Abstract: A system maintains values for secure connection settings for multiple registered users and restricts data resets. Upon receiving a reset request to reset the value of a particular secure connection setting for a specific user, trials are conducted each by: receiving the requested new value from the requesting device; and sending a validation request to a validation system, the validation request including, at least in part, the requested new value for the particular secure connection setting. If a reply from the validation system is deemed a repudiation of the requested new value, a trial count is tolled. If the trial count reaches a predetermined condition, trials are suspended, a denial message is sent to the requesting device, and the specific user is alerted of a attempt to alter their data.

Abstract: A device, system, and method are provided. In one example, a method for polling for server events is described that includes storing, on a server, a list of events. The method also includes polling, by a client, the server for the list of events. The method includes receiving the list of events stored on the server. The method further includes broadcasting each event in the list of events received to an associated component; and requesting, by each component that receives at least one associated event, component related event data for each associated event.

Abstract: Embodiments provide methods and systems for verifying digital data. A method performed by server system to verify the digital data is disclosed. A request is received to verify information associated with a user. The request includes the credentials of the user for a digital platform. It is determined whether the information is present in a database associated with the digital platform. The information is verified by comparing the information with datasets stored in the database upon determining that the information is present in the database. Thereafter, a report is generated based on the verification. The report includes an output of the verification.

Abstract: A method for running an identity and access management system includes providing at least one layer, and a master computer that communicates with at least one slave computer. The master computer has at least one component which is designed as a computing device and/or as a memory device and/or as a further working component respectively. Units of the functionality of the computing device and/or of the memory device and/or of the further working component of the master computer, respectively, are generated. The respective units of the functionality of the computing device and/or of the memory device and/or of the functionality of the further working component, respectively, are converted into a code and are transmitted in coded form from the master computer to the slave computer. The master computer is controlled with the aid of the computing device and a software program.

Abstract: A method comprises receiving data from a device over at least a first network and analyzing the data to identify one or more parameters for transmission of the data to a computing site. Based, at least in part, on the one or more parameters, at least a second network to be utilized for transmission of the data to the computing site is determined, wherein the second network is different from the first network. In the method, the data is configured for transmission over at least the second network, and is sent to at least the second network for transmission to the computing site.

Abstract: Proactive caching, at a client device (e.g., a feature phone), of transient assistant action suggestions for selective rendering by an assistant client application of the client device. A transient assistant action suggestion, when rendered via an assistant client application and selected, causes the assistant client application to initiate performance of a corresponding assistant action. In various implementations, a prefetched transient action suggestion can be a time-constrained suggestion that includes at least associated rendering restriction metadata that defines one or more temporal windows to which rendering of the time-constrained suggestion is restricted. Proactive cache refresh rate metadata can also be associated with transient action suggestion(s) and defines a duration during which the assistant client application is to refrain from interfacing with a remote system to prefetch updated transient assistant action suggestions.

Abstract: This disclosure provides methods and techniques of performing source network address translation (SNAT) at a packet sender (e.g., a client device) instead of a gateway device (e.g., a proxy device). The present disclosure performs a SNAT operation at the packet sender, relieving the gateway device from the SNAT operation to perform other duties (e.g., policy enforcement). An example method of network address translation includes modifying, by a processing device at a data packet origination device (e.g., a client device), network address information in an internet protocol (IP) header of a packet using a public IP address. The method further includes sending the packet to a public network based on the public IP address.

Abstract: Methods, devices, and systems are provided for user authentication on a gateway device to perform steps of, receiving a user request communicated via a local area network (LAN) from a user system or device connected to the LAN, checking whether the gateway device is operating in a disconnected operational mode in response to the user request, selectively initiating a user authentication protocol when the gateway device is operating in the disconnected operational mode, wherein the user authentication protocol uses secret information stored in a user hardware token uniquely assigned to a particular user, authenticating the administrator user using the user authentication protocol that requires administrator secret information stored in a master hardware token connected to a system or device operated by the administrator user, and selectively authenticating the particular user based at least in part on results of the user authentication protocol.

Abstract: Computing systems and methods are described in which video calls or other online communications are established or enhanced among two or more live participants. In some variants one or more preferences are gleaned from a first participant's behavior so as to streamline a call establishment with one or more qualified recipients. Alternatively or additionally, enriched auditory message data may be received privately from a sender without leaving a shared space.

