Abstract: Methods and apparatuses for authentication and/or provisioning of wireless network devices, and in particular, methods and apparatuses for authentication and/or provisioning of wireless network devices that are communicating with and may be monitored and/or controlled by a remote (e.g., cloud) server.

Abstract: A management section 122 allows a user A to sign in to a server. A user data acquiring section 136 acquires, from the server, data regarding a user B who is associated with the user A in the server but who is not yet registered in an information processing device 10. A user data holding section 138 holds data regarding the user A and the data regarding the user B that has been acquired. A login screen generation section 124 uses data held by the user data holding section 138 and displays a login screen including information regarding the user A and information regarding the user B.

Abstract: Systems, methods, and software described herein provide enhancements for managing permissions in a shared graph. In one implementation, a graph management system identifies a request to classify a first subgraph in the graph for access by a tenant of a plurality of tenants, wherein the request indicates one or more vertex types and/or one or more edge types for the first subgraph. The graph management system further identifies one or more vertices and/or one or more edges in the graph that qualify for the first subgraph based on the indicated one or more vertex types and/or one or more edge types, and allocates permissions to at least one user associated with the tenant to access the first subgraph.

Abstract: A system for processing video files includes receiving the video files, transcoding each of the video files, and making available each of the transcoded video files to a target platform. A predictive analysis process estimates the respective end times that each of the video files will be available for the target platform. Each of the respective end times are compared against a licensing window associated with the respective video file.

Abstract: Examples described herein relate to a network device apparatus that includes a packet processing circuitry configured to determine if target data associated with a memory access request is stored in a different device than that identified in the memory access request and based on the target data associated with the memory access request identified as stored in a different device than that identified in the memory access request, cause transmission of the memory access request to the different device. In some examples, the memory access request comprises an identifier of a requester of the memory access request and the identifier comprises a Process Address Space identifier (PASID) and wherein the configuration that a redirection operation is permitted to be performed for a memory access request is based at least on the identifier.

Abstract: A computer-implemented method, operable on a device in a content delivery network (CDN), wherein the CDN delivers content on behalf of at least one content provider, the device implementing a content delivery (CD) service, the method includes, by the service on the device: receiving a request for a particular resource from a client; determining whether the client includes an optimization support mechanism; when the client includes an optimization support mechanism, providing the client with a first version of the particular resource, optimized, at least in part, for the capabilities of the client in combination with the optimization support mechanism; otherwise providing the client with either (i) an un-optimized version of the particular resource, or (ii) a version of the particular resource optimized, at least in part, for the capabilities of the client without the capabilities of the optimization support mechanism.

Abstract: A wireless device enterprise management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes implementing a container-based file system on wireless devices within the controlled environment. Enterprise management system manages and controls the organization of files into one or more containers on each wireless device. Each container is associated with one or more execution rules that allow or restrict execution of files that are located in the container.

Abstract: Generally discussed herein are devices, systems, and methods for adaptive authorization using a local route as a named location. A method can include defining a local route and a corresponding local route endpoint, associating a compute resource as a destination of the local route endpoint, defining an adaptive authorization policy that limits access to the compute resource to be through the local route endpoint, and enforcing access to the compute resource based on the defined adaptive authorization policy.

Abstract: Disclosed are various examples for configuring network security based on device management characteristics. In one example, a specification of a set of network resources on an internal network is received from an administrator client. The set of network resources are those network resources that a particular application executed in client devices on an external network should be authorized to access. A gateway from the external network to the internal network is then configured to permit the particular application to have access to the set of network resources.

Abstract: Useful data is transmitted to a terminal existing in a transportation vehicle. A communication apparatus installed in the transportation vehicle and configured to transmit the data to the terminal existing in the transportation vehicle includes a data selection unit and an illumination unit. The data selection unit acquires location information indicating a location of the transportation vehicle in which the terminal exists and which is traveling. Based on the acquired location information, the data selection unit selects approaching-location data related to a location ahead of a current location of the transportation vehicle in a traveling direction from a plurality of pieces of data related to the location. The illumination unit transmits, as a modulated light signal, a signal comprising the approaching-location data.

