Abstract: Systems, devices, methods, media, and instructions for automated image processing and content curation are described. In one embodiment a server computer system receives a content message from a first content source, and analyzes the content message to determine one or more quality scores and one or more content values associated with the content message. The server computer system analyzes the content message with a plurality of content collections of the database to identify a match between at least one of the one or more content values and a topic associated with at least a first content collection of the one or more content collections and automatically adds the content message to the first content collection based at least in part on the match. In various embodiments, different content values, image processing operations, and content selection operations are used to curate content collections.

Abstract: An forum facilitator device is provided that allows for a controlled environment to provide a secure forum for residents to provide communications to other registered users of the secure forum. The communications are provided through posts made in the secure forum and through other types of communications from the inmate such as but not limited to emails and text messages. The forum facilitator device operates the secure forum and implements rules to control what is posted on the secure forum, who is able to access the secure forum, and what entities are allowed to view and interact with residents of the controlled environment.

Abstract: E-mail synchronization may involve synchronization of data types, such as a unique identifier (UID), flag, header, and content. Upon identifying a trigger (e.g., user input) to receive a plurality of messages, a client device an implement an optimized retrieval scheme. This retrieval scheme may involve retrieval of multiple data types (e.g., UIDs, flag(s), and text) for one group of messages before those data types are retrieved for other groups of messages. Retrieval schemes can be determined and dynamically adjusted based on user input so as to provide quicker retrieval of certain data of certain messages. Retrieval schemes can also be optimized when multiple mailboxes are present.

Abstract: Methods and devices related to a single message management platform are described. In an example, a method can include receiving a first message at a first processing resource via a first application, receiving a second message at the first processing resource via a second application, receiving the first message and the second message at a memory, storing the first message and the second message in the memory, receiving a command to open a single message management platform, receiving the first message and the second message at the single message management platform, and organizing the first message and the second message at the single message management platform.

Abstract: A technology is provided for delivering a data object to device. Data delivery instructions to distribute a data object to a device may be received at a delivery service and include a storage location of the data object, a messaging topic, and a size of data receivable by the device. The data object is then divided into blocks corresponding to the size of data receivable by the device. A messaging topic is identified to which the device is subscribed via a messaging service. The blocks are sent to the device using the messaging topic and a network protocol installed on the device.

Abstract: A similarity score between a profile of an email sender and one or more profiles associated with one or more respective recipients of the email being sent by the email sender is calculated. In response to determining that the calculated similarity score between the profile of the email sender and at least one profile of the one or more profiles associated with a respective recipient of the one or more respective recipients does not exceed a first threshold value, a relevance score between a context of the email and each of the one or more recipients of the email is calculated. Responsive to determining that the calculated relevance score between the context of the email and each of the one or more recipients of the email does not exceed a second threshold value, a distribution list of the email is updated. The email is transmitted using the updated distribution list.

Abstract: A social media message system is described allowing open access to all users. The message system utilizes one or more libraries with prefabricated icons for sending messages of a generally positive nature. The messaging system may use words in the icons, but otherwise does not allow users to generate alpha numeric text messages or emoticons.

Abstract: A method and system for real-time eventing including interacting with at least one configuration attribute according to instructions specified through an application programming interface (API); adding subscribers for an event channel; generating an event from operation of an application; publishing the event message to the event channel on an event router; processing the event message according to the at least one configuration attribute; identifying a subscriber to the event channel; and sending the event from the event router to the subscriber.

Abstract: In one embodiment, a method includes receiving a post corresponding to a civic issue on a civic-issues platform of an online social network associated with a first municipality from a client system of a first user of the online social network, where the first user is connected to the first municipality within the online social network, determining a classification of the post based on a comparison of the post with one or more classification-keywords stored in a public-agency database, assigning the post to a first agency of the first municipality based on the determined classification of the post and a location associated with the civic issue, receiving a request to update the post on the civic-issues platform, the request describing a current status of the civic issue, and updating the post on the civic-issues platform to indicate the current status of the civic issue.

