Abstract: Described are techniques including a computer-implemented method comprising appending a HyperText Transfer Protocol (HTTP) header to a HTTP request, wherein the HTTP header includes a source Internet Protocol (IP) address of a client generating the HTTP request, a universally unique identifier (UUID) of the HTTP request, a timestamp, a lifetime, a Universal Resource Locator (URL) of the HTTP request, and a signature. The method further comprises transmitting the HTTP request with the HTTP header to a web server.

Abstract: The present disclosure relates to systems, non-transitory computer-readable media, and methods for selecting machine-learning models and hardware environments for executing a task. In particular, in one or more embodiments, the disclosed systems select a designated machine-learning model for executing a task based on workload features of the task and task routing metrics for a plurality of machine-learning models. In addition, in one or more embodiments, the disclosed systems select a designated hardware environment for executing the task based on workload features for the task and task routing metrics for a plurality of hardware environments. In some embodiments, the disclosed systems select a fallback machine-learning model and a fallback hardware environment for executing the task if the designated machine-learning model or designated hardware environment are unavailable. Moreover, in one or more embodiments, the disclosed systems can pause and initiate tasks based on bandwidth availability.

Abstract: A method comprises receiving data from a plurality of devices and analyzing the data to identify one or more parameters for segregation of the data. In the method, the data is tagged with one or more metadata tags corresponding to the one or more parameters. The method further comprises segregating the data into a plurality of data portions based at least in part on the one or more parameters, and storing respective ones of the plurality of data portions in respective data stores of a plurality of data stores. The one or more parameters comprise at least one of one or more policies corresponding to the data and respective locations of the plurality of devices.

Abstract: Aspects of the disclosure relate to hierarchical based decryption. A computing platform may receive, from a first user, a request to encrypt a file. The computing platform may generate, for the file, a symmetric key. The computing platform may encrypt, using the symmetric key, the file. The computing platform may receive, from a second user, a request to decrypt the encrypted file. The computing platform may identify a classification of the encrypted file, which may be one of: personal, proprietary, or company related. Based on identifying a proprietary classification, the computing platform may obtain an employee hierarchy corresponding to the first user, compare the second user to the employee hierarchy, and based on identifying that the first user is included in the employee hierarchy: decrypt, using the symmetric key, the encrypted file, and grant the second user access to the file.

Abstract: Systems and methods for providing data beacons are disclosed. In some embodiments the system can include a first node and a second node. Each node includes a read queue, a write queue and a parallel file system. Data is written from the write queue on the first node to the parallel file system on the second node and from the write queue on the second node to the parallel file system on the first node. The read queue on each node receives data from the parallel file system on the node itself.

Abstract: One aspect of the instant application can provide a system and method for balancing load among multiple network sockets established between a local node and a remote node. During operation, the system can encapsulate the multiple network sockets to form a local transport-layer virtual socket comprising a write interface and a read interface. The system can receive, at the write interface of the local transport-layer virtual socket, a packet; select, based on a load-balancing policy, a network socket from the multiple network sockets; and forward the packet to a socket-specific incoming queue associated with the selected network socket to allow the packet to be sent to the read interface of a corresponding remote transport-layer virtual socket via the selected network socket.

Abstract: Techniques include securely accessing data associated with authorization of an identity, the identity being capable of accessing an access-controlled network resource based on assertion of an authentication credential to an entity associated with the access-controlled network resource; generating a secret data element based on the data associated with authorization of the identity and based on application of a first secret logic algorithm; and making the secret data element available to be embedded in the authentication credential. The entity associated with the access-controlled network resource is configured to: validate the identity based on the secret data element being included in the authentication credential; and access the data associated with authorization of the identity based on application of a second secret logic algorithm to the secret data element.

Abstract: Methods and related systems are presented that relate to automatically avoiding address conflicts when establishing a secure communications link over a public network between a local computer, associated with a local network, and a remote device, located outside the local network. Local network addresses on the local network reserved for use, and a block of local network addresses that do not conflict with the reserved local network addresses, are identified. At least one local network address is selected from the block and assigned as an address of the local device for use in communicating with the remote device securely over the public network. Communication is facilitated with the remote device using the network driver based on the assigned at least one local network address.

Abstract: Methods and apparatus for authenticating a user by a service provider system are described. The method can include receiving, from a service of the service provider system, a user data captured at an initiation of an onboarding process for a user seeking access to the service. The method may also include retrieving an access configuration associated with the service, the access configuration defining one or more user data access requirements to enable the user to access the service. The method may then include determining whether the one or more user data access requirements of the access configuration are satisfied by the user data, and in response to determining that one or more user data access requirements are satisfied, enabling the user to access the service of the server provider system.

