Abstract: A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

Abstract: According to one example of the disclosure, a first LPWAN receives a message from an Internet of Things (IoT) device. The message includes at least one of: a network ID associated with a second LPWAN and an application ID associated with the second LPWAN. In response to a determination that at least one of the network ID and the application ID are on the roaming white list of the first LPWAN, the message is caused to become available to the second LPWAN.

Abstract: An approach is provided for node-based map matching. The approach involves processing probe data to sort a plurality of probe points according to sessions keys. The approach also involves selecting a subset of the plurality of probe points within a threshold distance of a node of a map representation of a transportation network. The approach further involves initiating a map matching of the probe points of each session key to the map representation by, for said each session key: (1) determining a closest probe point to the node; (2) determining another closest probe point to a neighboring node, wherein the neighboring node is connected to the node by at least one link; and (3) projecting the plurality of probe points between the closest probe point to the node and the another closest probe point to the neighboring node onto the link.

Abstract: An architecture that can facilitate initiation of an automatic synchronization operation based upon presence information in connection with a wireless communications network is provided. For example, when certain mobile devices register with a particular network entity (e.g., a femtocell) that services a particular target location (e.g., place of residence), then such registration can be leveraged to indicate presence at the target location. Accordingly, synchronization between the mobile device and other devices can be automatically initiated, without requiring input or effort by a user, or even that the user remembers to perform the synchronization operation. Moreover, the synchronization operation can be wireless, so connection cables need not be maintained or employed.

Abstract: An apparatus and method for providing metadata with network traffic are provided. The method includes generating, at an electronic device, a network tunnel between an electronic device and at least one external electronic device that communicates with the electronic device via a communication network, and receiving data, including metadata of applications generating the received data, associated with one or more applications from the external electronic device via the network tunnel.

Abstract: A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: Systems, methods, architectures, mechanisms and/or apparatus to manage alarm generation associated with the failure of an expected event or action to occur.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to determine, by an application operating on a first host in a network, one or more security features and/or capabilities available to the application for protecting the application and first data used by the application from unauthorized activity. The logic is also configured to cause the processing circuit to send, by an ADPL operating on the first host via a data socket descriptor, a first message to one or more peer applications in the network, the first message including indication of the one or more security features and/or capabilities available to the application. The logic may further cause the processing circuit to receive a second message indicating security features available to a peer application in the network operating on another host.

Abstract: A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

Abstract: Embodiments provide a viewer/editor for schema-less data, such as a NoSQL database. The data structures are displayed so that each entity type in the data uses a different color and variable column widths. This allows the user to identify relationships between entities. For a selected entity, only the properties applicable to that entity are displayed by the viewer/editor. The column width for each property is optimized to reduce confusion and to allow the user to focus on the selected data.

Abstract: Systems and methods for preventing service disruptions in a computing system. The methods comprise: receiving, at a cloud-based computing system, messages for initiating software updates requiring system reboots by remote computing machines; and performing operations by the cloud-based computing system to cause an operational state of only one remote computing machine to be transitioned from an online state to an offline state at any given time by scheduling the software updates and system reboots in a one-machine-at-a-time manner.

Abstract: A method, system, and computer-readable medium are disclosed for generating a unified user profile. For example, a system may store, on a client device, a token under a first domain name. The token may specify state data for a communication session between the client device and a first content publisher addressed by the first domain name. The communication session utilizes a stateless communication protocol. The system may then generate a redirection resource locator. The redirection resource locator may include an identifier for a web object belonging to a second content publisher addressed by a second domain name and the token. The system then stores, on the client device, the token under the second domain name by directing the client device to send a web object request generated based at least in part on the redirection resource locator to the second content publisher. The web object request may request the web object from the second content publisher and including the token.

Abstract: There is provided a network join method including transmitting a long beacon message including transmission timing information of a first short beacon message to a child node network device, transmitting a first short beacon message including information regarding an interval in which it is possible to transmit a message, to the child node network device according to a transmission timing of the first short beacon message, receiving a slot allocation request message from the child node network device according to the interval in which it is possible to transmit a message, and checking whether the child node network device joins a network, and transmitting a slot allocation confirmation message to the child node network device.

