Abstract: A method for generating hashes associated with web domains and reacting to transmissions from those web domains is disclosed. When artifacts from a first web domain and artifacts from a second web domain have been transmitted over a network, a system generates, via a hashing or fingerprinting function that uses registry information, a first hash for the first web domain and a second hash for the second web domain and identifies a correlation between the first web domain and the second web domain based on shared subsets of the first hash and second hash. Upon receiving a notification that artifacts from the first web domain had been determined to negatively impact the functioning of a secondary computing system, based on the identified correlation between the first web domain and the second web domain, the system automatically quarantines artifacts from the second web domain from interacting with the secondary computing system.

Abstract: Systems, methods, and non-transitory computer-readable media for managing data in view of data controls are provided. A request can be received from a client located in a jurisdiction to utilize a portion of data with a service. Based on a rule applicable to the jurisdiction, it can be determined that the service to utilize the portion of data is unavailable in the jurisdiction. To comply with the rule, a virtualized instance of the service can be deployed on hardware in the jurisdiction.

Abstract: An electronic device is disclosed. An electronic device comprises: a communication interface including circuitry; and a processor for, when a user voice is received, providing a virtual secretary function of providing, by voice, response information corresponding to the received user voice, wherein the processor: identifies whether the response information corresponding to the user voice is privacy information; if the response information is identified to be privacy information, identifies whether a surrounding environment of the electronic device is a public environment; and if the surrounding environment is identified to be a public environment, controls the communication interface to transmit the response information to an external device.

Abstract: A system and method for processing a resource identifier request in a vehicle that includes receiving an application data access request from at least one of an in-vehicle device and a portable device. The system and method also include retrieving and analyzing an electronically stored allow list that is stored and updated based on a wireless data plan that is associated with the vehicle and determining accessibility of the application based on analysis of the allow list. The system and method further include assigning a router port of at least one router of a telematics communication unit of the vehicle to allow or disallow accessibility of the application based on determined accessibility of the application.

Abstract: Provided is an analysis system that allows a security administrator to understand the impact of known vulnerabilities on the system to be diagnosed. The topology identification unit 14 identifies network topology of devices included in a system to be diagnosed. The analysis unit 6 generates an attack pattern that includes an attack condition, an attack result, an attack means that is vulnerability that is used by an attack, and a segment where the attack can occur in the system to be diagnosed. The display control unit 8 displays segments included in attack patterns superimposed on the network topology, on a display device. At this time, the display control unit 8 changes a display mode of the segment according to a type of the vulnerability that corresponds to the attack means included in the attack pattern including the segment.

Abstract: A method for detecting a cyberattack is provided. A set of packet capture training data has data elements labeled as being normal or cyberattack data. Metrics in the data are identified that are associated with either cyberattack data or normal data. Statistical measures are developed from these metrics. The training data and statistical measures are used to train a machine learning network. Real packet capture data is obtained and statistical measures are developed for this real data. The trained machine learning network, real data and real statistical measures are utilized to classify the real data as cyberattack data or normal data. Users are alerted if the trained machine learning data identifies cyberattack data in the real packet capture data.

Abstract: A system may generate a web conference recording of a live web conference among a plurality of participant computing systems. The system may receive, at the end of the live web conference, one or more local recordings from one or more participant computing systems of the plurality of participant computing systems. A system may merge content from the one or more local recordings into the web conference recording, the content from the one or more local recordings corresponding to one or more connectivity issues of a corresponding participant computing system during the live web conference.

Abstract: Examples relate to a system comprising a cluster of worker nodes communicatively connected to a control plane. The control plane includes a first control switch and a second control switch. The control switches are configured with a virtual IP address. The IP address is associated with a control switch operating in an active mode. The control switches communicate with a cluster of worker nodes via the virtual IP address. A single instance of a key-value database is deployed on one of the first control switch and the second control switch that is operating in active mode, and the first control switch and the second control switch are functionally coupled by a distributed block system for data synchronization.

