Abstract: Embodiments include computer-implemented methods and systems for detecting undesirable and potentially harmful online behavior. The embodiments described and claimed could also be applied to detecting any other type of online behavior to be detected, but the descriptions focuses on detecting online violence. More particularly, the embodiments disclosed relate to detecting online violence using symbolic methods of natural language processing (NLP) that utilize and govern the usage of: 1) syntactic parser for analyzing grammatical context of the input text data, 2) unsupervised learning methods for improving selected aspects of the system and adjusting the system to new data sources and guidelines, and 3) statistical classifiers for resolving specific well-defined sub-tasks, in which statistical approaches surpass the symbolic methods.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; and instructions encoded within the memory to instruct the processor to: provide a data exchange layer (DXL) software interface, the DXL software interface to communicatively couple to an enterprise service bus (ESB) and to provide DXL messaging services via the ESB; communicatively couple to a DXL broker via the DXL software interface; via the DXL broker, subscribe to a DXL location services topic; receive via the DXL broker a location services query; and responsive the location services query, provide logical location data for one or more network devices.

Abstract: Some embodiments provide a method that allows a first data compute node (DCN) to forward outgoing traffic to a second DCN directly in spite of receiving the incoming traffic from the second DCN through a load balancer. That is, the return traffic's network path from the first DCN (e.g., a server machine) to the second DCN (e.g., a client machine) bypasses the load balancer, even though a request that initiated the return traffic is received through the load balancer. The load balancer receives a connection session request from a client machine to connect to a server. It identifies a set of parameters for the connection session and after selecting a server for the connection, passes the identified set of parameters to a host machine that executes the server. The server establishes the connection session directly with the client machine based on the identified set of parameters.

Abstract: Techniques involve implementing a file system. According to such techniques, a storage system creates a plurality of files in advance, each of which maintains a continuous space to simplify the process of processing read/write requests in the file system. When there is data to be written, an appropriate pre-created file is selected. Further, according to such techniques, a file system address is mapped to a physical address using a memory management unit. In this way, the file system performance is improved greatly.

Abstract: Disclosed are an Internet access management service sever and an operating method thereof. The present invention presents an Internet access management service server capable of providing an Internet access management service based on terminal grouping and an operating method thereof to support a manager to more conveniently and efficiently perform Internet access management for grouped terminals.

Abstract: Technology is disclosed for bridging clouds of computing devices for compute and data storage. The technology can receive a virtual routing table (VRT), wherein the VRT indicates an association with a virtual local area network (VLAN) and defines neighbors for each route wherein at least one neighbor is defined for each of the two different cloud service providers, wherein the route definition creates a private transitive network between the neighbors; receive from a first node a first message destined for a second node; determine that the first message employs the route specified by the VRT; forward the first message to the second node; receive from a third node a second message destined for the second node; determine that the second message does not employ the route specified by the VRT; and fail to forward the second message to the second node.

Abstract: A method and system for identifying and providing access to a user capable of performing medical services. The method includes receiving a message from a first device of a first user, the message including a request and digital authorization data associated with the first user, identifying, within a proximity of a first location of the first device, a second device of a second user capable of performing an action associated with the request, determining whether the second user provided agreement to perform the action, communicating the digital authorization data to the second device of the second user responsive to determining that the second user provided the agreement, and instructing, responsive to determining that the second user provided the agreement, a vehicle to transport the second user from a second location of the second device to the first location.

Abstract: Concepts and technologies are disclosed herein for decoupling hardware and software components of network security devices to provide security software as a service in a distributed computing environment. A computer system includes a processor that can execute computer-executable instructions to perform various operations. The processor can perform operations to provide security services to one or more customer platforms. The operations can include receiving a network security software component from a security service provider, and deploying the network security software component within a distributed computing environment so that the network security software component can be executed by a computing resource of the distributed computing environment to provide a security service to the customer platform(s). The network security software component includes a software component that has been decoupled from a hardware component of a network security device by the security service provider.