Abstract: An information processing apparatus includes a session generating unit, an associating unit, and a processing unit. The session generating unit generates, in a case where an operation is accepted from a first terminal with a user not uniquely identified, first session information in association with the first terminal and generates, in a case where an operation is accepted from a second terminal, second session information in association with the second terminal. The associating unit associates the first session information with the second session information in a case where an operation for associating the first terminal with the second terminal is accepted. The processing unit performs, in a case where the first session information is associated with the second session information, a process using an operation log stored in association with the first terminal, in response to an operation performed using the second terminal.

Abstract: A cloud agent device including, determines whether the size of the file is less than the size of the remaining capacity of the second cloud storage, validating the verification request information of correctness, sending a affirmative notification to the first cloud storage and transfer the file from the first cloud storage to the second cloud storage when the verification request information is correct. The invention also provides a cloud storage and a file transferring method. The cloud agent device, cloud storage and file transferring method can efficient and accurate transfer of files in a safe condition.

Abstract: [Object] To optimize a content output process by caching a source of content in an appropriate format. [Solution] Provided is an information processing device including: a source acquisition unit configured to acquire a source of content; and a content output unit configured to output the content on the basis of the acquired source. The source includes a source cached by a client, and the cached source includes a source converted into an intermediate format.

Abstract: Configuring and managing gateway devices. A gateway device may be installed at a location, such as a merchant location or home. The gateway device may manage (e.g., monitor and/or control) one or more devices at the location. For example, the gateway device may manage various fuel tank devices, point of sale devices, refrigeration devices, liquid dispensing devices, etc., at a convenience store. The gateway device may provide reported information to and receive commands from a cloud server, which may be in communication with other devices which may be used to view reported information of or control the managed devices. The cloud server may also be configured to install applications, e.g., for execution by the cloud server, the gateway device, and/or other devices. For example, the gateway device may install applications provided by the cloud server to manage the devices coupled to the gateway device.

Abstract: A method of pushing passwords, and a pushing system are provided. The method includes establishing a sharing cryptographic library which stores a plurality of application program identification codes, account names and passwords, receiving first biological characteristic information of a user, and simultaneously receiving a push request including second biological characteristic information and a current application program identification code. An account name and a password of the current application program identification code from the sharing cryptographic library is read, and the account name and the password is pushed to a second terminal device when the first biological characteristic information matches with the second biological characteristic information.

Abstract: One embodiment provides a method, including: utilizing a processor to execute computer code that performs the steps of: receiving, at an information handling device, a dataset comprising dialog information between a plurality of characters in a narrative; analyzing, using the processor, the dataset to identify dialog patterns between the plurality of characters; determining, based upon the identified dialog patterns, at least one relationship profile between at least a subset of the plurality of characters; and generating, based upon the at least one relationship profile, at least one graph comprising a plurality of edges and a plurality of nodes, wherein each of the plurality of nodes corresponds to one of the plurality of characters and wherein each of the plurality of edges corresponds to a relationship between two of the plurality of characters. Other aspects are described and claimed.

Abstract: A method, apparatus, and computer program product are disclosed to provide host-independent resource monitoring for distributed networks. The method includes determining, from a set of jobs, one or more jobs to execute that monitor the status of resources within a distributed network. The method determines one or more environments in which to run the one or more jobs, and instantiates the one or more jobs with one or more environment variables for the determined one or more environments such that the one or more jobs are configured for operation in the determined one or more environments. The method accordingly displays, using a graphical user interface, a job environment matrix including a list of the set of jobs in conjunction with a running status of each of the jobs in each of one or more environments. A corresponding apparatus and computer program product are also provided.

Abstract: A webpage sharing method, an apparatus and a system are disclosed, the method includes: acquiring, by a device with memory and at least one processor, a webpage sharing instruction, acquiring an terminal identification (ID) corresponding to a terminal according to the webpage sharing instruction, acquiring a webpage identifier that identifies at least a portion of the webpage, and transmitting the webpage identifier to an event monitoring process that is associated with a web browser in the terminal corresponding to the ID. The above page sharing method, apparatus and system enable a user to operate without need to additionally open an instant messaging tool so as to avoid extra memory usage, increase memory utilization and improve the running speed of a mobile device.

