Abstract: A map data construction method and device, where the method includes obtaining first basic safety information packets of a vehicle, where the first basic safety information packets include an information packet of the vehicle that is collected when a safety event occurs, obtaining first basic safety information data from the first basic safety information packets, where the first basic safety information data includes parameter information of the vehicle and extended safety information, the parameter information of the vehicle indicates a driving state and an appearance information of the vehicle, and the extended safety information is used to indicate a safety state of the vehicle and a safety state of a road, and performing model processing based on the first basic safety information data to generate the map data.

Abstract: In general, the technology relates to navigation control in a web application that includes receiving an event of a navigation trigger in a first page of a web application, and obtaining, in response to the event, an expression for the navigation trigger. The technology further includes gathering data from a first data source specified by the expression. The technology further includes evaluating the expression using the data to select a second page from a set of possible target pages, where each of the possible target pages is separately pre-stored in a data repository. The technology further includes presenting the second page.

Abstract: In a system for efficiently detecting large/elephant flows in a network, the rate at which the received packets are sampled is adjusted according to the measured heavy tailedness of the arriving traffic, such that the measured heavy tailedness reaches a specified target level. The heavy tailedness is measured using the estimated sizes of different flows associated with the arriving packets. When the measured heavy tailedness reaches and remains at the specified target level, the flows having the largest estimated sizes are likely to be the largest/elephant flows in the network.

Abstract: Techniques for streamlined database migration with stored procedure extraction into on-demand execution environments are described. A stored procedure of a first database is obtained and a code segment corresponding to the stored procedure is deployed as a function of an on-demand code execution service. A client application may directly execute the stored procedure by issuing a call to the on-demand code execution service to invoke the function, or by issuing a request to execute the stored procedure that is intercepted by a database proxy, which services the request by invoking the function on the client application's behalf.

Abstract: Methods, systems, and non-transitory computer readable storage media are disclosed for utilizing dynamic request queues to process electronic requests in a shared infrastructure environment. The disclosed system dynamically generates a plurality of separate request queues for tenant computing systems that utilize a shared processing infrastructure to issue electronic requests for processing by various recipient processors (e.g., one or more processing threads) by separating a primary request queue into the separate requests queues based on the tenant computing systems. The disclosed system also generates a plurality of queue order scores for the request queues based in part on a processing recency of each of the request queues and whether the request queues have pending electronic requests. The disclosed system processes electronic requests in the request queues by selecting a request queue based on the queue order scores and processing a batch of electronic requests utilizing a recipient processor.

Abstract: Context information may be obtained associated with an error corresponding to an operation. The operation may be defined in a programmatic interface, such as a command line interface. The context information may include identity information regarding an identity that operates the programmatic interface, operation information regarding the operation, and result information regarding a result of the operation. A selected resolution interface type for a resolution interface to assist in resolving the error may be selected based at least in part on the context information. The selected resolution interface type may be a permissions search interface. Scenario-based contents of the resolution interface, such as search terms, may be determined, based at least in part on the context information. The resolution interface may be automatically launched. Input for resolving the error, such as selection of an appropriate permissions policy for attachment to the identity, may be received via the resolution interface.

Abstract: In order to improve the safety and reliability of services provided by a computer, an authentication device (1) equipped with a transmission unit (15) and a determination unit (16) is provided. The transmission unit (15) transmits a challenge to a terminal device (7) where the challenge is presented to a user (8) to be authenticated, the challenge being information serving as the basis on which the user inputs information to be used for authentication processing. At this time, the transmission unit (15) transmits a plurality of different challenges to the terminal device (7). The determination unit (16) determines not only whether or not a response input to the terminal device (7) by the user (8) in response to each challenge is correct, but also whether or not time information regarding the challenge and the response thereto satisfies a condition regarding the response.

Abstract: One embodiment provides a computer implemented method for recovering an operating system (OS) after an upgrade hang using a dual-flash device. The method includes detecting a system hang during an OS upgrade; initiating a boot from the dual-flash device; checking for OS configuration data in the dual-flash device; creating a hook in OS boot scripts to recover the OS configuration data after OS boot; and applying the OS configuration data after OS boot.

