Abstract: A system includes a host processor, which has a host memory and is coupled to store data in a non-volatile memory in accordance with a storage protocol. A network interface controller (NIC) receives data packets conveyed over a packet communication network from peer computers containing, in payloads of the data packets, data records that encode data in accordance with the storage protocol for storage in the non-volatile memory. The NIC processes the data records in the data packets that are received in order in each flow from a peer computer and extracts and writes the data to the host memory, and when a data packet arrives out of order, writes the data packet to the host memory without extracting the data and processes the data packets in the flow so as to recover context information for use in processing the data records in subsequent data packets in the flow.

Abstract: Processes for managing computing processes within a plurality of data centers configured to provide a cloud computing environment are described. An exemplary process includes executing a process on a first host of a plurality of hosts. When the process is executing on the first host, a first network identifier associated with the plurality of hosts is not a network identifier of a pool of network identifiers associated with the cloud computing environment and first and second route tables respectively corresponding to first and second data centers of the plurality of data centers associate the first network identifier with the first host. The exemplary process further includes detecting an event associated with the process. In response to detecting the event associated with the process, the first and second route tables are respectively updated to associate the first network identifier with a second host of the plurality of hosts.

Abstract: A switch device for relaying data in an on-vehicle network, being equipped with a switch section and a processing section for performing the relay processing via the switch section, wherein, in the case that a plurality of frames to be subjected to the relay processing is present in the processing section, the processing section performs adjustment processing so that the output rates of the respective frames to the switch section in the case that the transmission source addresses of the respective frames are different are made smaller than the output rate in the case that the transmission source addresses of the respective frames are the same.

Abstract: In a data flow processing method, multiple data flow queues are obtained. Each of the multiple data flow queues includes one or more data flow sub-queues. A priority of each of the one or more data flow sub-queues is determined. The multiple data flow queues are integrated to a target data flow queue according to the priority. The target data flow queue is sent to a target switch. The method integrates data flows as far as possible and improves the efficiency of data flow scheduling.

Abstract: A communication device includes a first client group in a first region; a second client group in a second region different from the first region; a first data hub configured to generate first burst data and a first control packet based on first client data received from the first client group; a second data hub configured to generate second burst data and a second control packet based on second client data received from the second client group; and a data transfer unit connected to the first data hub and the second data hub via a control protocol, the data transfer unit configured to, store the first burst data in a target memory based on the first control packet, and store the second burst data in the target memory based on the second control packet.

Abstract: In one embodiment, associated differential processing of decapsulated packets is performed using Service Function Instances (SFIs) identified by Service Function Values (SFVs) derived from their encapsulating transport packets. By using different SFVs associated with different processing policies within a same processing context, one embodiment performs differential processing of streams of packets (arriving in transport packets) as identified by the particular SFV obtained from each particular transport packet. In other words, the processing policy identifies processing performed on the corresponding decapsulated original packet, not processing of the transport packet. Thus, if the original packet is an Internet Protocol (IP) packet, the SFI identifies Layer 3 processing that is performed on the original IP packet. Additionally, one embodiment uses a route advertising protocol (e.g., Border Gateway Protocol) to distribute associations between different SFVs and different addresses in a processing context (e.

Abstract: This application discloses a packet processing method that is applied to an EVPN, where the EVPN includes a first network device and a second network device. The method includes: receiving, by the first network device, a VXLAN packet sent by the second network device, where the VXLAN packet includes a path identifier and a service packet, the path identifier indicates a path from the first network device to a VNF device through an IPU, and the service packet includes a destination IP address; determining, by the first network device based on the path identifier, first routing information; and forwarding, by the first network device, the service packet to the VNF device via the IPU based on the first routing information and the destination IP address.

Abstract: Embodiments of the invention are directed to registering one or more endpoint devices to receive a notification and detecting a congestion event related to a storage area network. The storage area network includes the one or more endpoint devices. The notification is sent regarding the congestion event to the one or more endpoint devices that have been registered for the notification.

Abstract: In accordance with an embodiment, described herein is a system and method for supporting multi-tenancy in an application server, cloud, on-premise, or other environment, which enables categories of components and configurations to be associated with particular application instances or partitions. Resource group templates define, at a domain level, collections of deployable resources that can be referenced from resource groups. Each resource group is a named, fully-qualified collection of deployable resources that can reference a resource group template. A partition provides an administrative and runtime subdivision of the domain, and contains one or more resource groups. Each resource group can reference a resource group template, to bind deployable resources to partition-specific values, for use by the referencing partition. A tenant of the application server or cloud environment can be associated with a partition, or applications deployed therein, for use by that tenant.

