Abstract: Exemplary embodiments relate to techniques for anonymizing information in an end-to-end (E2E) encrypted environment; the information may include, for example, statistical data about unique page/message views, view counts, view time, what users selected on the message or page, etc. Exemplary embodiments may prevent an E2E system server from being able to identify which user is associated with which record. Various examples are described, including an embodiment in which an originating client generates the data, encrypts it, and sends it to a random contact. The contact decrypts the data, re-encrypts it, and sends it to another random contact. The procedure continues for a set amount of time or for a set number of hops. Other embodiments relate to wrapping the data in various layers of encryption and sending the data to clients in a chain. The encrypted layers prevent clients along the chain from being able to view the anonymized data.

Abstract: A system is provided for tracing end-to-end transactions. The system uses bytecode instrumentation and a dynamically injected agent to gather web server side tracing data, and a browser agent which is injected into browser content to instrument browser content and to capture tracing data about browser side activities. Requests sent during monitored browser activities are tagged with correlation data. On the web server side, this correlation information is transferred to tracing data that describes handling of the request. This tracing data is sent to an analysis server which creates tracing information which describes the server side execution of the transaction and which is tagged with the correlation data allowing the identification of the causing browser side activity.

Abstract: Some embodiments provide a network forwarding element with a data-plane forwarding circuit that has a parameter collecting circuit to store and distribute parameter values computed by several machines in a network. In some embodiments, the machines perform distributed computing operations, and the parameter values that compute are parameter values associated with the distributed computing operations. The parameter collecting circuit of the data-plane forwarding circuit (data plane) in some embodiments (1) stores a set of parameter values computed and sent by a first set of machines, and (2) distributes the collected parameter values to a second set of machines once it has collected the set of parameter values from all the machines in the first set. The first and second sets of machines are the same set of machines in some embodiments, while they are different sets of machines (e.g., one set has at least one machine that is not in the other set) in other embodiments.

Abstract: A wireless device determines a change in a signal quality measurement of a wireless network. In response to the determining, a first message for changing one or more media for a video call in the wireless network is transmitted from the wireless device to a video application function (AF). A policy and charging rules function (PCRF) receives from the video AF, a DIAMETER AA-request (AAR) command for modifying a quality of service (QoS) of the video call. The PCRF transmits to a policy and charging enforcement function (PCEF), a second message comprising an updated QoS, wherein the updated QoS comprises QoS data bearer modification information based on the change in the signal quality measurement of the wireless network. The PCEF implements the updated QoS for the video call.

Abstract: A method for providing individualized communication service includes (1) recognizing a first client being communicatively coupled to a first local communication network, (2) determining an identity of the first client, (3) transporting first data between the first client and a first operator communication network, using the first local communication network in accordance with a first service profile associated with the first client, and (4) transporting the first data using the first operator communication network in accordance with the first service profile.

Abstract: Some embodiments described herein relate managing communications between an origin and a destination using end-user and/or administrator configurable virtual private network(s) (VPN(s)). A first VPN that defines a first data path between an origin and a destination can be defined at a first time. A second VPN that defines a second, different data path between the origin and the destination can defined at a second time. Each packet sent across the first VPN and each packet sent across the second VPN can follow the same data path for that VPN, such each packet can be sent across the first VPN or the second VPN in the order it was received, and the transition between the first VPN and the second VPN can be “seamless,” and communications between the origin and the destination are not disrupted between the first time period and the second time period.

Abstract: A method including utilizing, during an established VPN connection between the VPN server and a user device, a first exit IP address to transmit a first query to a host device for retrieving data of interest requested by the user device; determining that the host device has blocked the first exit IP address; establishing, during the established VPN connection, a secure connection with a secondary server to enable communication of encrypted data between the VPN server and the secondary server; and transmitting, during the established VPN connection and over the secure connection to the secondary server, an encrypted message identifying the host device and the data of interest to be retrieved from the host device to enable the secondary server to transmit a second query to request the data of interest based on utilizing a second exit IP address is disclosed. Various other aspects are contemplated.