Abstract: Aspects of the subject disclosure may include, for example, obtaining first traffic from a first communication device; analyzing the first traffic to classify the first traffic as being associated with an execution of a first application; based on the classification of the first traffic as being associated with the execution of the first application, translating an address associated with the first traffic from a first address associated with a first network to a second address associated with a second network, the second network being different from the first network; and conveying the first traffic to a second communication device of the second network using the second address. Other embodiments are disclosed.

Abstract: A method may include storing, at a network device, a user device identifier associated with a user device that has subscribed to access an edge service, an edge service identifier associated with the edge service, and an edge device identifier associated with an edge device at an edge network to provide the edge service; receiving, at the network device, a request to access the edge service, wherein the request includes the user device identifier and the edge service identifier; performing, by the network device, a lookup to determine the edge device identifier; and transmitting, by the network device and to the user device, the edge device identifier for accessing the edge service at the edge device.

Abstract: This disclosure describes techniques and mechanisms for disclosure describes techniques and mechanisms for optimizing firewall enforcement. The techniques may implement a dynamic detection of Layer 7 processing at one end of the network, alleviating the need to enforce another layer 7 firewall inspection at the other end, thereby saving processing and network resources. The techniques enable firewalls and policies to be statically defined and located in one place.

Abstract: This application relates to the field of storage technology and discloses a method for protecting partial space of SSD and a storage system. The storage space of the SSD is divided into multiple regions and there is a partition table stored in the SSD, which includes region type of each region. The method includes: receiving, by the SSD, a command to read the partition table; and retrieving, by the SSD, the partition table, removing one or more regions with the region type being locked from the partition table, and returning the removed partition table. This application provides a simple implementation and self-encrypting protection scheme, which requires fewer running resources, is easy to operate, has strong portability, and can meet basic self-encrypting and locking requirements.

Abstract: A system configured to synchronize the displays of multiple infusion pumps is provided. In some embodiments, the system includes a plurality of infusion pumps in communication with a server. An individual infusion pump synchronizes its internal clock by communicating with the server. Based on the synchronized internal clock, the infusion pump determines the current time, calculates a parameter based on the current time, and causes screen content corresponding to the calculated parameter to be displayed.

Abstract: The present disclosure relates to methods for administering access to generated files. The method involves storing a file on a server. The server receives a request from a first client device to generate a uniform resource identifier (URI) associated with the file, an identity, and a dynamic expire time. The server generates the URI, which links to a resource comprising the file, and transmits it to a second client device. The server then receives a request from the second client device using the URI to request the resource. The server validates the identity by checking it against a database of authorized identities. Additionally, the server validates the identity through an identity provider, which prompts the user to login to the identity on an identity hosting platform. Based on the response from the server and the identity provider, access to the resource is granted or denied.

Abstract: A computer-implemented method for prioritizing exclusion renewal records is disclosed. The computer-implemented method includes determining vulnerability factors associated with a vulnerability exclusion record. The computer-implemented method further includes generating a vulnerability factor score for each vulnerability factor associated with the vulnerability exclusion record based, at least in part, on a level of risk associated with the vulnerability factor. The computer-implemented method further includes generating a vulnerability score for the vulnerability exclusion record based, at least in part, on the vulnerability factor score for each vulnerability factor. The computer-implemented method further includes updating a previous vulnerability score of the vulnerability exclusion record.

Abstract: Concepts and technologies disclosed herein are directed to using proof of work for preventing distributed denial of server (“DDoS”) attacks. A server system can receive a resource request from a client system. The resource request can specify a resource. The server system can determine a congestion level based upon a load metric and a threshold. In response to determining that the load metric is above the threshold, the server system can determine that the congestion level is indicative of a high demand period. In response to the resource request being received during the high demand period, the server system can provide a work assignment to the client system. The server system can receive work results for the work assignment sent to the client system. In response to receiving the work results, the server system can process the resource request and can send the resource to the client system.

Abstract: Systems and methods for protecting user data received by, stored on, and/or requested by third-party computing devices include a data entry computing system on a first network node. A data entry computing system can include a processing circuit that can identify user-entered data as sensitive user data, generate a content encryption key (CEK), generate encrypted user data by encrypting the sensitive user data with the CEK, tag the encrypted user data and the CEK with a tag readable by a database server on a network node different than the data entry computing system, the tag comprising information indicative of the encrypted user data, and transmit the encrypted user data to the database server, wherein the database server excludes a private key of a key manager on a network node different than the data entry computing system.

