Abstract: Embodiments of the present invention relate to methods, systems, and computer program products for user behavior management. In embodiments, a group of states of a user of an application system within a previous time period may be obtained. A state in the group of states may be associated with a privilege of the user for accessing resources in the application system during the previous time period. A feature of the user may be generated based on the group of states. A privilege of the user at a current time may be managed in the application system based on the feature. With these embodiments, the user behavior may be managed according to various aspect of the user's historical states and thus the user may be managed in a more accurate and effective manner.

Abstract: Techniques and structures to provide dynamic deployment of access controls in an on-demand environment. A host electronic device may comprise one or more processors coupled with the at least one physical memory device, the one or more processors configurable to receive, via a user interface, request to access one or more resources managed by the electronic device in the multi-user, on demand computing environment, the request comprising one or more request elements, determine whether a virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, and in response to a determination that the virtual access rule logic comprises one or more virtual access check rules which are anchored to the one or more request elements, apply the one or more virtual access check rules to the request. Additional subject matter may be described and claimed.

Abstract: A system and process for applying access groups for controlling data access, by a processor device. The process receives from a user a request to access data associated with a person from a file system, whereby the request invokes at least one software method. Next method interception is performed by matching the at least one software method. Group membership of the user and at least one group membership of the person is accessed. Determining if each of the following conditions of i) the user is a member of a specific group and ii) the specific group contains the person are verified. In response to the conditions being verified, the process sends the data to a user device to display to the user, otherwise denying the request to access data. Each group can have one or more criteria, which add patients to that group based on the conditions of those criteria.

Abstract: The present disclosure is generally directed to a data processing system for customizing content in a voice activated computer network environment. With user consent, the data processing system can improve the efficiency and effectiveness of auditory data packet transmission over one or more computer networks by, for example, increasing the accuracy of the voice identification process used in the generation of customized content. The present solution can make accurate identifications while generating fewer audio identification models, which are computationally intensive to generate.

Abstract: Systems and methods for managing access to computing services include an access manager that receives a request to modify a configuration of a computing service to a new configuration. The access manager stores a previous configuration of the computing service, updates the configuration of the computing service from the previous configuration to the new configuration based on information representing the new configuration, and starts a service request timer for the computing service. The access manager receives a subsequent request. When the subsequent request is a reconnect request, the access manager deletes the stored previous configuration. When the subsequent request is not a reconnect request or a new request the access manager returns an error when the service request timer has not expired, or sets the configuration of the computing service to the previous configuration of the computing service when the timer has expired.

Abstract: Novel tools and techniques are provided for implementing a telemetry hub, and, more particularly, to methods, systems, and apparatuses for implementing a telemetry hub that obtains sensor data from a plurality of sources and that determines one or more first actions to take in response to receiving the first sensor data. In operation, a telemetry hub might receive first sensor data from one or more sensors. The telemetry hub may determine whether the first sensor data can be trusted and whether the first sensor data is valid. Based on a determination that the first sensor data can be trusted and is valid, the telemetry hub might analyze the first sensor data to determine one or more first actions to take. The telemetry hub might then implement the one or more first actions based at least in part on the analysis of the first sensor data.

Abstract: A method for authenticating a message transmitted via a communication channel, including the following: sampling recurring signal edges within a data frame of the message, sampling values being obtained with a start time that is offset between the signal edges, reconstructing an average signal characteristic of a part of the message from the sampling values, calculating signal-technical properties of the data frame from the signal characteristic, and the message is authenticated based on the properties.

Abstract: Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network.

Abstract: Systems and methods for verified messaging through the interaction involving a short-range transceiver, such as a contactless card, a client device and a server are presented. Verified messaging may be provided in the context of using a client device to receive a user identifier from the user's short-range transceiver, such as a contactless card, and sending a messaging request with the user identifier to a server, which may look up client device information and compare with data about the client device accompanying the request. Matching received client device information to stored client device data based on a user identifier obtained from a short-range transceiver provides an enhanced ability to verify that the client device corresponds to the user associated with the short-range transceiver.

Abstract: A method and system for detecting and preventing Internet fraud in online transactions by utilizing and analyzing a number of parameters to uniquely identify a computer user and potential fraudulent transaction through predictive modeling. The method and system uses a delta of time between the clock of the computer used by the actual fraudulent use and the potentially fraudulent user and the clock of the server computer in conjunction with personal information and/or non-personal information, preferably the Browser ID.

Abstract: A network traffic flow is directed to a computing services system is determined as being unrelated to the service that the system provides. In response, the network traffic flow is deflected away from the computing services system. Demand of the sender of the network traffic flow is managed by shaping the deflected network traffic flow in responding to the sender and/or by misinforming the sender in responding to the sender.

