Abstract: A method for allowing a user equipment (UE) and a base station (BS) to transmit and receive uplink (UL) signals in a wireless communication system is disclosed.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: One or more computing devices, systems, and/or methods for presenting augmented reality (AR) experiences and/or sharing AR objects are provided. For example, a request to initiate an AR experience may be received from a device associated with an email account. A real time view of a camera of the device may be displayed using an AR interface, where a set of AR objects are overlaid onto the real time view of the camera. An edited set of AR objects may be generated based upon one or more inputs corresponding to one or more edits to the set of AR objects. The edited set of AR objects may be overlaid onto the real time view of the camera. An email comprising the edited set of AR objects may be transmitted to one or more email accounts responsive to receiving a second request to share the edited set of AR objects.

Abstract: A segmentally extendable modular handheld flashlight and a respective kit-of-parts for assembling the same are described, in which at least one battery segment configurable as an electric charger, in a dismantled conformation.

Abstract: An electronic device is provided. The electronic device includes an interface, and a processor configured to receive an input of a user, output an audio signal by using a first external device connected to the electronic device through the interface, in response to the input of the user, obtain an audio signal reflected on a part of the user of the outputted audio signal, by using the first external device, authenticate the user by using the reflected audio signal and execute a specified function in a unlocked state of the electronic device when the user is a user authenticated for the electronic device.

Abstract: Server resources in a data center are disaggregated into shared server resource pools. Servers are constructed dynamically, on-demand and based on workload requirements, by allocating from these resource pools. A disaggregated compute system of this type keeps track of resources that are available in the shared server resource pools, and it manages those resources based on that information. Each server entity built is assigned with a unique server ID, and each resource that comprises a component thereof is tagged with the identifier. As a workload is processed by the server entity, its composition may change, e.g. by allocating more resources to the server entity, or by de-allocating resources from the server entity. Workload requests are associated with the unique server ID for the server entity. When a workload request is received at a resource, it matches its unique server ID to that of the request before servicing the request.

Abstract: A method for controlling exposure of sensitive data though a logging system is provided. The method comprises: upon receiving a request by the request handler, determining sensitive data as part of the request by applying a rule, converting the data into a transformed format, and registering the data together with a related data field label with a log handler. Then, upon receiving by the log handler a log entry, converting each expression of the log entry into the transformed format, and comparing each transformed expression with each of the sensitive data in the transformed format. Upon determining a match of one of the transformed expressions with one of the sensitive data in the transformed format, the method comprises issuing an alert indicating that the log entry comprises sensitive data.

Abstract: A cloud computing system includes a hub client instance and at least one spoke client instance that is generated based on copying the hub client instance. The hub client instance includes hub objects maintained using hub object tables, and the spoke client instance includes spoke objects that are copied from the hub objects and are maintained using spoke object tables. To synchronize the spoke client instance with the hub client instance, the spoke client instance requests data indicating changes made to the hub object tables. The request may be one-way, such that the spoke client blocks or prevents requests from the hub client instance. In response to receiving the request, the hub client instance sends the data indicating changes made to the hub object tables to the spoke client instance. The spoke client instance updates the spoke object tables based on the data.

Abstract: A query is received from a user. A query event type and a query time range associated with the query are determined. An estimated amount of data to be queried associated with the determined query time range is determined based on at least a historical number of the query event type of the user. An allowable amount of data to be queried supported by a database for a single query is determined. One or more sub-queries for the received query are generated. Each sub-query is associated with a different time period within the determined query time range. A corresponding amount of data to be queried associated with each time period is less than, or equal to, the determined allowable amount of data to be queried. The database is queried with the generated one or more sub-queries.

Abstract: Example techniques locate or identify malware based on events from or at monitored computing devices. A control unit can detect a sequence of events of various types. The control unit can locate a loop within the sequence of events based at least in part on relative frequencies of the event types. The control unit can determine a distribution of event types of the events within the loop, and determining that software running the sequence is associated with malware based at least in part on the distribution of event types within the loop. In some examples, the control unit can locate a point of commonality among a plurality of stack traces associated with respective events within the loop. The control unit can determine a malware module comprising the point of commonality.