Abstract: This application provides a communication method and a communications device. The method includes: obtaining a media access control (MAC) address that is of a terminal device and that is bound to a session and first route information of an interface, corresponding to the session, between a user plane function network element and a data network; and sending to an application function network element or a gateway of the data network, the MAC address that is of the terminal device and that is bound to the session and the first route information.

Abstract: A system may comprise a sending mobile phone that transmits SMS messages via a cellular network and packet switched messages via a PSMS and at least one server that supports the PSMS and maintains status information. The sending mobile phone may send a second message via a WLAN and via the PSMS, to a receiving mobile phone on a condition that an undelivered message threshold corresponding to the receiving mobile phone has not been exceeded.

Abstract: A data transmission method includes an optical line terminal (OLT) for obtaining a data template. The OLT then obtains corresponding optical network terminal (ONT) data based on one or more data types defined in the data template. The OLT then encodes the ONT data according to an external data representation (XDR) format and sends encoded ONT data to a management server. Further, the management server stores and manages the ONT data. The OLT collects the corresponding ONT data based on the data template, encodes and reports the ONT data according to the uniform XDR format. The embodiments define a unified statistics collecting and reporting manner of ONT data and uses standardly defined ONT data to help the management server store and manage the ONT data.

Abstract: Disclosed are a computer-implemented method, a system and a computer program product for TCP session closure in a container orchestration system. In the computer-implemented method for TCP session closure in a container orchestration system, a first pod being not alive in a second node can be determined by one or more processing units at a first node. A TCP session between a second pod in the first node and the first pod can be determined by one or more processing units at the first node based on a pod IP address of the first pod. The TCP session between the second pod and the first pod can be closed by one or more processing units at the first node.

Abstract: A method for communicating location information to a device includes receiving, at a computer system that implements a social networking service, location information that represents a geographic location of a device associated with a first user; associating, by the computer system, the received location information with a profile associated with the first user; and sending, from the computer system to a device associated with a second user, a message that is generated based at least in part on the location information.

Abstract: A method, a device, and a non-transitory storage medium are described in which a mapping table is transmitted to a user device. The mapping table includes, for each entry, an index, a frequency band, and wireless services available on the frequency band. Index information corresponding to a frequency band and wireless service available in a location associated with the user device is communicated to the user device. An icon associated with the wireless service is displayed on a display of the user device. A network device determines that the user device is using the wireless service to communicate via a wireless network and transmits, to a core network, an indication that the user device is using the wireless service on the frequency band.

Abstract: Systems and methods to manage and efficiently implement functional proxy services are disclosed. In the proxy services, a single instance of exit-node is connected to at least two or multiple supernodes at any given time. One of the plurality of supernodes is configured to ping and send diagnostic requests to the connected exit-node through a network. The exit-node is directed to send the pong message and diagnostic response data to a different supernode from among the plurality of supernodes connected to the exit-node. Likewise, a client's request is received by an element of the proxy service provider and forwarded to a specific supernode capable of forwarding the client's request to the exit-node. After performing the client's request, the exit-node returns response data to a different supernode from among the plurality of supernodes connected to the exit-node.

Abstract: Controlling allocation of resources in network function virtualization. Data defining a pool of available physical resources is maintained. Data defining one or more resource allocation rules is identified. An application request is received. Physical resources from the pool are allocated to virtual resources to implement the application request, on the basis of the maintained data, the identified data and the received application request.

Abstract: A system automatically maintains a plurality of client connections associated with a plurality of clients, the plurality of client connections including active and idle connections. A first server receives a request from a client of the plurality of clients to access a second server of a plurality of second servers communicatively coupled to the first server, the plurality of second servers having varying communication protocols. The first server then identifies a first communication protocol associated with the second server and activating a link between the first server and the second server using the first communication protocol.

