Abstract: A method, apparatus and computer program product for detecting malicious content and predicting cyberattacks are described herein. In the context of a method, the method receives a hash query comprising a file hash based on one or more files. The method queries a cyberattack case studies information database based on the hash query to generate one or more attack correlation information items associated with at least one of the one or more files. The method also generates and outputs a file security analysis based on the attack correlation information items for authorization of the one or more files.

Abstract: Systems and methods for processing data are described. More specifically, a query request may be received and a data pattern may be identified in the query request. Personally identifiable information associated with the query request may then be de-pseudonymized. Accordingly, a second request using the de-pseudonymized personally identifiable information and receiving a response to the second request may be generated. The personally identifiable information in the response may be pseudonymized such that the pseudonymized personally identifiable information and data included in the response is provided to a client.

Abstract: Methods, apparatus, systems, and computer-readable media are provided for invoking an agent module in an automated assistant application in response to user selection of a selectable element presented at a graphical user interface rendered by a non-automated assistant application. The invoked agent module can be associated with other content rendered in the non-automated assistant graphical user interface, and can optionally be invoked with values that are based on user interactions via the non-automated assistant application. Responsive content can be received from the agent module in response to the invocation, and corresponding content provided by the automated assistant application via an automated assistant interface. In these and other manners, selection of the selectable element causes transition from a non-conversational interface, to a conversational automated assistant interface—where an agent (relevant to content in the non-conversational interface) is invoked in the automated assistant interface.

Abstract: A content management system interface at a local computer device configured to receive user file commands from a file manager and translate the user file commands into content management commands for sending to the remote content management system via a network interface. The content management system interface is further configured to receive remote file information from the remote content management system via the network interface and translate the remote file information into user file information for the file manager.

Abstract: Access to functionality of a software service is enabled at a first device associated with a user based on the first device being in a primary mode. A connection may thereafter be established between the software service and a second device associated with the same user. In response to that connection, access to a subset of the functionality of the software service is limited at the second device based on the second device being in a secondary mode determined based on the second device. Because the first device and the second device are used by the same user, the software service does not represent those devices as separate users of the software service, but rather identifies only the first device, as the primary mode device, in connection with the user to other users of the software service.

Abstract: A method of processing media content in Moving Picture Experts Group (MPEG) Network Based Media Processing (NBMP) is performed by at least one processor, and includes performing a function and function group discovery, wherein wildcard search is enabled in the function and function group discovery, transmitting, to a function repository storing one or more functions for processing the media content, a search query for at least one among the one or more functions, based on the search query being transmitted, receiving, from the function repository, a reply identifying the at least one among the one or more functions and including a rank of the at least one among the one or more functions, and processing the media content, using the identified at least one among the one or more functions in an order based on the included rank of the at least one among the one or more functions.

Abstract: A method and system may survey a property using aerial images captured from an unmanned aerial vehicle (UAV), a manned aerial vehicle (MAV) or from a satellite device. The method may include identifying a commercial property for a UAV to perform surveillance, and directing the UAV to hover over the commercial property and capture aerial images at predetermined time intervals. Furthermore, the method may include receiving the aerial images of the commercial property captured at the predetermined time intervals, detecting a surveillance event at the commercial property, generating a surveillance alert, and transmitting the surveillance alert to an electronic device associated with an owner of the commercial property.

Abstract: Techniques for intent-based access control are described. A method of intent-based access control may include receiving, via a user interface of an intent-based governance service, one or more intent statements associated with user resources in a provider network, the one or more intent statements expressing at least one type of action allowed to be performed on the user resources, compiling the one or more intent statements into at least one access control policy, and associating the at least one access control policy with the user resources.

Abstract: Providing a coordinated primary media stream with an aggregate supplemental media stream is disclosed. A request is received from an end user device associated with a user for supplemental media. Metadata and a broadcast time associated with a primary media stream transmitted to the end user device are determined. Based on the metadata and the broadcast time, first supplemental media from a first account of the user on a first platform and second supplemental media from a second account of the user on a second platform are determined. The first supplemental media and the second supplemental media are merged into an aggregate supplemental media stream. The aggregate supplemental media stream is streamed in synchronization with the primary media stream.

