Abstract: A method for sharing content of a device is provided. The method includes receiving, by an inputter, an input of a share command of a selected content, recommending at least one service to share the content among a plurality of services that are available in the device and a share target, and sharing, by a controller, the content with the share target selected through the selected service based on a selection input with respect to the at least one recommended service and the share target.

Abstract: A method for operating a user equipment (UE) adapted to transmit beacons includes adjusting an initial beacon interval between successively transmitted beacons in accordance with a value of at least one parameter and a beacon configuration received from a network entity, thereby producing an adjusted beacon interval, and transmitting a beacon selected in accordance with the adjusted beacon interval in a beacon transmission opportunity determined in accordance with the initial beacon interval.

Abstract: Techniques for load balancing in a network of nodes can include a first node receiving and/or generating a request having an identifier, task description, and information regarding an entity originating the request. The first node can either perform the task and report back to the originating entity of the completion of the task, or forward the request to a random one of a plurality of other nodes with which the first node is communicatively connected.

Abstract: A data storage system creates, maintains and utilizes logical storage structures including (1) a pool of device extents on user devices, organized into data portions of mapped RAID groups each having a data portion and a RAID group metadata element having (i) a basic portion and (ii) a mapping portion mapping each set of device extents to logical RAID extents per RAID type, (2) a pool logical device (e.g., an internal mapped RAID) in the pool, storing the mapping portions of the metadata elements of the mapped RAID group, and (3) a system logical device on separate system devices, storing (i) the basic portions of the metadata elements of the RAID groups, and (ii) a pool metadata element including a pool mapping portion for the pool logical device.

Abstract: In a particular embodiment, a method includes receiving, at a server from a computing device coupled to a first network, a request to access a first web page via a second network. The method includes redirecting the computing device to a second web page in response to a determination that the computing device is not permitted access to the second network. The method further includes providing, to the computing device, baseline content and additional content associated with the second web page. The additional content is retrieved from a content management server.

Abstract: Systems and methods for facilitating a trusted platform module (TPM) or other protector mechanism that provides a device with a trusted device capability store. To provide the device with a trusted device capability store, a fingerprint of an endorsement key that is associated with the TPM or other protector mechanism can be imprinted into firmware of the device. By imprinting the fingerprint into the firmware, the device can determine whether or not the TPM or other protector mechanism the device is communicating with is the TPM or other protector mechanism associated with the device. The TPM or other protector mechanism can include the endorsement key, the trusted device capability store, and an access policy. The trusted device capability store can include one or more capabilities associated with the device. The access policy can indicate both unauthorized read access and authorized write access associated with the TPM or other protector mechanism.

Abstract: A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security.

Abstract: A user having remote device wants to access an application that requires that the user possess a user application cryptographic credential. If the application needs to verify the identity of the user, the user's remote device performs a cryptographic operation using the user application cryptographic credentials, and sends the result to the application. A configuration for securely distributing the user application cryptographic credentials includes at least one gateway located at an enterprise that is under the control of an enterprise administrator, and a controller that is not located at the enterprise but can be configured by the enterprise administrator to cooperate with the at least one gateway.

Abstract: A financial messaging apparatus configured to encapsulate and transmit a financial message along with actions to a mobile device. The actions relate to rules that are associated with characteristics of the financial message.

Abstract: Embodiments of the present invention generally relate to data processing and collection, further relate to a data processing method and a corresponding system, a data collecting method and a corresponding system. Particularly, the data processing method of the present invention comprises: obtaining position data; obtaining a position-function mapping relationship; and converting the position data into user behavior data according to the position-function mapping relationship. As compared to the prior art, at least one embodiment of the present invention has at least one of the following advantages: first, to collect user operations on a mobile terminal in a non-intrusive manner; second, to facilitate analysis performed on various applications of the mobile terminal.

Abstract: A request is received over a network to resolve a problem relating to a networked user device. The request is accepted in order to provide user service. Based on the request, one of multiple available diagnostic algorithms is selected to analyze user data related to a user's account to identify symptoms of the problem and diagnose a cause of the symptoms identified.

Abstract: Systems and methods described herein are directed to a template based deployment system providing settings across platform and physical infrastructures. The infrastructure can involve a server, storage, and a network. The platform can include various types of operating systems. A management server may be configured to manage various system elements, server virtualization and platform deployment. The management server may use policies based on a platform template, server profile, host storage profile, and host network profile. Infrastructure configurations may be determined by the management server, according to the platform type, and platform option settings in the platform template. The management server deploys the infrastructure and platform on top of the infrastructure using platform template and images.