Abstract: A printing system implements a peer to peer network to manage resources between printing devices, such as configuration settings, software programs, or multifunctional printer (MFP) applications. When a printing device is added to the peer to peer network, it queries an existing printing device for information about its resources. Such information includes versions of the software programs. The information is used to compare the resources at the added printing device to those within the peer to peer network, using the existing printing device. Any differences are resolved by upgrading the resources at the added printing device by retrieving them within the peer to peer network.

Abstract: Systems and methods for email processing are described. Embodiments of the present disclosure identify a plurality of email recipients, wherein each of the plurality of email recipients has an email address associated with one of a plurality of internet service providers (ISPs); identify a plurality of internet protocol (IP) addresses, wherein each of the plurality of IP addresses is available for sending email from a user to the plurality of email recipients; compute an ISP-IP score for each of a plurality of ISP-IP pairs based on email delivery statistics; select an IP address from the plurality of IP addresses corresponding to each of the plurality of email recipients based on the ISP-IP score; and transmit an email to each of the plurality of email recipients from the selected IP address.

Abstract: A vehicle use assistance system, in which security settings are also set in operations such as approval, confirmation, and recording of content accompanying termination of an application file uses an open passcode for opening a vehicle use assistance application 120 and a close passcode for performing normal termination of and closing a vehicle use assistance application file 130 in an open state are set for each of vehicle use assistance application files 130 used by a vehicle use assistance application 120 that assist with the use of various functions with which a vehicle 200 is equipped. A vehicle use assistance system 100 is equipped with: an application file unlocking function for receiving input of an open passcode and opening a vehicle use assistance application file 130; and an application file locking function for receiving input of a close passcode and performing normal termination of an closing a vehicle use assistance application file 130 that is in an open state.

Abstract: A method includes acquiring, on a basis of a restaurant ID, menu information indicating one or more foods provided by a restaurant over a network from a second server associated with the restaurant corresponding to the restaurant ID, transmitting identification information stored in an information terminal to a first server and acquiring classification information from the first server on a basis of the identification information, generating a personalized menu for the user corresponding to the classification information on a basis of the menu information and the classification information, and displaying the personalized menu through a second operation screen for accepting an order of a food to be provided by the restaurant, the second operation screen being displayed on a display of the information terminal carried by the user.

Abstract: A method acquires, on a basis of a restaurant ID, menu information indicating one or more foods provided by a restaurant over a network from a second server associated with the restaurant corresponding to the restaurant ID, acquires, from a first server, religion information, extracts one or more first foods compatible with the religion information on a basis of the menu information and the religion information, displays the one or more first foods through a second operation screen for accepting an order of a food to be provided by the restaurant of a user, and transmits food order information indicating a food selected from among the one or more first foods to the second server.

Abstract: A device may generate network profile data indicating a set of network parameters detected by the device. The device may encrypt the network profile data and may transmit the encrypted network profile data to a network device, such as a router, or a server. The router or server may analyze the encrypted network profile data to determine if the device is secure. The router of server may perform one or more security measures if the device is not secure.

Abstract: Systems and methods are provided for sharing authentication information. The systems and methods include retrieving, with a messaging application, a list of applications that are installed on a user device; searching the list of applications to identify a given application within the list of applications that is configured to share authentication information with the messaging application; and in response to identifying the given application within the list of applications, generating for display within a graphical user interface of the messaging application an option to authorize the messaging application to share authentication information with the given application.

Abstract: A network security system includes a barrier surrounding an enclosure. The enclosure contains a first network and a first networked device connected to the first network. The barrier prevents the first network from breaching the enclosure and permits a second network to penetrate a first portion of the barrier. A container located within the enclosure mounts to the first portion of the barrier, such that a second portion of the container superposes the first portion of the barrier. The container permits the first network and the second network to enter the container. The container prevents the second network from breaching the container and entering a third portion of the enclosure located outside the container. A firewall device located within the container controls network traffic between the first networked device and a second networked device connected to the second network.

