Abstract: In an example, a method includes forming a first self-checking pair including a self-checking node and a first node adjacent to the self-checking node in a network. The method further includes forming a second self-checking pair including the self-checking node and a second node adjacent to the self-checking node in the network, wherein the self-checking node is between the first node and the second node. The method further includes transmitting a first paired broadcast with the first self-checking pair and transmitting a second paired broadcast with the second self-checking pair.

Abstract: A system for facilitating efficient command management in a network interface controller (NIC) is provided. During operation, the system can determine, at the NIC, a trigger condition and a location in a command queue for a set of commands corresponding to the trigger condition. The command queue can be external to the NIC. The location can correspond to an end of the set of commands in the command queue. The system can then determine, at the NIC, whether the trigger condition has been satisfied. If the trigger condition is satisfied, the system can fetch a respective command of the set of commands from the command queue and issuing the command from the NIC until the location is reached, thereby bypassing locally storing the set of commands prior to the trigger condition being satisfied.

Abstract: An information processing apparatus includes an acquirer and a controller. The acquirer acquires a message sent by a user for a task from a communication system. The communication system provides a communication service used by multiple users to send and receive messages via a network. The user is one of the multiple users using the communication service. The controller performs control to inform the user that the message is unsuitable if the message acquired by the acquirer is unsuitable for the task.

Abstract: A computer-implemented method of interlacing responses within an instant messaging (IM) system can include, responsive to a request from a user in an IM session, storing an IM message fragment input by the user and associating the IM message fragment with a message selected from an IM session transcript. The method can include recalling the IM message fragment and outputting, at least in part, the IM message fragment in response to the message.

Abstract: Method of generating invitation media overlays for private collections starts with processor receiving first media content item from first client device associated with first user. Processor receives from first client device a selection of invitation media overlay to be applied to media content item. Invitation media overlay is associated with private collection of media content items. Processor generates modified first media content item by overlaying invitation media overlay on first media content item. Processor generates the private collection of media content items including modified first media content item. Processor receives from first client device selection of second user associated with the second user and causes modified first media content item to be displayed by the second client device. Processor receives selection of invitation media overlay from second client device and causes the private collection of media content items to be displayed by second client device.

Abstract: Aspects of the subject disclosure may include, for example, a service platform that receives a chat request from a client device associated with a user. A chat database of previous chat sessions associated with other users is searched based on the chat request to identify a previous chat session corresponding to the chat request. Chat data corresponding to the previous chat session is retrieved from the chat database and sent to the client device. Other embodiments are disclosed.

Abstract: A system for generating a virtual assistant in a messaging user interface the system including a computing device configured to initiate a virtual message user interface between a user client device and the computing device; receive a user message entered by a user into the virtual message user interface; retrieve data relating to a user agenda list including a plurality of agenda actions; analyze the user message to identify an agenda action related to the user message; and generate a response to the user message as a function of analyzing the user message, wherein generating the response further comprises generating a user-action learner, wherein the user-action learner utilizes a previous message and the user message as an input and output a response; identifying a response as a function of generating the user-action learner; and displaying the response within the virtual message user interface.

Abstract: This disclosure relates to an information replying method, apparatus, electronic device, computer storage medium, and product. The method includes: after favoriting target information, displaying the target information in a favorites page in response to a viewing instruction with respect to the target information, the target information being obtained by commenting on or replying to target multimedia content; receiving a reply instruction with respect to the target information; and replying to the target information in response to the reply instruction.

Abstract: Systems and methods for identifying HTTP requests generated from links embedded in emails and determining if those HTTP requests were generated by a human or a non-human are disclosed.

