nodes. In the connection redistribution method, each node estimates a connection close rate, which may be based on an estimation of the percentage of the overall client traffic received by the respective load balancer that is being handled by the node. The node generates close requests for connections between the respective load balancer and clients according to the connection close rate. The node sends the close requests to its load balancer, which forwards the close requests to the appropriate clients. Upon receiving a close request, a client may close the connection(s) indicated by the request, obtain a public IP address for a load balancer, and initiate new connection(s) to the respective load balancer via the public IP address.

Abstract: Systems, methods, apparatuses, and software that select network addresses of a content node of a content delivery network are provided herein. In one example, a method of operating a control node to perform network address selection that selects between different communication service providers according to network characteristics is presented. The control node receives a domain name lookup request from an end user device to reach a content node. The control node processes network characteristics and the domain name lookup request to select a network address that corresponds to one of the communication service providers. The end user device can use the selected network address to reach the content node over the selected communication service provider.

Abstract: A content delivery method including the operations of receiving a uniform resource locator resolution request at an authoritative name server for a domain where the uniform resource resolution request is received based, at least in part, on a host name of the uniform resource resolution request where the host name is uniquely related to a resource associated with the uniform resource resolution request. The method further including the operation of tracking a popularity of the resource based on the host name uniquely related to the resource and providing a location within a network capable of delivering the resource where the provided location is based on the popularity of the resource.

Abstract: A cloud-based DNS-SD architecture may link together separate LANs to form a virtual discovery zone from a service discovery perspective that includes a cloud based DNS-SD server separate from regular Internet DNS, and asleep node handling, among other things. In an example, a cloud based DNS-SD server is separate from the regular Internet DNS servers. This cloud DNS-SD server may run as a private Infrastructure as a Service (IaaS) specifically for service discovery in the virtual discovery zone.

Abstract: A method that incorporates teachings of the subject disclosure may include, for example, determining at a first directory server of a first regional call processing system whether a new name authority pointer associated with a telephone number is within a first geographic region of the first regional call processing system, transmitting the new name authority pointer to a first name server of the first regional call processing system for provisioning the name authority pointer to the first name server responsive to determining that the telephone number is located within the first geographic region, and transmitting the new name authority pointer to a second directory server for provisioning the new name authority pointer to a second name server of a second regional call processing system responsive to determining that the telephone number is not located within the first geographic region. Other embodiments are disclosed.

Abstract: A domain management system that manages domain names, network addresses, and other aspects of a computing network domain is provided. The domain management system obtains domain data, such as domain name system (“DNS”) records, from any number of network-accessible providers of the domain data, such as DNS servers. The domain management system can store, transform, and synchronize the domain data among the network-accessible providers, even if the network-accessible providers do not all use or recognize the same format and/or content of domain data.

Abstract: Various systems and processes may be used to manage Internet Protocol (IP) addresses that are dynamically assigned. In particular implementations, systems and processes for managing IP addresses that are dynamically assigned may include the ability to determine whether an identifier for a web service has been received from a customer having one or more virtual machines in a service provider network, the web service being accessible by the customer's virtual machines over an external communication network. The systems and processes may also include the ability to determine a number of IP addresses for the web service, identify virtual machines of the customer that are allowed to communicate with the web service, generate one or more IP address lists for the identified virtual machines, and update security tables for the identified virtual machines with the IP address lists at server computers hosting the identified virtual machines.

Abstract: A method is performed by a master network device among network devices of a cluster. The master network device receives cluster configuration information including a set of Internet Protocol (IP) addresses and a pool of port blocks associated with the IP addresses. Each port block includes multiple ports, and the pool of the port blocks is to be shared across and used by the network devices for port address translation on network connections with the network devices. The master network device divides the port blocks in the pool into multiple buckets. The master network device first allocates to each network device in the cluster a corresponding one of the buckets, and reserves each bucket that is not allocated for allocation to a potential new network device. When a new network device joins the cluster, the master network device second allocates to the new network device the port blocks from a corresponding one of the reserved buckets.