Abstract: A method is provided for space-efficient bookkeeping using bit-level locking. Each row of a bookkeeping table stores binary data comprising a plurality of bits. Each bit of the plurality of bits corresponds to a particular message and a particular consumer of the message, and indicates whether the particular message has been dequeued by the particular consumer. The bookkeeping table is stored on-disk and data corresponding to the bookkeeping table is stored in volatile memory. When a message is dequeued the in-memory bookkeeping data is updated, and the bookkeeping table is updated based on the in-memory bookkeeping data when the dequeue is committed.

Abstract: A method for network authentication of wireless devices at a gateway is provided that includes scanning a wireless network by the gateway to discover unjoined wireless devices, joining a discovered wireless device to the gateway using a non-internet protocol implemented by the wireless device, wherein the joining results in an encrypted connection between the gateway and the wireless device, and authenticating the discovered wireless device to the gateway via the encrypted connection, wherein authentication is performed according to an authentication protocol of a network protocol management layer of the gateway.

Abstract: Systems, methods, and apparatuses for providing a customer a central location to manage permissions provided to third-parties and devices to access and use customer information maintained by a financial institution are described. The central location serves as a central portal where a customer of the financial institution can manage all access to account information and personal information stored at the financial institution. Accordingly, the customer does not need to log into each individual third-party system or customer device to manage previously provided access to the customer information or to provision new access to the customer information.

Abstract: A system, apparatus, and method for expediting the authorization of an electronic payment transaction. Authorization of a transaction at a node of an authorization network is the result of inferring the trustworthiness of a customer to the transaction using data obtained from a different node of the authorization network. The authorization process is expedited by relying on the previous authentication decision of another node, where the previous decision may have been made based on a different payment device or different user inputs. The invention uses a decision made by a first node in the authorization network as a proxy for the authorization decision at a different node, thereby transferring the trustworthiness of a consumer, consumer's device, payment device, or other aspect of the transaction from the first node to the second.

Abstract: An embodiment of a method for securing stored data includes assigning a first user security label to a first user. The method further includes adding an object compartment created by the first user to the first user security label assigned to the first user. The method further includes assigning the object compartment to an object created by the first user by creating the object compartment in an object security label. The method further includes enabling a second user to access to the object created by the first user by assigning the object compartment assigned to the object to a second user security label of a second user. The method further includes determining, by a processing device, whether to permit the second user to access to the object based at least in part on the object security label and the second user security label.

Abstract: Mechanisms for obtaining performance metric information securely are provided. A first application server executing on a computing device comprising a processor establishes that communications with a plurality of remote application servers utilize an encrypted communication protocol. Iteratively, over a period of time, each respective remote application server of the plurality of remote application servers is sent an encrypted message requesting performance metric information of the respective remote application server using the encrypted communication protocol. Over the period of time, encrypted requested performance metric information is received. The requested performance metric information is stored in a storage device.

Abstract: Methods, systems, and computer program products are described herein for supporting and negotiating multiple (e.g. static) application programming interface (API) versions across multiple products. Interoperable programs, such as different web browser applications, may provide simultaneous support for multiple versions of an API. An API and program-API adapters may be versioned to manage compatibility for asynchronously developed programs and APIs that may be asynchronously installed and updated in many computing environments. An adapter may comprise a versioned portion of program source code. In-development program code and APIs may be forked to create versioned snapshots of stable interfaces. An “in-development” version of an API and adapters may coexist with versioned APIs and adapters. Compatible version negotiation may occur, for example, during process launch. Negotiation may activate the highest API version supported by both programs.

