Abstract: Disclosed in the embodiment of the present disclosure is a group chat initiating method on the basis of a shared document, comprising: when a first user account accesses a shared document, querying the shared document to obtain a group-specific name card inserted therein, and in the shared document, according to a joining state of the first user account in a chat group, displaying a group chat control corresponding to the joining state, and in response to an operation of the user performed on the chat control, sending a corresponding group chat request for joining the chat group or displaying an interface of the chat group. Also disclosed in the embodiment of the present disclosure are a device for initiating a group chat on the basis of a shared document, an electronic apparatus, and a computer-readable storage medium.

Abstract: A system and a method are disclosed for recommending electronic messages in a message sharing system. Users can post messages to the message sharing system. These messages from posting users are received by the system and sent to receiving users that have subscribed to the posting users. The receiving users interact with the messages in various ways, such as by sharing the messages with other users. Interaction information is received for each of the electronic messages. The interaction information includes an indication of the number of interactions with the electronic message by receiving users. A score is determined for each electronic message based on the interaction information. Electronic messages are selected for being recommended to a user or a group of users based on the scores. The recommendations are then sent to the users, enabling users to better focus their attention on messages that are likely to be interesting.

Abstract: Systems and methods are disclosed for determining whether a message received by a client may be spam, in a computing environment that preserves privacy. The message may be encrypted. A client invokes the methods when a message is received from a sender that is not known to the client. A client can decrypt the message, break the message into chunks, and apply a differentially private algorithm to the set of chunks. The client transmits the differentially private message sketches to an aggregation server. The aggregation server receives a large collection of such message sketches for a large plurality of clients. The aggregation server returns aggregated message chunk (e.g. frequency) information to the client to assist the client in determining whether the message may be spam. The client can process the message based on the determination without disclosing the message content to the server.

Abstract: A computer-implemented method includes identifying, by a computer device, particular users of a digital publishing platform, the particular users being users that have commented on previous content published by a first user; identifying, by the computer device, correlated users, the correlated users being those particular users that have published a pertinent comment; assessing, by the computer device, a satisfaction level of the first user with each pertinent comment; identifying, by the computer device and based on the assessing, a set of users of the correlated users, each of the correlated users in the set of users having published a pertinent comment having a satisfaction level above a threshold; notifying, by the computer device, the set of users that the first user has published new content; detecting, by the computer device, new comments by the correlated users in the set of users, the new comments pertaining to the new content; assessing, by the computer device, a satisfaction level of the first user

Abstract: A first electronic device comprises at least one communication circuitry, at least one display, at least one memory configured to store instructions, and at least one processor operatively coupled with the at least one communication circuitry and the at least one display. The processor is configured to (1) access to a first server for a navigation service through an application linked with a first account for accessing to a second server, (2) receive, via the first server from a second electronic device of a second user that is authenticated through the application linked with a second account for accessing to the second server, a message, (3) display an object for inquiring whether to obtain a route from the second user, (4) receive information regarding a changed location of the second electronic device, and (5) display a relative positional relationship between the two electronic devices over an electronic map.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing content on a social messaging platform. One of the methods includes providing a plurality of messages of a social messaging platform to a user device, the plurality of messages being part of a conversation; receiving a request associated with one of the plurality of messages, the request including an indication to repost a collection of messages; providing a selection user interface, the selection user interface including the plurality of messages and a respective selection indicator for each message; receiving a user selection of two or more messages; responsive to the user selection, generating a message composition interface, the message composition interface including a representation of the selected messages; and in response to user input, posting the representation of the selected messages as part of a new message of the user on the platform.

Abstract: Example implementations relate to a communication association model. For example, a computing device may include a processor. The processor may access a first and a second communication, the second communication originating based on the first communication. The processor may analyze the first communication to obtain first data associated with the first communication and analyze the second communication to obtain the second data associated with the second communication, where the first data includes data associated with a first sender a first recipient of the first communication and the second data includes data associated with a second sender and a second recipient of the second communication. The processor may create an association between the first data and the second data and may generate a model specifying the associated based on the first data and the second data, where the model indicates an impact associated with the first communication and the second communication.

