Abstract: Techniques for dynamically cloning application infrastructures are provided. In one embodiment, a computer system can monitor one or more metrics pertaining to an infrastructure for an application at a first site. If the one or more metrics exceed or fall below one or more corresponding thresholds, the computer system can clone the infrastructure at a second site distinct from the first site, thereby enabling the application to be hosted at the second site.

Abstract: A method and system for processing network traffic data units (NTDUs) is disclosed. The method includes establishing a virtual tunnel between a wireless access point (WAP) and a network device. A NTDU is received by the WAP from a client device, and the virtual tunnel is identified upon which to transmit the NTDU based on a header of the NTDU according to a policy. The policy maps a portion of the header to a plurality of available virtual tunnels. The NTDU is transmitted, via the virtual tunnel, to the network device.

Abstract: A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation.

Abstract: A DNS server receives from a receiving email system, a DNS query for an email domain stored at the DNS server, the DNS query including identifying information of a sender of an email. The DNS server extracts the identifying information of the email sender from the DNS query and identifies one of a plurality of delivering organizations from the information. The DNS server determines whether the identified delivering organization is authorized to deliver email on behalf of the email domain. In response to determining that the identified delivering organization is authorized to deliver email on behalf of the email domain, the DNS server generates a target validation record based on the identity of the authorized delivering organization and the email domain, the target validation record including one or more rules indicating to the receiving email system whether the delivering organization is an authorized sender of email for the email domain.

Abstract: There are provided methods and systems for providing security on endpoints which are used on environment where temporary user access is needed without any session persistence. When a file is requested to be executed on any endpoint, the execution source would be checked for user information. If the file execution is requested by guest and/or pre-configured user accounts or any of the parent process is launched by guest and/or pre-configured user accounts, it is launched inside the secure container to isolate the all resource usage of that application from the rest of the system and user applications. This achieves the isolated data and application execution between temporary session/user files and persistent or system users session files. It enables a secure computing environment on an endpoint for shared and temporary user access enabled endpoints.

Abstract: Embodiments include a method, an electronic device, and a computer program product for storage management. According to one embodiment of the present disclosure, a method for storage management includes: determining at a kernel of a storage server whether a first system call related to a target file is initiated by a thread executed in the storage server, wherein the target file is a file targeted by an accessing operation executed by a client terminal with respect to a storage device; determining a first connection and a second connection that are associated with the target file if the first system call is initiated, wherein the first connection is a connection between the client terminal and the storage server, and the second connection is a connection between the storage server and the storage device; and causing the client terminal to access the target file via the first connection and the second connection.

Abstract: [Problem] Provided is a relaying device that can track and record a communicated voice of a specific communication terminal using a mixing function of the relaying device. [Solution] When a communication terminal has sent a call packet to call another at least one communication terminal, a communication session in which this communication terminal that has made a call and a communication terminal that has been called are participating terminals is established. In the communication session, voice communication is relayed by transferring a voice signal which is transmitted from the participating terminals to another at least one communication terminal. A virtual device is registered as a participating terminal of the communication session and the voice signal which is transmitted from the communication session to the virtual device is recorded in the relaying device.

Abstract: Managing secondary objects efficiently increases garbage collection concurrency and reduces object storage requirements. Aliveness marking of secondary objects is integrated with aliveness marking of referenced objects. Allocation of reference-sized secondary object identifier fields in objects which are not primary objects is avoided; a dedicated bit specifies primary objects, together with an object relationship table. A primary object is one with at least one secondary object which is deemed alive by garbage collection if the primary object is alive, without being a referenced object of the primary object. Any referenced objects of the alive primary object will also still be deemed alive. Code paths for marking referenced objects can be shared to allow more efficient secondary object marking. Primary-secondary object relationships may be represented in dependent handles, and may be specified in a hash table or other data structure.

Abstract: A method of delivering an orphan delivery receipt for a mobile-terminated message to a messaging platform from which the mobile-terminated message originated. A network of data exchange connectors is deployed, wherein each data exchange connector is associated with a messaging platform. When one of the messaging platforms receives a delivery receipt it cannot reconcile, the delivery receipt is replicated to all data exchange connectors. The data exchange connector associated with the messaging platform from which the mobile-terminated message originated identifies and consumes the delivery receipt based on predefined filtering criteria. The data exchange connector publishes the delivery receipt to the originator messaging platform. The originator messaging platform correlates the delivery receipt with the mobile-terminated message and posts the delivery receipt to a corresponding enterprise customer.