Abstract: Techniques for visualizing IoT device management are disclosed. A system utilizing such techniques can include an IoT device risk assessment system and an IoT device management visualization system. A method utilizing such techniques can include grouping IoT devices into an IoT device dimension group based on IoT device dimensions defining the group and controlling presentation of management data for the IoT devices based on the grouping of the IoT devices into the IoT device dimension group.

Abstract: Techniques for detecting malicious activity on an endpoint based on real-time system events are disclosed. In some embodiments, a system/process/computer program product for detecting malicious activity on an endpoint based on real-time system events includes monitoring an endpoint for malicious activity using an endpoint agent, in which the endpoint comprises a local device; detecting malicious activity associated with an application on the endpoint based on real-time system events using the endpoint agent based on a set of rules; and in response to detecting malicious activity on the endpoint based on real-time system events using the endpoint agent, performing a security response based on a security policy.

Abstract: A network anomaly data detection method includes the following steps: receiving access request data transmitted by a client; searching historical access request data corresponding to a user session identifier in the access request data; acquiring a header character string of the access request data; performing word segmentation processing on the header character string according to a preset step length so as to obtain a word segmentation set; obtaining a word segmentation weight matrix according to the historical access request data and the word segmentation set; inputting the word segmentation weight matrix into an anomaly data detection model so as to obtain a data anomaly probability; and judging whether anomaly data exists in the header character string according to the data anomaly probability.

Abstract: A method to determine, by a computing system, a trust score for a network entity in a computer network, the trust score for the network entity indicating a level of trust in the network entity; and modifying, by the computing system, a traffic pattern of the computer network based on the trust score for the network entity.

Abstract: Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint/user posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.

Abstract: An example network security and threat assessment system is configured to determine, based on one or more events that have occurred during execution of one or more applications, a potential security vulnerability of a target computing system, where the one or more events correspond to a node represented in the hierarchical risk model. The system is further configured to identify, based on a mapping of the node represented in the hierarchical risk model to a node represented in a hierarchical game tree model, one or more actions that are associated with the potential security vulnerability and that correspond to the node represented in the hierarchical game tree model, and to output, for display in a graphical user interface, a graphical representation of the potential security vulnerability and the one or more actions associated with the potential security vulnerability.

Abstract: A system obtains security data of interconnected networks. The visibility of the security data is asymmetric for each interconnected network relative to the other. The security data is continuously stored and used in real-time or near real-time to identify services of the interconnected networks that require safeguards against a potential cyberattack. The interworking system determines a security parameter that relates the security data to the potential cyberattack and communicates the security parameter to the interconnected networks. The interconnected networks can safeguard against the potential cyberattack based on the security parameter.

Abstract: Artificial Intelligence (“AI”) apparatus and method are provided that correlate and consolidate operation of discrete vendor tools for detecting cyberthreats on a network. An AI engine may filter false positives and eliminate duplicates within cyberthreats detected by multiple vendor tools. The AI engine provides machine learning solutions to complexities associated with translating vendor-specific cyberthreats to known cyberthreats. The AI engine may ingest data generated by the multiple vendor tools. The AI engine may classify hardware devices or software applications scanned by each vendor tool. The AI engine may decommission vendor tools that provide redundant cyberthreat detection. The AI engine may display operational results on a dashboard directing cyberthreat defense teams to corroborated cyberthreats and away from false positives.

Abstract: A method for using inventory rules to identify devices of a computer network includes intercepting data traffic across one or more communication links of the computer network. The intercepted data traffic is analyzed to determine whether one or more of a plurality of inventory rules is satisfied by the intercepted data traffic. Each of the plurality of inventory rules comprises one or more conditions indicating the presence of a particular computer network device having a set of parameters. Each one of the plurality of inventory rules has a weighting factor value indicative of a priority of the application of a corresponding rule. The weighting factor value depends on previously identified devices. One or more devices of the computer network are identified using the weighting factor value of the one or more satisfied inventory rules.

Abstract: The system inhibits malware, which has infected user equipment (UE), from establishing a communication channel between to the UE and a malware command and control (C2) website. A malware threat detector detects traffic generated by user equipment generated by malware. The system extracts the logs of these detections and processes the packet capture and extracts the fully qualified domain name (FQDN). The FQDN is then transmitted to a malware information sharing platform and added to the domain name system response policy zone (DNS RPZ). The DNS RPZ can block subsequent access to the malware C2 website due to the inclusion of the FQDN on the DNS RPZ.