Abstract: A method for offloading services of a sewer application in a network system. The method includes receiving, by a first in-network computation offload instance, a first request packet from a client application, wherein the first request packet includes a first application payload for processing by the server application; generating, by the first instance, a modified request packet that includes the first application payload and first offload information that describes the first instance for use by the server application in coordinating offloading processing to one or more in-network computation offload instances; and transmitting, by the first instance, the modified request packet to the next device in the traffic flow between the client application and the server application, wherein the next device is either (1) a second in-network computation offload instance in the traffic flow between the client application and the server application or (2) the sewer application.

Abstract: A printing apparatus configured to store a first setting relating to print jobs designated for reserved printing, the first setting indicating an acceptance condition for accepting a print job designated for reserved printing, receive information of a print job and store the received information of the print job in a storage device. In a case where the received information of the print job indicates that the print job is a print job designated for reserved printing and the print job for which information has been received satisfies the acceptance condition indicated by the first setting, the information of the print job is stored in the storage device in a manner such that the print job is to be executed at the job execution time designated for the print job, and a print job corresponding to the stored information is executed at the job execution time designated in the stored information.

Abstract: A remote desktop system includes a primary virtual machine, a plurality of secondary virtual machines, a primary terminal configured to log in to the primary virtual machine, and a secondary terminal configured to log in to a secondary virtual machine. When a user of the primary virtual machine needs to share image data of the primary virtual machine with a user of the secondary terminal for viewing, the primary virtual machine sends the image data to the primary terminal, and then the primary terminal shares the image data with the secondary terminal. This reduces data transmission pressure on a communications network between a virtual machine center and a terminal center.

Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: Systems and methods for a multi-tenant communication platform. At a multi-tenant communication platform, and responsive to authentication of a communication request provided by an external system, a routing address record of the communication platform is determined that matches a communication destination of the communication request. The matching routing address record associates the communication destination with a plurality of external communication providers. At least one communication provider associated with the matching routing address record is selected, and a request to establish communication with the communication destination is provided to each selected communication provider. The communication request specifies the communication destination and account information.

Abstract: A system performs a method including: generating a posture of a first microservice in a microservice based network environment; implementing the posture of the first microservice at a sidecar of the first micro service; distributing the posture of the first microservice to a sidecar of a second microservice in the microservice based network environment; implementing the posture of the first microservice at the sidecar of the second micro service; and controlling communication of personally identifiable information between the first microservice and the second microservice based on the posture of the first microservice through either or both the sidecar of the first microservice and the sidecar of the second micro service.

Abstract: In a method for sending a server identifier to a KVM switch, a management processor of a server determines that a push button on an exterior surface of the server has been pushed. In response to determining that the push button has been pushed, the management processor generates a displayable image containing a server identifier for the server, includes the displayable image in a network message, and broadcasts the network message to a local network that includes the server and a KVM switch. In one example, the method also includes receiving the server button message at the KVM switch when the KVM switch is not switched to enable the server to control a video port of the KVM switch, and in response to receiving the server button message at the KVM switch, sending the displayable image to a monitor via the video port. Other implementations are described and claimed.

Abstract: Systems and methods for manipulation of private information in untrusted environments are disclosed. In one embodiment, in a trusted computing environment comprising at least one computer processor, for a plurality of data records, a method for manipulation of private information in untrusted environments may include: (1) separating each data record into a confidential data attribute and a non-confidential data attribute; (3) calculating an encrypted value for the confidential data attribute using an encryption key; (4) calculating an authentication value for the confidential data attribute using a hash value key; (5) associating the encrypted value and the authentication value in a protected data set; and (6) associating the non-confidential data record with the associated encrypted value and the authentication value; and (7) exporting the protected data set to an untrusted computing environment.

