Abstract: Methods and systems of risk assessment for network access control through data analytics. An embodiment of the invention employs well-known machine-learning clustering methods to learn normal entity behavior by looking for patterns in the events that stream in continuously. In an embodiment of the invention, normal entity behaviors are represented as clusters of event vectors. An embodiment of the invention evaluates the risk level for a new event of an entity by comparing the event with the entity's profile represented as clusters of event vectors. In an embodiment of the invention, the risk level is associated with a confidence level. Confidence level indicates how well the system knows about the entity. Embodiments of the invention do not need human administration in the process of building entity profile and assessing risk level of events associated with an entity.

Abstract: Present teachings relate to a method for controlling a service running at least partially on an electronic device, the method comprising the steps of: —Determining, using a proximity sensor in the electronic device, a first parameter indicative of the physical distance between the electronic device and a user; and—Adapting at least one operation of the electronic device dependent upon the first parameter.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an API description of an external network service and using the API to integrate the external service into a network. An embodiment operates by receiving, from a service provider, a description of an application programming interface (API), transmitting a call to the service provider using the API for creating a new instance of a service and transmitting to the service provider a traffic flow upon which the service will be applied.

Abstract: Methods for determining user intent at a website and responding to it include using one or more processors to fetch a referral URL, associated with a prior website, from one or more web server logs associated with a web server. The referral URL is provided to the web server in conjunction with a user navigating from the prior website to a current website using a browser. The processor(s) determine whether the prior website is fraudulent based at least in part on determining whether the referral URL matches a URL in one or more data stores and/or receiving an indication from a machine learning (ML) engine indicating whether the prior website is fraudulent. If prior website is not fraudulent, the processor(s) process one or more user requests at the current website. If the prior website is fraudulent the processor(s) block the user request(s). Related systems are configured to implement the methods.

Abstract: Methods, systems and apparatus disclosed herein create an overlay of nodes to permit the nodes to engage in a peer-to-peer resource bidding process. An example apparatus at an edge of a network includes a first configurer to configure a network interface of a first node of the network in a first configuration, the first configuration to permit the first node to participate in a peer-to-peer resource bidding process with a plurality of other nodes of the network. The apparatus further includes a second configurer to configure the network interface of the first node of the network in a second configuration, the second configuration to prevent the first node from participation in the peer-to-peer resource bidding process.

Abstract: A network controller provides proactive notification of a wireless client device's address rotation to layer 2 (L2) and/or layer 3 (L3) devices. Traditional methods of device address discovery rely on broadcasting of address queries across a plurality of links until a path to a device having the queried address responds. As device address changes become more frequent in an effort to improve user privacy, traditional methods of address discovery impose a large burden on networks, reducing their performance and efficiency. By proactively propagating address changes to upstream devices, the need for broadcast oriented address discovery techniques is reduced, resulting in improved network performance.

Abstract: Systems and methods include, responsive to a request to access an application, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user device is remote over the Internet, determining if a user of the user device is permitted to access the application and whether the application should be provided in an isolated browser; responsive to the determining, initiating an isolation session by creating secure tunnels between the user device, an isolation service operating the isolated browser, and the application based on connection information; loading the application in the isolated browser, via the secure tunnels; and responsive to traffic associated with the isolation session being to an external destination, forwarding the traffic to a cloud monitoring system.

Abstract: The topology identification unit 4 identifies a network topology of devices included in the system to be diagnosed. The detection unit 5 detects first attack routes that indicate flows of attacks that can be executed in the system to be diagnosed, based on security information about each device. The damage identification unit 8 identifies damage information that indicates content of damage of devices on the first attack routes when the devices are attacked. The detection unit 5 detects, based on the security information and the identified damage information, second attack routes that indicate flows of attacks that can be executed resulting from the content of damage.

Abstract: Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph including nodes and edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using role assumption steps for a particular state of the attributes. The attributes may include transitive attributes that persist during the role assumption steps.

Abstract: An automotive gateway includes one or more interfaces and one or more processors. The one or more interfaces are configured to communicate with electronic subsystems of a vehicle. The one or more processors and configured to host one or more guest applications, to associate both (i) the hosted guest applications and (ii) a first subset of the electronic subsystems of the vehicle with a non-secured domain, to associate a second subset of the electronic subsystems of the vehicle with a secured domain, and to control communication traffic between the secured domain and the non-secured domain of the vehicle in accordance with a security policy.