Abstract: Systems and method for determining a topic cohesion measurement between a content item and a hyperlinked landing page are presented. In one embodiment, a plurality of content item signals is generated for the content item and a corresponding plurality of signals are generated for the hyperlinked landing page. An analysis of the corresponding signals is conducted to determine a measurement of topic cohesion, a topic cohesion score, between the content item and the hyperlinked landing page. A cohesion predictor model is trained to generate the predictive topic cohesion score between an input content item and a hyperlinked landing page. Upon a determination that the topic cohesion score is less than a predetermined threshold, remedial actions are taken regarding the hyperlink of the content item. Alternatively, positive actions may be carried out, including promoting the content item to others, associating advertisements with the content item, and the like.

Abstract: A geolocation-based data sharing system and method which enables end users to connect and share electronic data of any form based on the users' interaction with geolocation points established by other users. The systems and method can be used to enable end users to share data, text, photos, music, etc. when a second user positions himself or herself in a position assigned by a first user.

Abstract: A computer system includes a calendar containing appointments. The system also includes one or more logic modules. Each logic module specifies a condition and a corresponding action. The profile may be applied to context data, such as data representing the current time, to perform the actions specified by the logic modules in response to detecting that the context data satisfies the conditions specified by the logic modules. In particular, the actions specified by the logic modules may be performed in response to detecting that the current time falls within the time period of an appointment on the calendar.

Abstract: Methods and switches are provided for communicating electronic messages between financial institutions. One example method includes receiving, at a first switch of a plurality of switches, an electronic message for a transaction, where the electronic message includes a unique identifier for the transaction, and identifying, by the first switch, one of the plurality of switches to process the electronic message based on the unique identifier. The method also includes, in response to the first switch being the identified one of the plurality of switches, processing, by the first switch, the electronic message and, in response to a second switch of the plurality of switches being the identified one of the plurality of switches, forwarding, by the first switch, the electronic message to the second switch for processing.

Abstract: In response to determining that an original message from a sender has been viewed by one or recipients of the original message, a determination is made whether the original message has been edited by the sender. In response to determining that the original message has been edited, another determination is made whether the edits are critical based, at least in part, on a change of context of the original message. In response to determining that the edits are critical, re-notifying the one or more recipients that the original message has been edited by the sender.

Abstract: An electronic communications method includes sending, by a user device, an electronic communication to a device. The electronic communications method further includes receiving, by the user device, an electronic confirmation message. The electronic communications method further includes sending, by the user device, electronic information. The electronic communications message further includes receiving, by the user device, a value. The value is based on electronically analyzing simultaneous electronic information being sent to the device. The electronic communications message further includes receiving, by the user device, an electronic recommendation message. The electronic recommendation message includes a recommended schedule of communications based on the score. The electronic communications method further includes sending, by the user device, an electronic request message based on the value and the electronic recommendation message.

Abstract: The present disclosure relates generally to facilitating routing of communications. More specifically, techniques are provided to dynamically route messages having certain intents between bots and user devices during communication sessions configured with multi-channel capabilities.

Abstract: Provided is a method by which a cross chatbot gateway allows an event to be shared between chatbots, and the method includes the steps of: receiving an event message from a first chatbot communicating with a first chatting server using a first chatting protocol, wherein the event message includes destination information and event information of a first user, who is a chatting counterpart of the first chatbot; and transmitting the event information to a second chatbot communicating with a second chatting server using a second chatting protocol, on the basis of the destination information.

Abstract: According to certain embodiments, a system comprises one or more processors and one or more computer-readable non-transitory storage media comprising instructions that, when executed by the one or more processors, cause one or more components of the system to perform operations. The operations comprise receiving a packet comprising a source address; selecting an uplink for the packet, the uplink selected from a plurality of uplinks based on an uplink selection policy; determining whether the source address is valid on the selected uplink; determining whether to keep or re-write the source address based on whether the source address is valid on the selected uplink; keeping the source address when the source address is valid on the selected uplink or re-writing the source address when the source address is not valid on the selected uplink; and sending the packet to the selected uplink.

