Abstract: Aspects of the disclosure relate to simplified and expedited processing of access requests to network resources. Authorized individuals can set rules for accessing network resources. The rules can be implemented as a series of macro steps assigned to various access rights and can be consolidated in a single button or widget for a particular user group. In response to a user's one-click selection of the button or widget, all applicable access rights can be requested sequentially from appropriate services or individuals without requiring complex instructions or myriad user actions. User interfaces and API(s) are provided to enable users to request access and managers to setup access requirements and button configurations. Novel logical systems, architectures, platforms, graphical user interfaces, and methods are disclosed.

Abstract: Apparatuses, systems, methods, and computer program products are presented for mobile device based identity verification. An apparatus includes a data module configured to receive sensor data from a hardware device associated with a user. An apparatus includes a transaction module configured to receive transaction data associated with a transaction. An apparatus includes a verification module configured to verify an identity of a user making a transaction based on received sensor data. A transaction may be allowed in response to verifying a user's identity.

Abstract: There is disclosed in one example a computing apparatus, including: a hardware platform including a processor and a memory; a network interface; an operating system including a native internet protocol (IP) stack; and a security agent, including instructions encoded within the memory to instruct the processor to: establish a split virtual private network (VPN) tunnel with a remote VPN service; receive outgoing network traffic; direct a first portion of the outgoing traffic to the VPN tunnel, including determining that the first portion includes an outgoing domain name service (DNS) request; and direct a second portion of the outgoing traffic to the native IP stack.

Abstract: A cloud-based security solution that provides a robust and secure framework for managing and enforcing security policies related to various resources managed in the cloud is disclosed. The cloud-based security solution is implemented by a security zone policy enforcement system in a cloud service provider infrastructure. The system receives a request to perform an operation on a resource and determines a compartment associated with the resource. The system determines that the compartment is associated with a security zone and determines a set of one or more security zone policies applicable to the resource. The system then determines that the operation on the resource is permitted based on the set of one or more security zone policies and responsive to determining that the operation on the resource is permitted, allows the operation to be performed on the resource.

Abstract: A communication system comprising an information processing apparatus and a mobile terminal, wherein when the mobile terminal receives a packet transmitted from the information processing apparatus, it determines whether or not a login condition for transmitting a login request is satisfied based on a received signal strength of the packet, and it transmits the login request to the information processing apparatus in a case where it determines that the login condition is satisfied, and does not transmit the login request to the information processing apparatus in a case where it is determines that the login condition is not satisfied.

Abstract: Proactive caching, at a client device (e.g., a feature phone), of transient assistant action suggestions for selective rendering by an assistant client application of the client device. A transient assistant action suggestion, when rendered via an assistant client application and selected, causes the assistant client application to initiate performance of a corresponding assistant action. In various implementations, a prefetched transient action suggestion can be a time-constrained suggestion that includes at least associated rendering restriction metadata that defines one or more temporal windows to which rendering of the time-constrained suggestion is restricted. Proactive cache refresh rate metadata can also be associated with transient action suggestion(s) and defines a duration during which the assistant client application is to refrain from interfacing with a remote system to prefetch updated transient assistant action suggestions.

Abstract: Methods and systems for facilitating communication sessions between multiple communication points via a contact number. The method includes receiving a purchase request from a first user device, through a first communication point which is enabled with a context-to-call (C2C) feature. The method further includes facilitating displaying of a predetermined list of contact numbers on the first user device and receiving a contact number selected by the first user. The method also includes processing the purchase request based, at least in part, on receiving subscription fees. The method also includes assigning the contact number to a C2C-enabled account of the first user, as a dedicated C2C-enabled contact number, based, at least in part, on purchase request-processing step. The method also includes facilitating the C2C-enabled account of the first user to receive calls from second user(s), on the dedicated C2C-enabled contact number, based, at least in part, on C2C contact-assigning step.

Abstract: Computing devices and method for performing a secure neighbor discovery. A local computing device transmits an encrypted local node identifier and an encrypted local challenge to a remote computing device. The remote computing device generates a local challenge response based on the local challenge; and transmits an encrypted remote node identifier and an encrypted local challenge response to the local computing device. The local computing device determines that the received local challenge response corresponds to an expected local challenge response generated based on the local challenge. The remote computing device further transmits an encrypted remote challenge. The local computing device generates a remote challenge response based on the remote challenge; and transmits an encrypted remote challenge response to the remote computing device.

