Abstract: Monitoring a process in a trusted execution environment (TEE) to identify a resource starvation attack. A first monitor executing outside of a first TEE determines that a first process is executing in the first TEE. The first monitor makes a determination that the first process is being denied resources necessary for execution of the first process. The first monitor sends an indication indicating that the first process is being denied resources necessary for execution of the first process.

Abstract: Systems and methods allow users to leverage multiple disparate cloud solutions, offered by disparate service providers, in a unified and cohesive manner. A system includes a task repository configured to store a plurality of task parameters, wherein the task parameters cause one or more tasks to run on cloud services when provided to the cloud services including a dedicated solution and a shared solution, wherein the task parameters include common parameters and proprietary parameters, wherein the common parameters are common to two or more disparate cloud services, and wherein the proprietary parameters are unique to one of the cloud services. The system also includes an interface configured to receive task input including the plurality of task parameters.

Abstract: A system and method for seamless exchange and interaction of multimedia content between communication devices in a network are disclosed. The method can include the discovery and identification of devices within proximity of a sending device. The found devices can be authenticated through unique identifiers established during registration. Connection requirements can be determined based on the identifiers associated with the found devices and the sending device. In turn, the sender can establish a connection with the found devices using the connection requirements. The sending device can share or serve as a remote control to redirect and navigate the content, with a simple action or a gesture command, to the found device. The shared multimedia content, can either reside on the sender's mobile device or on a remote server within a connected network.

Abstract: Technologies for monitoring networked computing devices using deadman triggers includes a network interface controller (NIC) configured to collect a pin state of at least one deadman trigger pin associated with a deadman trigger and determine whether a triggering event associated with the deadman trigger has been detected as a result of the comparison. The NIC is further configured to generate, in response to a determination that the triggering event has been detected, a status packet that is usable to identify the detected triggering event associated with the deadman trigger. Additionally, the NIC is configured to issue a stop transmission command to each of a plurality of egress packet transmission queues of the NIC and insert the generated status packet into at least one of the plurality of egress packet transmission queues for transmission to a target computing device. Other embodiments are described herein.

Abstract: The invention relates to a method for controlling access for a user equipment to at least one local device via an intermediary system that is configured to connect to a local network and to a public network. The user equipment is connected to the public network and the at least one local device is connected to the local network. The method comprises a number of steps in the intermediary system. One of these steps is storing one or more location conditions for access for the user equipment to the at least one local device. Another step is receiving first location information of the user equipment over the public network, the first location information indicating a location of the user equipment. Yet another step is controlling access for the user equipment to the at least one local device by verifying whether the first location information satisfies the one or more location conditions. The invention further relates to the intermediary system used in the method.

Abstract: Embodiments of the present disclosure provide systems and methods for performing network device configuration validation online. A second instance of the command process (a shadow interpreter) can be run within a isolated validation environment on a network device that is active on a network. A copy of the configuration database on the network device is associated with the isolated validation environment. The validation handler erases the currently running configuration commands within the validation copy of the configuration database, and enters each new configuration command through the shadow interpreter to validate the new configuration commands on the network device without impacting the current functioning of the network device. After all the new configuration commands are entered, the validation report generates a report identifying the validation status for each command.

Abstract: Establishing online social communications for enterprises whilst beneficial to them in terms of revenue, customer retention etc. require skills and time, both of which the enterprises personnel do not possess. The inventors have established an inventive turn-key software application that allows an enterprise to create invitation only private groups on mobile device platforms and monetize aspects of this online private group through direct payments to the club owner. An individual, a group, a society, a business or enterprise irrespective of whether they are active on other social networks can exploit the inventive turn-key software application augmenting their business with clear visibility of the return on investment. As such the inventive turn-key software application provides an effective “one-stop shop” for those looking to establish and build their brand on mobile technology.

Abstract: A system and method for managing media advertising enterprise data. An enterprise data management (EDM) module can be configured to include a set of rules at an enterprise level to manage disparate and disconnected records. A scoring function with respect to each record can be computed based on the rules to determine the highest priority. The rules in association with the scoring function can be stored locally in an EDM database. A matching process can then be performed to accurately match similar records regardless of manual input, location, and format of the records in a distributed system. Each record can then be assigned with a parent enterprise advertiser. Such an optimization mechanism can interactively manage and report records at the enterprise level in a simple and efficient manner.