Abstract: A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

Abstract: According to some embodiments, a method includes: receiving, by a computing device, data about one or more applications associated with users of a group, the group being one in which to share information amongst the users; identifying, by the computing device, an application common to at least a subset of users of the group based on the received data; and providing, by the computing device, settings to a client device of another user outside the subset of users, the client device to apply the settings to enable the another user to access the application in common with use of the client device.

Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.

Abstract: A method and system for accessing stored data includes receiving a request to access data stored in a data storage unit. The request requires one or more data operations to be performed by a system having access to the stored data. Responsive to the data request, one or more locks are derived and assigned to one or more of the data operations. Each of the locks control invocation of the data operations to which the respective lock is assigned. The deriving is based in part on (i) user context data obtained from a user issuing the request and (ii) data context comprising one or more attributes of the request. Each of the one or more locks is unlocked and the one or more data operations are invoked after the one or more locks are unlocked.

Abstract: In an embodiment, a computer implemented method receives flow data for a network flows. The method extracts a tuple from the flow data and calculates long-term and short-term trends based at least in part on the tuple. The long-term and short-term trends are compared to determine whether a potential network anomaly exists. If a potential network anomaly does exist, the method initiates a heavy hitter detection algorithm. The method forms a low-complexity intermediate stage of processing that enables a high-complexity heavy hitter detection algorithm to execute when heavy hitters are likely to be detected.

Abstract: Apparatuses, methods, and systems are disclosed for user authentication using a connection information package provided by a blockchain network. One apparatus includes a processor and a transceiver that receives, from a first address on a blockchain network, a plurality of connection information packages and also receives, from a first function, a request to authenticate a user. The processor determines whether the first function is associated with one of the plurality of connection information packages. In response to the first function being associated with a valid one of the plurality of connection information package, the processor accepts the request to authenticate a user.

Abstract: Disclosed are devices, systems, methods, and computer program products for managing the development and treatment supply chain in delivering personalized medicine therapies. In some aspects, a unified configuration system (UCS) for an enterprise software platform is described that enables and facilitates individual stakeholders of the personalized medicine development and treatment supply chain to create and manage independent configurations of their supply chain management software for an enterprise software platform.

Abstract: A method includes receiving a plurality of configurations comprising a first configuration for provisioning a first set of network services at a first resource of an edge device and a second configuration for provisioning a second set of network services at the first resource, a first configuration group identifier identifying a configuration group for the first configuration, and a first network performance parameter for the configuration group. The method further includes determining a performance factor for the first resource providing the first set of network services to one or more client devices. The method further includes, in response to determining that the performance factor does not satisfy the first network performance parameter for the configuration group and that the first configuration group identifier identifies the configuration group for the first configuration, moving the first configuration from the first resource to a second resource of the edge device.

Abstract: The present disclosure is directed to methods for identifying a user by a demand side platform (DSP) across advertiser exchanges. The method includes establishing, by a DSP, a cookie mapping for a user. The cookie mapping includes a mapping of user identifiers for the user from advertisement exchanges to a user identifier assigned by the DSP for the user. The DSP stores to the cookie mapping a first mapping to the user identifier of the DSP, comprising a first user id received by a bidder from a first exchange and a first exchange id for the first exchange. A bidder inserts a pixel into a bid for an impression opportunity to a second exchange. The pixel includes a key to the cookie mapping and a second user id for the user and a second exchange id. The second user id is received by the bidder from a second exchange.

Abstract: A method, an apparatus, and a computer program product for accessing electronic medical records are provided in which a portable computing device uniquely associated with a user authenticates an identification of the user and automatically retrieves information corresponding to the user from electronic healthcare records systems using the identification. The retrieved information may be combined with other information and electronically delivered to a healthcare provider.

Abstract: A computer-implemented method of providing targeted content to a user includes generating a query index from a data corpus, the query index including a plurality of market segment-based queries, wherein each market segment-based query of the plurality of queries is configured to provide targeted content on a browser user interface of a user determined to be within a corresponding market segment.

