Abstract: A policy management service receives a request to evaluate a provisional policy to determine the impact of implementation of the provisional policy. The policy management service evaluates an active policy against a request to access a computing resource to determine an authorization decision. The policy management service then evaluates the provisional policy against the request to access the computing resource to generate an evaluation of the provisional policy. The policy management service provides the evaluation and the authorization decision in response to the request to evaluate the provisional policy.

Abstract: A device can determine that a sender user equipment connected to a network has been authenticated. The device can cause another device associated with the network to provide configuration information to the sender user equipment after determining that the sender user equipment has been authenticated. The device can receive an RCS message from the sender user equipment after causing the other device to provide the configuration information. The device can determine a capability of a set of receiver user equipment utilizing capability information stored in a data structure. The device can selectively provide the RCS message to the set of receiver user equipment utilizing the non-IMS RCS messaging based on the capability of the set of receiver user equipment, or provide the RCS message to the set of receiver user equipment without utilizing the non-IMS RCS messaging based on the capability of the set of receiver user equipment.

Abstract: Techniques provided herein relate to electronic authentication on public systems. A backend system receives at least one electronic data action request from a publicly available client system that is shared amongst a plurality of users. At least a portion of the primary authentication information is received from a secondary device separate from the publicly available client system. The electronic data action request is authenticated by determining if the primary authentication information matches expected primary authentication information that is expected to complete the electronic data action request. Performance of the electronic data action request is facilitated when the primary authentication information matches the expected primary authentication information.

Abstract: A remotely controlled device receives a first command from a remote control (RC) but does not execute the command. Instead, the remotely controlled device waits to receive the first command within a threshold period, and if not received twice within the period, the first command is then executed. However, the first command is not executed if it is received twice, at which point the name of the corresponding RC key is announced. A second double command caused by a second double press of the same key on the RC causes the remotely controlled device to announce the function of the key. The logic may be executed in the RC as well as or in lieu of executing it in the remotely controlled device.

Abstract: A system and method is provided for providing secure accelerated data transfer. The system may transparently provide accelerated data transfer between a client and a remote system. The system may provide a method for determining a mapped domain name for identifying an ingress server. The system may provide a method for determining a tunnel route to an egress server selected for establishing a connection with the remote system. The system may provide a method of exchanging data between the client system and the remote system via the ingress server and the egress server.

Abstract: A computer-implemented method includes receiving, by a storage controller from a first system, a fencing command that includes a parameter identifying a scope of an operation performed on a shared volume, utilizing a processor, setting, by the storage controller, a fencing indicator for at least a second system that is connected to the shared volume, utilizing the processor, where the fencing indicator limits access to the shared volume by the second system, sending, by the storage controller, a notification to the second system, utilizing the processor, where the notification includes the parameter and informs the second system that the access to the shared volume is limited, receiving, by the storage controller, an unfencing command from the second system, utilizing the processor, and resetting or removing the fencing indicator for the second system, utilizing the processor.

Abstract: In various embodiments, systems, methods, and techniques are disclosed for generating a collection of clusters of related data from a seed. Seeds may be generated based on seed generation strategies or rules. Clusters may be generated by, for example, retrieving a seed, adding the seed to a first cluster, retrieving a clustering strategy or rules, and adding related data and/or data entities to the cluster based on the clustering strategy. Various cluster scores may be generated based on attributes of data in a given cluster. Further, cluster metascores may be generated based on various cluster scores associated with a cluster. Clusters may be ranked based on cluster metascores. Various embodiments may enable an analyst to discover various insights related to data clusters, and may be applicable to various tasks including, for example, tax fraud detection, beaconing malware detection, malware user-agent detection, and/or activity trend detection, among various others.

