Abstract: A chatbot executes on a user device to gather performance data associated with an application on the user device. During a diagnostics chat with a user, the chatbot receives a plurality of answers from a user of the user device to a plurality of prompts sequentially output by the chatbot to the user regarding a performance issue of an application on the user device. The chatbot also retrieves, from the user device, contextual data of the application during the performance issue. The chatbot packages the answers received from the user and the retrieved contextual data to enable diagnosis of the performance issue of the application.

Abstract: The disclosed systems and methods provide a novel framework that provides mechanisms for enabling message senders to dictate, control and/or create dynamic immersive content consumption experiences for recipients of their messages. The disclosed framework provides message senders with previously non-existent functionality to control the experience and environment within which their messages are consumed. Conventional systems provide recipients with capabilities to consume messages and/or supplemental content; however, these capabilities are driven and controlled by the hosting messaging platform and/or the third party entity that is availed opportunities to provide supplemental content. The disclosed framework prevents such experiences by providing capabilities to the message sender that involves control not only over the experience of the sender's messages but also control over the experience of the environment in which the messages are consumed by their recipients.

Abstract: An information presentation method, an apparatus, an electronic device, and a storage medium are provided. The method includes: obtaining status information for a target message in an instant messaging IM conversation, wherein the target message comprises a message sent by a first user and/or a second user with respect to a target piece of mail, the target piece of mail being a piece of mail shared by the first user with the second user, or is a piece of mail shared by the second user with the first user; presenting the status information on an interface of a mailbox client end of a first user and/or a mailbox client end of a second user on the basis of the status information for the target message. The technical solutions of embodiments can facilitate heightened user interaction efficiency, and improve user experience.

Abstract: An information processing device includes a processor, and the processor is configured to: associate plural participants of each activity set by a user for each specific purpose with the activity; link a storage area of a file management service for which at least one participant has an access right and that is provided by plural service providers to the activity; and cause a display of a participant of a request source to display a first file stored in a linked storage area for which the participant of the request source has an access right, in response to a request for accessing the activity from each participant.

Abstract: A streaming platform reader includes: a plurality of reader threads configured to retrieve messages from a plurality of partitions of a streaming platform, wherein each message in the plurality of partitions is associated with a unique identifier; a plurality of queues coupled to the plurality of reader threads configured to store messages or an end of partition signal from the reader threads, wherein each queue includes a first position that stores the earliest message stored by a queue; a writer thread controlled by gate control logic that: compares the identifiers of all of the messages in the first positions of the queues of the plurality of queues, and forwards, to a memory, the message associated with the earliest identifier; and wherein the gate control logic blocks the writer thread unless each of the queues contains a message or an end of partition signal.

Abstract: There is provided a system and method for routing messages received from any one of a plurality of external user accounts on any one of a plurality of different messaging applications within an entity. The system and method comprises one or more integration modules coupled to each of the plurality of different messaging applications for receiving messages via the messaging application. These messages are directed to a unique account identifier for the entity using additional address identifier information. A central messaging module is configured to receive from each of the one or more integration modules the messages via a common internal messaging protocol, and distribute the messages to at least one more internal user accounts within the entity using additional address identifier information.

Abstract: Disclosed herein are systems and method for spam identification. A spam filter module may receive an email at a client device and may determine a signature of the email. The spam filter module may compare the determined signature with a plurality of spam signatures stored in a database. In response to determining that no match exists between the determined signature and the plurality of spam signatures, the spam filter module may placing the email in quarantine. A spam classifier module may extract header information of the email and determine a degree of similarity between known spam emails and the email. In response to determining that the degree of similarity exceeds a threshold, the spam filter module may transfer the email from the quarantine to a spam repository.

Abstract: A social network service method implemented with a computer is provided which includes receiving at least one control condition for controlling an operation of a social network service from a user, generating a folder operated by the at least one control condition, associating at least one chatting element with the folder, and determining whether to control the operation of the social network service based on the at least one control condition, in response to a message from a conversation partner associated with the at least one chatting element.

