Abstract: Directing a content player to a content source is disclosed. A first manifest request from a client requesting content is received at a server. The manifest request includes information generated as a result of the client contacting a content management system and in response, receiving from the content management system information associated with the client and a direction to the server. Based at least in part on the received information, at least one of a bitrate and a content source is determined. Instructions are sent to the client based at least in part on the determination. The client is configured to obtain the requested content according to the instructions.

Abstract: A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information.

Abstract: The invention described herein is directed to a secure text messaging and object sharing mobile application that provides encryption, digital rights management (DRM) of the text and of the attachments, the capability of sending SMS, RCS, MMS, IM or blockchain communications, the capability of attaching documents, photos and so forth, the capability of interfacing with a user's contacts application, and that operates in both Android and iOS environments. The secure text messaging and object sharing mobile application connects to DRM cloud service, and also connects to second secure text messaging and object sharing mobile app thru a P2P network that provides SMS, RCS, MMS, IM, and/or Blockchain communications. The invention also includes systems and methods related to the same.

Abstract: A proxy server to retrieve a web address received from a client to a webserver is disclosed. The proxy server can include a reverse proxy server. The web address is converted into proxy address at the proxy server. The proxy address is wrapped into a wrapper domain with a wrapping frame.

Abstract: Systems and methods are disclosed herein for enabling multiple users' digital rights to be applied as needed to access media while those users are present to consume media. In particular, a media guidance application may receive a selection of a media asset and determine that the user equipment device does not allow access to the media asset. In response, the media guidance application may identify all the users consuming content from that user equipment device and retrieve digital rights for each user. The media guidance application may compare the digital rights of each user with digital rights required to access the media asset. The media guidance application may, based on the comparison, identify a set of digital rights (e.g., for another user present) that enable access to the media asset, and use those digital rights to access the media asset for consumption.

Abstract: Methods, non-transitory computer readable media, session director apparatuses, and network traffic management systems that facilitate packet data network (PDN) service slicing with microsegmentation in an evolved packet core are disclosed. With this technology, a create session request (CSR) general packet radio service (GPRS) tunneling protocol (GTP) control (GTP-c) message is intercepted. A lookup key is then determined based on content of the intercepted CSR GTP-c message. A PDN gateway (PGW) identifier for a PGW is obtained using a slice name obtained using the lookup key. The intercepted CSR GTP-c message is modified to include the obtained PGW identifier. Subsequently, the modified CSR GTP-c message is steered based on the obtained PGW identifier, such as directly to the PGW or to a serving gateway (SGW) module associated with the PGW.

Abstract: In a computer network that has a plurality of nodes, a measure of trustworthiness for a particular node can be updated by other nodes that monitor the particular node's behavior. This includes collecting trustworthiness reports from the other nodes; updating the particular node's trustworthiness level based on the reports; and causing the particular node to route data in the computer network based on its trustworthiness level. The particular node's role in performing at least one of a set of functions is based on a hierarchy of trustworthiness levels, wherein the functions can include monitoring other nodes; sending alerts when anomalous behavior is detected; transmitting a free-antibody software program to a requesting node; updating defensive programs; participating in consensus-based threat analysis with other nodes; identifying threats; tagging suspicious nodes; and performing countermeasures against identified threats.

Abstract: A security risk management system (305) of the present disclosure includes a server (310) and an agent unit (320) included in a terminal. The server (310) transmits vulnerability information to the agent unit (320) before the release date and time of the vulnerability information. The agent unit (320) investigates the presence or absence of vulnerabilities in the terminal based on information regarding a method for vulnerability investigation contained in the vulnerability information, and transmits vulnerability investigation results containing the investigation results to the server (310) before the release date and time of the vulnerability information. The server (310) presents the vulnerability information and the vulnerability investigation results on or after the release date and time of the vulnerability information.

