Abstract: A detection device runs a first sample file in a first virtual operating environment, when the first sample file sends a first Hypertext Transfer Protocol (HTTP) request to a server, the detection device obtains an identifier of the first sample file and a first data flow identifier correspondingly from the first HTTP request. The detection device obtains a second data flow identifier and a second sample file carried in subsequently transmitted data flow. If the second data flow identifier is the same as the first data flow identifier in the correspondence, the detection device determines that the second sample file is a subsample file of the first sample file, detects the second sample file to obtain a detection result of the second sample file, and determines, based on the detection result of the second sample file, that the first sample file is a malicious file.

Abstract: Establishing online social communications for enterprises whilst beneficial to them in terms of revenue, customer retention etc. require skills and time, both of which the enterprises personnel do not possess. The inventors have established an inventive turn-key software application that allows an enterprise to create invitation only private groups on mobile device platforms and monetize aspects of this online private group through direct payments to the club owner. An individual, a group, a society, a business or enterprise irrespective of whether they are active on other social networks can exploit the inventive turn-key software application augmenting their business with clear visibility of the return on investment. As such the inventive turn-key software application provides an effective “one-stop shop” for those looking to establish and build their brand on mobile technology.

Abstract: A scalable EBOF storage system identifies its storage devices and external physical interfaces, and respective public IP addresses assigned to each external physical interface. The scalable EBOF storage system assigns a respective private IP address to each storage device, private port identifier(s) to the storage devices, and respective public port identifier(s) to each storage device.

Abstract: A communication system is provided, the communication system including an authenticating unit that authenticates a plurality of communication terminals based on a single user ID, and keeps the plurality of communication terminals logged into an information providing service. A storing unit that stores therein provider registration information including a plurality of pieces of provider information that indicate providers of respective pieces of data being displayed on each communication terminal among the plurality of communication terminals. A receiving unit receives designation information that designates the provider registration information. A transmitting unit transmits each piece among the plurality of pieces of provider information to each communication terminal among the plurality of communication terminals so as to cause each communication terminal among the plurality of communication terminals to display data provided by a provider indicated by a plurality of pieces of provider information.

Abstract: An example method facilitates authenticating a client-side program, such as a spreadsheet, for access to and use of protected server-side data and/or functionality provided via a web service, such as a REpresentational State Transfer (REST) service or Application Programming Interface (API). The example method uses an add-in or plugin to the spreadsheet (which may run on a mobile device, desktop computer, other client system) to interrogate, negotiate with, or otherwise test or poll the web service to be accessed, so as to determine an authentication method used by the web service when authenticating clients; and to implement an authentication flow in accordance with the authentication method, thereby facilitating authentication of the spreadsheet for interaction with the web service in accordance with permissions associated with the authenticated client software, i.e., spreadsheet.

Abstract: The various implementations described herein include methods and devices for preventing unauthorized access to files and networks. In one aspect, a method includes installing a first application at a computing device, the first application designated as writing to user files. Installing the first application includes: (i) storing application data files for the first application within a first portion of the memory, where files stored in the first portion are designated as read-only for the first application; and (ii) allocating a second portion of the memory for user data files to be used by the first application. The method further includes installing a second application at the computing device, the second application designated as writing to application data files. Installing the second application includes: (i) allocating a third portion of the memory for prototype writable application data files; and (ii) allocating a fourth portion of the memory for network-based data access.

Abstract: A system and methods for detecting and mitigating golden SAML attacks against federated services is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to create a security cookie for each valid authentication session; wherein subsequent access requests accompanied by authentication objects are validated by checking for a valid security cookie.

Abstract: A system for detecting and mitigating attacks using forged authentication objects within a domain is provided, comprising an authentication object inspector configured to observe a new authentication object generated by an identity provider, and retrieve the new authentication object; and a hashing engine configured to retrieve the new authentication object from the authentication object inspector, calculate a cryptographic hash for the new authentication object, and store the cryptographic hash for the new authentication object in a data store; wherein subsequent access requests accompanied by authentication objects are validated by comparing hashes for each authentication object to previous generated hashes.