Abstract: Ghost routing is a network verification technique that uses a portion of a production network itself to verify the impact of potential network changes. Ghost routing logically partitions the production network into a main network and a ghost network. The main network handles live traffic while the ghost network handles traffic generated for diagnostic purposes. The ghost network may have a network topology identical to the production network and may use the same hardware and software as the production network. An operator may implement a network configuration change on the ghost network and then use verification tools to verify that the network configuration change on the ghost network does not result in bugs. Verifying on the ghost network may not affect the main network. If the network operator verifies the network configuration change on the ghost network, the network operator may implement the network configuration change on the main network.

Abstract: This invention discloses a mesh network comprised of at least two dynamic base station nodes, wherein the two dynamic base station nodes comprise each a multiple radio access technology architecture, the multiple radio access technology architecture comprising: at least two radio access technologies for providing access to a core network, and an abstraction layer communicatively coupled to the at least two radio access technologies for receiving and converting data into protocol agnostic data, wherein the first and second dynamic base station nodes are configured to: in response to a query regarding environmental conditions from a computing cloud component, send an environmental condition to the computing cloud component, receive an instruction from the computing cloud in response to the computing cloud component having processed the environmental condition, and change an operational parameter in response to the received instruction.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: A resource manager (RM) instance is associated with each transaction processing system (TPS) member, of a TPS group. Each RM instance monitors performance of the associated TPS member. If a TPS member becomes unavailable for any reason (a failing TPS), the associated RM instance broadcasts status of the failing TPS to RMs associated “surviving” members of the group. RM instances associated with surviving members initiate a series of actions that reduce the resources used by the surviving TPS members. Consequently, the surviving TPS members are better able to process the additional workload imposed on them due to the unavailability of the failing TPS. Once the failing TPS is brought back online and made available again (or a replacement TPS is brought online), RM instances associated with the surviving members perform actions to undo the resource usage reduction tasks, and the TPS group returns to a nominal configuration.

Abstract: System, apparatus, methods, and computer-readable medium for generating a verification code related to a registry operation request are provided. A verification process may be performed to determine if a verification request related to a registry operation is to be approved. If the request is to be approved, a verification code is generated that includes identifying information of a verification service provider and a code indicating that the request has been verified.

Abstract: A method for the secure use of a personal identifier and/or financial instrument that may take place simultaneously with traditional methods of authorization for credit card, check, funds withdraw/transfer or purchase. Authorization according to the present invention may take place as follows: A) the Owner provides a pre-approval of authorization if the request meets an array of Owner-defined parameters; B) an authorization may be granted based on proximity of the Owner to the point of use; or C) the Owner provides a real time approval by smart device. In each case the invention subjects the request for authentication to a sequential verification procedure in which the request is tested against one or more pre-defined verification protocols, the deployed authentication protocol being pre-determined by the Owner and pre-selected in accordance with a user profile that was pre-programmed by the Owner.

Abstract: A method of tracking device IDs for virtualized applications includes receiving, at a proxy server, a network message originating from an emulated application, inspecting the network message to determine if a device ID is set for the network message, obtaining an originating device ID corresponding to the device ID in the network message, replacing the device ID in the network message with the originating device ID, and transmitting the network message to a specified destination server. Alternatively, the method may include intercepting the network message at a network message inspector. Alternatively, the method may include specifying the originating device ID by way of an application programming interface (API).

Abstract: This disclosure relates to systems and methods for managing access to data through enforcement of one or more associated rules. In various embodiments, a directory may be used to manage and/or otherwise record various relationships between objects, that may include governed objects such as data sets, and associated rules and rule sets. Access requests involving governed objects may be compared with relevant rules to determine whether the requested access should be allowed and what, if any, restrictions should be applied in connection with such access. Various embodiments of the disclosed systems and methods may allow for a data governance model that is flexible, allows for use across multiple complex organizations, and is highly extensible.