Abstract: A content delivery method, and related apparatus, that involves the operations of receiving a request for a content resource including at least one embedded resource with a tag. Upon identification of the tag, using at least one delivery parameter to generate a modified embedded resource. Embedding the modified embedded resource in a content resource, such as an HTML document. Delivering, such as in response to request from a browser, the content resource with the modified embedded resource.

Abstract: Various methods, apparatuses/systems, and media for dynamically restoring a state of an application are disclosed. The system may include a processor; and a memory operatively connected to the processor via a communication interface, the memory storing computer readable instructions, when executed, causes the processor to: receive a service bind request by a service framework from an application to bind to a service provided by a service provider among a plurality of service providers; transmit the received service bind request with callback uniform resource locator to an open service broker; cause the open service broker to transmit the service bind request to the service; register, by the service, the callback uniform resource locator; and dynamically bind, in response to registering, the application to the service.

Abstract: Certain aspects of the technology disclosed herein involve managing a connection between users of a first profile class and users of a second profile class based on proximity. Location data from a first mobile device is used to determine that a first user of a first class is within a first proximity of a property. The property has at least one parameter identified in a user profile of the first user of the first class. Location data from a second mobile device is used to determine that a second user of a second class is within a second proximity of the property. A notification is transmitted to the first mobile device identifying the property, and at least the second user of the second class. A message is received from the first mobile device indicating selection of the second user. The first mobile device connects with the second mobile device.

Abstract: An apparatus comprises a memory communicatively coupled to a processor. The memory may be configured to store user profiles, security information, and multiple updated tokens. The processor may be configured to identify a first updated token and a second token that are associated with user profiles in a user group; determine a first entitlement associated with a first user profile; and determine a second entitlement associated with a second user profile. Further, the processor may be configured to generate an initial token indicating that the user group is entitled to access the first entitlement and the second entitlement; transmit the initial token to a decentralized network; and receive a third updated token from the decentralized network indicating a firewall configuration that a first user device and a second user device use to implement a firewall at the first user device and at the second user device.

Abstract: Systems and methods for implementing an industry opinionated managed service are disclosed. A request from a client is received that includes a set of application programming interface (API) parameters comprising an industry type selection. An API managed service is implemented based on the set of API parameters, which includes creating a client-specific API and provisioning a set of backend resources based on the set of API parameters. The API managed service is deployed to an operational cloud, and one or more commands are processed at the operational cloud through the client-specific API utilizing the provisioned set of backend resources.

Abstract: System and methods of analyzing customer events logs for cybersecurity with privacy protection are disclosed. Events logs of cybersecurity events are received from customer computers. Customers in the events logs are represented with ring signatures. Candidate features that occur in a group of events are identified in the events logs. A candidate feature is analyzed, based on corresponding ring signatures, to determine if the candidate feature can be attributed to a customer or a limited number of customers. If so, the candidate feature is considered private and is discarded. Otherwise, the candidate feature is retained as public data suitable for use in cybersecurity operations.

Abstract: A method for disabling/enabling control loop actions and/or configurations is disclosed includes, in various examples, receiving a request from a consumer to disable or enable actions and/or configurable attribute changes for managed entities from being implemented by control loops or entities therein; determining whether the request is performable by the control loops or entities therein; and disabling or enabling an ability to execute the actions and/or configurable attribute changes on the managed entities by the control loops or entities therein in response to determining that the request is currently applicable and performable. A system may perform the method. In some examples, the method disables one or more second control loops/entities from performing actions/configurations that conflict with actions/configurations of a first control loop.

Abstract: Disclosed as a method of controlling access to a network in a wireless communication system and an apparatus therefor. Specifically, a method of performing access to a network by a user equipment (UE) in a wireless communication system may include receiving first information on whether a specific access identity is valid in a specific public land mobile network (PLMN) from the network, when the UE selects a PLMN and attempts access, determining whether the specific access identity is valid in the PLMN selected by the UE based on the first information, selecting an access identity based on the determination, and performing an access control procedure based on the selected access identity.

Abstract: The present disclosure provides a Peripheral Component Interconnect Express (PCIe) controller for a PCIe endpoint device. The PCIe controller includes: a PCIe link interface configured to receive an interrupt request message, wherein the interrupt request message is a message write transaction PCIe transport layer packet (TLP) including an address associated with the PCIe endpoint device and a data value including interrupt information; an interrupt request trigger register configured to receive the data value; a plurality of interrupt lines; and a decode logic circuit connected to the interrupt request trigger register and the plurality of interrupt lines, the decode logic circuit configured to automatically decode a plurality of data bits of the data value when received in the interrupt request trigger register and generate an interrupt signal and provide the interrupt signal on one of the plurality of interrupt lines to an interrupt handling circuit.