Abstract: Methods and systems for user communication in an online community and/or website are provided. User profile data may be accessed to from a memory. An analysis system compares the user profile data for the user with a time-dependent goal to determine a result. The time-dependent goal may be determined based on an analysis of a set of (successful) users. A user interface system generates a representation of the result for prompting the user to initiate a communication to a different user based on the time-dependent goal. The representation may comprise a metered representation indicating an amount of progress, by the user, toward the time-dependent goal.

Abstract: Methods, devices, systems, and computer readable media with instructions for group text communications between multiple devices, along with communication of associated data and automatic deletion of communications, are described. One embodiment involves generating a first ephemeral group chat, receiving a first ephemeral chat message, associated with one or more deletion triggers, and transmitting the first ephemeral message; and receiving, from at least the second client device, chat monitoring information comprising first deletion trigger information. In various embodiments, coordinated presentation and deletion of ephemeral chat messages are managed in a variety of ways.

Abstract: In order to provide efficient processing of Dynamic Host Control Protocol (DHCP) data flows and dynamic Internet Protocol (IP) address management, an electronic device that implements a virtual dataplane in a network may separate the DHCP data flows from other data flows. Then, the virtual dataplane may perform IP address management using one or more applications that are executed by a processor in the electronic device. In order to accelerate processing of a sequence of packets in a DHCP data flow to a destination, the virtual dataplane may look up a stored result of a look-up operation for a first packet in the sequence, so that subsequent packets in the sequence use the stored result without performing the look-up operation. Furthermore, the IP address management may include dynamically freeing up IP addresses in the network based on network activity of client devices.

Abstract: A semantic validation method, applied to a Machine-to-Machine Communications (M2M) system, where the method includes receiving, by an apparatus storing a semantic description resource, an operation request related to a first semantic description resource, including semantic information of the first semantic description resource, an association relationship between the first semantic description resource and another semantic description resource, and a uniform resource identifier (URI) of an ontology referenced by the first semantic description resource, determining that the first semantic description resource is associated with the semantic description resource, sending a semantic validation request message to an apparatus that stores the ontology referenced by the first semantic description resource. Hence, accuracy of a resource and data shared between industries and applications using a public capability of the M2M system can be ensured in a case of no priori knowledge.

Abstract: Some embodiments provide a method for distributing firewall configuration in a datacenter comprising multiple host machines. The method retrieves a rule in the firewall configuration for distribution to the host machines. The firewall rule is associated with a minimum required version number. The method identifies a high-level construct in the firewall rule. The method queries a translation cache for the identified high-level construct. The translation cache stores previous translation results for different high-level constructs. Each stored translation result is associated with a version number. When the translation cache has a stored previous translation result for the identified high-level construct that is associated with a version number that is equal to or newer than the minimum required version number, the method uses the previous translation result stored in the cache to translate the identified high-level construct to a low-level construct.

Abstract: A firewall device comprises a storage unit that stores therein one or more rules related to blocking a request for each of a plurality of WEB servers independently of the rule for another WEB server; a feature-amount calculating unit that calculates a feature amount for each of the WEB servers based on a number of detections with regard to each index in each of the WEB servers; and a rule updating unit that updates a rule stored in the storage unit for each of the WEB servers based on the feature amount calculated by the feature-amount calculating unit.

Abstract: A method for operating a network is provided. The method comprises segmenting the network into a plurality of virtual private networks, wherein each virtual private network runs on an underlying physical network; and wherein each virtual private network represents a particular context; and configuring at least some nodes within the network to send and receive traffic based on context.

Abstract: An embodiment controls access to a resource, the access controlled by a multi-tenant system. Embodiments receive, at a web server, a request for the resource from a user via a web browser, the request including a Uniform Resource Locator (“URL”) associated with the resource and an identity of a tenant corresponding to the user. Embodiments determine an access policy for authenticating the user that is associated with the resource, the access policy based in part on the identity of the tenant. Embodiments then authenticate the user based on the determined access policy.