Abstract: In one aspect, a method for tracking and management of emergency medical services (EMS) responses includes assigning at least one EMS response of the EMS responses to an EMS vehicle, displaying a map at a user interface with an incident location for the at least one EMS response, populating the map with a visual representation of an entire route for the EMS vehicle, including the incident location and a destination for patient transport, and updating, in the visual representation, a status of the EMS vehicle in real-time along the entire route.

Abstract: A method and a device for policy translation of a data converter in a security management system are disclosed.

Abstract: Methods, systems, and devices are provided that allow for access to a wireless computer network, such as a home or business network, via a communal device. The communal device retrieves network access information such as a PSK and provides a machine-readable code such as a QR code or bar code that automatically provides the access information to a user's device, thereby allowing access to the network with little or no user input required.

Abstract: A content delivery method including the operations of receiving a uniform resource locator resolution request at an authoritative name server for a domain where the uniform resource resolution request is received based, at least in part, on a host name of the uniform resource resolution request where the host name is uniquely related to a resource associated with the uniform resource resolution request. The method further including the operation of tracking a popularity of the resource based on the host name uniquely related to the resource and providing a location within a network capable of delivering the resource where the provided location is based on the popularity of the resource.

Abstract: In order to allow an access to the Internet, and therefore to a remote server, for a device having no connection with an Internet gateway, there is proposed a method to transmit a message from a first device to a remote server, the first device having no connection with the remote server, said method comprising: detecting a second device by the first device, establishing a communication channel between the first and the second device, transferring the message from the first to the second device, said message comprising an address of the remote server, transferring, by the second device, the message to the remote server using the remote server address contained in the message.

Abstract: Allowing a network function (such as a router, firewall or SD-WAN endpoint) or service chain of network functions to transparently access a network uplink, while also allowing a set of management entities to access the same link without interference or configuration. To the extent that a conflict arises between ports allocated to the management functions and to the network functions, the relevant port is automatically removed from use by management functions and allocated to network functions to end the conflict.

Abstract: Disclosed herein are system, method, and computer program product embodiments for providing an API description of an external network service and using the API to integrate the external service into a network. An embodiment operates by receiving, from a service provider, a description of an application programming interface (API), transmitting a call to the service provider using the API for creating a new instance of a service and transmitting to the service provider a traffic flow upon which the service will be applied.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer-storage media, for high-throughput parallel data transmission. In some implementations, a data connector module is configured to provide an application server with access to a data set of unstructured data. One or more computers receive a first request associated with a first application or service, and data identifying a second application or service different from the first application or service. A plurality of second requests are generated and distributed to processing nodes to generate results for the second requests. Result data derived from the results for the second requests to the second application or service.

Abstract: The subject disclosure relates to the creation of channels providing customizable video feeds in an online gaming platform. In some aspects, a process of the disclosed technology can include steps for receiving a first set of event attributes from a first user, the first set of event attributes comprising information identifying a first game title and a first game-play event associated with the first game title, monitoring play of the first game title by a second user to detect occurrence of the game-play event, and in response to a detected occurrence of the first game-play event, automatically providing a video stream of the first game title to the first user. Systems and machine-readable media are also provided.

Abstract: Disclosed is a mobile event streaming system that receives customer application lifecycle and user events including a message, event source and a destination then processes data for consumption by one or more customers, generating a secure data stream and sending the processed data over the generated data stream. An example system for receiving, processing, and delivering customer application lifecycle and user engagement data includes a server system having at least one processor, memory and a network interface where the memory stores program instructions for receiving, storing, processing and transmitting messages via the network interface. The mobile event streaming system may be a distributed content delivery service wherein the content delivered via the service is processed. Processing the data comprises the addition of metadata, one or more identifiers such as user, and event identifiers including predictions of future user engagement to enable real-time data consumption by customers.