Abstract: One or more storage devices store resource migration schedule information including a plurality of records. Each of the plurality of records indicating a migration source node and a migration destination node of each of one or more resources. One or more processors are configured to determine a priority of each of the plurality of records such that a record having locality after migration has a higher priority than a priority of a record without locality after migration. The locality is determined based on whether a virtual machine and a volume associated with each other in advance exist in the same node. The one or more processors are configured to determine a migration schedule of each of the plurality of records based on the priority of each of the plurality of records.

Abstract: Methods, systems, apparatuses, and computer program products are provided for protecting data in a memory of an integrated circuit (IC). A process token is obtained in a special purpose IC from a host that is external to and communicatively connected to the special purpose IC. The process token is stored in a first memory portion of the special purpose IC. In response to receiving a processing request from the host, the processing request is processed, and data generated by processing the processing request is written in a second memory portion of the special purpose IC. When a read request is received to read the data in the second memory portion, a determination is made whether the read request includes a read token that matches the previously stored process token. If the read token matches the process token, the data in the second memory portion may be returned to the host.

Abstract: Implementations set forth herein relate to an automated assistant that allows third party applications to inject dependencies to leverage automated assistant functions. Furthermore, enabling such dependency injections can allow third party applications to preserve privacy of any application content that is used during execution of automated assistant functions. In some implementations, a third party application can initialize a function with an assistant dependency using parameters that are tagged as private. Initializing a function in such as a way can allow private content communicated between the third party application and the automated assistant to be abstracted for security purposes. The abstracted content can thereafter be communicated to a remote server—such as a server hosting an extensively trained machine learning model. Intelligent output provided by the server can then be incorporated into one or more processes of the third party application without comprising security.

Abstract: An apparatus comprises a processing device configured to register one or more applications to receive resource state change invocation calls from one or more assets of an information technology infrastructure, to detect resource state changes for the one or more assets of the information technology infrastructure, and to provide, from a given one of the one or more assets of the information technology infrastructure to a given one of the one or more applications, a given resource state change invocation call responsive to detecting one or more resource state changes for the given asset. The processing device is also configured to receive, from the given application, an instruction to initiate one or more reactive actions based at least in part on the detected one or more resource state changes for the given asset, and to apply at least one of the one or more reactive actions to the given asset.

Abstract: In one embodiment, a service in a network computes an expected information gain associated with rerouting traffic from a first tunnel onto a backup tunnel in the network. The service initiates, based on the expected information gain, rerouting of the traffic from the first tunnel onto the backup tunnel. The service obtains performance measurements for the traffic rerouted onto the backup tunnel. The service uses the performance measurements to train a machine learning model to predict whether rerouting traffic from the first tunnel onto the backup tunnel will satisfy a service level agreement (SLA) of the traffic.

Abstract: Disclosed herein are various embodiments, for a fast boot system. An example embodiment operates by determining that one or more programs have been loaded into memory on a boot-up of a device. A snapshot of the memory including the loaded one or more programs is captured. Operations of the device are monitored after the snapshot has been captured. It is determined that a first program of the one or more programs was updated during the monitoring. A restart of the device is detected, wherein the snapshot is loaded into the memory in lieu of loading the one or more programs, and wherein the first program is updated during the restart of the device.

Abstract: A firewall processing card from a plurality of firewall processing cards coupled to a chassis, is selected by a load balancing engine (or other mechanism) and receives the data packet over the fabric channel. First, if the session match exists to management-type data packets the data packet is returned to the I/O board and if a match exists to user data packets the data packet is sent to a firewall service of the firewall processing card. If no session match exists, the firewall processing card checks for a policy match to the data packet for creating a new session or drops the data packet. The I/O board receives the data packet returned from the processing blade over the base channel and checks for a session matching to the data packet. If a session match exists and the data packet is a management data packet, the data packet is sent to a management service at a user level of the I/O board and if not a management data packet the data packet is dropped.

