Abstract: A computer-implemented method includes receiving a request for access to a micro-service for a subject to perform an action using a resource; determining whether an access policy governing the access for the subject to perform the action using the resource is stored in a cache memory; in response to the access policy being stored in the cache memory, allowing or denying the request based on the access policy; in response to the access policy not being stored in the cache memory, requesting a new access policy for the subject to perform the action using the resource; receiving the new access policy including an access decision and a duration of the new access policy; allowing or denying the request based on the new access policy; and storing the new access policy in the cache memory.

Abstract: Disclosed are various examples for facilitating access to files in a virtual content repository. In one example, a request to access a file is transmitted to a management service. The request includes a first authentication credential for a first user account associated with the management service. Storage plan data is received that identifies a content repository and a second authentication credential for a second user account associated with the content repository. The client device authenticates with the content repository using the storage plan data, and access to the file is provided.

Abstract: In secure and seamless remote access to enterprise applications with zero user intervention, a first set of policies is generated at a controller based on a user role. A user device associated with the user role is in an enterprise network. The first set of policies is pushed to the security agent in the user device associated with a user, an enterprise server, and a secure remote access gateway from the controller. Upon determining that the user device moves to a remote network, a secure connection is initiated by the security agent from the user device to the secure remote access gateway. Upon determining by the controller that the user is authenticated for the secure connection, a second set of policies is generated by the controller for the user device, the enterprise server and the secure remote access gateway. The second set of policies is pushed to the devices.

Abstract: A host device detects a first request from a first remote device and a second request from a second remote device, each request related to hosting one or more computing desktop environments within a virtual machine, wherein each remote device is at a respective location. The host device determines that the remote devices are qualified to share computing desktop environments based on a proximity threshold. The host device hosts a first computing desktop environment for sharing by the remote devices. The host device gathers respective new locations of the remote devices. The host device determines, by identifying that the respective new locations are not close enough to satisfy the proximity threshold, that the remote devices are no longer qualified to share computing desktop environments. The host device terminates the access of the first remote device to the first computing desktop environment and maintains the access of the second remote device.

Abstract: An IoT apparatus in use by a user, which is communicatively linked to a mobile device used by the user, is identified. A determination can be made as to whether documentation for the IoT apparatus is located on the IoT apparatus or on a mobile device. Responsive to determining that the documentation is located on the IoT apparatus or on the mobile device, a determination can be made as to whether the documentation located on the IoT apparatus or on the mobile device is a latest version of the documentation. Responsive to determining that the documentation located on the IoT apparatus or on the mobile device is not the latest version of the documentation, the latest version of the documentation can be automatically accessed from a resource external to the IoT apparatus and the mobile device. Presentation of the latest version of the documentation on a display can be initiated.

Abstract: One embodiment provides a quality of service (QoS) monitoring framework for dynamically binding one or more customer applications to one or more microservices in a dynamic service environment, collecting compliance data and contextual data from the dynamic service environment and one or more hosting environments, and modifying a monitoring infrastructure for the one or more customer applications based on the compliance data and the contextual data.

Abstract: Aspects of the disclosure relate to using smart data filters to create multi-threaded profiles. A computing platform may generate a multi-threaded profile corresponding to a user. Thereafter, the computing platform may receive, via the communication interface and from a user device, external event information corresponding to the multi-threaded profile. Then, the computing platform may determine, based on the external event information, a filter bank corresponding to a first thread of the multi-threaded profile. Subsequently, the computing platform may determine, based on the external event information and the filter bank, a time to live parameter corresponding to the external event information. Next, the computing platform may retrieve, from a multi-threaded profile server and based on the multi-threaded profile and the filter bank, first thread information corresponding to the first thread of the multi-threaded profile.

