Abstract: A system operated by a computing resource service provider maintains a pool of computing resources for use in processing job requests submitted by customers. The system allocates computing resources to the pool in anticipation of future resource needs. In various embodiments, future resource needs can be estimated based on scheduled jobs, or historical job information. In an embodiment, the computing resources are virtual computer systems which may be arranged in a cluster. In response to receiving a parallel processing job from a customer, the system reserves computing resources from the pool for performing the job. In an embodiment, the reserved resources are configured with a network namespace that is able to access to a customer's resources.

Abstract: Methods, apparatus, and processor-readable storage media for proactive user authentication for facilitating subsequent resource access across multiple devices are provided herein. An example computer-implemented method includes validating an authentication result received via a first user device; generating, in response to validating the authentication result, a proof of authentication that relates to the authentication performed via the first user device; outputting the proof of authentication to the first user device; receiving, via a second user device in connection with a request to access a protected resource, cryptographic information comprising at least a portion of the proof of authentication output to the first user device; validating the cryptographic information received via the second user device against the proof of authentication; and granting, to the second user device, access to the protected resource in response to validating the cryptographic information against the proof of authentication.

Abstract: An image forming apparatus aims to prevent sheets in a sheet feeder which is designated for a print job by a user from being used for another print job other than the print job. The image forming apparatus, equipped with a plurality of sheet feeders, executes a submitted print job, prompts a user to select a sheet feeder for use in the print job from among the plurality of sheet feeders, and provides control such that the selected sheet feeder cannot be used for another print job other than the print job.

Abstract: A computing device obtains a request from a user device to access a network beacon. The computing device obtains a device profile for the user device. The computing device determines whether the user device satisfies an authorization rule based on the state of the user device as indicated by the device profile. The computing device authorizes the user device to access the network beacon responsive to determining that the user device satisfies the authorization rule.

Abstract: A system includes a client device capable of being associated with a number of networked devices through a computer network to: process an embedded object, constrain an executable environment in a security sandbox, and execute a sandboxed application in the executable environment. The embedded object is processed through the sandboxed application. The system also includes a relevancy-matching server to: receive primary data generated from fingerprint data of each of the number of networked devices, match the primary data with targeted data based on a relevancy factor, search a storage for the targeted data, and cause rendering of the targeted data through the embedded object processed through the sandboxed application of the client device. The primary data is any one of a content identification data and a content identification history.

Abstract: To provide a data management system and a data management program enabling a person not having reference authority of a display name of a node of an ordinary hierarchical structure to refer to data associated with a node in an ordinary hierarchical structure, a data management system which, when one of the nodes of a hierarchical structure constituted by a plurality of nodes is specified, notifies at least some values of purchased product data associated with the specified node notifies the ordinary hierarchical structure to a person having reference authority of a display name of a node of the ordinary hierarchical structure, and notifies, to a person not having reference authority of the display name of the node of the ordinary hierarchical structure, a substitute hierarchical structure constituted by nodes of which value of at least one item of the purchased product data is the display name and with which purchased product data including this value is associated.

Abstract: Checking a certificate of delegation, from a first server to a second server, for delivery of content referenced on the first server, and addressed to a client terminal. The terminal: emits a first message requesting the content, addressed to the first server, via a first encrypted connection; receives a redirection message from the first server, including an identifier of a third-party server; obtains an address from the second server, based on the identifier received in the redirection message; emits a request to establish a second encrypted connection between the terminal and the second server, including an identifier of the first server; receiving a certificate of delegation signed by the first server from the second server, via the second encrypted connection; verifies the certificate by an encryption key of the first server; and if valid, emits a second message requesting content, addressed to the second server, via the second encrypted connection.

Abstract: In some embodiments, techniques for displaying a URL comprise receiving a URL; normalizing the URL, wherein normalizing the URL includes standardizing an encoding of a character contained in the URL; determining a first element of the URL, wherein the first element of the URL includes a domain; determining a second element of the URL; displaying the URL, wherein displaying the URL includes emphasizing the first element of the URL, and wherein emphasizing the first element of the URL includes displaying the first element of the URL using a first font attribute; and wherein displaying the URL includes displaying a first portion of the second element of the URL using a second font attribute and eliding a second portion of the second element of the URL; and responsive to an interaction with a user interface element, providing a view of the URL in its entirety.