Abstract: An online system monitors resources utilization by users connecting with the online system and detects unauthorized resource utilization caused by sharing of sessions. The online system collects samples of browser attributes from browsers interacting with the online system. The online system determines a score indicating a difference between two samples of browser attributes taken at different times. The online system uses the score to determine whether the two samples of browser attributes in the same session were received from different browsers. If the online system detects unauthorized resource utilization if the two samples are determined to be from two different browsers. The online system takes mitigating actions, for example, by invalidating the session or requiring users to re-enter credentials.

Abstract: Embodiments herein relate to replacing a legacy Pick environment with a modern microservice architecture. A legacy database and a modern database may be operated in parallel for data validation. Part of the data validation may include verifying that changes to a business object that are entered on the legacy Pick environment are similarly entered by the modern microservice architecture.

Abstract: Systems and methods for authenticating requests to use an Application Programming Interface (“API”) are described. In some embodiments, a request to use an API is issued from a client to a server. One or more credentials for a first-level authentication challenge are provided from the client to the server. Responsive to the server determining that the client deviates from an expected behavior based on comparing the request to use the API with a pattern of activity associated with the client, the client receives a second authentication challenge.

Abstract: The following relates generally to merchandise pickup location and/or pharmacy selection. In some embodiments, factors are used to determine a pharmacy and/or merchandise pickup location selection for an individual. In this regard, the factors may include: whether the pharmacy and/or merchandise pickup location has a merchandise item and/or medication in stock; wait time at the pharmacy and/or merchandise pickup location; geographic distance to the individual; travel time from the location of the individual; urgency of filling a prescription; price of a prescription; whether another product or class of products available at the pharmacy and/or merchandise pickup location; and/or whether a locker is available at the pharmacy and/or merchandise pickup location. In some embodiments, Artificial Intelligence (AI) is used to create a model of pharmacy and/or merchandise pickup location selection for the individual.

Abstract: Methods, systems, and media for identifying abusive content items are provided.

Abstract: A gateway or other network device may be configured to monitor endpoint behavior, and to request a verification of user presence at the endpoint under certain conditions suggesting, e.g., malware or other endpoint compromise. For example, when a network request is directed to a low-reputation or unknown network address, user presence may be verified to ensure that this action was initiated by a human user rather than automatically by malware or the like. User verification may be implicit, based on local behavior such as keyboard or mouse activity, or the user verification may be explicit, such as where a notification is presented on a display of the endpoint requesting user confirmation to proceed.

Abstract: Methods and systems for reducing database maintenance effort are disclosed. A method includes: collecting, by a computing device, a history of statistics for database objects; predicting, by the computing device, statistics using the history of statistics; testing, by the computing device, a workload using the predicted statistics; determining, by the computing device, at least one database object to maintain based on the testing the workload; and maintaining, by the computing device, the determined at least one database object.

Abstract: Viewing and editing operations on a file having an unsupported file type are enabled through a method of opening the file through a remoting session. The method includes the steps of receiving login information from a user and determining if there is a recent open file request. In response to determining there is a recent open file request, the method includes the step of determining whether the file is synchronized. If the file is synchronized, the method includes the steps of launching an application within which the file can be opened, and opening the file within the application.

Abstract: A system performs a method including: generating a posture of a first microservice in a microservice based network environment; implementing the posture of the first microservice at a sidecar of the first microservice; distributing the posture of the first microservice to a sidecar of a second microservice in the microservice based network environment; implementing the posture of the first microservice at the sidecar of the second microservice; and controlling communication of personally identifiable information between the first microservice and the second microservice based on the posture of the first microservice through either or both the sidecar of the first microservice and the sidecar of the second microservice. The posture of the first microservice includes an identification of one or more types of personally identifiable information that the first microservice is authorized to distribute and one or more types of personally identifiable information that the first microservice is authorized to receive.