Abstract: The present disclosure provides a device control method and apparatus. The device control method includes: connecting to a current LAN and searching a device in the LAN; determining whether there is a created device management group corresponding to the device or more, wherein the device management group corresponds to one or more devices; when there is a created device management group, determining whether there is an account bound to the device management group; and when there is no account bound to the device management group, binding a current account of a user to the device management group, thereby obtaining control of the device corresponding to the device management group according to a binding relationship between the current account of the user and the device management group.

Abstract: A trusted co-processor can provide a hardware-based observation point into the operation of a host machine owned by a resource provider or other such entity. The co-processor can be installed via a peripheral card on a fast bus, such as a PCI bus, on the host machine. The provider can provide the customer with expected information that the customer can verify through a request to an application programming interface (API) of the card, and after the customer verifies the information the customer can take logical ownership of the card and lock out the provider. The card can then function as a trusted but limited environment that is programmable by the customer. The customer can subsequently submit verification requests to the API to ensure that the host has not been unexpectedly modified or is otherwise operating as expected.

Abstract: Embodiments of the present disclosure relate to a method, device and computer readable medium for managing storage. The method comprises: in response to obtaining, at a first storage processor, an access request for a storage unit, determining whether the storage unit is currently accessible, the storage unit including at least one storage area. The method further comprises: in response to the storage unit being currently inaccessible, determining whether the first storage processor has an access right to the storage unit. In addition, the method further comprises: in response to the first storage processor having no access right, requesting a second storage processor for the access right, the second storage processor being associated with a mirror storage unit of the storage unit, and the first and second storage processors having exclusive write access rights.

Abstract: An ad bidder receives a request from a user device to select an advertisement (“ad”) for presentation along with a web page. The ad bidder includes a user profile database and may be a social networking system. The ad bidder determines if the user of the user device is logged into the ad bidder and selects the advertisement based on information in the user profile database if the user is logged into the ad bidder. If the ad bidder determines the user is not logged into the ad bidder, the ad bidder retrieves a device cookie stored on the user device. The device cookie describes interactions with content from the user device, such as viewed web pages or ads. Data stored by the device cookie is then used to select the ad for presentation.

Abstract: The present invention, when at least one from among chat participants requests recording of data generated by the chat participants in an environment in which a messenger bot participates in a chat, registers at least a portion of the generated data as recorded data in a database, provides a transaction ID indicating location in the database of the data registered therein to at least one participant from among the chat participants, determines, in response to a recorded data-related verification request, whether input data included in the verification request corresponds to the recorded data, and, if the input data corresponds to the recorded data, then concludes the recorded data-related verification to have been successful.

Abstract: Disclosed are systems and methods for improving interactions with and between electronic mail services and other services, such as social networking service and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. The disclosed systems and methods provide systems and methods for automatic linking of an electronic messaging service and another service, such as a social networking service. The disclosed systems and methods form a connection between an electronic messaging system and another service external to the electronic messaging system and uses the formed link to perform a number of actions on behalf of the user of the electronic messaging system and the other service.

Abstract: A mobile computing device is operated to receive a trigger at a first instance. The trigger may be associated with a predefined condition or event or action. The mobile computing device may detect the predefined condition or event at a second instance. In response to detecting the predefined condition or event, a notification is activated on the mobile computing device that is based on the trigger.

Abstract: A computing system includes virtualization servers running virtual machine sessions, and client computing devices grouped by respective enterprises. Each client computing device is operated by an end-user to access an application via a virtual desktop during one of the virtual machine sessions. An analytics server is coupled to the virtualization servers, and collects application usage parameters provided for each client computing device accessing the application during one of the virtual machine sessions, and analyzes the application usage parameters to determine application performance of the application across the client computing devices for each respective enterprise. Client computing devices having slower application performances as compared to application performances of other client computing devices are identified by the analytics server.

Abstract: A system and method for selecting alternate global positioning system coordinates is provided. The system generally comprises a geolocation device, processor operably connected to the geolocation device, and non-transitory computer-readable medium having instructions stored thereon. The instructions instruct the system to select alternate GPS coordinates based off geospatial data received by the processor as well as parameters of the system that may limit the alternate GPS coordinates in which the system may select. The parameters may be selected within a user interface of the system.