Abstract: A first appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: Fine grained access barring of aggressive cellular devices is provided. A method can include detecting, by a system comprising a processor, a frequency of signaling events transmitted by network equipment operating as part of a communication network; in response to the frequency of the signaling events transmitted by the network equipment being determined to be greater than a frequency threshold, altering, by the system, an access class of the network equipment from a first access class to a second access class that is different from the first access class, wherein the second access class is reserved via the communication network; and in response to the access class of the network equipment being altered to the second access class, causing, by the system, a base station serving the network equipment to deny at least a portion of network access requests transmitted by the network equipment to the base station.

Abstract: Consistent with an embodiment of the present disclosure, a server arrangement provides a web-accessible virtual-meeting interface through which participant identifying information and meeting time information is passed for setting up and establishing a primary meeting. In addition to the primary meeting, various selectable options are provided for one or more participants, including merged audio from the established audio connections to the participants, establishing a secondary meeting and/or automatically moving or reverting connections from/to the primary meeting.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: Computing systems, apparatuses, computer-implemented methods, and computer program products are disclosed for creating a shared communication channel in a group-based communication platform having a plurality of database shards. An example computer-implemented method includes generating a shared communication channel shard that is assigned a shared communication channel identification, a first set of shared communication channel attributes associated with a first group identification, and a second set of shared communication channel attributes associated with a second group identification. The method further includes generating first and second externally shared group-based shared communication channel interfaces based on the first and second sets of shared communication channel attributes, respectively.

Abstract: Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

Abstract: Various methods are provided for facilitating the assignment of a DNS name to load balancers in a dynamically partitioned cluster environment. One example method may comprise receiving cluster configuration information from a cluster configuration observer, the cluster configuration information comprising information indicative of each of a plurality of instances of running application and one or more servers and associated ports to which at least one of the plurality of instances is bound, receiving a request from a first level load balancer requiring a call to the first application, determining, based on the cluster configuration information, to which port the instance of the first application is bound, and transmitting the request to the port to which the instance of the first application is bound.

Abstract: Examples of systems are described herein which may dynamically allocate compute resources to recovery clusters. Accordingly, a recovery site may utilize fewer compute resources in maintaining recovery clusters for multiple associate clusters, while ensuring that, during use, compute resources are allocated to a particular cluster. This may reduce and/or avoid vulnerabilities arising from a use of shared resources in a virtualized and/or cloud environment.

Abstract: One example method includes receiving, from a microservice, a service request that identifies a service needed by the microservice, and an API of an endpoint that provides the service, evaluating the service request to determine whether the service request conforms to a policy, when the service request has been determined to conform with the policy, evaluating the endpoint to determine if endpoint performance meets established guidelines, and when it is determined that the endpoint performance does not meet the established guidelines, identifying an alternative endpoint that meets the established guidelines and that provides the requested service. Next, the method includes transforming the API of the service identified in the service request to an alternative API of the service provided by the alternative endpoint, and sending the service request and the alternative API to the alternative endpoint.

Abstract: Techniques are provided for managing host connectivity to a data storage system. A host connectivity management system receives a request from a host system to connect to a data storage system. The data storage system includes storage nodes which include storage volumes, and each storage node includes multiple ports to enable connection to the storage node. The host connectivity management system determines a subset of ports, among all available ports of the storage nodes, to assign to the host system for use by the host system for connecting to the storage nodes of the data storage system to access the storage volumes. The host connectivity management system sends connection information to the host system to enable the host system to connect to the data storage system, wherein the connection information includes port identifiers associated with the subset of ports assigned to the host system.

Abstract: A method for processing a message received via an electronic communication network by a user terminal is disclosed. The method comprises receiving the message, the message including data corresponding to an initial message content determined by a sender of the message and at least one data item corresponding to a function, the at least one data item being determined by the sender of the message; and determining a final content, the final content including the initial message content determined by the sender of the message and a specific content obtained by determining a result of the function applied to at least data from the user terminal.