Abstract: A power control device for controlling the supply of electricity to an electrical apparatus or system. The power control device includes a microcontroller having an operating system with a firmware component that has at least one sandboxed software plug-in slot for accepting a communications protocol software plug-in to configure the microcontroller according to the communications protocol of the communications protocol software plug-in.

Abstract: Disclosed are a Media Access Control (MAC) address synchronization method, a switch, a Multi-Chassis Link Aggregation Group (MC-LAG) system, and a storage medium. The method may include: comparing a number of dynamic MAC addresses in the first device with a first preset threshold to obtain a first comparison result; adjusting the number of the dynamic MAC addresses in the first device according to the first comparison result; synchronizing the first device with the second device; comparing a sum of a number of dynamic MAC addresses in the second device and a number of static MAC addresses in the second device with a second preset threshold to obtain a second comparison result; adjusting the number of the dynamic MAC addresses in the second device according to the second comparison result; and synchronizing the first device with the second device.

Abstract: Identifying a malicious web page that impersonates a legitimate web page, including extracting HMTL source and a certificate for a specified web page, parsing the extracted HTML to identify objects, forms, links, templates, images and logos embedded in the HTML, and determining whether or not the HTML source harvests user credentials. If the determining is negative, then marking the specified web page as clean. If the determining is affirmative, then verifying the origin and ownership of the extracted certificate by examining its digital signature to determine a possibility of an impersonation attempt, applying image recognition to the identified images and logos, and comparing the identified images and logos to known images and brand logos of the certificate owner. If the comparing is affirmative, then mark the web page as clean. If the comparing is negative, then mark the web page as suspicious and block the web page from being accessed.

Abstract: In particular embodiments, a consent notice configuration determination system may be configured to: (1) scan a particular website from a plurality of different locations; (2) identify one or more types of technologies available on the particular website for individuals accessing the particular website from each of the plurality of different locations; (3) determine, for each of the plurality of different locations, based on a global set of databases, legal/regulatory guidance, etc. and the one or more types of technologies, particular legal and industry requirements for each of the plurality of different locations; and (4) automatically configure, for each of the plurality of different locations, a consent interface for the particular website for each of the plurality of different locations based at least in part on the one or more types of technologies and the global set of databases.

Abstract: A system designed for increasing network communication speed for users, while lowering network congestion for content owners and ISPs. The system employs network elements including an acceleration server, clients, agents, and peers, where communication requests generated by applications are intercepted by the client on the same machine. The IP address of the server in the communication request is transmitted to the acceleration server, which provides a list of agents to use for this IP address. The communication request is sent to the agents. One or more of the agents respond with a list of peers that have previously seen some or all of the content which is the response to this request (after checking whether this data is still valid).

Abstract: A robotic process automation (RPA) system provides bots that interact with and provide user credentials to applications, such as for multi-factor authentication (MFA). First user credentials associated with MFA are retrieved by the bots from credential storage. Second user credentials that correspond to questions posed to a user of an application are retrieved from credential storage. Second user credentials that correspond to a one-time password are generated by the RPA system. The second user credentials may also be generated by a third-party authentication service that provides the credentials via a secondary channel such as email or SMS, which are then retrieved for presentation to the application.

Abstract: This disclosure describes example techniques for automatically configuring domain name system (DNS) servers to handle custom hostnames assigned to hosted zones. The techniques monitor DNS record sets of the hosted zones for special DNS records registering new hostnames. When such a special DNS record is detected, the central DNS server checks a database to see if that hostname is already assigned to another hosted zone. If the hostname is not assigned to another hosted zone, the central DNS server automatically updates its own DNS configuration data pair the new hostname with the Internet Protocol (IP) address of the hosted zone requesting the hostname. This allows the central DNS server to resolve future DNS queries for the new hostname by routing requests to the proper zone.

Abstract: There are provided systems and methods for detecting malicious email addresses using email metadata indicators. Digital accounts may be attacked by malicious computing processes or other actions that attempt to compromise the security of accounts and/or perform account takeovers. To increase security of the accounts and account data, the service provider may interface with a digital address and/or identifier provider, such as an email provider to request metadata indications of addresses. The metadata indicator may include a score associated with whether the address is compromised or being used for fraudulent purposes. This score may be based on usages of the address over a period of time, connections of the address, and other activities. The indicator may be used to determine whether to allow data changes to the account's data.