Abstract: Generally, aspects of the invention involve creating a data structure (a map) that reflects routing of Internet traffic to Anycast prefixes. Assume, for example, that each Anycast prefix is associated with two or more deployments (Points of Presence or PoPs) that can provide a service such as DNS, content delivery (e.g., via proxy servers, as in a CDN), distributed network storage, compute, or otherwise. The map is built in such a way as to identify portions of the Internet (e.g., in IP address space) that are consistently routed with one another, i.e., always to the same PoP as one another, regardless of how the Anycast prefixes are deployed. Aspects of the invention also involve the use of this map, once created. The map can be applied in a variety of ways to assist and/or improve the operation of Anycast deployments and thus represents an improvement to computer networking technology.

Abstract: Generating an improved/more accurate geolocation database is provided. Given a dataset of reverse DNS hostnames for IP addresses, ground truth information, and a hierarchical geographical database, a machine learning classifier can be trained to extract and disambiguate location information from the reverse DNS hostnames of IP addresses and to apply machine learning algorithms to determine location candidates and to select a most probable candidate for a reverse DNS hostname based on a confidence score. The classifier can be used to generate an accurate geolocation database, or to provide accurate geolocation information as a service.

Abstract: A virtual address of a destination of a packet is parsed into a set of virtual address components. A subset of the set of virtual address components is tokenized into a token. The token is converted into at least a portion of a hostname. A look-up of a real network address corresponding to the hostname is performed. The packet is caused to be transmitted to the real network address, wherein the real network address corresponds to a host machine on a physical network, the receiving virtual entity operating on the host machine.

Abstract: Determining a resolved DNS response based on one or more resolutions for a received APN DNS query is disclosed. A resolved DNS response can be based on real-time analysis of a first query and/or on historical resolution of a second query that is sufficiently similar to the first query. In an aspect, training queries can be employed to populate a data store with preferred DNS responses correlated to the training queries and associated network conditions. The data store can then be employed to evaluate a received query, and where sufficiently similar to a training query, corresponding resolution from the training query can be provided as a resolution for the received query. Moreover, as stored query information is determined to become stale, refreshment techniques are disclosed. Additionally, training queries can comprise anticipated queries and historical queries.

Abstract: A communication apparatus connected to a virtual apparatus having an address dispensing function via an access network is provided, wherein the communication apparatus includes a communication confirmation unit configured to perform a communication confirmation between the virtual apparatus and the communication apparatus; and an address dispensing unit configured to dispense an address to a user terminal under control of the communication apparatus when communication between the virtual apparatus and the communication apparatus is not able to be confirmed by the communication confirmation unit, and the address dispensing unit causes the user terminal to forcibly release the address when the communication between the virtual apparatus and the communication apparatus is able to be confirmed by the communication confirmation unit.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme.

Abstract: Methods and apparatuses providing file type inspection in firewalls by moving the flow between deep inspection file and lightweight accelerated paths. The method includes obtaining, by a network security device, a packet flow of a file transfer session in which at least two files are transferred and determining, by the network security device, at least an offset parameter based on at least one attribute of at least a first packet in the packet flow. The offset parameter is for a first file being transferred of the at least two files and relates to an expected positon of a control data sequence within the packet flow. In this method, based on the offset parameter, directing, by the network security device, to an accelerated packet inspection path instead of to a deep packet inspection path, a portion of the packet flow including one or more packets that follow the first packet.

Abstract: An information processing apparatus that executes inspection with regard to one or more security inspection items includes a plurality of containers which are container-type virtual terminals, where resources including a file system provided by an operating system (OS) of the information processing apparatus are isolated from each other, a data acquisition unit that acquires data flowing over a network before the data reaches a destination, and a data transmission unit that transmits the data to the destination. Part of the plurality of containers is an inspection container where an application for executing the inspection has been implemented. The inspection container includes an inspection unit that executes the inspection with regard to the data that has been acquired.

Abstract: A method at a system including a firewall and at least one application, the method including obtaining, at the at least one application, a new address for a service provider for the at least one application; triggering a firewall update; obtaining a new firewall configuration; and updating the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider.

Abstract: An IoT computer system, in particular a so-called edge computer system includes a first virtual operating environment and a second virtual operating environment. The virtual operating environments are logically separated from one another. An arrangement includes such an IoT computer system and at least one external system or device to which the IoT computer system is connected.

Abstract: A system and a method of emulating a second cloud computing environment on a first cloud computing environment are disclosed herein. The first cloud computing environment includes an innovation platform having a private domain name system. The private domain name system is split between a customer subnet and a private subnet. The customer subnet is limited to communications with only the private subnet. The customer subnet executes an application thereon. The application is targeted for use on the second cloud computing environment.