Abstract: A method, computer system, and a computer program product for modifying a user interface. Attributes of a source object identified by a user in connection with a user input for storing the source object are determined. Attributes of one or more target storage locations are determined. A target storage location for storing the source object is predicted, along with a confidence value associated with the prediction. The prediction is made using a machine learning model that predicts the predicted target storage location and associated confidence value based on the determined attributes of the source object. A plurality of target storage location usage patterns are determined. The user interface is modified based on the predicted target storage location.

Abstract: A system is presented for matching user devices with resource devices. User preference and profile information are communicated from user devices to a queue management server. The user preference information is parsed and compared with resource information associated with a plurality of resources. Availability of the resource devices is forecasted based at least in part upon the resource information and resource devices are selected to service user devices based at least in part upon the comparison and the forecast. User devices are added to the end of data queues for the resource devices. The data queues are communicated to the user devices and the resource devices.

Abstract: Methods, apparatus, systems, and computer-readable media are provided for invoking an agent module in an automated assistant application in response to user selection of a selectable element presented at a graphical user interface rendered by a non-automated assistant application. The invoked agent module can be associated with other content rendered in the non-automated assistant graphical user interface, and can optionally be invoked with values that are based on user interactions via the non-automated assistant application. Responsive content can be received from the agent module in response to the invocation, and corresponding content provided by the automated assistant application via an automated assistant interface. In these and other manners, selection of the selectable element causes transition from a non-conversational interface, to a conversational automated assistant interface—where an agent (relevant to content in the non-conversational interface) is invoked in the automated assistant interface.

Abstract: Systems and methods for processing data are described. More specifically, a query request may be received and a data pattern may be identified in the query request. Personally identifiable information associated with the query request may then be de-pseudonymized. Accordingly, a second request using the de-pseudonymized personally identifiable information and receiving a response to the second request may be generated. The personally identifiable information in the response may be pseudonymized such that the pseudonymized personally identifiable information and data included in the response is provided to a client.

Abstract: A content management system interface at a local computer device configured to receive user file commands from a file manager and translate the user file commands into content management commands for sending to the remote content management system via a network interface. The content management system interface is further configured to receive remote file information from the remote content management system via the network interface and translate the remote file information into user file information for the file manager.

Abstract: A method, apparatus and computer program product for detecting malicious content and predicting cyberattacks are described herein. In the context of a method, the method receives a hash query comprising a file hash based on one or more files. The method queries a cyberattack case studies information database based on the hash query to generate one or more attack correlation information items associated with at least one of the one or more files. The method also generates and outputs a file security analysis based on the attack correlation information items for authorization of the one or more files.

Abstract: A method and system may survey a property using aerial images captured from an unmanned aerial vehicle (UAV), a manned aerial vehicle (MAV) or from a satellite device. The method may include identifying a commercial property for a UAV to perform surveillance, and directing the UAV to hover over the commercial property and capture aerial images at predetermined time intervals. Furthermore, the method may include receiving the aerial images of the commercial property captured at the predetermined time intervals, detecting a surveillance event at the commercial property, generating a surveillance alert, and transmitting the surveillance alert to an electronic device associated with an owner of the commercial property.

Abstract: Techniques for intent-based access control are described. A method of intent-based access control may include receiving, via a user interface of an intent-based governance service, one or more intent statements associated with user resources in a provider network, the one or more intent statements expressing at least one type of action allowed to be performed on the user resources, compiling the one or more intent statements into at least one access control policy, and associating the at least one access control policy with the user resources.

Abstract: A method of processing media content in Moving Picture Experts Group (MPEG) Network Based Media Processing (NBMP) is performed by at least one processor, and includes performing a function and function group discovery, wherein wildcard search is enabled in the function and function group discovery, transmitting, to a function repository storing one or more functions for processing the media content, a search query for at least one among the one or more functions, based on the search query being transmitted, receiving, from the function repository, a reply identifying the at least one among the one or more functions and including a rank of the at least one among the one or more functions, and processing the media content, using the identified at least one among the one or more functions in an order based on the included rank of the at least one among the one or more functions.

