Abstract: An operating method of an instant messenger application includes providing a first view including types of data sent and received through a chatroom, receiving a selection with respect to one of the types, and providing a second view integrating and displaying data corresponding to the selected type, among data sent and received in a plurality of chatrooms in which a user participates.

Abstract: Disclosed are a system, method, device, and/or non-transitory computer readable medium for providing an instant messaging service implemented with a computer. The method includes receiving a request on establishing a conversation interface with an official account registered at the instant messaging service from a client, providing a rich menu user interface associated with the official account on a portion of the conversation interface when the client establishes the conversation interface in response to the request, receiving a selection on a display item included in the rich menu from the client, identifying content associated with the selected display item by a manager of the official account, and providing the identified content to the client through the conversation interface.

Abstract: This specification is generally directed to techniques for automatically transitioning applications—especially those that enable exchange of messages between users—into and/or out of a private state based on a variety of signals associated with the messages and/or the participants themselves. In various implementations, an ongoing message exchange thread between two or more participants operating two or more respective message exchange clients may be examined. Based at least in part on the examining, a likelihood may be determined that message(s) directed by one of the participants to another of the participants as part of the ongoing message exchange thread would be deemed private by at least a given participant of the two or more participants. A determination may be made of whether the determined likelihood satisfies one or more thresholds, and in response, one or more of the message exchange clients may be transitioned into a private state.

Abstract: Disclosed herein are system, method, and computer program product embodiments for a dynamic email content engine. An embodiment operates by selecting a subscriber record from a database. The embodiment adds, i.e., stores, a first content item to a content pool based on a first rule in a set of rules, wherein the first rule is applied based on a characteristic of the content item or a persona record assigned to the subscriber record. The embodiments adds, i.e., stores, a second content item to the content pool based on a second rule in the set of rules. The embodiment ranks the first content item and the second content item in the content pool based on a first priority value and a second priority value. The embodiment assigns the first content item to the subscriber record based on the ranking.

Abstract: The subject technology retrieves, by a client device from a storage device, first image data captured by the client device at a previous time. The subject technology receiving first metadata corresponding to a selected image processing operation. The subject technology generates second image data based on the first metadata and the image processing operation performed on the first image data. The subject technology generates second metadata comprising information related to the image processing operation, the second metadata including a first identifier associated with the first image data, and second identifier associated with the second image data. The subject technology generates a message comprising the second metadata, the second image data, and the first image data.

Abstract: Systems and methods for generating tasks based on chat sessions between users of a collaboration environment are disclosed. Exemplary implementations may: obtain content information characterizing content of the chat sessions between the users of the collaboration environment; generate tasks for the users based on the content from the chat sessions, a first task being generated based on the first content information for the first chat session; and/or store information defining the tasks generated as part of the state information such that the first task is defined by a first task record.

Abstract: An apparatus, method and computer program product may be provided for updating a graph-based knowledge representation data structure using one or more conversation segments. Updating a graph-based knowledge representation data structure may include receiving a conversation segment. The conversation segment may comprise one or more group-based communication messages and one or more sending user identifiers of the one or more group-based communication messages. Updating a graph-based knowledge representation data structure may further include identifying the one or more sending user identifiers of each group-based communication message of the conversation segment. Updating a graph-based knowledge representation data structure may further include determining one or more user identifiers of the sending user identifiers that satisfy conversation participation criteria.

Abstract: Devices, systems and processes for providing geo-located and content-to-comment synchronized user circles are described. For at least one embodiment, a system for facilitating a geo-location based user circle may include a hub configured to facilitate a sharing of comments between a first user and a second user via a user circle. The first user and the second user may be selected for participation in the user circle based upon a circleID associated each of a first user device and a second user device. A first user device, communicatively coupled to the hub, may be configured to facilitate a capture of the comments provided by the first user. A second user device, communicatively coupled to the hub, may be configured to facilitate a presentation of the comments to the second user. And, a second device geoID may be used to indicate a location of the second user device.

Abstract: An email system detects a user interaction to interact with a social media application, within the email system. The email system accesses a social media component that renders a user interface from the social media system and detects interactions with the user interface to generate content for the social media application. The social media component calls the social media application, with the content, and provides a response indicating that the content has been sent to the social media application.