Abstract: A cloud-based, integrated business application suite includes an add-in that enables access from a client device to a first server, but not a second server. A user accesses the first server through an interface of the integrated suite to request a webpage which launches a first local instance of a service application. The first local instance of the service application sets up a local storage location and provides this location to a URL that is used to launch a webpage that is a client of the second server. A second local instance of the service application which is aware of the storage location is launched and this instance stores data requested from the second server in the identified local storage location. The stored information is read from the storage location by the first instance of the service application and is provided to the integrated application suite.

Abstract: Embodiments include a method for providing tokens which includes: receiving from a user system an encrypted data packet including user credentials and a request for an authentication token to access protected resources; extracting the user's security information; transmitting a data packet to a security and access management system, where the data packet includes the user's security information and a request for user validation; receiving, from the security and access management system, user validation and additional data; generating a thin token and a fat token; storing the thin token in association with the fat token; transmitting the thin token to the user system; receiving, from the user system, a request to access protected resources from a protected resource system, the request including the thin token; validating the received thin token; accessing the fat token associated with the thin token; and transmitting the fat token to the protected resource system.

Abstract: The present disclosure is directed to providing a network user the ability to travel between different zones or locations within a network environment, such as, for example, a hospitality location, without requiring a user to re-login to the new location, while requiring a user to re-login to other locations within the network environment.

Abstract: Embodiments of the present disclosure relate to system and method for identifying at least one sensor on at least one user equipment [200] connected to a wireless network, comprising the a mobile management entity (MME) [101] transmitting an initial context setup request for at least one user equipment [200] to a network entity [300] of the wireless network. Next, the network entity [300] transmits a capability enquiry to the at least one user equipment [200] based on the initial context setup request received from the MME [101]. The network entity [300] receives a capability information from the at least one user equipment [200] in response to the capability enquiry, wherein the capability information comprises of sensor capability information of the at least one user equipment [200]. Thereafter, the network entity [300] transmits the capability information of the at least one user equipment [200] to the MME [101].

Abstract: A secure data routing method and system are disclosed. Logical communication channels are established that each associate an IP address and a protocol port associated with a first computer system to an IP address and a protocol port associated with a second or third computer system. Some logical communication channels associated with the second computer system and some logical communication channels associated with the third computer system are associated with the same IP address and protocol port associated with the first computer system. Data packets are received and parsed to find tokens embedded in the headers. A first data packet embedding a first token is associated to a first source and is decrypted using a first decryption key associated with the first source. A second data packet embedding a second token is associated to a second source and is decrypted using a second decryption key associated with the second source.

Abstract: Systems and methods for enabling auditing access to protected data stored at a data service using smart contracts on a blockchain are disclosed. According to certain aspects, a compliance management system may maintain and update a public blockchain with transaction indicative of non-compliance events associated with access to the protected data. Auditors or other third parties may access the public blockchain to audit the access to the protected data. Additionally, the compliance management system may implement a private blockchain to manage access restrictions to the protected data and process data requests for the protected data.

Abstract: Address information obtaining methods and apparatuses are described. It is determined that a network element that supports a type of a first NF and that is in a first network slice needs to be accessed. The type of the first NF and information about the first network slice is sent to a network repository network element to obtain address information of the network element that supports the type of the first NF and is in the first network slice. Address information of a first network element is received from the network repository network element. The first network element is the network element that supports the type of the first NF and that is in the first network slice. A terminal can obtain the address information of the network element that supports the type of the first NF and that is in the first network slice.

Abstract: Examples described herein provide wake-up of a network device. Examples include receiving, by a network interface of a first network device having a first Media Access Control (MAC) address, a request to wake-up a second network device having a second MAC address that is assigned to a same subnet as the first MAC address, and in response to the request, generating, by the first network device, a first wake-up frame having a destination address of the second MAC address and configured to cause the second network device to transition from operating in the first power mode to operating in the second power mode. Examples include transmitting, by the network interface of the first network device, the first wake-up frame to the second MAC address of the second network device.