Abstract: Access to functionality of a software service is enabled at a first device associated with a user based on the first device being in a primary mode. A connection may thereafter be established between the software service and a second device associated with the same user. In response to that connection, access to a subset of the functionality of the software service is limited at the second device based on the second device being in a secondary mode determined based on the second device. Because the first device and the second device are used by the same user, the software service does not represent those devices as separate users of the software service, but rather identifies only the first device, as the primary mode device, in connection with the user to other users of the software service.

Abstract: A printing apparatus configured to store a first setting relating to print jobs designated for reserved printing, the first setting indicating an acceptance condition for accepting a print job designated for reserved printing, receive information of a print job and store the received information of the print job in a storage device. In a case where the received information of the print job indicates that the print job is a print job designated for reserved printing and the print job for which information has been received satisfies the acceptance condition indicated by the first setting, the information of the print job is stored in the storage device in a manner such that the print job is to be executed at the job execution time designated for the print job, and a print job corresponding to the stored information is executed at the job execution time designated in the stored information.

Abstract: A method for offloading services of a sewer application in a network system. The method includes receiving, by a first in-network computation offload instance, a first request packet from a client application, wherein the first request packet includes a first application payload for processing by the server application; generating, by the first instance, a modified request packet that includes the first application payload and first offload information that describes the first instance for use by the server application in coordinating offloading processing to one or more in-network computation offload instances; and transmitting, by the first instance, the modified request packet to the next device in the traffic flow between the client application and the server application, wherein the next device is either (1) a second in-network computation offload instance in the traffic flow between the client application and the server application or (2) the sewer application.

Abstract: Providing a coordinated primary media stream with an aggregate supplemental media stream is disclosed. A request is received from an end user device associated with a user for supplemental media. Metadata and a broadcast time associated with a primary media stream transmitted to the end user device are determined. Based on the metadata and the broadcast time, first supplemental media from a first account of the user on a first platform and second supplemental media from a second account of the user on a second platform are determined. The first supplemental media and the second supplemental media are merged into an aggregate supplemental media stream. The aggregate supplemental media stream is streamed in synchronization with the primary media stream.

Abstract: In one embodiment, a segment routing and tunnel exchange provides packet forwarding efficiencies in a network, including providing an exchange between a segment routing domain and a packet tunnel domain. One application includes the segment routing and tunnel exchange interfacing segment routing packet forwarding (e.g., in a Evolved Packet Core (EPC) and/or 5-G user plane) and packet tunnel forwarding in access networks (e.g., replacing a portion of a tunnel between an access node and a user plane function for accessing a corresponding data network). In one embodiment, a network provides mobility services using a segment routing data plane that spans segment routing and tunnel exchange(s) and segment routing-enabled user plane functions. One embodiment uses the segment routing data plane without any modification to a (radio) access network (R)AN (e.g., Evolved NodeB, Next Generation NodeB) nor to user equipment (e.g., any end user device).

Abstract: A remote desktop system includes a primary virtual machine, a plurality of secondary virtual machines, a primary terminal configured to log in to the primary virtual machine, and a secondary terminal configured to log in to a secondary virtual machine. When a user of the primary virtual machine needs to share image data of the primary virtual machine with a user of the secondary terminal for viewing, the primary virtual machine sends the image data to the primary terminal, and then the primary terminal shares the image data with the secondary terminal. This reduces data transmission pressure on a communications network between a virtual machine center and a terminal center.

Abstract: In a method for sending a server identifier to a KVM switch, a management processor of a server determines that a push button on an exterior surface of the server has been pushed. In response to determining that the push button has been pushed, the management processor generates a displayable image containing a server identifier for the server, includes the displayable image in a network message, and broadcasts the network message to a local network that includes the server and a KVM switch. In one example, the method also includes receiving the server button message at the KVM switch when the KVM switch is not switched to enable the server to control a video port of the KVM switch, and in response to receiving the server button message at the KVM switch, sending the displayable image to a monitor via the video port. Other implementations are described and claimed.