Abstract: Cache data analysis for enterprise content management systems is described. A content category is identified based on content provided by a cache server associated with an enterprise content management system. A determination is made whether content associated with the content category is cached by the cache server. The content associated with the content category is requested by the cache server if the content associated with the content category is not cached by the cache server. The content associated with the content category is cached by the cache server.

Abstract: A multiunit charging device and method for preemptive data upload is provided. A multiunit charging device controls a first mobile device, received at a plurality of charging stations of the multiunit charging device, to upload first data via a communication unit. After upload of the first data has begun, the multiunit charging device detects that a second mobile device is received at the plurality of charging stations. When an amount of second data for upload at the second mobile device is smaller than a remaining amount of the first data for upload at the first mobile device, the multiunit charging device: preempts uploading of the first data at the first mobile device; and controls the second mobile device to upload the second data via the communication unit.

Abstract: A method and system is disclosed that permits users of an online gaming platform to communicate via voice with other user in the online gaming platform.

Abstract: Systems and methods for cloud security monitoring and threat intelligence in accordance with embodiments of the invention are disclosed. In one embodiment, a process for monitoring and remediation of security threats includes generating a threat model using a first portion of activity data, identifying, based upon the threat model, a threat using a second portion of activity data, selecting a security policy to implement in response to the identified threat, identifying cloud security controls in a remotely hosted cloud application server system to modify in accordance with the selected security policy, establishing a secure connection to the remotely hosted cloud application server system using login credentials associated with a tenant account with the cloud application, and sending instructions to the remotely hosted cloud application server system to set the identified cloud security controls with respect to the tenant account in accordance with the selected security policy.

Abstract: An access proxy system is disclosed. A proxy server receives, from a client device, a request to access a protected resource. The protected resource represents a mapping between a user-facing domain and an internal domain that is only accessible from behind a set of one or more proxies that includes the proxy server. In response to receiving a grant of permission by an access policy engine, the proxy server proxies access to the protected resource using a mutual-TLS connection with the client device.

Abstract: A technique for resolving a uniform resource locator (URL) present on a social network website is presented. The technique includes detecting that a user's computing device is rendering a social network web page on the social network website, detecting a user activation of the URL present on the social network web page, where the URL present on the social network web page includes a domain name, obtaining a domain name system (DNS) resource record for the domain name, detecting, in the DNS resource record for the domain name, an entry for the social network website associated with a destination URL, retrieving content from the destination URL in response to at least the detecting that the user's computing device is rendering the social network web page and the detecting a user activation of the URL present on the social network web page, and causing the content to be displayed.

Abstract: A processor, based on detection of a configuration change to a central electronics complex (CEC) in a CEC group, automatically creates a monitoring network within the CEC. Automatically creating the monitoring network includes the processor issuing a request via a hardware management console (HMC) to the CEC to create a virtual switch implementing a virtual local area network (VLAN). The processor also issues a request via the HMC to the CEC to create, on a virtual input-output server (VIOS) hosted in the CEC, a virtual trunk adapter connected to the VLAN. In addition, the processor issues a request via the HMC to the CEC to create, on each of a plurality of logical partitions (LPARs) hosted in the CEC, a virtual network adapter connected to the VLAN. The processor can employ the network, for example, to monitor health of the LPARs and VIOS within the CEC via the HMC.

Abstract: A component of an environment having available bandwidth for performing a task is located. Authorization to connect a device associated with the task to the component is granted. In response to determining that a set of one or more conditions are met, the device is connected to the component. The connection provides network connectivity to the device via the component.

Abstract: A computer-implemented system and method receive information regarding a funds transfer from a payor to a payee. The information is received by a depository computer system. The depository computer system forwards the information regarding the funds transfer to an account verification service computer system. The depository receives an indication of a real time account status of an account of the payor. The account status information is received from a paying bank computer system that maintains the account of the payor via the account verification service computer system. Release of the funds to the payee is authorized based on the account status information received via the account verification service computer system. The authorization occurs in real time relative to when the funds transfer information is initially received.

Abstract: A method for securing D2D communications may comprise: encrypting communication data based at least in part on a security policy associated with at least one of a general trust evaluation and a local trust evaluation; and sending the encrypted communication data from a first user equipment to one or more second user equipments, wherein the second user equipment of which at least one of a general trust evaluation result and a local trust evaluation result satisfies the security policy set by the first user equipment is eligible to access the encrypted communication data.

