Abstract: A system 100 includes a first content delivery network 280(1) for a first type of user device, a second content delivery network 280(n) for a second type of user device and a content repository 274 communicating with the first content delivery network 280(1) and the second content delivery network 280(n). The first content is in a first format associated with the first content delivery network 280(1) and a second content associated with the second content delivery network 280(n). A content management system 221 generates a first content list for the first content delivery network 280 and generates a second content list for the second content delivery network 280(n). A content distribution system 260 communicates with the content management system and the first content delivery network and the second content delivery network. The content distribution system 260 transfers content to the first and second content delivery network from the content repository.

Abstract: A system, method, and computer program product are provided for managing services for a service provider at a device within proximity to a location of the service provider, utilizing logic of a centralized environment. In use, at least one real-time service managed for a service provider by a centralized environment is identified. Furthermore, logic of the centralized environment for the management of the at least one real-time service is deployed to at least one device within a predetermined proximity to a location of the service provider.

Abstract: System and method for accessing a distributed storage system uses a storage-level access control process at a distributed file system that interfaces with the distributed storage system to determine whether a particular client has access to a particular first file system object using an identifier of the particular client and storage-level access control rules in response to a file system request from the particular client to access a second file system object in the particular first file system. The storage-level access control rules are defined for a plurality of clients and a plurality of first file system objects of the distributed storage system to allow the particular client access to the second file system object in the particular first file system object only if the particular client has been determined to have access to the particular first file system object according to the storage-level access control rules.

Abstract: Systems and methods for analyzing applications for risk are provided. In an example method, the applications reside on a mobile device that is configurable to access an enterprise system. The example method includes evaluating each of a plurality of applications variously for privacy, data leakage, and malicious behavior. The example method also includes calculating a risk score for each of the plurality of applications based on the evaluating; and automatically remediating (e.g., quarantining) the applications, of the plurality of applications, for which the risk score meets or exceeds a risk score threshold. The method may evaluate all of the applications residing on a mobile device. The method may include grouping application behaviors, for each of the applications, that indicate an increased risk into groups comprising two or more of privacy risk, a data leakage risk, an account takeover risk, a device takeover risk, and a malware risk.

Abstract: An electronic device in a device-to-device network of a user of the electronic device communicates with a group of one or more other instances of the electronic via dynamic connections that are based on pre-established and maintained (i.e., long-lived) associations in the device-to-device network. Moreover, a given dynamic connection between the electronic device and a given instance of the electronic device in the group is setup by the electronic device without assistance of a computer in another network, which conveys the communication within the group. During operation, the electronic device: confirms that a second instance of the electronic device in the group (which is associated with a second user in the device-to-device network) is associated with a provider of the electronic device; and when the association is confirmed, communicates a message to the second instance of the electronic device at a location specified by one of the associations.

Abstract: Embodiments for domain name service (DNS) tunneling prevention by a processor. A DNS tunneling detection operation is requested to be performed upon receiving a DNS query. A response is generated based on the DNS tunneling detection operation such that the DNS tunneling detection operation indicates in the response that the DNS query for a domain name is associated with DNS tunneling activity.

Abstract: A method for cyber security, including detecting, by a management server, a breach by an attacker of a resource within a network of resources, predicting, by the management server, an attacker target subnet, based on connections created during the breach, and isolating, by the management server, the target subnet in response to the predicting a target subnet.

Abstract: In one embodiment, a method includes retrieving one or more access rules of a first user account of a plurality of accounts of a social network and storing the retrieved one or more access rules. The method also includes receiving a request from a first user to install a first application on a computing device, wherein the first user is associated with the first user account of the social network. The method further includes determining whether the first user is permitted to install the first application on the computing device based on the stored one or more access rules of the first user account of the social network.

Abstract: Hypervisors and guest operating systems/virtual machines communicate in virtual environments to enable applications and other services. Security measures are a concern in implementing a secure environment. One feature may include at least one of identifying a session initiation request from a guest operation system at a hypervisor component of a server and receiving periodic messages from the guest operating system, and establishing and maintaining a session and connection between the hypervisor and the guest operating system responsive to receiving the periodic messages from the guest operating system.