Abstract: Some embodiments provide a novel method for load balancing data messages that are sent by a source compute node (SCN) to one or more different groups of destination compute nodes (DCNs). In some embodiments, the method deploys a load balancer in the source compute node's egress datapath. This load balancer receives each data message sent from the source compute node, and determines whether the data message is addressed to one of the DCN groups for which the load balancer spreads the data traffic to balance the load across (e.g., data traffic directed to) the DCNs in the group. When the received data message is not addressed to one of the load balanced DCN groups, the load balancer forwards the received data message to its addressed destination. On the other hand, when the received data message is addressed to one of load balancer's DCN groups, the load balancer identifies a DCN in the addressed DCN group that should receive the data message, and directs the data message to the identified DCN.

Abstract: For deduplicated data processing hierarchical rate control in a data deduplication system in a computing storage environment, priorities in a hierarchal structure are propagated by defining a relationship between each of a plurality of maintenance tasks and using a resource distribution function for managing and dividing resources between the plurality of maintenance tasks based on a priority for each maintenance task. Each one of the plurality of maintenance tasks is defined to be one of above, below, and at a same level in the hierarchal structure as compared to another one of the plurality of maintenance tasks. The hierarchal structure comprises a tree structure having a plurality of leaf nodes that are actual task and branch nodes that are virtual tasks.

Abstract: Writing data in a storage system that includes a first type of storage device and a second type of storage device, including: selecting, for one or more unprocessed write requests, a target storage device type from the first type of storage device and the second type of storage device; issuing a first group of write requests to the first type of storage device, the first group of write requests addressed to one or more locations selected in dependence upon an expected address translation to be performed by the first type of storage device; and issuing a second group of write requests to the second type of storage device, the second group of write requests addressed to one or more locations selected in dependence upon a layout of memory in the second type of storage device.

Abstract: A method of receiving a request to access a plurality of resources and determining whether a first resource of the plurality of resources is associated with a different authorization requirement than at least one second resource of the plurality of resources. In response to determining that the first resource of the plurality of resources is associated with a different authorization requirement than the at least one second resource of the plurality of resources, determining whether the request includes the authorization requirement for the first resource and the authorization requirement for the second resource. In response to determining that the request includes the authorization requirement for the first resource and the authorization requirement for the second resource, providing access to the first resource and the at least one second resource.

Abstract: A method for a terminal for authenticating an authorization for a particular command in a wireless communication system according to an embodiment of the present invention can comprise the steps of: receiving, from a first sever, a command for generating a resource group for access control to be used for authenticating an authorization of the command for generating a particular resource group; generating the resource group for access control; receiving, from a second server, a command for generating the particular resource group; and authenticating the command, for generating the particular resource group, on the basis of the generated resource group for access control.

Abstract: The present invention proposes a method and network element which allows increasing, in different aspects, communications network protection in a single network element. This element will have the ability to manage and provide the mechanisms needed for communications, user and device protection without having to cooperate with end systems (i.e., in a transparent manner for said systems). The present invention proposes a new physical and logical architecture for said network element with various databases and verification and learning mechanisms, offering protection, management and automation abilities much greater than the systems existing today.

Abstract: A configuration history service for web-based computing resources is implemented by capturing and storing a historical record of each configuration state for each computing resource in a subscriber's account. Files of the configuration history store information about a computing resource type offered by the web service. The file comprises records for each particular resource of that type that is or was actively configured in the subscriber's account during the period that the configuration history service is active in the account. Each record lists a particular configuration state, at a particular point in time, for a particular computing resource. The configuration history of a computing resource can be displayed as a timeline by which a subscriber can access information describing the configuration state of the particular computing resource at any point in time.

Abstract: A method (400, 500) of identifying nodes in a communications network is disclosed, the nodes being for use in locating wireless terminals within the network based upon reports from the wireless terminals of transmissions received from the nodes. The method (400, 500) comprises prioritizing combinations of nodes in which at least three nodes are located around a reference node in a configuration satisfying similarity criteria to an idealized star configuration, wherein an idealized star configuration comprises three nodes evenly angularly distributed around, and at the same distance from, a reference node. Also disclosed is a method (100, 200) for locating a plurality of wireless terminals in a communications network, the network comprising a plurality of network nodes at known locations, wherein the nodes emit wireless transmissions in an unsynchronized manner, such that a time difference exists between the emission time of corresponding transmissions from different nodes.