Abstract: A computing system includes a server within an enterprise, with the includes at least one processor to access a real-time media application to provide real-time communications (RTC) for peer-to-peer networking, and intercept APIs of the real-time media application so that a portion of the real-time media application is redirected away from said server. The redirected portion of the real-time media application includes provisioning information directed to a media server. A client device is associated with a branch within the enterprise and includes a processor to execute the redirected portion of the real-time media application, and receive alternative network connectivity options for the peer-to-peer networking from a network edge appliance associated with the branch within the enterprise. At least one media stream is established with the peer computing device via the network edge appliance based on the alternative network connectivity probing.

Abstract: Changing operational backup parameters on a storage system includes a first actor generating a request to change operational backup parameters, providing the request from the first actor to a second actor, the second actor authorizing the request, and modifying the operational backup parameters in response to the second actor authorizing the request. The first actor may be assigned a role that allows the first actor to generate the request to change operational backup parameters of the storage system and the second actor may be assigned a role that allows the second actor to authorize the request to change operational backup parameters of the storage system. The request may include a time window provided by the first actor. Authorizing a request to change operational backup parameters of the storage system may create a token and an authorization key. The token may be indicative of the request provided by the first actor.

Abstract: A method implements data visualization offline interaction. A user requests a data visualization, and sends the request to a server. The method receives a data model needed to render the data visualization and a data visualization library. The method stores the data model and data visualization library in memory. The method generates the data visualization based on the data model using the data visualization library, and displays the data visualization in a data visualization interface. A user manipulates the data visualization. If there is no connectivity with the server, indicating offline mode, and the user input corresponds to functionality that is available in the offline mode, the method retrieves the stored data model and data visualization library and generates an updated data visualization based on the data model using the visualization library. The updated data visualization is displayed in the data visualization interface.

Abstract: A system may identify a user based on inputs from multiple devices. The system may determine a confidence score based on the probability that the system accurately identifies the user. The system may provide a permissions level based on the confidence score. The permissions level may affect the type of interactions the user may perform with a device. The system may determine a privacy level for an interaction based on determining whether the user is in a public or private setting.

Abstract: Aspects of the present invention disclose a method, computer program product, and system for capturing and transposing user behavioral data. The method includes determining that a user enters a first venue based on tracking a computing device of the user. The method further includes capturing behavioral data of the user in the first venue as the user interacts with a first product, where the captured behavioral data is saved to a database. The method further includes responsive to determining that the user enters a second venue, determining a set of recommendations for the user that has entered the second venue, based on the behavioral data in the user profile and a product available to the user in the second venue. The method further includes generating a recommendation to a user.

Abstract: Technologies are disclosed herein to secure flexible access to the healthcare information resources (HIR) contained within electronic health records (EHR) systems. By managing access permissions with certified self-sovereign identities and distributed ledger techniques, HIR may be secured. Patients and other users may be registered to access a distributed ledger, such as a healthcare blockchain, employed to set, host and adjudicate permissions to access HIR. Authorized owners and/or patients with rights to their own HIR may be able to grant fine-grained and conditional access permissions to third-parties. Information transfers and transactions occurring according to these permissions may be logged within smart contracts incorporated in the healthcare blockchain.

Abstract: Systems and methods for preventing aggressive or abusing signaling on networks are disclosed. When a user equipment (UE), such as a cell phone, sends a request to a network (e.g., a REGISTER, SUBSCRIBE, or PUBLISH request), a network entity can start a “guard timer” and/or increment a “guard counter.” The guard timer can comprise a predetermined amount of time within which one or more additional requests from the same UE will be ignored. Similarly, the guard timer can be used in conjunction with a guard counter. The guard counter can enable a UE to make a predetermined number of requests before the guard timer expires. If the UE exceeds the guard counter before the guard timer expires, any additional requests will be ignored. When the guard timer expires, the guard counter is reset to zero to enable the UE to make additional requests.