Abstract: An injection engine monitors whether a pattern of a current selection of web address requests in outbound web traffic for a user matches one or more web usage patterns that allow for identifying the user based on the current selection of web address requests. The injection engine, responsive to detecting the pattern of the current selection of web address requests by the user matches the one or more web usage patterns, injects one or more random valid web address requests into the outbound web traffic for the user, wherein the one or more random valid web address requests obscure the current selection of web address requests from using the one or more web usage patterns.

Abstract: Provided is a method for guaranteeing the processing of a control operation in a wireless communication system, and the method is performed by a first machine-to-machine (M2M)/Internet of Things (IoT) device and can comprise the steps of: transmitting, to a third M2M/IoT device, a resource generation request for delivering a control message for directing a control operation of a second M2M/IoT device, wherein the resource generation request includes the contents of the control message, an indicator requesting a processing guarantee of the control operation or an identifier of the resource generation request; receiving a resource generation response to the resource generation request from the third M2M/IoT device; receiving a control result notification including a processing result of the control operation according to the indicator from the third M2M/IoT device, wherein the control result notification includes the identifier of the resource generation request; and checking whether the contents of the control

Abstract: A method for preserving a media access control (MAC) address of a virtual server is provided. The method includes assigning a physical computing resource to a virtual server, assigning a physical storage memory resource to the virtual server, and assigning a physical network resource to the virtual server. The method includes assigning a virtual MAC address to the virtual server, the virtual MAC address to remain with the virtual server despite reassignment of one or more of the physical computing resource, the physical storage memory resource or the physical network resource, wherein at least one method operation is performed by a processor. A computing and storage system is also provided.

Abstract: According to one embodiment of the present invention, a method of selecting a synchronization source, which is selected by a D2D (device-to-device) UE in a wireless communication system includes the steps of receiving a plurality of synchronization signals, selecting a plurality of candidate synchronization signals from a plurality of the synchronization signals and determining a synchronization signal in a manner of applying a priority to a plurality of the candidate synchronization signals and selecting a UE, which has transmitted the determined synchronization signal, as a synchronization source. In this case, the application of the priority can be performed in a manner of sequentially applying a plurality of priorities related to a D2D signal according to a priority for the application of the priority.

Abstract: A device may include an authentication server and a server. The authentication server may receive a first form of a password from a client device in accordance with an authentication protocol, and authenticate the client device based on a comparison of the first form to a value derived from a second form of the password stored in a password database, where the comparison fails when the first form is not comparable to a value derived from the second form. The server may establish a secure connection to the client, receive a plain-text password from the client device over the secure connection, authenticate the client device by comparing a value derived from the plain-text password with a value derived from the second form, and update the password database with a third form of the password that permits the authentication server to successfully authenticate the client device when the authentication server receives the first form.

Abstract: Disclosed is a method, system, and program for providing access to spatial data. A request for data is received. Enterprise and third party data are integrated. The integrated data is processed. Spatially referenced results are generated using the processed data. The spatially referenced results are returned in response to the request.

Abstract: A method, computer program product and system uses a tiered priority system having three types of callout messages for use by a transaction processing system: (i) callout with a reserved path; (ii) callout with priority; and (iii) default priority callout with sharing mode. An online transaction program (OTP) issues a “reserve call” associated with a “callout with a reserved path”. In response, a reserve call processor initiates an asynchronous request to build an express socket path, and returns a special dispatchable unit of work identifier (special DUOW ID). The OTP subsequently issues any number of callouts to be sent on the express socket path using the special DUOW ID. A callout with priority dynamically allocates a path for sending a callout message, without queuing. A sharing mode combines a group of callout messages (types (i), (ii), and/or (iii) above) into a single TCP/IP send without queuing.