Abstract: A computer security system with enhanced blacklisting includes administrative interfaces that accept user inputs to create and modify entries in a blacklist and a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, if the program is in the blacklist and not in the white list, the program is prevented from running. If the program is prevented from running, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows future execution of a class of programs or only that the program until revoked. The whitelists and blacklists are for a single target computer or many computers.

Abstract: Methods and systems provided. A system may include a mobile surveillance unit positioned within an environment and including one or more sensors configured to detect one or more events occurring within or near the environment. The system may also include an application program configured to: convey data related to a detected event of the one or more events to an electronic device remote from the mobile surveillance unit; and in response to input associated with the detected event, convey, from the mobile surveillance unit, image data, video data, audio data, or any combination thereof, previously captured at the mobile surveillance unit and associated with the detected event.

Abstract: Various embodiments for customizing a dynamic navigation system are described herein. An embodiment operates by receiving a request from a support user device for debug access to an application. A predetermined time period for which to provision a set of computing resources is identified and the set of computing resources are provisioned for a pod on a server. Both a first container including access to a new instance of the application and a second container providing access to a debugger program are generated for the pod. Upon determining that the predetermined time period has expired, access to the provisioned set of computing resources of the pod is revoked, and the provisioned set of computing resources to be made available for other processes of the server.

Abstract: Embodiments relate to systems, devices, and computer-implemented methods for providing secure access to a shared registration system of a domain name registry by generating authorization information associated with a domain name, storing the authorization information in an archive, receiving, from a non-registrar service provider, a request for access to functionality of a shared registration system of the domain name registry, where the request is associated with the domain name and includes authorization information, determining whether the received authorization information is valid using the archived authorization information, and allowing the non-registrar service provider access to the functionality of the SRS based on a determination that the second authorization information is valid.

Abstract: The present disclosure provides systems and methods for client-side anonymized content selections. The method includes collecting a plurality of identifications of content selection lists, each content selection list associated with the first device and at least one other device. The method includes selecting a first subset of the content selection lists, responsive to a total number of unique device associated with a plurality of content selection lists of the first subset exceeding a threshold. The method includes transmitting a request for an item of content, the request comprising identifications of the content selection lists of the selected first subset. The method includes receiving a first item of content selected by the content server based on the content selection lists of the selected first subset.

Abstract: Preemptive caching within content/name/information centric networking environment is contemplated. The preemptively caching may be performed within content/name/information centric networking environments of the type having a branching structure or other architecture sufficient to facilitate routing data, content, etc. such that one or more nodes other than a node soliciting a content object also receive the content object.

Abstract: An alarm analysis method, including determining M alarm pairs in a first alarm set, where each alarm pair of the M alarm pairs includes a first alarm and a second alarm having an association, generating, according to an association rule, a first feature set of N alarm pairs, the first alarm of each alarm pair of the N alarm pairs being an alarm pair root in the first feature set, the first feature set including a first probability that a first subsystem to which each first alarm belongs is a subsystem root and a first alarm object is an alarm object root and a second probability that a second subsystem to which each second alarm belongs is a subsystem root and a second alarm object is an alarm object root, and determining root information of the first alarm set based on the first probability and the second probability.

Abstract: A system including a network interface and a processing circuit is provided. The processing circuit includes one or more processors coupled to non-transitory memory. The processing circuit is structured to receive a request for a multiple custody linkage between user devices. The multiple custody linkage includes a digital connection between the user devices that allows shared access to a resource. The resource includes at least one of a physical object or information. The processing circuit is further structured to perform a validation process based on information in the request for the multiple custody linkage to determine if a violation of a security protocol exists. The security protocol is associated with security of the resource. The processing circuit is further structured to, in response to determining no violation of the security protocol exists, activate the multiple custody linkage between the user devices to allow the shared access to the resource.

Abstract: A content server can extend enterprise content management to a leading system in an efficient, automated, and seamless manner by leveraging the permission information provided by the leading system. The content server can sync the permission information with the leading system, evaluate user-manager relations, role-based rule definitions, and user-group associations defined in the leading system, and determine and/or update role memberships for workspaces created in the content server for users in the leading systems. In this way, even though the content server and the leading system have very different types of roles and permission models, the content server can evaluate complex relationships and role-based rules and intelligently, correctly, and quickly assign the right people to the right roles in the right workspaces in the content server.