Abstract: Systems and methods of managing payments for services or products are disclosed. Billing system data is extracted or accessed to provide business intelligence and. Visit charges from multiple billing systems can be aggregated to guarantor accounts within or across multiple billing systems and provide a single statement of charges for a given time period. Accounts are accessible online. Accounts can be linked to delegate management authority of a first guarantor's account to a second (manager) guarantor. Visit charges for linked accounts are included in the manager guarantor's statement an online access. Open charges balances can be brokered or transferred to a new asset holder. Pre-determined payment options can be configured by a provider, asset holder, and/or potential asset holder. The pre-determined payment options can include an option for financing a balance. A configurable financing option may enable a guarantor to request terms and receive automatic approval, subject to authorized terms.

Abstract: Systems, methods, and computer program products for the dynamic management of the capacity of connections to a server. One method includes receiving a request to change a first connection to a server and determining active connections to the server. The method also includes determining a corresponding current capacity of each active connection and determining a new capacity for the first connection and the active connections to the server. The method further includes determining that a spare capacity of the server is insufficient for the first connection. The method also includes allocating a capacity to the first connection based on the request. The method further includes adjusting the current capacity of the active connections, including reducing the current capacity of at least a portion of the active connections in proportion to the respective current capacity of the one or more active connections.

Abstract: Methods, systems, and devices are provided herein for establishing a proxy communication link for network devices. The proxy communication link can allow a network device, such as an access point, to communicate with a network device manager when the network device is in an error state. A proxy device, such as a smart phone, can be authenticated with the network device manager to provide a communication link and can communicate with the network device using an optical communication system. The proxy device can act as a relay between the network device and network device manager to allow the network device manager to diagnose the error state. Instructions can be sent to the network device or the proxy device to address the error state.

Abstract: Audio operating systems and related systems, methods, and devices are disclosed. A portable electronic accessory includes a microphone to receive audio inputs, a speaker to provide audio outputs, and control circuitry including a cellular data radio circuit and an application processor. The cellular data radio circuit is configured to communicate with a cloud server through a cellular data network. The application processor is configured to execute at least a portion of an audio operating system. The audio operating system is configured to host audio software applications provided by the cloud server. The audio software applications are configured to operate free from graphical user interface elements based at least in part on the audio inputs and the audio outputs. The cloud server includes one or more data storage devices including software application code for audio software applications to be hosted by an audio operating system (OS) of the portable electronic accessory.

Abstract: A wireless communication system delivers a data service to a wireless User Equipment (UE). A network controller exchanges UE signaling with the wireless UE and transfers UE information to a Network Exposure Function (NEF). The NEF transfers network information that indicates Quality-of-Service (QoS) levels and cost levels for the UE to a user data system. The NEF receives user selections from the user data system that indicate a selected QoS level and a selected cost level. The NEF indicates the selected QoS level to the network controller. The NEF indicates the selected cost level to a Charging Function (CHF). The network controller directs network elements to transfer UE data for the UE using the selected QoS level. The network elements transfer the user data for the UE using the selected QoS level. The CHF generates charging data for the UE based on the selected cost level.

Abstract: Provided herein are system, method and computer program products for providing dynamically-updatable deep transactional monitoring of running applications in real-time. A method for monitoring a target software application operates by injecting a software engine into a new thread within a target process of the target software application. The method then retrieves a monitoring script and initiates execution of the monitoring script within the software engine. The monitoring script determining the address functions and calls to the functions and inserts a trampoline call within the one or more functions. The trampoline saves the execution state of the target process and calls a corresponding monitoring function that to retrieves data associated with the target process. The method then restoring the execution state of the target process and resumes execution of the target function.

Abstract: Disclosed herein are methods, systems, and processes to detect anomalous computing assets based on open ports. Security data associated with computing assets executing in a computing environment is received from an agent executing on the computing assets. Open port information associated with the computing assets is extracted from the security data. The open port information and a list of computing assets with the open port information is used to generate a type similarity model and an open port model. The type similarity model clusters the computing assets and the open port model determines whether a port associated with a computing asset with the open port information is likely to be open or should be open in the computing environment, permitting detection of anomalous computing assets in the computing environment.