Abstract: A system performs a method including: generating a posture of a first microservice in a microservice based network environment; implementing the posture of the first microservice at a sidecar of the first micro service; distributing the posture of the first microservice to a sidecar of a second microservice in the microservice based network environment; implementing the posture of the first microservice at the sidecar of the second micro service; and controlling communication of personally identifiable information between the first microservice and the second microservice based on the posture of the first microservice through either or both the sidecar of the first microservice and the sidecar of the second micro service.

Abstract: Systems and methods for a multi-tenant communication platform. At a multi-tenant communication platform, and responsive to authentication of a communication request provided by an external system, a routing address record of the communication platform is determined that matches a communication destination of the communication request. The matching routing address record associates the communication destination with a plurality of external communication providers. At least one communication provider associated with the matching routing address record is selected, and a request to establish communication with the communication destination is provided to each selected communication provider. The communication request specifies the communication destination and account information.

Abstract: An administrator creates an access policy for a network resource using an access server. The access policy may specify device characteristics that are needed to access the network resource. These characteristics may relate to the type of user device, the computing environment of the user device, installed applications and versions, installed certificates, and physical characteristics. The access policy for the network resource may be assigned to a user or to groups of users. Later, when the user attempts to access the network resource, an application installed on the user device provides a file containing the characteristics of the user device to the access server. The access server determines whether the characteristics of the file satisfies the access policy associated with the user and network resource, and if so permits access to the network resource. Else, access to the network resource is denied.

Abstract: Systems and methods for manipulation of private information in untrusted environments are disclosed. In one embodiment, in a trusted computing environment comprising at least one computer processor, for a plurality of data records, a method for manipulation of private information in untrusted environments may include: (1) separating each data record into a confidential data attribute and a non-confidential data attribute; (3) calculating an encrypted value for the confidential data attribute using an encryption key; (4) calculating an authentication value for the confidential data attribute using a hash value key; (5) associating the encrypted value and the authentication value in a protected data set; and (6) associating the non-confidential data record with the associated encrypted value and the authentication value; and (7) exporting the protected data set to an untrusted computing environment.

Abstract: A computer security system with enhanced whitelisting includes administrative interfaces that accept user inputs to create and modify entries in a whitelist that define which programs are allowed to execute on one or more target computer systems. Upon an attempt to run a program, the entries in the whitelist are used to determine if the program is allowed to run. If an entry in the whitelist indicates that the program is allowed to run, the program is run. Otherwise, at a later time, an administrative interface is used to either block future execution of the program or to create an entry in the whitelist that allows execution of a class of programs or only that the program in the future until revoked. The whitelist is for a single target computer or many computers.

Abstract: According to some embodiments, a method includes: receiving, by a computing device, data about one or more applications associated with users of a group, the group being one in which to share information amongst the users; identifying, by the computing device, an application common to at least a subset of users of the group based on the received data; and providing, by the computing device, settings to a client device of another user outside the subset of users, the client device to apply the settings to enable the another user to access the application in common with use of the client device.

Abstract: In embodiments of the present invention improved capabilities are described for detecting restricted content associated with retrieved content. The method and system may include receiving a client request for content, saving contextual information from the client request, presenting retrieved content in response to the client request, and presenting the contextual information from the client request, and retrieved content, to a scanning facility. The scanning facility may utilize the contextual information from the client request to aid in the detection of restricted content associated with retrieved content.

Abstract: A method and system for accessing stored data includes receiving a request to access data stored in a data storage unit. The request requires one or more data operations to be performed by a system having access to the stored data. Responsive to the data request, one or more locks are derived and assigned to one or more of the data operations. Each of the locks control invocation of the data operations to which the respective lock is assigned. The deriving is based in part on (i) user context data obtained from a user issuing the request and (ii) data context comprising one or more attributes of the request. Each of the one or more locks is unlocked and the one or more data operations are invoked after the one or more locks are unlocked.

Abstract: In an embodiment, a computer implemented method receives flow data for a network flows. The method extracts a tuple from the flow data and calculates long-term and short-term trends based at least in part on the tuple. The long-term and short-term trends are compared to determine whether a potential network anomaly exists. If a potential network anomaly does exist, the method initiates a heavy hitter detection algorithm. The method forms a low-complexity intermediate stage of processing that enables a high-complexity heavy hitter detection algorithm to execute when heavy hitters are likely to be detected.