Abstract: A method for synchronizing, in a browser state of a web browser application, both automatically-generated content and user-generated content includes retrieving, by a controller application executing on a first computing device, from a profile database, profile content. The method includes receiving, by a first browser application, from the controller application, a first request including automatically-generated content based on the retrieved profile content. The method includes transmitting, by the first browser application, a first network request, the network request including the automatically-generated content. The method includes synchronizing, by a second browser application, a browser state of the second browser application with a browser state of the first browser application. The method includes receiving, by the second browser application, a second request including user-generated content.

Abstract: A method and a device to communicate between a mobile terminal and at least two backend servers, and the method of the present invention includes the following steps: registering a user of the mobile terminal as a user of the first backend server; obtaining the coding information by the barcode image taken through decoding the mobile terminal; the first backend server parsing the coding information to determine whether the barcode image is generated according to a preset coding rule, if the barcode image is generated according to the preset coding rule, executing subsequent steps; if the barcode image is not generated according to the preset coding rule, stopping executing the method after the mobile terminal is connected to a webpage corresponding to the coding information; the mobile terminal extracting service information corresponding to the coding information according to the coding information; the second backend server providing a service to the mobile terminal.

Abstract: In particular embodiments, a data processing data inventory generation system is configured to: (1) generate a data model (e.g., a data inventory) for one or more data assets utilized by a particular organization; (2) generate a respective data inventory for each of the one or more data assets; and (3) map one or more relationships between one or more aspects of the data inventory, the one or more data assets, etc. within the data model. In particular embodiments, a data asset (e.g., data system, software application, etc.) may include, for example, any entity that collects, processes, contains, and/or transfers personal data (e.g., such as a software application, “internet of things” computerized device, database, website, data-center, server, etc.). For example, a first data asset may include any software or device (e.g., server or servers) utilized by a particular entity for such data collection, processing, transfer, storage, etc.

Abstract: Techniques are described for unified identity and access management (IAM) across multiple applications in a distributed (e.g., cloud) computing environment. Implementations provide for IAM across multiple applications through use of a single, unified IAM tool including an IAM interface. The IAM tool can manage user identity and user access rights for multiple applications in the platform environment. The IAM tool can also employ a unified IAM database, which stores user profiles that each describes user access rights for a user in one or more applications. Through use of the unified IAM tool, an operator can access a single interface to manage user identity and access privileges across multiple applications which may have their own identity management interfaces, with user roles in different applications mapped through use of an equivalency matrix in some cases. The IAM tool can be used to add, remove, or edit user access privileges for multiple applications.

Abstract: Causing data in an in-band storage device coupled to a host computing system to be transferred to an out-of-band (OOB) storage device includes coupling the in-band storage device to the OOB storage device, the in-band storage device detecting commands from the host computing system to transfer the data in the in-band storage device to a cloud storage, and the in-band storage device transferring the data in the in-band storage device to the to the OOB storage device in response to receiving a command from the host computing system to transfer the data in the in-band storage device to the cloud storage. The OOB storage device may be coupled to the cloud storage. Causing data in an in-band storage device to be transferred to an OOB storage device may also include causing data stored at the OOB storage device to be transferred to the cloud storage.

Abstract: Embodiments of mobile banking systems are described herein. Other examples and related methods are also disclosed herein.

Abstract: A method, article of manufacture, and apparatus for accessing data during data recovery. In some embodiments, this includes sending an I/O request from an application to an object, wherein the object is being recovered, establishing an I/O intercept, intercepting the application's I/O request with the I/O intercept, and redirecting the I/O request based on the status of the object's sub-objects.

Abstract: One or more computing devices, systems, and/or methods for presenting augmented reality (AR) experiences and/or sharing AR objects are provided. For example, a request to initiate an AR experience may be received from a device associated with an email account. A real time view of a camera of the device may be displayed using an AR interface, where a set of AR objects are overlaid onto the real time view of the camera. An edited set of AR objects may be generated based upon one or more inputs corresponding to one or more edits to the set of AR objects. The edited set of AR objects may be overlaid onto the real time view of the camera. An email comprising the edited set of AR objects may be transmitted to one or more email accounts responsive to receiving a second request to share the edited set of AR objects.

