Abstract: Described embodiments provide systems and methods for selecting communication paths for applications sensitive to bursty packet drops. A device intermediary to a client and a server may identify an application for which packets are to be communicated between the client and the server. The device may determine a sensitivity level of the application to a network disruption affecting the packets. The device may estimate, for each path between the client and the server for communicating the one or more packets, a path quality for the path indicating a likelihood that the network disruption affects the one or more packets. The device may select path for communicating the packets based on the sensitivity level of the application and the path quality. The device may communicate the packets between the client and the server via the path.

Abstract: A method for operating a flow control entity which is configured to control a data packet flow in a network in which at least one virtualized gateway and at least one other gateway exchange routing data is disclosed. The flow control entity receives a message from a node located in an interconnection used by the at least one virtualized gateway and the at least one other gateway to exchange routing data by which one the gateways informs the other of the gateways about new routes and withdrawn routes for data packet flows which traverse the at least one virtualized gateway and the at least one other gateway, extracts the routing data from the received message, translates the extracted routing data into routing information, and transmits the routing information to an infrastructure managing entity configured to manage a virtualized infrastructure of the network.

Abstract: Techniques for content augmentation and assist are provided. A textual conversation between a first user and a plurality of recipients is analyzed to determine a first intent of the first user. A set of relationships is determined between the first user and the plurality of recipients, and a set of historical intents corresponding to each of the plurality of recipients is evaluated to identify similar intents to the first intent. A plurality of predefined messages is identified based on one or more similar intents that overlap between two or more of the plurality of recipients. A first predefined message is selected, from the plurality of predefined messages, based on the first intent and the determined set of relationships, and suggested content is provided based on the first predefined message.

Abstract: A method for securely relaying personal data between a telemedicine device and a remote terminal via a proxy server includes establishing a communication link between the telemedicine device and the proxy server over a first communication network. A request, including authentication access data, is received from a remote terminal for a remote user to assess personal data of a telemedicine device user. Upon validating the authentication access data to approve access to the personal data on the telemedicine device by the remote user, the personal data is relayed between the telemedicine device and the remote terminal in a remote assess session while preventing secure personal data of the telemedicine device user from being sent to the proxy server. If the telemedicine device communicates over a second communication network, the communication link is re-established with the proxy server over the second communication network without terminating the remote access session.

Abstract: In a relay device, a control unit stores, in a temporary storage unit data which is received by an Ethernet communication unit through a communication line. When the data stored in the temporary storage unit is transmitted, the control unit deletes the transmitted data from the temporary storage unit. When the control unit determines that, for the data received by the Ethernet communication unit, the amount of data stored in the temporary storage unit is equal to or greater than a threshold value, the Ethernet communication unit transmits instruction data giving an instruction to stop transmission through a communication line and to perform transmission through a communication bus.

Abstract: Round-trip times (RTT) values are estimated between meshed data centers serving an internet domain and a local domain name server (LDNS) associated with the data centers. A method initializes a shared database with proactively estimated RTTs and uses distributed DNS reflection to improve the accuracy of an estimated RTT value and update the shared database. RTTs may be proactively estimated by using pings, queries, or local DNS reflection. In local DNS reflection, a reflector sends a request to a collector in the same data center via the LDNS, and the collector measures the RTT. In distributed DNS reflection, a reflector in a first data center sends a request to a collector in a second data center via the LDNS. The collector calculates the latency, retrieves the (first) RTT between the first data center and the LDNS, and calculates the (second) RTT between the second data center and the LDNS by doubling the difference between the latency and half the first estimated RTT.

Abstract: Examples described herein relate to systems and methods for tiered updating of configuration data. Updated configuration data is transmitted to different tiers of nodes. The nodes of a first tier are commanded to use the updated configuration data. After waiting to see if any nodes of the first tier communicate a fault after using the updated configuration data, for each of the additional tiers in the CDN it is sequentially repeated to: transmit a command to the nodes of that additional tier to use the updated configuration data; and after waiting to see if any nodes of any tier communicate a fault after using the updated configuration data, transmitting a command to the nodes of another additional tier to use the updated configuration data.

Abstract: A system facilitates authentication in situations where a pop-up window fails or is disallowed. If a browser application accessing a first webpage is not capable of presenting pop-up windows and redirects a user to a separate webpage for collecting information, the browser application, the absence of a JavaScript object indicating the pop-up window, or the inability to exchange data with a computing device associated with the first webpage is determined. In such a case, if valid information is received from the user, authorization data is provided to the computing device in the form of text included in a Uniform Resource Identifier (URI) for the first webpage. As a result, transactions may be authorized when a browser application is not capable of presenting pop-up windows.

Abstract: Systems, methods and computer program products dynamically configuring architecture of high-availability computing environments to maximize uptime of the high-availability systems and minimizing the down time of the computing environment fulfilling incoming connections, requests and data transfers. Embodiments dynamically configure arbitrary systems of the high availability computing environments, including network nodes, virtual machines, containerized systems, managed clusters thereof, agents, and application components, using a lightweight and portable HA controller plugin. The HA controller plugin installs controller components, data migration logic, synchronizes data and configurations of the computing environment on any nodes promoted to controllers with lead HA controllers elected by system administrators.