Abstract: Systems and methods for telemetry collection auto-tuning for workspaces are described. In an illustrative, non-limiting embodiment, a client Information Handling System (IHS) may include a processor and a memory coupled to the processor, the memory having program instructions stored thereon that, upon execution by the processor, cause the client IHS to: collect telemetry during execution of a workspace using a telemetry collection setting specified in a file or policy received from a workspace orchestration service, where the file or policy implements a workspace definition usable by a local management agent to instantiate the workspace; in response to a comparison between a security risk score and a threshold risk level, modify the telemetry collection setting; and collect telemetry using the modified telemetry collection setting.

Abstract: One system for safeguarding a critical computing device is connected to an external communication network. The critical computing device stores critical data or is connected to a memory device storing critical data. The system includes a memory unit and a filtering module. The memory unit stores an entropy table having entropy values related to data packets regarding disorders in the data packets. The filtering module is connected to the external communication network and the critical computing device, receives a set of data packets through the external communication network, processes the data packets based on a set of rules, determines a processed entropy value related to each of the data packets received, fetches the entropy table and compares it with the processed entropy value, and determines if the data packets received are malicious or non-malicious and if the data packets are determined to be non-malicious data packets.

Abstract: In one embodiment, network node-to-node connectivity verification is performed in a network including data path processing of packets within a packet switching device. In one embodiment, an echo request connectivity test packet, emulating an echo request connectivity test packet received from a first connected network node, is inserted by the packet switching device prior in its data processing path prior to ingress processing performed for packets received from the first connected network node. A correspondingly received echo reply connectivity test packet is intercepted by the packet switching device during data path egress processing performed for packets to be forwarded to the first connected network node.

Abstract: A system maintains values for secure connection settings for multiple registered users and restricts data resets. Upon receiving a reset request to reset the value of a particular secure connection setting for a specific user, trials are conducted each by: receiving the requested new value from the requesting device; and sending a validation request to a validation system, the validation request including, at least in part, the requested new value for the particular secure connection setting. If a reply from the validation system is deemed a repudiation of the requested new value, a trial count is tolled. If the trial count reaches a predetermined condition, trials are suspended, a denial message is sent to the requesting device, and the specific user is alerted of a attempt to alter their data.

Abstract: A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.

Abstract: Embodiments provide methods and systems for verifying digital data. A method performed by server system to verify the digital data is disclosed. A request is received to verify information associated with a user. The request includes the credentials of the user for a digital platform. It is determined whether the information is present in a database associated with the digital platform. The information is verified by comparing the information with datasets stored in the database upon determining that the information is present in the database. Thereafter, a report is generated based on the verification. The report includes an output of the verification.

Abstract: A method for running an identity and access management system includes providing at least one layer, and a master computer that communicates with at least one slave computer. The master computer has at least one component which is designed as a computing device and/or as a memory device and/or as a further working component respectively. Units of the functionality of the computing device and/or of the memory device and/or of the further working component of the master computer, respectively, are generated. The respective units of the functionality of the computing device and/or of the memory device and/or of the functionality of the further working component, respectively, are converted into a code and are transmitted in coded form from the master computer to the slave computer. The master computer is controlled with the aid of the computing device and a software program.

Abstract: A method comprises receiving data from a device over at least a first network and analyzing the data to identify one or more parameters for transmission of the data to a computing site. Based, at least in part, on the one or more parameters, at least a second network to be utilized for transmission of the data to the computing site is determined, wherein the second network is different from the first network. In the method, the data is configured for transmission over at least the second network, and is sent to at least the second network for transmission to the computing site.

Abstract: Proactive caching, at a client device (e.g., a feature phone), of transient assistant action suggestions for selective rendering by an assistant client application of the client device. A transient assistant action suggestion, when rendered via an assistant client application and selected, causes the assistant client application to initiate performance of a corresponding assistant action. In various implementations, a prefetched transient action suggestion can be a time-constrained suggestion that includes at least associated rendering restriction metadata that defines one or more temporal windows to which rendering of the time-constrained suggestion is restricted. Proactive cache refresh rate metadata can also be associated with transient action suggestion(s) and defines a duration during which the assistant client application is to refrain from interfacing with a remote system to prefetch updated transient assistant action suggestions.