Abstract: In various embodiments, an apparatus, a non-transitory computer-readable media, and a method are provided, involving a technique for: at a service node: receiving an indication of a receipt of a request that is transmitted by a first node via a domain name system (DNS) protocol, the request including an identifier for use in data traffic routing from the first node to a second node in a network; detecting the identifier included with the request; using the detected identifier, determining first path information that is configured for use in identifying one or more path segments that communicatively couple the first node to the second node; generating a response to the request, the response including the first path information; and transmitting the response so that the first path information is capable of being used in identifying at least one path segment in the one or more path segments for traffic data routing from the first node to the second node.

Abstract: A technique for facilitating registration of an internet domain name with the domain name system (DNS) is presented. The technique can include receiving a request to register an encoding domain name with the DNS, the encoding domain name including an indication of a temporal event and of a target domain name. The technique can also include registering the encoding domain name to a registrant, where the registering the encoding domain name confers to the registrant a right to register the target domain name upon specified conditions, where the specified conditions include an occurrence of the temporal event. The technique can also include receiving a request initiated by the registrant to register the target domain name, and registering the target domain name to the registrant after satisfaction of the specified conditions.

Abstract: Methods and systems for applying surveillance to client computers that communicate via proxy servers. A decoding system accepts communication packets from a communication network. Based on the received packets, the decoding system identifies that a certain client computer conducts a communication session with a target server via a proxy server. The decoding system processes the packets so as to correlate the identity of the client computer with the identity of the target server. The correlated identities may comprise, for example, Internet Protocol (IP) addresses or Uniform Resource Locators (URLs).

Abstract: Authenticating a client device coupled to an authenticator network device for a network. A service request is received from the client device at the authenticator network device. User credentials, including a user ID, a user key, and a nonce for a user are received at the authenticator network device. A token is generated using the received user credentials. The service request is modified to include the token and a user ID parameter that is the user ID to generate a modified service request. The modified service request is used to provide single sign-on access to a service that is the subject of the service request.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for decentralized-identifier creation. One of the methods includes: receiving a request for obtaining a decentralized identifier (DID), wherein the request comprises an account identifier; obtaining, in response to receiving the request, a public key of a cryptographic key pair; obtaining the DID based on the public key; and storing a mapping relationship between the account identifier and the obtained DID.

Abstract: Described herein is a method of enhancing the security of an internet transaction which includes the transmission of structurally formatted information, the method including the steps of: transmitting a request for the structurally formatted information across a network environment; receiving the request and sending a formulated response requiring calculation and decoding to determine the nature and content of the structurally formatted information; and receiving the structurally formatted information.

Abstract: Embodiments described herein provide systems and methods for sharing encoder output of video streams. In a particular embodiment, a method provides determining video profiles for each of a plurality of devices. The method further provides determining if two or more of the video profiles are similar by determining if parameters associated with each video profile differ by less than a threshold value. The method further provides transmitting a video stream encoded in a single format to the devices if they have similar profiles and transmitting video streams encoded in different formats to the devices if they do not have similar profiles.

Abstract: An electronic card reader testing system includes a robot assembly that is used to manipulate one or more credit cards, debit cards, gift cards, or similar electronic cards, and selectively swipe one of the electronic cards through a first slot of the electronic card reader and/or selectively insert (or “dip”) one of the electronic cards into the second slot of the electronic card reader. Operation of the robot assembly is managed by a control system. The testing system may also include a computer program that operably connects the control system of the robot assembly to a point-of-sale (POS) system, thus further automating the testing protocol.

Abstract: An example method comprises receiving, by at least one computing device, a first notification from a first mobile computing device and a second notification from a second mobile computing device. The method may further comprise determining, based at least in part on a comparison of the first notification to the second notification, that the first mobile computing device has initiated a phone call with the second mobile computing device. The method may additionally comprise responsive to determining that the first mobile computing device has initiated the phone call with the second mobile computing device, sending, a first message to the first mobile computing device using a first data connection, and sending, a second message to the second mobile computing using a second data connection, wherein the first message and the second messages each indicate that the first and second mobile computing devices are able to exchange application data.