Abstract: A method non-transitory computer readable medium, device and system that receives one of one or more requests from a client to a web server system. An interstitial page is served to the client and comprises instrumentation code that, when executed at the client, collects telemetry data. The telemetry data is received and a threat analysis is performed on the telemetry data collected in association with the one of the requests. A determination is made on when, based on the performing the threat analysis, that the one of the requests is from a potential attacker. When the determination indicates the one of the requests is not from the potential attacker then the one of the requests is allowed.

Abstract: A method for providing local access to managed content is disclosed. The method comprises receiving from a remote host a request to perform an operation with respect to content associated with a set of managed content and obtaining information required to respond to the request. The method further comprises providing in response to the request a content locator usable to perform the requested operation through direct communication with a content system through which the content is accessible.

Abstract: The disclosed embodiments relate to provisioning of a service, such as a financial service, to a device, such as a mobile device operative to access the service wirelessly or otherwise, in a manner which efficiently provides a consistent user experience which meets a user's expectations as to the functionality and quality of the service, including the user interface therefore and service delivery, which leverages the available capacities of the devices through which the service is provided so as to maximize the functionality and quality of the provided service without diminishing the experience, i.e. without substantially reducing the quality or functionality.

Abstract: Techniques for using web probes for monitoring user experience including use of caching to prevent a surge of web probes on destination servers and for detecting web probe traffic through a proxy including where the traffic is encrypted. A method implemented by a proxy includes receiving a response to a first web probe to a destination server; caching data associated with the response to the first web probe in a cache; receiving a request for a second web probe to the destination server; and serving a response to the second web probe utilizing the data in the cache in lieu of forwarding the second web probe to the destination server.

Abstract: Disclosed is a system for linking chatbot services and contact center services, and more particularly to a system for linking chatbot services and contact center services, in which a client is allowed to receive a query processing service from at least one of other chatbot servers or other contact center servers without changing a preexisting connection state while being initially connected to a specific chatbot server or a specific contact center server, so that a user can easily use a plurality of query processing services by linking the chatbot servers and contact center servers operated by a plurality of service providers, thereby minimizing the time, efforts and costs of the user who wants to receive the plurality of query processing services through the plurality of service providers.

Abstract: Techniques are described for dynamic production of linear media channels for delivery to passenger devices disposed on mobile transport craft while the transport craft are in transit. For example, each transport craft has an on-board media system. In accordance with a linear channel schedule, the on-board media system can generate a dynamically produced linear media (DPLM) channel that can be streamed as a continuous media channel to passengers on-board the transport craft. The linear channel schedule defines a sequence of programming time slots, including multiple broadcast programming time slots and multiple pre-positioned programming time slots.

Abstract: Capturing data packets for analysis using a virtual machine including receiving, at an analyzer virtual machine, an encapsulated packet for analysis, wherein the encapsulated packet comprises a monitoring metadata header and a data packet with a data packet header; stripping the monitoring metadata header from the encapsulated packet to obtain a de-encapsulated packet comprising the data packet with the data packet header; and directing, based on the data packet header, the de-encapsulated packet to a virtual network interface associated with a packet capture application within the analyzer virtual machine.

Abstract: A partitioned virtual space supports logical networking of IoT devices. Agents of the devices are assigned to interest-based cells in a virtual space, and can travel among the cells. Within the cells, pairs of devices are tested for similarity, based on device profiles, and for detected affinity. Agents of devices having affinity are connected in a logical network. Some attributes can be based on a personality model and can reflect the personality of a user or other principal associated with a device. Such attributes can influence requests for affinity testing, calculation of similarity, and further behavioral effects incorporated in affinity determination. Evaluation of recommendations can lead to updating of similarity scores or changes in affinity determination. Disclosed embodiments provide scalable, distributed, autonomous, and unsupervised device-to-device connectivity, free of prior constraints. Embodiments can be implemented in the cloud, with privacy protection.

Abstract: Certain aspects of the present disclosure provide techniques for communicating, by a user equipment (UE), over multiple slices. A method that may be performed by the UE includes transmitting, from an operating system (OS) to a modem, an indication of a start network request originating from an application, the transmitting of the indication based on a determination that a traffic descriptor associated with the application is a non-default descriptor. The method may also include determining one or more parameters for establishing a new network connection for the application, the one or more parameters determined based on a routing policy that provides mapping between the traffic descriptor and the one or more parameters.