Abstract: An authentication system facilitates efficient generation of authentication integrations with third-party identity providers for client systems. The authentication system provides one or more interfaces configured to receive requests to make authentication integrations available for a third-party identity provider. The requests to make authentication integrations available include integration information for the relevant identity provider. Based on the request to make authentication integrations available, the authentication system generates an identity provider profile for the identity provider that can be used to generate authentication integrations with the identity provider for one or more client systems. Once the identity provider profile is generated, the authentication system uses the identity provider profile to generate authentication integrations for one or more client systems that request authentication through the third-party identity provider.

Abstract: A communication device including: an acquiring unit configured to transmit first identification information for identifying the communication device to a first connection destination and to acquire information about a second connection destination corresponding to the first identification information; and a transmitter configured to transmit data to the second connection destination.

Abstract: A printing control apparatus includes a transmission unit configured to transmit, to a transmission destination corresponding to any one of a plurality of different regions where a predetermined cloud print service is provided, a registration request to register the printing control apparatus in the predetermined cloud print service, and a setting unit configured to set the transmission destination.

Abstract: In order to solve a conventional problem that it is not possible to provide an information system that is robust to failures of a service server, an information system includes: a self-status storage unit in which self-status information is stored; an other-status storage unit in which status information of another service server is stored; a service unit that provides a service to terminal apparatuses; a status transmitting unit that transmits the self-status information to a management server; a status receiving unit that receives other-status information from the management server; a first determining unit that determines whether or not the self-status information satisfies a first condition; and a transfer processing unit that performs transfer processing, which is processing for enabling any one or more terminal apparatuses to which a service is being provided by the service unit to receive a service from another service server, in the case in which it is determined that the first condition is satisfied.

Abstract: A portable token device is described, the token device useable to request transactions performed over an interchange system. The token device authenticates a user through the use of biometric data such as a fingerprint. When in proximity to a point of sale (POS) terminal, the token device communicates with the POS terminal over a wireless network to authorize a transaction involving the user. The interchange system employs blockchain elements that can be used in a payment apparatus for managing payments or other types of transactions, and for managing user accounts. The interchange system enables users to enroll in the system, and enables the various users' computing devices to be used as confirmation centers for new transactions and/or funds transfers between users.

Abstract: Methods, systems and computer program products for implementing high-availability file services in a clustered computing environment. Two or more clusters are interconnected to carry out operations for replication of file content between file servers. The file servers and their respective network links are registered with a file server witness. The file servers operate in synchrony, where each file I/O is replicated from one file server to another file server over a first set of network paths. A file server witness communicates with each file server using a second set of two or more network paths interfaced with respective file servers. The file server witness monitors the file servers to determine operational health of the file servers. Upon receipt of a file I/O request, the file I/O request is directed to one of the two file servers based at least in part on the determined operational health.

Abstract: Disclosed herein are systems and methods for providing content to a user. In one aspect, an exemplary method comprises intercepting a search request and a site-name in a browser, and sending to a content-provision tool, the intercepted search request and site name, computing a hash of the intercepted search request and site-name, determining a type of the intercepted search request and site name, and transmitting the computed hash and the type of intercepted search request and site-name to a cloud server, transmitting the intercepted request and site-name to the cloud server in plain form, receiving, from the cloud server, content based on a categorization of the intercepted request and site-name and rules for establishing a category of the content, and when the rules are executed, displaying to the user, the content on the computing device of the user in accordance with a category established based on the rules.

Abstract: Embodiments of the present disclosure relate to generating a high level security policy for a data repository without knowledge of the access control, entitlement, and other models of the data repository. A set of abstractions that define a security policy language may be generated based on data in a data repository collection. The set of abstractions may define a security policy language, which may be provided to a security administrator who can define a security policy with the security policy language. The security policy may be translated into a common physical language to generate a common physical policy. The processing device may then translate the common physical policy into a set of commands for each of one or more data repositories that the data repository collection is comprised of.