Abstract: A system replicates data stored in a source database to target databases of systems such as mobile devices. The source database stores data objects, for example, documents, media objects, and so on. The source system ensures that the data objects stored in a target database correspond to a set of data objects that can be accessed by the user associated with the target database as determined by an access control specification of the user. Accordingly, if the access control specification of the user changes, the source system performs data synchronization to modify the set of data objects stored on the target database. If the access control specification is modified to revoke the user's access to a set of data objects, the source system performs data synchronization to send information identifying the set of data objects with a request to remove the data objects from the target database.

Abstract: A method for fast access to a data resource in a blockchain network is provided. The method includes opening a dedicated socket in a server to receive a datum from a data source and authenticating a signature of the data source to verify that the data source is a reliable data source. The method also includes storing the data in a dedicated memory space in the server, allowing a blockchain application to access the data in the dedicated memory space using a function that has accessibility to the dedicated memory space, and writing the data in a blockchain block when a block producer reads the data from the blockchain application. A system and a non-transitory, computer-readable medium storing instructions to perform the above method are also provided.

Abstract: A computing architecture for providing a software component or feature of a first platform as a service to a second platform. An API request from a frontend of the second platform, including a user auth token providing access to the second platform, can be received by an authentication token proxy service that converts the user auth token into a user auth token of the first platform. With this token, subsequent API requests of a backend of the first platform from the frontend of the second platform can be served directly by the second platform.

Abstract: Systems or methods of the present disclosure may provide an initialization technique that enables the initialization of multiple states in an efficient manner. The initialization technique includes a register to track usage of state components of the processor and a decode unit to decode a state initialization instruction. The state initialization instruction indicates that of the state components are to be initialized. The initialization technique also includes an execution unit coupled with the decode unit. The execution unit, in response to the state initialization instruction, is to initialize the state components without reading another state component from memory as part of the initialization.

Abstract: A system for implementing a virtual environment-to-virtual environment communication transmits a request to access a particular location of a host virtual environment to be granted. In response to the request being granted, the system receives a software token to access the particular location of the host virtual environment. The software token represents a digital key to access the particular location of the host virtual environment. The system accesses the particular location using the software token. The system participates in conducting an interaction session between a first avatar from the host virtual environment and a second avatar from another virtual environment.

Abstract: In some examples, a system includes a network managed by a service provider and configured to provide access to one or more objects to a set of tenants each having one or more users, the service provider and the set of tenants being part of a set of entities that form a hierarchy, and a controller having access to the network. The controller is configured to obtain data indicative of a set of parameters, where the data indicative of the set of parameters is associated with an owner entity of the set of entities, generate a rule which incorporates the set of parameters, where the rule enables the controller to control access to an object of the one or more objects, and add the rule to a rules database, wherein the rules database is accessible to the controller.

Abstract: Aspects of the disclosure relate to dynamically controlling access to linked content in electronic communications. A computing platform may receive, from a user computing device, a request for a uniform resource locator associated with an email message. Subsequently, the computing platform may identify that the uniform resource locator associated with the email message corresponds to a potentially-malicious site. In response to identifying that the uniform resource locator associated with the email message corresponds to the potentially-malicious site, the computing platform may determine a risk profile associated with the request received from the user computing device. Based on the risk profile associated with the request, the computing platform may execute an isolation method to provide limited access to the uniform resource locator associated with the email message.

Abstract: Various methods and systems for implementing request scheduling and processing in a multi-tenant distributed computing environment are provided. Requests to utilize system resources in the distributed computing environment are stored in account queues corresponding to tenant accounts. If storing a request in an account queue would exceed a throttling threshold such as a limit on the number of requests stored per account, the request is dropped to a throttling queue. A scheduler prioritizes processing requests stored in the processing queue before processing requests stored in the account queues. The account queues can be drained using dominant resource scheduling. In some embodiments, a request is not picked up from an account queue if processing the request would exceed a predefined hard limit on system resource utilization for the corresponding tenant account. In some embodiments, the hard limit is defined as a percentage of threads the system has to process requests.