Abstract: Technologies for aggregation-based message processing include multiple computing nodes in communication over a network. A computing node receives a message from a remote computing node, increments an event counter in response to receiving the message, determines whether an event trigger is satisfied in response to incrementing the counter, and writes a completion event to an event queue if the event trigger is satisfied. An application of the computing node monitors the event queue for the completion event. The application may be executed by a processor core of the computing node, and the other operations may be performed by a host fabric interface of the computing node. The computing node may be a target node and count one-sided messages received from an initiator node, or the computing node may be an initiator node and count acknowledgement messages received from a target node. Other embodiments are described and claimed.

Abstract: Systems, computer program products, and methods are described herein for access to a resource across a dispersed Internet protocol capable network connecting devices electrically attached to the network. The present invention is configured to receive an indication from a user to access a resource; display a first user interface on the user computing device, wherein the first user interface further comprises an option for the user to establish an authorization profile; receive a user acknowledgement to establish the authorization profile; determine one or more access paths associated with an authorization model to enable the user to establish the authorization profile; and display a second user interface on the user computing device, wherein the second user interface comprises the one or more access paths associated with the authorization model to enable the user to establish the authorization profile.

Abstract: A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

Abstract: Disclosed are an apparatus and method of remotely communicating with a managed machine. One example method of operation may include selecting the managed machine operating in a communication network, transmitting a connection request message to the managed machine and establishing a secure connection between the managed machine and an administrator machine. The example method may also include responsive to connecting with the managed machine, executing a host service on the managed machine, and connecting to the host service over the communication network via an application client operating on the administrator machine.

Abstract: Techniques for preventing information disclosure via dynamic secure cloud resources are provided. Data (information) remotely housed on a particular cloud resource of a particular cloud is periodically, randomly, and dynamically changed to a different cloud resource within the same cloud or to a different cloud resource within an entirely different cloud. A requesting principal for the data is dynamically authenticated and a current location for the data is dynamically resolved and the principal is securely and dynamically connected to the current cloud resource and current cloud hosting the data for access.

Abstract: In a secure network where the network characteristics are not known, a call admission control algorithm and a preemption control algorithm based on a destination node informing the source node of the observed carried traffic are used to regulate the amount of traffic that needs to be preempted by the source. The amount of traffic that needs to be preempted is based on the carried traffic measured at the destination node. The traffic to be preempted is based on the priority of the traffic, where the lowest priority traffic is the first to be preempted until the amount of traffic preempted is sufficient to allow the remaining traffic to pass through the network without congestion.

Abstract: The AUGMENTED REALITY VIRTUAL CONTENT PLATFORM APPARATUSES, METHODS AND SYSTEMS (“ARV”) provides a photo driven ad-platform that transforms digital media placements into immersive and immediately shareable brand-consumer engagements via GPS-linked virtual photo components instantiated on a user mobile device. Within embodiments, users may create and share photographs augmented with brands or other images and accompanying messages on various social networks using their Smartphones or tablets to earn rewards. In one implementation, merchants and/or advertisers may populate the mobile augmented reality space as fans and consumers may share their photos on social networks and spread the word virally.

Abstract: Methods and computerized units grant network access to any one of multiple devices of the same owner. Each of the multiple devices has been previously associated with an owner at an authentication server, whereby device keys for authenticating said multiple devices are stored on the authentication server. Also, said owner has previously been authorized to access the network, such that an owner ID for this owner is stored on the authentication server. In embodiments, present methods comprise, at the authentication server: receiving a network access request for a device to connect to a network, said device being one of the multiple devices; and upon authenticating said device based on a device key associated with this device at the authentication server, confirming that network access can be granted for the device if said owner ID is confirmed to be associated with said device at the authentication server.

Abstract: The present disclosure relates to a cryptographic method for enabling access by a user device to services provided by a server in a set of reference areas. The method comprises at the user device: obtaining a set of reference credentials of the server certifying data indicating the reference areas; obtaining a location credential certifying location data indicating the current location of the user device; generating an authentication token comprising a cryptographic proof for proving that the current location of the user device certified by the location credential matches at least one reference area certified by the set of reference credentials; sending the authentication token to the server for accessing the services by the user device in the at least one reference area.