Abstract: Aspects of the disclosure relate to edge-computing (“EC”)-based systems and methods for fraud mitigation. The systems and methods may utilize a multi-layer architecture. The architecture may include a set of N gatekeeper units, and each gatekeeper unit may be associated with an EC device. When a transaction request is received, the request may be processed at a first gatekeeper unit, and, if validated, successively processed by the set of N gatekeeper units. If any gatekeeper unit flags the request as suspicious, the unit may emit an audible alert that may be sensed by the associated EC device. The EC device may transmit a signal to one or more of the other gatekeeper units to perform additional processing for the request. When the request reaches the Nth gatekeeper unit and achieves validation, the transaction may be executed via a central server connected to a transaction network.

Abstract: The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems provide for preventing a false report of a compromised connection even though a security component receives an indication a connection is compromised, and the security component, by default, would report a compromised connection. In the method, the security component determines that captive portal authentication is enabled for a computing device. The security component requests a response from a server over a connection, with the response indicating that the connection is compromised. However, because captive portal authentication is enabled, the security component does not report the connection as being compromised.

Abstract: A system includes a memory and a processor in communication with the memory. The processor is programmed to receive a runtime measurement from a sensor regarding the physical attribute of at least the separate processor during runtime; compare the runtime measurement of the physical attribute to a fingerprint that includes a baseline measurement of a physical attribute of at least a separate processor during an evaluation period of the system, and in response to the measurement exceeding a threshold, executing a countermeasure operation against software ran by the separate processor.

Abstract: Techniques are described for detecting and attributing automatic unauthorized redirects originating from executable code contained within an advertisement hosted within a web page or application displayed on an end user's mobile or desktop computing devices.

Abstract: A distributed network and security operations platform is disclosed. The disclosed platform comprises an external service that facilitates network and security operations for a private network. Data from nodes of the private network is received and analyzed by the service, and an output is automatically generated by the service in response to analyzing received data that facilitates modifying the routing performed by at least one or more of the nodes of the private network.

Abstract: This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices.

Abstract: Systems and methods include obtaining telemetry from a plurality of security agents each operating on a device in a network, wherein the telemetry is collected locally related to datagram protocol packets; analyzing the telemetry to determine applications associated with the datagram protocol packets flowing in the network and virtual circuits between each of the applications; determining enforcement policies for each application that communicates with other applications over a datagram protocol; and providing the enforcement policies to the plurality of security agents for allowing and blocking communications associated with the datagram protocol.

Abstract: The present application is directed to a non-transitory computer readable medium. The medium includes program instructions that, upon being executed by a processor, effectuate detecting a virtual private network (VPN) provider in a network. The program instructions also effectuate receiving, from the VPN provider, server credentials for a VPN. The program instructions further effectuate generating a security policy based upon a type or pattern of network traffic associated with the VPN. The program instructions even further effectuate converting the security policy to a table interpretable by a node in the network.

Abstract: Techniques are described for adjusting policy characteristics based on a determined similarity between routes. A similarity metric may be determined indicating the similarity between a first route followed by a vehicle and/or driver and a second (e.g., previous) route followed by the vehicle and/or driver. A similarity metric may indicate the similarity in movements, and changes in movement, exhibited by the vehicle on the routes. The similarity metric may be determined through analysis of real time data collected by in-vehicle sensor(s), mobile user device(s), external sensors or other data sources. Based on the similarity metric, a premium, a deductible, a price, or other characteristic(s) of a policy may be determined. In some examples, policy characteristics may be adjusted (e.g., in real time) based on the analysis according to changing risk conditions if a driver is following routes that are dissimilar from typical routes.

Abstract: In an approach for bypassing security vulnerable and anomalous devices in a multi-device workflow, a processor monitors behavior and network traffic of a plurality of smart devices within a multi-smart device system. A processor identifies a first smart device of the plurality of smart devices with at least one of a security vulnerability and an anomaly. A processor identifies a multi-smart device workflow that includes the first smart device. A processor identifies a function of the first smart device within the multi-smart device workflow. A processor determines whether an alternative smart device can replace the first smart device within the multi-smart device workflow. Responsive to resolution of the at least one of the security vulnerability and the anomaly, a processor re-establishes the workflow with the first smart device.

Abstract: Security policies can be dynamically updated in response to changes in endpoints associated with those policies. A user can indicate one or more regions or networks from which access is to be granted under a specific security policy. The user can subscribe to receive notifications upon a change relating to those endpoints, such as the addition or removal of one or more endpoints. When a change is detected, new policy information can be generated automatically and published for subscribed policies, which can then have the updates applied automatically or provided for manual review and application. Such a process enables access determinations to be made based upon up-to-date endpoint information.