Abstract: A system for managing web traffic comprising a meta control operating on a first processor having a first control interface and configured to generate a request for content and to transmit the request for content over a digital data network to a meta control server. The meta control server operating on a second processor and configured to receive the request for content and to select data for one or more second control interfaces as a function of data associated with the first control interface and to transmit the data for the one or more second control interfaces over the digital data network to the first control interface. The first control interface displays the data for the one or more second control interfaces and monitors user activity associated with the data.

Abstract: A computer-implemented method includes receiving network topology information about a network segment between a source node and a destination node. The method also includes identifying, based on the network topology information, a significant hop in the network segment. The method additionally includes calculating a plurality of probabilistic cover values based on the significant hop. The method additionally includes causing a plurality of different sets of traceroute packets to be sent from the source node. The plurality of different sets of traceroute packets are based on the plurality of probabilistic cover values.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a label stack that includes a plurality of labels that collectively represent at least a portion of a label-switched path within the network, (3) popping, from the label stack, a label that corresponds to a next hop of the network node, (4) determining, based at least in part on the label, that the next hop has experienced a failure that prevents the packet from reaching a destination via the next hop, (5) identifying a backup path that merges with the label-switched path at a next-to-next hop included in the label-switched path, and then (6) forwarding the packet to the next-to-next hop via the backup path. Various other methods, systems, and apparatuses are also disclosed.

Abstract: Edge clusters execute in a plurality of regional clouds of a cloud computing platforms, which may include cloud POPs. Edge clusters may be programmed to control access to applications executing in the cloud computing platform. Edge clusters and an intelligent routing module route traffic to applications executing in the cloud computing platform. Cost and latency may be managed by the intelligent routing module by routing requests over the Internet or a cloud backbone network and using or bypassing cloud POPs. The placement of edge clusters may be selected according to measured or estimated latency. Latency may be estimated using speed test servers and the locations of speed test servers may be verified.

Abstract: A content delivery network (CDN) includes a plurality of CDN components including at least one CDN rendezvous mechanism and at least one control core. The CDN components are controlled by control core data from the at least one control core. Some CDN components obtain CDN resources including control core data from at least some other CDN components. The CDN components use the CDN rendezvous mechanism to select one or more CDN components from which to obtain CDN resources.

Abstract: A system includes a first aggregated networking device that is included with the second aggregated networking device in a link aggregation domain. The first aggregated networking device provides, to a networking device via a link aggregation group (LAG), a first control message that defines itself as a root bridge and the first link aggregation domain as a designated bridge. The second aggregated networking device detects that the first aggregated networking device is unavailable. The second aggregated networking devices then provides, to the networking device via the LAG, a second control message that defines itself as the root bridge, and the first link aggregation domain as the designated bridge. Network traffic is transmitted in response to the networking device accepting the second aggregated networking device as a new root bridge based on the first link aggregation domain being defined as the designated bridge in both the first and second control messages.

Abstract: Transferring files between computer nodes located on different networks is provided. A path for transferring a file to a target node located on a different network is determined. The path includes an address of the target node and a set of one or more addresses of intermediate network bridge nodes connecting the different networks. At least one command to be executed to transfer the file to a specific node present in the path is determined. A file transfer command record is generated. The file transfer command record includes the path and the at least one command to be executed to transfer the file to the specific node present in the path.

Abstract: A system and method for regionalized resolution of a network path to one or more file types based on a specific sound or a specific combination of words, phrases and/or sounds. An application with a user interface at a networked device has access to a remote speech to text server via an advanced programmer interface (API) and to a regionalized, accessible database. The regionalized, accessible database can contain text translations of distinct words, phrases, and sounds along with region(s) where the entries are valid that are associated with distinct network paths. Converted audio in a searchable format and location of the networked device are queried at the global database for a match, if a match is found at the regionalized database for the query, the network path associated with the match is returned from the regionalized database to the networked device, and one or more files associated with the returned network path are opened at the networked device.

Abstract: Redundant transmission control protocol tunneling of the present invention channels client application data through the public Internet via a secure UDP channel. By integrating one or more gateway applications interposed between an endpoint and the public Internet using local loopback addresses, the present invention provides network path failover redundancy.

Abstract: A distributed storage network (DSN) processes storage unit maintenance tasks on multiple tiers within the DSN. A master storage unit coordinates pending maintenance tasks when a DSN management unit, originally processing the pending maintenance tasks, changes its status to offline. The method includes the master storage unit aggregating pending maintenance tasks from corresponding DSN storage units into an ordered list of maintenance tasks, facilitating, based on the ordered list of maintenance tasks, coordination of a next maintenance task with a corresponding storage unit and directing execution of the next maintenance task by the corresponding storage unit.