Abstract: The present disclosure describes systems and methods for remote management of appliances. The appliance may be configured to periodically check in a predetermined online location for the presence of a trigger file identifying one or more appliances directed to contact a management server for maintenance. If the file is present at the predetermined location and the file includes the identifier of the appliance, the appliance may initiate a connection to the management server. If the file is not found, then the appliance may reset a call timer and attempt to retrieve the file at a later time. To avoid having to configure addresses on the appliance, link local IPv6 addresses may be configured for use over a virtual private network, allowing administration, regardless of the network configuration or local IP address of the appliance.

Abstract: To efficiently construct a request load model that enables estimation of load information for a system on the basis of request information. A load estimation system comprising a management server that is connected to at least one object system, wherein the management server comprises model generation means that generates a request load model in which load information for the object system is correlated with a classification of request into which request information for the object system is classified, and the model generation means selects, in a process of the classification of the request information, the classification of request to be an object for sub-classification, based on estimation distribution information about the load information for each of the classification of request.

Abstract: Content hosting architectures and/or social networking architectures can be improved by, e.g., unifying the two architectures to some extent. Services or features from both can be leveraged to provide an ecosystem that can be superior or preferred by users or consumers. For example, premium content that typically must be purchased via a transaction with the content hosting service can be accessed by certain users that have not purchased the premium content provided those users have a social relationship with one that has purchased the premium content, which can be determined based on data managed by the social networking service.

Abstract: Exemplary methods, apparatuses, and systems for processing a search query of a user are detailed. For example, a search query may be received from a user at a social networking system, processed to generate a search result of a plurality of entity result cards and each result card that each include a plurality of order comments about the entity, a plurality of ordered images associated with the entity, contact information for the entity, wherein the comments and images take into account information about the user stored at the social networking system, and a result send to the user.

Abstract: A method begins by receiving, by an authenticated device of a dispersed storage network (DSN), an access request from a requesting device. The method continues by determining, by the authenticated device, whether the requesting device is affiliated with an anonymous user or an authenticated user. When the requesting device is affiliated with the anonymous user, the method continues by determining, by the authenticated device, status of the anonymous user. When the status of the anonymous user is of minimal threat to the DSN, the method continues by granting, by the authenticated device, temporary credentials and temporary access privileges to the anonymous user for use by the requesting device. The method continues by processing, by the authenticated device, the access request in accordance with the temporary credentials and the temporary access privileges.

Abstract: Methods and systems of dynamic comment are provided. A comment library stores comment entries and provides a basis for determining comment selections dynamically. Metadata associated with the comment entries may also be stored in the comment library. A set of comment selections may be determined based on the context in which a user is commenting on the digital content and the user's input. A comment library may be searched for matching instances of the user's input to determine the set of comment selections.

Abstract: The present disclosure relates to a method performed by a network element in an operator network for assessing a quality of experience (QoE) of a service for a radio device. The method comprises receiving a first value of a key performance indicator (KPI) of the service from the radio device. The method also comprises receiving a second value of the KPI from the operator network serving the radio device. The method also comprises comparing the first and the second values of the KPI, and determining any deterioration of the QoE over the operator network, based on said comparing. The present disclosure also relates to a method of the radio device as well as to the network element and the radio device.

Abstract: A method for reproducing an input/output (I/O) configuration of a computing entity. The method includes a computer processor receiving a request to initiate a first computing entity within a first computing system, where the first computing entity is associated with a first set of I/O configuration information and a first set of I/O resource dictates. The method further includes determining a plurality of I/O resources of the first computing system that are available for allocation and that include a first set of I/O resources that are substantially similar to the first set of I/O resource dictates of the requested first computing entity. The method further includes allocating the first set of I/O resources from the plurality of I/O resources available for allocation. The method further includes provisioning the requested first computing entity within the first computing system based, at least in part, on the allocated first set of I/O resources.