Abstract: A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data.

Abstract: A computer-implemented method includes receiving, by a reverse proxy device, a session control template, and a client request directed to a service provider regarding an application. The method includes determining, by the reverse proxy device, whether the client request should be allowed or blocked based on the received session control template. If the reverse proxy device determines that the client request should be allowed, the client request is forwarded from the reverse proxy device to the service provider. If the reverse proxy device determines that the client request should be blocked, the client request is blocked from proceeding to the service provider.

Abstract: Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure.

Abstract: A unidirectional communication system to allow the sending of alerts and notification to remote operators while relieving the problem of the protection of a secured network against cyberattacks when the secured network has a need to communicate information from the secured network to a public network. In practice, the solution is based on the use of a data diode (also known under the name of network diode) to allow unidirectional transmission of information from the secured network to a public network, which makes a computer attack on the secured network from the public network impossible. Further, because of a commanded data diode, no sensitive information can leak from the secured network via the system according to the invention. The transmission of the message is only done after the message to be sent has been cleaned of sensitive information and then encrypted.

Abstract: The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request.

Abstract: Embodiments described herein provide a system for improving a classifier by computing a statistic for the utility of sharing data with a second party. The system may encrypt a set of class labels based on a public key/private key pair to obtain a set of encrypted class labels. The system may send a public key and the set of encrypted class labels to a second computing device. The system may receive an encrypted value computed by the second computing device based on the public key. The system may decrypt the encrypted value based on a private key to obtain a decrypted value. The system may then send a pair of encrypted values computed based on the decrypted value to the second computing device. The system may subsequently receive an encrypted utility statistic from the second computing device, and decrypt the encrypted utility statistic to obtain a decrypted utility statistic.

Abstract: A system for authenticating a user associated with a plurality of user devices using a plurality of types of authentication information. The system includes an electronic computing device including an electronic processor. The electronic processor is configured to receive, from a user device, a request to access sensitive information and send, to the user device, a request for a first accuracy measurement for a first type of authentication information. When first accuracy measurement is below a predetermined threshold, the electronic processor sends to the user device a request for a second accuracy measurement for a second type of authentication information. When the second accuracy measurement is above or equal to the predetermined threshold, the electronic processor authenticates the user and lowers the predetermined threshold for each user device associated with a user profile, records an anomaly associated with the first type of the authentication information, or both.

Abstract: Systems and methods for connecting a private device to a public device based on various connection parameters. For example, a media guidance application may receive a communication requesting to use the public device from a private device that is implementing a private interface application (e.g., Netflix™ a streaming media application). In response, the media guidance application may generate an authorization key that is unique to the private device and comprises connection parameters. The media guidance application may transmit the authorization key to the private interface application to initiate a session between the public device and the private device. Whenever a command is received from the private device, the media guidance application may verify the authorization key and determine whether the connection parameters are satisfied. In response to verifying the authorization key and the connection parameters, the public device may execute the received command.

Abstract: Various examples for managing a client device having multiple enrolled user accounts thereon are described. A computing device is directed to store a mapping of a client device to a plurality of user accounts active. The computing device communicates remotely with a management application on the client device to identify an active one of the user accounts from an operating system of the client device. In response to receipt of information associated with a first one of the user accounts active on the client device, the computing device enrolls the first one of the user accounts with a management service in association with the client device. In response to receipt of information associated with a second one of the user accounts active on the client device, the computing device enrolls the second one of the user accounts with the management service in association with the client device.

Abstract: Capillary network devices (i.e., IMSI-less devices) may connect to an EPC through a home WLAN. A WLAN can be configured by the homeowner to accept responsibility for the traffic or a WLAN can indicate to a network that it will allow the traffic if the traffic is sponsored by an application server or if it is compensated for the traffic by the network operator. Where an IMSI-less device has a business relationship with a network operator, a WLAN can allow the device to authenticate with the network and obtain a device identifier from the network. Where an IMSI-less device has a business relationship with a SCS that has a business relationship with the network operator, the WLAN can allow the device to authenticate with the network.

Abstract: Systems and methods are described for facilitating service connections by user-defined code executing on an on-demand code execution system. Rather than hard code state information used by network services into the code, the code can be provided with an interface that augments requests for network services with state information. When the user-defined code is executed by the on-demand code execution system, additional code can also be executed that provides the interface. The user-defined code may access the target network service through the interface, as if the target network service existed locally to an environment of the code. The interface can then augment requests to the target network service with state information. Because state information is maintained outside the user-defined code, portability of the user-defined code can be increased.