Abstract: This disclosure provides methods and techniques of performing source network address translation (SNAT) at a packet sender (e.g., a client device) instead of a gateway device (e.g., a proxy device). The present disclosure performs a SNAT operation at the packet sender, relieving the gateway device from the SNAT operation to perform other duties (e.g., policy enforcement). An example method of network address translation includes modifying, by a processing device at a data packet origination device (e.g., a client device), network address information in an internet protocol (IP) header of a packet using a public IP address. The method further includes sending the packet to a public network based on the public IP address.

Abstract: Computing systems and methods are described in which video calls or other online communications are established or enhanced among two or more live participants. In some variants one or more preferences are gleaned from a first participant's behavior so as to streamline a call establishment with one or more qualified recipients. Alternatively or additionally, enriched auditory message data may be received privately from a sender without leaving a shared space.

Abstract: Methods, devices, and systems are provided for user authentication on a gateway device to perform steps of, receiving a user request communicated via a local area network (LAN) from a user system or device connected to the LAN, checking whether the gateway device is operating in a disconnected operational mode in response to the user request, selectively initiating a user authentication protocol when the gateway device is operating in the disconnected operational mode, wherein the user authentication protocol uses secret information stored in a user hardware token uniquely assigned to a particular user, authenticating the administrator user using the user authentication protocol that requires administrator secret information stored in a master hardware token connected to a system or device operated by the administrator user, and selectively authenticating the particular user based at least in part on results of the user authentication protocol.

Abstract: A non-healthcare setting kit for diagnosing a biological sample from a user is disclosed. The kit includes a mobile application that may run on a mobile device, a collection container for the biological sample, a cartridge that docks with the collection container and a reader that docks with the cartridge and that optically reads the biological sample.

Abstract: User authentication and validation for performing transactions may be performed by a validation server of a service provider. For example, when a login request or purchase request is received, the request may be authenticated or validated before permitting the requested transaction. In some arrangements, the validation may be delegated to one or more devices or users external to the service provider. Multiple validation users may be consulted for each transaction request to determine a consensus validation decision. A consensus may be reached based on unanimous responses or based on a specified threshold level (e.g., more than 50% responding positively or negatively). The service provider may use this consensus determination to authorize or reject a transaction request.

Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking on Wi-Fi captive portals may include (i) detecting telemetry data generated from establishing a connection with a network access device associated with a captive portal, (ii) determining, based on the telemetry data, a target set of domains associated with a service set identifier assigned to the network access device, (iii) analyzing web tracking behavior data associated with the target set of domains to identify web trackers on the captive portal for a dataset of potential users, (iv) calculating a privacy risk score associated with the web trackers on the captive portal, and (v) performing a security action that protects against a potential invasion of user data privacy by presenting a privacy risk score notification associated with the web trackers on the captive portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system includes a memory associated with a first virtual environment that stores digital assets associated with a user. The memory is coupled to a processor that is configured to receive a user credential associated with the user and authorize the user to access the first virtual environment. The processor receives a request from the user to enter a second virtual environment accessible through the first virtual environment and generates a virtual pass for a first avatar of the user to enter the second virtual environment. The processor receives a request to perform in the second environment a data interaction associated with a digital asset and provides the first avatar access from the second environment to the digital asset. The processor receives an indication that the data interaction is completed and updates the digital asset in the memory to reflect the data interaction.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: Apparatuses, systems, and methods for verifying fingerprints associated with components to be installed on printed circuit boards (PCBs). In at least one embodiment, one or more processors determine whether a component fingerprint associated with a component to be installed on the PCB corresponds to an expected fingerprint, the component fingerprint based, at least in part, on a firmware version associated with the component.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.

Abstract: Systems and methods are provided for use in implementing a common domain to provide recognition of users. One example computer-implemented method includes receiving a recognition token associated with a profile and setting, via a browser accessing a common domain, a cookie in the browser where the cookie includes a recognition token. The method also includes, in response to a request for a service, via a user, through the browser accessing an entity domain associated with an entity, accessing the common domain and accessing, via the browser accessing the common domain, the cookie and submitting the cookie to a common domain server. The method further includes receiving, from the common domain server, a federated ID token associated with the recognition token for the service and retrieving, via the browser, the profile associated with the user based on the federated ID token.

Abstract: Methods and systems for sending data are described. A computing device may send data to one or more requesting devices via one or more communication sessions. The computing device may update a state of a token(s) based on requests received and/or data sent. The computing device may manage the one or more sessions according to the state of the token(s).

Abstract: The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server.