Abstract: Systems and methods are directed to email threading based on machine learning determined categories and features. A network system accesses a plurality of emails addressed to a user. The network system then classifies, using a machine learning model, each email into at least one of a plurality of categories. For a category of the plurality of categories, one or more feature values are extracted from each email in the category. Based on the category and the extracted feature values, the network system groups messages having a same feature value in the same category together into a single email thread. Information related to the single email thread is then presented at a client device of the user.

Abstract: An information processing method executed by a computer to control notification by a plurality of terminals (first terminal and second terminal) associated with an appliance includes: obtaining information defining, for each state of a plurality of possible states of the appliance, whether the state is a predetermined state that requires the notification by all of the first terminal and the second terminal; obtaining a state of the appliance; determining whether the state of the appliance obtained is the predetermined state; performing control to cause all of the first terminal and the second terminal to make the notification, when it is determined that the state of the appliance is the predetermined state; and performing control to cause a specific terminal out of the first terminal and the second terminal to make the notification, when it is determined that the state of the appliance is not the predetermined state.

Abstract: A mail processing method is provided. The method includes: sending a first document obtaining request to a server in response to a triggering operation on target control in a mail editing page; receiving first document information of an on-line document sent by the server in response to the first document obtaining request, where authority control information of the first document information matches an account ID of a mail; sending a second document obtaining request to the server in response to a triggering operation to the first document information; receiving second document information sent by the server in response to the second document obtaining request and generating the mail in the mail editing page based on the second document information.

Abstract: Methods and systems are enclosed herein for automatically managing email communication between a group of users and a group of target prospects. A sequence of outbound emails is automatically sent on behalf of a user to a prospect. Based upon the prospect's inbound replies (or lack thereof) the system will perform preconfigured actions, such as stopping automated communications and deferring to the user for manual action.

Abstract: Techniques for providing a suggested message to a user of a communication platform are described herein. The communication platform can receive a request, from a first user, to suggest a message (e.g., suggested message) to a second user with whom the first user is connected via the communication platform. The request can include contents of the suggested message and a user identifier associated with the second user. In some examples, the request can additionally include a suggested virtual space via which the suggested message is to be published, a suggested time for delivery, and/or the like. The communication platform can cause a presentation of the suggested message to the second user, such as via a user interface. In response to receiving an approval of the suggested message via the user interface, the communication platform can cause a publication thereof in association with a user account of the second user.

Abstract: Systems and methods for a virtual network routing gateway that supports address translation for data plane as well as dynamic routing protocols are disclosed herein. The method can include coupling a gateway with a plurality of ports to a network having a plurality of first IP addresses in a private address space, generating a Network Address Translation (“NAT”) function in the gateway, inputting translation information into the NAT function, advertising routes based on the translation information, populating a unified routing table in the gateway based on the plurality of first IP addresses in the private address space and on translated route advertisements, receive an inbound network packet at the gateway, translating an inbound address of the inbound network packet with the NAT function, and delivering the network packet according to the routing table and based on the translated inbound address.

Abstract: A communication system includes a user plane function (UPF) configured to receive a domain name system (DNS) query from a user equipment (UE). The DNS query includes a first destination address of a first DNS server. The DNS query is for determining an address of a data server in proximity to the UE. According to the first destination address of the first DNS server, the UPF obtains, from a session management function (SMF), a second destination address of a second DNS server for providing the address of the data server. The SMF is configured to provide, to the UPF, the second destination address of a second DNS server.

Abstract: A content delivery method including the operations of receiving a uniform resource locator resolution request at an authoritative name server for a domain where the uniform resource resolution request is received based, at least in part, on a host name of the uniform resource resolution request where the host name is uniquely related to a resource associated with the uniform resource resolution request. The method further including the operation of tracking a popularity of the resource based on the host name uniquely related to the resource and providing a location within a network capable of delivering the resource where the provided location is based on the popularity of the resource.

Abstract: A system described herein may maintain first information associating Uniform Resource Locator (“URLs”) with respective Internet Protocol (“IP”) addresses of one or more edge computing devices. The system may maintain second information associating User Equipment (“UE”) identifiers with one or more locations. The system may receive a request, from a UE, including an identifier of the UE and a URL, may identify a location of the particular UE based on the identifier of the particular UE, and may compare the URL to the URLs included in the first information. The system may select a particular edge computing device based on the location of the particular UE, and may output, in response to the request, a particular IP address of the selected edge computing device.

