Abstract: A media appliance comprising: video apparatus for outputting signals to a screen; a control device allowing a user to control the output of signals from the video apparatus to the screen, thereby selecting a viewing activity; a network interface for accessing a packet-based network; a memory storing a communication client application; and processing apparatus, coupled to the memory, network interface and video apparatus, and arranged to execute the communication client application; wherein the client application is configured so as when executed to allow the user to conduct bidirectional communications with other users via the packet-based network, and output notifications to the user of incoming communication events received from other users over the packet-based network; and wherein the client application is further configured to defer one or more of said notifications of incoming communication events received during said viewing activity, determine a delineation in the viewing activity, and automatically o

Abstract: A method for sharing content on an instant messaging application operating in a user terminal including determining whether content-to-be-shared for a chat room associated with a user account of the instant messaging application exists, outputting a share recommendation message for the user account through the chat room in response to a result of the determining indicating that the content-to-be-shared exists, receiving a response to the share recommendation message from the user account, and outputting the content-to-be-shared for the chat room based on the received response to the share recommendation message may be provided.

Abstract: The present disclosure involves systems, software, and computer implemented methods for managing and replaying persistent draft messages for entity data. One example method includes receiving a request from a client to read entity data in a draft of an entity. Previously-generated messages for the draft of the entity are retrieved and regenerated. A request to change a field of the entity is received and a set of previously-generated messages that correspond to the field is identified. Each message in the set of previously-generated messages is marked as invalid to prevent subsequent regeneration of messages in the set of messages. Each message in the previously-generated messages that is not marked as invalid is stored as a persistent draft message for the draft of the entity.

Abstract: Methods, systems, computer-readable media, and apparatuses may provide management of messaging for one or more devices of a user according to the user's configurable presence schedule. A messaging management server may receive notifications of messages and the messages themselves from a messaging service provider. The messages may have originated from a first user and be intended for receipt by a second user. After a preset time period has elapsed, a notification of the message may be sent from the messaging management server to each of the second user's devices in accordance with the second user's presence schedule. Subsequent messages from the first user and intended for the second user may be routed from the messaging management server to the device on which the second user responded to the notification of the initial message and might not be routed to the second user's other devices.

Abstract: A method and apparatus for improving digital transaction using Simple Mail Transfer Protocol (SMTP). The method includes determining to whether an alert related to a task is sent to a registered individual, on a condition that the alert related to the task should be sent, generating an email message, wherein the email includes at least one mailto link and a form for the registered individual to complete, transmitting the email message to the registered individual, receiving a response email from the registered individual, authenticating the email message and decoding a token, and updating an information database.

Abstract: The disclosed system and method enable multiple user devices to track the read/unread status of received messages, even though the user reads the message on only one device. A server of a telecommunication network can receive, from a user device associated with a sender, a message sent to a recipient. The user device does not communicate to the server that the received message has been read. Upon receiving the message, the server can determine that the message is in reply to a message thread and can update a status of a second message in the message thread to the read status. The second message is the most recent message in the message thread sent by the recipient to the sender. The server can provide the updated status of the second message in the message thread to the multiple user devices associated with the sender.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to estimate demographics of users employing social media. An example method disclosed herein includes (1) identifying a social media message regarding an asset, the social media message associated with a user identifier associated with the user, (2) determining demographics associated with a group of people exposed to the asset, (3) associating the user identifier with the asset, and (4) repeating (1) to (3). The example method also includes (5) combining demographics associated with two or more different groups of people with which the user identifier is associated to estimate a demographic profile for the user.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for integrating a collaborative communication system and a document collaboration system. A document within the document collaboration system may be linked to an object within the collaborative communication system. A user post may be received in association with the object or the document. A first feed configured to be rendered in association with the object is synchronized with a second feed configured to be rendered in association with the document such that both the first feed and the second feed each includes the user post.

Abstract: Systems, methods, and apparatus to identify media devices are disclosed. An example apparatus includes a listing retriever to retrieve a list of device names corresponding to devices identified as present on a local area network, the list of device names retrieved from a network activity measurement system located outside of the local area network. The example apparatus includes a communications analyzer to identify a list of hardware addresses of devices on the local area network. The example apparatus includes a mapper to receive a mapping between a device in the list of devices and a hardware address in the hardware addresses. The mapper is to transmit the mapping to the network activity measurement system.