Abstract: In one embodiment, a method includes, by one or more computing devices of an online social network, receiving, from a client system of a first user of the online social network, an audio input from a second user, wherein the audio input comprises one or more voice commands, identifying the second user based on a comparison of the audio input to one or more voiceprints stored by the online social network, wherein each voiceprint comprises audio data for auditory identification of a unique user of the online social network, determining a relationship status between the first user and the identified second user within the online social network, and determining whether to perform an action associated with each voice command based on permission settings associated with the action and the determined relationship status between the first user and the identified second user.

Abstract: Disclosed are some implementations of systems, apparatus, methods and computer program products for facilitating the authentication of computing system requests with an unknown destination across tenants of at least one multi-tenant database system. Authentication is facilitated using an intermediate system that is accessible by and independent from the tenants of the multi-tenant database system.

Abstract: A security event identification system may enable obtaining, for each of the set of web requests, a screenshot of a corresponding web path resulting from the web request; applying a hash to each obtained screenshot; and determining, based on a comparison of the hashed screenshots, whether a security event exists related to the set of web requests.

Abstract: A method for operating a web server implemented on a computer, wherein in a launch phase, a web server process ignores requests from clients and a further process having elevated permissions of the web server process is started by the web server process, where the further process serves to execute actions with access to a predefined operating system area, following the launch phase, the web server process transitions to normal operation such that when the web server process then receives a request requiring an action with access to the predefined operating system area, the permissibility of the received request is checked by the web server process and in the event of a permissible request, the web server process and the further process communicate, which prompts the further process to execute the action with the required access to the predefined operating system area.

Abstract: Methods and systems for resource and organization achievement are described. In one embodiment, outcome data associated with a resource may be received. The outcome data may include an outcome time period, an outcome title, an outcome priority, an outcome status, and an outcome access level. The outcome status may identify progress by the resource toward an outcome. The outcome access level may define resource access to an outcome item. The outcome data may be stored in a database. A display of an outcome item associated with the resource may be generated based on at least a portion of the outcome data. The outcome item may represent the outcome for the resource. Additional methods and systems are disclosed.

Abstract: A method for a user interface for creating a preview content page is provided. Client identification, time period and campaign information are received via a user interface input field. An application programming interface is invoked to access a third party site's data content associated with the campaign information available during the time period. From the third party site, the data content associated with the campaign information available during the time period and metadata associated with the data content are received. The data content has advertisements. The advertisements are presented in the data content on the user interface's display window. A uniform resource locator (URL) link to the plurality of advertisements is generated, for allowing users to share the link on a public web site page. A computer readable storage medium and a user interface system are also provided.

Abstract: One embodiment includes a network apparatus at a store for allowing digital amenities to be accessed at the store by a mobile device of a user. The network apparatus includes a network interface, a storage module to keep digital amenities and a computing module. The network interface can be designed to couple to the mobile device at the store, and to a computing device outside the store. The network interface can be designed to recognize the mobile device at the store based on a piece of software related to the store in the mobile device. The computing module can be designed to help the mobile device to access a first digital amenity from the storage module in view of the piece of software. Based on the access, a second digital amenity from the computing device can be pre-stored at the storage module.

Abstract: Provided is a network security system including a communication interface that transmits a request for a preset option field value to a Dynamic Host Configuration Protocol (DHCP) server, receives a preset option field value corresponding to the request for the preset option field value from the DHCP server, transmits a request for a preset file to a Trivial File Transfer Protocol (TFTP) server, and receives a preset file corresponding to the request for the preset file from the TFTP server, and a processor that designates a preset location and the preset file of the TFTP server based on the preset option field value, wherein the preset file includes a file different from a file specified in the preset option field value by the DHCP.

Abstract: Various systems and methods are provided that detect malicious network tunneling. For example, VPN logs and data connection logs may be accessed. The VPN logs may list client IP addresses that have established a VPN connection with an enterprise network. The data connection logs may list client IP addresses that have requested connections external to the enterprise network and remote IP addresses to which connections are requested. The VPN logs and the data connection logs may be parsed to identify IP addresses that are present in the VPN logs as a client IP address and in the data connection logs as a remote IP address. If an IP address is so present, user data and traffic data associated with the IP address may be retrieved to generate a risk score. If the risk score exceeds a threshold, an alert to be displayed in a GUI is generated.