Abstract: A method of provisioning organization users in a multi-tenant database system includes receiving a request via a single sign-on protocol from an organization user to create a new multi-tenant database user account for access to the multi-tenant database system. The method retrieves rules that specify how to derive user permissions for access to the multi-tenant database system from stored user attributes of the organization user. The method continues with applying the rules to the stored user attributes to determine permissions for the users to access particular objects in the multi-tenant database system, and creating the new user account with the determined user permissions for access to the multi-tenant database system.

Abstract: In accordance with an example embodiment of the present invention, a method comprising: initiate, by a user equipment, a search of at least one carrier frequency as part of an initial access procedure; determine possible values for a first parameter and a second parameter based on the at least one carrier frequency, wherein the first parameter relates to a synchronization signal block index and the second parameter relates to at least one of: a periodicity and a synchronization signal block configuration; detect a reference signal from a first cell comprising signaling information indicating a first value for the first parameter and a second value for the second parameter; and synchronize timing for transmission and/or reception of data with the first cell based at least on the first value and the second value.

Abstract: A method and apparatus for processing service requests for non-transactional databases are disclosed. In the method and apparatus, the execution of a first operation may be initiated based at least in part on receiving a service request from a user. The first operation may be executed synchronously with receipt of the request. Further, one or more execution workflows may be provisioned for asynchronous execution of one or more other operations.

Abstract: Systems and methods are described for management of data transmitted between computing devices in a communication network. An administrative component can configure one or more devices in the communication path of messages to be exchanged by devices to interpret codes embedded in the communication messages. A receiving device can review incoming messages for one or more processing codes or instructions that are embedded in the portion of the communication typically utilized solely to identify the subject matter of the communication, generally referred to as the topic portion of the communication. The receiving devices can then process the embedded codes to determine how the communication message will be routed or otherwise processed.

Abstract: Devices and techniques are disclosed herein for verifying host generated physical addresses at a memory device during a host-resident FTL mode of operation to ameliorate erroneous or potentially malicious access to the memory device.

Abstract: A cloud-based access to child care planning and outcome resource is described. The resource allows multiple end-users to access content related to child care. Such content includes reports, table, graphs, multimedia, lists, forms, reminders, and/or other appropriate elements. The content may be presented via one or more graphical user interfaces (GUIs). Each such GUI may include various input elements such as tabs, buttons, icons, etc. and various content elements such as portlets, or frames, etc. Each GUI may be customized for a particular end-user and/or a particular group of end-users. In this way, an administrator or super-user may generate multiple GUIs, where each is associated with a user group (e.g., parents, teachers, administrators, etc.). In addition, each end-user may be able to customize the GUIs available to the end user. Such customization may include selection of input and/or content elements, layout of elements, graphical features, and/or other appropriate customizations.

Abstract: According to an embodiment of the present disclosure, a method for operating an electronic device includes displaying a result of recognizing at least one other electronic device as at least one item, and sending a message requesting the at least one other electronic device to output an identifiable signal.

Abstract: In an active-active system, if write lock permission is granted to a second storage array, a first storage array sends to-be-written data and a lock revocation request together to a lock server; the lock server sends a lock revocation request carrying the to-be-written data to the second storage array; after storing the to-be-written data, the second storage array sends a lock revocation success message to the lock server; the lock server gives the write lock permission to the first storage array; and the first storage array obtains the write lock permission and stores the to-be-written data.

Abstract: A structured query language server may receive a command from a backup control server to provision a virtual device and perform a backup operation on the structured query language server. The structured query language server may be configured to write data to the virtual device in order to be transmitted to a data storage service. The backup and restore operations directed to the structured query language server may include a web service application programming interface request to the data storage service to cause the data written to the virtual device to be stored as a data object in the data storage service.