Abstract: Systems and methods may provide for receiving web content and determining a trust level associated with the web content. Additionally, the web content may be mapped to an execution environment based at least in part on the trust level. In one example, the web content is stored to a trust level specific data container.

Abstract: Systems and methods for securely accessing a legacy system are disclosed herein. In an embodiment, a method for securely accessing a legacy system via an enterprise system includes requesting issuance of a security token by an STS server of a security token service, causing, by an enterprise server of an enterprise system, association of a first user account with the security token upon reception of the security token, communicating the security token to an access server of a legacy access provider for authentication of the security token, enabling creation of a second user account after the legacy access provider authenticates the security token, accessing a legacy server of a legacy system via the first user account and the second user account, and causing at least the second user account to be deleted after a single use of the legacy system.

Abstract: An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server.

Abstract: A method includes a processor in a trusted domain receiving a first request having a plurality of messages for a device in an untrusted domain. The processor assigns a memory location having data segments and status segments. The memory location is accessible by an untrusted side interface card. The processor transmits a first message to a first data segment. The processor receives a first value associated with the first message from a first status segment. The processor determines whether the first value indicates that the first message has been received and stores a first representation of a successful data transmission. The processor transmits a second message to a second data segment. The processor retrieves a second value from the second status segment. The processor determines whether the second value indicates that the second message has been received and stores a second representation of the successful data transmission.

Abstract: A computer-implemented method for protecting a user data repository (UDR) from over-accumulation of subscription requests in a subscriber profile of a subscriber of a 5G network may include receiving, from a network node on the 5G network, a new subscription request requesting a notification of status changes associated with the subscriber profile, retrieving the subscription profile from the UDR, and determining a number of preexisting subscription requests associated with a network function (NF) instance identification (ID) of the network node in the subscriber profile. If the number of preexisting subscription requests in the subscriber profile is equal to or greater than a predetermined value (X), the computer-implemented method may further include deleting at least one of the preexisting subscription requests from the subscriber profile and writing the new subscription request to the subscriber profile at the UDR.

Abstract: A terminal includes a display screen with an irregular shape and a front panel component disposed on a same layer as the display screen. The display screen includes a target region and a main display region. The display region is a complete rectangular region on the display screen. The target region is an irregular region other than the main display region on the display screen. A gap formed by the irregular region is a reserved region, and the front panel component is disposed in the reserved region.

Abstract: A method of aggregating displays of performances into an aggregate site on a network is provided. The aggregated performances originate from at least one performance site on a network. The method includes the steps of selecting a performance criterion; observing at least one performance originating from at least one performance site on a network, the performance being associated with a link; determining when at least one performance meets the performance criterion; establishing an aggregation link to the link associated with the performance meeting the performance criterion; and providing the aggregation link to an aggregate site on a network such that the performance is accessible on the aggregate site.

Abstract: A resource orchestration entity is arranged to obtain an information element of service availability level in at least one descriptor for defining the service availability level requirements of the service flow from a network service (NS) management entity, and provide the information element of service availability level together with an identification reference in a NS to a resource management entity for assigning resources comprising network function nodes and their inter-connections in virtual network laying on the network hardware comprising networking nodes when instantiating the NS comprising service flows in the NS chain.

Abstract: A computer-implemented method for providing customer registration information for a customer in a cellular network. The method comprises receiving a request for customer registration information from a requesting entity. The method includes providing login credentials associated with the requesting entity to a control node, and querying the control node for customer registration information. The method includes receiving customer registration information in response to the query and parsing the received customer registration information. The method includes converting the received customer registration information to an API response and transmitting the converted customer registration information to the requesting entity.

Abstract: Aspects of the present disclosure involve a system comprising a computer-readable storage medium storing a program and method for password protecting selected message content. The program and method provide for receiving selection of a content item shared between a first user and a second user, in association with a messaging application; receiving input indicating that access to the content item requires user authentication by the first user or the second user; and providing for access to the content item based on the user selection and the input.