Abstract: A method, Over-The-Top (OTT) content provider server, Content Delivery Network (CDN) Redirector server, and CDN delivery server for managing bandwidth while delivering electronic content utilizing OTT adaptive streaming to a plurality of client devices at a customer premises. The OTT content provider server receives client device priorities from a customer and stores in a customer profile, a device weighting for each of the plurality of client devices. The OTT content provider server also stores an indication of an available bandwidth of a premises connection at the customer premises. When each client device requests OTT content, a delivery server in a CDN allocates a bitrate for the requesting client device based on the available bandwidth for the premises connection and the device weighting of the requesting client device, and delivers the requested OTT content to the requesting client device at the allocated bitrate.

Abstract: A streams manager determines which portions of a streaming application process sensitive data, and when performance of the streaming application needs to be increased, selects based on the sensitive data which portion(s) of the streaming application can be moved to a public cloud. The streams manager then interacts with the public cloud manager to move the selected portion(s) of the streaming application to the public cloud. This may include cloning of processing elements or operators to a public cloud, then splitting tuple attributes so tuple attributes that do not include sensitive data can be processed in the public cloud while tuple attributes that include sensitive data are processed in a secure system. The tuple attributes are then recombined into full tuples in the secure system. The streams manager thus protects the integrity of sensitive data while still taking advantage of the additional resources available in a public cloud.

Abstract: Crafted identities are provided. A statement is provided to the principal for using a crafted identity. The statement includes an identifier that provides access to a resource when presented by the principal to the resource. The statement also includes one or more roles and permissions for the crafted identity when accessing the resource.

Abstract: A content delivery method, and related apparatus, that involves the operations of receiving a request for a content resource including at least one embedded resource with a tag. Upon identification of the tag, using at least one delivery parameter to generate a modified embedded resource. Embedding the modified embedded resource in a content resource, such as as an HTML document. Delivering, such as in response to request from a browser, the content resource with the modified embedded resource.

Abstract: Configurations of computing resources established on a web-based computing service can be monitored, managed and controlled. According to an embodiment, a configuration compliance service is implemented. Policy rules governing attributes of configuration states for computing resources in a subscriber's account are defined. The computing resources in the account are monitored for changes to configuration states. In response to detection of a change to a configuration state that violates a rule, a predefined action is taken. The predefined action can include sending a notification to the subscriber's account, reconfiguring the configuration state of the computing resource, and deactivating the computing resource.

Abstract: A system and method provides security features for inter-computer communications. After a user has proved an association with one of several firms, a user identifier of the user that cannot be used to log the user in to a data consolidating system is received by a matching system from the data consolidating system. The validity of the user and the firm is checked at the matching system and, in response to the checking, the user identifier is converted to a different user identifier and the different user identifier is provided to a data providing system by the matching system. The data providing system provides the data of the user in response, and the matching system forwards the data to the data consolidating system.

Abstract: A relay device relays a signal between a first network and a second network. The relay device includes a first circuitry to wirelessly communicate with a wireless terminal over the first network and communicate with a first relay device over the second network. The relay device includes a second circuitry to detect a communication request transmitted by the wireless terminal. The relay device includes a third circuitry to decide whether relay of object information corresponding to the communication request is able to be completed with the wireless terminal while the wireless terminal stays within a wireless communication range of the relay device, and causes the first circuitry to transmit a request signal to request to relay a part or a whole of the object information to the first relay device instead of said relay device when a result of decision indicates that the relay is not able to be completed.

Abstract: A storage device of an example shop server stores, with respect to each of users of an information processing apparatus, user authority information indicating authority given to the user, together with user identification information for identifying the user. The user authority information is associated with the information processing apparatus used by the user corresponding to the user authority information. When the shop server has received from an information processing apparatus through a communication apparatus the user identification information of a first user who uses the information processing apparatus, a processor of the shop server performs, on the basis of the user authority information of the first user and the user authority information of a second user associated with the same information processing apparatus, information processing based on the authority indicated by the user authority information of the first user and the user authority information of the second user.

Abstract: A network system for a vehicle includes one or more first communication controllers and one or more second communication controllers. The one or more first communication controllers transmit a message in a first communication scheme. The one or more second communication controllers are connected to the one or more first communication controllers through a network and transmit a message in a second communication scheme different from the first communication scheme. When a transmission controller selected from the one or more first communication controllers and the one or more second communication controllers transmits a message, a communication controller using a communication scheme different from that of the selected transmission controller stops its own message transmission and resumes its own message transmission once the message transmission of the selected transmission controller is complete.