Abstract: A system enables use of credentials, including determining that a user has been authorized by a first credential-issuing organization and enabling the user to use a first credential issued by the first credential-issuing organization based on the determination that the user has been authorized by the first credential-issuing organization. Trust data indicating whether the user should be enabled to use a second credential issued by a second credential-issuing organization as a result of the user having been authorized by the first credential-issuing organization is accessed. A determination is made that the accessed trust data indicates that the user should be enabled to use the second credential issued by the second credential-issuing organization as a result of the user having been authorized by the first credential-issuing organization, and the user is enabled to use the second credential.

Abstract: A machine implemented method for protecting a target domain and a source domain from unauthorized accesses. The method comprising: identifying an exit call gateway comprising an exit transition instruction and at least one exit access parameter, said exit access parameters restricting exit from said source domain; identifying an entry call gateway corresponding to said exit call gateway, said entry call gateway comprising a transition instruction and at least one entry access parameter, said entry access parameters restricting access to said target domain; determining that said exit access parameters and said entry access parameters are compatible with each other; and performing a context switch from said source domain to said target domain, when said exit access parameters and said entry access parameters are complied with.

Abstract: An information processing apparatus, backup method, and program product that enable efficient differential backup. In one embodiment, an information processing apparatus for files stored in a storage device includes: a metadata management unit for managing metadata of files stored in the storage device; a map generation unit for generating a map which indicates whether metadata associated with an identification value uniquely identifying a file in the storage device is present or absent; and a backup management unit for scanning the metadata to detect files that have been created, modified, or deleted since the last backup, and storing at least a data block and the metadata for a detected file in a backup storage device as backup information in association with the identification value.

Abstract: Implementations include providing a database system that a plurality of tenant systems interact with, providing a shared database schema and a plurality of tenant database schemas, the shared database schema including a shared table, and each tenant database schema being assigned to a respective tenant and including a view into the shared table, which includes a tenant specification field, and a row visibility field, the tenant specification field indicating a tenant, to which a respective row is assigned, and the row visibility field indicating visibility of a respective row to respective tenants.

Abstract: A method is disclosed that includes receiving a notification about an activity pertaining to a user, the notification being directed to a first application and a second application, and identity of the user being associated with a token. The method also includes identifying a first instance of the first application and a first instance of the second application at a user device of the user, and determining the first instance of the first application and the first instance of the second application are associated with the token. The method further includes selecting one of the first instance of the first application or the first instance of the second application to provide the notification at the user device based on the token, and providing the notification to the selected one of the first instance of the first application or the first instance of the second application at the user device.

Abstract: A system, apparatus, and method for expediting the authorization of an electronic payment transaction. Authorization of a transaction at a node of an authorization network is the result of inferring the trustworthiness of a customer to the transaction using data obtained from a different node of the authorization network. The authorization process is expedited by relying on the previous authentication decision of another node, where the previous decision may have been made based on a different payment device or different user inputs. The invention uses a decision made by a first node in the authorization network as a proxy for the authorization decision at a different node, thereby transferring the trustworthiness of a consumer, consumer's device, payment device, or other aspect of the transaction from the first node to the second.

Abstract: Provided are a computer program product, system, and method for processing a recall request for data migrated from a primary storage system having data mirrored to a secondary storage system mirroring data from the primary storage system to the at least one secondary storage system. The primary storage system receives a recall request to recall a data object that was migrated from the primary storage system to a remote storage location. The recall request is transmitted to each of the at least one secondary storage system to cause each of the at least one secondary storage system receiving the recall request to directly retrieve the data object from the remote storage location. The primary storage system retrieves the data object from the remote storage location in response to the recall request. The primary storage system returns complete to the recall request in response to the data object being confirmed as restored to the primary storage system and the at least one secondary storage system.

Abstract: Method, system, and programs for performing two-factor authentication for a controlled access application via one or more third-party host verification servers. An example method includes receiving a request to a controlled access application after a user has successfully logged into an enterprise system with a first Identifier (ID) factor, the controlled access application requiring additional authentication with a second ID factor, obtaining first information to complete the second ID factor, at least some of the first information being obtained from the user, and generating a first web form using the first information. The method also includes submitting the first web form to a host verification server, receiving an indication of successful verification from the host verification server; and initiating, in response to receiving the indication of successful verification, access to the controlled access application.