Abstract: The disclosure describes a mesh network including a first device and a second device. The first device transmits, to the second device, a query packet containing a DNS query for querying domain information of an external device, and the second device that transmits the DNS query to a DNS server to receive the domain information. The second device transmits, to the first device, the domain information of the external device. The first device transmits, to the second device, an initiation packet containing a network initiation packet for communicating with the external device, the network initiation packet including the domain information, and the second device transmits, over a network connection, the network initiation packet to the external device based on utilizing the domain information in the network initiation packet. The disclosure describes various other contemplated aspects.

Abstract: A method of assigning IP addresses to devices of a building control network includes receiving a selection of selected devices of a plurality of devices from a user interface. The selected devices are displayed in a predetermined order on a display. A proposed static IP address for a first device in the predetermined order of the selected devices is received from the user interface. A static IP address is sequentially assigned to each of the selected devices following the first device in accordance with the predetermined order, assuming the subnet mask has been confirmed as valid. The selected devices in the predetermined order along with the assigned static IP addresses for each of the selected devices are displayed on the display. The assigned static IP address for each of the selected devices are downloaded to the corresponding one of the selected devices.

Abstract: A method of assigning an identifier to a controller of a modular vacuum pumping and/or abatement system, the method including: determining, by a first controller of the modular vacuum pumping and/or abatement system, that a first identifier is to be assigned to a second controller of the modular vacuum pumping and/or abatement system, wherein the second controller is located at a module of the modular vacuum pumping and/or abatement system; transmitting, by the first controller, a first signal indicative of the first identifier to the second controller; receiving, by a user input device coupled to the module, a user input; and adopting, by the second controller, the first identifier as its identifier in response to the user input.

Abstract: A first meshnet device in a mesh network, the first meshnet device configured to: determine a first range of first subnet IP addresses associated with a first LAN and a second range of second subnet IP addresses associated with a second LAN; determine a conflict that a first subnet IP address assigned to a first LAN device in the first LAN matches a second subnet IP address assigned to a second LAN device in the second LAN; map an association between an alternate IP address and the first subnet IP address; transmit, to a second meshnet device, the association between the alternate IP address and the first subnet IP address; and receive, from the second meshnet device, an initiation network packet to be transmitted to the first LAN device, the initiation network packet indicating the alternate IP address as a destination address is disclosed. Various other aspects are contemplated.

Abstract: Techniques for associating manufacturer usage description (MUD) security profiles for Internet-of-Things (IoT) device(s) with secure access service edge (SASE) solutions, providing for automated and scalable integration of IoT devices with SASE frameworks. A MUD controller may utilize a MUD uniform resource identifier (URI) emitted by an IoT device to fetch an associated MUD file from a MUD file server associated with a manufacturer of the IoT device. The MUD controller may determine that a security recommendation included in the MUD file is to be implemented by a cloud-based security service provided by the SASE service and cause the IoT device to establish a connection with a secure internet gateway associated with the cloud-based security service. Additionally, or alternatively, the MUD file may include SASE extensions indicating manufacturer recommended cloud-based security services. Further, cloud-based security services may be implemented if local services are unavailable.

Abstract: Techniques and systems for optimizing and cleaning rules for network-based authentication transactions are provided herein. A network-based authentication system may determine a plurality of rules that were previously used to evaluate a plurality of transactions. The network-based authentication system may also generate a false positive rate for one or more of the plurality of rules, A cleaning coefficient for a first rule of the plurality of rules may be generated by the network-based authentication system. Based on the cleaning coefficient and the false positive rate, the network-based authentication system may identify one or more rules from the plurality of rules to eliminate from the plurality of rules. The network-based authentication system may eliminate the one or more rules to generate a modified set of rules. Using the modified set of rules, the network-based authentication system may authenticate a network transaction.

Abstract: Methods, systems, and computer programs are presented for enabling automated secure data sharing from a private cloud region to a public cloud region and vice versa. A cloud data platform confirms a relationship establishment procedure between a provider and a consumer is recorded with a cloud data platform, the provider being associated with a private cloud deployment and the consumer being associated with a public cloud deployment in a public region. The cloud data platform enables disabling of a firewall policy that is preventing data traffic between the private cloud deployment and the public cloud deployment and enables data sharing between the private cloud deployment and the public cloud deployment. The cloud data platform enables data sharing in a database of the cloud data platform.