Abstract: A method for propagating a movement event message of a network entity, including: step 1) a network device maintaining a historical forwarded information list, wherein a network device capable of receiving a movement event message from an external system or device maintains an uplink port information table; step 2) after receiving the message, the network device performs matching using the table to obtain a forwarding port and forwarding information of the message, and constructs a movement event forwarding message using the information and forwards through the forwarding port; and step 3) after a device receives the message, searching for a matching forwarding port and forwarding information of the message in the information list, modifying the message using the forwarding information, and forwarding the modified message through the forwarding port. The method is able to propagate a movement event message to a network device responsible for related data transmission and forwarding.

Abstract: A carrier-grade network address translation (NAT) gateway system includes a switch having a gateway function configured to receive packets that are communicated via its ingress and egress ports. The switch having the gateway function has a first link to a first NAT processing function and a second link to a second NAT processing function. The first NAT processing function has a first deterministic address/port translation function and a first mapping table for storing first binding entries. The second NAT processing function has a second deterministic address/port translation function and a second mapping table for storing second binding entries. Preferably, the first and the second deterministic address/port translation functions are the same. The switch is configured to communicate each received packet for processing at both the first and the second NAT processing functions (e.g., in either a serial manner or a parallel manner), which provides redundancy in state information.

Abstract: Server devices operating on the Internet or another wide area network (WAN) are able to locate client devices using address information obtained from a shared location. Client devices initially determine their own network address information and submit the determined information for a priori storage at the shared location on the WAN. Each server device, in turn, contacts a message service or the like to establish a persistent data connection that is maintained between the message service and the server device over time. After the client device stores its own address information, the client initiates contact with the server via the message service having the previously-established persistent connection. Upon receipt of the instruction from the message service, the server is able to retrieve the client's previously-stored address information from the WAN storage and use the information to establish a connection with the client.

Abstract: A redirection device and method, relating to identification of a data server capable of delivering content to a terminal, initiated by the transfer to a second name server of a second domain of a message for obtaining an identifier of the data server in the second domain received from the terminal. Following this transfer, the second name server sends a redirection message to a first domain, including a delegation chain including first data for redirection from the second domain to the first domain. The chain is updated recursively with the redirections between domains added by respective name servers until a name server is able to provide an identifier of the data server.

Abstract: This application provides a message processing method, an access controller, and a network node. The method includes: an access controller receives a first message used to obtain Internet Protocol (IP) address information for a user-side device and a first access loop identifier of a first network node, where the first message and the first access loop identifier are sent by the first network node, the first access loop identifier is not carried in the first message; the access controller obtains an authentication, authorization and accounting (AAA) message according to the first access loop identifier, wherein the AAA message comprises the first access loop identifier; and the access controller sends the AAA message to an AAA server.

Abstract: Disclosed is a domain filter capable of determining an n-gram distance between a seed domain and each of a plurality of candidate domains. The domain filter loads a seed domain n-gram for the seed domain and a candidate domain n-gram for each candidate domain in memory, compares the seed domain n-gram and the candidate domain n-gram to identify any identical grams, removes any identical grams from the seed domain n-gram, and determines how many grams are left in the seed domain n-gram, representing the n-gram distance between the seed domain and the candidate domain. The domain filter then compares n-gram distances thus determined with a predetermined threshold, eliminates any candidate domain having an n-gram distance from the seed domain that exceeds the predetermined threshold, and provides remaining candidate domains to a downstream computing facility such as a user interface or an analytical module operating in an enterprise computing environment.

Abstract: An access point that selectively provides a multicast domain name system (mDNS) message is described. During operation, the access point may receive an mDNS message, where the mDNS message includes an identifier of a group (such as a user group). For example, the identifier of the group may be included in the mDNS message when the mDNS message includes discovery information for a service. Moreover, the identifier may specify the portion of a subnet in a wireless local area network (WLAN) in a geographic region, such as a room, a floor or a building. Then, the access point may determine whether the access point or an electronic device is included in the group. When the access point or the electronic device is in the group, the access point may selectively provide the mDNS message addressed to the electronic device. Otherwise, the access point may drop the mDNS message.