Abstract: An approach for regional firewall clustering for optimal state-sharing of different sites in a virtualized/networked (e.g., cloud) computing environment is provided. In a typical embodiment, each firewall in a given region is informed of its peer firewalls via a registration process with a centralized server. Each firewall opens up an Internet protocol (IP)-based communication channel to each of its peers in the region to share state table information. This allows for asymmetrical firewall flows through the network and allows routing protocols to ascertain the best path to a given destination without having to take firewall placement into consideration.

Abstract: A method, system, and computer program product for automatically receiving authorization data required to log into a service portal from a second device to a first device, via a validated connection. The method includes the first device submitting a first request to a provider to acquire authorization data required for an authenticated login to an associated online service of the provider. In response to the first device submitting the first request to the provider, the first device automatically receives the authorization data via a validated connection with the second device. In response to receiving the authorization data via the validated connection, the first device transmits a second request, including the authorization data, to the provider to gain access to the online service.

Abstract: A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device.

Abstract: Systems and techniques are described for virtual machine communication and migration. A described technique includes operating server systems that are configured to run virtual machines and providing a virtual network for Internet Protocol (IP) based communications to the virtual machines. The virtual machines can be assigned network addresses, such as IP addresses, on the virtual network. Providing the virtual network can include using separate IP tunnels to effect delivery of IP packets on the virtual network to the virtual machines, respectively. The technique includes migrating a virtual machine running on a first server system to a second server system. The migrated virtual machine can maintain its assigned IP address. The technique includes updating a tunnel endpoint destination associated with the assigned IP address of the migrated virtual machine. The updated tunnel endpoint destination can be based on a network address associated with the second server system.

Abstract: Uplink medium access control on per-wireless device level for a specific user. An access point sends a beacon frame to a wireless device. The beacon frame includes a BSSID that is unique to the wireless device. The beacon frame also includes embedded uplink configurations specifying uplink medium access for the wireless device. In one embodiment, a controller recognizes a device or user associated with the device, and sends corresponding uplink configurations for embedding in a subsequent beacon frame.

Abstract: A search engine system, including a slashtag server configured to detect at least one search operator in a search query and detect a boosting indicator associated with the at least one search operator. Additionally, a web server configured to, in response to the detected boosting indicator, and generate a first search result that includes a boosted ranking of at least a subset a plurality of search result items in the search result and display the first search result in a web browser.

Abstract: A system and method for seamless exchange and interaction of multimedia content between communication devices in a network are disclosed. The method can include the discovery and identification of devices within proximity of a sending device. The found devices can be authenticated through unique identifiers established during registration. Connection requirements can be determined based on the identifiers associated with the found devices and the sending device. In turn, the sender can establish a connection with the found devices using the connection requirements. The sending device can share or serve as a remote control to redirect and navigate the content, with a simple action or a gesture command, to the found device. The shared multimedia content, can either reside on the sender's mobile device or on a remote server within a connected network.

Abstract: A system for pagination of data based on recorded URL requests, includes a data store comprising a computer readable medium storing a program of instructions for performing the pagination of data based on recorded URL requests; a processor that executes the program of instructions; a data segmentation module to receive a log of the URL requests, and to segment the log for a specific source; a referral tree construction module to construct a referral tree for the specific source based on the segmented log and HTTP referrer fields associated with the log; a tree enhancement module to enhance the referral tree based on site-specific rules; a signal computation module to perform signal computation on a plurality of nodes associated with the enhanced referral tree; a classification module to identify each of the plurality of nodes subsequent to the signal computation is performed on the enhanced referral tree; and a page construction module to construct a web page based on the enhanced referral tree subsequent to