Abstract: A non-healthcare setting kit for diagnosing a biological sample from a user is disclosed. The kit includes a mobile application that may run on a mobile device, a collection container for the biological sample, a cartridge that docks with the collection container and a reader that docks with the cartridge and that optically reads the biological sample.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: A system includes a memory associated with a first virtual environment that stores digital assets associated with a user. The memory is coupled to a processor that is configured to receive a user credential associated with the user and authorize the user to access the first virtual environment. The processor receives a request from the user to enter a second virtual environment accessible through the first virtual environment and generates a virtual pass for a first avatar of the user to enter the second virtual environment. The processor receives a request to perform in the second environment a data interaction associated with a digital asset and provides the first avatar access from the second environment to the digital asset. The processor receives an indication that the data interaction is completed and updates the digital asset in the memory to reflect the data interaction.

Abstract: User authentication and validation for performing transactions may be performed by a validation server of a service provider. For example, when a login request or purchase request is received, the request may be authenticated or validated before permitting the requested transaction. In some arrangements, the validation may be delegated to one or more devices or users external to the service provider. Multiple validation users may be consulted for each transaction request to determine a consensus validation decision. A consensus may be reached based on unanimous responses or based on a specified threshold level (e.g., more than 50% responding positively or negatively). The service provider may use this consensus determination to authorize or reject a transaction request.

Abstract: The disclosed computer-implemented method for protecting user data privacy against web tracking on Wi-Fi captive portals may include (i) detecting telemetry data generated from establishing a connection with a network access device associated with a captive portal, (ii) determining, based on the telemetry data, a target set of domains associated with a service set identifier assigned to the network access device, (iii) analyzing web tracking behavior data associated with the target set of domains to identify web trackers on the captive portal for a dataset of potential users, (iv) calculating a privacy risk score associated with the web trackers on the captive portal, and (v) performing a security action that protects against a potential invasion of user data privacy by presenting a privacy risk score notification associated with the web trackers on the captive portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system for intelligent managing whitelists and blacklist provides options and/or suggestions to the administrators and/or information technology team to allow administration of whitelists and/or blacklists based upon history and rules. For example, if permission to run a certain program is requested by several people in a group or organization and the program is not believed to have a virus, then, the administrator if presented with an option to enable (e.g., add to the whitelist) that program for the entire group or organization.

Abstract: Apparatuses, systems, and methods for verifying fingerprints associated with components to be installed on printed circuit boards (PCBs). In at least one embodiment, one or more processors determine whether a component fingerprint associated with a component to be installed on the PCB corresponds to an expected fingerprint, the component fingerprint based, at least in part, on a firmware version associated with the component.

Abstract: A packet-spreading data transmission system with anonymized endpoints facilitates enhanced fortified private communications between a plurality of arbitrary devices via a plurality of communication channels or networks. The data transmission system receives at a source endpoint device a message of arbitrary length. The message includes a destination address associated with a destination endpoint device. Both source endpoint device and the destination endpoint device are selected from a plurality of arbitrary devices. The received message are fragmented and agilely transmitted, via a plurality of communication channels, from the source endpoint device to the destination endpoint device.

Abstract: Techniques are described for providing customizable sign-on functionality, such as via an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users. The access manager system may maintain various sign-on and other account information for various users, and provide single sign-on functionality for those users using that maintained information on behalf of multiple unrelated services with which those users interact. The access manager may allow a variety of types of customizations to single sign-on functionality and/or other functionality available from the access manager, such as on a per-service basis via configuration by an operator of the service, such as co-branding customizations, customizations of information to be gathered from users, customizations of authority that may be delegated to other services to act on behalf of users, etc.

Abstract: Methods and systems for sending data are described. A computing device may send data to one or more requesting devices via one or more communication sessions. The computing device may update a state of a token(s) based on requests received and/or data sent. The computing device may manage the one or more sessions according to the state of the token(s).

Abstract: Systems and methods are provided for use in implementing a common domain to provide recognition of users. One example computer-implemented method includes receiving a recognition token associated with a profile and setting, via a browser accessing a common domain, a cookie in the browser where the cookie includes a recognition token. The method also includes, in response to a request for a service, via a user, through the browser accessing an entity domain associated with an entity, accessing the common domain and accessing, via the browser accessing the common domain, the cookie and submitting the cookie to a common domain server. The method further includes receiving, from the common domain server, a federated ID token associated with the recognition token for the service and retrieving, via the browser, the profile associated with the user based on the federated ID token.