Abstract: Mechanisms (which can include systems, methods, and media) for securing connections to IoT devices are provided. In some embodiments, systems for securing connections to Internet of Things (IoT) devices are provided, the systems comprising: a memory; and a hardware processor coupled to the memory and configured to: receive first inbound traffic at a router from a wide area network (WAN), wherein the first inbound traffic is destined for a first IoT device; block the first inbound traffic at the router; notify a server on the WAN that the first inbound traffic has been blocked; receive instructions from the server indicating to unblock the first inbound traffic; and unblock the first inbound traffic.

Abstract: A method and system for continuously configuring a web application firewall (WAF) are provided. The method includes receiving a request directed at a protected web application, wherein the request is received from a client device associated with a trusted user account, and wherein the protected web application is protected by the WAF; validating the received request based on at least a signature included in a header of the received request; when the received request is validated, generating an authorization rule based on the received request, wherein the authorization rule allows access to a resource of the protected web application designated in the received request, wherein the generated authorization rule is included in at least one whitelist the WAF is configured with; and configuring the WAF with the generated authorization rule to allow the received request and subsequent request to be directed to the resource of the protected web application.

Abstract: Techniques for distributed offload leveraging different offload devices are disclosed. In some embodiments, a system, process, and/or computer program product for distributed offload leveraging different offload devices includes receiving a flow at a firewall of a security service (e.g., a cloud-based security service); inspecting the flow at the firewall to determine meta information associated with the flow; and offloading the flow to an offload entity (e.g., a SmartNIC, software executed on a Network Interface Card (NIC), and/or a network device, such as a network router and/or network switch) based on the meta information associated with the flow (e.g., an application identification associated with the flow determined using deep packet inspection) and based on a policy.

Abstract: Distributed firewalls in a network are disclosed. Example firewall controllers disclosed herein are to instruct a first network node of a software-defined network to implement a first firewall instance of a distributed firewall, the first network node to implement the first firewall instance with a first virtual machine. Disclosed example firewall controllers are also to configure a second network node of the software-defined network to route network traffic through the first firewall instance and, after at least some of the network traffic is dropped by the first firewall instance, instruct the second network node to implement a second firewall instance of the distributed firewall, the second network node to implement the second firewall instance with a second virtual machine.

Abstract: Virtual private network (VPN) service provider infrastructure (SPI) receives a request to access a VPN from a client device. The VPN SPI selects an Internet Protocol (IP) address for access to the VPN by the client device from a pool of IP addresses. The VPN SPI provides access to the VPN for the client device via the IP address. The VPN SPI receives one or more handshake notifications from the client device. The VPN SPI determines that a threshold time period has passed since a latest-in-time handshake notification of the one or more handshake notifications. The VPN SPI disconnects the client device from the VPN in response to determining that the threshold time period has passed. The VPN SPI adds the IP address to the pool of IP addresses in response to disconnecting the client device from the VPN.

Abstract: A computing system may include a proxy server application and a database. The proxy server application may provide, to a computing device disposed within a managed network, instructions to identify one or more processes executing on the computing device. The proxy server application may also determine, for a process of the one or more processes, a file system path of a directory associated with the process and, based thereon, select one or more directories to scan for files associated with the process. The computing device may be provided with instructions to (i) scan the one or more directories and (ii) determine a plurality of attributes associated with one or more files discovered therein. The proxy server application may additionally receive results of the scan containing a representation of the plurality of attributes and store, in the database, the results of the scan.

Abstract: An enhanced device and method for anonymization also offering improved security properties of data exchanged bidirectionally between a client and a server in a communication network. A protocol in respect of data exchange between client and server which relies on a two-level third-party servers architecture as well as on a system for bidirectional communication between the client and the server through these two levels of third-party servers.