Abstract: The disclosure provides an approach for eliminating issues associated with the use of an L2 extension and ARP calls after migrating a virtual machine from one host to another host. The approach involves placing nodes within a network within their own subnetworks, each subnetwork having an IP address range of one address. Placing nodes into subnets of one avoids intra-subnet forwarding, eliminating the need for ARP calls and for L2 extensions.

Abstract: Some embodiments provide a method for proxying ARP requests. At an MFE that executes on a host computer operating at a first site to implement a distributed router along with at least one additional MFE at the first site, the method receives, from a router at a remote second site, an ARP request for an IP address associated with a logical switch that spans the first site and the remote second site, and to which both the distributed router and the router at the remote second site connect. The method determines whether a table that includes IP addresses for a set of DCNs that use the distributed router as a default gateway includes the IP address. When the IP address is in the table, the method proxies the request at the host computer. When the particular IP address is not in the table, the MFE does not proxy the request.

Abstract: Methods, non-transitory computer readable media, application delivery controller (ADC) apparatuses, and network traffic management systems that receive a request including an Internet Protocol (IP) version 6 (IPv6) source address and an IPv6 destination address. A client IP version 4 (IPv4) address of a client from which the request originated and a server IPv4 address of a server are determined from one or more extracted portions of one or more of the IPv6 source address or the IPv6 destination address. The request is modified to include an IPv4 source address and an IPv4 destination address. The IPv4 source address and the IPv4 destination address include the client IPv4 address and the server IPv4 address, respectively. The modified request is sent to the server based on the server IPv4 address included in the IPv4 destination address of the modified request.

Abstract: Systems and methods are described for communications between computing devices via a stateless high-volume network address translation (“NAT”) service. The stateless high-volume NAT service manages high volumes of connections between networks by encoding at least part of the information needed to manage a connection in an encoded IPv6 address, which is then used by a NAT device or application as its sending address when relaying data from a source to a destination. The encoded IPv6 address may contain information such as the IPv4 address of the source, the IPv4 address of the destination, the protocol used to communicate, the source and destination ports, and the like. When the destination sends a response to the encoded IPv6 address, the NAT device decodes the IPv6 address to obtain the encoded information, and then uses that information to deliver the response to the source.

Abstract: Mechanisms for split tunneling are provided. The mechanisms identify user devices and determine that communications for a first device of the user devices are to be tunneled. These mechanisms also receive a DNS request from a second device of the user devices, modify the DNS request to request meta information corresponding to a domain identified in the DNS request, and send the DNS request to a DNS server. The mechanisms further receive a response to the DNS request, wherein the response includes the meta information, determine that communications for the second device are not to be tunneled based at least in part on the meta information, and cause the communications for the first device to be tunneled and the communications for the second device to not be tunneled.

Abstract: Systems, methods and computer software are disclosed for providing network address translation with a tunnel identifier (TEID) in a cellular network. A HetNet Gateway (HNG) allocates at least a portion of a unique TEID for a user equipment (UE). The HNG receives a packet having a source field in the packet header including an Internet Protocol (IP) address. The HNG replaces the IP address in a source field of the packet header of the packet with the unique TEID for the UE and forwards the packet using the unique TEID to a packet gateway (PGW).

Abstract: Systems, methods, and devices for identifying and responding to illegitimate devices on a service provider network include computing devices that are configured to collect dynamic host configuration protocol (DHCP) information related to a device (e.g., a modem, etc.) that establishes or requests to establish an internet protocol (IP) connection to the service provider network. The computing devices may determine features based on the collected DHCP information, apply the determined features to a classification model, and predict whether the device is an illegitimate device based on a result of applying the determined features to the classification model. The computing devices may perform a responsive action (e.g., blacklist or quarantine the device, etc.) in response to predicting that the device is an illegitimate device.

Abstract: Disclosed herein are system, apparatus, method, and computer program product embodiments for securing inter-network communications. An embodiment operates by generating a task request to be performed in a first network environment. The embodiment further operates by transmitting the task request to an application located in a second network environment. The embodiment further operates by receiving a task package from the application. The embodiment further operates by determining whether the task package includes a positive task value and, if so, calling a task in the first network environment based on the task package. The embodiment further operates by generating a creation status associated with an execution of the task in the first environment and transmitting the creation status to the application. Subsequently, the embodiment further operates by generating a final status associated with the execution of the task and transmitting the final status to the application.