Abstract: An interconnection device for interconnecting two sub-networks, on which UPnP devices are connected: determines actual IP addresses and port numbers of servers of the UPnP device; allocates a port number to each server, establishes a connection with a UPnP device of the femtocell and a connection with a UPnP device of the local area network; replaces, in frames received via one of said connections, each actual server IP address and port number allocated by the interconnection device to said server; and replaces, in frames received via one of said connections, each actual IP address and port number with an IP address of the interconnection device to said server; and replaces, in said received frames, each IP address of the interconnection device and port number allocated by the interconnection device to a server with the IP address and port number of the corresponding server.

Abstract: In one embodiment, quasi-Output Queue behavior of a packet switching device is achieved using virtual output queue (VOQ) ordering independently determined for each particular output queue (OQ), including using maintained latency information of the VOQs of the particular OQ. In one embodiment, all packets from all VOQs with a same port-priority destination experience similar latency within specific time-window, which is similar to the packet service provided by an Output Queue switch architecture. In one embodiment, all input ports that send traffic to same output port-priority receive bandwidth which is proportional to their bandwidth demand divided by total bandwidth. Prior approaches that emulate the performance of an OQ switch architecture require complex and time-consuming scheduling determinations and do not scale. Independently determining the order for sending packets from the VOQs associated with each particular OQ provides a scalable and implementable system with quasi-Output Queue behavior.

Abstract: In a data processing method that based on an instant messaging application and which is performed by a data processing device, audio data from an instant messaging application is obtained, and sampled volume data corresponding to the audio data is obtained based on a sampling frequency. A spectrogram corresponding to the audio data is generated according to the audio data and the sampled volume data, and a message bar comprising the spectrogram and the audio data is outputted. Audio progress control is then performed on the audio data in response to a target trigger operation on the message bar, and display control is performed on the spectrogram based on an audio progress.

Abstract: Example embodiments provide a system that uses a conversational agent to collect information and publish the information on a network. A computer-implemented conversational agent establishes a communication session with a user and receives conversational information via a simulated conversation between the user and the computer-implemented conversational agent via the communication session, whereby the conversational information comprises information to be published. The computer-implemented conversational agent also receives, via a graphical user interface, an upload of an image that is associated with the information to be published. The computer-implemented conversational agent then causes publication of the information to be published and the uploaded image.

Abstract: A conversation interface in a messaging application is displayed, the conversation interface being presented to participants in a conversation that is being conducted on the messaging application. The conversation interface is constructed by determining statuses of at least two external resources that have been launched, within the context of the messaging application, by one or more of the conversation participants. An external resource notification interface (or “dock”) is displayed in the conversation interface, the external resource notification interface including icons corresponding to the at least two external resources. Upon user selection of the external resource notification interface, a list interface (or “drawer”) including user-selectable cells corresponding to the at least two external resources is displayed.

Abstract: A group-based communication platform can present, via a client device of the group-based communication platform, a user interface that includes a user interface element, interaction therewith, invoking a command associated with an external system. Based at partly on receiving an indication of an interaction with the user interface element, the group-based communication platform can cause payload data to be provided to the external system, wherein the payload data is associated with an indication of the command invoked via the interaction. Based at least partly on causing the payload data to be provided to the external system, a response to the payload data can be received and an interactive dialog can be presented via the user interface. The interactive dialog can be configured to prompt a user of the client device for data to be provided to the external system for performing a processing action associated with the command.

Abstract: A method of and system for synchronous communications between a sender and recipient(s) of a message containing a question include receiving over a network an indication that the message was sent from the sender to the recipients via a user interface of a first application or a first service and a response to the question was not received within a predetermined time, monitoring a digital location of the sender and the recipients, the digital location being an electronic application or service being currently utilized, determining whether the sender and at least one of the recipients are concurrently using a second application or a second service, and upon determining that the sender and at least one of the recipients are concurrently using the second application or the second service, sending a notification signal over the network to the sender or one of the one or more recipients to notify the sender or the recipient via a user interface element displayed on a client device that the sender and at least one o

Abstract: The present disclosure relates to a method comprising receiving an electronic message. Message intents of the received electronic message and one or more related intents may be determined. An electronic message may be generated according to a selected subset of the message intents or according to the related intents. The generated electronic message may be provided.

Abstract: Techniques for identifying and processing graymail are disclosed. An electronic message store is accessed. A determination is made that a first message included in the electronic message store represents graymail, including by accessing a profile associated with an addressee of the first message. A remedial action is taken in response to determining that the first message represents graymail.