Abstract: Embodiments are directed to a session management framework for secure communications between host systems and trusted devices. An embodiment of computer-readable storage mediums includes instructions for establishing a security agreement between a host system and a trusted device, the host device including a trusted execution environment (TEE); initiating a key exchange between the host system and the trusted device, including sending a key agreement message from the host system to the trusted device; sending an initialization message to the trusted device; validating capabilities of the trusted device for a secure communication session between the host system and the trusted device; provisioning secrets to the trusted device and initializing cryptographic parameters with the trusted device; and sending an activate session message to the trusted device to activate the secure communication session over a secure communication channel.

Abstract: A method of performing secure end to end communication between users, the method includes registering a plurality of devices corresponding to a first user having a first user profile stored within a repository, each device having a unique asymmetric public-private key pair, publishing the public key of each device of the first user on the first user profile, storing the private key of each device on corresponding device of the first user, using the published public keys, a second user encrypting and sending a secure message to the first user, and receiving and decrypting the encrypted secure message from the second user on all registered devices corresponding to the first user stored within the repository using the stored private key on each device.

Abstract: Techniques involving migrating authenticated content on a network towards the consumer of the content. One representative technique includes a network node receiving an encrypted seed having at least a location of the user data at a network service that stores the user data, and a cryptographic key to access the user data. The seed is received in response to a user login attempt to the network service. The user data is requested from the location using at least the received cryptographic key. The method further includes receiving and storing the user data at the network node, where the network node is physically closer to a location of the user than is the location of the network service. If the user is successfully authenticated, user access is provided to the stored user data at the network node rather than from the network service.

Abstract: Computer-implemented methods and systems are provided for blockchain-mediated user authentication. Consistent with disclosed embodiments, authentication may comprise operations including receiving, from a user system, an authentication request for a user. The operations may also include determining a root system for the user using a blockchain, and redirecting the user system to the root system. The operations may include receiving, following redirection, a verification message indicating that the root system successfully authenticated the user, and including an authorization code for receiving, from the root system, a root system secret. The operations may include receiving from a database, identification data using the root system secret. Determining the root system may comprise identifying, using the authentication request and index information stored in the blockchain, a block of the blockchain storing root system information for the user.

Abstract: The present disclosure is directed to systems and methods to address cryptoprocessor hardware scaling limitations, the method including the steps of establishing a communication path between a centralized server and a client device; generating, by the centralized server, a nonce for transmission to the client device, wherein the nonce is associated with an active time interval and corresponds to one of an existing nonce or a new nonce; transmitting the nonce to the client device; receiving a signed attestation result that includes the nonce from the client device, wherein, the signed attestation result comprises a previously-generated signed attestation result if the nonce corresponds to the existing nonce previously received by the client device; and the signed attestation result comprises a new signed attestation result if the nonce corresponds to the existing nonce newly received by the client device or corresponds to the new nonce.

Abstract: A system for verifying a user identity. The system comprises one or more memory devices storing instructions and one or more processors configured to execute the instructions. The processors are configured to receive information associated with an account of a user. The processors are further configured to generate a first profile, where the first profile being related to the user. The processors also receives an indication that the account is accessed by an accessor through an accessor device; and receive, from the accessor device, identity data comprising a plurality of data subsets associated with the accessor. The processors are configured to store the data subsets in respective clusters. The processors are further configured generate cluster analyses by analyzing the data subsets in respective clusters; and output the cluster analyses to node instances that weighs the cluster analyses outputs.

Abstract: Credentials for an account on a remote server requiring credentialed access by a client device are created, credentials are transmitted to the remote server, and response data including the credentials is received from the remote server, while restricting access to the credentials by the client device at all times. Session data transmitted by the remote server is also restricted from the client device to prevent side loading of session secrets onto client devices that may be used to attempt to gain unauthorized access to the remote server. Cookies are used to allow the client device to access more than one remote server without having to authenticate individually to each remote server.

Abstract: A method according to one embodiment includes receiving, by an access control device, a credential token from a mobile device, wherein the credential token includes an access credential, a credential identifier, and a caveat that instructs the access control device to perform an associated action, determining, by the access control device, a credential type associated with the access credential based on the credential identifier, determining, by the access control device, a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type, and performing, by the access control device, the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type.