Abstract: Techniques are disclosed for a network device to preserve packet flow information across bump-in-the-wire (BITW) firewalls. For example, a method comprises receiving, by a network device, a packet. The method also comprises determining, by the network device, that the packet matches a packet flow that is associated with an action to redirect the packet to a firewall configured as a bump-in-the-wire. The method further comprises, in response to the determination: modifying, by the network device, a Media Access Control (MAC) address field of a layer 2 (L2) packet header with a flow identifier of the packet flow; sending, by the network device, the packet to the firewall; receiving, by the network device, the packet from the firewall; and recovering, by the network device, the packet flow by modifying the packet according to the flow identifier in the packet to restore the L2 packet header of the packet.

Abstract: Systems and methods are provided for dynamic virtual private network concentrators (VPNC) gateway selection and on-demand VRF-ID configuration. A dynamic VPNC gateway selection component can dynamically route to a particular VPNC gateway based on multiple user-specific factors, including: a) behavior of users on the network; and b) performance of a destination service/device. A dynamic VPNC gateway selection component can rank a user based on one or more factors relating to the behavior of the user. Also, the dynamic VPNC gateway selection component can determine whether a VPNC gateway at a data center is healthy, and whether a destination service at the data center is healthy. The dynamic VPNC gateway selection component can dynamically select a VPNC gateway from a plurality of VPNC gateways at the data center for communicating forwarded traffic from the user based on the user's ranking if either the VPNC gateway or the service are unhealthy.

Abstract: Systems and methods are provided for consolidation of IHS (Information Handling System) VPN (Virtual Private Network) resources utilized by workspaces operating on the IHS, where the workspaces operate in isolation from the operating system of the IHS. A remote workspace orchestration service manages deployment of workspaces on the IHS. The workspaces are instantiated and operate according to a workspace definition provided by the workspace orchestration service. An embedded controller of the IHS registers a VPN consolidation function of the IHS with the workspace orchestration service, which notifies the workspaces of the VPN consolidation function. A VPN workspace is instantiated that operates according to a workspace definition provided by the workspace orchestration service. The respective workspace definitions of the workspaces are updated to route VPN communications to the VPN workspace.

Abstract: A method including utilizing, by a VPN server, a first exit IP address to transmit a first query to a host device for retrieving data of interest requested by the user device; predicting or determining, by the VPN server, potential overloading of the VPN server; establishing, by the VPN server based on predicting or determining a breach, a secure connection with a secondary server to enable communication of encrypted information between the VPN server and the secondary server; and transmitting, by the VPN server to the secondary server over the secure connection, an encrypted message identifying the host device and the data of interest to enable the secondary server to transmit a second query to request the data of interest based at least in part on utilizing a second exit IP address, different from the first exit IP address is disclosed. Various other aspects are contemplated.

Abstract: Certain aspects of the present disclosure provide techniques for entering user credentials through a proxy. One example method generally includes receiving, at a user device, a push request for user data from a cloud server and receiving a request file from an aggregation system. The method further includes injecting user credentials stored on the user device into the request file, wherein when injected the user credentials replace at least one dummy entry of the request file, and transmitting the request file to a data source associated with the request file. The method further includes receiving user data from the data source and transmitting the user data to the aggregation system.

Abstract: Secrets such as secure session cookies for a web browser can be protected on a compute instance with multiple layers of encryption, such as by encrypting key material that in turn controls cryptographic access to the secret. A compute instance can be instrumented to detect when a process attempts to decrypt this key material so that the process requesting decryption can be compared to authorized or legitimate users of the secret.

Abstract: A data transcoding device includes a memory device for storing clear data containing private information and a processor configured as a data transcoder. The processor is configured to create packets of the clear data, prepare the packets for transcoding the clear data into an indecipherable multimedia data file appearing as noise, by determining properties of the indecipherable multimedia file based on parameters of the clear data. The processor is configured to generate the indecipherable multimedia file by transcoding the clear data based on the determined properties.