Abstract: The present invention discloses methods and systems for sending information packets from a first network node to a second network node. An aggregated tunnel is established between the first network node and the second network node. An information packet is determined whether to be sent according to profile condition(s) of the aggregated tunnel and then according to a selected policy. When a selected policy is selected and the information packet is sent through a tunnel according to the selected policy. When no policy is selected, the information packet is sent through one of a first group of tunnels. When no profile is selected, the information packet is sent through a network interface of the first network node.

Abstract: Provided is an information provision system which determines preference of a user based on a dialogue with the user utilizing an Internet shopping site and determines a recommended commodity based on the determined preference. An information provision server in an information provision system receives utterance (input) by a user utilizing an Internet shopping site via a user terminal and provides a response thereto onto the user terminal, thereby performing control so as to have a conversation with the user. Further, based on the input by the user and user attributes, the information provision server determines a user type of the user and when a recommended commodity is presented to the user, determines the recommended commodity from among commodities purchased by other user whose user type is the same as the user type of the user.

Abstract: A method and system for verifying that a user is the owner of a digital listing that is associated with a WiFi Access Point. The user claims ownership of the WiFi Access Point that is associated with a digital listing of an entity/item/place/business so that he online service provider can verify and register the user as owner of the WiFi Access Point. Once verified, the user owns the WiFi Access Point and its related digital listing and configures the listing. The system includes an item information system receiving the WiFi Access Point data and associated item data, and storing the WiFi Access Point data and the item data, an owner registration and transfer system receiving owner registration data and ownership change requests and storing the ownership history, and an authentication system receiving authentication requests and generating a response based upon the information stored in the system or a connected system.

Abstract: The present disclosure relates to method and a system for monitoring application services in network. The system comprises ASM client and ASM server. The ASM client is configured in UE to monitor parameters related to applications in UE. The ASM server monitors VAL server based on parameters associated with VAL server. The ASM server obtain status information of VAL server by performing either pull procedure, push procedure, and subscribe-notify procedure. Further, the ASM server provides the status information to one or more entities for performing one or more actions. Thus, the present disclosure facilitates the system to monitor the application services and indicate one or more entities to perform corrective actions to provide seamless and uninterrupted services to users.

Abstract: Systems and methods are provided for authentication chaining and firewall optimization in a micro branch deployment comprising a plurality of chained access points (APs) and a gateway AP. A topology of the micro branch deployment may be determined through enhanced hierarchical beaconing. Based on the determined topology, an authentication chain is developed through which a client device associated to an AP of the plurality of chained APs may be authenticated and granted access to the AP. Upon authentication of the client device, firewall optimization is performed to implement access control rules only at the AP to which the client device is associated.

Abstract: Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that enable performing format-dynamic string processing in a group-based communication system.

Abstract: Methods and systems for providing vendor agnostic captive portal authentication in a network that includes a plurality of network access devices are provided. For instance, one method includes receiving a redirect request for a communication between a first user-terminal and a first network access device, the redirect request including at least one of a vendor-specific item of information of the first network access device and an Internet Protocol (IP) address of the first network access device. The method further includes comparing the at least one of the vendor-specific item of information of the first network access device and the IP address of the first network access device against each of a plurality of entries of a network access device database, and providing the first user-terminal access to a captive portal page in response to an appropriate match.

Abstract: Techniques directed to utilizing networked devices to enhance user experience are described. In an example, sensor data received from sensor(s) associated with a facility can be used to determine a presence of a user equipment (UE) within or proximate to the facility. Based at least in part on the sensor data, an account associated with the UE can be accessed. Based at least in part on account data associated with the account, a distribution of network technology can be modified to temporarily enable the UE to access a service that is not otherwise available to at least one other UE within or proximate to the facility.