Abstract: A computer-implemented method is presented for reducing data loading overhead of middleware to facilitate direct data loading to a database management system (DBMS). The method includes, while data loading, sending external-writes to a memory-based DBMS if corresponding internal-writes are for vertices, exporting all the external-writes to a disk-based DBMS as an export file, and sending an external-read for vertices to an in-memory DBMS if the middleware requests data. The method further includes, at the end of data loading, generating files for raw data of the disk-based DBMS from the export file and sending the generated raw files to the disk-based DBMS.

Abstract: A method, system, and computer program product for identifying network appliances on a network which includes a processor configured to intercept network communications from one or more devices on a first network in communication with a second network. The processor may store information about each communication in a database, the information including a Client Id and a destination address. The processor may query the database for a list of all destination addresses which were attempted to be contacted for each Client Id and generate metadata for each Client Id. The processor may analyze each Client Id, the associated metadata for each Client Id, and the destination addresses associated with each Client Id using one or more rules in a device identification tree and assign a device label to each Client Id of the one or more devices.

Abstract: Systems and methods for processing requests for shared records are described. A server computing system receives a data access request associated with a user. The server determines shared records granted by a first sharing rule associated with the user in response to receiving a data access request. The server processes the data access request based on the shared records granted by the first sharing rule and shared records granted by a second sharing rule associated with the user. The shared records granted by the second sharing rule having been determined prior to receiving the data access request, the first sharing rule and the second sharing rule generated prior to receiving the data access request.

Abstract: A method for optimized server picking in a virtual private network (VPN), the method comprising receiving, from a user device, service information indicating one or more VPN services to be received during an established VPN connection; determining, based at least in part on the service information, a given VPN server from among a plurality of VPN servers to provide the one or more VPN services to the user device; and transmitting, to the user device, information associated with the given VPN server to enable the user device to receive the one or more VPN services. Various other aspects are contemplated.

Abstract: Methods, devices, and systems for migration or sharing of existing M2M service layer sessions are disclosed. In one embodiment, a Session Migration and Sharing Function (SMSF) performs the migration or sharing of a M2M service layer session. Various forms of service layer session context may be used to enable the migration and sharing of M2M service layer sessions.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to identify a first request having a first source port number, from a device, determining whether a second request, having a second source port number, is within a threshold number of ports from the first source port number, group the first and the second requests as a first session when the second source port number is within the threshold number of ports from the first source port number, and generate session windows, the session windows including the threshold number of ports, wherein the session windows are applied to lowest and highest source port numbers associated with a current session.

Abstract: Methods, systems, and computer readable media for electronically facilitating streaming payments are provided. An exemplary method includes receiving a request to access protected media content hosted by a content provider, determining a minimum currency increment based on a user designated payment type, and establishing a predefined content increment that corresponds to the protected media content. The method further includes determining a minimum session expense ratio based on the minimum currency increment and the predefined content increment, initiating a user session that permits access to the protected media content, and determining a quantification of protected media content that is consumed at a termination of the user session.

Abstract: This disclosure describes techniques for automating a system-level security review of a network-based service. The techniques may include generating and utilizing a machine-readable threat model to identify system-level security threats to the network-based service. The network-based service may be scanned upon being provisioned in a service-provider network, and the machine-readable threat model may be generated based on results of the scan. The machine-readable threat model may represent components of the network-based service, system-level security constraints configured to identify system-level security threats to the service, and mitigations to remedy violations to the system-level security constraints. The network-based service may be continuously, or periodically, scanned to identify changes in the network-based service.

Abstract: A declarative mechanism is used to manage large documents within a repository. The large documents are sectioned into subdocuments that are linked together by a parent document. The combination of the parent document and subdocument is referred to as a compound document. There are multiple options for configuring rules to break up a source document into a compound document and naming the subdocuments. The compound documents may be queried using statements that treat the compound document as a single XML document, or the parent document of a subdocument may be queried and treated independently. Access control and versioning can be applied at the finer granularity of the subdocument.

Abstract: A service module may detect a power shutdown of an information handling system. In response a service processor may monitor incoming network traffic at a network port and at a universal serial bus port, and if the incoming network traffic includes a power control command directed to the information handling system, then execute the power control command.

Abstract: Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames.

Abstract: Techniques for entity references in messaging groups. A client device may receive a notification in a messaging application that an entity reference to a user associated with the client device appears in a group messaging thread. The group messaging thread may have, as participants, one or more other users associated with one or more other client devices. A notification of the appearance of the entity reference may be displayed in a user interface of the messaging application.