Abstract: Randomizations of a web page may be generated in advance and provided to a client. The client may store the randomizations in its cache. Multiple randomizations for the same web page may be provided to the client and stored in the client's cache. When a request for a web page is made, it is determined if the client has any cached randomizations. Randomizations for the probable next web page to be requested by the client may be provided to the client for storage in the cache. For example, the probability that a link will be clicked or a website visited may be determined. Those web pages and websites with higher probabilities may be determined. Randomizations for those web pages are then provided to the client for use.

Abstract: A method is provided for securely providing data for use in a consumer electronics device having a processor performing instructions defined in a software image. The method includes receiving the data encrypted according to a global key, further encrypting the data according to a device-unique hardware key, storing the further encrypted data in a secure memory of the consumer electronics device, providing the global key to a whitebox encoder for encoding according to a base key to generate a whitebox encoded global key, and transmitting the software image to the consumer electronics device for storage in an operating memory of the consumer electronics device, the software image having a whitebox decoder utility corresponding to the whitebox encoder and the whitebox encoded global key.

Abstract: Cryptographically secure data communications between layered groups of devices in a wireless cooperative broadcast network encrypts datagrams twice prior to transmission by a source device, first using an inner layer key that is shared by a first group of devices, and second using an outer layer key that is shared by a second group of devices; the devices of the first group being members of the second group. Received datagrams are recovered by first decrypting with the outer layer key and second decrypting with the inner layer key.

Abstract: A system, apparatus, method, and machine readable medium are described for performing advanced authentication techniques and associated applications. For example, one embodiment of a method comprises: receiving a policy identifying a set of acceptable authentication capabilities; determining a set of client authentication capabilities; and filtering the set of acceptable authentication capabilities based on the determined set of client authentication capabilities to arrive at a filtered set of one or more authentication capabilities for authenticating a user of the client.

Abstract: A control apparatus includes: at least one memory configured to store instructions; and at least one processor configured to execute the instructions to: control communication in a vehicle by setting a control entry to a plurality of switches relaying, by referring to the control entry, a packet input to and output from an ECU installed in the vehicle, and perform an authentication processing for a device attempting communication with the ECU via any one of the plurality of switches. The control sets, to the switch, a temporary control entry realizing the communication between the device and ECU when authentication of the device is successful.

Abstract: A node provides a service to a client node in a network. The node is configured to execute a code for providing the service to the client node in an enclave of a trusted execution environment (TEE) and to execute a code library in the enclave to attest to the client node the identity of the service provided. The service provided to the client node may be a distributed service including a result of a cooperation of a plurality of neighbor nodes, which are connected to the node either directly or through other intermediate nodes. The code library is configured to attest to the client node the identity of the distributed service.

Abstract: Techniques for training and using models to analyze multiple attributes of an authentication, and detect anomalous authentications that may include security threats. An authentication platform may use historical authentication data to train models to identify common attributes for authentications of users, and the training may be performed without the use of labels. For instance, models may be trained for each attribute of the historical authentications (e.g., geographic location, type of authentication method, type of device, time of day, etc.) to “learn” common behaviors of users across attributes of historical authentications. The models can then be applied to new authentications to determine, on an attribute-by-attribute level, whether or not new authentications are anomalous as compared to historical authentications by the user.

Abstract: Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service.

Abstract: A system for providing single sign-on comprises an authentication server, multiple application servers and multiple computing devices. An application server directs a web browser running on a computing device to the authentication server. If the authentication server cannot authenticate the user based on the request it receives, it causes the browser to contact a web server of a local device agent also running on the computing device. The device agent determines whether a token for authenticating the user is available and if so, transmits a response which includes the token. If the authentication server can authenticate the user based on the token, it transmits a response which includes authentication information associated with the token and which causes the browser to direct to the application server. This reduces the number of times the user must authenticate himself without compromising security or requiring adapted web browsers.

Abstract: Disclosed are various approaches for workflow service back end integration. In some examples, a workflow service identifies a workflow action and a user account that is responsible for the workflow action. A command to present the workflow action for user authorization is transmitted to a client device associated with the user account. The workflow service transmits a command to perform the workflow action based on an identification of the user authorization.