Abstract: Example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to facilitate and/or support one or more operations and/or techniques for on-line account recovery.

Abstract: Disclosed are various embodiments for a computing device with an integrated authentication token. The computing device includes first circuitry having a processor and a memory and providing general-purpose computing capability. The computing device also includes second circuitry configured to generate data. The first circuitry is incapable of determining the data due to a separation from the second circuitry, and the first and second circuitry may be in a single enclosure.

Abstract: A method and system for controlling multi-tiered mitigation of cyber-attacks.

Abstract: Embodiments disclosed provide access to Traversal Using Relays around Network Address Translation (TURN) servers using trusted single-use credentials, and related methods, systems, and computer-readable media. In one embodiment, a method comprises receiving, by a TURN authentication agent, a request for a TURN server credential. Responsive to determining that the request is authorized, the agent generates a trusted single-use credential and transmits it to the requestor. Using this trusted single-use credential allows untrusted clients to access a TURN server without exposing a userid/password combination. In another embodiment, a method comprises receiving, by the TURN server, a request for a TURN service. The server challenges the request, and receives a userid and a password. Responsive to determining that the userid and the password constitute a trusted single-use credential and responsive to determining that the request is authorized, the server provides the TURN service for the requestor.

Abstract: Systems and methods which facilitate access to computing resources by cloud-based applications are described. Embodiments enable cloud-based applications to provide output to and/or obtain input from computing resources, such as printers, scales, scanners, and storage devices, for performing various functions. In operation according to embodiments, a user agent client application is executed by computing equipment in communication with a computing resource to which access is to be provided to one or more cloud-based applications. Although embodiments implement a user interface client application which is separate from a user agent client application, tight integration between a user interface client application and user agent client application may be provided. Embodiments not only facilitate operation whereby a cloud-based application is enabled to provide output to and/or obtain input from computing resources, but also facilitate remote and/or shared client interaction with such computing resources.

Abstract: A site asymmetric topology reconciliation module (SATRM) provides a stable topology for nodes located at different sites of the cluster during loss and reconnection of communication links between the sites. The SATRM monitors the cluster topology for changes in communication links between nodes. When there is an unstable cluster topology due to a loss in the communication links, the SATRM severs links to one or more sites to create a stable topology. When a communication links recovers, the SATRM merges sites to create a stable topology with the sites connected with the recovered communication links.

Abstract: An interface device may provide a first wireless network and a second wireless network in a user's premise. The interface device may encourage some user devices to connect to the second wireless network without controlling the user devices. For example, the interface device may receive a request from a device to access its first wireless network. The interface device may then determine whether the device is a premise device by, for example, searching a database of device registration information. The interface device may determine that the device is a premise device and deny the request to access the first wireless network. The device may then be available to access the second wireless network.

Abstract: Embodiments for performing an anticipatory networking are provided. These embodiments include detecting an action taken by a user of a wirelessly-enabled device, an automated action of the wirelessly-enabled device, or a current condition of the device; learning what future operations the wirelessly-enabled device will likely need to perform in order to carry out the desired user action or device action; creating a user profile based on the learned information; and proactively performing, based on the user profile, certain downstream operations before the data corresponding to those operations is actually needed. In some embodiments, the anticipatory networking techniques disclosed herein essentially represent the confluence of networking concepts and machine learning concepts, and as such, enable wireless communications having reduced latency, while also improving network reliability and device performance.

Abstract: In one embodiment, a network element comprises one or more processors, and a memory module communicatively coupled to the processor. The memory module comprises logic instructions which, when executed by the processor, configure the processor to receive, via a first communication channel, a primary authentication request transmitted from a user from a first device, process the primary authentication request to determine whether the user is authorized to access one or more resources, in response to a determination that the user is authorized to access one or more resources, initiate, a secondary authentication request, and transmit the secondary authentication request from the network element to the user via a second communication channel, different from the first communication channel.

Abstract: A method for synchronizing sensors. A ratio of a first data rate of the first sensor to the second data rate of the second sensor is 2n, where n is an element from the set of natural numbers. A central timer is started. A first countdown timer is generated based on the central timer and the first data rate, and a second countdown timer is generated based on the central timer and the second data rate. The first countdown timer and the second countdown timer are started periodically. The measurement by the first sensor begins at the latest when a first latency equals the value of the first countdown timer, and the measurement by the second sensor begins at the latest when the second latency equals the value of the second countdown timer.