Abstract: Systems and methods for creating a new domain, such as a top-level domain or a second-level domain, make use of a Domain Manager that enables a user to enter data that is necessary or optional to implement the creation of a new domain. Systems such as, for example, a Registry and one or more Registrars, may use the data defined by the Domain Manager to create a new domain.

Abstract: Methods of the present inventions allow for generating and providing an enhanced domain name. An exemplary method may comprise providing an enhanced domain to a second party. The enhanced domain may comprise a domain name, a web space automatically enabled and associated with the domain name, and at least one application automatically enabled and associated with the domain name.

Abstract: A management server disposed outside a firewall and supporting connection of communications between a control target device disposed inside the firewall and a cloud server disposed outside the firewall, includes a server-side session establishing portion to, based on a request from a relay device disposed inside the firewall, establish a session with the relay device, a device information acquiring portion to acquire device information about the control target device from the relay device via the established session, and an update determining portion to, in response to reception of a request of connecting to the control target device from the cloud server, determine whether to update the device information.

Abstract: A Software Defined Network (SDN) controller monitors load of Virtual FireWall (vFW) nodes in a firewall cluster in real time. When detecting that load of one or more vFW nodes is higher than a predefined first threshold, the SDN controller creates a new vFW node. The SDN controller selects a first flow, which is to be migrated, from flows passing through the monitored vFW nodes, updates a first flow entry corresponding to the first flow, and sends the updated first flow entry to a switch. The updated first flow entry indicates the switch to send the first flow to the new vFW node.

Abstract: Techniques for Diameter security with next generation firewall are disclosed. In some embodiments, a system/process/computer program product for Diameter security with next generation firewall includes monitoring Diameter protocol traffic on a service provider network at a security platform; and filtering the Diameter protocol traffic at the security platform based on a security policy.

Abstract: This application discloses a flow table processing method and the method is applicable to a software-defined networking SDN. After determining that M virtual machine ports are added to a security group, an SDN controller generates a first matching flow table set, a second matching flow table set, and an action flow table of the security group. The first matching flow table set and the second matching flow table set together implement matching of the security group. The action flow table of the security group includes a packet action for a packet that successfully matches the security group. The method provided in this application lowers complexity of a flow table used to implement security group matching, and improves security group matching efficiency.

Abstract: Enterprise users' mobile devices typically access the Internet without being protected by the enterprise's network security policy, which exposes the enterprise network to Internet-mediated attack by malicious actors. This is because the conventional approach to protecting the mobile devices and associated enterprise network is to tunnel all of the devices' Internet communications to the enterprise network, which is very inefficient since typically only a very small percentage of Internet communications originating from an enterprise's mobile devices are communicating with Internet hosts that are associated with threats. In the present disclosure, the mobile device efficiently identifies which communications are associated with Internet threats, and tunnels only such identified traffic to the enterprise network, where actions may be taken to protect the enterprise network.

Abstract: Aspects of the present disclosure provide systems and methods for directly transferring tenant data hosted on a source domain to a target domain, wherein the source and target domains are associated with different server farms. Additionally, where the source domain is managed by a source management layer and the target domain is managed by target management layer, which source and target management layers are not in a trust relationship. Aspects describe establishing a secure, direct communication bus between the source and target management layers in order to accomplish a plurality of steps involved in transferring the tenant, wherein tenant data transferred thereon is encrypted. In example aspects, the direct communication bus terminates upon completion of the tenant data transfer.

Abstract: Example methods are provided for a first endpoint to perform congestion control during communication with a second endpoint over a public network, the second endpoint being in a private network. The method may comprise generating a plurality of tunnel segments containing unreliable transport protocol data destined for the second endpoint; and determining whether congestion control is required based on a data amount of the plurality of tunnel segments and a congestion window associated with a tunnel connecting the first endpoint with the private network. The method may further comprise, in response to determination that congestion control is required, performing congestion control by dropping at least some of the plurality of tunnel segments; otherwise, sending the plurality of tunnel segments through the tunnel supported by the reliable transport protocol connection.