Abstract: The present technology is directed to controlling and managing resources both in Software-Defined Cloud Interconnect (SDCI) providers and cloud service providers via a single network controller and further connecting virtual networks in a branch site to virtual networks in the cloud service providers. A network controller can establish a network gateway in an SDCI provider, establish a cross-connectivity between the network gateway in the SDCI provider and one or more clouds, group one or more virtual networks in the one or more clouds and one or more virtual networks in a branch site into a tag, and establish a connection between the one or more virtual networks in the one or more clouds and the one or more virtual networks in the branch site using the tag.

Abstract: According to certain embodiments, a method and apparatus may include performing, by a first network entity, at least one benchmarking procedure of at least one network hop delay per at least one transmit resource towards at least one peer network node identified by at least one internet protocol destination address. The method and apparatus may further include deriving, by the first network entity, a second table, by, for each peer node associated with an internet protocol destination address, determining at least one existing configured mapping of at least one network instance into a transport resource Ti per internet protocol destination address. The method and apparatus may further include updating, by the first network entity, the first table and the second table for each internet protocol destination address and transmitting the updated second table to the second network entity.

Abstract: A method, system, and computer-usable medium are disclosed for establishing a reference outbound email volume rate for a user account, monitoring the user account to determine a current outbound email volume rate, determining a risk score based on the current outbound email volume rate and the reference outbound email volume rate, buffering outgoing emails of the user account if the risk score exceeds a threshold risk score, analyzing the buffered emails against one or more factors indicative of a probability of the buffered emails comprising spam, and responsive to analysis of the buffered emails against the one or more factors indicating that the user account is potentially compromised, quarantine the user account and prevent outbound mail from being delivered from the user account.

Abstract: Some implementations of the disclosure are directed to a media access controller (MAC) of a mobile satellite terminal that may autonomously determine whether or not wake up a software processor of the mobile satellite terminal depending on information contained in a packet received from a user device. The MAC may receive a frame contained in a packet transmitted by a user device to the mobile satellite terminal; automatically determine whether to accept or drop the frame by applying one or more programmed filters to the frame; if the frame is accepted: store the frame in the memory, and cause a power controller to power on the software processor to process the stored frame; and if the frame is not accepted: drop the frame without causing the power controller to power on the software processor.

Abstract: A network device may receive network traffic associated with a session, wherein the session is associated with a network. The network device may determine, from the network traffic, an application path that is associated with the session and may determine an application path identifier associated with the application path. The network device may determine, based on policy information that is associated with the application path identifier, whether the network traffic associated with the session is permitted to be communicated via the network and may perform, based on whether the network traffic is determined to be permitted, an action associated with communication of the network traffic.

Abstract: A computing system receives, from a client device, a first request for access to a single page application associated with the computing system. A gateway of the computing system intercepts the first request before it reaches a shell service associated with the single page application. The gateway sends a second request for the single page application to the shell service. Based on the single page application request, the gateway determines that the shell service is experiencing a failure. Responsive to determining that the shell service is experiencing a failure, the gateway retrieves, from a content delivery network, a uniform resource locator (URL) associated with a time-lapse hypertext markup language (HTML) of the single page application. The gateway redirects the client device to the time-lapse HTML of the single page application using the URL.

Abstract: The invention relates to the technical field of network security, in particular to a method and device for processing network resource access, a server and a terminal. The purpose is to improve network security. The technical scheme is: receiving a first access request for a target network resource, generating a second access request corresponding to the first access request according to a preset corresponding relationship, and transmitting (directly or indirectly, the same below) to a target network resource server; receiving a first response returned by the target network resource server according to the second access request (directly or indirectly, the same below), and converting the first response to generate information in an image coding format as second response information content; generating a second response according to the second response information content as a response to the first access request, and transmitting (directly or indirectly) to a user terminal.

Abstract: A method of facilitating P-CSCF restoration when a P-CSCF failure has occurred is disclosed. The method comprises a Proxy Call Session Control Function, ‘P-CSCF’ receiving a Session Initiation Protocol, ‘SIP’, message when said P-CSCF has been selected as an alternative P-CSCF to a failed P-CSCF and providing, to an associated Policy and Charging Rules Function, ‘PCRF’, a message comprising an indication that P-CSCF restoration is required.

Abstract: An example operation may include one or more of receiving, by a document processor node, a file with a document identifier (ID), generating, by the document processor node, a hash of the file, submitting, by the document processor node, a blockchain transaction containing the hash of the file, the document ID and a locator of a document, assigning, by the document processor node, document access permissions to participating nodes, and notifying the participating nodes of a version of the document under the ID.

Abstract: Systems and methods electronically determine whether a dataset is permitted or excluded based on permission digital rules. Primary entities often are required, or choose to, exclude proposed relationship instances with secondary entities. The systems and methods described herein allow permission digital rules to be defined and applied to datasets obtained from secondary entities relating to a proposed relationship instance with the primary entity, and permit or exclude a resource from being produced for the dataset based on the permission digital rules.