Abstract: A first computer server included in a cluster system includes a plurality of network interfaces, a memory, and a processor coupled to the memory. The processor retrieves a first Internet Protocol (IP) address and a second IP address from the memory. The processor initiates a first communication process with a second computer server included in the cluster system via a first network interface of the plurality of network interfaces. The processor sets the first IP address to the first network interface when the first communication process enables communication with the second computer server. The processor initiates, using the first IP address, a second communication process with a first device having the second IP address via the first network interface. The processor obtains a type of the first device and outputs information on the type of the first device in association with information on the first network interface.

Abstract: A data transfer analysis system is disclosed that analyzes data transfer log entries to determine whether a data transfer is authorized. The system determines information about the data assets involved in the data transfer (e.g., network address, geographical location, etc.) and uses a data map to determine if data transfers are authorized between the two data assets. If not, the system may take one or more actions, such as generating a notification, terminating the data transfer, restricting the access of the user that initiated the transfer, modifying network communications capabilities between the assets to prevent future transfers, and storing metadata that can be used to prevent future such transfers.

Abstract: A method to provide secure delivery of video manifest/playlist files by generating a single use, per-user encryption key to encrypt the video manifest/playlist file is disclosed. A video player generates a session ID when establishing connection with a manifest server. The manifest server is in communication with a key server and uses the session ID and content ID to generate the single use encryption key specifically for the session ID generated by the video player. The manifest server encrypts the manifest file prior to providing it to the video player. The content of the manifest file can then only be decrypted by the single use encryption key. The video player communicates with the key server to retrieve the single use key and to decrypt the manifest file.

Abstract: A method for processing telephony sessions of a network including at least one application server and a call router, the method including the steps of assigning a primary Uniform Resource Identifier (URI) and at least a secondary URI to an application; mapping a telephony session to the primary URI; communicating with the application server designated by the primary URI using an application layer protocol; receiving telephony instructions from the application server and processing the telephony instructions with the call router; detecting an application event; and upon detecting the application event, communicating with the application server designated by the secondary URI.

Abstract: Methods, systems, and media for presenting an advertisement are provided. In some embodiments, the method comprises: causing an advertisement to be presented in connection with presentation of a video having content associated with an application, wherein the advertisement includes information indicating one or more virtual items associated with the application available for purchase; receiving a user input indicating a purchase of at least one of the one or more virtual items; causing payment information to be collected based on a user account associated with a request for presentation of the video to complete the purchase; and transmitting information indicating the completed purchase to an entity associated with the application.

Abstract: A system configured to synchronize the displays of multiple infusion pumps is provided. In some embodiments, the system includes a plurality of infusion pumps in communication with a server. An individual infusion pump synchronizes its internal clock by communicating with the server. Based on the synchronized internal clock, the infusion pump determines the current time, calculates a parameter based on the current time, and causes screen content corresponding to the calculated parameter to be displayed.

Abstract: Systems and methods for providing a guaranteed batch pool are described, including receiving a job request for execution on the pool of resources; determining an amount of time to be utilized for executing the job request based on available resources from the pool of resources and historical resource usage of the pool of resources; determining a resource allocation from the pool of resources, wherein the resource allocation spreads the job request over the amount of time; determining that the job request is capable of being executed for the amount of time; and executing the job request over the amount of time, according to the resource allocation.

Abstract: A communication entity includes a Proxy Call Session Control Function (P-CSCF). The P-CSCF includes a transceiver and a controller. The transceiver is operable to receive a register request from a user equipment (UE) in a visited public land mobile network (VPLMN). The controller is operable to: retrieve a network identifier (PLMN ID) for the VPLMN by requesting the PLMN ID where the UE is currently located from a Policy Control Rule Function (PCRF); access a database to obtain a list of local emergency numbers for the VPLMN; and include the retrieved PLMN ID in the register request before forwarding the register request to a Call Session Control Function (CSCF).