Abstract: An electronic information system which enables email based transactions comprises an information database storing information regarding a plurality of individuals in a group and selections available to individuals in the group. A first email message with a mailto hyperlink having a plurality of fields including actionable parameter is generated and sent. A reply email message is received in response to selection of the mailto hyperlink. The received email message includes the plurality of fields and the actionable parameter that indicates that a specific selection has been made. A processor performs the action indicated by the actionable parameter in response to the received email message, including updating the information database to indicate the specific selection that has been made.

Abstract: An information source, such as an advertiser or product vendor, transfers information to contacts for which the information source has no contact data. The information source stores information in an information database which communicates the information to a referrer which has the desired contact data. The referrer uses a communication device to transfer the information to one or more contacts using contact data.

Abstract: An image compression method includes: starting a social media application to enter an interface for inputting a to-be-posted content; when an operation for adding an image is detected, displaying a first image in the interface; and when an operation for posting the first image is detected, in response to the operation, performing differential compression on the first image to obtain a second image, and sending the second image to a server corresponding to the social application. The method enables an electronic device to perform differential compression on the image and post the compressed image on a social media platform.

Abstract: A method for data processing that includes receiving, from a service that manages communications between a communication process flow management service and a communication platform, a request indicating metadata from the communication platform, information associated with a tenant of a multi-tenant system, a user identifier, or a combination thereof. The method may further include performing, based on the request, one or more actions on a communication process flow that controls electronic communications between the tenant and a set of users corresponding to the tenant. The method may further include generating a data object related to the communication process flow based on performing the one or more actions. The method may further include transmitting, to the communication platform, a message that is configured to cause posting of the data object into a communication channel of the communication platform.

Abstract: To serve User Equipment (UEs) in a wireless communication network, a control-plane transfers a co-located User Plane Function (UPF) request for a wireless access point ID to a naming system. The naming system detects a co-location translation fault for the wireless access point ID and transfers the wireless access point ID to a controller. The controller determines co-located UPFs for the wireless access node. The controller transfers co-location translation information for the wireless access point ID and co-located UPF IDs to the naming system. The control-plane transfers another co-located UPF request for the wireless access point ID to the naming system. The naming system translates the wireless access point ID into the set of co-located UPF IDs. The naming system transfers the co-located UPF IDs to the control-plane. The control-plane signals the co-located UPFs to serve the UE over the wireless access point.

Abstract: Systems and network devices configured to use Stateless Address Auto-Configuration (SLAAC) to provide different internet protocol (IP) address information to user equipment (UE) devices that are connected to the same local area network (LAN). A network device (e.g., default router, etc.) may determine whether a UE device is eligible to receive special treatment based on a link-layer address of the UE device. The network device send the UE device an unicast router advertisement that includes a special prefix in response to determining that the UE device is eligible to receive special treatment. The network device may send the UE device an unicast router advertisement that includes a base prefix for the LAN in response to determining that the UE device is not eligible to receive special treatment.

Abstract: Some embodiments provide a method for a network controller that manages several logical networks. The method receives a specification of a logical network that includes at least one logical forwarding element attached to a logical service (e.g., DHCP). The method selects at least one host machine to host the specified logical service from several host machines designated for hosting logical services. The method generates logical service configuration information for distribution to the selected host machine. In some embodiments, the method selects a master host machine and a backup host machine for hosting logical service. In some embodiments, a particular one of the designated host machines hosts at least two DHCP services for two different logical networks as separate processes operating on the particular host machine.

Abstract: Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information.

Abstract: The embodiments herein describe a firewall for a media production system to provide flexible security between an on-premises production environment and remote media production applications and devices (e.g., cloud-based virtual production environments). As new media devices and applications (referred to generally as media nodes) are added at remote locations, the firewall is updated to permit the media nodes to communicate with the on-premises production environment. The embodiments herein described an automatic (e.g., software driven) process where a network orchestrator can detect a change in the media nodes and update the rule set in the firewall accordingly.

Abstract: Systems and methods for automatic VPN establishment are provided.

Abstract: A method including receiving, at a first VPN server during an established VPN connection, a first data request and a second data request from a user device; transmitting, by the first VPN server during the established VPN connection, the first data request to a second VPN server and the second data request to a third VPN server; receiving, by the first VPN server from the second VPN server during the established VPN connection, first data associated with the first data request; and receiving, by the first VPN server from the third VPN server during the established VPN connection, second data associated with the second data request, the second exit IP address being different from the first exit IP address. Various other aspects are contemplated.