Abstract: Apparatuses, methods, and systems are disclosed for user authentication using a connection information package provided by a blockchain network. One apparatus includes a processor and a transceiver that receives, from a first address on a blockchain network, a plurality of connection information packages and also receives, from a first function, a request to authenticate a user. The processor determines whether the first function is associated with one of the plurality of connection information packages. In response to the first function being associated with a valid one of the plurality of connection information package, the processor accepts the request to authenticate a user.

Abstract: Disclosed are devices, systems, methods, and computer program products for managing the development and treatment supply chain in delivering personalized medicine therapies. In some aspects, a unified configuration system (UCS) for an enterprise software platform is described that enables and facilitates individual stakeholders of the personalized medicine development and treatment supply chain to create and manage independent configurations of their supply chain management software for an enterprise software platform.

Abstract: A method, an apparatus, and a computer program product for accessing electronic medical records are provided in which a portable computing device uniquely associated with a user authenticates an identification of the user and automatically retrieves information corresponding to the user from electronic healthcare records systems using the identification. The retrieved information may be combined with other information and electronically delivered to a healthcare provider.

Abstract: The present disclosure is directed to methods for identifying a user by a demand side platform (DSP) across advertiser exchanges. The method includes establishing, by a DSP, a cookie mapping for a user. The cookie mapping includes a mapping of user identifiers for the user from advertisement exchanges to a user identifier assigned by the DSP for the user. The DSP stores to the cookie mapping a first mapping to the user identifier of the DSP, comprising a first user id received by a bidder from a first exchange and a first exchange id for the first exchange. A bidder inserts a pixel into a bid for an impression opportunity to a second exchange. The pixel includes a key to the cookie mapping and a second user id for the user and a second exchange id. The second user id is received by the bidder from a second exchange.

Abstract: A method includes receiving a plurality of configurations comprising a first configuration for provisioning a first set of network services at a first resource of an edge device and a second configuration for provisioning a second set of network services at the first resource, a first configuration group identifier identifying a configuration group for the first configuration, and a first network performance parameter for the configuration group. The method further includes determining a performance factor for the first resource providing the first set of network services to one or more client devices. The method further includes, in response to determining that the performance factor does not satisfy the first network performance parameter for the configuration group and that the first configuration group identifier identifies the configuration group for the first configuration, moving the first configuration from the first resource to a second resource of the edge device.

Abstract: A computer-implemented method of providing targeted content to a user includes generating a query index from a data corpus, the query index including a plurality of market segment-based queries, wherein each market segment-based query of the plurality of queries is configured to provide targeted content on a browser user interface of a user determined to be within a corresponding market segment.

Abstract: Consistent with an embodiment of the present disclosure, a server arrangement provides a web-accessible virtual-meeting interface through which participant identifying information and meeting time information is passed for setting up and establishing a primary meeting. In addition to the primary meeting, various selectable options are provided for one or more participants, including merged audio from the established audio connections to the participants, establishing a secondary meeting and/or automatically moving or reverting connections from/to the primary meeting.

Abstract: Fine grained access barring of aggressive cellular devices is provided. A method can include detecting, by a system comprising a processor, a frequency of signaling events transmitted by network equipment operating as part of a communication network; in response to the frequency of the signaling events transmitted by the network equipment being determined to be greater than a frequency threshold, altering, by the system, an access class of the network equipment from a first access class to a second access class that is different from the first access class, wherein the second access class is reserved via the communication network; and in response to the access class of the network equipment being altered to the second access class, causing, by the system, a base station serving the network equipment to deny at least a portion of network access requests transmitted by the network equipment to the base station.

Abstract: A first appliance receives from a second controllable appliance a command for causing the first controllable appliance to be placed into a state and, in response, determines a trust level of the second controllable appliance. When it is determined that the second controllable appliance is trustworthy, the first controllable appliance executes the command. When it is determined that the second controllable appliance is untrustworthy, the first controllable appliance ignores the command. Otherwise, the first controllable appliance enters into a state in which the first controllable appliance waits for at least a predetermined period of time for a user to confirm whether or not the first controllable appliance should be caused to execute the command.