Abstract: Digital layouts that are generated using a pre-defined format can be difficult for users to parse and understand. According to an aspect of the present disclosure, digital layouts are generated using formats that are dynamically determined based on the features in the digital layout. In an embodiment, a plurality of features are received, where each of the features correspond to a respective section of a plurality of sections for a digital layout. Based on the plurality of features, an association between two sections in the plurality of sections is detected. The digital layout is then generated using a format to affiliate the two sections. This digital layout could be an email or a webpage to be displayed on a user interface.

Abstract: Described herein are techniques for providing identification of a current user of a user device. Such techniques may comprise receiving a request for identification of a current user of a user device, receiving interaction data that includes information about current usage patterns for the user device, retrieving profile data associated with at least one potential user of the user device, comparing the profile data to the information about current usage patterns to determine for the at least one potential user of the user device, a likelihood value that the at least one potential user is the current user of the user device, and providing the determined likelihood value in response to the received request.

Abstract: A system and method for facilitating controlled access by a client device to one or more services provided by a server are disclosed. The client device's access to the services provided by the server may be dynamically controlled by a controller, which may generate instructions to an agent to effectuate the access control. The agent may be configured to control one or more access components associated with the server. The instructions generated by the controller may instruct the agent to cause the access control components to grant or remove the client device's access to the services provided by the server. In some implementations, the controller may generate such instructions based on a status of a session established between the controller and the client device.

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for managing tasks in a content management system. For example, the content management system can collect, aggregate, and/or store task data assigned to a user from across projects and/or content items. The user can select to view tasks for a particular project and/or from across all projects. The content management system can generate a single graphical user interface for presenting the task data associated with the user. The content management system can generate a graphical user interface the allows the user to move tasks from one task status graphical element (e.g., task status container) to another task status graphical element to change the status of a task associated with the user. Thus, the user can quickly and easily view the tasks assigned to the user and update the status of tasks in an easy to use graphical user interface.

Abstract: The present disclosure provides a switching method, an indication method, a terminal, and a network side device. The switching method applied to the terminal comprises: executing a switching command sent by the network side device; and in the case that switching fails and the terminal is configured with conditional switching, executing a conditional switching process.

Abstract: Systems and methods are provided for detecting changes in network activity that are depicted in a routing table. The routing table may be stored as a search tree data structure (e.g., Merkle Patricia Tree) to mimic a standard routing table and reduce the search time to find the desired route by allowing the router to traverse the search tree data structure more efficiently. Additionally, the metadata of the tree may be provided to an unstructured machine learning model (e.g., K-means) to identify new clusters of routes week-over-week and generate an alert with any changes. Changes are identified in near real time and dynamically at the router (not a central device) to reduce the time needed to respond to network changes.

Abstract: A procedure for automatically associating a mobile medical device with its current location is disclosed. The procedure allows automatic determination of the location of the mobile medical device without requiring either specialized location determination equipment or expensive computer equipment. A database of switch port to room associations created during a provisioning setup procedure is used when the mobile medical device connects to a network port after being brought into a patient room to associate the mobile medical device with the room and thereby the patient.

Abstract: A device may determine sample points associated with network routes within a network during a time interval, wherein each sample point that is associated with a respective network route comprises an amount of uptime for the respective network route during the time interval and a total frequency of state changes for the respective network route during the time interval. The device may generate, using an unsupervised machine learning mechanism, clusters of the sample points and may label the network routes with route stability labels based at least in part on the clusters. The device may generate, using a supervised machine learning mechanism, a route stability classifier based at least in part on the route stability labels for the network routes, and may determine, using the route stability classifier, a route stability of a new network route within the network.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: According to an aspect of the present disclosure, there is provided a method of transmitting feedback information from a user equipment (UE) in a new radio (NR) vehicle-to-everything (V2X) system. Here, the method of transmitting feedback information may include performing, by a first UE and a second UE, a session establishment process based on at least one of unicast and groupcast; exchanging, by the first UE and the second UE, ID information in the session establishment process; and completing, by the first UE and the second UE, the session establishment. Here, when the first UE and the second UE complete the session establishment, a physical layer ID representing a session may be determined.