Abstract: A method for delivering information on a serving mobile switching center server for an user equipment between a first communication network and a second communication network. The method includes a step of requesting an attachment of the user equipment to the second communication network by signaling between the user equipment and a network node of the second communication network, the signaling including at least part of information on the mobile switching center server serving the user equipment in the first communication network. Additionally, an user equipment and a network node implementing the aspects of the method are described.

Abstract: A method for execution by one or more processing modules of a dispersed storage network (DSN) includes receiving a data access request for at least one data segment stored in the DSN. One of a plurality of identity units is selected, based on the data access request. The method determines, via the selected one of the plurality of identity units, whether to allow the data access request. The data access request is processed, when the data access request is allowed via the selected one of the plurality of identity units.

Abstract: A networked computer system for remote RFID device management and tracking provides a means for quickly deploying and managing RFID based technologies, serving both large and small use cases. The remote management and auditing tools significantly reduce labor force requirements by removing the physical interaction requirement, and permit new possibilities since clients can manage devices from any internet connected locale. The low entry and operational costs permit solutions which provide RFID devices to end users and their devices.

Abstract: Web-based single sign-on can enable a user to log in to a single interface (such as through a web browser or thin client) and then provide SSO services to the user for one or more web applications. The web-based SSO system can be extended to support one or more different access control methods, such as form-fill, Federated (OIF), SSO Protected (OAM), and other policies. The web-based SSO system can include a user interface through which the user can access different web applications, systems, etc. and manage their credentials. Each SSO service can be associated with a web interface allowing the SSO services to be accessed over the web. The web interfaces can provide CRUD (create, read, update, delete) functionality for each SSO service. To support different access policy types, the web-based SSO system can include an extensible data manager that can manage data access to different types of repositories transparently.

Abstract: Embodiments of the present invention disclose a method for upgrading a version of a network device and a device. A specific solution is: configuring a forwarding plane of the network device to be a first forwarding plane and a second forwarding plane; performing, in the first forwarding plane, sampling on forwarded packets by using a preset sampling ratio, to obtain a sample packet; forwarding, by the second forwarding plane, the sample packet in a broadcast manner, to learn a MAC address; and when a quantity of MAC addresses learned by the second forwarding plane reaches a preset threshold, performing upgrade so that the second forwarding plane is used for packet forwarding of the network device. The technical solution can effectively avoid generation of a large quantity of broadcast packets during a version upgrade process, can help reduce network bandwidth that is excessively occupied, and avoid network congestion.

Abstract: At a first port of a switch device of a motor vehicle, a device identifier of a device of the motor vehicle is received. An authenticity test on the basis of the device identifier is performed. If a test result of the authenticity test is positive, communication data of the device addressed to at least one further device of the motor vehicle are received at the first port and transmitted in a first VLAN of a communication network of the motor vehicle to the at least one further device. If the test result is negative, the communication data are rejected at the first port. A diagnostic inquiry for the device is received from a diagnostic device at a second port of the switch device. Independently of the test result the diagnostic inquiry is forwarded via the first port to the device in a second VLAN of the communication network.

Abstract: Some aspects of the disclosure relate to automated quality control of a media asset. The quality control can comprise testing automatically various facets of content reproduction. In one embodiment, three facets can be tested: (1) access to a rendering unit configured to reproduce content of the media asset; (2) rendering of at least a portion of visual content of the media asset; and (3) rendering at least a portion of the aural content of the media asset. In one aspect, testing the rendering of the visual content can be differential in that features of the rendering can be monitored at a plurality of instants during content reproduction and can be compared for two or more instants of the plurality of instants. In another aspect, based on the comparison, the media asset can be deemed to pass the quality control and thus be accepted for consumption.

Abstract: A local monitoring system of a computer system to be monitored may receive a monitoring solution agent code portion and a first monitoring solution agent content portion. Version D may be assigned to the first content portion, and a status of version D may be set to active such that new end user sessions are initialized with a local agent comprising the code portion and version D. A second content portion may be uploaded and assigned to be version A. Responsive to an end user request, the status of version D may be set to ready and the status of version A may be set to active such that new sessions are initialized with an agent comprising the code portion and version A. A third content portion may then be uploaded and assigned to be version B. Responsive to an end user request, the status of version A may be to ready and the status of version B may be set to active such that new sessions are initialized with an agent comprising the code portion and version B.