Abstract: A control system includes one control unit connected to input/output units connected to an apparatus and another control unit capable of substituting for the one control unit. In the control system, the one control unit establishes connection to the input/output units. The control system includes a determination layer and a secure communication layer. The determination layer determines to establish connection between the other control unit and the input/output units when the connection between the one control unit and the input/output units is broken. The secure communication layer establishes connection between the other control unit and the input/output units in accordance with a result of the determination by the determination layer.

Abstract: A system includes an authentication server that executes authentication processing via one or more biometric authentication methods. The system detects, in response to a request for proxy work, authentication target data related to biometric information from data acquired at a location where the request for the proxy work is issued. The system executes additional authentication processing, by comparing feature data of biometric information corresponding to a proxy executor included in proxy setting and the detected authentication target data. The system manages a status of the proxy work to be executed in a case where the additional authentication processing is successful.

Abstract: User interfaces for managing defects are provided. A defect selection interface may include a set of defect items for selection by a user. The defect selection interface may include one or more first visuals indicating similarity of the set of defect items to other defect items. An issue selection interface may include a set of issue items for selection by the user. Individual issue items may include one or more defect items added to the individual issue items. A defect comparison interface may include a comparison of a defect item to an issue item. The defect comparison interface may include one or more second visuals indicating similarity of the defect item to the issue item. Based on the user's selection, the defect item may be added to the issue item.

Abstract: A method includes receiving, by a processing device of a monitoring node, an indication over a network that a virtual machine successfully migrated from a first host to a second host. The indication includes a virtual machine address of the virtual machine executing on the second host. The method also includes, responsive to the indication that the virtual machine successfully migrated from the first host to the second host, starting to monitor incoming packets of the monitoring node for an incoming packet that includes a source address field having the virtual machine address, and, upon determining, after a threshold period of time, that none of the incoming packets include the source address field having the virtual machine address, notifying a reporting node that the incoming packet was not received to facilitate performance of an action to reduce downtime of communication with the virtual machine over the network.

Abstract: The disclosed computer-implemented method for identifying subject-matter experts may include (i) collecting, by the computing device, a plurality of electronic messages transmitted within an organization, (ii) creating a message graph for the organization, (iii) extracting a plurality of topics from the plurality of electronic messages transmitted within the organization, (iv) annotating the message graph by correlating each topic within the plurality of topics with each edge of the message graph that represents an electronic message related to the topic, and (v) identifying, based on an analysis of the annotated message graph, at least one vertex that represents an expert on at least one topic from the plurality of topics. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: VPN data for building and maintaining VPNs through a public network is gathered. The VPN data is maintained, at a DNS server, as part of a DNS table. A portion of the VPN data is provided as part of a DNS view of the DNS table to a client device. A VPN mode indicating a manner to establish a VPN node for the client device through the public network is determined using the portion of the VPN data. When the client device is coupled to the public network the VPN node is established and maintained according to the VPN mode using the portion of the VPN data.

Abstract: Embodiments generally relate to finding a service in a service infrastructure. In some embodiments, a method includes receiving a service lookup request, where the service lookup request includes an application program interface (API) specification for a service to be invoked, where the API specification defines at least one target input parameter and at least one target output parameter. The method further includes searching for at least one service that has an API specification that corresponds to the API specification included in the service lookup request. The method further includes determining a sequence of services if no service is found that has an API specification that corresponds to the API specification included in the service lookup request, where services of the sequence of services include API specifications that, in combination, correspond to the API specification included in the service lookup request; and invoking the services of the sequence of services.

Abstract: Aspects of the present disclosure concern automated volume reconfiguration for volumes assigned to a virtual machine (VM). Properties of a volume controller with respect to a set of input/output (I/O nodes) used to transmit a set of volumes to the VM are analyzed, wherein each volume of the set of volumes is mapped to an I/O node of the set of I/O nodes. Based on the analysis, a reconfiguration action is determined, wherein the reconfiguration action includes migrating at least one volume of the set of volumes to a different I/O node of the set of I/O nodes. The reconfiguration action is then executed.