Abstract: Code intended to operate in an operating system without an isolation mechanism is executed in isolation. The present system enables synthetic transactions to be executed in isolation without affecting other client data and files. Isolation may be outsourced to a separate set of servers that have an operating system which does support isolation. A handshake or other protocol is utilized to maintain secure data and communication. Untrusted script code provided by a customer is isolated in one or more remote servers. To execute the script on a client machine, a key is provided to access this script. A machine at which the script is to be run is provided with the key and the address of the script code on the remote server. A secure connection is established between the client machine and the script code server and script is executed on the client machine.

Abstract: An apparatus and method for providing metadata with network traffic are provided. The method includes generating, at an electronic device, a network tunnel between an electronic device and at least one external electronic device that communicates with the electronic device via a communication network, and receiving data, including metadata of applications generating the received data, associated with one or more applications from the external electronic device via the network tunnel.

Abstract: An architecture that can facilitate initiation of an automatic synchronization operation based upon presence information in connection with a wireless communications network is provided. For example, when certain mobile devices register with a particular network entity (e.g., a femtocell) that services a particular target location (e.g., place of residence), then such registration can be leveraged to indicate presence at the target location. Accordingly, synchronization between the mobile device and other devices can be automatically initiated, without requiring input or effort by a user, or even that the user remembers to perform the synchronization operation. Moreover, the synchronization operation can be wireless, so connection cables need not be maintained or employed.

Abstract: A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions wherein at least one of the set of compliance rules is a temporary compliance rule valid for a predetermined period. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a temporary compliance rule associated with the inspected data flow. A packet filter is configured to when the data flow is identified as being associated with the temporary compliance rule, carry out an action with respect to the data flow corresponding to the temporary compliance rule while the temporary compliance rule is valid.

Abstract: According to one example of the disclosure, a first LPWAN receives a message from an Internet of Things (IoT) device. The message includes at least one of: a network ID associated with a second LPWAN and an application ID associated with the second LPWAN. In response to a determination that at least one of the network ID and the application ID are on the roaming white list of the first LPWAN, the message is caused to become available to the second LPWAN.

Abstract: An approach is provided for node-based map matching. The approach involves processing probe data to sort a plurality of probe points according to sessions keys. The approach also involves selecting a subset of the plurality of probe points within a threshold distance of a node of a map representation of a transportation network. The approach further involves initiating a map matching of the probe points of each session key to the map representation by, for said each session key: (1) determining a closest probe point to the node; (2) determining another closest probe point to a neighboring node, wherein the neighboring node is connected to the node by at least one link; and (3) projecting the plurality of probe points between the closest probe point to the node and the another closest probe point to the neighboring node onto the link.

Abstract: A system, method, and computer program product are provided for preventing access to data associated with a data access attempt. In use, a data access attempt associated with a remote data sharing session is identified. Further, access to the data is prevented.

Abstract: A multi-tenant, elastically scalable cache as a service is disclosed. Embodiments of the cache service eliminate the need for applications to manage their own cache tier. The multi-tenant cache service is implemented by maintaining/creating multiple named caches in a cache cluster and mapping each tenant's cache to a named cache in the cluster. Strict quotas are enforced on cache sizes This allows caches with different replication attributes to co-exist on the same cache server, allows migration of a cache from one cluster to another for load balancing purposes, and allows a cache to inflate/deflate to meet business needs. A network load balancer is used to route cache items to servers.

Abstract: Systems, methods, architectures, mechanisms and/or apparatus to manage alarm generation associated with the failure of an expected event or action to occur.

Abstract: Some embodiments provide a method for a first device to synchronize a set of data items with a second device. The method receives a request to synchronize the set of data items stored on the first device with the second device. The method determines a subset of the synchronization data items stored on the first device that belong to at least one synchronization sub-group in which the second device participates. Participation in at least one of the synchronization sub-groups is defined based on membership in at least one verification sub-group. The first and second devices are part of a set of related devices with several different verification sub-groups. The method sends only the subset of the synchronization data items that belong to at least one synchronization sub-group in which the second device participates to the second device using a secure channel.