Abstract: The present invention discloses a method and apparatus for processing a data packet in a software defined network SDN protocol-based network. The method comprises: receiving a data packet forwarded by a SDN switch in the network; obtaining a rule corresponding to a data flow where the data packet is located; determining, according to the received data packet, data flow characteristics of the data flow where the data packet is located; determining timeout information of the rule according to a predetermined matching relationship between the data flow characteristics and the timeout information, the timeout information indicating time that the rule will be kept in a flow table of the SDN switch; and sending the rule and the timeout information of the rule to the SDN switch for processing the data packet by the SDN switch according to the rule.

Abstract: Disclosed is a method for changing an AID in a wireless LAN system. The method for changing an AID of a terminal by an access point comprises: a step of receiving an AID reassignment frame from the access point; a step of extracting an AID reassignment counter value from the AID reassignment frame; and a step of changing the AID of the terminal to the new AID included in the AID reassignment frame after the beacon periods of the access point indicated by the AID reassignment counter value extracted from the AID reassignment frame reception time have elapsed. Thus, a conflict between AIDs can be prevented.

Abstract: Systems and method of providing personalized data by a public device are provided. In particular, a beacon device associated with a public computing device, such as a kiosk, can broadcast beacon data associated with the public computing device. The beacon data can include an identifier associated with the public device. The beacon data can be detected by a user device proximate the beacon device. The user device can then send user data to a remote computing device associated with the public device. The remote computing device can then update at least a portion of information to be provided by the public device based at least in part on the user data.

Abstract: Aspects of the present disclosure involve systems, methods, computer program products, and the like, for data center redundancy in relation to a computer network. In particular, the present disclosure provides for one or more available redundant data centers, or bunkers, associated with a computer network. In one embodiment, the bunker data centers are configured to absorb traffic intended for an application operating on a data center when the traffic threatens to overwhelm the application. For example, during a distributed denial of service (DDOS) attack, the bunker data centers are configured to absorb some of the traffic from the DDOS attack to prevent the application that is the target of the attack from being overwhelmed.

Abstract: A cloud storage system receives information associating a user's cloud storage account with a network service account associated with a service provider. The cloud storage system identifies files associated with the network service account, retrieves metadata associated with the files, and provides a list of the files and their associated metadata to the user. The metadata stored by the cloud storage system may indicate the context of the identified files within the network service account. In response to a user command, the cloud storage system may store one of the identified files in the cloud storage account, and may continue to provide the content of the stored file within the network service account even if the stored file is deleted from the network service account.

Abstract: A data processing network includes a database management for a plurality of databases serviced by a server comprising a plurality of data processors. Each server data processor includes a copy of the database management system and a monitor for measuring and analyzing various parameters for each server data processor and each included database and performing various methods transparently to a user. For example, when a parameter or combination thereof indicates that a database in one data processor is inactive or requires additional resources, that database is set to an inactive state or is transferred to another data processor with greater resources, respectively. An inactive database is recalled upon receipt of a request for access to that database. A database in a data processor of greater resources can be returned to a server data processor or another data processor with fewer resources. These operations are transparent to database users and independent of user or administrator intervention.

Abstract: Embodiments of the present invention disclose an application recommendation method, device, and system, which relate to the field of network technologies, and can recommend an application related to a service system to a user in real time according to location information of a terminal device and the service system, to save the user's time for querying the application. The method includes initiating a broadcast message to each service system located within a preset geographic location range, so that each service system returns a response message; and when an application corresponding to a response message of the service system is not installed in a terminal device, sending a download request to a server; and downloading and installing the application according to download information sent by the server.

Abstract: One embodiment provides a method including: obtaining, using a processor, at least one file; accessing, using a processor, context data associated with the at least one file; evaluating, using a processor, the context data associated with the at least one file against a rule set, wherein the rule set comprises information regarding file security settings; and automatically implementing, using a processor, a file security setting for the at least one file based upon the comparing. Other aspects are described and claimed.