Abstract: The inventive data processing system and method enable verifiable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable verification of identities of parties sending and receiving secured information, and ensuring that only an authorized receiving party gains access to the secured information, regardless of the type, model, ownership and/or quantity of biometric identity verification (BIV) systems being utilized by each party. Parties desiring to securely transfer information between one another register at a central security management system, and each provide at least one biometric enrollment to their unique record configured for storing multiple BIV system enrollments for each party.

Abstract: Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services.

Abstract: A computing apparatus for providing an integrated service engine on a network switch, including: one or more logic elements comprising a protocol engine operable for providing a state machine, wherein states of the state machine include: an add-in-progress state operable for receiving an automated policy-based routing (APBR) add transaction, and to set an add-in-progress flag; an add-complete state operable for receiving an APBR add-complete transaction and to clear the add-in-progress flag; a delete-in-progress state operable to receive an APBR delete transaction and to set a delete-in-progress flag; and a delete-complete state operable to receive an APBR delete-complete transaction and to clear the delete-in-progress flag.

Abstract: A proxy server receives from a client device a request to perform an action on an identified resource that is hosted at an origin server for a domain. The proxy server receives the request as a result of a DNS request for the domain resolving to the proxy server. The origin server is one of multiple origin servers that belong to different domains that resolve to the proxy server and are owned by different entities. The proxy server and the origin servers are owned by different entities. The proxy server analyzes the request to determine whether a visitor belonging to that request poses a threat. If the proxy server determines that the visitor poses a threat, the proxy server blocks the request and transmits a block page to the client device that indicates that the request has been blocked.

Abstract: An electronic device in a device-to-device network of a user of the electronic device communicates with a group of one or more other instances of the electronic via dynamic connections that are based on pre-established and maintained (i.e., long-lived) associations in the device-to-device network. Moreover, a given dynamic connection between the electronic device and a given instance of the electronic device in the group is setup by the electronic device without assistance of a computer in another network, which conveys the communication within the group. During operation, the electronic device: confirms that a second instance of the electronic device in the group (which is associated with a second user in the device-to-device network) is associated with a provider of the electronic device; and when the association is confirmed, communicates a message to the second instance of the electronic device at a location specified by one of the associations.

Abstract: A system, method, and computer program product are provided for managing services for a service provider at a device within proximity to a location of the service provider, utilizing logic of a centralized environment. In use, at least one real-time service managed for a service provider by a centralized environment is identified. Furthermore, logic of the centralized environment for the management of the at least one real-time service is deployed to at least one device within a predetermined proximity to a location of the service provider.

Abstract: Embodiments for domain name service (DNS) tunneling prevention by a processor. A DNS tunneling detection operation is requested to be performed upon receiving a DNS query. A response is generated based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity.

Abstract: Systems and methods for analyzing applications for risk are provided. In an example method, the applications reside on a mobile device that is configurable to access an enterprise system. The example method includes evaluating each of a plurality of applications variously for privacy, data leakage, and malicious behavior. The example method also includes calculating a risk score for each of the plurality of applications based on the evaluating; and automatically remediating (e.g., quarantining) the applications, of the plurality of applications, for which the risk score meets or exceeds a risk score threshold. The method may evaluate all of the applications residing on a mobile device. The method may include grouping application behaviors, for each of the applications, that indicate an increased risk into groups comprising two or more of privacy risk, a data leakage risk, an account takeover risk, a device takeover risk, and a malware risk.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.

Abstract: System and method for accessing a distributed storage system uses a storage-level access control process at a distributed file system that interfaces with the distributed storage system to determine whether a particular client has access to a particular first file system object using an identifier of the particular client and storage-level access control rules in response to a file system request from the particular client to access a second file system object in the particular first file system. The storage-level access control rules are defined for a plurality of clients and a plurality of first file system objects of the distributed storage system to allow the particular client access to the second file system object in the particular first file system object only if the particular client has been determined to have access to the particular first file system object according to the storage-level access control rules.