Abstract: Computing systems, apparatuses, computer-implemented methods, and computer program products are disclosed for creating a shared communication channel in a group-based communication platform having a plurality of database shards. An example computer-implemented method includes generating a shared communication channel shard that is assigned a shared communication channel identification, a first set of shared communication channel attributes associated with a first group identification, and a second set of shared communication channel attributes associated with a second group identification. The method further includes generating first and second externally shared group-based shared communication channel interfaces based on the first and second sets of shared communication channel attributes, respectively.

Abstract: A device implementing a system for using a verified claim of identity includes at least one processor configured to receive a verified claim including information to identify a user of a device, the verified claim being signed by a server based on verification of the information by an identity verification provider separate from the server, the verified claim being specific to the device. The at least one processor is further configured to send, to a service provider, a request for a service provided by the service provider, and receive, from the service provider and in response to the sending, a request for the verified claim. The at least one processor is further configured to send, in response to the receiving, the verified claim to the service provider.

Abstract: Some embodiments provide policy-driven methods for deploying edge forwarding elements in a public or private SDDC for tenants or applications. For instance, the method of some embodiments allows administrators to create different traffic groups for different applications and/or tenants, deploys edge forwarding elements for the different traffic groups, and configures forwarding elements in the SDDC to direct data message flows of the applications and/or tenants through the edge forwarding elements deployed for them. The policy-driven method of some embodiments also dynamically deploys edge forwarding elements in the SDDC for applications and/or tenants after detecting the need for the edge forwarding elements based on monitored traffic flow conditions.

Abstract: Various methods are provided for facilitating the assignment of a DNS name to load balancers in a dynamically partitioned cluster environment. One example method may comprise receiving cluster configuration information from a cluster configuration observer, the cluster configuration information comprising information indicative of each of a plurality of instances of running application and one or more servers and associated ports to which at least one of the plurality of instances is bound, receiving a request from a first level load balancer requiring a call to the first application, determining, based on the cluster configuration information, to which port the instance of the first application is bound, and transmitting the request to the port to which the instance of the first application is bound.

Abstract: One example method includes receiving, from a microservice, a service request that identifies a service needed by the microservice, and an API of an endpoint that provides the service, evaluating the service request to determine whether the service request conforms to a policy, when the service request has been determined to conform with the policy, evaluating the endpoint to determine if endpoint performance meets established guidelines, and when it is determined that the endpoint performance does not meet the established guidelines, identifying an alternative endpoint that meets the established guidelines and that provides the requested service. Next, the method includes transforming the API of the service identified in the service request to an alternative API of the service provided by the alternative endpoint, and sending the service request and the alternative API to the alternative endpoint.

Abstract: Examples of systems are described herein which may dynamically allocate compute resources to recovery clusters. Accordingly, a recovery site may utilize fewer compute resources in maintaining recovery clusters for multiple associate clusters, while ensuring that, during use, compute resources are allocated to a particular cluster. This may reduce and/or avoid vulnerabilities arising from a use of shared resources in a virtualized and/or cloud environment.

Abstract: A method for processing a message received via an electronic communication network by a user terminal is disclosed. The method comprises receiving the message, the message including data corresponding to an initial message content determined by a sender of the message and at least one data item corresponding to a function, the at least one data item being determined by the sender of the message; and determining a final content, the final content including the initial message content determined by the sender of the message and a specific content obtained by determining a result of the function applied to at least data from the user terminal.

Abstract: Techniques are provided for managing host connectivity to a data storage system. A host connectivity management system receives a request from a host system to connect to a data storage system. The data storage system includes storage nodes which include storage volumes, and each storage node includes multiple ports to enable connection to the storage node. The host connectivity management system determines a subset of ports, among all available ports of the storage nodes, to assign to the host system for use by the host system for connecting to the storage nodes of the data storage system to access the storage volumes. The host connectivity management system sends connection information to the host system to enable the host system to connect to the data storage system, wherein the connection information includes port identifiers associated with the subset of ports assigned to the host system.