Abstract: Technologies are disclosed for enforcing access control to resources of an indexing system using resource paths. Before performing a search for resources, access control is performed. By determining the resource paths that the user is authorized and/or unauthorized to access before performing the search, the search engine returns resources that the user is authorized to access instead of returning resources that the user may not be authorized to access. Before submitting a search query to a search engine an augmented search query is generated. The augmented search query includes one or more filter rules (which may be referred to herein as “filters”) that specify the resource paths to include or exclude from the search. The augmented search query limits the search to resources that the user is authorized to access.

Abstract: A mobile device securely communicates with an electronic device within an automobile. The mobile device transmits encrypted spatial state information and the electronic device provides commands to the automobile in response. Spatial state information may include location, motion, or the like. Commands to the automobile may include door unlock commands, remote start commands, horn honk commands, or the like.

Abstract: Protecting PII submitted through a browser. In some embodiments, a method may include detecting multiple PII of a user submitted to multiple organization websites through a browser. The method may also include encrypting each of the PII. The method may further include storing each of the encrypted PII along with an identifier of the organization website to which the PII was submitted. The method may also include receiving a request to view the PII along with an indicator of the organization website to which the PII was submitted. The method may further include retrieving each of the encrypted PII along with the identifier of the organization website to which the PII was submitted. The method may also include decrypting each of the encrypted PII. The method may further include displaying each of the PII along with the indicator of the organization website to which the PII was submitted.

Abstract: A system, method and computer-readable medium provide secure communication between a first and a second computer system based on supersingular isogeny elliptic curve cryptography. The first computer system and the second computer system each determine kernels KA and KB including computing mP+nQ by accessing a lookup table stored in a memory that contains a range of doubles of an end point of the respective kernels, where P and Q are points on the public elliptic curve and m and n are integers. The first computer system and the second computer system compute secret isogenies by determining a respective kernel KBA and KAB using mixed-base multiplicands with a single inversion, including computing the respective kernel KBA and KAB by converting the multiplicands to base 32, and computing scalar multiplications using the base 32 multiplicands.

Abstract: Aspects involve an apparatus, device, systems, and methods for instantiating and operating a cloudless infrastructure of computing devices that communicate peer-to-peer and mostly off-grid (or otherwise without communicating through a conventional centralized network) to share resources, access, and provide services and applications, store and access data and other information, and the like. The systems may provide services to connecting computing devices, such as user devices, personal computing devices, mobile devices, laptops, personal computers, Internet of Things (IoT) devices etc., in communication with one or more of the nodes of the infrastructure.

Abstract: Methods and apparatuses for offloading traffic from a third generation partnership project (3GPP) access network to a non-3GPP access point (AP) are disclosed. A 3GPP access network entity may receive subscription information associated with a wireless transmit receive unit (WTRU). The 3GPP access network entity may further receive traffic associated with the WTRU. The 3GPP access network entity may further determine whether to offload the traffic to the non-3GPP AP based on the subscription information. The 3GPP access network entity may also forward the traffic to the non-3GPP AP based on its determination.

Abstract: A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period.

Abstract: Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MEK.

Abstract: User data is aggregated across a plurality of electronic communication channels and domains. An online system initially authenticates a user for access to the online system over a network. The online system provides a user identifier for the user to an authentication service. The authentication service generates a non-repeatable challenge from the aggregated user data for the user identifier and provides the non-repeatable challenge to the online system. The online system provides the challenge to the user and receives a response from the user. The online system provides the response to the authentication service and the authentication sends a success or failure back to the online system based on the response to the challenge, and based on the success or failure the online system makes a final determination for authenticating the user for accessing to the online system.

Abstract: Systems and methods to enable on-the-fly modification of running processes on a webserver more quickly and efficiently are discussed herein. A code vault is used to store binaries for use in production code running on a server, which are downloaded and implemented in the running process when authorized by developers. The process retrieves the binaries from the code vault to deploy the modifications to a specified audience without having to re-instantiate or run a parallel process with the new binaries. Binaries for different audiences or subsequent experiments may be downloaded onto the same machine, but remain isolated. Control of the deployments may require multi-factor or multi-user authentication and are logged for change control.

Abstract: An information handling system for providing comprehensive remote authorized access to multiple equipment in a datacenter. A mobile device security credential is first authenticated before access information is configured in the mobile device using a short-range wireless interface. The configured access information is mapped to the equipment and the corresponding access token and encryption keys from the equipment are received by the mobile device. The mobile device uses the access token and the encryption keys to simultaneously access the equipment through a long-range wireless interface. The simultaneous access includes parallel accessing of the equipment at a next accessing instance without requiring re-authentication. With the accessed equipment, the mobile device manages the accessed equipment based on the configured access information.