Abstract: Novel tools and techniques might provide for implementing application, service, and/or content access control. Based at least in part on a consumer's choice of applications, services, content, and/or content providers—particular in exchange for a subsidy on content and/or network access fees provided to the consumer by chosen content providers—, a computing system may determine whether access to applications, services, and/or content not associated with the chosen content providers (“other content”) should be allowed or restricted. If restricted, the computing system might utilize various network access techniques and/or technologies to block the consumer's access to the other content, to allow access to the other content on a charge per access basis, or to allow access to the other content at reduced network access speeds. In some embodiments, an access provider (e.g., an Internet service provider, etc.) might perform both determination and implementation of content access and restriction.

Abstract: An origin server that is implemented within one or more devices within a third party virtual private cloud (VPC) is provided herein. Instead of communicating with various CDNs over a public network, the third party VPC may instead communicate with a managed VPC via a private network. Thus, no gateway, network address translation (NAT), or other such devices may be needed for the third party VPC and the managed VPC to communicate. Rather, a VPC identifier of the managed VPC and a VPC identifier of the third party VPC are used to pair the two VPCs. Once paired, a private route is set up such that points from the private address space of the third party VPC to the private address space of the managed VPC. The managed VPC then communicates directly with the various CDNs via a public network.

Abstract: Improved techniques for controlling delivery (e.g., download) of application programs from a remote application repository to different client computing devices are disclosed. Application programs are often built to operate on computing devices that have certain hardware capabilities. Hence, application programs available for download from a remote application repository might not be suitable execution on all client computing devices that are able to access the remote application repository. The improved techniques for controlling delivery can operate to permit the applications to be received by only those client computing devices that have the required hardware capabilities to properly operate the application programs.

Abstract: A database system is disclosed. The database system includes a matching module configured to query a database for users which have data matching an interest of another user and to selectively grant to one or more of the users access to data of the other user based at least in part on a result of the query and on an access control list.

Abstract: A cloud services management system and method that is capable of ensuring that communication between one or more cluster master(s) and cluster nodes is disclosed. The cloud services management system ensures secure communication that are not susceptible to security breaches even when the cluster master(s) and the cluster nodes reside in different networks (and/or have different security profiles, particularly in a public network). The cloud service management system utilizes three main communication paths: (1) a first route to manage communication between cluster master and a cluster; (2) a second route to manage communication between a cluster and one or more services/APIs; and (3) a third route to manage communication between a cluster and external domains. One purpose of these routes is to prevent direct communication between a cluster and the Internet (since such communication can be unsecured and prone to security risks and threats).

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized-identifier creation. One of the methods includes: receiving a request for obtaining a decentralized identifier (DID), wherein the request comprises an account identifier; obtaining, in response to receiving the request, a public key of a cryptographic key pair; obtaining the DID based on the public key; and storing a mapping relationship between the account identifier and the obtained DID.

Abstract: A data storage system manages use of a pool of secondary storage by internal file systems hosting logical data storage objects accessed by clients. A choose-and-mark-slices operation scans the file system to identify a subset of the slices as evacuatable slices to be de-provisioned and returned to the pool, the subset having a size exceeding a per-iteration limit observed by a separate evacuate-slices operation. The subset is recorded in an in-memory structure. Each iteration of the evacuate-slices operation (1) examines the in-memory structure to select slices for evacuation, no more than the per-iteration limit being selected, (2) moves data from the selected slices to the remaining slices of the set, and (3) subsequently (i) updates metadata of the file system to reflect the moving of the data and (ii) de-provisions the selected slices from the file-system to return them to the pool for subsequent re-provisioning.

Abstract: A system and methods for creating a non-reputable digital record of an identification (ID) document (ID-document) of an ID-holder, by a verifier-server. The system includes at least one verifier-server of a verifier and ID-holder-computing-device. The method includes authenticating a captured ID provided by the ID holder and extracting PII fields from the captured ID; cryptographically protecting jointly and severally the extracted-PII-fields, wherein the cryptographically protecting includes individually hashing each one of the PII fields; and transmitting from the verifier-server, to the ID-holder-computing-device, a verification-result comprising PII-hash-pairs, the individually-hashed-PII-fields, and a verifier-server-signature, the verification-result being the non-reputable digital record. Also disclosed are systems and methods for using the digital record for secured interaction between the ID holder and a vendor.