Abstract: Embodiments herein describe creating tag bindings that can be used to assign tags to data corresponding to different tenants using a data processing unit (DPU) such as a SmartNIC, Artificial Intelligence Unit, Network Storage Unit, Database Acceleration Units, and the like. In one embodiment, the DPUs include tag gateways at the interface between a host and network element (e.g., a switch) that recognize and tag the data corresponding to the tenants. These tags are then recognized by data processing engines (DPEs) in the DPU such as AI engines, cryptographic engines, encryption engines, Direct Memory Access (DMA) engines, and the like. These DPEs can be configured to perform tag policies that provide security isolation and performance isolation between the tenants.

Abstract: A system for managing custom code within a data computing platform determines that a request for one or more uniform resource identifiers external to the platform is being made by custom code executing in the platform. In response to the determination, the system checks a whitelist of allowable external URIs against the requested one or more URIs and allows access to the requested one or more URIs if a match is detected with the whitelist, otherwise access by the custom code to the requested one or more URIs is denied. In addition, or alternatively, the system checks a blacklist of disallowed external URIs against the requested one or more URIs and denies access to the requested one or more URIs if a match is detected with the blacklist, otherwise access by the custom code to the requested one or more URIs is allowed. The blacklist can override the whitelist.

Abstract: Methods, systems and computer program products are provided for optimizing resources privately. An initial information gain corresponding to an initial client embedding dataset is computed and a machine learning model is trained based on the initial client embedding data set to generate at least one initial attack path in the initial graph data. A second information gain corresponding to a second client embedding data set is computed. A difference between the first information gain and the second information gain is computed. The machine learning model is trained if the difference between the first information gain and the second information gain meets a predetermined threshold to generate at least one new attack path in the second graph data.

Abstract: A distributed collaboration interface interacts with a workflow system. A job of the workflow system comprises a series of tasks. Each task of a single job may be performed via the collaboration interface by multiple principals. When a first principal is performing a first task of the job through a first instance of the distributed collaboration interface, second principals performing second tasks of the job may view but may not modify the first task. Moreover, second instances of the distributed collaboration interface associated with the second principals update in real time to lock the first task from being modified by the second principals as soon as the first principal obtains control of the first task within the first instance of the collaboration interface.

Abstract: An electronic device includes a port binding module that binds ports to processes. A process running on the electronic device sends a port request to the port binding module. The port binding module determines whether the requested port is a restricted port. If not, the port binding module binds the requested port to the process. If the requested port is restricted, then the port binding module determines whether the requesting process has an entitlement corresponding to the port. If the requesting process has the corresponding entitlement, then the port binding module binds the requested restricted port to the process. If not, then the port binding module denies binding the requested restricted port to the process.

Abstract: Context-aware security policies and incident identification, via automated cloud graph building with security overlays, are determined and performed by systems and platforms. Graph nodes, of a graph associated with a computing system, that represent resources associated with the computing system and entities associated with the computing system that have respective associations to the resources are generated. Security attributes are determined and assigned to the graph nodes that represent the entities and resources, and static and dynamic connections between the graph nodes are added to the graph. Additionally, possible connections in the graph between the graph nodes are added based on heuristic relational determinations of the graph nodes. From the graph, security incidents and kill chains are identified, context-aware security policies are generated and validated, and scopes and relationships of applications are identified. Accordingly, security actions are taken for the computing system.

Abstract: A packet-processing method includes looking up a first match-action table on a network interface card (NIC) for a received packet; in response to finding a matching entry indicating an action, queuing the received packet in a first queue and storing the action data in an instruction memory; and responsive to not finding a matching entry, queuing the received packet in the first queue and a second queue. The method includes selecting a first packet from the first queue for processing, which comprises performing a corresponding action stored in the instruction memory; selecting a second packet from the second queue for processing, which comprises forwarding a portion of the second packet to a processor, which looks up a second match-action table; and receiving, from the processor, a lookup result, thereby allowing a third packet in the first queue corresponding to the second packet to be processed based on the lookup result.