Abstract: Methods, media, and systems for facilitating inter-application communications between a web platform and a remote application computing device are disclosed such that a link protocol agent associated with the web platform processes an authentication request based on which a temporary connection resource locator is provided. A connection is then established at the resource locator and maintained for a period of time. Payloads and acknowledgements are exchanged in the established connection. The connection is capable of being established across a firewall.

Abstract: Syncing data warehouse permissions using single sign-on authentication including establishing a link between a first cloud-based data warehouse and a second cloud-based data warehouse, wherein the link facilitates access to data stored in the second cloud-based data warehouse via the first cloud-based data warehouse; receiving, by the first cloud-based data warehouse, a first query referencing first data stored in the second cloud-based data warehouse; accessing, by the first cloud-based data warehouse, from the second cloud-based data warehouse, the first data; and sending a response to the first query based on the accessed first data.

Abstract: Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user.

Abstract: Disclosed is a system for notifying hacking to a user thereby ensuring verified connection of a client machine with a server intended to be connected is disclosed. The system acquires a server certificate comprising data structure. The data structure may be acquired upon receipt of a response to a request initiated by the client machine. In one aspect, the data structure may be referred to as a tree site to verifier pertaining to the request. The system further receives a validation acknowledgement indicating validity of the server certificate. The system further performs a reverse certificate look up verification process upon receipt of the acknowledgment.

Abstract: In a display system according to the present disclosure, a server device includes an authentication processor that authenticates a user for use of a file, based on authentication information of the user input at a user terminal and an access information generator that generates first access information for accessing the file if the user is authenticated by the authentication processor for use of the file, and a display device includes a file acquirer that acquires the file from the server device, based on the first access information generated by the access information generator, and a display processor that displays the file acquired by the file acquirer, on the display.

Abstract: An authentication and authorization integration system with the heterogeneous cloud platforms is proposed herein. The system packs various authentication and authorization information to issue a general token to carry the session. During the statutory period of the general token, the heterogeneous cloud platforms authenticate the user through the token instead of the session authentication of platform to avoid the complexity caused by repeating authentication to integrate these heterogeneous platforms into an architecture of micro service and stateless session.

Abstract: Systems and methods of biometrically authenticating a user of a device. A biometric sample of a user can be analyzed to generate a user-specific biometric signature that is substantially unique to the specific user. To authenticate a user, a biometric sample can be obtained and analyzed to determine if the biometric signature is present in the sample. If so, the user can be biometrically authenticated to use the device. The device can provide a network with an indication of the authentication of the user to authenticate the device to the network. In response to the authentication, the network can provide the device access to the network, its resources, or portion(s) thereof.

Abstract: A method is disclosed. The method includes obtaining a biometric match score from a device that is used to conduct an interaction at a location and then receiving additional data associated with the device or the location. The method also includes determining, by the computer, an expected match score function based upon at least the additional data, and comparing the biometric match score to the expected match score function. The method also includes determining if the interaction is to proceed based on at least the comparing.

Abstract: Example methods and systems are provided for location-aware service request handling. The method may comprise: generating and sending location information associated with virtualized computing instance to a service node or a management entity for transmission to the service node. The location information may identify logical element(s) to which the virtualized computing instance is connected. The method may further comprise: in response to detecting, from the virtualized computing instance, a service request for a service from the service node, generating a modified service request by modifying the service request to include the location information associated with the virtualized computing instance; and sending the modified service request towards the service node.

Abstract: Methods, systems, and computer program products are provided for real-time compromise detection based on behavioral analytics. The detection runs in real-time, during user authentication, for example, with respect to a resource. The probability that the authentication is coming from a compromised account is assessed. The features of the current authentication are compared with the features from past authentications of the user. After comparison, a match score is generated. The match score is indicative of the similarity of the authentication to the user's history of authentication. This score is then discretized into risk levels based on the empirical probability of compromise based on known past compromised user authentications. The risk levels may be used to detect whether user authentication is occurring via compromised credentials.

Abstract: A monitoring and control system includes a slave station, a master station, and a monitoring and control device. The master station includes a transmission unit that transmits second control data including authentication data and second data to the slave station. The transmission unit transmits, to the slave station, the second control data including the authentication data stored in an area in a payload defined to store the second data. An authentication unit of the slave station determines whether data included in the area in the payload of the second control data matches authentication data stored in a memory unit. A transmission unit of the slave station transmits the second data included in the second control data to the device(s) if the authentication unit determines that the data included in the area in the payload matches the authentication data stored in the memory unit.