Abstract: Various embodiments herein each include at least one of systems, methods, and software for biometric authentication of pre-staged self-service terminal transactions. One embodiment in the form of a method includes connecting, wirelessly via a wireless communication device of a mobile device, to a Self-Service Terminal (SST), such as an ATM or self-service checkout terminal. The mobile device then receives, via the wireless communication device from the SST, biometric authentication data to authenticate an account holder. The received biometric data is then compared on the mobile device with biometric data stored on or read by a biometric reader of the mobile device. When the comparing identifies a match between the received biometric data and the biometric data read by or stored on the mobile device, the method then transmits an authentication message via the wireless communication device to the SST indicating the match.

Abstract: Disclosed methods and systems for managing on-premises information handling resources establish, by an in-cloud web portal, an agentless connection to an on-premises information handling resource and perform, via the agentless connection, a configuration management operation to modify a configuration of the on-premises handling resource. Establishing the agentless connection and performing the configuration management operation may include one or more appropriate API calls. Disclosed teachings enable a web-accessible, public cloud portal to perform active configuration management of on-premises resources scattered across any number of distinct and potentially isolated customer sites without deploying and maintaining management agent software within the customer's private cloud. The on-premises resources may include a multi-node cluster provided by a node or nodes of one or more HCI appliances.

Abstract: Intelligent access redirection is provided. An access request to access a secure website with user information and secure website details is relaunched utilizing an alternative access approach to access the secure website. Successful access to the secure website utilizing the alternative access approach is detected. The alternative access approach to access the secure website is saved in a user profile along with a reason to perform access redirection in response to detecting the successful access.

Abstract: Techniques for packet classification for network routing are disclosed. In some embodiments, packet classification for network routing includes receiving packets associated with a new flow at a security controller from a network device, in which the network device performs packet forwarding; classifying the flow; and determining an action for the flow based on a policy (e.g., a security policy). In some embodiments, the network device is a Software Defined Network (SDN) network device (e.g., a packet forwarding device that supports the OpenFlow protocol or another protocol).

Abstract: Various methods, apparatuses/systems, and media for programmatically generating and rotating secrets for applications to read them to connect to various services are disclosed. A processor determines, in a preconfigured time interval, whether secrets/credentials corresponding to a service provider has been changed; calls a first API to retrieve the changed secrets/credentials from the corresponding service provider; stores the changed secrets/credentials to a corresponding predefined location; causes an application to call a second API to retrieve the changed secret or the credential from the corresponding predefined location; and automatically establishes a connection between the application and the corresponding service provider based on a determination that the changed secrets/credentials retrieved from the predefined location matches with the changed secrets/credentials retrieved from the corresponding service provider during the preconfigured time interval.

Abstract: A system includes a memory device and a processor, operatively coupled to the memory device, to perform operations including receiving a request to provide a post-secrets-provisioning service with respect to a device having a supply chain state corresponding to a supply chain associated with the device, in response to receiving the request, determining whether to authorize the request, in response to authorizing the request, obtaining a set of secrets data corresponding to the supply chain state of the device, and providing the post-secrets-provisioning service by emulating, utilizing the set of secrets data, the device having the supply chain state.

Abstract: Methods and devices that manage the secure distribution of credentials from a group of autonomous specialized nodes to a requesting node. The secure distribution of credentials may uses secret share and a group private key that none of the nodes reconstructs or possesses. The credentials include an identifier for the requesting node and a secret point that the node assembles from portions of the secret point provided by each of a plurality of the specialized nodes, where the secret point is based on the group private key and a map-to-point hash of the requesting node's identifier.

Abstract: A first appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: Technologies for providing policy-based secure containers for multiple enterprise applications include a client computing device and an enterprise policy server. The client computing device sends device attribute information and a request for access to an enterprise application to the enterprise policy server. The enterprise policy server determines a device trust level based on the device attribute information and a data sensitivity level based on the enterprise application, and sends a security policy to the client computing device based on the device trust level and the data sensitivity level. The client computing device references or creates a secure container for the security policy, adds the enterprise application to the secure container, and enforces the security policy while executing the enterprise application in the secure container. Multiple enterprise applications may be added to each secure container. Other embodiments are described and claimed.

Abstract: In some implementations, a system may receive a request to facilitate a service interaction involving a user. The system may determine, based on receiving the request, a priority factor associated with facilitating the service interaction for the user. The priority factor may be determined based on account activity information associated with a user account of the user. The system may determine, based on the priority factor and service information, a priority score associated with facilitating the service interaction. The system may select, based on the priority score, a queue location of a queue. The queue may be associated with a provider system that is configured to facilitate the service interaction. The system may perform an action associated with causing the provider system to facilitate the service interaction according to the queue location.