Abstract: This disclosure describes systems, methods, and devices related to staging a universal customer edge gateway device. A universal customer edge gateway device may generate, prior to deployment of the universal customer edge gateway device at a customer location, copies of virtual network function (VNF) operating system (OS) images on the universal customer edge gateway device, the copies including a first copy of a first VNF OS image and a second copy of a second VNF OS image; identify, during a deployment of the universal customer edge gateway device at the customer location, a selection of the first copy from a list of the copies; copy, during the deployment and based on the selection, the first VNF OS image to the universal customer edge gateway device; and instantiate, at the universal customer edge gateway device, the copied first VNF OS image.

Abstract: An automated method, system, device and/or computer program for performing security analysis of an information system or computing device by modeling attacks and attack surfaces using Knowledge Graphs and Graph Computing systems. A contextual data model and a set of data instances of security knowledge can be accessed. A Knowledge Graph representing a Simulated Neural Network for security attacks can be built and trained. A security analysis tool can receive a description of an attack scenario. The Graph Computing system can analyze an attack scenario using the Security Attack Knowledge Graph. A set of observations about the attack scenario and the attack surface can be generated. The observations can include attack paths, recommendations and action plans on how to detect, prevent or address the attack scenario. The action plans can be invoked and applied to the target information system and its operating environment either manually, or by automation.

Abstract: A method is set forth that serves to execute an event-oriented control program on a programmable logic controller of an automation system, wherein the control program comprises a plurality of functional modules, wherein an execution of the individual functional modules is triggered in an event-controlled manner on the occurrence of activation events that are each associated with the individual functional modules, and wherein priorities are assigned to each of the activation events. The method comprises the following steps: detecting activation events that have occurred; and executing the functional modules that are each associated with the activation events that have occurred in an execution sequence defined on the basis of the priorities of the individual activation events.

Abstract: The present disclosure generally relates to a failover management service that can continuously monitor attributes of regional network resources to characterize resource availability per region. The failover management service associates the regional resource availability information with a set of hash values in which each individual hash value is representative a concatenation of a resource identifier and a client identifier associated with one or more individual clients. For individual hash values, the failover management service associates failover information, which is propagated to a DNS service. If a network-resource becomes unavailable, clients can transmit DNS queries including a hash value that discovers the appropriate failover information for the specific network-based resource and client device.

Abstract: An example method includes accessing a network communication at a database proprietor server, the network communication including one or more audience measurement entity cookie identifiers associated with one or more audience measurement entity cookies, the one or more audience measurement entity cookies from an audience measurement entity server and stored in a client device; generating one or more cookie mappings of the audience measurement entity cookies to respective one or more database proprietor cookies, the one or more database proprietor cookies from the database proprietor server and stored in the client device; and causing transmission of one or more re-direct messages to cause the client device to send the one or more cookie mappings in a batch to the audience measurement entity server, a re-direct message of the one or more re-direct messages including a first database proprietor cookie identifier and a first audience measurement entity cookie identifier.

Abstract: A method for disabling/enabling control loop decisions is disclosed includes, in various examples, receiving a request from a consumer to disable or enable control loop decisions for managed entities from being selected by control loops or entities therein; determining whether the request is performable by the control loops or entities therein; and disabling or enabling an ability to select the control loop decisions on the managed entities by the control loops or entities therein in response to determining that the request is currently applicable and performable. A system may perform the method. In some examples, the method disables one or more second control loops/entities from selecting decisions that conflict with decisions selected by a first control loop.

Abstract: A method for creation of a secured connection for an inoperable virtual machine includes receiving a token at an on-host service running on an inoperable virtual machine (“VM”) on a server. The token is generated by a remote service person. The method includes receiving a user generated password from a user having direct access to the on-host service. The method includes creating a secured connection, using the token and password, between the on-host service and a remote server of the service person. The method includes transmitting a VM identifier of the inoperable VM to the user and receiving communications from the remote server. The communications include commands for the inoperable VM. The service person accesses the on-host service and inoperable VM using the VM identifier and the password. The password and VM identifier are transmitted to the service person by the user via a channel separate from the secured connection.

Abstract: A printing control apparatus includes a transmission unit configured to transmit, to a transmission destination corresponding to any one of a plurality of different regions where a predetermined cloud print service is provided, a registration request to register the printing control apparatus in the predetermined cloud print service, and a setting unit configured to set the transmission destination.