Abstract: An application using a virtual private network (VPN) is programmed to transmit proxy traffic to a remote proxy server. Traffic to the proxy server is intercepted, shifted to user space, and processed according to one or more options. Traffic may be terminated by a local proxy that resolves domain names in traffic and requests referenced content. Intercepted traffic may include plain text data in headers that is encrypted before forwarding to a different proxy server. Traffic may be evaluated, such as a User Agent string in order to determine routing choices, such as blocking, throttling, local termination, transmitting through a VPN, or other options. Multiple VPNs may operate on the same user computer and proxy traffic may be intercepted and processed by transmitting it through a VPN, bypassing all VPNs, or routing through a different VPN.

Abstract: In an embodiment, a method comprises intercepting, from a server computer, a first set of instructions that define one or more objects and one or more operations that are based, at least in part, on the one or more objects; generating, in memory, one or more data structures that correspond to the one or more objects; performing the one or more operations on the one or more data structures; updating the one or more data structures, in response to performing the one or more operations, to produce one or more updated data structures; rendering a second set of instructions, which when executed by a remote client computer cause the remote client computer to generate the updated data structures in memory on the remote client computer, wherein the second set of instructions are different than the first set of instructions; sending the second set of instructions to the remote client computer.

Abstract: A network protocol and transit system that together provide data tunneling designed for anonymous and hidden delivery. The approach protects communications deliverability and attribution for users on any device and in any location, irrespective of the underlying operating environment. The solution provides for a fully “cloaked network” comprising zero-trust nodes, an onion routing-based bi-directional protocol with modular multi-layered encryption, evasive multi-pathing that leverages randomized ephemeral virtual circuit generation, and virtual rendezvous for person-to-person communications. The approach may be implemented “as-a-service,” in a hybrid/bridged network, on-premises, or otherwise.

Abstract: The present application discloses a method and a device for vehicle security communication, a vehicle multimedia system, and a vehicle. The method applied to a security chip comprises: receiving a control instruction from a network system when the network system is connected, wherein the control instruction includes encrypted control data; decrypting the encrypted control data in the control instruction; obtaining the decrypted control data when the decryption is successful; and transmitting the decrypted control data to the vehicle body system to make the vehicle body system control the vehicle to perform a target operation according to the decrypted control data.

Abstract: Examples of techniques for encrypted fibre channel over internet protocol (FCIP) data replication are described herein. An aspect includes receiving replication data from a primary site host system, the replication data comprising header information. Another aspect includes encrypting the replication data. Another aspect includes writing the header information to a local memory, wherein the header information in the local memory is unencrypted. Yet another aspect includes encapsulating the encrypted replication data, wherein the unencrypted header information is accessed in the local memory during the encapsulation of the encrypted replication data.

Abstract: A “trusted domain” is established within which content received from a communications network, e.g., a cable TV network, is protected from unauthorized copying thereof, in accordance with the invention. In an illustrative embodiment, the trusted domain includes a device associated with a user which receives content from the cable TV network. The content may be encrypted using a content key in accordance, e.g., with a 3DES encryption algorithm before it is stored in the device. In addition, a first encrypted content key version and a second encrypted content key version are generated by respectively encrypting the content key with a public key associated with the device and another public key associated with the user, in accordance with public key cryptography. The first and second encrypted content key versions are stored in association with the encrypted content in the device storage.

Abstract: A method, system, and program product for generating an automated source code log statement is provided. The method includes retrieving source code of a software application and associating logs and associated semantics with the source code. The source code is parsed and analyzed and log statements are generated. Attributes within the source code are identified. The log statements are inserted into the source code with respect to a specified source code level of the source code and the source code comprising the log statements is presented to a developer. A command for modifying the logs is received. In response, the logs are modified resulting in modified logs. The source code comprising the log statements and modified logs is executed.