Abstract: Providing authorization and authentication in a cloud for a user of a storage array includes: receiving, by a storage array access module from a client-side array services module, a token representing authentication of user credentials and authorized access privileges defining one or more storage array services accessible by the user, where the token is generated by a cloud-based security module upon authentication of the user credentials and identification of authorized access privileges for the user; receiving, by the storage array access module from the user, a user access request to one or more storage array services; and determining, by the storage array access module, whether to grant the user access request in dependence upon the authorized access privileges represented by the token.

Abstract: In general, the technology relates to a method for using reusable themes. The method includes receiving, from a device, a request for a style sheet language file, where the style sheet language file defines a reusable theme for a webpage and specifies a relative location for an image that is used by the reusable theme. The method further includes receiving a request for the image including the relative location of the image, resolving the relative location for the image to obtain an absolute location for the image using a location of the style sheet language file in a web application structure, obtaining the image from the absolute location of the image, and providing the image to the device.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to allow for the mitigation of ransomware. For example, the system can determine that an application begins to execute, determine that the application attempts to modify a file, determine a file type for the file, and create a security event if the application is not authorized to modify the file type. In another example, the system determines an entropy value between the file and the attempted modification of the file, and create a security event if the entropy value satisfies a threshold or determine a system entropy value that includes a rate at which other files on the system are being modified by the application, and create a security event if the system entropy value satisfies a threshold.

Abstract: Users of client devices can take any number of actions using applications of an application system to achieve an outcome. A monitoring system aggregates the interactions into a user interaction path. Over time, the monitoring system generates a large number of user interaction paths. The monitoring system analyzes the user interaction paths for correlation between interactions and outcomes. The monitoring system can correlate user interaction paths to generated interactions of a system interaction path. The monitoring system determines a correlation between interactions and outcomes by calculating a success factor based on an efficiency score and a prevalence score. The success factor is a measure correlation between a particular interaction of the application system and an outcome, the prevalence score is a measure of how often a particular interaction occurs, and the efficiency score is a measure of the application system performance for a particular interaction.

Abstract: In one embodiment, a computer server running a social networking application aggregates raw local area network (LAN) traffic data received from one or more listening nodes in one or more LANs. The aggregated LAN traffic data is comprised of multiple entries, each of which includes a MAC address for a networked device, as well as an association between each MAC address and a user of a social networking system. The computer server may then detect, identify, and qualify recurring patterns when a particular user is on the same LAN as other users of the social networking system. Based upon the qualified patterns, the social networking system may suggest friend connections or other interactions on the social networking system to the particular user.

Abstract: A computer system for managing network communication protocols comprises computer-executable instructions that configure the computer system to receive a dataset of information for network-based analytic elements. The dataset can comprise information received by a network-based destination of the analytic elements. The analytic elements may have been executed within a network-connected software application. The system can also be configured to identify a pattern within the dataset of information. Based upon the identified pattern, the system can create an analytic element rule that is configured to describe the identified pattern on at least a subset of network-based analytic elements that are executable within the network-connected software application. Additionally, the system can be configured to store, within a digital database, the analytic element rule, wherein the digital database comprises a set of analytic element rules for managing analytic elements within the network-connected software application.

Abstract: Systems, methods, computer readable media and articles of manufacture consistent with innovations herein are directed to computer virtualization, computer security and/or hypervisor fingerprinting. According to some illustrative implementations, innovations herein may utilize and/or involve a separation kernel hypervisor which may include the use of a guest operating system virtual machine protection domain, a virtualization assistance layer, and/or a CPU ID instruction handler (which may be proximate in temporal and/or spatial locality to malicious code, but isolated from it). The CPU ID instruction handler may perform processing, inter alia, to return configurable values different from the actual values for the physical hardware. The virtualization assistance layer may further contain virtual devices, which when probed by guest operating system code, return the same values as their physical counterparts.