Abstract: The present disclosure is directed to systems and methods for providing interactive services to a device. For example, a method may include determining service authorization information for a device, the service authorization information being associated with an interactive service on a wireless network. The method may also include determining device policies for the device based on the service authorization information. The method may also include transmitting the device policies to the device, wherein the device policies cause the device to select a cloud rendering server for the interactive service.

Abstract: A device determines that a policy is to be executed. The device retrieves rules, resource identifiers, and data provider identifiers associated with the policy, generates a pending rules data structure and populates the pending rules data structure with identifiers of the retrieved rules and their respective necessary resources as indicated by the resource identifiers. The device generates a pending resources data structure with the resource identifiers and their respective data providers, collects, asynchronously, each resource, and, as each respective resource is collected, deletes the respective resource from the pending resources data structure and populates a collected resources data structure with an identifier of the respective resource.

Abstract: A middleware system and corresponding methods are described whereby data communications, either inter-device or intra-device, are coordinated using a set of cryptographic identifiers that correspond to computing elements, such as interfaces, methods, parameters, classes, among others. The cryptographic identifiers are coupled to data messages being sent across the middleware system and processed to indicate adherence to protocol standards and/or to cause transformation of the data messages such that the receiver receives a data message adhering to their acceptable protocol standards.

Abstract: A method allowing execution of transmission functions hosted in intermediate pieces of equipment of a path established between two pieces of communication equipment. End-to-end encryption systems are designed to resist any surveillance or tampering attempt, as no third party can decrypt or modify the communicated data. There is a solution which, depending on the connection opening requests of the applications, allows to select and assemble the transport protocols necessary for the operation of the application. However, this method is local: this protocol stack is only assembled at the pieces of communication equipment constituting the ends of the connections. Consequently, the requests emitted by these applications are not transmitted to the intermediate pieces of equipment which host the desired functions.

Abstract: Methods and apparatuses for authentication and/or provisioning of wireless network devices, and in particular, methods and apparatuses for authentication and/or provisioning of wireless network devices that are communicating with and may be monitored and/or controlled by a remote (e.g., cloud) server.

Abstract: A management section 122 allows a user A to sign in to a server. A user data acquiring section 136 acquires, from the server, data regarding a user B who is associated with the user A in the server but who is not yet registered in an information processing device 10. A user data holding section 138 holds data regarding the user A and the data regarding the user B that has been acquired. A login screen generation section 124 uses data held by the user data holding section 138 and displays a login screen including information regarding the user A and information regarding the user B.

Abstract: Systems, methods, and software described herein provide enhancements for managing permissions in a shared graph. In one implementation, a graph management system identifies a request to classify a first subgraph in the graph for access by a tenant of a plurality of tenants, wherein the request indicates one or more vertex types and/or one or more edge types for the first subgraph. The graph management system further identifies one or more vertices and/or one or more edges in the graph that qualify for the first subgraph based on the indicated one or more vertex types and/or one or more edge types, and allocates permissions to at least one user associated with the tenant to access the first subgraph.

Abstract: A system for processing video files includes receiving the video files, transcoding each of the video files, and making available each of the transcoded video files to a target platform. A predictive analysis process estimates the respective end times that each of the video files will be available for the target platform. Each of the respective end times are compared against a licensing window associated with the respective video file.

Abstract: A computer-implemented method, operable on a device in a content delivery network (CDN), wherein the CDN delivers content on behalf of at least one content provider, the device implementing a content delivery (CD) service, the method includes, by the service on the device: receiving a request for a particular resource from a client; determining whether the client includes an optimization support mechanism; when the client includes an optimization support mechanism, providing the client with a first version of the particular resource, optimized, at least in part, for the capabilities of the client in combination with the optimization support mechanism; otherwise providing the client with either (i) an un-optimized version of the particular resource, or (ii) a version of the particular resource optimized, at least in part, for the capabilities of the client without the capabilities of the optimization support mechanism.

Abstract: Examples described herein relate to a network device apparatus that includes a packet processing circuitry configured to determine if target data associated with a memory access request is stored in a different device than that identified in the memory access request and based on the target data associated with the memory access request identified as stored in a different device than that identified in the memory access request, cause transmission of the memory access request to the different device. In some examples, the memory access request comprises an identifier of a requester of the memory access request and the identifier comprises a Process Address Space identifier (PASID) and wherein the configuration that a redirection operation is permitted to be performed for a memory access request is based at least on the identifier.