Abstract: An example system including a first top-of-rack (ToR) switch, and a second ToR switch, the second ToR switch is to receive a network packet from a first host, the network packet to include a destination address of a second host, and after a failure of a physical network interface card (pNIC) at the second host eliminates a first link between the second host and the second ToR switch, send the network packet to the first ToR switch via an inter-switch link between the first and second ToR switches to cause the first ToR switch to forward the network packet to the second host via a second link between the first ToR switch and the second host.

Abstract: With exponential growth in virtualized traffic within physical data centers, many end users (e.g., individuals and enterprises) have begun moving work processes and data to cloud computing platforms. A visibility platform can be used to monitor virtualized traffic traversing a cloud computing platform, such as Amazon Web Services, VMware, or OpenStack. But it can be difficult to manage how the visibility platform handles incoming virtualized traffic. Introduced here, therefore, are graphs that visually represent the network fabric of a visibility platform. When the network fabric of the visibility platform is represented as a graph, an end user can easily modify the network fabric, for example, by adding, removing, or modifying nodes that represent network objects, adding, removing, or modifying connections between pairs of nodes that represent traffic flows between pairs of network objects, etc.

Abstract: Methods and systems for detecting forged Kerberos protocol tickets are presented. In one embodiment, a method is presented that includes receiving and decrypting an authentication request including a ticket. A validity start time and a validity end time may then be extracted from the ticket and a validity period may be calculated based on the validity start time and the validity end time. The method may then include retrieving a domain validity period from a domain controller and comparing the validity period to the domain validity period. If the validity period differs from the domain validity period, the authentication request may be blocked.

Abstract: Methods and systems are disclosed for performing automatically creating AR experiences on a messaging platform. The methods and systems perform operations that include: receiving, via a graphical user interface (GUI), input that specifies a plurality of image transformation parameters; accessing a set of sample source images; modifying the set of sample source images based on the plurality of image transformation parameters to generate a set of sample target images; training a machine learning model to generate a given target image from a given source image by establishing a relationship between the set of sample source images and the set of sample target images; and automatically generating an augmented reality experience comprising the trained machine learning model.

Abstract: A data analytics device for application monitoring includes an application-monitor manager engine to receive configuration files from a cloud server and to generate monitoring rules for a number of monitors. A data-processing engine is coupled to the application-monitor manager engine and the monitors and coordinates activities of the plurality of monitors. The monitors are embedded in a user space and a kernel of a host operating system, and the monitoring rules for the monitors are generated based on the configuration files.

Abstract: Methods, systems, and media for personalizing computerized services based on mood and/or behavior information from multiple data sources are provided.

Abstract: Aspects of the disclosure relate to identity-based DNS-traffic routing and monitoring. A computing platform may establish, using an encrypted DNS process, a secure DNS session by executing an encrypted session handshake with a client device, which may include receiving a security certificate for the encrypted DNS process that identifies a user of the client device. The computing platform may receive an encrypted DNS query request comprising a request for an IP address for a specified domain name. The computing platform may determine, based on the security certificate, an identity of the user. The computing platform may determine, based on the identity of the user, a security policy indicating domain matching criteria and corresponding actions to take on matching domain names. The computing platform may determine a first action corresponding to the domain name, and may send, based on the first action, an encrypted DNS query response.

Abstract: Systems, methods, and computer-readable media for attack surface score computation can include the following processes. An attack surface score service receives information identifying open ports associated with an application. The attack surface score service determines an attack surface score for the application based on the information and common attack ports. A policy engine determines whether to implement a policy for reducing vulnerability of the application to attacks to yield a determination. The policy engine implements a vulnerability reduction policy based on the determination.

Abstract: Embodiments of the present disclosure relate to sharing data using database roles. Database roles are generated within a database container of a provider account. Grants to a particular subset of the plurality of data objects of the database container may be assigned to each of the database roles, and each of the database roles are granted to a share object. The share object is mounted within a consumer account to generate an imported copy of each of the database roles. The imported copy of one or more of the database roles is granted to each of one or more account level roles of the consumer account. When a new object is added to a particular database role, it is immediately available for consumption by any account level roles to which the imported copy of the particular database role has been granted.