Abstract: Various methods for generating a content corpus populated with content related to a particular geographic area are provided herein. One example method comprises, for each document in an initial local content corpus, applying a first set of heuristic filters to the raw content of each document, identifying at least a second term, applying a second set of heuristic filters to the raw content of each document, the second set of heuristic filters associated with the second term, iteratively performing the identification of additional terms and application of an additional set of heuristic filters associated with the additional terms until each identifiable term is extracted, determining a level on a geographic containment hierarchy indicative of a location to which each document from the set of documents is local, and for each place in a gazette, and for each document, determining a set of points in polygons indicative of its locality.

Abstract: Technologies for establishing device locality are disclosed. A processor in a computing device generates an identifier distinct to the computing device. The processor transmits the identifier to a management controller via a hardware bus in the computing device. The processor generates a key and encrypts the key with the identifier to generate a wrapped key. The processor transmits the wrapped key to the management controller. In turn, the management controller unwraps the key using the identifier. Other embodiments are described and claimed.

Abstract: Systems and methods using a network of wearable devices to support secure payment for a user are described. The network of wearable devices may include a wearable secure unit including a first short-range transceiver, a wearable sensory unit including a second short-range transceiver, and a wearable communication unit including a third short-range transceiver and a long-range transceiver. The systems and methods may include receiving a transaction request from a merchant device. Thereafter, the systems and methods may obtain information from the wearable secure unit configured to provide an environment in which processes and data are securely stored and executed. The systems and methods may also obtain information from the wearable sensory unit configured to capture and compare biometrics of the user with a stored profile. Based on the obtained information, the systems and methods may instruct the wearable communication unit to transmit to the merchant device user authentication data.

Abstract: The present disclosure describes implementation of network virtualization based on modular quality of service control (MQC) in a data center network. In one example, a command originating from a tenant of a VDC is received by a network management server, the command being associated with network resource processing based on MQC. Based on a network resource configuration for the VDC, the received command is processed on a network virtualization layer of the network management server such that only processing associated with the VDC of the tenant is performed.

Abstract: A web server is provided. The web server includes a communication part for receiving an HTTP request from an entity connected by network and communicating with at least one WAS; and a processor for performing at least one of (i) a process of transmitting the HTTP request received from the entity to a specific WAS selected among the at least one WAS and then receiving information on an HTTP session corresponding to the specific WAS from the specific WAS when receiving an HTTP response from the specific WAS in response to the HTTP request, thereby retaining the information on the HTTP session and (ii) a process of transmitting a PING signal and then receiving the information on the HTTP session corresponding to the specific WAS from the specific WAS when receiving a PONG signal in response to the PING signal, thereby retaining the information on the HTTP session.

Abstract: A method and apparatus for enabling dynamic reroute in a redundant system is provided. A network device is operative to determine whether a state of a link that couples the first network device with a third network device is active. In response to determining that the state of the link is active causing a payload of a packet to be forwarded towards the third network device through the second network interface of the first network device based on a second IP address; and responsive to determining that the state of the link is not active causing the second payload to be forwarded towards the third network device through a third network interface of the second network device based on the second IP address.

Abstract: Methods and systems are provided for making a pre-payment. In some embodiments, a user is provided with a mobile wallet; information populating at least one payment instrument to the mobile wallet is received; information that the mobile wallet is usable with respect to the vehicle is received; information that the mobile wallet has been presented by the vehicle to a payment location is received; an authorized pre-payment corresponding to items or an amount associated with the payment location is received; a token is received from the user at the payment location; and the pre-payment is settled using the payment instrument.

Abstract: A communication apparatus 1 is provided with a first communication interface 11, second communication interfaces 12 connected to a plurality of access routers 3 connected to an Internet 6, and a route determination unit which, for a packet being communicated from the first communication interface 11 to the second communication interfaces 12, determines the second communication interface 12 in accordance with an elapsed time since connecting start of a connection with a destination of the packet. Connections having started within a predetermined time are treated as connections constituting one user session. Therefore, connections constituting the same user session can be communicated via the same access router without the need of analyzing a protocol of a layer.