Abstract: Systems and methods are described for enhancing a social media post with a content item. An illustrative method includes receiving a social media post; extracting, from the social media post, a first content item; identifying, in a frame of the first content item, a portion of the frame that is a non-focus portion; identifying a plurality of content items that fit within the non-focus portion; identifying a content preference of an audience of the social media post; determining an estimated length of time that the audience will view the social media post; selecting a second content item, from the plurality of content items, that matches the content preference of the audience and has a duration that does not exceed the estimated length of time; generating an enhanced social media post by overlaying the second content item onto the non-focus portion; and generating for display the enhanced social media post.

Abstract: Techniques for using Network Address Translation (NAT), Mobile Internet Protocol (MIP), and/or other techniques in conjunction with Domain Name System (DNS) to anonymize server-side addresses in data communications. Rather than having DNS provide a client device with an IP address of an endpoint device, such as a server, the DNS instead returns a virtual IP (VIP) address that is mapped to the client device and the endpoint device. In this way, IP addresses of servers are obfuscated by a virtual network of VIP addresses. The client device may then communicate data packets to the server using the VIP address as the destination address, and a virtual network service that works in conjunction with DNS can convert the VIP address to the actual IP address of the server using NAT and forward the data packet onto the server.

Abstract: An apparatus for helping with multicast domain name service (MDNS) discovery includes one or more processors configured to receive a first MDNS query from the resource-seeking device, receive a first MDNS response from the resource-providing device, and generate a second MDNS response according to the first MDNS response. The second MDNS response is generated at least by including a resource record from the first MDNS response and setting a time-to-live (TTL) value of the resource record in the second MDNS response to be lower than an original TTL value as specified for the resource record in the first MDNS response. The second MDNS response is sent to the resource-seeking device in response to the first MDNS query. A hospitality establishment may thereby soft assign a media device to a user device while retaining the ability to change the media device assigned to the user device.

Abstract: A method for a computer or microchip with one or more inner hardware-based access barriers or firewalls that establish one or more private units disconnected from a public unit or units having connection to the public Internet and one or more of the private units have a connection to one or more non-Internet-connected private networks for private network control of the configuration of the computer or microchip using active hardware configuration, including field programmable gate arrays (FPGA). The hardware-based access barriers include a single out-only bus and/or another in-only bus with a single on/off switch.

Abstract: A device, system, and method, according to various embodiments, can include, for example, a hybrid cloud network, one or more personal cloud virtual LANs, and a home area network. The hybrid cloud network can be configured to provide public access and private access. The one or more personal cloud virtual LANs are provided at an overlapping segment of the hybrid cloud network to provide privacy within the hybrid cloud network. The home area network can include a single purpose computer configured as a gateway for the hybrid cloud network and configured to establish a site-to-site secure connection with the one or more personal cloud virtual LANs.

Abstract: A computer-implemented improved system for producing studio quality e-commerce product videos displaying a 3D rendering created from a 3D model of a product that includes generally the steps of uploading a 3D model of the consumer product onto a computer or an online platform; selecting product features for highlighting in the video; rotating the 3D model to identify selected features; providing text to highlight portions of the video and the selected features; selecting and providing musical accompaniment for the video; and, creating a timeline to establish the sequence of individual portions of the video whereupon the 3D rendered video is then automatically generated for the vendor's e-commerce product page and various social platforms.

Abstract: Described embodiments provide systems and methods for generating firewall configuration profiles for firewalls. An intermediary device may modify a request from a client to access the server to include a payload provided by the device. The payload may include an action type selected from a plurality of action types used to probe the server for a corresponding security vulnerability of a plurality of security vulnerabilities. The device may transmit, to the server, the request including the payload to cause the server to provide a response to the device. The device may determine that the server is susceptible to a security vulnerability of the plurality of security vulnerabilities corresponding to the action type based at least on the response. The device may generate a configuration profile for the firewall to restrict requests of the action type to access the server from clients.

Abstract: A method for use with a public cloud network is disclosed. The method includes setting up at least one private cloud routing server (PCRS) and at least one smart device client on the side of the PCRS in a client server relationship. It also includes setting up at least another smart device client on the side of the PCCBS in a client server relationship with the at least one private cloud call-back server (PCCBS). The private cloud call-back server acts as a middleman to relay communication between the smart device client on the side of the PCCBS and the private cloud routing server. The PCCBS will call back the private cloud routing server on demand based on the smart device client request. The at least one private cloud call-back server includes a first message box associated therewith.