Abstract: Methods, systems, and computer readable media for providing and managing security rules and policies are described. In some implementations, a method may include receiving, at a crowdsourcing security policy server, a security policy from a first user account, and providing a crowdsourced security policy user interface including a section corresponding to the security policy configured to make the security policy available for use by other user accounts. The method may also include receiving from one or more of the other user accounts, a security policy rating corresponding to the security policy, and receiving, from one or more of the other user accounts, a user account rating corresponding to the first user account.

Abstract: Methods, systems, and devices for wireless communications are described. A base station may transmit, to a user equipment (UE), a control message that includes an identification of a set of protection levels corresponding to different degrees of physical layer security for securing communications between the UE and the base station. The base station may transmit, to the UE, an indication of an identified protection level of the set of protection levels to be used by the UE for securing the communications between the UE and the base station. The UE may communicate with the base station in accordance with the identified protection level.

Abstract: In a method of session initiation protocol (SIP) session management, a SIP session information request is sent to a network resource management (NRM) server by a vertical application layer (VAL) server to obtain a list of SIP sessions established between (i) a VAL client associated with the VAL server and (ii) the NRM server. A response message comprising SIP session information is received by the VAL server from the NRM server in response to the SIP session information request. The SIP session information includes the list of SIP sessions established between the VAL client and the NRM server. A plurality of SIP sessions is managed across a plurality of NRM servers based on the response message, where the plurality of NRM servers comprises the NRM server and the plurality of SIP sessions comprises the list of SIP sessions established between the VAL client and the NRM server.

Abstract: IoT service layer capabilities may be employed to automate and simplify the service enrollment process for IoT service subscribers/enrollees. These capabilities enable virtualization of a service subscriber and the physical IoT devices, applications, data and authorized users of the subscriber into a software profile that is representative of the subscriber. Once virtualized, a service subscriber may then delegate the complexities and burden of service enrollment to an automated IoT service enrollment software function.

Abstract: In implementations of systems for resolving conflicts in collaborative digital content editing, a computing device implements a resolution system to apply a content editing operation to a digital object. The resolution system writes an indication of the content editing operation at a first position of a local transaction stack of editing operations. The resolution system transmits editing data via a network describing the content editing operation for receipt by a server system. Relay data is received via the network from the server system describing an additional content editing operation for application to the digital object. The resolution system determines a conflict between the additional content editing operation and the content editing operation and writes an indication of the additional content editing operation at a second position of the local transaction stack of editing operations that is before the first position.

Abstract: Aspects of the disclosure provide methods, apparatuses, and non-transitory computer-readable storage mediums for receiving media data. One apparatus includes processing circuitry that receives a media presentation description (MPD) file that includes an essential property descriptor indicating a session-based description (SBD) file. The essential property descriptor includes an attribute that indicates a class for a uniform resource locator (URL) request used for requesting a resource. The class identifies a type of the requested resource. The processing circuitry generates the URL request based on the SBD file and the class indicated in the attribute included in the essential property descriptor. The processing circuitry sends the URL request to a server to request the resource of which the type is identified based on the class of the URL request.

Abstract: A system and method for identifying and promoting a user in an online meeting based on a mention of a username in a chat/audio session. The system is configured to identify meeting participants, detect a first signal that a first participant has mentioned a name of a second participant in the chat/audio session, cause a user interface to display on each client device of participants, identify a first location on the user interface at which a representation of the first/second participant is displayed, the first location being associated with a first ranking value, and promote a display location of the first/second participant by moving the representation of the first/second participant from the first location for display to a second location on the user interface, the second location being associated with a second ranking value representing a higher ranking than that represented by the first ranking value of the first location.

Abstract: In a method for managing and distributing content in a plurality of observation platforms, a message is generated with employment related content at a cloud based component of a content distribution manager in response to user interaction via an interface of the content distribution manager presented on a computer system. Responsive to the user interactions and to interactions of third party software via an application program interface with the cloud based component, delivery of the message is scheduled and a plurality of specified devices belonging to a specified class of employees are specified for delivery in a plurality of observation platforms at a designated time and location via the cloud based component. The message is delivered and the delivery and response to the message are measured to the plurality of observation platforms which relay the message to the plurality of specified devices at the designated time and the designated location.

Abstract: A method disclosed herein provides for receiving, at a user device, a media stream including frames of a first resolution generated by a graphics-rendering application and utilizing one or more weight matrices pre-trained in association with the graphics-rendering application to locally upscale each received frame of the media stream at the user device to a second resolution greater than the first resolution. Local upscaling of the media stream may be performed “on the fly,” such as with respect to individual content streams (e.g., a game) or segments of content streams (e.g., a scene within a game).