Abstract: Client requests may be directed through a secret holding proxy system such that the secret holding proxy system may insert a secret into a client request before arriving at the destination. The insertion of a secret may include inserting a digital signature, token or other information that includes a secret or information based upon a secret, which may include secret exchange or authentication protocols. The secret holding proxy system may also remove secrets and/or transform incoming messages such that the client may transparently receive the underlying content of the message.

Abstract: A system includes at least one processor and processes an ETL job. The system analyzes a specification of the ETL job including one or more functional expressions to load data from one or more source data stores, process the data in memory, and store the processed data to one or more target data stores. One or more data flows are produced from the specification based on the one or more functional expressions. The one or more data flows utilize in-memory distributed data sets generated to accommodate parallel processing for loading and processing the data. The one or more data flows are optimized to assign operations to be performed on the one or more source data stores. The optimized data flows are executed to load the data to the one or more target data stores in accordance with the specification. Present invention embodiments further include methods and computer program products.

Abstract: A method is provided for preventing delivery of advertising content server device to a client device, where an advertising blocker monitors attempts of the client device to establish a connection to the server device, in the event of a detected attempt to establish a connection, determines if the WebSocket protocol is used for the attempt to establish a connection, if the WebSocket protocol is used for the attempt to establish a connection, checks, for the URI of the attempt to establish a connection, and if the URI may be used to establish a connection, and if the result of the check is that the URI may not be used to establish a connection, ends the attempt to establish a connection. Also provided is a client device for displaying electronic documents, wherein the client device has an advertising blocker designed to implement the method described.

Abstract: An electronic device and method are disclosed. The electronic device includes: an input circuitry, a display, a camera, a communication circuitry, a processor operatively connected to the input circuitry, the display, the camera, and the communication circuitry, and a memory operatively connected to the processor. The processor implements the method, including display, on the display, one or more images depicting characters selectable as avatars, detect via the input circuitry a selection of a character as an avatar, set the selected character as the avatar, replacing an object included in an image captured by the camera, and display, on the display, one or more icons representing one or more packages including a first package associated with the selected character, based on identification information for the selected character.

Abstract: A chatbot in the context of a chat group messaging is described. The chat group can include a plurality of users and a chatbot. A set of rules can be defined for the users of the group granting each user a privilege status. The chatbot can receive a request through a message transmitted to the chat group. The chatbot can discern a task associated with the message, and perform the task or ask another module to perform the task. Once the task is performed, the chatbot can report the results to the chat group. The chatbot can include a conflict resolution module which can resolve conflicts. The conflict resolution module can use each user's privilege status to resolve the conflicts.

Abstract: A computer-implemented method, system, and non-transitory computer-readable medium may provide event attendees of a network-accessible calendar with a way to generate collaborative notes for a meeting related to an event. In some embodiments, a calendar entry in a network-accessible calendar may be identified. The calendar entry may correspond to an event and may identify the event attendees. A collaborative document that capable of receiving modifications to the event from the event attendees may be created. The event attendees may further be provided access to the collaborative document.

Abstract: Management instructions for a particular managed server within an administrative domain are generated according to an administrative domain-wide management policy that comprises a set of one or more rules. The administrative domain includes a plurality of managed servers. A determination is made regarding which rules within the set of rules are relevant to the particular managed server. Function-level instructions are generated based on the rules that were determined to be relevant. A determination is made regarding which managed servers within the plurality of managed servers are relevant to the particular managed server. The function-level instructions and information regarding the managed servers that were determined to be relevant are sent to the particular managed server.

Abstract: A communication apparatus receiving data included in a content from a transmitting apparatus by using a logical connection with the transmitting apparatus includes a notifying unit configured to notify the transmitting apparatus of information regarding an amount of data that the communication apparatus permits transmission of data using the logical connection from the transmitting apparatus to the communication apparatus, a receiving unit configured to receive data included in the content transmitted from the transmitting apparatus in response to the notification performed by the notifying unit, and a control unit configured to control so as to inhibit the notification by the notifying unit until the logical connection is disconnected in a case where the amount of data not received by the receiving unit of the data included in the content is smaller than a predetermined value.