Abstract: Generally discussed herein are devices, systems, and methods for adaptive authorization using a local route as a named location. A method can include defining a local route and a corresponding local route endpoint, associating a compute resource as a destination of the local route endpoint, defining an adaptive authorization policy that limits access to the compute resource to be through the local route endpoint, and enforcing access to the compute resource based on the defined adaptive authorization policy.

Abstract: Disclosed are various examples for configuring network security based on device management characteristics. In one example, a specification of a set of network resources on an internal network is received from an administrator client. The set of network resources are those network resources that a particular application executed in client devices on an external network should be authorized to access. A gateway from the external network to the internal network is then configured to permit the particular application to have access to the set of network resources.

Abstract: A wireless device enterprise management system and a method for operating the management system in a controlled environment is disclosed. The enterprise management system includes implementing a container-based file system on wireless devices within the controlled environment. Enterprise management system manages and controls the organization of files into one or more containers on each wireless device. Each container is associated with one or more execution rules that allow or restrict execution of files that are located in the container.

Abstract: A printing system implements a peer to peer network to manage resources between printing devices, such as configuration settings, software programs, or multifunctional printer (MFP) applications. When a printing device is added to the peer to peer network, it queries an existing printing device for information about its resources. Such information includes versions of the software programs. The information is used to compare the resources at the added printing device to those within the peer to peer network, using the existing printing device. Any differences are resolved by upgrading the resources at the added printing device by retrieving them within the peer to peer network.

Abstract: Useful data is transmitted to a terminal existing in a transportation vehicle. A communication apparatus installed in the transportation vehicle and configured to transmit the data to the terminal existing in the transportation vehicle includes a data selection unit and an illumination unit. The data selection unit acquires location information indicating a location of the transportation vehicle in which the terminal exists and which is traveling. Based on the acquired location information, the data selection unit selects approaching-location data related to a location ahead of a current location of the transportation vehicle in a traveling direction from a plurality of pieces of data related to the location. The illumination unit transmits, as a modulated light signal, a signal comprising the approaching-location data.

Abstract: Systems and methods for email processing are described. Embodiments of the present disclosure identify a plurality of email recipients, wherein each of the plurality of email recipients has an email address associated with one of a plurality of internet service providers (ISPs); identify a plurality of internet protocol (IP) addresses, wherein each of the plurality of IP addresses is available for sending email from a user to the plurality of email recipients; compute an ISP-IP score for each of a plurality of ISP-IP pairs based on email delivery statistics; select an IP address from the plurality of IP addresses corresponding to each of the plurality of email recipients based on the ISP-IP score; and transmit an email to each of the plurality of email recipients from the selected IP address.

Abstract: A device may generate network profile data indicating a set of network parameters detected by the device. The device may encrypt the network profile data and may transmit the encrypted network profile data to a network device, such as a router, or a server. The router or server may analyze the encrypted network profile data to determine if the device is secure. The router of server may perform one or more security measures if the device is not secure.

Abstract: A method acquires, on a basis of a restaurant ID, menu information indicating one or more foods provided by a restaurant over a network from a second server associated with the restaurant corresponding to the restaurant ID, acquires, from a first server, religion information, extracts one or more first foods compatible with the religion information on a basis of the menu information and the religion information, displays the one or more first foods through a second operation screen for accepting an order of a food to be provided by the restaurant of a user, and transmits food order information indicating a food selected from among the one or more first foods to the second server.

Abstract: A method includes acquiring, on a basis of a restaurant ID, menu information indicating one or more foods provided by a restaurant over a network from a second server associated with the restaurant corresponding to the restaurant ID, transmitting identification information stored in an information terminal to a first server and acquiring classification information from the first server on a basis of the identification information, generating a personalized menu for the user corresponding to the classification information on a basis of the menu information and the classification information, and displaying the personalized menu through a second operation screen for accepting an order of a food to be provided by the restaurant, the second operation screen being displayed on a display of the information terminal carried by the user.

Abstract: The exemplary embodiments include a method to perform, based on at least one of hypertext transport protocol and non-hypertext transport protocol traffic tests failing, sending an hypertext transport protocol message to a subscription remediation server URI that carries a package1 message, receiving an hypertext transport protocol response from the subscription mediation server with a package2 message, and automatically replacing a password with a new value, automatically initiating creation of a new client certificate, or launching a browser to a URI provided in the response to enable user intervention. In addition, to receive an access request from a device, determining whether credentials are valid, and if the credentials are determined valid, sending an access-accept message with a success indication, and if the credentials are determined not valid, sending an access-accept message with a success indication and an indication that access by the device is limited to only a subscription remediation server.