Abstract: A computing device may request service from a service provider, and authorization to receive the service may be based, at least in part, on a network access device that is providing the computing device with network access. The service provider may request a value from the computing device, and the value may be based on address information of the computing device and the network access device.

Abstract: Systems and methods are described for facilitating authentication of hosted network services to other services. A target service, such as a database, may require specific authentication information, such as a username and password, to access the target service. While this information could be manually specified in the hosted network service, de-centralized storage of authentication information is generally discouraged by security best practices. This disclosure provides an authentication proxy system that reduces or eliminates a need for hosted network services to store authentication information for target services. Rather, the authentication proxy system can obtain authentication information for the hosted network service that is provided by a hosting system, and authenticate the hosted network service using that authentication information.

Abstract: Embodiments disclosed herein are related to computing systems and methods for providing a presentation interrupt for a DID attestation. A DID attestation is accessed that is issued by a first entity of a decentralized network. The DID attestation defines information that has been generated by the first entity about a DID owner who is the subject of the DID attestation. The DID attestation includes interrupt metadata that directs that the first entity be contacted prior to the DID owner being able to present the DID attestation to a second entity of the decentralized network. In response to the DID owner attempting to present the DID attestation to the second entity, the first entity is contacted as directed by the interrupt metadata. Authorization information is received from the first entity. The authorization information indicates if the DID owner is able to present the DID attestation to the second entity.

Abstract: A system for enabling secure bidirectional communications on a network is provided, wherein a first server having a first security rating is connected to a second server having a second security rating by a first data channel configured to establish one-way communication from the first server to the second server. A second data channel incorporating a third server is configured to establish one-way communication from the second server back to the first server. The third server has a power switch that controls third server on and off states. The second data channel is enabled when the power switch is turned on. The third server arbitrates the flow of message traffic from the second server back to the first server by applying an on-board security module's encoded set of rules to determine whether the message is permitted to proceed to the first server.

Abstract: Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy.

Abstract: The present disclosure is directed to systems and methods for providing improved tools (e.g., user interfaces) that can be used for managing access permissions to cloud or other network resources. In general, the systems and methods include providing a user interface that can function in at least two modes which together can provide an improved user experience for intuitively and effectively developing code. As an example, the two interface modes can include a builder mode in which the user interface includes one or more interactive elements that enable a user to modularly build a set of computer-readable code that controls access permissions to one or more computing resources and an editor mode in which the user interface allows the user to directly edit the set of computer-readable code.

Abstract: There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and a security agent including instructions encoded within the memory to instruct the processor to: identify an unknown software object; query, via the network interface, a global reputation store for a global reputation for the unknown software object; receive a response from the global reputation store and determine that the unknown software object does not have a reliable global reputation; compute a local reputation for the unknown software object; and share the local reputation for the unknown software object with the global security cache.

Abstract: A security monitoring platform may use an unsupervised machine learning technique to cluster historical data related to user access rights associated with multiple cloud applications based on various features that relate to user permissions and attributes within the multiple cloud applications. The security monitoring platform may use a supervised machine learning technique to train an access rights data model based on the clustered historical data and perform one or more actions that relate to current access rights assigned to at least one user within one or more of the multiple cloud applications based on a score representing a probability that an access level assigned to the at least one user within the one or more of the multiple cloud applications is correct. The security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions.

Abstract: Described embodiments provide systems and methods for providing cross-application adaptive services. A computing system may receive, from a first client device, an identification of an user access requirement. The computing system may retrieve, from a requirement-adaptive service database, a system configuration corresponding to the user access requirement. The computing system may configure a hosted application according to the retrieved system configuration. The computing system may provide, to the first client device for rendering by an application of the first client device, the configured hosted application.

Abstract: A method of selecting devices on a private network for security protection via a network security device comprises classifying devices on the private network into devices that are sometimes protected and devices that are always either protected or not protected. Threats are monitored, the threats comprising at least one of a macro security event and a local security event, the macro security event detected by one or more external systems and the local security event detected by one or more devices local to the private network. When a threat is detected, it is determined whether the detected threat is a threat to one or more devices on the private network classified as devices that are sometimes protected, and if the detected threat is determined to be a threat to the one or more devices that are sometimes protected the one or more devices are protected.