Abstract: A computing system may include a database disposed within a remote network management platform that manages a managed network, and a software application associated with the platform and configured to: obtain, from an external computing system, information about a function-application arranged to execute source code segment(s) on demand; determine that the obtained information relates to (i) a plurality of authorization-keys each respectively arranged to authorize on-demand execution of one of the source code segments, (ii) a first key-value string pair that enables establishment of connectivity to a service of the external computing system or of another computing system, and/or (iii) a second key-value string pair that enables establishment of connectivity to a data source of the external computing system or of another computing system, and responsively determine association(s) between the source code segment(s), the function-application, the service, and/or the data source; and store the association(s) in t

Abstract: A cluster configuration request to form a hyperconverged computing infrastructure (HCI) cluster in a cloud computing environment is processed. Based on the cluster configuration request and any other cluster specifications, a plurality of bare metal computing nodes of the cloud computing environment are configured to operate as an HCI cluster. First, a tenant-specific secure network overlay is formed on a first set of tenant-specific networking hardware resources. Then, the tenant-specific secure network overlay is used by an orchestrator to provision a second set of tenant-specific networking hardware resources. The second set of tenant-specific networking hardware resources are configured to interconnect node-local storage devices into a shared storage pool having a contiguous address space. Top-of-rack switches are configured to form a network overlay on the first set of tenant-specific networking hardware resources.

Abstract: This application relates to the field of communications technologies, and in particular, to a policy management method and system, and an apparatus. The method includes: requesting, by a policy decision entity, an NFVO in a management domain of a composite NS to perform a management operation on a policy group. According to the solution provided in this application, consistency between the LCM policy of the composite NS and the LCM policy of the nested NS forming the composite NS is ensured, and policy management execution efficiency is improved in a scenario of providing a composite NS across management domains.

Abstract: A CAN device is provided with an encryption function and a decryption function. The encryption function allows messages to be encrypted and put onto a CAN bus. The decryption function allows the messages on the CAN bus to be decrypted. The encryption and decryption functions share keys which change over the course of time.

Abstract: A route processing method, a device, and a system, where the method includes: a network virtualization edge (NVE) device set including at least two NVE devices includes a common Virtual Extensible Local Area Network (VXLAN) Tunnel Endpoint (VTEP) address. The common VTEP address is used to identify a common VTEP, and the common VTEP is deployed on each NVE device in the NVE device set. In addition, each NVE device in the NVE device set includes a VTEP address, and the VTEP address is used to identify a VTEP included in a corresponding NVE device. An NVE device in the NVE device set establishes a VXLAN tunnel between the NVE devices in the NVE device set based on a VTEP address and the common VTEP address using an inclusive multicast Ethernet tag (IMET) route.

Abstract: In general, embodiments of the invention relate to storing data and managing the stored data in linked nodes. More specifically, embodiments of the invention relate to nodes linked together in a daisy chain configuration such as, but not limited to, a single-chain configuration and a dual-chain configuration, which use data protection domain (DPD) information to determine where and/or how to store the data.

Abstract: Herein is disclosed a method of verifying the authenticity of emails sent from a first email application of a sender to a second email application of a recipient, the emails each having a sender's email address, a receiver's email address, and a user accessible field for receiving content. The content of the user accessible field is visible to the recipient upon opening an email inbox in the second email application. The method includes the steps of first identifying the receiver for an email to be sent by the sender. A current sequence marker for the receiver is then generated. The current sequence marker represents a next sequence identifier in a sequence of emails between the sender and the receiver. The current sequence marker is then inserted into the user-accessible field of the email and the email is then sent.

Abstract: This disclosure describes techniques and mechanisms for providing hybrid cloud services for enterprise fabric. The techniques include enhancing an on-demand protocol (e.g., such as LISP) and allowing simplified security and/or firewall service insertion for datacenter servers providing those services. Accordingly, the techniques described herein provide hybrid cloud services that work in disaggregated, distributed, and consistent way, while avoiding complex datacenter network devices (e.g., such running overlay on TOR), replacing and moving the functionality to on demand protocol enabled servers, which intelligently receive the required mappings as well as registers and publishes the service information to intelligently interact with the network.