Abstract: Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer.

Abstract: This disclosure includes techniques for using multiple cryptographic certificates for a secure connection. One embodiment is a method including: receiving by a client N public encryption keys over a network from a server, wherein N is an integer greater than 1; generating N session keys in response to receiving the N public encryption keys; encrypting each of the N session keys with a respective one of the N public encryption keys; subsequent to encrypting each of the N session keys, sending the N session keys encrypted over the network to the server; encrypting, with a first one of the N session keys, a first portion of a payload associated with a first message; encrypting, with a second one of the N session keys, a second portion of the payload associated with the first message; and sending the first message, comprising the payload encrypted, to the server from the client.

Abstract: Systems and methods may be used for providing more secure authentication attempts by implementing authentication systems with credentials that include interspersed noise symbols in positions selected, for example by a user. These systems and methods secure against eavesdroppers such as shoulder-surfers or man-in-the middle attacks as it is difficult for an eavesdropper to separate the noise symbols from legitimate credential symbols. Some systems and methods may use a subset of a credential with the interspersed noise symbols.

Abstract: A method, apparatus, and computer program product for establishing an authenticated online session are provided. An example method includes receiving a request for an authenticated online session and causing, by display circuitry, presentation of an input pattern to a user. The method further includes receiving, by gaze detection circuitry, one or more images of the user's eye captured during presentation of the input pattern, and determining, by the gaze detection circuitry, an identification code represented by the one or more images. The method also includes receiving, by contextual evaluation circuitry, contextual device data of a user device associated with the user during presentation of the input pattern. The method further includes establishing, by authentication circuitry, the authenticated online session based upon the identification code and the contextual device data.

Abstract: A server includes a processor, memory, and a communications interface. During a registration process the communications interface receives a phone number associated with a client mobile device, from a client computer system. In response to receiving the phone number, the processor generates a password and associates it with the client computer system. The password is transmitted to the client mobile device using the received phone number, and a password interface is transmitted to the client computer system. The processor waits up to a predetermined amount of time for the password transmitted to the client mobile device to be returned to the server device via the password interface transmitted to the client computer system. In response to the predetermined amount of time expiring without receiving the password, a message allowing the registration process to be completed using the client mobile device is transmitted to the client mobile device.

Abstract: A cloud-based access to child care planning and outcome resource is described. The resource allows multiple end-users to access content related to child care. Such content includes reports, table, graphs, multimedia, lists, forms, reminders, and/or other appropriate elements. The content may be presented via one or more graphical user interfaces (GUIs). Each such GUI may include various input elements such as tabs, buttons, icons, etc. and various content elements such as portlets, or frames, etc. Each GUI may be customized for a particular end-user and/or a particular group of end-users. In this way, an administrator or super-user may generate multiple GUIs, where each is associated with a user group (e.g., parents, teachers, administrators, etc.). In addition, each end-user may be able to customize the GUIs available to the end user. Such customization may include selection of input and/or content elements, layout of elements, graphical features, and/or other appropriate customizations.

Abstract: A virtualized gateway for applications in a zero trust network access environment is managed from a cloud-based threat management facility for an enterprise network. In order to facilitate creation of a new, centrally managed gateway, a one-time passcode for registration of the gateway to the threat management facility is encoded onto a virtual disk and distributed to a host platform along with a base gateway image for the gateway. This advantageously permits the new gateway to boot and securely register with the threat management facility without further administrative intervention.

Abstract: Improved systems and methods of authenticating a user using a mobile device to access a secure electronic portal are provided. A user may be enabled to quickly and securely log onto a website or other electronic portal using a handheld electronic device. In certain embodiments, multifactor authentication is utilized to improve the security of the authentication process.

Abstract: There is provided an information processing terminal including an acquisition unit that acquires biometric information for biometric authentication and identification information of a device to which a service is supplied, and a transmission unit that transmits the identification information in accordance with success of the biometric authentication.

Abstract: Techniques to provide secure access to a service via an unmanaged device are disclosed. In various embodiments, a request from an unmanaged device to access a service is received via a communication interface. A user associated with the request is authenticated at least in part by prompting the user to use a managed device associated with the user to interact with data displayed at the unmanaged device. Access to the service is provided via the unmanaged device at least in part via a virtual browser instance running on a secure node and configured to access the service on behalf of the user and stream data associated with the service to the unmanaged device.

Abstract: Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user.