Abstract: A method for operating an electronic apparatus according to an embodiment of the present invention may comprise the steps of: setting a first key for unlocking data stored in a first electronic apparatus; when the first electronic apparatus receives, from a second electronic apparatus, a second key set by the second electronic apparatus, transmitting by the first electronic apparatus, to the second electronic apparatus, first data locked using the first key and the second key; and when the first electronic apparatus receives, from the second electronic apparatus, a generation signal of a first event for the first data, transmitting the first key to the second electronic apparatus according to whether the first event is approved or not.

Abstract: A first authentication factor associated with a client system may be received. An input may be received from the client system that corresponds to an operation to be performed on a data object. A processing device may determine whether the operation is one of a set of operations being associated with a second authentication factor. In response to determining that the operation is one of the set of operations being associated with the second authentication factor, the processing device may generate a notification for the second authentication factor. A response including the second authentication factor may be received and the operation may be performed in view of the second authentication factor.

Abstract: Methods and systems for a browser extension system are disclosed. In some embodiments, a browser extension server includes a communication device configured to communicate with a first computing device executing a browser extension application and a web browser application and a second computing device executing an authentication application. The browser extension server further includes a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include receiving from the first computing device an indication of a financial service account associated with the first computing device, detecting a payment field in a web page provided by the computing device through the web browser application and, in response, generating a secure token mapped to the financial service account.

Abstract: A method at a network element for attestation of applications, the method including sending a challenge to an application at an electronic device; receiving a response from the electronic device; processing the response; and upon determining that the response is invalid based on the processing, taking an enforcement action against the application.

Abstract: A system provides access to a third-party application by a user without revealing at least one sign-on credential used to access the application to the user. The system includes an access management server and a permission server. The access management server hosts a user portal. In response to a user input from the user portal requesting to access the application, the access management server requests, from the permission server, confirmation of user's permission to access the application. The permission server determines whether access is confirmed using stored permission data, which includes applications the user is currently permitted to access. If the permission server confirms the user's permission, the access management server redirects the user to a sign-on page of the application, automatically enter the sign-on credentials in an anonymized format that is not readable by the user, and automatically submits the sign-on credentials.

Abstract: Disclosed herein are systems and methods for blocking network connections. In one aspect, an exemplary method comprises, intercepting a certificate from the server when establishing a protected connection between a server and a client, determining whether the intercepted certificate is similar to one or more forbidden certificates, the determination of whether the intercepted certificate is similar to one or more forbidden certificates comprising transforming the intercepted certificate in accordance with a method of determining similarities between certificates and a method of saving forbidden certificates in a database of forbidden certificates, and blocking the connection when the intercepted certificate is similar to the one or more forbidden certificates.

Abstract: Systems and methods for role-based access control to computing resources are presented. In an example embodiment, a request to perform a type of access of a computing resource is received via a communication network from a process executing on a client device. Using a data store storing process identifiers and associated access control information, access control information associated with the requesting process is identified based on a process identifier of the requesting process. Based on the access control information associated with the requesting process, a determination is made whether the requesting process is allowed to perform the requested type of access of the computing resource. The request is processed based on the requesting process being allowed to perform the requested type of access of the computing resource.

Abstract: Disclosed is a client system for facilitating authentication of a user characterized by validating a password, at the client machine, transmitted by a server. In order to authenticate the user, initially, the client machine transmits a User Identification (ID) to the server. Upon receipt of the User ID, the server receives the User ID from the client machine and accordingly transmits a password to the client machine. In one aspect, the password may be transmitted by identifying the password, pertaining to the User ID, from a server password database and altering the password, to be transmitted, based on the metadata by using a Random Character Generator (RCG) algorithm. Subsequently, the client machine receives the password pertaining to the User ID from the server. Post receipt of the password, the client machine compares the password with a complementary password stored in a client password database presents on a client machine.