Abstract: Techniques to handle calls to web services via a service proxy are disclosed herein. In one embodiment, a technique includes an intermediate server receiving a request from a client device to the web service at a target server. In response to receiving the request, the intermediate server can authenticate the received request from the client device and upon successful authentication of the received request, forward the request to the targeted server and invoking the web service to process the forwarded request because the intermediate server is authenticated with the target server. The technique can also include receiving, at the intermediate server, data from the target server that represents execution results of the request by the web service at the target server. Upon receiving the data, the intermediate server can then forward to the client device, the data representing execution results of the request by the web service at the target server.

Abstract: A deployment system may generate and deploy network topology models within one or more workload resource domains. In some examples, the deployment system may implement a hierarchical data structure to store and manage multiple variations of a network topology models, in which network topology definitions and other characteristics may be inherited between related elements in the data structure. Data structures storing network topology models may be implemented as hierarchical levels of elements storing related, overlapping, and/or alternative portions of network topologies. A network topology model may be generated for deployment by combining the portions of network topologies stored within a branch of elements in the hierarchy, and the model may be deployed across one or more workload resource domains. Modifications to network topology models may be applied to individual elements and/or propagated to related elements based on the relationships and metadata defined for the in the hierarchical structure.

Abstract: The present disclosure discloses a network access method and a network access apparatus for speech recognition service based on artificial intelligence. The network access method includes: judging whether there is available IP address information in an IP buffer module when a speech recognition request is received, in which the IP buffer module is configured to buffer IP address information used for a speech recognition performed successfully last time; performing an identity authentication on the available IP address information when there is the available IP address information in the IP buffer module; and accessing to the speech recognition service via the available IP address information passing the identity authentication, in which the speech recognition service is configured to recognize a speech in the speech recognition request.

Abstract: Proxy-based scaling may be performed for databases. A proxy may be implemented for a database that can establish a connection between the proxy and a database engine to perform a database queries received from a client at the proxy. A scaling event may be detected for the database responsive to which the proxy may establish a connection with a new database engine which may, in some embodiments, have different capabilities or resources that address the features or criteria that triggered the scaling event. Session state may be copied from the database engine to the new database engine so that the new database engine may be able to provide access to the database on behalf of requests received from the client through the proxy.

Abstract: A method is disclosed comprising, checking, at a first node, for receipt of an advertisement message from a second node within an advertisement time interval (102), wherein the first node acts as a backup for the second node in a network. The method further comprises, in response to not receiving the advertisement message within the advertisement time interval (104), sending a probe message to the second node (106) and checking for a response to the probe message from the second node (108).

Abstract: In one embodiment, a method and apparatus for resolving domain name system queries using unique top-level domains in a private network space are disclosed. For example, the method determines that a domain name service query specifies a destination residing in a private network space rather than in a public Internet space. The method then routes the domain name service query to a top-level domain name service server associated with the private network space, without routing the domain name service query to a root domain name service server in the public Internet space. The top-level domain name system server resides in the highest level of a hierarchy of domain name system servers belonging to the private network space.

Abstract: A method for detecting network subscribers in an automation network by query telegrams provides that a protocol-network subscriber enters network-subscriber information into a query telegram and sends the query telegram to a subsequent network subscriber. If no subsequent network subscriber is connected to a data line, other than the receiving data line, it sends the query telegram back to the configuration subscriber. A network distributor enters port information on the further input/output ports of the network distributor, to which further data lines are connected into the query telegram, and returns it to the configuration subscriber. The configuration subscriber subsequently generates further query telegrams, each with routing information on the basis of the port information, and sends them to the network distributor.

Abstract: This disclosure is directed to communication generation by traversing routes of a graph in a complex computing network. The communication generation is used for determining whether certain input data has certain desired data attributes.

Abstract: Apparatus and method provide for wagering across multiple gaming operators operating at respective locations, using respective first and second accounts accessible according to a location of a player. The first and second accounts may be linked to a linking account, and money is transferrable between the linking account and each of the first and second accounts. The second account may be accessible by a player to place wagers associated with a second gaming operator at a second location, but not to place wagers associated with a first gaming operator operating at a first location. While a player is currently located at the second location, an amount of money from the first account may be transferred to the linking account and the amount of money from the linking account may be transferred to the second account.