Abstract: Implementations disclose a user interface that supports an access control mechanism for peer-to-peer sharing technology. An example method includes providing for display a user interface comprising a plurality of media items and a plurality of media availability indicators, wherein a portion of the user interface represents that an encrypted version of a media item of the plurality of media items and an encryption key for the encrypted version are being received over a peer-to-peer connection; updating a media availability indicator of the media availability indicators to represent that the encrypted version of the media item and the encryption key are saved; receiving an indication that the encrypted version of the media item is decrypted; and updating the media availability indicator to represent the media item is available to be experienced.

Abstract: A system includes at least one processor and processes an ETL job. The system analyzes a specification of the ETL job including one or more functional expressions to load data from one or more source data stores, process the data in memory, and store the processed data to one or more target data stores. One or more data flows are produced from the specification based on the one or more functional expressions. The one or more data flows utilize in-memory distributed data sets generated to accommodate parallel processing for loading and processing the data. The one or more data flows are optimized to assign operations to be performed on the one or more source data stores. The optimized data flows are executed to load the data to the one or more target data stores in accordance with the specification. Present invention embodiments further include methods and computer program products.

Abstract: Systems and methods using a network of wearable devices to support secure payment for a user are described. The network of wearable devices may include a wearable secure unit including a first short-range transceiver, a wearable sensory unit including a second short-range transceiver, and a wearable communication unit including a third short-range transceiver and a long-range transceiver. The systems and methods may include receiving a transaction request from a merchant device. Thereafter, the systems and methods may obtain information from the wearable secure unit configured to provide an environment in which processes and data are securely stored and executed. The systems and methods may also obtain information from the wearable sensory unit configured to capture and compare biometrics of the user with a stored profile. Based on the obtained information, the systems and methods may instruct the wearable communication unit to transmit to the merchant device user authentication data.

Abstract: The present disclosure relates to a method of obtaining at least one Key Performance Indicator (KPI) for a communication session (11) of a radio device (2). The communication session is moved from a first Radio Access Technology (RAT) (3a) to a second RAT (3b). The method comprises extracting first information about the communication session from at least a first log associated with the first RAT by filtering information relating to communication sessions which have moved between RATs from other communication sessions in the first log. The first information comprises a session identifier (ID) and a first time stamp associated with the communication session. The method also comprises extracting second information about the communication session from a second log associated with the second RAT by filtering information relating to communication sessions which have moved between RATs from other communication sessions in the second log.

Abstract: A customer utilizes an interface provided by a virtual computer system service to provision a virtual machine instance and join this instance to a directory. The interface may have previously obtained the domain name and the Internet Protocol addresses for one or more directories available to the customer for joining the virtual machine instance. The virtual computer system service may communicate with a managed directory service to obtain a set of temporary credentials that may be used to transmit a request to the directory to allow joining of the virtual machine instance. Upon provisioning of the instance, an agent operating within the instance may be configured to obtain the domain name and Internet Protocol addresses for the directory to establish a connection with the directory. The agent may also be configured to obtain the set of temporary credentials to transmit a request to the directory for joining of the instance.

Abstract: The solution distributes the management of stream segments from a central storage cluster to different edge servers that upload stream segments to and receive stream segments from the central storage cluster. Each edge server tracks the stream segments it has uploaded to the central storage cluster as well as the expiration times for those segments. The tracking is performed without a database using a log file and file system arrangement. First-tier directories are created in the file system for different expiration intervals. Entries under the first-tier directories track individual segments that expire within the expiration interval of the first-tier directory with the file system entries being files or a combination of subdirectories and files. Upon identifying expired stream segments, the edge servers instruct the central storage cluster to delete those stream segments. This removes the management overhead from the central storage cluster and implements the distributed management without a database.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized-identifier creation. One of the methods includes: receiving a request for obtaining a decentralized identifier (DID), wherein the request comprises an account identifier; obtaining, in response to receiving the request, a public key of a cryptographic key pair; obtaining the DID based on the public key; and storing a mapping relationship between the account identifier and the obtained DID.