Abstract: Some embodiments provide a method for distributing a set of parameters associated with policies for authorizing Application Programming Interface (API) calls to an application. For a previously stored hierarchical first document that comprises a first set of elements in a first hierarchical structure, the method receives a hierarchical update second document that comprises a second set of elements in a second hierarchical structure corresponding to the first hierarchical structure, wherein at least a subset of elements in the first and the second documents correspond to the set of parameters for evaluating API calls. The method receives a first set of hash values for elements of the first document that are not specified in the second document, and generates a second set of hash values for a set of elements specified in the second document. The method generates an overall hash for the second document by using the received first set of hash values and the generated second set of hash values.

Abstract: A first device connected to a network via a first connection may perform a method that involves determining a need for improved communication between the first device and the network, receiving a message from a second device that includes an indication of at least one performance parameter of a second connection between the second device and the network, establishing a peer-to-peer connection between the first device and the second device based at least in part on the indication, and communicating with the network via a communications channel that includes the peer-to-peer connection and the second connection.

Abstract: Attack scenario information describes each state of an information processing system to be attacked and an attack scenario including a chain of actions that can be taken in the state, an action that transitions from a first state to a second state is obtained with reference to state information, action information, and attack tactics information, a reward of the action is obtained with reference to reward information, the action information, and the attack tactics information, an expected reward of the reward of the action that transitions from the first state to the second state is obtained with reference to success probability information, the highest expected reward is set as a state value of reinforcement learning of the first state among the expected rewards of the action, and the attack scenario is generated by the reinforcement learning.

Abstract: There is provided a wireless end-user device including a wireless wide area network (WWAN) modem, a memory storing a WWAN network access policy including one or more first policy instructions associated with a first software application, and one or more processors to provide, using the WWAN modem, one or more network data traffic flows between the wireless end-user device and the WWAN, associate the first software application with a first one of the one or more network data traffic flows, and when (i) the wireless end-user device communicates or attempts to communicate data over the WWAN, and (ii) the first software application is associated with the first one of the one or more network data traffic flows, apply the one or more first policy instructions associated with the first software application to the first one of the one or more network data traffic flows.

Abstract: The present invention provides a packet processing method and system, and a network device. The method includes: receiving, by a first network device, a packet, where the packet includes match object information and match condition information; determining, by the first network device, a to-be-matched second network device according to the match object information, where the second network device includes one or more network devices; matching, by the first network device, device information of the second network device with the match condition information; and performing, by the first network device, forwarding processing or discarding processing on the packet according to a match result of matching the device information of the second network device with the match condition information. By using the method provided in the present invention, excessive occupation of network bandwidth can be reduced, and network resources can be saved.

Abstract: A method of establishing security monitoring functionality on a device on retail display includes obtaining, by a processor of a server computer, a mobile device management (MDM) startup message from the device, determining, by the processor, whether the device is enrolled for MDM supervision, and if the device is enrolled for the MDM supervision, downloading, by the processor to the device, configuration data to support the MDM supervision and implementation of the security monitoring functionality.

Abstract: Implementations of the present disclosure include receiving, from an agile security platform, attack graph (AG) data representative of one or more AGs, each AG representing one or more lateral paths within an enterprise network for reaching a target asset from one or more assets within the enterprise network, processing, by a security platform, data from one or more data sources to selectively generate at least one event, the at least one event representing a potential security risk within the enterprise network, and selectively generating, within the security platform, an alert representing the at least one event, the alert being associated with a priority within a set of alerts, the priority being is based on the AG data.

Abstract: Examples described herein relate to a system and method for deploying and managing services in tenant clusters using a management cluster. The management cluster includes an integration service in communication with a service controller. The integration service communicates with a service endpoint using privileged credentials for receiving tenant cluster-specific configuration information. The integration service generates access credentials for the new tenant cluster to communicate with the service provider. The integration service provides tenant cluster-specific configuration information and access credentials to the service controller for the deployment of the service in the new tenant cluster. The service controller deploys the service at the new tenant cluster and manages the lifecycle of the service at the new tenant cluster.

Abstract: A method for generating fingerprints of web domains and reacting to artifacts electronically received from those web domains is disclosed. When artifacts from a first web domain and artifacts from a second web domain have been transmitted over a network, a system generates, via a hashing function that consults registry information, a first hash for the first web domain and a second hash for the second web domain and identifies a correlation between the first web domain and the second web domain based on shared subsets of the first hash and second hash. Upon receiving a notification that artifacts from the first web domain had been determined to negatively impact the functioning of a secondary computing system; and based on the identified correlation between the first web domain and the second web domain, the system automatically quarantines artifacts from the second web domain from interacting with the secondary computing system.