Abstract: Trust may be maintained between a storage system and a host system by the host system validating its identity to the storage system. The storage system may instruct the host system to validate itself by setting a validation flag on the storage system. The host system may be configured to determine whether the validation flag is set. If the host system determines that the validation flag is set, the host system then may read a test string from the storage system. The host system may encrypt the test string using a private key, and send the encrypted test string to the storage system. The storage system may decrypt the encrypted string using a public key it previously received from the host system. The decrypted test string then may be compared against the original test string generated by the storage system.

Abstract: Provided are a computer program product, system and method embodiments for secure communication between an initiator and a responder over a network. The initiator sends a security association initialization message to the responder to establish a security association including key material used to generate a key for the security association. In response to receiving a security association initialization response to accept the security association, the initiator sends an authentication message to the responder to establish authentication between the responder and the initiator. In response to receiving an authentication message response to the authentication message, the initiator is programmed with the security association. An authentication done message is received from the responder after receiving the authentication message response.

Abstract: A computer-implemented document management method is discussed. The method includes displaying in a messaging application a plurality of folders for storing electronic mail messages, analyzing content one or more of the electronic mail messages to locate identifiers associated with matters in a document management system, and generating a user-selectable object that, when selected, automatically causes the generation of a document management display for a user of the messaging application.

Abstract: An example operation may include one or more of receiving an endorsed storage event from a first security domain that conforms to a first security policy and that is isolated from a second security domain that conforms to a second security policy which is different than the first security policy, determining that the storage event satisfies a cross-domain security policy based on the first and second security policies, creating a cross-domain data block which stores the storage event that satisfies the cross-domain security policy as a blockchain transaction, and transmitting the cross-domain data block to a first blockchain node included in the first security domain and a second blockchain node included in the second security domain.

Abstract: One exemplary aspect is a blackout feature that can be used in connection with touchscreen devices to hide selected data in a shared display environment. An exemplary embodiment may be provided as a service running in the background or on a touchscreen device. A service may pop-up in response to the initiation of a collaboration session or entry of the device into a data transfer or sharing environment to prompt the user as to handle they would like to handle the shared information, e.g., “hide” sensitive information. Another exemplary aspect can display data in a constellation fashion. For example, data included in a file or data set to be shared is displayed by the touchscreen device. The user can then run their finger over the data that the user does not wish to share. The selected data/information can then be prevented from delivery to and/or display on the collaborating device(s).

Abstract: In some embodiments, a distributed computer network has a server node, a leader node, and a plurality of participant nodes that communicate via a communications network. During a first phase, the leader node generates a leader performance, each participant node receives and renders the leader performance and generates a corresponding participant performance, and the server node receives the leader performance and the participant performances and generates one or more group performances, each including multiple, synchronized performances. During a second phase, the server node transmits the one or more group performances to the participant nodes, and each participant node receives and renders a group performance, thereby allowing a corresponding participant at each participant node to perform along with the rendering of the corresponding group performance.

Abstract: The present disclosure relates to a pre-5th-Generation (5G) or 5G communication system to be provided for supporting higher data rates Beyond 4th-Generation (4G) communication system such as Long Term Evolution (LTE). The present disclosure provides an apparatus and a method for handling a network attack in a software defined network (SDN). The method for handling a network attack in an SDN according to various embodiments of the present disclosure includes detecting a first candidate of the network attack in a flow during a first time interval, in response to detecting the first candidate, changing quality of service (QoS) of the flow from first QoS to second QoS, detecting a second candidate of the network attack in the flow of the second QoS during a second time interval following the first time interval, and in response to detecting the second candidate, blocking the flow.