Abstract: In one embodiment, a computer implemented method provides a client computing device network access to a private network by a network traffic manager, and the method includes: obtaining context parameters related to a context of the client computing device; selecting as a function of the context parameters one or more policies as selected policies, wherein each policy is associated with one or more network entitlement rules defining network access rules to a networking device or an application in the private network according to the policy; retrieving the one or more network entitlement rules associated with the selected policies; and providing the network traffic manager with the one or more network entitlement rules, thereby providing the client computing device the network access.

Abstract: Techniques are described for generating and executing a digital safety box to provide secure communication between two computing devices. The digital safety box comprises an encryption key, and an executable code that defines a content holder and performs encryption of content stored in the content holder with the encryption key for secure communication. A receiver computing device generates the digital safety box including the executable code and the encryption key for a requesting sender computing device. The digital safety box may be one-time use and include a unique encryption key and a unique executable code. Upon receiving the digital safety box, the sender computing device executes the executable code of the digital safety box as an application that enables the sender computing device to store content in the defined content holder, encrypt the data with the encryption key, and generate a sealed digital safety box including the encrypted content.

Abstract: Methods, systems, and media for protecting and verifying video files are provided.

Abstract: A device for storing key-value (KV) data includes non-volatile memory and a controller. The controller includes a decapsulator and a KV mapper to receive network data communicated over a network, for example using a layer 2 protocol. The decapsulator is configured to decapsulate a payload from the network data, the payload including a key-value pair and first information. The KV mapper is configured to receive the key-value pair and the first information decapsulated from the network data, and determine, based on the received key-value pair and first information, a first location of the non-volatile memory. The controller is further configured to store KV data corresponding to the key-value pair at the first location of the non-volatile memory based on the first information.

Abstract: A computer-implemented method for information protection comprises: committing a transaction amount of a transaction with a first commitment scheme to obtain a transaction commitment value, committing a change of the transaction with a second commitment scheme to obtain a change commitment value, the first commitment scheme comprising a transaction blinding factor, and the second commitment scheme comprising a change blinding factor; encrypting a first combination of the change blinding factor and the change with a first key; transmitting the transaction blinding factor, the transaction amount, and the transaction commitment value to a recipient node associated with a recipient for the recipient node to verify the transaction; in response to that the recipient successfully verifies the transaction, obtaining an encrypted second combination of the transaction blinding factor and the transaction amount encrypted with a second key.

Abstract: An example includes a computing device including a controller configured to communicably couple the computing device to a peripheral computing device. The controller includes an encryption unit configured to encrypt input data received from the peripheral computing device before sending the input data to an application running on the computing device, and a decryption unit configured to decrypt output data received from the application before sending the output data to the peripheral computing device. The computing device also includes a memory device including a data structure that directs the flow of the data between the peripheral computing device and the application. The data structure includes an encryption enable field and an encryption key field for controlling the encryption and decryption units of the controller.

Abstract: Systems and methods for automating client-side synchronization and discovery of public keys and certificates of external contacts include a key synchronizer at a client device. The key synchronizer obtains, from the client device, an external contact associated with an external domain outside of a local domain of the client device and then identifies, based on the external domain, a public key registry outside of the local domain. The key synchronizer obtains, from the public key registry, a registry-supplied public key or digital certificate for the external contact and then stores the registry-supplied key as a locally-stored key in the local key store such that the client device can obtain and apply the locally-stored key to secure an email targeting the external contact as a recipient of the email.

Abstract: The disclosure provides a method and an apparatus for acquiring an electronic file. The method for acquiring an electronic file includes: generating a first encryption key according to login information of a user of a terminal device at the time of logging in to a platform server and a first identifier corresponding to an information providing server that provides the electronic file; sending a first request message for acquiring the electronic file to the platform server; receiving the electronic file encrypted using a second encryption key and returned by the platform server according to the login information and the first request message; and generating a first decryption key according to the first encryption key, and decrypting, using the first decryption key, the electronic file encrypted using the second encryption key, so as to obtain the decrypted electronic file. By means of the disclosed embodiments, private information concerning a user in an electronic file is not leaked by a platform server.