Abstract: A computer-implemented method for improving security of a biometrics-based authentication system comprises receiving, by one or more servers, enrolled biometric samples of an enrolled user during an enrollment stage of the biometrics-based authentication system. Augmented biometric samples are created by adding learned perturbations to the enrolled biometric samples of the enrolled user. During a request for authentication, submitted biometric samples are received from a second user. The submitted biometric samples of the second user are compared to the enrolled biometric samples and to the augmented biometric samples of the enrolled user based on predefined metrics. Based on the comparison it is determined whether the submitted biometric samples of the second user have been modified to impersonate the enrolled user.

Abstract: A biometric matching process is disclosed. The biometric matching process may be used to obtain access to a resource managed by an access device using only biometric information. In some embodiments, a biometric template is stored in relation to a user device and/or account information, and is obscured. Upon receiving a request for access to a resource from an access device, the system may identify a number of user devices in proximity to the access device. Biometric templates associated with each of those user devices may be compared to a biometric template received from the access device. Upon identifying a match, the system may provide the access device with account information stored in relation to the matched biometric template. The access device may then complete a transaction using the provided account information and grant access to the requested resource.

Abstract: An endoscope system includes a processor that performs image processing on endoscope image data acquired by an endoscope, which is inserted in a subject and observes an inside of the subject. The processor communicate with a terminal device including a transceiver configured to transmit identification information identifying the terminal device, and a controller configured to: determine whether the processor is a connection destination configured to perform two-way communication, based on the received processor identification information, authenticate whether a user of the terminal device is a predetermined registered user by analyzing data obtained by the terminal device from the user, and allow two-way communication between the processor and the terminal device in response to the processor being determined as the connection designation to perform two-way communication and in response to authenticating the user of the terminal device.

Abstract: A method of registering biometric information according to an embodiment includes generating a registration target biometric template based on biometric information of a user, transmitting a biometric information registration request including the registration target biometric template to a server, acquiring transaction information based on the biometric information registration request from the server through one or more communication interfaces, generating an electronic signature for the transaction information using a private key, transmitting the electronic signature for the transaction information to the server through the one or more communication interfaces, and acquiring a registration result for the registration target biometric template based on a verification result for the electronic signature from the server through the one or more communication interface.

Abstract: A method, device and non-transitory computer readable medium for randomized multi-factor authentication with biometrics includes randomly selecting one of a plurality of biometrics in response to a request from a client device. At least the randomly selected biometric is requested from the requesting client device. A match of the requested randomly selected biometric received from the requesting client device against stored biometric information above a set threshold is verified. Access for the request is granted when the verification indicates the match.

Abstract: A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric.

Abstract: Embodiments include a system, method, and computer program product that enable secure access to cameras in smart buildings. Some embodiments control outbound video from an environment such as a local network through an intelligent on-event video pushing mechanism. The local intelligent on-event video pushing mechanism hides the IP address of a source video camera, transcodes the video to a reduced size for wide area distribution, and pushes video to a recipient upon an event triggered received within the local environment (e.g., the local network.) Embodiments enable a remote video client on the far-side of the local network firewall to view the video streams of cameras on the near-side of the local network firewall when an event or trigger occurs.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: Systems, methods, and computer-readable media for performing a cloud-based authentication of a mesh point are described. A mesh point can send out a probe request that includes information indicating that the mesh point has entered a cloud-based porting mode. Upon receiving the probe request, the mesh portal sends an authentication request to a cloud system. The cloud system returns an authentication response indicating whether the mesh point has been authenticated. If successfully authenticated, the cloud system or a device forming part of the mesh deployment such as a virtual controller pushes the mesh configuration to the mesh point. In this manner, a mesh point can be configured with the correct mesh configuration without having to first push the mesh configuration to the mesh point at a common staging location and then physically move the mesh point to its serving location, as is the case in conventional mesh deployments.

Abstract: The present disclosure relates to traffic monitoring through one or more access control servers configured configured for (i) routing server resource request messages to resource server(s), (ii) extracting information identifying a target server resource from data packets corresponding to one or more received server resource request messages, and (iii) selectively transmitting the received server resource request message to a resource server. The security server(s) is configured to receive a server resource request message data extracted from a server resource request message and initiate a first security response, wherein the initiated first security response is dependent on analysis of the server resource request message data.

Abstract: A system for providing bi-directional visualization of authority of users over SACs in an enterprise-wide network, the system including functionality for providing user-wise visualization of the authority of a given user over at least one SAC in respect of which the user has authority, and functionality for providing SAC-wise visualization for a given SAC of the authority of at least one user over the given SAC.