Abstract: A system and method for managing a plurality of network-enabled client devices such as Internet of Things (IoT) and smart devices employs a distributed ledger or blockchain to store security-related information for each client device. Access to the distributed ledger is provided through a proxy computing system that is configured to exchange security-related messages with the client devices over a first communication path, which may be over a public network; and to engage in transactions with or query the distributed ledger on behalf of the client devices over a second communication path, which is a private channel Vendible data published by the client devices may be routed by the proxy computing system to a data broker or publishing system in a manner that removes identifying information from the vendible data.

Abstract: A system for processing data is disclosed that includes a first processor configured to operate one or more algorithms to identify a user identity as a function of user metadata and to provide access to a predetermined network resource using a cloud-based explicit proxy as a function of the user identity and one or more service requests, the first processor configured to operate one or more algorithms to detect a change in the one or more service requests and wherein access to the predetermined network resources using the cloud-based explicit proxy is modified as a function of the detected change in the one or more service requests.

Abstract: This document describes, among other things, security hardening techniques that guard against certain client-side attack vectors. These techniques generally involve the use of an intermediary that detects and handles identity service transactions on behalf of a client. In one embodiment, the intermediary establishes a resource domain session with the client in order to provide the client with desired resource domain content or services from a resource domain host. The intermediary detects when the resource domain host invokes a federated identity service as a condition of client access. The intermediary handles the identity transaction in the identity domain on behalf of the client within the client's resource domain session. Upon successful authentication and/or authorization with an IdP, the intermediary connects the results of the identity services domain transaction to the resource domain.

Abstract: A communication system utilizing unified gateways bridges communication gaps between data transmitters having differing transmission, security, data format, overhead restrictions and performance metrics by dynamically determining optimal data paths for the data being routed. The unified gateways can also dynamically alter data packages to upgrade/downgrade security standards, alter transmission networks, translate data to match recipient requirements and split/combine data to optimize data throughput using disparate systems.

Abstract: A computing system includes a processor, a network interface controller; a a secure classified remote access as a service application including instructions; and an information technology service management application including instructions wherein the information technology service management application is accessible to the secure classified remote access as a service application via the network interface controller; and wherein the instructions of the secure classified remote access application cause the system to: perform systematic monitoring operations and maintain a virtual hosting environment; perform a network vulnerability analysis; remediate a finding; and notify a user. A method includes performing systematic monitoring; performing a network vulnerability analysis; remediating a finding; and notifying a user.

Abstract: This disclosure provides an anonymization method and apparatus, a device, and a storage medium, and pertains to the field of communications network technologies. The method includes: receiving a data obtaining request of a first terminal, and obtaining requested target data based on the data obtaining request; determining behavior data generated when the target data is obtained; determining, based on the behavior data, a first permutation character sequence corresponding to the target data; and anonymizing, based on the first permutation character sequence, a to-be-anonymized character string in the target data, and outputting the anonymized target data. In this disclosure, because the behavior data is different each time and is not easy to crack, anonymization is implemented without relying on plaintext information, thereby improving anonymization security and meeting anonymization requirements specified by laws.

Abstract: A blockchain network management system implements an associated method comprising the steps of: a) providing a blockchain network configured for providing individual blockchain users with access to a blockchain; b) providing individual blockchain users with a smartphone having a GPS receiving unit associated with a communications network and with a biometric user identification technology coupled to the smartphone; c) identifying an individual blockchain user with the biometric user identification technology by obtaining biometric characteristics that are unique to each human via the communications network; d) authenticating the individual blockchain user's identity and geolocation in an authentication network coupled to the communications network; and e) providing access of authenticated individual blockchain users to the individual blockchain. The blockchain network management system further includes tokens issued to individual authenticated users for providing access to the individual blockchain.

Abstract: A security implementation method includes obtaining, by a first device, a security policy of a session and at least one key, and sending, by the first device, protected data to a second device, where the protected data is obtained by protecting security of session data of the session using the at least one key based on the security policy of the session, and the second device is configured to restore the protected data using the at least one key based on the security policy to obtain the session data, where when the first device is a terminal device, the second device is an access network node or a user plane node, or when the first device is an access network node or a user plane node, the second device is a terminal device.