Abstract: In general, embodiments of the invention relate managing the interaction of applications with one or more file systems and/or data managed by the file systems. More specifically, embodiments of the invention relate to providing applications with access to an overlay file system (OFS) and then servicing OFS operations using a file system module and one or more underlay file systems (UFSes) that are not directly accessible to the applications.

Abstract: A policy enforcement technique may be performed at a network node configured for exposure of services and capabilities, such as a service and capability exposure function (SCEF) or a network exposure function (NEF). In one illustrative example, the network node may receive a message which includes a request for background data transfer from an application server (AS) to a plurality of UEs of a group. The message may include mobile-terminated (MT) data to be delivered, a group ID associated with the group, a total bandwidth for the background data transfer for the group, and a transfer policy ID associated with a transfer policy. The network node may verify whether the total bandwidth for the background data transfer for the group is within a predefined aggregate bandwidth limit indicated in the transfer policy data. The network node may cause the background data to be sent to each one of the plurality of UEs via the mobile network, if the total bandwidth is within the predefined aggregate bandwidth limit.

Abstract: An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria includes a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server.

Abstract: A computer-implemented method and an interactive computer system has a user interface with computer software application tool(s) for retirement planning purposes. The user interface is generally referred to herein as an income dashboard.

Abstract: Sending data on a network based on limiting the propagation of data based on a distance between a sender of the data and one or more receivers of the data. A method includes determining a maximum distance that a message should travel in a network from a sender to a receiver. The method further includes configuring a distance property or distance proxy property conforming with the determined distance. The method further includes sending the message by transmitting the message in a fashion that causes the message to be carried on the network in compliance with the configured distance property or distance proxy property.

Abstract: A system and method for facilitating directory limit based storage scheme for uploading media segments in multiple directories at one or more media servers. Directory limit parametric information may be provided or otherwise configured in an upload profile of a packager node to construct URLs based on the directory parametric information for identifying locations in a directory tree structure that may be configured to map to a variety of physical and/or virtual storage schemes.

Abstract: The present invention determines which network devices are likely to have a positive result in engagements with terminal devices. A server can obtain data about network devices with respect to the communication session with a network site. Then the server can use rules to define a set of network devices that are eligible to interact or communicate with a terminal device. The server can connect to the network devices as randomly as possible. Terminal devices can initiate engagements with network devices. The server can detect characteristics in the interaction of engagements that have positive results. The server generates an evaluation protocol based on the characteristics, to assign new network devices a parameter representing how close the new network device conforms to the evaluation protocol. The parameter is used by the system in real-time to inform terminal devices as to which network devices to connect to and in what order.

Abstract: Various embodiments for data management across a network by a processor. Data characteristics are analyzed through the network, incorporating an analysis of traffic and utilization of the data in the network, and inclusive of data operations resulting in at least a portion of the data reaching an endpoint in a network topology. Based on the analysis of the data characteristics, the portion of the data is pre-seeded forward to a location closer to the endpoint in the network topology than a previously stored location, such that when the portion of the data is requested through the endpoint, movement of the portion of the data to the endpoint encumbers fewer resources of the network.

Abstract: Systems for delivering one or more studies, where each of the one or more studies has a series of digital images associated with only one person and generated by an imaging modality, is disclosed. The systems include a syncing application that is configured to execute within a local area network and that is in data communication with imaging modalities and/or computing devices configured to display images generated by each of the imaging modalities. The systems also include a server adapted to be external to the local area network and in data communication with the syncing application and a client-side viewing application installed on one or more of the computing devices. The client-side viewing application is configured to acquire the studies, including unrendered data representative of the digital images of the series, locally render the unrendered data, and enable a user to manipulate the digital images.

Abstract: A method, an apparatus, and a computer program product for accessing electronic medical records are provided in which a portable computing device uniquely associated with a user authenticates an identification of the user and automatically retrieves information corresponding to the user from electronic healthcare records systems using the identification. The retrieved information may be combined with other information and electronically delivered to a healthcare provider.