Abstract: A system and method for facilitating signaling and media communication at a communication platform that includes receiving a communication request to a resource, wherein the communication request specifies a destination endpoint; establishing signaling and media communication in a session with the destination endpoint of the communication request; registering a callback resource to a signaling event of the session; monitoring signaling messages of the session; detecting the signaling event in the signaling messages of the session; and triggering the callback resource upon detecting the signaling event.

Abstract: In certain embodiments, a security system is provided to receive activity data associated with a first source. The security system may scan the activity data to determine if there are one or more actions of interest associated with a first user account in the activity data. The security system may retrieve, from memory, security rules associated with the first cloud-based service and/or an organization associated the first user account. The security system may compare the actions of interest associated with the first user account to the security rules to determine if there are one or more security violations. In certain embodiments, the security system may retrieve additional activity data from a second source. The security system may scan the additional activity data to determine if there are one or more actions of interest associated with the second user account in the additional activity data.

Abstract: A social networking system allows users to create and join groups in the social networking system, in which each group is associated with one or more interests shared by members of the group. To select content for presentation to a viewing user of the social networking system who is a member of a group, the social networking system may determine one or more topics associated with the group based at least in part on a classification system and on information associated with objects maintained in the social networking system that are similar to the group. The topic(s) associated with the group also may be determined based on information associated with the group, with members of the group, and/or with objects associated with the group. The social networking system may then select one or more content items associated with the topic(s) for presentation to the viewing user via a group page.

Abstract: A method includes defining a first specification for a first network slice, determining a first equilibrium value for a first time period for the first network slice offering, receiving a first bid price for the first network slice for the first time period from a first customer, comparing the first equilibrium value to the first bid price; and providing services using the network slice to the customer during the time period in accordance with the first specification and the bid price if the bid price meets or exceeds the equilibrium value.

Abstract: Technology is disclosed for feeding source images from image stores of client systems into an image processing system using image feeding servers (“the technology”). The technology includes multiple image feeding servers that can feed a source image to the image processing system, using which the image processing system can generate processed images to be served to end users. The image feeding servers can be installed at various locations, e.g., geographically spread, and more proximate to where the source images are stored. An image feeding server obtains the source image from the image store in original size, downsizes the source image, and transmits the downsized source image to the image processing system. The technology selects an image feeding server based on a score of the image feeding server. The score can be determined as a function of one or more image feeding server parameters, e.g., latency, workload, or computing resource.

Abstract: In some embodiments, a computer-implemented method comprises: receiving, at a proxy server, a plurality of active communications connection counts of a plurality of active communications connections that were active within a time period; determining a top count of active communications connections selected from the plurality of active communications connection counts; for each count of the top counts of active communications connections: determining a relative percentage of pre-connected communications connections, having a particular connection type and included in the count, to be pre-connected by the proxy server and available; determining whether the relative percentage of the pre-connected communications connections of the particular connection type is already pre-connected by the proxy server and is available; and if not, pre-connecting one or more particular communications connections of the particular connection type until the relative percentage of the pre-connected communications connections of the

Abstract: Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network.

Abstract: Embodiments of the present application relate to a method for policy enforcement, a system for policy enforcement, and a computer program product for policy enforcement. A method for policy enforcement is provided. The method includes receiving a host information profile report from a client device, and enforcing a security policy for network access based on the host information profile report. The host information profile report includes device profile information associated with the client device.

Abstract: Disclosed is an interactive device for an internet radio station, comprising a content presentation unit and a content selection unit. The content selection unit includes a knob, a selection module, a processing module, an indication module and a communication module. The knob inputs by a user, a channel selection instruction by means of manual rotation; the selection module generates a corresponding electrical signal according to the channel selection instruction; the processing module obtains, according to the electrical signal, a corresponding audio resource from the network radio station and releases the audio resource to the content presentation unit which plays the audio resource. The indication module generates, under the driving of the knob, a state change corresponding to the channel selection instruction. In this way, the user can select the audio resource by rotating the knob, so that the channel selection manner is similar to the traditional radio rotary tuning method.