Abstract: A method performed by a node for an Operations, Administration and Management (OAM) system includes maintaining information relating to at least one service provided by at least one node of the OAM system. The information is provided to a management function coupled to the OAM system. In this regard, the node communicates with the management function for sharing the information.

Abstract: A system for providing access to one or more application device, such as a respective processed application program, is connected to a telecommunications network including at least one user device. The system includes a manager device connected to the respective application device, and the manager device communicatively connects to the respective user device. Each application device includes a respective processing state and a state table of each respective processing state. The manager device updates the respective processing state of the state table for each application device and respective user device. Each user device accesses the manager device to obtain the respective processing state in the state table of the particular application device for the particular user device. User devices can switch communications with the manager device and application device, providing continuing operations of the application device with same processing state.

Abstract: The present disclosure generally relates to setting up an account for a service. A request to set up an account for a first service is received. In response to receiving the request to set up the account for the first service, a first login option and a second login option are displayed. If an input selecting the first login option is detected, a request to use first contact information for a user to set up the account for the first service is transmitted. If an input selecting the second login option is detected, a request to use second contact information for the user to set up the account for the first service is transmitted. The second contact information is automatically generated for the service and does not reveal the first contact information for the user.

Abstract: The present disclosure relates to a system and techniques for enabling migration of data between data storage devices without disruption to an application that relies upon the data. In some embodiments, this may involve the insertion of a redirect command into a mutation log. Upon receiving a transaction that relates to a data value, a transactor host may access the mutation log. Upon detecting the redirect command, the transactor host may generate a new mutation log in a second memory location which includes a reference to the mutation log. New mutations generated by the mutation log are then written to the new mutation log.

Abstract: A system and method for automatically assessing and improving a cybersecurity risk score, wherein a cybersecurity risk score and cyber-physical graph for a network are retrieved and analyzed to identify potential improvements that can be made to network topography and device configurations, changes are applied automatically and an updated cyber-physical graph reflecting the applied changes is produced, and the updated cyber-physical graph is reassessed to determine the effect of the changes that were applied.

Abstract: The present disclosure provides a distributed computing network system and a method. The distributed computing network may include: a plurality of nodes, where the plurality of nodes is connected through an n-layer network connection. When the distributed computing network receives a data processing task, a node in an ith layer is configured to: receive a data processing task that is corresponding to the ith layer and that is transmitted from a node in a lower layer; complete a data processing task Ti; transmit, to the node in the lower layer, a data processing result; and transmit, to a node in an upper layer, a remaining data processing task, a process of the data processing task meets a preset condition. The overall feedback time of the data processing task is reduced by distributing calculation tasks among multiple layers of nodes. The technology may be applied in both 4G and 5G network.

Abstract: A system and method for detecting and managing electronic transactions and providing a domain specific collection of remotely callable functions in a video game environment.

Abstract: Aspects of the subject disclosure may include, for example, identifying a request to install a guest virtual machine on a physical host; identifying a UUID of the physical host; generating a virtual machine reference value; defining a modified UUID of the guest virtual machine comprising the UUID of the physical host and the virtual machine reference value; and assigning the modified UUID to the guest virtual machine, the physical host being identifiable via the modified UUID of the guest virtual machine. Other embodiments are disclosed.

Abstract: A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time.

Abstract: A system and method are provided wherein, in at least one form, artificial intelligence is used to identify objects in a document to be considered for metallic rendering or printing on a substrate. Then, the options for printing, including the considerations for rendering in metallic toner or ink, are, in at least one form, presented to the user for acceptance or rejection before the actual printing is initiated.

Abstract: Systems and methods are disclosed for event-based application control. A system extension is configured to leverage an endpoint security API for monitoring event activity within operating system kernel processes. The system extension registers with the endpoint security API particular event types for which the system extension would like to receive notifications. In response to receiving notifications regarding detected events corresponding to the registered event types, the system extension determines if the event, and its corresponding process, are safe and allowable to execute. In various embodiments, the system leverages whitelists, blacklists, and rules policies for making a safeness determination regarding the event notification. The system extension transmits this determination to the operating system via the endpoint security API.