Abstract: A request for access to a user's account is made to an authenticator. The authenticator sends a request for access to the user associated with the user's account. In response to user authorization, the authenticator sends an access link to a service engineer. The service engineer access the link to access the user's account with limited and restricted access. When a remote service session associated with the activated access link is terminated, the authenticator sends a termination of session notice to the user.

Abstract: A computer-implemented method of establishing a conversation between intelligent assistants includes subdividing content of a user's conversation monitored over a predetermined period of time into a plurality of segments, and associating a time stamp with each segment; hashing each of the plurality of segments wherein a hash value is associated with each segment; matching pairs of the hash values and their time stamps with hash values and time stamps received from one or more intelligent assistants associated with the one or more other persons; and establishing a connection between the user's intelligent assistant and an intelligent assistant of at least one of the one or more other persons, when the user's hash value and time stamp for one or more segments of the conversation match hash values and time stamps of one or more conversation segments of the at least one of the one or more other persons.

Abstract: Systems and methods are disclosed herein for dynamically applying information rights management (“IRM”) policies to documents. An example system for dynamically applying IRM policies to documents can include a document repository, a proxy server, and a dynamic IRM wrapping service (also referred to herein as an IRM engine). A user can request a document on the document repository by, for example, attempting to access the document from a user device. The user device can be managed by a management server that enrolls the user device and enforces compliance rules and other policies at the user device. The user's request for the document can be received at the proxy server, and the proxy server can then request the document from the document repository.

Abstract: Techniques for governing access to third-party application programming interfaces (API's) are disclosed. A proxy service exposes an API configured to receive requests, from user-facing services, to perform functions of backend services. The proxy service stores a usage policy that defines a criterion that is (a) different from any authorization criterion and (b) associated with using a function of a backend service. The proxy service receives a request to perform the function of the first backend service for a user-facing service and determines that the request does not satisfy the usage policy. Based on determining that the request does not satisfy the usage policy, the proxy service refrains from accessing the backend service to perform the function responsive to the request, and transmits an alert to the user-facing service indicating that the request does not satisfy the usage policy.

Abstract: A Dynamic Name Server (DNS) surrogation method, a DNS system, and a DNS server provide DNS surrogation which is the idea that if a user device sends a DNS resolution request to a given DNS server that server does not need to actually perform the recursion itself. A policy can be defined telling the server that first received the request to take other factors into account and “relay” or “surrogate” that request to another node. This additional node is called a “surrogate” and it actually performs the recursion therefore allowing the resolving party to perform proper localization, optimization, or any other form of differentiated resolution. This surrogation also distributes the job of actually performing resolution, which adds scalability to the DNS server or service itself. A network of “surrogate” resolvers is possible as well as the concept of every client needing DNS resolution can also become a surrogate.

Abstract: In general, systems, methods and computer readable media for data record compression using graph-based techniques are provided herein.

Abstract: A method is disclosed. The method includes receiving transaction data in an authorization request message from an access device, where the transaction data is associated with a merchant and a transaction location. The method also includes analyzing the transaction data to determine if a location database comprises location data corresponding to the merchant associated with the transaction data, and adding the transaction location and information regarding the access device to the location database.

Abstract: The present invention provides a live video transmission method and system and an apparatus. According to the method, an M2U device receives a UDP request sent by a client, where the UDP request includes a live channel identifier and is used to request video data of a live channel corresponding to the live channel identifier, and the live channel identifier includes a multicast address or a URL. Then, the M2U device obtains the video data corresponding to the live channel identifier, and obtains a source IP address and a source port of the UDP request, where the source IP address and the source port of the UDP request are used as a destination IP address and a destination port of a UDP unicast packet to be subsequently sent to the client.