Abstract: Systems and methods herein provide for a proxy infrastructure. In the proxy infrastructure, a network element (e.g., a supernode) is connected with a plurality of exit nodes. At one of a plurality of messenger units of the proxy infrastructure, a proxy protocol request is received directly from a client computing device. The proxy protocol request specifies a request and a target. In response the proxy protocol request, a selection is made between one between one of the plurality of exit nodes. A message with the request is sent from the messenger to the supernode connected with the selected exit node. Finally, the message is sent from the supernode to the selected exit node to forward the request to the target.

Abstract: Systems, computer-implemented methods, and computer program products that can facilitate detection of an adversarial backdoor attack on a trained model at inference time are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a log component that records predictions and corresponding activation values generated by a trained model based on inference requests. The computer executable components can further comprise an analysis component that employs a model at an inference time to detect a backdoor trigger request based on the predictions and the corresponding activation values. In some embodiments, the log component records the predictions and the corresponding activation values from one or more layers of the trained model.

Abstract: A multi-agent simulation system performs a simulation of a target world in which a plurality of agents interacting with each other exist. The multi-agent simulation system includes: a plurality of agent simulators configured to perform simulations of the plurality of agents, respectively; and a center controller configured to communicate with the plurality of agent simulators. The center controller performs message filtering based on a distance between the agents. Specifically, the center controller sets a delivery frequency of the delivery message to be low between the agent simulators that perform the simulations of the agents distant from each other. A space of the simulation target world is divided into a plurality of partitions, and the message filtering is performed in units of the partition.

Abstract: Devices, systems, and methods are provided for detecting and preventing inter-cloud attacks. A method may include determining, by a first cloud management service, a cyber attack on a second cloud management service using the first cloud management service, and determining two or more source Internet protocol (IP) addresses associated with the cyber attack. The method may include determining a response to the cyber attack, the response associated with controlling egress traffic from the first cloud management service, the egress traffic associated with the two or more source IP addresses. The method may include sending a notification to the second cloud management service, the notification including an indication of the response.

Abstract: An electronic device configured to communicate with a host includes: a detecting logic configured to receive an initial command signal and a first completion signal according to the initial command signal after a connection of the host to the electronic device is established, and transmit a detection signal based on a signal transmission policy of the host that has been detected based on the initial command signal and the first completion signal; and a transmitting logic configured to transmit a second completion signal to the host based on the detection signal, wherein the signal transmission policy is different depending on whether the first completion signal is received in response to the second completion signal.

Abstract: Automatically detecting whether sessions are routed through proxy servers is provided. The system identifies a log with session information generated by a device for a session established between a client and a server traversing the device. The system compares a source internet protocol (“IP”) address for the session identified from the log with IP addresses of proxy servers. The system updates, responsive to a match based on the comparison, the log with an indication that the session was routed through a proxy server.

Abstract: Technologies for establishing and utilizing a decentralized cloud infrastructure using a plurality of mobile computing devices include broadcasting for the formation of the decentralized cloud computing and storage infrastructure and establishing wireless communications between the plurality of mobile computing devices. The plurality of mobile computing devices self-organize and cooperate with one another to establish a structured decentralized cloud infrastructure to expose and sharing resources, services, and/or applications for ad hoc or socially-driven decentralized, cloud computing purposes.

Abstract: The present disclosure relates to a 5G or pre-5G communication system for supporting higher data transmission rate beyond a 4G communication systems such as LTE. A method by a terminal in a wireless communication system according to an embodiment of the present invention comprises the steps of: deciding the release of the connection to a secondary node; generating a connection release request message for requesting the connection release; and transmitting the connection release request message.

Abstract: Methods, devices, systems and computer program products enable monitoring and responding to cyber security attacks. One such system relates to a consortium of monitoring companies and an infrastructure including one or more central monitoring stations or local handling stations for a monitoring company are provided. A central monitoring station of a monitoring company detects a cyberattack that has been launched against a client computer system, and requests a local station to respond to the cyberattack via onsite visits or requests additional resources from other monitoring companies through the consortium system. The central monitoring station also sends to the consortium system updates on a cyberattack that is detected or mitigated by a central monitoring station or local handling station of the monitoring company. The monitoring consortium enables stronger capabilities than any individual monitoring company can offer by the combination and coordination of the efforts and resources of the members.