Abstract: Systems and methods to manage and regulate the requests of multiple proxy clients are disclosed. In one aspect, the system and methods disclosed herein aids in configuring proxy server(s) with a rate-limit functionality. Configuration of the rate-limit functionality may be realized by, but not limited to, installing configuration file(s) and/or software application(s) on the proxy server(s). The configuration provides information about the list of restricted and unrestricted domains and their respective request limit specification in a given time frame. Therefore, each time before a proxy server forwards the clients' requests to a target domain, the proxy server checks and ensures that the request count to the particular target domain is well within the limit specified in the request limit specification. Thus, the embodiments described herein aid in preventing the IP addresses of proxy service providers from being blocked or denied from the target websites.

Abstract: A network device may receive, from a CSCF device, a request for registration data associated with an IMS service, and may provide, to the CSCF device, the registration data associated with the IMS service. The network device may receive, from the CSCF device, a request for location data associated with the IMS service, and may provide, to the CSCF device, the location data associated with the IMS service. The network device may receive, from the CSCF device, a request for authentication data associated with the IMS service, and may provide, to the CSCF device, the authentication data associated with the IMS service. The network device may receive, from the CSCF device, a request for subscriber profile data associated with the IMS service, and may provide, to the CSCF device, the subscriber profile data associated with the IMS service.

Abstract: A cellular data communication network includes a BBU connected to a UPF by an IP network. A first translation module translates GFP packets into IP packets transmitted over the IP network. A second translation module translates the IP packets back into IP packets and forwards the IP packets to the UPF. A PFCP proxy intercepts control packets of the UPF. Information snooped by the PFCP proxy is provided to a routing/SDN controller that programs the translation modules and a routing module to perform routing of packets in bypass of the UPF.

Abstract: Vehicular pursuit intervention systems and methods are provided herein. An example method includes determining unauthorized use of an emergency vehicle, causing the emergency vehicle to perform a controlled stop, locking access points of the emergency vehicle, closing windows of the emergency vehicle, and locking a weapon within the emergency vehicle.

Abstract: A new user seeking a base station to join must first implement a grueling series of complex steps, which may be especially challenging for the majority of devices expected in next-generation 5G and 6G systems. If the user has a real emergency, such as an imminent traffic collision, then the time wasted in locating (“discovering”) a nearby base station and finally logging on may make the difference between life and death. Disclosed herein are procedures for new users to transmit a “hailing” message on an allocated frequency that multiple base stations continuously monitor. The base stations can then reply at a standard amplitude, so that the new user can determine which base station is closer (or provides the best signal reception) according to the received amplitude. In addition, the reply messages can include a characteristic frequency of the replying base station, such as its entry frequency.

Abstract: A local network call handling device is configured to establish multiple concurrent call sessions between local network end devices and an external network. When a prioritized end device attempts to establish a call session, the call handling device may initially determine if a first call session identifier is available. If so, the call session can be established using that first identifier. If the first identifier is in use for a call session of another end device, the call handling device may either use a different call session identifier for the prioritized end device session or may drop a pre-existing call session to free an identifier for use in connection with the prioritized end device.

Abstract: Apparatus and methods for generating a unique token that can be imprinted on a document to attest to the verification of an executor's signature. The apparatus and methods may include a platform that may present a token electronically to the executor via a first electronic channel. The executor may use a registered device to capture a portion of the token, and transmit the portion from the registered device to the platform via a second channel to the platform. The platform may verify that the portion is registered to the executor. The platform may combine the portion with another portion of the token, and imprint the pair of combined portions on the document with another token.

Abstract: A media presentation device determines a voice command associated with media content presented by the media presentation device. The media presentation device then listens for and detects utterance of the determined voice command during presentation of the media content, and the media presentation device responds to the detected utterance by performing an action that facilitates user purchase of the good or service associated with the media content segment.