Abstract: A dataset is received for ingestion into a data platform, and a correlation identifier is generated responsive to receiving the dataset. Multiple choreographed services emit multiple event messages. The plurality of choreographed services operate independently of each other based on a plurality of events triggered in a data platform. The plurality of events relate to contents of the dataset and comprising the correlation identifier. A message storage is populated with multiple status updates related to the correlation identifier. A status message associated with the correlation identifier is published in response to a status update of the plurality of status updates.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: The disclosed computer-implemented method includes applying transport protocol heuristics to selective acknowledgement (SACK) messages received at a network adapter from a network node. The transport protocol heuristics identify threshold values for operational functions that are performed when processing the SACK messages. The method further includes determining, by applying the transport protocol heuristics to the SACK messages received from the network node, that the threshold values for the transport protocol heuristics have been reached. In response to determining that the threshold values have been reached, the method includes identifying the network node as a security threat and taking remedial actions to mitigate the security threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The present invention provides a method for achieving high availability of stream control transport protocol (SCTP) connection in a microservice system. The microservice system comprises at least one access network and a core network. The access network includes at least one base station comprising at least one SCTP peer. The core network includes at least one non-SCTP-capable microservice instance acting as a SCTP service client, multiple SCTP-capable microservice instances, a service node manager and a service delegator.

Abstract: A terminal device may obtain specific information stored in a memory. The specific information may include at least one of region information indicating a region where the terminal device is used and model information of a printing device used by the terminal device. The printing device may be configured to execute printing by using a plurality of cartridges corresponding to a plurality of colors. The terminal device may determine whether a predetermined condition is satisfied or not by using the specific information, and in a case where it is determined that the condition is satisfied, send a first page request and color information to a server. The color information may indicate a selected color selected from the plurality of colors.

Abstract: A new approach is proposed that supports IP address lookup. An IP address updater creates a bitmap of an IP address space, wherein each bit in the bitmap corresponds to an IP address in the IP address space. The compressed bitmap is then populated and stored permanently on a shared memory storage that is accessible by multiple client applications at the same time. The client applications may each establish and maintain a connection to the shared memory storage through an IP address lookup agent. When a lookup request for an IP address is received, the IP address lookup agent checks the bitmap and associated information of the IP address space on the shared memory storage to determine if the IP address is malicious or not and to inform the client application making the request accordingly, while the bitmap on the shared memory storage is updated with new IP address update.

Abstract: Embodiments of systems and methods for platform framework authentication are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution, cause the IHS to: receive, via an authentication provider registered with a platform framework via an Application Programming Interface (API), an authentication credential; and send the authentication credential to a plurality of applications registered with the platform framework.

Abstract: Provided is a media processing method. The method is used for uploading a function provided by a user or a third party and obtaining media processing parameters provided by the user. The method includes the following steps: receiving the description information of the media processing and determining whether a function that fulfills the requirement of the description information exists in a system; in a case where the function that fulfills the requirement of the description information exists, selecting the function that fulfills the requirement of the description information from the system; and in a case where the function that fulfills the requirement of the description information does not exist, selecting the function from the system according to the priority or selecting the function that fulfills the requirement of the description information from outside the system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating customized recommendations for environmentally-conscious cloud computing frameworks for replacing computing resources of existing datacenters. One of the methods involves receiving, through a user interface presented on a display of a computing device, data regarding a user's existing datacenter deployment and the user's preferences for the new cloud computing framework, generating one or more recommendations for environmentally-conscious cloud computing frameworks based on the received data, and presenting such recommendations through the user interface for the user's review and consideration.

Abstract: This application discloses a communications method and related communications apparatus and system. The method includes recovering, by a first node, when detecting that a first packet is lost, the first packet according to a local recovery mechanism. The first packet is a packet obtained based on a packet sent by at least one first terminal to at least one second terminal, and the first node is a node on a network path between each first terminal and a second terminal communicating with the first terminal. The method further includes adding a first identification information related to local recovery, and sending the first packet. This application can reduce a transmission delay and improve transmission efficiency.

Abstract: A method for the protection of files is performed on an integrated-circuit device that comprises a hardware memory protection module, which controls access to regions of the memory depending on region-specific settings. A new file is created in the memory by storing metadata and content data for the new file in a common memory region. An access condition is set for the common memory region in the configuration settings of the hardware memory protection module. A file is retrieved from the memory by searching the memory to identify a file meeting a search criterion. The searching involves comparing the metadata of files from the memory against the search criterion in order to identify a file from the memory that meets the search criterion.

Abstract: An authenticating system and process for authenticating user devices to a access a service where access to certain portions of the service may be limited according to a access point or other device used by a user device to facilitate interfacing a user with the service. The authentication may be achieved without directly assessing a trustworthiness of the user devices, and optionally, without requiring a user thereof to complete a sign-on operation.