Abstract: Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method includes adding a member to a data exchange. The data exchange comprises a set of listings. The method includes providing a set of rights to the member for accessing the set of listings and modifying the set of rights of the member with respect to a listing from the set of listings based on a set of access rules for the listing. The method further includes providing access to a portion of the data of the listing that is filtered based on the set of rights as modified.

Abstract: [Object] To provide a control device, base station that reduces the response time of UE by determining a base station in which data on an application is held in advance and by causing the determined base station to hold the data. [Solution] There is provided a control device including: a control unit configured to determine a base station from among a plurality of base stations on the basis of a predetermined condition, the base station causing data on an application used by a terminal device to be linked, the terminal device wirelessly communicating with the base station; and a notification unit configured to notify all base stations determined by the control unit that the data is caused to be linked.

Abstract: Methods and systems for managing a premises are disclosed. An interface device and a premises system may be located at the premises. The interface device may receive a signal from a premises device of the premises system. An indication of the premises device may be output via a user interface. Configuration information may be associated with the premises device. The interface may monitor and control the premises device.

Abstract: The disclosed embodiments relate generally to the downloading of media items. The media items may include, for example, audio, video, image, or podcast data. In accordance with one embodiment, two or more media items may be concurrently downloaded. In accordance with another embodiment, a user may control the downloading of each of the media items, as desired. More particularly, the user may choose to download, pause, or resume downloading one or more media items identified in the list of media items. In other words, the user may alter the download status of any of the items in the list of media items. In addition, the user may re-prioritize the order in which the media items in the list or a subset thereof are to be downloaded.

Abstract: Methods and systems for authenticating users based on contextual data in a privacy preserving way are disclosed.

Abstract: Methods and apparatus for distribution and execution of instructions in a distributed computing environment are disclosed. An example method includes accessing, by executing an instruction with a processor implementing a management agent within a deployment environment, an indication of an instruction to be executed, the indication of the instruction to be executed provided by a management endpoint operated at a virtual appliance within the deployment environment. The instruction is retrieved from a repository. The repository is identified by the indication of the instruction to be executed. An instruction executor is directed to execute the instruction. The instruction is to cause the instruction executor to install an update to the management agent.

Abstract: Embodiments of the present disclosure provide a method for networking and a corresponding device. The method includes in response to a terminal device accessing network, obtaining configuration information of the terminal device; based on the configuration information, determining a traffic path associated with the terminal device; and configuring an underlying network node of the network based on the traffic path such that the underlying network node routes traffic associated with the terminal device based on the traffic path. A device that can implement the above method is further disclosed.

Abstract: The subject matter of this specification can be implemented in, among other things, a method that includes storing first client information identifying a first client device, identifying a location of the first client device, and identifying a first remote access session that provides the first client device access to resources of the remote access system. The method further includes receiving access information identifying an access device and a user account associated with the first client information. The access information indicates that the user account has been successfully authenticated by the access device. The method further includes, in response to the receipt of the access information, causing the first client device to connect to the first remote access session with the remote access system as a background process of the client device while a user interface of the client device remains locked.

Abstract: An information processing apparatus includes: a designation unit that allows a user of a transmission source of a document to designate a transmission destination user and a transmission destination terminal; and a transmission unit that transmits the document and transmission destination information indicative of the transmission destination user and the transmission destination terminal designated with the designation unit to an apparatus that transmits the document to the transmission destination terminal.

Abstract: A method includes forming a logical group of network devices from a plurality of network devices based on at least one attribute of the network devices. The method further includes selecting at least one similarity metric for the logical group of network devices. The method also includes determining a value of the similarity metric for each of the network devices of the logical group. The method further includes comparing values of the similarity metric corresponding to each of the network devices of the logical group against a threshold value. The method also includes determining an action to be taken at one or more of the network devices based on the comparison between the values of the similarity metric and the threshold. There may also be multiple interconnected groups, each performing these actions independently and conveying the computed information between each other.

Abstract: Systems, methods, and computer-readable media are disclosed for systems and methods for initiating automated actions using ring-shaped electronic devices. Example methods may include determining, by a ring-shaped electronic device comprising a button, a first user interaction with the button, determining that a first action associated with the first button sequence identifier is to initiate a synchronous communication, determining contact information associated with the first action, and initiating the synchronous communication using the contact information.