Abstract: A method (800) for logging microservices in a platform for unified governance of a plurality of intensive computing solutions (70) comprising: a proxy microservice (20), a token security microservice (30), at least one security repository (35,36,37), a logging module (90), a service register (91), and comprising the steps of: Reception (820) of a join request from a new microservice (60), Verification (830) of the unique identifier of the new microservice (IDMS), Generation (840) of an authentication token and transmission to the new microservice, Reception (850) of a logging request from a new microservice, comprising data that provides access to the resources of the new microservice and the generated authentication token, Verification (860) of the authentication token with the token security microservice (30), Logging (870), when the authentication token is validated, data that provides access to the resources of the new microservice on the service register (91).

Abstract: Aspects of the disclosure relate to voice biometric authentication in a virtual assistant. In some embodiments, a computing platform may receive, from a user device, an audio file comprising a voice command to access information related to a user account. The computing platform may retrieve one or more voice biometric signatures from a voice biometric database associated with the user account, and apply a voice biometric matching algorithm to compare the voice command of the audio file to the one or more voice biometric signatures to determine if a match exists between the voice command and one of the one or more voice biometric signatures. In response to determining that a match exists, the computing platform may retrieve information associated with the user account, and then send, via the communication interface, the information associated with the user account to the user device.

Abstract: The present invention concerns the verification and authentication of independent digital wallets and, particularly, the linking of regulated and unregulated digital wallets when there is established common ownership and a desire to achieve rapid linking of those different accounts supported across disparate platforms for inter-dependent wallet operation. System intelligence (30, 42, 46, 50) makes use of selective scraping of data, in third-party database resources (52, 54), relating to or associated with events or transaction recorded in the public (unregulated) wallet that belong to an initially unknown individual whose identity requires verification for linking purposes. In the event of a verified response to such a randomly generated query, a non-transferrable NFT is generated by the system intelligence (46) of the regulated platform (27) and these non-transferable NFTs are placed within an accessible public ledger (66) as well as the purview of the private ledger (26).

Abstract: A computer-implemented method is disclosed.

Abstract: The present invention comprises scanning, by a mobile device of the user, a QR code generated by a server application when the user requests access to a secure web portal and generating, within a client application, a login code which is used to authenticate the user within an authentication service and then being redirected to the requested portal.

Abstract: Authentication methods and systems are disclosed. In one non-limiting example, an authentication method may include detecting a user within an image, determining that the image further includes additional recognizable data, analyzing the additional recognizable data and one or more biometric features of the user, and determining that the additional recognizable data and the one or more biometric features of the user correspond to valid additional recognizable data and valid biometric features of an enrolled user, respectively. The method may further include enabling the user to access a protected asset based on determining that the additional recognizable data and the one or more biometric features of the user correspond to valid additional recognizable data and valid biometric features of an enrolled user, respectively.

Abstract: One embodiment provides a method, including: identifying a biometric pattern present in a wireless signal associated with an information handling device; determining, using a processor, whether the biometric pattern corresponds to an authorized biometric pattern; and authenticating, responsive to determining that the biometric pattern corresponds to the authorized biometric pattern, a user of the information handling device. Other aspects are described and claimed.

Abstract: A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device.

Abstract: System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device.

Abstract: An identity server authenticates a first user identity for a user device through a first authentication exchange as part of a passwordless authentication system. The identity server registers with a relying party as an authenticator for a second user identity. The identity server initiates a second authentication exchange by obtaining from the relying party, a credential request associated with the second user identity. Responsive to a determination that the first user identity authenticated in the first authentication exchange is authorized to act as the second user identity, the identity server obtains a credential request response authenticated by the authenticator in the identity server. The identity server completes the second authentication exchange by providing the credential response to the relying party. The second authentication exchange authenticates the user device to the relying party without involving the user device.