Abstract: A computer implemented method for managing a connection between a device and a server resource, the method comprising: establishing the connection between the device and a first server of the server resource; registering a connection identifier relating to the connection between the device and the first server in a first database entry of a database arrangement; pre-computing, at the first server, an encrypted alert for the device, the alert being provided with a pre-defined future communication sequence number; and transmitting the alert from the first server to the database arrangement for storage in association with the first database entry of the database arrangement.

Abstract: A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint.

Abstract: A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.

Abstract: Systems and techniques for multi-layer user authentication with live interaction are described herein. An authentication request may be received from a user for secure data stored in a computing system. Contextual data may be received that is associated with authentication information received from the user. It may be determined that the user has passed a first authentication process based on a match between the authentication information and reference authentication information stored in a user profile for the user. A risk score may be generated for the authentication request based on the contextual data and the authentication data. A second authentication process may be identified based on the risk score. A set of secondary authentication information may be received. Data associated with the authentication request may be transmitted upon authentication of the user via the second authentication process based on the set of secondary authentication data.

Abstract: Disclosed are various approaches for extending a single sign-on (SSO) session to multiple devices. If a device is enrolled as a managed device with a management service, a SSO session can be extended to the device if the user has previously authenticated with an identity provider from another device. The user is authenticated on the second device using a user-and-device token issued by the management service with which the device is enrolled as a managed device.

Abstract: Systems and methods for sharing authentication between applications include receiving a request to share authentication from a first application with a second application. An account identifier and identity token for a user are obtained from the first application. Access to a communication application associated with the account identifier is verified as available. The account identifier and identity token are sent to a second application server for verification with a first application server. A verification message is received in the communication application from the second application server. The verification message is determined to contain confirmation information and authentication is shared from the first application with the second application. Related systems and methods include retrieving information associated with an operating system to facilitate sharing authentication between applications.

Abstract: A mechanism for providing secure feature and key management in integrated circuits is described. An example integrated circuit includes a secure memory to store a secret key, and a security manager core, coupled to the secure memory, to receive a digitally signed command, verify a signature associated with the command using the secret key, and configure operation of the integrated circuit using the command.

Abstract: The present disclosure relates generally to authentication of voice communications. Methods performed by a user device for mutually authenticated communications can include creating a first communication channel with a backend, creating a secure session across a second communication channel with the backend, receiving a first identification message from the backend via the second communication channel, receiving a second identification message from the backend via the first communication channel, sending an attestation that the second identification message matches the first identification message to the backend via the second communication channel, receiving a second step authorization instruction from the backend via the second communication channel, assessing the identity of the user, and delivering an authorization response to the backend via the second communication based of the assessed identity of the user.

Abstract: A first user device can receive a communication certificate associated with a user of the first user device. The communication certificate can allow the first user device to exchange certain information with a second user device that also possesses the communication certificate. The first user device can receive a notification. The first user device can also determine that a second user device associated with the user did not receive the notification. The first user device can initiate a direct connection with the second user device. The first use device can verify that the second device possesses the communication certificate. After verification, the first user device can send the notification to the second user device.

Abstract: A system and method for participating in and operating a distributed computing pool are disclosed. Computing pools combine computational resources from a plurality of computing devices over a network by splitting jobs into smaller jobs and distributing those smaller jobs to the computing devices so that they can be solved in parallel with little or no overlap in the work performed. The computing devices attempt to find solutions to the smaller jobs. Solutions found are signed and submitted back to the pool. The pool uses the signature to confirm the true origin of the solution and that the solution has not been tampered with.

Abstract: Accessing and organizing data sets directly from a data warehouse including receiving, by a data analyzer, a request from a service provider client instructing the data analyzer to retrieve a data set from a service provider data warehouse, wherein the service provider client is a client of a service provider, and wherein the service provider data warehouse stores data sets for the service provider; retrieving, by the data analyzer, the data set directly from the service provider data warehouse using credentials provided by the service provider; selecting, by the data analyzer, a worksheet template based on the service provider; organizing, by the data analyzer, the data set into a worksheet based on the worksheet template; and presenting, by the data analyzer to the service provider client, the worksheet comprising the data set.