Abstract: Systems and methods are provided herein for enabling a user to access a blocked media asset. These systems and methods allow a user to request that a parent, or another user, who can approve access to the blocked media asset approve access to the blocked media asset for viewing. The request may be transmitted as a notification to a mobile phone or another suitable device, such that the parent the other user can approve the request, even though they may be remote from the requesting user. Both the requesting user and the user whose approval is required to unblock the media asset (i.e., the approver), are identified by the system based on an identifier associated with each user. This informs the approver which user submitted the request. Additionally, this also adds a layer of security, since the approver must enter an identifier to authenticate their identity to the system before being able to unblock the program for the requesting user.

Abstract: A system and method are provided which include receiving, by a server computer from a trusted entity computer, user data corresponding to a user. Based on the user data, the server computer determines a set of assertions for the user. The server computer receives, from a relying entity, an assertion request for the user. Responsive to the assertion request, the server computer provides, to the relying entity, an assertion, of the set of assertions. The relying entity thereby grants the user a particular type of account based on the assertion.

Abstract: A proxy server receives a synchronization request from an application program resident on a user device. The proxy server determines that the user device requires removal of application program data and synchronizes the application program resident on the user device with a null account that is associated with application program.

Abstract: A method includes acquiring, based on a restaurant ID, menu information indicating dishes provided by a restaurant corresponding to the restaurant ID from a second server related to the restaurant via a network, transmitting identification information stored in an information terminal to a first server, acquiring, from a first server, allergy information related to a user based on the identification information, generating, based on the menu information and the allergy information, a personalized menu arranged for the user according to the allergy information, displaying the personalized menu on a second operation screen for accepting an order of a dish in the restaurant, the second operation screen being displayed on a display of the information terminal of the user, and transmitting ordered-dish information representing the dish selected from the personalized menu to the second server.

Abstract: Embodiments improve application gateway architecture by pushing secure managed service boundaries. Managed services that were previously available directly in application gateway code are separated from application gateway code and exposed to service clients in a controlled, secured manner via a RESTful API layer dedicated to the management and interaction of deployed managed services. The separation can be realized in management agents. A management agent receives a service request from an application and makes an API call to the dedicated management API layer of the managing application gateway. The application may run within a managed container on a user device. Responsive to the API call, the application gateway sends a control or configuration message to the management agent over HTTP. The management agent controls or configures the managed service to function or behave as dictated by the application gateway.

Abstract: Federation policy exchange is provided in response to receiving a sharing query from an Access Point (AP) indicating that an associated wireless network supports federated identities with data sharing, determining whether the sharing query is within sharing preferences; and in response to determining that the sharing query is within the sharing preferences, transmitting, to the AP, a positive response for identity sharing that authorizes collection and sharing of identity data with at least one entity identified in a sharing policy for the associated wireless network. In various embodiments, federation policy exchange includes transmitting a support notification, via an AP, indicating support for federated identities with data sharing within a wireless network associated with the AP; and in response to receiving a first identify sharing preference from a User Equipment (UE) that indicates that negotiation is preferred, transmitting a sharing policy for the wireless network to the UE.

Abstract: A method and system to provide multi-layered access control for healthcare datasets are disclosed. The method comprises defining an information policy for each of healthcare datasets, wherein the information policy comprises information access permissions. Further, an organization policy is defined for each of the healthcare datasets, wherein the organization policy comprises license permissions for organizations accessing the healthcare datasets. Thereafter, a user account master policy is defined for each of the healthcare datasets, wherein the user account master policy comprises account permissions assigned to users of the organizations. Subsequently, a master user policy is generated for each of the users based on the information policy, the organization policy, the user account master policy, or a combination thereof, wherein the master user policy comprises access control permissions to provide each of the users access to the healthcare datasets.