Abstract: A method of providing domain name system (“DNS”) eligibility is provided. The method includes obtaining, at an eligibility service comprising at least one electronic server computer communicatively coupled to a computer network, a request of an eligibility proof from a DNS client; validating, by the eligibility service, the request; providing, by the eligibility service, the eligibility proof to the DNS client; obtaining, by the eligibility service, the eligibility proof, wherein the eligibility proof is related to a registration of a domain name by the DNS client with a DNS registry; validating, by the eligibility service, the eligibility proof; applying, by the eligibility service, a promotion credit to an account of the DNS client; and providing, by the eligibility service, a confirmation of the promotion credit to the DNS client.

Abstract: An intelligent resource initiation and deployment system is provided that identifies a location of a user, identifies entities adjacent the user based on the user location, and identifies a resource application and/or the resource pools. The invention identifies a resource pool which optimizes resource grants for the user based on the desired outcome of the user and/or the entity at which the user is located. The system further includes identifying when the resource pool is active, or what additional information is needed for the user to make the optimized resource pool active. The present invention shifts the processing capacity, memory, and processing speeds related to determination and selection of a resource pool and/or validation of the resource pool during interactions from the time of the interaction to before the interaction is even initiated.

Abstract: A secure key system is described that distributes a private key of a key server to an edge server for encryption on behalf of an owner of the private key when establishing a session with a client. To distribute the private key, the key server receives from the edge server a quote generated by a secure enclave of the edge server. The quote attests to code of the secure enclave. The key server verifies the quote to ensure that the code of the secure enclave is trusted code. The key server encrypts the private key using a key of the edge server and sends the encrypted private key to the code of the secure enclave. The code of the secure enclave decrypts the private key using its key. Untrusted code of the edge server then requests the code of the secure enclave to perform cryptographic actions using the private key.

Abstract: According to one embodiment, a social information distribution apparatus apportions and accumulates, for items classified, basic information including a position of each of a plurality of information sources and social information transmitted in time series from each of the plurality of information sources, analyzes the accumulated social information, modifies and processes the social information, updates the social information as some of the items, selects social information to be broadcast, determines a broadcast format including at least classification of broadcast ranges, a broadcasting time, and a repetition count within the broadcasting time when broadcasting the selected social information, and transmits the selected social information to a designated broadcast range by a broadcast wave.

Abstract: In an approach to generating and managing personalized private roaming service set identifiers and networks, one or more computer processors generate one or more private networks based on one or more policies associated with a user and capabilities of one or more network providers in a communication proximity to the user. The one or more computer processors create one or more configuration files required to implement the one or more generated private networks on the one or more network providers. The one or more computer processors implement the one or more generated private networks by applying the one or more created configuration files to the one or more network providers.

Abstract: A method may include iterating over multiple application programming interfaces (APIs) to extract an authentication type for the multiple APIs. The method may also include, from a central repository, automatically registering a new user for access to a given API of the multiple APIs. The method may additionally include obtaining authentication data based on an authentication type for the given API, and storing the authentication data. The method may also include accessing the given API using the stored authentication data.

Abstract: A load balancer allocates requests to a pool of web servers configured to have low queue capacities. If the queue capacity of a web server is reached, the web server responds to an additional request with a rejection notification to the load balancer, which enables the load balancer to quickly send the rejected request to another web server. Each web server self-monitors its rejection rate. If the rejection rate exceeds a threshold, the number of processes concurrently running on the web server is increased. If the rejection rate falls below a threshold, the number of processes concurrently running on the web server is decreased.

Abstract: A distributed testing service for providing responsive and fault-tolerant testing computing platforms within a range of configurable testing conditions. The distributed testing service may be provide an independent worker registry service, a repository service, and multiple worker nodes. Further, the worker nodes may push, or initiate, transmissions to provide status information that may be used to determine appropriate worker nodes to client computers that are requesting worker nodes for executing test cases. The distributed testing service may provide network information for worker nodes to client computers so that communications involving executing the test cases on the worker nodes to not include the worker registry service or the repository service.