Abstract: Content packs are provided for identifying a plurality of authorized web-based resources, wherein a web browser is configured to prevent access to web-based resources not identified by content packs installed in the web browser. Accordingly one or more of content packs are selected and installed in the web browser, and one or more featured resources are identified from a plurality of authorized web-based resources provided by the installed content packs. An account access page provided by the web browser is automatically configured with one or more access links corresponding to the one or more featured resources, with each featured resource providing a web-based entry point to one or more web-based resources made available by the installed one or more content packs.

Abstract: A system and method for facilitating electronic commerce over a network, according to one or more embodiments, includes communicating with a user via a user device over the network, distributing a resident application to the user device over the network, displaying a service icon on the user device, and receiving an authentication request from the user via the user device over the network. The service icon is linked to the resident application, and the authentication request includes user credentials inputted by the user via user selection of the service icon and resulting user access of the resident application. The system and method includes communicating with the resident application on the user device to request user confirmation of the authentication request, receiving user confirmation from the user via the user device over the network, authorizing the authentication request, and notifying the user of the authorized authentication request over the network via the resident application.

Abstract: A method of managing access of users to services provided by a mobile telecommunications network, including: receiving from a user equipment of a user, which user equipment is capable of supporting communications with the mobile telecommunications network, a request of authentication in the mobile telecommunications network; authenticating the user equipment in the mobile telecommunications network; before the authenticating and in case it is assessed that the authentication request received from the user equipment is the first attempt of that user equipment to register in the mobile telecommunications network, creating, in a network subscribers profiles database, a default subscriber profile for that user equipment, wherein the default subscriber profile includes a predetermined subscriber charging value used by the network for charging the user of the user equipment, and a predetermined Access Point Name.

Abstract: A method for scheduling virtual machines in a virtual machine cluster includes obtaining a filename of a target virtual machine when a user requests to start the target virtual machine; inquiring, based on the filename of the target virtual machine, a storage module or a database to acquire one or more nodes where copies of the target virtual machine are located; selecting, from the acquired one or more nodes, a node with a highest score as a target node having a copy of the target virtual machine; and running the copy of the target virtual machine on the selected target node with the highest score.

Abstract: A method and system provides access control for sensitive data. An access control system defines a plurality of access policies for gaining access to the sensitive data. Each access policy includes a plurality of rules that indicate whether or not the client machine can gain access to an initial access secret under the policy. When the access control system receives access request data from a client machine requesting access to the access control system under one of the policies, the access control system compares characteristics of the client machine to the rules of the access policy. If the characteristics of the client machine satisfy the rules of the access policy in the access control system provides an initial access secret, such as an application key, to the client machine.

Abstract: A data processing system configured to store a plurality of data entities in volatile memories of multiple different computing devices. The data processing system comprises a first computing device having a first volatile memory configured to store a first data entity; and a second computing device having a second volatile memory configured to store a copy of the first data entity. The first computing device is configured to perform: receiving an indication to update the first data entity; after receiving the indication, updating the first data entity in the first volatile memory, and providing to the second computing device an indication to update the copy of the first data entity; and providing an indication that the first data entity has been updated, after receiving information from the second computing device indicating that the copy of the first data entity has been updated in the second volatile memory.

Abstract: A system and method for providing connectivity as a service are disclosed. In one embodiment, the system establishes a connection between a driver and a connectivity service; receives, at the connectivity service, a request from the driver; establishes a connection with one or more data sources associated with the request; and sends the request to the one or more data sources, the one or more data sources performing an action based on the request.

Abstract: An apparatus and method for performing a real-time network antivirus function, which can perform, at high speed, real-time antivirus scanning on a transmission file in a network to be protected and blocking of a malicious file. The apparatus includes a packet processing unit for parsing input packets and outputting a transmission data stream, a packet-based checksum calculation unit for calculating a checksum of the transmission data stream for each packet, and outputting a signature included in the transmission data stream when a last packet of the transmission data stream is input, a virus scanning unit for performing virus scanning based on the signature, a detection and blocking unit for blocking each input packet or transmitting it to a destination, based on result of the virus scanning unit, and a caching unit for updating a blacklist, based on result of the detection and blocking unit.