Abstract: The invention discloses a system and method for selective erasure, encryption and or copying of data on a remote device if the remote device has been compromised or the level of authorization of a roaming user in charge of the remote device has been modified.

Abstract: This disclosure provides a cache data control method and a device, applied to a first edge cache node. The method includes: receiving a data obtaining request sent from a terminal device, where the data obtaining request includes an identification of to-be-requested data; when the first edge cache node does not include the to-be-requested data, determining a target cache node that includes the to-be-requested data in an edge cache node set corresponding to the first edge cache node and a central cache node corresponding to the first edge cache node; and obtaining the to-be-requested data from the target cache node. This disclosure is intended to improve efficiency of feeding back data information to the terminal device.

Abstract: There are provided systems and methods for visual data processing of mimed images for authentication. Authentication may be required for a user and/or an account of the user, for example, to verify the identity of the user or allow the user to access and use the account of the user. As an additional factor to authentication, increased authentication may be accomplished through who and what the user is, such as through facial recognition and biometrics of the user. During authentication, the user may be presented with a set of images or icons, such as digital emojis, that convey and emotion or idea. The user may be asked to mimic the emojis during authentication, where the user's facial expression is recorded. To authenticate the user, the recorded data may be compared to past data through facial recognition processing and image analysis to find similarities.

Abstract: This document describes, among other things, systems and methods for more efficiently resuming a client-to-origin TLS session through a proxy layer that fronts the origin in order to provide network security services. At the time of an initial TLS handshake with an unknown client, for example, the proxy can perform a set of security checks. If the client passes the checks, the proxy can transmit a ‘proxy token’ upstream to the origin. The origin can incorporate this token into session state data which is passed back to and stored on the client, e.g., using a TLS session ticket extension field, pre-shared key extension field, or other field. On TLS session resumption, when the client sends the session state data, the proxy can recover its proxy token from the session state data, and upon successful validation, bypass security checks that it would otherwise perform against the client, thereby more efficiently handling known clients.

Abstract: An Internet anti-attack method includes: an authentication server receives a service access request, sent by a user, from a content delivery network node group through a WEB interface, where the service access request includes an IP address of the user. The authentication server sends an access authentication request to a security gateway, where the access authentication request includes the IP address of the user, and the access authentication request is used to instruct the security gateway to allow a service-serving request that includes the IP address of the user to be sent to the service server.

Abstract: Examples relate to identifying malicious activity using data complexity anomalies. In one example, a computing device may: receive a byte stream that includes a plurality of bytes; determine, for a least one subset of the byte stream, a measure of complexity of the subset; determine that the measure of complexity meets a predetermined threshold measure of complexity for a context associated with the byte stream; and in response to determining that the measure of complexity meets the threshold, provide an indication that the byte stream complexity is anomalous.

Abstract: A method, computer system, and a computer program product for sharing a peering connection parameter is provided. The present invention may include receiving a peering connection order from a user. The present invention may also include assigning at least one shared secret to the received peering connection order. The present invention may then include receiving a request from a network service provider of the user for at least one connection parameter associated with the received peering connection order, wherein the received request includes the at least one shared secret for the received peering connection order. The present invention may further include, in response to determining that the at least one shared secret included in the received request is valid, returning the at least one connection parameter associated with the received peering connection order to the network service provider of the user.

Abstract: An embodiment of the present invention is directed to an automated validation tool for migration from a source system to a target system. The system comprises: a memory component; an interactive interface that receives one or more user inputs; and a validation engine comprising a processor, coupled to the memory component and the interactive interface, the validation engine configured to perform the steps comprising: initiating a migration process from a source system to a target system; identifying a source identifier of the source system and a target identifier of the target system; performing validation of the migration process; comparing project configuration data of the source system and the target system; comparing project data of the source system and the target system; and providing, via the interactive interface, validation results.