Abstract: A method and apparatus are described including logging on to an account on the shared server based on credentials, transmitting a request to the shared server for a list of smart devices registered to the account, receiving the list of smart devices from the shared server, linking to a selected one of the smart devices from the list of smart devices received from the shared server; and transmitting a smart device command to the selected smart device. Also described are a method and apparatus including receiving credentials from a client device to log-on to an account, receiving a request from the client device for a list of smart devices registered to the account and transmitting the list of smart devices to the client device.

Abstract: Methods for securing an electronic communication is provided. Methods may include, in a registration process, creating and/or selecting an anti-phish, personalized, security token for a predetermined avatar. Methods may include, in the registration process, storing the token in a database. Methods may include, in an in-use process, generating an electronic communication at a virtual kiosk in a metaverse. Methods may include, in the in-use process, forwarding an electronic communication from the virtual kiosk to the avatar. The avatar may be associated with the account. Methods may include, in the in-use process, intercepting the communication at an edge interface. Methods may include, in the in-use process, selecting, from the database, the anti-phish, personalized, security token that is associated with the account. Methods may include, in the in-use process, injecting the selected token into the communication.

Abstract: A system or method for hosting and managing FIDO authenticators in local network or cloud for users in a shared multi-user environment; which receives an authentication request initiated by a relying party application on a computing device via Web Authentication (WebAuthn) interface; and uses unique identifiers (such as RFID tags) to distinguish the hosted authenticators associated with each user to forward the authentication request; and receiving a response to that authentication request from the hosted authenticator on the local network or cloud; and transmitting the authentication response back to the sender application on the computing device for authentication purposes.

Abstract: The present disclosure relates to network security software cooperatively configured on plural nodes to provide authenticated and authorized communication, node protection, and prevention of a compromised node from contaminating other nodes.

Abstract: Example subscription information configuration methods and a communications device are described. One example method includes receiving a first device identifier by a network device from a first terminal device in a first access mode and receiving a second device identifier from a second terminal device in a second access mode. The network device determines whether the first device identifier matches the second device identifier to identify legality of the first terminal device. If the first device identifier matches the second device identifier, it indicates that the first terminal device is a legal terminal device. The network device sends subscription information of the first terminal device to the first terminal device in the first access mode, so that the first terminal device successfully accesses a network by using the subscription information.

Abstract: A method including receiving, at a processor, credential requests for accessing the VPN environment from a first user device using a first interface and from a second user device using a second interface; transmitting, to the first user device, a first credential based at least in part on the first user device using the first interface; and transmitting, to the second user device, a second credential based at least in part on the second user device using the second interface, the first credential being different from the second credential. Various other aspects are contemplated.

Abstract: A system controls access to target servers in a network and includes: a user interface accessible to the target servers; a memory storing a database providing information to the interface; and a server implementing a discovery engine discovering user rights stored at the target servers and delivering the stored user rights to the database, and a trigger engine. The trigger engine is invoked by detection of a request to add or delete a user or group to a list of privileged groups from a first target server, updates the user rights at a local cache on the first target server, and delivers the updated user rights to database. The trigger engine modifies the discovery engine based on the detection of the request. A local security account manager database is changed to insert or remove a domain account to a local group, in response to the request.

Abstract: A system for licensing an application or feature for use on a wireless mobile device is disclosed. The wireless device is provided to a user with a licensable application or feature, but the application or feature has not been fully authorized for use. When the wireless device receives a request to use the application or feature, the device operates the requested application or feature, and generates an irrevocable license request. The license request is transmitted to a license server at a time convenient for the device. The license server generates a license certificate to the application or feature, and transmits the license certificate to the wireless mobile device. The device receives the license certificate, which is stored in local memory. The application or feature is now fully licensed for future operation on the wireless mobile device. The license server operates accounting processes to generate license reports and license accounting information.

Abstract: In one embodiment, a method is provided for customization of a mobile communications device's data session retry mechanism in a wireless packet data service network. The mobile communication device requests activation of a data session with a node via the wireless network and receives a reject message via the wireless network in response to the request for activation of the data session, the reject message including a cause code. If the cause code corresponds to a no-retry behavior of the data session retry mechanism of the mobile communication device, the mobile communications device no longer requesting activation of a data session with the node.