Abstract: Systems and methods are provided for implementing a secure computing system with encryption, including a file system with a set of encryption zones. Each encryption zone includes encrypted data files. The secure computing system also includes a set of encrypted data encryption keys, each of which corresponds to one of the encrypted data files, such that unencrypted versions of the encrypted data encryption keys decrypt the corresponding encrypted data files. Further, the secure computing system includes an encryption zone key for each of the encryption zones. Each of the encryption zone keys corresponds to at least one of the encrypted data encryption keys, such that the encryption zone keys decrypt the corresponding encrypted data encryption keys to generate the unencrypted version of the encrypted data encryption key. Thusly, various implementations of the secure computing system may comply with one or more information security standards for sensitive data.

Abstract: A method and apparatus for fine-grained, trust-based rate limiting of network requests distinguishes trusted network traffic from untrusted network traffic at the granularity of an individual user/machine combination, so that network traffic policing measures are readily implemented against untrusted and potentially hostile traffic without compromising service to trusted users. A server establishes a user/client pair as trusted by issuing a trust token to the client when successfully authenticating to the server for the first time. Subsequently, the client provides the trust token at login. At the server, rate policies apportion bandwidth according to type of traffic: network requests that include a valid trust token are granted highest priority. Rate policies further specify bandwidth restrictions imposed for untrusted network traffic.

Abstract: A device for distributing a load and managing power of a virtual server cluster includes a monitoring unit configured to monitor a load distribution condition on server nodes included in a server cluster and a dynamic state of each of the server nodes, a server node information storage unit configured to store static state information of each of the server nodes, a policy determination unit configured to determine a load distribution policy and a power management policy for each of the server nodes using monitoring information and the static state information stored in the server node information storage unit, and a controller configured to control conversion of each of the server nodes into an active state or an inactive state according to the power management policy, and distribution of a load of a service request requested by a service client to activated server nodes according to the load distribution policy.

Abstract: Techniques are described for contention-based wireless communications channel access that may improve the likelihood that a contention procedure will pass and allow a device to transmit an uplink or downlink transmission using the contention-based channel. Various disclosed techniques may determine a transmit power for a subsequent transmission based on channel characteristics during one or more clear channel assessment (CCA) time durations. The transmit power may be selected to provide a CCA threshold that may increase the likelihood that a device will win contention for the channel during the CCA procedure.

Abstract: Methods and apparatus are provided for low cost machine communication type (LC-MTC) devices for cell selection and cell reselection. In one novel aspect, the LC-MTC UE determines whether the cell is capable of supporting LC-MTC. If the LC-MTC UE determines that LC-MTC is not supported by the cell, the LC-MTC UE considers the cell as barred. The LC-MTC support capability information is provided to the LC-MTC UE in the system information, or in the RRC Connection Release message, or by inheriting from another RAT during the inter-RAT cell (re)selection. The LC-MTC support capability information is indicated per cell or per frequency. In another novel aspect, the LC-MTC UE acquires LC-MTC support capability information of neighbor cells and performs cell reselection based on the LC-MTC support capability information. In one embodiment, the LC-MTC support capability information of neighbor cells is provided in the system information of the serving cell.

Abstract: In one example, a system includes an authentication server that is configured to receive an authentication request for a primary application, provide time-based authentication credentials for the primary application, receive an updated authentication request for the primary application, wherein the updated authentication request includes a client device identifier (ID) corresponding to a client device from which the authentication request is received, and transmit the client device ID; the system may further include a push server that is configured to receive the transmitted client device ID, and push an update to the client device having the client device ID.

Abstract: A method for operating a user equipment (UE) adapted to transmit beacons includes adjusting an initial beacon interval between successively transmitted beacons in accordance with a value of at least one parameter and a beacon configuration received from a network entity, thereby producing an adjusted beacon interval, and transmitting a beacon selected in accordance with the adjusted beacon interval in a beacon transmission opportunity determined in accordance with the initial beacon interval.

Abstract: In a particular embodiment, a method includes receiving, at a server from a computing device coupled to a first network, a request to access a first web page via a second network. The method includes redirecting the computing device to a second web page in response to a determination that the computing device is not permitted access to the second network. The method further includes providing, to the computing device, baseline content and additional content associated with the second web page. The additional content is retrieved from a content management server.