Abstract: The techniques described herein enable the establishment of two simultaneous virtual private network (VPN) connections for a VPN client operating on a remote computing device. The VPN client can establish first VPN connection with a first VPN server instance of a VPN gateway and a second VPN connection with a second VPN server instance of the VPN gateway. To establish two simultaneous VPN connections, the VPN client is configured to create and/or use two Transmission Control Protocol (TCP) sockets. In one example, a first VPN connection can be a primary VPN connection and a second VPN connection can be a dormant VPN connection configured as a backup in case of a service interruption with the first VPN connection. In another example, a data flow can be split across the first and second VPN connections, or alternate between using the first and second VPN connections, based on performance parameters.

Abstract: A method by one or more network devices communicatively coupled to a web application layer proxy for profiling parameters of web application layer requests received by the web application layer proxy while preserving privacy. The method includes obtaining masked parameter values associated with a parameter in the web application layer requests, where the masked parameter values associated with the parameter are generated by the web application layer proxy based on masking parameter values associated with the parameter while preserving lengths of the parameter values associated with the parameter and character types of characters in the parameter values associated with the parameter, generating the profile of the parameter based on analyzing the masked parameter values associated with the parameter, and providing the profile of the parameter to the web application layer proxy.

Abstract: Certain aspects of the present disclosure provide techniques for entering user credentials through a proxy. One example method generally includes receiving, at a user device, a push request for user data from a cloud server and receiving a request file from an aggregation system. The method further includes injecting user credentials stored on the user device into the request file, wherein when injected the user credentials replace at least one dummy entry of the request file, and transmitting the request file to a data source associated with the request file. The method further includes receiving user data from the data source and transmitting the user data to the aggregation system.

Abstract: Systems, methods, and computer-readable storage devices to enable virtual API technology embodied in an SDK for use within a mobile application, a mobile payment wallet, or a mobile operating system.

Abstract: An automated system comprising a processor and a database are described. The processor executes communication software reading: at least one image corresponding to an identifier of a blood product from a donor; and at least one database storing at least one communication from a receiver of the blood product. The communication software executed by the processor determines an intermediary from the identifier and contacts the intermediary to obtain contact information of the donor.

Abstract: Disclosed herein is a method performed by an apparatus. In the method, a payload information item is obtained that is to be communicated to at least one recipient. An encrypted payload information item is obtained by encrypting said payload information item such that it is decryptable by use of a first decryption key and a second decryption key. Further, a message containing said encrypted payload information item is sent or triggered to be sent to said recipient.

Abstract: The present embodiments relate to providing near real-time communications from a public network to a private network. A first computing device in a public network can obtain data packets to be provided to the private network from an application executing on the first computing device. A trust module executed by the first computing device can authenticate the user, application, and the data packets to be provided to the private network and add metadata relating to the sending user, recipient user, etc. The data packets can be forwarded to the private network via a cross-domain system (CDS). The metadata and the digital signature on the data packets can be verified by a trust module executing on a second computing device in the private network. The second computing device can receive the data packets and store the data packets for subsequent actions to be performed in the private network.

Abstract: Flexible authentication technologies customized to particular tenants of a data center network can be implemented. For example, an administrator can specify a primary authentication server and specify at which data centers different applications are to be hosted for a given tenant. End users can be shielded from the complexities of implementing such configuration details. For example, single sign-on authentication can be implemented, even when applications are configured to be hosted in different data centers. Enterprise tenants can thus control where applications are hosted and enforce data containment scenarios without encumbering users with additional tasks. Collaboration and application-to-application authentication can be achieved.

Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: Verified deliveries are commonplace for various exchanges of goods, packages, and/or other items, but often require close proximity or contact between the exchanging parties or devices associated therewith—e.g., for digital or physical signature. To remedy this, system and methods described herein may leverage an ad hoc network established between a device of a provider and a device of a consumer for exchanging codes or tokens—that may be validated by an authentication service—to provide a verification process during an exchange between the parties. As a result, a safe distance may be maintained between the parties throughout the transaction—thereby avoiding exchange of germs while also increasing safety and security of both parties—and the verification process may be more reliable and secure.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token.

Abstract: A client device is configured to receive user-input and provide user-output to a client-user. A service provider is configured to serve a network-provided service for authorized users. An identity provider is configured to: maintain authorization information for the network-provided service and generate a permission-object that i) specifies that the client-user is an authorized user of the network-provided service and ii) may include an access-override field that specifies a network address of a remote browser isolation (RBI) host. The system also includes the RBI host configured to access the network-provided service; run the network-provided service in an isolation environment to generate a graphic user interface (GUI); provide a visual reproduction of the GUI to the client device; receive browser-input from the client device; and apply the browser-input to the running network-provided service.