Abstract: A storage server management system includes a management database for storing rack data and storage server data, wherein the rack data includes rack identifications and coordinates of multiple storage servers and the storage server data includes media access control addresses, model name and rail identifications of the multiple storage servers, multiple racks for containing the multiple storage servers, a dynamic host configuration protocol server for configuring the internet protocol addresses to the multiple storage servers, and a management console for generating a rack location map according to the rack data and the storage server data.

Abstract: The described embodiments perform a proximity unlock operation. For the proximity unlock operation, a first electronic device in a locked operating state detects that an authorized second electronic device is in proximity to the first electronic device. Based on detecting the authorized second electronic device in proximity to the first electronic device, the first electronic device transitions from a locked operating state to an unlocked operating state. In the described embodiments, the transition to the unlocked operating state occurs without the user performing a manual authentication step that is performed in existing electronic devices to cause the transition from the locked operating state to the unlocked operating state.

Abstract: Methods and apparatus for improving caller identification in telecommunications services based on general-purpose networks are described. A gateway device may process invitation messages sent from a telephone via a private branch exchange, in which the private branch exchange has replaced the number of the telephone with a customized number. The gateway device may determine that the customized number is mapped to an account-related number, and insert that number into a field of the invitation messages that is examined by a telecommunications provider and associated trunking services for account-related purposes.

Abstract: A constrained communication system may receive from a first user a plurality of constraints for a first constrained communication. A first constrained communication record is created based on the plurality of constraints. A first communication is generated based on the first constrained communication record. The first communication is provided to a second user. The second user provides response data and the underlying constrained communication is updated based on the response data.

Abstract: A system comprises control circuitry that is operable to assign a first of a plurality of computing devices to serve file system requests destined for any of a first plurality of network addresses; assign a second of the computing devices to serve file system requests destined for any of a second plurality of network addresses; maintain statistics regarding file system requests sent to each of the first plurality of network addresses and the second plurality of network addresses; and reassign, based on the statistics, the first of the computing devices to serve file system requests destined for a selected one of the second plurality of network addresses.

Abstract: A domain security assurance system includes a computing platform having processing hardware and a memory storing software code. The processing hardware is configured to execute the software code to obtain domain inventory data identifying multiple domains, to predict, using the domain inventory data, which of the domains are owned by the same entity to identify commonly owned domains, and to determine, using the domain inventory data and the commonly owned domains, which of the commonly owned domains are controlled by the same administrator to identify one or more group(s) of commonly administered domains. When executed, the software code also removes, using the domain inventory data, duplicate domains included in the group(s) to identify non-duplicate domains, evaluates a susceptibility of each of the non-duplicate domains to a cyber-attack to identify one or more target domain(s) vulnerable to the cyber-attack, and identifies the target domain(s) for a security assessment.

Abstract: Aspects of this disclosure relate to utilizing a 360-degree light source and frictionless authentication methods to provide access to a secure network and associated services. Data transmission is conducted via a light source that is also used to illuminate a location. An agent-centric method of frictionless data authentication and transfer is applied. The agent-centric authentication methods may be power efficient for use in connection with a mobile device having limited battery capacity and limited bandwidth.

Abstract: Embodiments of the present application disclose a method and apparatus for processing a service of an abnormal server, and relate to the field of cloud computing. An embodiment of the method comprises: acquiring, according to a service type of a service distributed on the abnormal server, a service migration instruction corresponding to the service type, in response to determining that the abnormal server exists in a public cloud system; generating abnormal report information according to abnormal information on the abnormal server and the service migration instruction, and sending the abnormal report information to a user who has the service of the service type, which corresponds to the service migration instruction; executing the service migration instruction corresponding to the service type of the service to migrate the user's service, according to the migration indication information acquired from the user.