Abstract: A consolidated default security policy for a storage node is created by combining a system-wide default security policy with default security policies for multiple protocols and default security policies for multiple applications. The default security policies for protocols and applications include IKE parameters and parameter values. In response to receipt of an IKE request from a peer, the storage node obtains dynamically-assigned source and destination information and finds matching parameters and parameter values in the consolidated default security policy. The matching parameters and parameter values are used with the dynamically-assigned source and destination information to auto-generate a secure channel with the peer.

Abstract: A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet.

Abstract: A peripheral device includes a function block to provide data in response to a request from a host device, a data channel coupled with the function block to transmit the data from the function block to a host device as one or more packets, and output logic coupled with the data channel and configured to indicate validity of the data transmitted via the data channel by causing a signal to transition for each of the one or more packets of the data transmitted to the host device via the data channel, and transmit the signal to the host device.

Abstract: A deployment subsystem provides updates to an application and/or software executed by server computer systems. The update is included in an update script. Execution of the update script by a server computer system causes the server computer system to execute a set of checks. After completing the set of checks the server computer system may execute the update to the application and/or software executed by server computer systems.

Abstract: A computer-implemented method, a computer program product, and a computer system for allowing multiple infrastructural services to access multiple IoT (Internet of Things) devices. A gateway device receives a use request from a first application of a first infrastructural service, wherein the gateway device connects the multiple infrastructural services and the multiple IoT devices. The gateway device assigns an exclusive right to use the IoT device to the first application, in response to determining that the IoT device is not being used by a second application. The gateway device determines a mode for allowing the multiple infrastructural services to access the multiple IoT devices is configured, in response to determining that the IoT device is being used by the second application. The gateway device assigns the first application and the second application respective rights to use the multiple IoT devices, based on mode.

Abstract: Some examples of the present disclosure relate to container-image replication. One example includes a computing device that can generate a container image. The container image can include metadata that is consumable by a container engine for deploying a container with settings specified in the metadata. The computing device can also generate provenance data indicating at least one aspect related to the generation of the container image. The computing device can modify the metadata in the container image to include an indicator of the provenance data. The computing device can then store the container image and the provenance data in one or more repositories accessible to a client device. This may enable the client device to reproduce the container image at a future point in time.

Abstract: A network traffic system includes a network traffic mangling application for modifying a signature of packets that are transmitted in the network traffic system. The network traffic mangling application includes a user module control agent and a kernel module for executing the network traffic mangling application. The user control module agent modifies and mangles the behavior of the kernel module and communicates with the kernel module.

Abstract: A hash accelerator is provided that receives a hash key value from a processor core, determines a main memory address storing a hash table entry corresponding to the hash key value, and causes the hash table entry to be stored in a cache memory accessible by the processor core. The hash accelerator is configured to execute the same hash function that the processor core executes, and if the hash accelerator is faster than the software executing on the processor core, the hash table entry can be available to the core processor from cache memory by the time the processor core attempts to access the entry. This avoids a cache miss by the processor core, thereby improving overall efficiency of routines executed by the processor core.

Abstract: A method in a cache node (30) of a network comprises monitoring a secure data stream being received at the cache node from a server node, and detecting from one or more data chunks of the secure data stream that the secure data stream contains a data object that has been previously received and cached at the cache node, and sending a notification signal to the server node that the data object has been previously cached. The method may further comprise receiving one or more encryption header portions (e.g. TLS headers) from the server node, inserting a previously cached data chunk corresponding to each of the one or more encryption header portions into the data stream, and sending the data stream to a client device.

Abstract: Computer readable instructions, when executed by a processor, may cause an information processing apparatus to receive, from an operation apparatus, a reading instruction for instructing an image reading apparatus to execute a reading operation and specific service identification information. The computer readable instructions may cause the information processing apparatus to acquire the setting information associated with the specific service identification information from the memory, and transmit the acquired setting information to the operation apparatus. The computer readable instructions may cause the information processing apparatus to receive specific setting information from the operation apparatus, and transmit the specific setting information to a particular image reading apparatus for reading image data in the particular image reading apparatus.