Abstract: Techniques are disclosed for session-based routing within Open Systems Interconnection (OSI) Model Layer-2 (L2) networks extended over Layer-3 (L3) networks. In one example, L2 networks connect a first client device to a first router and a second client device to a second router. An L3 network connects the first and second routers. The first router receives, from the first client device, an non-session-based L2 frame destined for the second client device. The first router forms an L3 packet comprising an L3 header specifying L3 addresses of the first and second routers and a protocol selected based on an L3 service for the L2 frame, a payload comprising the L2 frame, and metadata comprising a session identifier distinctly identifying the L2 frame, and forwards the L3 packet to the second router. The second router recovers the L2 frame from the payload and forwards the L2 frame to the second client device.

Abstract: Streaming content protocols typically provide playlists, a file that lists the location of each segment of a content stream. The playlist may change as the content server adds content to the content stream or because the length of the content stream continues to grow. Client devices periodically fetch the playlist, and are unaware whether the playlist has changed, and thus may needlessly use bandwidth repeatedly fetching the same playlist. Throttling content download o provides systems and methods for controlling the download of streaming content-related data according to the current status of the playlist and possibly also current bandwidth availability. Content server, by monitoring client device related playlist position and client device content buffer can regulate content streaming, to improve network bandwidth distribution. A content server determines whether the playlist has changed since the last time the playlist was requested and denies a request for the playlist when the playlist has not changed.

Abstract: A system includes a memory and at least one processor to receive a registration request from a first client computing device and send a response to the registration request to the first client computing device, receive a registration request from a second client computing device and send a response to the registration request to the second client computing device, receive a calendar invitation to share calendars from the first client computing device and send information associated with the calendar invitation to the second client computing device, and receive an automated calendar comparison request comprising a list of users, a period of time, and a time frame, determine a list of open times based on the list of users, the period of time, and the time frame, and transmit the list of open times.

Abstract: Techniques for dynamic per subscriber policy enablement for security platforms within service provider network environments are disclosed. In some embodiments, a system/process/computer program product for dynamic per subscriber policy enablement for security platforms within service provider network environments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber with a new IP flow; associating the subscriber with the new IP flow at the security platform; and determining a security policy to apply at the security platform to the new IP flow based on the subscriber.

Abstract: The system, method, and computer program product described herein provide ways to modify a user interface when a performance of the user interface degrades due to lack of resources including presenting the user interface to a user that includes a first element that requires an allocation of a first amount of resources of a server to perform a function, determining that a performance of the user interface has degraded below a threshold amount, in response to determining that the performance has degraded, identifying a second element that requires an allocation of a second amount of resources of the server to perform the function where the second amount of resources is smaller than the first amount of resources, and replacing the first element with the second element to reduce the required amount of resources that are allocated by the server to the user interface.

Abstract: A mobile gateway may provide access to one or more networks based on a variety of configurable parameters, constraints, etc. A Mobile Gateway Management System (“MGMS”) may maintain different sets of rules, parameters, etc. associated with multiple different mobile gateways, such that a network may be able to determine whether to provide access to a particular mobile gateway based on location parameters, temporal parameters, account parameters, or other parameters. When access is granted to the network based on the parameters, the mobile gateway may serve as an interface between one or more User Equipment (“UEs”) and the network.

Abstract: Methods, systems, and devices for wireless communications are described in which a host processor at a user equipment (UE) may packetize data for uplink transmissions from the UE and provide packets to a wireless modem of the UE for uplink transmission. The host processor may provide multiplexing and aggregation headers for the packets that include a prioritization indication, and the wireless modem may order the data packets for transmission based at least in part on the prioritization indication. In some cases, a priority for each packet is indicated in a priority field of a corresponding multiplexing and aggregation header. The wireless modem may transmit the data packets based on the ordering, to provide higher priority packets ahead of lower priority packets to a receiver. Additionally, data packets may be further ordered based on tuple information associated with the data packets.

Abstract: A method for a smart device management resource picker includes receiving an authorization request from a third party. The authorization request requests access to a user resource managed by the device manager. The device manager manages access controls associated with a plurality of user devises, the access controls are configured by a user. The method also includes determining whether the third party is authorized to access the user resource managed by the device manager. When the third party is authorized to access the user resource managed by the device manager, the method includes determining whether the user has configured access controls at the device manager that governs the user resource subject to the authorization request. When the user has configured a respective access control that governs the user resource subject to the authorization request, the method includes communicating a response to the authorization request based on the respective access control.