Abstract: A system 100 includes a first content delivery network 280(1) for a first type of user device, a second content delivery network 280(n) for a second type of user device and a content repository 274 communicating with the first content delivery network 280(1) and the second content delivery network 280(n). The first content is in a first format associated with the first content delivery network 280(1) and a second content associated with the second content delivery network 280(n). A content management system 221 generates a first content list for the first content delivery network 280 and generates a second content list for the second content delivery network 280(n). A content distribution system 260 communicates with the content management system and the first content delivery network and the second content delivery network. The content distribution system 260 transfers content to the first and second content delivery network from the content repository.

Abstract: In one embodiment, a method includes retrieving one or more access rules of a first user account of a plurality of accounts of a social network and storing the retrieved one or more access rules. The method also includes receiving a request from a first user to install a first application on a computing device, wherein the first user is associated with the first user account of the social network. The method further includes determining whether the first user is permitted to install the first application on the computing device based on the stored one or more access rules of the first user account of the social network.

Abstract: Hypervisors and guest operating systems/virtual machines communicate in virtual environments to enable applications and other services. Security measures are a concern in implementing a secure environment. One feature may include at least one of identifying a session initiation request from a guest operation system at a hypervisor component of a server and receiving periodic messages from the guest operating system, and establishing and maintaining a session and connection between the hypervisor and the guest operating system responsive to receiving the periodic messages from the guest operating system.

Abstract: An injection engine monitors whether a pattern of a current selection of web address requests in outbound web traffic for a user matches one or more web usage patterns that allow for identifying the user based on the current selection of web address requests. The injection engine, responsive to detecting the pattern of the current selection of web address requests by the user matches the one or more web usage patterns, injects one or more random valid web address requests into the outbound web traffic for the user, wherein the one or more random valid web address requests obscure the current selection of web address requests from using the one or more web usage patterns.

Abstract: Provided is a method for guaranteeing the processing of a control operation in a wireless communication system, and the method is performed by a first machine-to-machine (M2M)/Internet of Things (IoT) device and can comprise the steps of: transmitting, to a third M2M/IoT device, a resource generation request for delivering a control message for directing a control operation of a second M2M/IoT device, wherein the resource generation request includes the contents of the control message, an indicator requesting a processing guarantee of the control operation or an identifier of the resource generation request; receiving a resource generation response to the resource generation request from the third M2M/IoT device; receiving a control result notification including a processing result of the control operation according to the indicator from the third M2M/IoT device, wherein the control result notification includes the identifier of the resource generation request; and checking whether the contents of the control

Abstract: According to one embodiment of the present invention, a method of selecting a synchronization source, which is selected by a D2D (device-to-device) UE in a wireless communication system includes the steps of receiving a plurality of synchronization signals, selecting a plurality of candidate synchronization signals from a plurality of the synchronization signals and determining a synchronization signal in a manner of applying a priority to a plurality of the candidate synchronization signals and selecting a UE, which has transmitted the determined synchronization signal, as a synchronization source. In this case, the application of the priority can be performed in a manner of sequentially applying a plurality of priorities related to a D2D signal according to a priority for the application of the priority.

Abstract: A method for preserving a media access control (MAC) address of a virtual server is provided. The method includes assigning a physical computing resource to a virtual server, assigning a physical storage memory resource to the virtual server, and assigning a physical network resource to the virtual server. The method includes assigning a virtual MAC address to the virtual server, the virtual MAC address to remain with the virtual server despite reassignment of one or more of the physical computing resource, the physical storage memory resource or the physical network resource, wherein at least one method operation is performed by a processor. A computing and storage system is also provided.

Abstract: Disclosed is a method, system, and program for providing access to spatial data. A request for data is received. Enterprise and third party data are integrated. The integrated data is processed. Spatially referenced results are generated using the processed data. The spatially referenced results are returned in response to the request.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.

Abstract: A method, computer program product and system uses a tiered priority system having three types of callout messages for use by a transaction processing system: (i) callout with a reserved path; (ii) callout with priority; and (iii) default priority callout with sharing mode. An online transaction program (OTP) issues a “reserve call” associated with a “callout with a reserved path”. In response, a reserve call processor initiates an asynchronous request to build an express socket path, and returns a special dispatchable unit of work identifier (special DUOW ID). The OTP subsequently issues any number of callouts to be sent on the express socket path using the special DUOW ID. A callout with priority dynamically allocates a path for sending a callout message, without queuing. A sharing mode combines a group of callout messages (types (i), (ii), and/or (iii) above) into a single TCP/IP send without queuing.