Abstract: An I/O-abstracted configuration is defined for a field device that has not yet been assigned or allocated to communicate via a particular I/O device or I/O network within a plant, and this configuration is stored in a device placeholder object in a back-end environment of the plant. Thereafter other objects, modules, applications, user interfaces, etc., that are to execute in the back-end environment of the plant to communicate with the field device during on-line operation of the plant may be designed, built, configured, and tested using the device placeholder object without any actual communications with the field device and without assigning the device placeholder object to a particular I/O channel or I/O network.

Abstract: A dynamic data minimization server implements minimization protocols to entity-specific information based on access rights (e.g., privacy rights) of a requesting entity. The minimization may be applied on the fly (e.g., as the entity-specific information is requested) and the level, type, protocol, etc., of encryption (or other minimization process) may be selected based on a particular type of a data item. The dynamic data minimization server may determine and apply transformation functions, such as encryption, to items of protected information, transforming those items of protected information into items of minimized information. If a requesting entity has appropriate rights, the dynamic data minimization server may selectively apply a reverse transformation function, such as decryption, to recover the original information.

Abstract: Systems and methods are provided for dynamically authorizing access to content stored on a front-end system by one or more applications hosted on a remote back-end system. The content stored on the front-end system may be static files. The front-end system may store content in distinct content storage locations. Each content storage location may correspond to a respective application hosted by the back-end system. In one embodiment, there may be multiple back-end systems each hosting one or more applications. Each application on the back-end system may employ operation logic to determine authorization to a content storage location associated with the application.

Abstract: Aspects of the present disclosure relate to the generation and delivery of content including unique and shared components. A content delivery network service provider can obtain requests for content from client computing devices. Based on information provided in the request or otherwise managed by executable code on the client computing device, the CDN service provider obtains one or more pieces of content that may be shared by more than one user or client computing devices. Additionally, the CDN service provider obtains one or more pieces of content that will not be shared by more than one user or more than one client computing device. Responsive to the content request, the CDN service provider can combine the one or more pieces of shared content and the one or more pieces of unique content and deliver the combined content to the requested client computing device.

Abstract: Embodiments of the present invention provide an automated network security system for dynamically managing network security rules. The system uses a cognitive engine to capture network traffic and analyze behavioral data about said network traffic. Based on analysis of the behavioral data, the system may identify one or more vulnerabilities in the network security system and determine one or more changes to the network security rules to remedy the one or more vulnerabilities. The system further uses a robotic process automation system to test, simulate, and implement the one or more changes to the network security rules for the network.

Abstract: Some embodiments include a method of providing security and privacy for a message sender. The method can include a messaging application determining that a messaging interface of the computing device is active and is revealing or about to reveal the electronic message. The messaging application can identify a recipient account of a messaging server system that is associated with the electronic message according to the electronic message or the messaging server system. The messaging application can then monitor a data feed from a sensor of the computing device to detect a biometric pattern that matches against a biometric profile model associated with the recipient account utilizing a biometric recognition process. In response to determining that the detected biometric pattern does not match the biometric profile model associated with the recipient account, the messaging application can activate a privacy shield to prevent content of the electronic message from being revealed.

Abstract: Among other things, a user of a browser is exposed simultaneously to three interfaces: A viewing interface for at least one image of a subject that is stored on a device on which the browser is running, a decision support interface that aids the user in determining the state of the subject based on the image, and a template interface that aids the user in capturing uniform descriptive information about the state of the subject. At least two of the viewing interface, the decision support interface, and the template interface operate cooperatively so that actions of the user with respect to one of the two interfaces causes changes in content exposed by the other of the two interfaces.

Abstract: A method of operating a storage device controller which controls a storage device includes receiving a debugging data request command through a peripheral component interconnect express (PCIe) interface of the storage device controller from outside of the storage device controller, and storing debugging data in a register included in the PCIe interface.