Abstract: An on-demand code execution environment present in points of presence (POPs) and in regions serviced by the POPs is provided herein. For example, a POP may receive a request to execute a task associated with user-defined code. If the POP determines that the computing resources necessary to execute a received task are not available or that the POP should not execute the received task for another reason (e.g., the task is not commonly received and the computing resources needed to execute the task are therefore best allocated for other requests), the POP can forward the task to a region that the POP services for execution by an on-demand code execution environment present in the region. The on-demand code execution environment present in the region can execute the task and forward the results of the execution to the POP for distribution back to a user device that requested the task execution.

Abstract: Systems and methods for modernizing workspace and hardware lifecycle management in an enterprise productivity ecosystem are described.

Abstract: A method includes: receiving selection of a document; correlating sequences of words, in the document, with a set of language signals; generating a set of document tags representing the set of language signals; and retrieving a first data access policy: associated with a particular document tag in the set of document tags; and including a set of identities permitted to access a document associated with the particular document tag; receiving selection of a recipient account of the document; and in response to detecting the set of identities excluding the recipient account, restricting access to the document by the recipient account.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Systems and methods may include sending, to a network registrar, an extended duplicate address request (EDAR) message including a first nonce generated by a host computing device, and receiving, from the network registrar, an extended duplicate address confirmation (EDAC) message including a second nonce and a first signature, a first nonce pair including the first nonce and the second nonce being signed by the network registrar via a first key pair of the network registrar via the first signature. The systems and methods may further include sending a first neighbor advertisement (NA) message to the host computing device including the second nonce. The second nonce and a public key of the network registrar verifies the first signature from the network registrar, the verification of the first signature indicating that a router through which the host computing device connects to a network is not impersonating the network.

Abstract: There is provided a wireless portable device for providing location-based data to a user in a defined geographical area including a plurality of points of interest, the wireless portable device comprising a wireless transmitter, a wireless receiver, and a display. The wireless transmitter can transmit location information to a wireless server over a wireless network. The wireless receiver can receive location-based data relating to a point of interest from the wireless server periodically and automatically, based on the location of the wireless portable device. By optimizing map routes and schedules using the location-based data and user preferences including wish lists, the wireless portable device can provide helpful recommendations via the display, enabling the user to plan an efficient schedule of activities in the defined geographical area optimized by walking distance, queue wait times, booking and arriving at reserved events, and/or by other user preferences.

Abstract: In an approach to unattended authentication in HTTP using time-based one-time passwords, a request is received from a client for a Hypertext Transfer Protocol (HTTP) authentication on a server. A challenge is sent to the client, where the challenge includes a header that indicates that a Time-based One-time Password (TOTP) is to be used for the HTTP authentication. A first response is received from the client based on a first TOTP value and a shared secret, wherein the first response is encoded based on an encoding mechanism included in the header. Responsive to validating the first TOTP value and the shared secret from the client, the client is authenticated.

Abstract: Systems and methods for providing a single sign-on for authenticating a user via multiple client devices is provided. For example, the system includes a processor configured to receive a first connection request from a first client device. The processor processes the first connection request and transmits an access token to the first client. The processor can further receive a second connection request from a second client device and process the second connection request. The processor can transmit a single sign-on response to the second client device in reply to the second connection request. The second client device can be configured to communicated with and transmit the single-sign on response to the first client device for processing. The processor can receive a single sign-on verification from the first client device, process the single sign-on verification, and transmit a copy of the access token to the second client device.

Abstract: A neural processing unit (NPU) includes a controller including a scheduler, the controller configured to receive from a compiler a machine code of an artificial neural network (ANN) including a fusion ANN, the machine code including data locality information of the fusion ANN, and receive heterogeneous sensor data from a plurality of sensors corresponding to the fusion ANN; at least one processing element configured to perform fusion operations of the fusion ANN including a convolution operation and at least one special function operation; a special function unit (SFU) configured to perform a special function operation of the fusion ANN; and an on-chip memory configured to store operation data of the fusion ANN, wherein the schedular is configured to control the at least one processing element and the on-chip memory such that all operations of the fusion ANN are processed in a predetermined sequence according to the data locality information.