Abstract: A system for optimizing network traffic is described. The system includes a quality of service (QoS) engine configured to acquire information regarding a plurality of data packets comprising a plurality of data packet flows operating over a plurality of links. The QoS engine can be further configured to determine a flow priority to the plurality of data packets flows, and to determine TCP characteristics for the plurality of data packet flows. The system further includes a TCP controller configured to acquire the flow priority to the plurality of data packets from the QoS engine. The TCP controller can be configured to obtain queue information associated with the plurality of data packets, and adjust a receive window size based on the flow priority and the queue information.

Abstract: Some embodiments provide a local controller on a set of host computers that reduce the volume of data that is communicated between the server set and the set of host computers. The local controller executing on a particular host computer, in some embodiments, receives a portion of the namespace including only the policies (e.g., opcode) that are relevant to API-authorization processing for the applications executing on the particular host computer provided by a local agent executing on the computer to authorize the API requests based on policies and parameters. The local controller analyzes the received policies (e.g., policy opcodes) and identifies the parameters (e.g. operands), or parameter types, needed for API-authorization processing (e.g., evaluating the policy opcode upon receiving a particular API request) by the local agent. In some embodiments, the local controller performs this analysis for each updated set of policies (e.g., policy opcodes).

Abstract: Techniques are disclosed for analyzing documents to detect web components and the web frameworks in the documents. In at least one embodiment, a network analysis system is provided to passively detect web frameworks of documents. The network analysis system can render a document using a document object model to identify objects in the document that are defined as web components. A hash function may be applied to each of the objects to generate a hash signature for the object. Files defining web frameworks can be downloaded from a repository system. Each file may corresponding to a web component. A hash function is applied content in each file to generate a hash signature. The hash signatures of each file may be compared to the hash signatures of the objects in the document to identify a web component for each object. A web framework can be identified based on the web components.

Abstract: Various example embodiments for supporting device telemetry control are presented. Various example embodiments may provide a customer of a device, which is monitoring the device based on device telemetry whereby the device exposes device data of the device based on device telemetry control information of the device such that the data of the device may be accessed by the customer, with control over device telemetry of the device. Various example embodiments may provide a customer, which may access device data of a device based on device telemetry supported by the device, with additional control over access to the device data of the device via device telemetry by providing the customer with control over the device telemetry including enabling the customer to insert customer device telemetry control information into the device telemetry control information of the device that controls device telemetry on the device.

Abstract: A communication apparatus is provided in a redundant communication system including a plurality of communication apparatuses having mutually-redundant configurations, and is configured so that its operating mode can be switched between a plurality of modes including an active mode and a standby mode. The communication apparatus includes a synchronization control unit configured to share client identification information with another communication apparatus included in the redundant communication system, and an address acquisition unit configured to acquire, in response to switching of the operating mode to the active mode, an IP address from a DHCP server by using the client identification information.

Abstract: A system manages usage of a network-enabled user device. A policy storage is separately located relative to the user device and stores usage policy sets. Each policy set comprises policies defining usage permissions/restrictions applicable to the user device. The system associates a first user with a first time period and a second user with a second time period, each time period exclusive of other time periods. The first user selects/modifies a first policy set for applying during the first time period, and the second user selects/modifies a second policy set for applying during the second time period. The first user cannot select/modify any policy set applicable during the second time period, and the second user cannot select/modify any policy set applicable during the first time period. A usage request from the user device is allowed/denied based on the policy set to be applied when the usage request is made.

Abstract: A device, system and method is provided for monitoring a user's interactions with Internet-based programs or documents. Content may be extracted from Internet server traffic according to predefined rules. Extracted content may be associated with a user's Internet interaction. The user's Internet interaction may be stored and indexed. The user's Internet interaction may be analyzed to generate a recommendation provided to a contact center agent while the contact center agent is communicating with said user for guiding the user's interaction, for example, in real-time. Traffic other than Internet server traffic may also be used.