Abstract: Systems and methods are provided for persistent cross-application mobile device identification. A mobile device may have a plurality of sandboxes in memory containing applications. The mobile device may have a shared storage which may accessible by applications from different sandboxes. A storage location identifier may be used to access information in shared storage. A universal device identifier may be stored in the shared storage to identify the mobile device and may be accessible by multiple applications and updates to applications. The universal device identifier may be used to track the mobile device for advertising, fraud detection, reputation tracking, or other purposes.

Abstract: A system and method are described for connecting an IoT device to a wireless router and/or access point.

Abstract: In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including receiving a user credential from a remote access client within a network and communicating the user credential to an authentication, authorization and accounting (AAA) server within the network. The operations also include receiving a user attribute from the AAA server and generating a contextual label based on the user attribute. The contextual label includes routing instructions associated with traffic behavior within the network. The operations further include advertising a control message, which includes the contextual label, to the remote access client.

Abstract: This disclosure describes techniques including, by a domain name service (DNS), receiving a name resolution request from a client computing device and, by the DNS, providing a nonce to the client computing device, wherein a service is configured to authorize a connection request from the client computing device based at least in part on processing the nonce. This disclosure further describes techniques include a method of validating a connection request from a client computing device, including receiving the connection request, the connection request including a nonce. The techniques further include determining that the nonce is a valid nonce. The techniques further include, based at least in part on determining that the nonce is a valid nonce, authorizing the connection request and disabling the nonce.

Abstract: Embodiments of an invention for protecting supervisor mode information are disclosed. In one embodiment, an apparatus includes a storage location, instruction hardware, execution hardware, and control logic. The storage location is to store an indicator to enable supervisor mode information protection. The instruction hardware is to receive an instruction to access supervisor mode information. The execution hardware is to execute the instruction. The control logic is to prevent execution of the instruction if supervisor mode information protection is enabled and a current privilege level is less privileged than a supervisor mode.

Abstract: The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for authenticating an electronic client device for purposes of granting/denying access to a secure network is provided. The network device detects whether a client device requesting access to the secure network is a known client device on a list maintained by the network device or an unrecognized client device that is not on the list. If the client device is detected as being an unrecognized client device, the network device causes a message to be sent to a manager of the secure network. When a response is received, identification information of the unrecognized client device is automatically added to the list of known client devices by the network device. A network device is also provided.

Abstract: Apparatuses, methods, and systems are disclosed for creating service rules based on user information retrieved from an application server. One apparatus includes a processor and a transceiver that communicates with one or more network functions in a mobile communication network. The transceiver receives a request to provide service rules for a user in response to a request received by the mobile communication network from the user to establish a data connection. The processor identifies one or more service contexts associated with the user and retrieves user information by using each of the identified one or more service contexts. A service context holds information for accessing user information in an application server. The processor creates one or more service rules by using the user information, wherein the mobile communication network applies the one or more service rules to configure the data connection.

Abstract: A method, non-transitory computer readable medium and apparatus for controlling access of a custom browser function are disclosed. For example, the method includes a processor that sends a request to a third party website, receives a hypertext markup language code and a browser script, renders the hypertext markup language code, detects that the browser script is trying to access a custom browser function, compares one or more parameters associated with the custom browser function to an access control list to control an access of the custom browser function, and executes the custom browser function when a match of the one or more parameters is found in the access control list.

Abstract: Sharing data is disclosed. In some cases, sharing data includes receiving a request to share data from a first account to a second account, receiving an indication of a plurality of first account profiles associated with the first account to share with the second account, and establishing sharing from the plurality of first account profiles to the second account, wherein sharing comprises the second account having read access to a subset of nonpublic data associated with the plurality of first account profiles.

Abstract: A method for communication between microservices, performed by a first host machine node, includes: obtaining a first microservice instance located on the first host machine node, determining a first microservice to which the first microservice instance belongs, and determining a list of triples corresponding to the first microservice according to the first microservice. The list of triples corresponding to the first microservice includes at least one triple, each triple of the at least one triple includes a visitor of the microservice, a visited party of the microservice, and an access port, and the visitor of the microservice of each triple included in the list of triples corresponding to the first microservice is the first microservice. The method also includes determining, by the first host machine node, an access policy of the first microservice instance according to the list of triples corresponding to the first microservice.