Abstract: A method, system, and non-transitory computer readable medium are described for providing a sender a plurality of ephemeral keys such that a sender and receiver can exchange encrypted communications. Accordingly, a sender may retrieve information, such as a public key and a key identifier, for the first receiver from a local storage. The retrieved information may be used to generate a key-encrypting key that is used to generate a random communication encryption key. The random communication encryption key is used to encrypt a communication, while the key-encrypting key encrypts the random communication key. The encrypted communication and the encrypted random communication key are transmitted to the first receiver.

Abstract: A first information comprising an identification of an encryption algorithm supported by a first component from the first component of a software defined network (SDN) is received at a controller of the SDN. A set of policies and a set of encryption algorithms are sent to the first component. A policy determines a cryptographic operation applicable to a path in the SDN between the first component and a second component of the SDN. The first component comprises an originating point of the path and the second component comprises a destination point of the path.

Abstract: A method at a computing device for enabling access to a credential vault if a master password for the credential vault is lost, the method including selecting at least one credential from within the credential vault; encrypting one of the master password or a vault key for the credential vault with the selected at least one credential, thereby creating a recovery file; and storing the recovery file, wherein the selected at least one credential can be used to decrypt the recovery file to enable access to the credential vault.

Abstract: A privilege management system receives a manifest specifying a first set of privileges implemented on a client device. Based at least in part on a characteristic of the client device, the privilege management system identifies a second set of privileges that are to be implemented on the client device. The privilege management system processes the first set of privileges and the second set of privileges to identify a set of differences and transmits this set of differences to the client device. In response to receiving this set of differences, the client device implements the second set of privileges.

Abstract: In one embodiment, a method for secure computation, includes receiving in a server, over a communication channel from a device external to the server a request to perform a modular exponentiation operation in which an exponent of the operation comprises a secret value, wherein the secret value is not provided to the server, and at least two parameters that encode the secret value in accordance with a polynomial or matrix homomorphic encryption of the secret value computed by the device, and performing in the server, in response to the request, a homomorphic exponentiation using the at least two parameters received from the device without decrypting the secret value in the server, so as to generate an output that is indicative of a result of the modular exponentiation operation.

Abstract: Systems and methods for encryption key shredding to protect non-persistent data are described. In one embodiment, the storage system device may include a storage drive and a controller. In some embodiments, the controller may be configured to power on the storage drive, identify an encryption key on the storage drive created upon powering on the storage drive, and encrypt data in a cache of the storage drive using the encryption key. In some embodiments, the controller may be configured to power off the storage drive and delete the encryption key upon powering off the storage drive. In some cases, the storage drive may include at least one of a solid state drive and a hard disk drive. In some embodiments, the storage drive may include a hybrid storage drive that includes both a solid state drive and a hard disk drive.

Abstract: Methods and systems for securely delivering notifications from remote applications to client devices are described herein. A computing device may listen for notifications from a remote application and receive notification data from the remote application. The computing device may select a notification service for delivery of the notification data to the client device. The computing device may send, to the selected notification service, at least a portion of the notification data for delivery to the client device. At least a portion of the notification data may be encrypted prior to sending to the selected notification service.

Abstract: Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key.

Abstract: Techniques are described for controlling data and resource access. For example, methods and systems can facilitate controlled token distribution across systems and token processing in a manner so as to limit access to and to protect data that includes access codes.

Abstract: Methods and systems are provided that enable single sign-on (SSO) mechanisms on rich clients running hosting applications that include documents with one or more embedded web assets. An embedded web asset may be any resource (e.g., document, image, data, etc.) that is accessed via a browser from within a hosting application. In aspects, authentication of a user identity is required to access an embedded web asset. In particular, an identity management module is provided on a rich client. The identity management module is configured to maintain multiple credentials for multiple user identities that are associated with multiple applications, whether the applications are embedded applications or hosting applications. In this way, a user may access multiple applications, including embedded web assets, associated with each user identity—without signing into each application. That is, a user is able to login a single time for each user identity.

Abstract: One or more clients of a service may obtain access to resources of the service using one or more roles. A role may be used to delegate access to resources that a principal normally would not otherwise have access to. Assuming a role may allow a principal to receive a token that provides access to resources according to permission associated with the role. Upon detecting an event in connection with the invalidation of a token associated with a role, a service may perform a workflow in connection with the principal.