Abstract: Apparatus and method are provided for tying together an URL request to a function in the database which returns media data. The invention provides for apparatus that receives a URL request for BLOB data from a web client and receives dynamic values specific to the web client from the web client. The URL is parsed to determine the function in a database and, if they exist, any parameters. A call is made to the function in the database specified in the URL and, if they exist, with parameters specified in the URL and with the dynamic values from the web client. The result can be streamed to the user.

Abstract: Systems and methods are provided for efficient handling of user requests to access shared resources in a distributed system, which handling may include throttling access to resources on a per-resource basis. A distributed load-balancing system can be logically represented as a hierarchical token bucket cache, where a global cache contains token buckets corresponding to individual resources whose tokens can be dispensed to service hosts each maintaining a local cache with token buckets that limit the servicing of requests to access those resources. Local and global caches can be implemented with a variant of a lazy token bucket algorithm to enable limiting the amount of communication required to manage cache state. High granularity of resource management can thus enable increased throttle limits on user accounts without risking overutilization of individual resources.

Abstract: A pairing apparatus according to exemplary embodiments of the present invention comprises a position measurer for measuring position changes of a first direction and a second direction; and a processor for generating a secret key using the measured position change of the first direction and the measured position change of the second direction and performing a pairing with a pairing target apparatus using the secret key.

Abstract: Systems and methods directing requests to a particular node in a multi-tiered middleware environment are provided. In one embodiment, traffic requests can be dynamically routed to a desired server, and not be load balanced, based on an identification of the client generating the traffic requests.

Abstract: A method for processing messages by a device of a Voice over IP (VoIP) network. The method includes, following receipt of a message initiating a VoIP call coming from a terminal: determining whether the message contains a public telephone identity allocated to a user by the VoIP network; if so, triggering setting-up the VoIP call with a recipient of the message; otherwise: setting up a VoIP channel between the terminal and a voice server hosted by the device; obtaining, by the server via this channel, an authentication code of a user of the terminal; if the authentication code is associated at VoIP network level with a public telephone identity allocated by the network to a user, providing to the terminal the public telephone identity and authentication data associated at VoIP network level with this identity for making VoIP calls and being authenticated to the VoIP network.

Abstract: Described embodiments provide systems and methods for connecting to a server of a plurality of servers. The system may include a device intermediary between a client and a plurality of servers. The device may receive a remote desktop protocol (RDP) request from the client to connect to one of the plurality of servers. The RDP request may include a token. The device may cause a load-balancer of the plurality of servers to modify or remove the token of the RDP request, responsive to presence of a session directory/broker. The device may receive a server redirect packet that indicates a target server identified from the plurality of servers by the session directory, to which the client is to connect. The device may cause the server redirect packet to be modified to cause the client to send a redirected connection request packet for connecting with the target server.

Abstract: An adaptive cloud conversation platform capable of making automated decisions regarding when and how to establish ongoing communications with consumers so as to maximize the relationship between the consumer and a given brand. The system has a connection management services layer which determines what communications should be established and how they should be established, an initiation management services layer which determines when communications should be established, and a user management services layer which stores information about consumers and brands for determination of when and how communications should be established. Certain of these services have machine learning algorithms incorporated into them trained to perform analyses of the particular type of operation handled by that service. The outputs of each service can be used as inputs to other services, such that a network of machine learnings algorithms is created which determines when and how to establish ongoing communications with consumers.

Abstract: In a microcell environment, access points with a probe-if-assigned setting configured to delay probe responses to probe requests is registered and managed by a Wi-Fi controller. Probe requests are received and forwarded from at least two of the plurality of access points from a specific station attempting to connect to the Wi-Fi communication network. A Wi-Fi assignment module receives RSSI measurements from the at least two access points with respect to the specific access point, during a delay from the probe-if-assigned setting. A specific access point is assigned to the specific station for sending a probe response once a delay period expires.