Abstract: A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

Abstract: A method, system, and computer-readable medium are disclosed for generating a unified user profile. For example, a system may store, on a client device, a token under a first domain name. The token may specify state data for a communication session between the client device and a first content publisher addressed by the first domain name. The communication session utilizes a stateless communication protocol. The system may then generate a redirection resource locator. The redirection resource locator may include an identifier for a web object belonging to a second content publisher addressed by a second domain name and the token. The system then stores, on the client device, the token under the second domain name by directing the client device to send a web object request generated based at least in part on the redirection resource locator to the second content publisher. The web object request may request the web object from the second content publisher and including the token.

Abstract: There is provided a network join method including transmitting a long beacon message including transmission timing information of a first short beacon message to a child node network device, transmitting a first short beacon message including information regarding an interval in which it is possible to transmit a message, to the child node network device according to a transmission timing of the first short beacon message, receiving a slot allocation request message from the child node network device according to the interval in which it is possible to transmit a message, and checking whether the child node network device joins a network, and transmitting a slot allocation confirmation message to the child node network device.

Abstract: According to one embodiment, a system includes a processing circuit and logic integrated with and/or executable by the processing circuit. The logic is configured to cause the processing circuit to determine, by an application operating on a first host in a network, one or more security features and/or capabilities available to the application for protecting the application and first data used by the application from unauthorized activity. The logic is also configured to cause the processing circuit to send, by an ADPL operating on the first host via a data socket descriptor, a first message to one or more peer applications in the network, the first message including indication of the one or more security features and/or capabilities available to the application. The logic may further cause the processing circuit to receive a second message indicating security features available to a peer application in the network operating on another host.

Abstract: Systems and methods for preventing service disruptions in a computing system. The methods comprise: receiving, at a cloud-based computing system, messages for initiating software updates requiring system reboots by remote computing machines; and performing operations by the cloud-based computing system to cause an operational state of only one remote computing machine to be transitioned from an online state to an offline state at any given time by scheduling the software updates and system reboots in a one-machine-at-a-time manner.

Abstract: Embodiments provide a viewer/editor for schema-less data, such as a NoSQL database. The data structures are displayed so that each entity type in the data uses a different color and variable column widths. This allows the user to identify relationships between entities. For a selected entity, only the properties applicable to that entity are displayed by the viewer/editor. The column width for each property is optimized to reduce confusion and to allow the user to focus on the selected data.

Abstract: An information processing apparatus includes a session generating unit, an associating unit, and a processing unit. The session generating unit generates, in a case where an operation is accepted from a first terminal with a user not uniquely identified, first session information in association with the first terminal and generates, in a case where an operation is accepted from a second terminal, second session information in association with the second terminal. The associating unit associates the first session information with the second session information in a case where an operation for associating the first terminal with the second terminal is accepted. The processing unit performs, in a case where the first session information is associated with the second session information, a process using an operation log stored in association with the first terminal, in response to an operation performed using the second terminal.

Abstract: [Object] To optimize a content output process by caching a source of content in an appropriate format. [Solution] Provided is an information processing device including: a source acquisition unit configured to acquire a source of content; and a content output unit configured to output the content on the basis of the acquired source. The source includes a source cached by a client, and the cached source includes a source converted into an intermediate format.

Abstract: A cloud agent device including, determines whether the size of the file is less than the size of the remaining capacity of the second cloud storage, validating the verification request information of correctness, sending a affirmative notification to the first cloud storage and transfer the file from the first cloud storage to the second cloud storage when the verification request information is correct. The invention also provides a cloud storage and a file transferring method. The cloud agent device, cloud storage and file transferring method can efficient and accurate transfer of files in a safe condition.