Abstract: Embodiments are in the field of mobile applications and wireless processing, especially of commercial transactions, and more specifically for enhancing the user experience in restaurants even while enhancing the service delivery model efficiency of restaurants. Embodiments include a computer accessible medium for processing commercial transactions, to perform operations that comprise identifying wireless devices and determining their respective locations in a vendor service area, sending an interactive order menu to the identified wireless devices, receiving and displaying order data from the wireless devices, processing the received order data, and accepting a payment for a completed order.

Abstract: A data storage system in which different copies of a data object (e.g., a file) can be compressed using different compression processes (e.g. different compression algorithms/processes and/or compression parameters), with some favoring faster decompression, while others favoring storage space savings. When a data object needs to be accessed, the copy of the data object that can be decompressed using minimal resource (computing and/or time) can be located and retrieved.

Abstract: A permissions management system (PMS) defines the permissions associated with a user and thereby the activities the user can perform with any specific object and/or application or class of objects and/or applications. However, such a PMS requires an administrator to either authorise each permission individually or default permissions to a configuration previously established. The former is time consuming and the latter does not eliminate the former in establishing the roles initially or new roles or custom configurations. According, methods and systems for automating the establishment of permissions and their ongoing maintenance are presented based upon an initial discovery phase of actions performed by either the user or an administrator followed by an automated harmonization phase and a verification phase. This verification phase may employ human interactions or be automated exploiting an artificial intelligence engine.

Abstract: A stream of a media item is transmitted from a server computing system to one or more client computing systems. The media item has a timeline for playback of the media item. Participant-generated content is received at the server computing system from one or more participants at any of the one or more client computing systems. The participant-generated content is time-indexed to the timeline of the media item. The participant-generated content is processed to identify key portions of the media item based on indications present within the participant-generated content. A dynamic summary queue is generated that includes the key portions of the media item. The dynamic summary queue is assembled for streaming. A request to view the dynamic summary queue is received from a requestor. In response to the request, a stream of the dynamic summary queue is transmitted to a computing device of the requestor.

Abstract: A computer device performs operations for managing registry access, including monitoring a user process on the computer device. The computing device can determine a set of registry access rules relevant to the user process. The computing device can perform an evaluation of a registry operation requested by the user process using the set of registry access rules. The computing device can determine an action based on the evaluation. The action can include one of blocking the registry operation in relation to a particular key in a registry of the operating system, and enabling access to a particular key in the registry of the operating system to perform the requested registry operation.

Abstract: A computer program product and corresponding computer-implemented method cause the performance of various operations to upgrade a network storage device having first and second storage controllers operating in an active-passive mode and disk media shared by the storage controllers. The first storage controller operating as a passive storage controller is caused to enter a new IQN for each virtual disk into a first iSCSI target configuration file and maintain a corresponding old IQN. The first storage controller is then caused to begin operating as the active storage controller so that the second storage controller, while operating as the passive storage controller, is caused to enter the new IQN for each virtual disk into a second iSCSI target configuration file and maintain the corresponding old IQN. Accordingly, the first and second iSCSI target configuration files map both the old and new IQNs to the virtual disks.

Abstract: Useful data is transmitted to a terminal existing in a transportation vehicle. A communication apparatus installed in the transportation vehicle and configured to transmit the data to the terminal existing in the transportation vehicle includes a data selection unit and an illumination unit. The data selection unit acquires location information indicating a location of the transportation vehicle in which the terminal exists and which is traveling. Based on the acquired location information, the data selection unit selects approaching-location data related to a location ahead of a current location of the transportation vehicle in a traveling direction from a plurality of pieces of data related to the location. The illumination unit transmits, as a modulated light signal, a signal comprising the approaching-location data.