Abstract: A computer system includes a processor and a data store coupled to the processor. A user interface module is configured to provide a user interface of a first application executed by the processor. The user interface of the first application displays a plurality of items. The processor is configured to receive a command for an embedded spreadsheet view relative to the plurality of items and responsively save an electronic spreadsheet file in the data store and interact with an electronic spreadsheet service to display the plurality of items in a spreadsheet portion of a user interface within the user interface of the first application.

Abstract: Embodiments of the invention provide a method, system, and computer program product for selecting a server as a selected server for performing a specified function in a distributed computing system. In one embodiment, the method comprises identifying a group of servers in the system; and choosing as the selected server the server that has been in the system the longest. In one embodiment, each of the servers in the group has a respective contention period, during which the server sends a contention message, and the selected server is chosen using these contention messages. The servers in the group may have imperfect clock synchronization. In this case, the contention periods of the servers is kept greater than the maximum difference between the server clocks. The invention may be used to select a name server, or to select a server for another service.

Abstract: In an example, techniques of this disclosure include establishing, by a computing device, authentication data for authenticating a user of a service provided by a service provider, where the authentication data comprises one or more first data entries and one or more second data entries that correspond to the one or more first data entries. The techniques also include retrieving, from at least one third-party service provider, one or more second data entries maintained by the at least one third-party service provider that correspond to the one or more first data entries, and authenticating the user based on the authentication data, where authenticating the user comprises comparing the one or more first data entries to the one or more second data entries retrieved from the at least one third-party service provider.

Abstract: The present invention provides for analyzing secured network traffic to determine which devices and/or applications are accessed by authorized, and in some instances, unauthorized third-party entities. A fully automated methodology is disclosed for verification and validation of secured network accesses performed by an authorized third-party entity and the monitoring and investigation of unauthorized third-party threats/attacks on the secured network.

Abstract: A session manager is used to manage selection of a remote host for a session in response to a request that is associated with a user. The session manager uses resource information obtained from remote hosts in advance of the request to determine which remote host to associate with a session for a client. Each remote host performs a resource calculation (configurable) to determine how many processes/sessions it can further accommodate. The remote host sends the results of the resource calculation and other determined resource information to the session manager. The session manager provides the determined remote host to a client device. The client device then directly connects to the determined remote host. A process may be automatically started on the remote host for the client as the user. The session manager may also store and receive information for active and historical processes, remote host status, and remote host configuration.

Abstract: Embodiments of the present invention disclose a network access method and device. The method includes: establishing a Bluetooth connection to a Bluetooth terminal; receiving, by using the Bluetooth connection, a network access request sent by the Bluetooth terminal; and if the Bluetooth terminal is an authorized device, activating a Bluetooth network sharing function automatically and forwarding the network access request to a wide area network. In the network access method and device provided in the present invention, a simple process and low time consumption are achieved for network access.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: Object amalgamation based on categorization and protocol granularization is described. For certain example embodiments, each object belongs to a category of objects that is associated with a particular protocol. A protocol may include a wireless communication protocol and/or a characteristic description protocol. The object is capable of communicating a characteristic in accordance with the corresponding particular protocol. The characteristic may be an intrinsic attribute or a sensed value. A coordinator object groups other objects so as to amalgamate them into subnetworks in which the member objects are empowered to communicate with each other. If two objects correspond to different protocols, another object may translate a wireless communication from one protocol to another protocol.

Abstract: A method and system for handling a file operation directed to an original file of a protected layer. A protected layer and a user- or device-specific write layer associated with the protected layer are both mounted. File open operations directed to an original file on the protected layer are instead redirected to one of a dummy file associated with the original file or a write-layer copy of the original file located on the write layer. If neither a dummy file nor a write-layer copy of the original file are on the write layer, a dummy file having the same file name and file attributes as the original file is created in the write layer. Subsequent file operations, such as reading, writing, and closing, are directed to the one of the dummy file or the write-layer copy.