Abstract: An information processing system includes a file acquirer that acquires a file used in a meeting, an authentication processor that selects, if a password is set to the file acquired by the file acquirer, an authentication scheme of the password, based on meeting information about the meeting, and executes a process of authenticating the password by the selected authentication scheme, and a file executer that executes the file if the password is authenticated by the authentication processor.

Abstract: A system for combining data from various data providers, certain portions of said data necessary to perform identity related services, said portions of said data combined into a central repository with a secure data structure, said data structure made available to outside parties participating in verification or validation services on at least a part of said portions of said data, storing the results of said services as separate entries in said data structure, resulting after a review in a total score, that can be used as a proofed portable identity verification.

Abstract: In a display system according to the present disclosure, a server device includes an authentication processor that authenticates a user for use of a file, based on authentication information of the user input at a user terminal and an access information generator that generates first access information for accessing the file if the user is authenticated by the authentication processor for use of the file, and a display device includes a file acquirer that acquires the file from the server device, based on the first access information generated by the access information generator, and a display processor that displays the file acquired by the file acquirer, on the display.

Abstract: Methods and systems for faster and more efficient smart card logon in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server used for authentication and the client device. A virtual channel may be established between the server and the client device. The server may receive, from the client device a message including answer to reset (ATR) data of a smart card associated with the client device. The server may substitute the ATR data of the smart card with proxy ATR data of a proxy smart card. The server may determine, based on the proxy ATR data, a cryptographic service provider. The server may transmit, via the cryptographic service provider, via the virtual channel, and to the client device, one or more requests for a cryptographic operation involving the smart card.

Abstract: A method for a multi-factor authentication, the method receives results of an initial authentication of a user. Responsive to confirming the initial authentication, an image of a secondary set of authentication options is presented. An option selection is received from the user, wherein the selection is determined by tracking eye movement of the user over the image that includes the set of second factor authentication options. User facial activity is tracked corresponding to the selection made from the secondary set of authentication options. The monitored facial activity is compared to a pre-established authentication condition to determine whether a match exists with the selected secondary set of authentication options, and responsive to facial activity monitored matching the authentication condition pre-established by the user and corresponding to the selection made from the secondary set of authentication options, authentication of the user is confirmed.

Abstract: Systems, apparatuses, methods, and computer program products are disclosed for generating behavioral attribute data structures.

Abstract: A first user device includes a camera. The first user device receives a challenge-response message following a request for access to a secure server. The first user device captures a first image of the first user. The first image includes an image of at least a portion of a face of the first user. An authentication result from facial recognition scan of the second user is received. Facial recognition is used to determine that the face of the first user is a face of an authorized user of the secure server. The first user device generates and sends a response to the challenge-response message based on results of facial recognition and the received authentication results.

Abstract: A cloud-based communication framework. A first secure channel may be established for communication between an IT device and a cloud-computing platform. A request for a device user interface may then be received over the first secure channel. The request may be initiated by a user device via the cloud-computing platform. The device user interface may be retrieved and forwarded over a second secure channel to the cloud-computing platform for communication to the user device.

Abstract: A heterogeneous device authentication system and method authenticate heterogeneous devices in various manners according to user environments. The heterogeneous device authentication system includes an authentication information matching device communication-connected with a plurality of heterogeneous devices and configured to match a plurality of user authentication information of different authentication means to the heterogeneous devices. The authentication information matching device includes a controller and a communication unit communication-connected with the heterogeneous devices.

Abstract: Methods and systems are presented for generating a device fingerprint based on data obtained from one or more sensors on a device. A plurality of data points corresponding to sensor readings are obtained from the one or more sensors on the device. A set of time-domain features and a set of frequency-domain features are extracted from the plurality of data points and inputted to a neural network trained using a triplet network. A device fingerprint that may be used to identify the device is obtained from the neural network.

Abstract: In some implementations, an authentication device may receive information related to website browsing activity at a client device. The information related to the website browsing activity may include information associated with a web address for a current website where information associated with a virtual credential was entered. The authentication device may identify one or more valid web addresses associated with the virtual credential, which may be valid only for an entity associated with the one or more valid web addresses. The authentication device may transmit, to the client device, information to indicate whether the website browsing activity is authenticated based on a comparison of the web address for the current website where the information associated with the virtual credential was entered and the one or more valid web addresses associated with the virtual credential.