Abstract: A system and method for managing the recovery key of a computer system is disclosed. The computer system includes a security layer, and the recovery key is stored locally to a memory location on the computer system, including, as examples, flash memory on the motherboard of the computer system or a USB port on the computer system. In operation, when it becomes necessary for the computer system to authenticate the recovery key, the recovery key may be retrieved from the local memory. The retrieval and storage of the recovery key may be managed by a remote administrator. The recovery key may be stored in a hidden partition in the storage location, and the recovery key may be cryptographically wrapped to add an additional layer of security.

Abstract: A method for sharing content of a device is provided. The method includes receiving, by an inputter, an input of a share command of a selected content, recommending at least one service to share the content among a plurality of services that are available in the device and a share target, and sharing, by a controller, the content with the share target selected through the selected service based on a selection input with respect to the at least one recommended service and the share target.

Abstract: A user having remote device wants to access an application that requires that the user possess a user application cryptographic credential. If the application needs to verify the identity of the user, the user's remote device performs a cryptographic operation using the user application cryptographic credentials, and sends the result to the application. A configuration for securely distributing the user application cryptographic credentials includes at least one gateway located at an enterprise that is under the control of an enterprise administrator, and a controller that is not located at the enterprise but can be configured by the enterprise administrator to cooperate with the at least one gateway.

Abstract: Techniques for load balancing in a network of nodes can include a first node receiving and/or generating a request having an identifier, task description, and information regarding an entity originating the request. The first node can either perform the task and report back to the originating entity of the completion of the task, or forward the request to a random one of a plurality of other nodes with which the first node is communicatively connected.

Abstract: A data storage system creates, maintains and utilizes logical storage structures including (1) a pool of device extents on user devices, organized into data portions of mapped RAID groups each having a data portion and a RAID group metadata element having (i) a basic portion and (ii) a mapping portion mapping each set of device extents to logical RAID extents per RAID type, (2) a pool logical device (e.g., an internal mapped RAID) in the pool, storing the mapping portions of the metadata elements of the mapped RAID group, and (3) a system logical device on separate system devices, storing (i) the basic portions of the metadata elements of the RAID groups, and (ii) a pool metadata element including a pool mapping portion for the pool logical device.

Abstract: Systems and methods for facilitating a trusted platform module (TPM) or other protector mechanism that provides a device with a trusted device capability store. To provide the device with a trusted device capability store, a fingerprint of an endorsement key that is associated with the TPM or other protector mechanism can be imprinted into firmware of the device. By imprinting the fingerprint into the firmware, the device can determine whether or not the TPM or other protector mechanism the device is communicating with is the TPM or other protector mechanism associated with the device. The TPM or other protector mechanism can include the endorsement key, the trusted device capability store, and an access policy. The trusted device capability store can include one or more capabilities associated with the device. The access policy can indicate both unauthorized read access and authorized write access associated with the TPM or other protector mechanism.

Abstract: Embodiments of the present invention generally relate to data processing and collection, further relate to a data processing method and a corresponding system, a data collecting method and a corresponding system. Particularly, the data processing method of the present invention comprises: obtaining position data; obtaining a position-function mapping relationship; and converting the position data into user behavior data according to the position-function mapping relationship. As compared to the prior art, at least one embodiment of the present invention has at least one of the following advantages: first, to collect user operations on a mobile terminal in a non-intrusive manner; second, to facilitate analysis performed on various applications of the mobile terminal.

Abstract: A financial messaging apparatus configured to encapsulate and transmit a financial message along with actions to a mobile device. The actions relate to rules that are associated with characteristics of the financial message.

Abstract: A request is received over a network to resolve a problem relating to a networked user device. The request is accepted in order to provide user service. Based on the request, one of multiple available diagnostic algorithms is selected to analyze user data related to a user's account to identify symptoms of the problem and diagnose a cause of the symptoms identified.

Abstract: Systems and methods described herein are directed to a template based deployment system providing settings across platform and physical infrastructures. The infrastructure can involve a server, storage, and a network. The platform can include various types of operating systems. A management server may be configured to manage various system elements, server virtualization and platform deployment. The management server may use policies based on a platform template, server profile, host storage profile, and host network profile. Infrastructure configurations may be determined by the management server, according to the platform type, and platform option settings in the platform template. The management server deploys the infrastructure and platform on top of the infrastructure using platform template and images.