Abstract: Systems and methods for credential character selection are provided. The system includes one or more sensors configured to detect a character selection and generate a character selection signal, and detect a character selection completion and generate a character selection completion signal. The system also includes one or more processors coupled to the one or more sensors, the one or more processors configured to receive the character selection signal and the character selection completion signal, and generate an output signal based on the received character selection signal that includes components of a credential. The system also includes a network interface component configured to transmit the output signal. The credential characters may be components of a PIN or password. Moreover, the credential character selections may be made on one device, but displayed on a separate coupled device. The character selections may be a selection of a character or a modification of character.

Abstract: A method of secure communication between a computer server and users each having a connected computer system, comprising recording of a unique identifier of the server in the memory of a trusted server, the connected system having first and second digital communication modes, the method further comprising: the transmission of an ASC application to the connected system, the application being installed on the connected system, its execution controlling the automatic opening of a computer session with the trusted server according to the second digital communication mode, the opening of a communication session by the connected system with a server, the opening of a secured communication session by the server with the trusted server, the transmission by the server of an identifier of the connected system, the calculation by the trusted server of a time-stamped code associated with the key, the transmission of the time-stamped code by the trusted server to the connected system corresponding to the identifier transm

Abstract: Disclosed examples to manage user credentials include providing new credentials from a non-rendered application to a website to perform credential resetting for the website; establishing an authenticated session for a user with the website based on the new credentials; and passing session configuration data corresponding to the authenticated session from the non-rendered application to a browser, the session configuration data to allow the browser to continue the authenticated session.

Abstract: A reader configured to perform dual-factor authentication is provided. The reader is configured to analyze credential data as well as event-based user inputs. The event-based user inputs are received in response to the reader presenting one or more events to a user and monitoring the user's reaction thereto. Utilization of an event-based user input enables the reader to perform dual-factor authentication without necessarily being provided with a keyboard or other advanced user input device.

Abstract: A method, computer system, and a computer program product for enhanced user authentication is provided. The present invention may include obtaining, from a user device, a user name associated with the user device. The present invention may also include obtaining, from the user device, a system name associated with the user device. The present invention may then include identifying, in a database of a security device in communication with the user device, a password associated with the obtained user name and the obtained system name. The present invention may then include, in response to a login prompt of the user device, automatically injecting the identified password from the security device in communication with the user device into the login prompt.

Abstract: Methods and apparatus for allowing an individual to preserve his/her privacy and control the use of the individual's images and/or personal information by other, without disclosing the identity of the individual to others, are described. In various embodiments the individual seeking privacy provides his/her identifying information, images, and sharing preferences indicating desired level of privacy to a control device which is then stored in a customer record. The control device can be queried to determine if an image or other information corresponds to a user who has restricted use of his/her image or other information in a public manner. Upon receiving a query the control device determines using the stored customer record whether an individual has authorized use of his or her image. Based upon the determination a response is sent to the querying device indicating whether the use of the image and/or individual's information is authorized.

Abstract: The present disclosure relates to systems, methods, and computer-readable media for securely verifying an identity of a user of a client device based on a signal transmitted by the client device. For example, systems disclosed herein include registering a client device and facility device via a cloud computing system to enable the client device and facility device to securely communicate a signal via a wireless connection. The systems disclosed herein additionally include determining whether a trigger condition applies based on a position of the client device relative to the facility device. The systems disclosed herein further include maintaining and updating a subset of user verification information to include personal verification of a registered user of the client device. Using the subset of user verification information, a biometric scanning device may efficiently and accurately verify an identity of an individual associated with the client device.

Abstract: Disclosed is a secure semiconductor chip. The semiconductor chip is, for example, a system-on-chip. The system-on-chip is operated by connecting normal IPs to a processor core included therein via a system bus. A secure bus, which is a hidden bus physically separated from the system bus, is separately provided. Security IPs for performing a security function or handling security data are connected to the secure bus. The secure semiconductor chip can perform required authentication while shifting between a normal mode and a secure mode.