Abstract: A method and an apparatus are provided for deploying a security access control policy in the field of network security. The method, executed by a cloud management platform, includes: determining, according to an application creation instruction, an application template used for an application that needs to be created and a security profile corresponding to the application template; instructing a virtualization platform to create, according to the application template, a corresponding virtual machine for each application component in the application, and obtaining an IP address of each virtual machine created by the virtualization platform; generating a group of security access control policies corresponding to the application according to the IP address of each virtual machine and by using the security profile; and delivering the group of security access control policies to a corresponding firewall. Therefore, a security access control policy is automatically deployed.

Abstract: A method and system may be provided for recording discussions about computer code in an integrated development environment (“IDE”). In some aspects, a communication channel is integrated with an IDE. Communications and discussions may be tracked and linked with specific code sections.

Abstract: Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity.

Abstract: A method for maintaining a material data blockchain (MDC) is disclosed. The method includes receiving a material data block (MDB), wherein the MDB includes a metadata portion and a payload portion. The method further includes extracting a first sequence from the metadata portion and generating a genomic engagement factor (GEF) based on the sequence, a genomic differentiation object assigned to the creator VDAX, and genomic regulation instructions (GRI) that are maintained by the creator VDAX. The method further includes generating a creator value corresponding to the MDB based on the first GEF and the MDB and digitally signing the MDB with the creator value. The method includes providing the unnotarized MDB to one or more notary cohorts; and receiving a respective notary value from each of the notary cohorts, wherein each notary value is generated using respective GRI and genomic differentiation object maintained by a respective notary.

Abstract: According to one embodiment, an I/O command control apparatus receives authorization information. The authorization information indicates whether or not to permit an execution of an I/O command. The apparatus verifies whether the received authorization information is not tampered with, and whether the received authorization information is issued from a known authorization server. In a case where the authorization information is not tampered with, and is issued from the known server, the apparatus verifies whether or not the authorization information permits to execution of the I/O command. The apparatus permits or prohibits the execution of the I/O command or execution of a control command generated from the I/O command, based on the authorization result.

Abstract: Aspects of a data environment, such as various capacities of data stores and instances, can be managed using a separate control environment. A monitoring component of the control environment can periodically communicate with the data environment to obtain performance information. The information is analyzed, using algorithms such as trending and extrapolation algorithms, to determine any recommended scaling of resources in the data environment. The scaling can be performed automatically, or as authorized by a customer. A workflow can be instantiated that includes tasks necessary to perform the scaling. The scaling of storage capacity can be performed without affecting the availability of the data store.

Abstract: A system and method for selecting alternate global positioning system coordinates is provided. The system generally comprises a geolocation device, processor operably connected to the geolocation device, and non-transitory computer-readable medium having instructions stored thereon. The instructions instruct the system to select alternate GPS coordinates based off geospatial data received by the processor as well as parameters of the system that may limit the alternate GPS coordinates in which the system may select. The parameters may be selected within a user interface of the system.

Abstract: There is provided a verification apparatus including: an acquisition unit configured to acquire each of control data that causes artificial intelligence to function in an apparatus and learning data of the control data; and a verification unit configured to verify the acquired control data on the basis of the control data obtained as a result of performing learning with use of the acquired learning data, and on the basis of the acquired control data.

Abstract: A method includes, in response to receiving an email message, detecting one or more artifacts within an email message, wherein each of the artifacts is associated with a payload; for each artifact, generating, a descriptor object representing the artifact that does not include the payload, so that the processor is prevented from accessing the payload via the descriptor object; and at least one payload button based on the payload associated with the artifact for causing the payload to be transmitted to an external system for analysis of the payload; and presenting an artifact dashboard in a graphical user interface (GUI) rendered on a display of the email security system, the artifact dashboard displaying, for each artifact, the descriptor object representing the artifact and the at least one payload button based on the payload associated with the artifact.

Abstract: Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.