Abstract: In some embodiments, a method receives a file describing characteristics for delivery of a creative on a video delivery system. The file is queried to identify elements in the string that define metadata. The string is written in a structural language and defines characteristics for the delivery of the creative. The method retrieves tag metadata for tags that define structural elements and validates the tag metadata based on a first specification. Media file metadata is obtained for a media file based on a link to the media file and the media file metadata is validated based on a second specification. The method outputs a result based on the validations. The creative is eligible for insertion during a break of streaming a main video on the video delivery system when the tag metadata and the media file metadata are validated.

Abstract: A resiliency controller may monitor execution of a plurality of services, each service of the plurality of services associated with a different container of a containerized computing system. In response to requests received from a plurality of connected client computing systems, the resiliency controller predicts, based on historical container operation information, a first predicted latency associated with the first request and a second predicted latency associated with the second request. The resiliency controller associates a first latency response to the first request and a second latency response to the second request, and initiates a selected latency response based on an indication that at least one of the first predicted latency or the second predicted latency has been exceeded.

Abstract: A proxy server to receive a request from a client to a webserver and a response corresponding with the request from the webserver to the client is disclosed. The request is wrapped, and a wrapped request is received at the proxy server. The wrapped request is read at the proxy server. Metadata is added to a response corresponding with the wrapped request at the proxy server. The metadata can be based on the read wrapped request or the corresponding response.

Abstract: A method for providing and managing a top-level domain includes: (a) receiving a first domain name associated with a first object; (b) generating a “Whois” record associated with the received first domain name, the “Whois” record including a plurality of fields associated with the first domain name, the plurality of fields consisting of registration data required for creating the first domain name; (c) expanding the “Whois” record by adding one or more new fields associated with the first object to the “Whois” record, thereby linking the first domain name with the first object, wherein the one or more new fields comprises provenance information and metadata regarding the first object associated with the first domain name; and (d) creating a duplicate record of the “Whois” record in a blockchain system that is linked to the “Whois” record, wherein any changes in the “Whois” record is synced to the duplicate record.

Abstract: A plugin works with a remote desktop client that is executing on a client computing device to present a user interface of a communications application that is executing in a cloud computing environment. The plugin enables the remote desktop client to conduct audio and/or video communication with a remote computing device in a peer-to-peer manner rather than via the communications application. The plugin also enables the remote desktop client to determine a hardware-based media processing capability of the client computing device and leverage such capability in conducting the peer-to-peer audio and/or video communication with the remote computing device. Such hardware-based media processing capability may be used, for example, to process media received from the remote computing device, to process media captured from a media source of the client computing device, or as a basis for negotiating a media communication parameter with the remote computing device.

Abstract: An information model for monitoring Network Security Functions (NSF) in an Interface to Network Security Functions (I2NSF) framework is disclosed.

Abstract: Aspects of the subject disclosure may include, for example, determining content information associated with participant information from a plurality of data channels associated with a plurality of participants in a communications session, modifying the participant information responsive to identifying non-conforming participant information, generating categorized participant information according to the content information associated with the participant information from the plurality of data channels, aggregating, by the processing system, the categorized participant information from the plurality of data channels to generate group information, sending the group information to a common data channel, wherein the common data channel is presented to each participant of the plurality of participants in the communications session, and sending a first notification to a first participant via a first data channel of the plurality of data channels responsive to identifying an involvement level associated with the fir

Abstract: An intercept library of a network device may detect a socket system call from an application associated with a user space of the network device. The intercept library may be associated with the user space, and the socket system call may be addressed to a kernel associated with the network device. The intercept library may generate an intercept socket based on the socket system call, and may detect a subscription for asynchronous network state information, wherein the subscription may be generated by the application. The intercept library may provide the subscription to a service daemon via the intercept socket.

Abstract: A method of communication over a cellular telecommunications network using an electronic device comprises communicating a session control signal between the electronic device and the cellular telecommunications network on a first radio channel provided by the cellular telecommunications network. The session control signal comprises identification data that identifies a remote party. The cellular telecommunications network uses the identification data to establish an IP-based communication session with the remote party. Content data for the IP-based communication session is communicated between the electronic device and the cellular telecommunications network on a second radio channel provided by the cellular telecommunications network.

Abstract: The present invention relates to service providing system and method for preventing a hidden camera, a service providing apparatus therefor, and a non-transitory computer readable medium having a computer program recorded thereon, and more particularly, to service providing system and method for preventing a hidden camera, a service providing apparatus therefor, and a non-transitory computer readable medium having a computer program recorded thereon which configures a relay device connected to a network in a building for detecting a hidden camera in the interior of the building, easily detects the hidden camera by analyzing a connection state of the hidden camera connected to the corresponding relay device, and then blocks the network connection of the corresponding hidden camera.