Abstract: Disclosed are systems and methods for passively authenticating users of a native application running on a mobile communications device. The user may be applying for a service, product, access, etc. from a provider computing system. A unique device identifier of the device may be acquired and provided to a first computing system. A mobile telephone number associated with the device may be received at the device. User information may be accepted from the user via a user interface of the device for entry into a set of fields. The mobile telephone number may be verified by determining, via a second computing system that is different from the first computing system, that the mobile telephone number is associated with the user information. The service/product/access for the user may be approved in response to verification of the mobile telephone number. The user may be authenticated without challenge questions.

Abstract: A global unique device identification code distribution method includes obtaining a public key and device information of at least one Internet of things (IoT) device after the blockchain node establishes communication with the at least one IoT device, generating a random code and combining the random code with the public key and device information of the at least one IoT device to generate a global unique device identification code, and sending the global unique device identification code to the IoT device and writing the global unique device identification code and the public key of the IoT device as a pair into the blockchain network. The method is implemented in a blockchain node of a blockchain network.

Abstract: Techniques for session security. Information corresponding to an electronic device used to access a resource is gathered. The information uniquely identifies the electronic device. Subsequent accesses to the resource during the session are monitored to determine whether changes occur to the information. A security action is taken in response to a change in the information.

Abstract: Mechanisms (such as systems, methods, and media) for protecting a client device from an insecure cloud-based storage container stored on a server are provided, the mechanisms comprising: determining that content accessible by the client device is hosted in a storage container on the server; sending a message to the server to determine what security provisions are in place for the storage container; determining that the storage container is not secure; and blocking access by the client device to the storage container.

Abstract: Methods and apparatus that allow clients to establish sub private networks as resources within private networks on a provider network. A sub private network may be owned and controlled by a different entity than the owner of its parent private network. A parent private network controls access to its sub private networks, and each sub private network also controls access to its resources. This enables a layered topology in which a parent private network may establish access control rules for its sub private networks; the sub private networks may supplement the access control according to their specific needs. Sub private networks may share resources of their parent private network, and a sub private network may allow or restrict access to its resources by its parent private network, by its sibling private networks, and/or by its own sub private network(s).

Abstract: The present disclosure provides an approach for granting access to a resource located on a first server, the granting being done by a second server to a third server. The method results in a decentralized granting of access to a resource, preventing a bottleneck in the first server that could develop if the first server were to grant each access to each of its resources. The access is provided in the form of an encrypted capability, and transmitted through a secure channel. The code on the second server for granting access is located within an encrypted memory region, such that unauthorized processes cannot access the code or the data within the encrypted memory region.

Abstract: Systems and methods for tiered connection pooling are disclosed herein, which may be used in a method of fulfilling user requests in an enterprise computing system. The method involving generating, by a processing unit, a first connection pool comprising one or more previously used authenticated connections with a resource; generating, by the processing unit, a second connection pool comprising one or more unused authenticated connections with the resource; and generating, by the processing unit, a third connection pool comprising one or more unauthenticated connections with the resource; receiving, by the processing unit, a request from the user device to access the resource, the resource requiring authentication for access; and fulfilling, by the processing unit, the request based on a connection from the first, second, or third connection pool.

Abstract: Systems, methods, and apparatuses are provided for restricting access to a web resource. Website access information is obtained by monitoring accesses to a plurality of websites for each access, which may include a network identifier of an access requestor, a website identifier, and an access time for each request. Based on at least the website access information, it may be determined that a particular access requestor has accessed a number of different websites in a given time period. As a result, the particular access requestor may be classified as a web robot. A request to permit access to a web resource is received by the particular access requestor. In response to receiving the request to permit access to the web resource, the particular access requestor is prevented from accessing the web resource and/or a notification is generated that the particular access requestor is attempting to access the web resource.

Abstract: An information processing apparatus for selecting encryption key using policy. The information processing apparatus includes at least one processor executes instructions to input a first policy which defines a first encryption key configured to be used in communication between the information processing apparatus and plural communication apparatuses and a second policy which defines a second encryption key configured to be used in communication between the information processing apparatus and a single communication apparatus.

Abstract: A computing device includes a memory and one or more processors coupled to the memory.