Abstract: Certain aspects of the present disclosure provide techniques for communicating between an application executing on a client device and a server using a persistent connection. An example method generally includes initializing a persistent connection between an application executing on a client device and a server. Information about an event within the application is received. Communications between the application and the server are performed via streaming data related to the information about the event carried on the persistent connection. Generally, the streaming data may be translated from an application-native format to a platform-agnostic format and may include application-specific information. One or more actions are taken within the application based on the streaming data related to the event and carried on the persistent connection.

Abstract: Certain example embodiments relate to web applications. In certain example embodiments, an instance of a web application is executed using a client device. In response to the instance being started up, metadata is retrieved using a service embedded in the application and invoked at a bootstrap hook. The metadata is associated with earmarked programmatic elements in the application. At the client device and using an evaluation service injected into operation of the instance, one or more configured rules are evaluated against input. The rules are definable in relation to the earmarked programmatic elements using the retrieved metadata. They specify behavior of the web application and are dynamically (re)configurable while the instance of the web application is running. The (re)configured rules are dynamically effective without requiring web application redeployment, even if (re)configured while the instance of the web application is running. The instance is controllable responsive to the evaluation.

Abstract: Systems and methods to asynchronously transfer user-provided information upon user-provided permissions are disclosed. Exemplary implementations may receive a user-initiated request for one or more webpages from a user associated with a client computing platform; transfer a set of information to the client computing platform, wherein the set of information is usable to generate one or more presentations of the one or more webpages on the client computing platform; receive, from the client computing platform, user-provided information, wherein the user-provided information is based on a first item of user-provided personal information and on a second item of user-provided personal information that have been collected locally through the one or more presentations on the client computing platform, and wherein server-side receipt of the user-provided information occurs subsequent to the user providing permission for the transfer of the user-provided information; and/or other steps.

Abstract: A mobile device can implement a neural network-based style transfer scheme to modify an image in a first style to a second style. The style transfer scheme can be configured to detect an object in the image, apply an effect to the image, and blend the image using color space adjustments and blending schemes to generate a realistic result image. The style transfer scheme can further be configured to efficiently execute on the constrained device by removing operational layers based on resources available on the mobile device.

Abstract: When a user exploits virtualization software and navigates through or to a redirected client drive in a remote session then the file management application may refresh the directory/folder content very slowly, spending significantly more time than expected according to the amount of data, network speed and latency. Whilst this refreshing is being performed no actions with the file management application can be performed by the user. Accordingly to address this a system or method are provided that cache metainformation for files, folders, and subfolders, e.g. upon a network resource, in a driver which responds to a query directory and other related requests by filling a provided buffer with the cached data. Further, this driver may filter out some particular files from the results if a filtering option is selected to further reduce latency.

Abstract: A distributed device management system specifies a device capable of supplying request data used for providing a service, from among a plurality of devices connected to a network. Device management function units are disposed so as to be geographically distributed and manage the states of the devices located in deployed areas. A device specifying function unit has a device inquiry cache in which a response log including the type of data which was previously required for the service and an identifier of the device management function unit that manages the device which was capable of supplying the data is recorded. In a case where this request data coincides with the type of data included in the response log, an inquiry is transmitted to the device management function unit associated with the request data in the response log.

Abstract: Concepts and technologies disclosed herein are directed to service correlation across hybrid cloud architecture to support container hybridization. According to one aspect of the concepts and technologies disclosed herein, an overlay network can instantiate a message bus between a first cloud network and a second cloud network. The overlay network can receive, via the message bus, a request from the second cloud network for a container image stored in a containerized application asset repository of the first cloud network. The overlay network can retrieve, via the message bus, the container image from the containerized application asset repository. The overlay network can provide, via the message bus, the container image to the second cloud network for creating a container based upon the container image.

Abstract: Systems, methods, and media for causing an action to be performed on a user device are provided. In some implementations, the systems comprise: a first user device comprising at least one hardware processor that is configured to: detect a second user device in proximity to the first user device; receive a user input indicative of an action to be performed; determine a plurality of candidate devices that are capable of performing the action, wherein the plurality of candidate devices includes the second user device; determine a plurality of device types corresponding to the plurality of candidate devices; determine a plurality of priorities associated with the plurality of candidate devices based at least in part on the plurality of device types; select a target device from the plurality of candidate devices based at least in part on the plurality of priorities; and cause the action to be performed by the target device.