Abstract: The method for an automated IPv6/IPv4 fallback approach in proxy networks is presented. In some embodiments, the method comprises receiving, at a proxy server, a request from a client executing on a client computer for access to a target computer; determining identification-information of the client; determining an address pair including an IPv6 address and an IPv4 address of the proxy server; assigning the address pair to the identification-information of the client; establishing a first communications connection between the client computer and the proxy server using one of IP addresses included in the address pair, and a second communications connection between the proxy server and the target computer using one of IP addresses included in the address pair; and facilitating a network packet flow between the client computer and the target computer using the first communications connection and the second communications connection.

Abstract: A method, a computer system, and a computer program product for managing content relevancy is provided. Embodiments of the present invention may include collecting and analyzing a plurality of data, wherein the plurality of data includes document data, document access data and user data. Embodiments of the present invention may include retrieving topic model content based on the plurality of data. Embodiments of the present invention may include building a machine learning (ML) model to determine one or more topics contained in the topic model content. Embodiments of the present invention may include generating a heatmap based on the user data. Embodiments of the present invention may include building a content relevancy model (CRM) based on the ML model and the heatmap. Embodiments of the present invention may include determining an action state for the document data. Embodiments of the present invention may include storing the CRM.

Abstract: A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both.

Abstract: Techniques are provided herein for coordinated data obfuscation. In one example, a first network device in a network obtains, from a controller in or having communication to the network, an obfuscation parameter that is further obtained by one or more second network devices in the network. Personally Identifiable Information (PII) of the first network device has a given logical relationship to PII of the one or more second network devices. Based on the obfuscation parameter, the first network device obfuscates the PII of the first network device to generate obfuscated PII of the first network device. The obfuscated PII of the first network device has the given logical relationship to obfuscated PII of the one or more second network devices. The first network device provides the obfuscated PII of the first network device to a server configured to collect the obfuscated PII of the one or more second network devices.

Abstract: A content delivery method, and related apparatus, that involves the operations of receiving a request for a content resource including at least one embedded resource with a tag. Upon identification of the tag, using at least one delivery parameter to generate a modified embedded resource. Embedding the modified embedded resource in a content resource, such as an HTML document. Delivering, such as in response to request from a browser, the content resource with the modified embedded resource.

Abstract: A method includes receiving a data access request at a computing system. The data access request is for completion of a first data processing task using the computing system. The method also includes accessing a plurality of first document types associated with a plurality of data processing tasks that include the first data processing task. The plurality of first document types indicates which of various subsets of data are required to complete the plurality of data processing tasks. The method also includes accessing a plurality of second document types that indicate assignments of the plurality of data processing tasks to a plurality of system requestors that includes the first system requestor, and executing the first data processing task based on the plurality of first document types and the plurality of second document types.

Abstract: Devices and method are disclosed for a load allocation and monitoring for a resource to be allocated in a network, where the resource to be allocated is a critical resource in terms of supply security for a population group and/or a system, and the critical resource comprises electric power, where the network is subdivided into network units, and each network unit has a network unit controller.

Abstract: A packet is received by a hypervisor from a first container, the packet to be provided to a second container, the packet including a header including a first network address associated with the second container. A network policy is identified for the packet in view of the first network address. A second network address corresponding to the second container is determined in view of the network policy. A network address translation is performed by the hypervisor to modify the header of the packet to include the second network address corresponding to the second container.

Abstract: A method for determining an access point name (APN) for mission critical services includes determining, at a user equipment (UE), APN information of a packet data network (PDN) based on at least one of a mission critical organization name, a registered public land mobile network identifier, or a home public land mobile network identifier currently associated with the UE; and connecting to the PDN based on the determined APN information.

Abstract: Embodiments of the present disclosure provide centralized and coordinate learning techniques for identifying malicious e-mails while maintaining privacy of the analyzed e-mails of different organizations. One or more models may be generated and configured to construct feature sets that may be used to characterize e-mails as malicious or safe. Feedback associated with one or more models trained by a first organization (and other organizations) may be shared with a modelling device to modify parameters of the one or more models, where the modified parameters are configured to improve identification of malicious e-mail threats. The feedback provided by the first organization may not include e-mails received by the first organization, thereby enabling the privacy of the e-mails received by the first organization to be maintained in an confidential manner even though the updated parameters may be shared with a second organization.