Abstract: Techniques for implementing a storage system using a personal user device and a data distribution device are disclosed. A personal user device stores a particular content item and transmits the particular content item to a data distribution device for storage. A client device transmits a request for the particular content item to the personal user device. The personal user device determines a characteristic associated with the personal user device, the data distribution device, the client device, and/or the particular content item. Based on the characteristic, the personal user device determines whether to serve the particular content item, or to redirect the client device to the data distribution device to obtain the particular content item. If the client device is redirected, then the client device transmits a request for the particular content item to the data distribution device. The data distribution device transmits the particular content item to the client device.

Abstract: A method, computer program product, and computing system for locally processing a plurality of data files stored on a local data storage system to identify an archivable file for storage on a remote data storage system. A remote tiering appliance is enabled to obtain the archivable file, wherein the remote tiering appliance stores the archivable file at a defined remote address on the remote data storage system. An identifier is received from the remote tiering appliance that locates the archivable file at the defined remote address on the remote data storage system. The identifier is stored on the local data storage system.

Abstract: An embodiment of a mass storage apparatus may include first non-volatile media, second non-volatile media which provides a relatively larger write granularity as compared to the first non-volatile media, and logic communicatively coupled to the first and second non-volatile media to direct an access request to one of the first non-volatile media and the second non-volatile media based on an indication from an operating system. An embodiment of a host computing apparatus may include a processor, memory communicatively coupled to the processor, and logic communicatively coupled to the processor to provide an indication for a file system-related access request to a mass storage device based on a granularity size for the file system-related access request. Other embodiments are disclosed and claimed.

Abstract: Methods and devices for searching and aggregating data in a distributed cloud computing environment are provided. In some embodiments, a request from a client to perform a data transaction is received by a first server. The first server simultaneously spawns a plurality of threads, each thread sending to a different server of a plurality of servers the request to perform the data transaction. A response indicating whether the data transaction was performed by the server is received by the first server and from each server of the plurality of servers. In response to an indication that the data transaction was performed by one or more servers of the plurality of servers and when the data transaction is a get transaction: data corresponding to the data transaction is received by the first server and from the one more servers, the data received from the one or more servers is aggregated by the first server to form combined data, and the first server sends the combined data to the client.

Abstract: Generating streaming decisions at one or more remote servers on behalf of a local client is disclosed. An indication of a content request, multi-dimensional client information, and local state information are received from a client device. A record specific to the client device is generated, in a data store, using the received local state information. The data store includes a plurality of records corresponding to respective different client devices. A set of instructions usable by the client device to obtain and play content is determined based at least in part the local state information received from the client device. The determined set of instructions is transmitted to the client device.

Abstract: Aspects of the present disclosure relate to managing a collaborated environment. A set of editing rules are configured for a shared document. A first edit is received at a first time at a first location of the shared document. A second edit is received at a second time at the first location of the shared document which attempts to overwrite a portion of the first edit. A determination is made whether at least one editing rule of the set of editing rules is violated. In response to determining that at least one editing rule of the set of editing rules is violated, an alert action can be issued to a user associated with the second edit.

Abstract: To reduce the load of processing for ensuring the completeness of data. A client apparatus acquires multiple pieces of data indicating a physical amount detected by a sensor. The client apparatus transmits, to a server apparatus, a data set (section) including a data string (multiple units) indicating a portion of the received multiple pieces of data, and first information (unit count) indicating the number of the pieces of data included in the data string. The server apparatus receives the data set from the client apparatus. The server apparatus processes the received data set. The client apparatus re-transmits the data set to the server apparatus if a condition that the number of the pieces of data included in the data set received by the server apparatus and the number of the pieces of data indicated by the first information are different is satisfied.

Abstract: A system includes a networked device configured to generate a fingerprint data, a first server configured to generate content identification data based on the fingerprint data, and a second server configured to: match the content identification data generated through the first server to an identification data of the networked device, and match the identification data of the networked device to an identification data of a user.

Abstract: A communication network includes a low integrity device, a high integrity device, a communication bus communicably coupling the low integrity device and the high integrity device together, and a communication guard inserted in-line along the communication bus. The communication guard includes a filter configured to store one or more rules defining at least one of a rate, a size, or a content type that is permissible for data transmissions from the low integrity device to the high integrity device; receive a respective data transmission from the low integrity device; evaluate characteristics of the respective data transmission relative to the one or more rules; and prevent the respective data transmission from passing through the communication guard to the high integrity device in response to the characteristics of the respective data transmission failing to comply with at least one of the one or more rules.