Abstract: A method, a device, and a system for deferring a switchback. A first network device sends a query packet to a second network device, detects, according to the query packet, whether a route from the second network device to a destination device is available after receiving the query packet, and when it is available, the second network device sends a query response packet to the first network device in order to trigger the first network device to switch back from a secondary route to a primary route. The technical solution provided reduces a wait-to-restore time of the switchback, ensures that service data transmitted from the first network device to the second network device can be transmitted to the destination device, and facilitates smooth transmission of the service data.

Abstract: A network device includes a first network processor that forwards packets based on a first forwarding information table; a second network processor that forwards packets based on a second forwarding information table; a first group of ports operably connected to the first network processor; and a second group of ports operably connected to the second network processor. The first forwarding information table specifies that packets, received by the first network processor, that specify a destination device reachable by the first group of ports and the second group of ports are forwarded by a port of the first group of ports. The second forwarding information table specifies that packets, received by the second network processor, that specify the destination device reachable by the first group of ports and the second group of ports are forwarded by a port of the second group of ports.

Abstract: A data processing system comprising: a host computer system supporting a software entity and a receive queue for the software entity; a network interface device having a controller unit configured to provide a data port for receiving data packets from a network and a data bus interface for connection to a host computer system, the network interface device being connected to the host computer system by means of the data bus interface; and an accelerator module arranged between the controller unit and a network and having a first medium access controller for connection to the network and a second medium access controller coupled to the data port of the controller unit, the accelerator module being configured to: on behalf of the software entity, process incoming data packets received from the network in one or more streams associated with a first set of one or more network endpoints; encapsulate data resulting from said processing in network data packets directed to the software entity; and deliver the network

Abstract: Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Abstract: An apparatus includes a processing device comprising a processor and a memory. The processing device is configured, in conjunction with synchronous replication of a logical storage volume between first and second storage systems, to receive a synchronous write request comprising at least a portion of a data page to be written to the storage volume, to determine a source processing module associated with the data page in the first storage system, to determine at least one of a process identifier and a processor identifier of the source processing module in the first storage system, and to select a particular one of multiple links between the first and second storage systems for use with the synchronous write request based at least in part on at least one of the process identifier and the processor identifier of the source processing module. The selected link is illustratively associated with a transmit processing module.

Abstract: Responsive to receiving the BGP UPDATE message, a route reflector may (1) update a CLUSTER_LIST value and, if needed, an ORIGINATOR_ID value, in a path attribute section in the BGP UPDATE message to generate a revised BGP UPDATE message, and (2) send the revised BGP UPDATE message to a client of the route reflector, regardless of whether or not one of (A) field validity checking of the BGP UPDATE message, (B) Adj-RIBS-In update using the BGP UPDATE message, (C) decision processing for route selection using information in the BGP UPDATE message, or (D) Adj-RIBS-Out update using the BGP UPDATE message, is completed (or perhaps even started). This provides faster route propagation and avoids delays associated with processing BGP UPDATE messages (NLRI with advertisements and withdrawals) at each hop the NLRIs using conventional BGP such as next-hop validation, best path selection, etc.

Abstract: Using a Radio Access Network (RAN) capacity exchange (or RANxChange), mobile operators can advertise slices/partitions of available unused base station capacity, and auction and lease it. A member-operator can advertise their unused base station capacity availability or lease capacity from another member-operator for a specific time period. The bidding operators can bid for the full auctioned capacity or portion of the auctioned capacity. The users start attaching the leased slice transparently without any configuration changes on their mobile devices.

Abstract: A module in a hardened optical platform includes one or more Printed Circuit Boards (PCB) and associated components; at least one cage configured to receive a pluggable optical module, wherein the at least one cage is on a PCB of the one or more PCBs; and a housing enclosing the one or more PCBs, wherein the housing covers the one or more PCBs, the associated components, and the at least one cage with the pluggable optical module, with respect to airflow, wherein a thermally conductive conduit is formed between the pluggable optical module once inserted and the housing, enabling the pluggable optical module to operate in the housing which is sealed with respect to airflow.

Abstract: Decoy network ports and services are projected onto existing production workloads to facilitate cyber deception, without the need to modify production machines. The approach may be implemented in a production network that includes two segments. A production machine is reachable via the first segment, while a decoy machine that offers the network service expected from the production machine is reachable via the second segment. A deception router is configured in front of the two segments, and it is not visible on the link and network layers. The router inspects network traffic destined for the production machine. Based on a set of one or more conditions being met, the router determines whether to relay network packets to the production machine, or to redirect the packet to the decoy machine.

Abstract: First call data submitted by a mobile browser when a service call for a target application (app) is initiated is received, where the first call data comprises a custom parameter used to invoke the target app and identification information of the mobile browser, and where the identification information comprises package name information of the mobile browser. Based on the custom parameter, the target app is invoked to execute a corresponding target service. The identification information of the mobile browser is transferred to the target app. In response to executing the corresponding target service, responding to second call data including the package name information of the mobile browser and submitted by the target app, to automatically return to the mobile browser.

Abstract: This application discloses a packet processing method and an LSR. The method includes: receiving, by an Ingress LSR of a first MPLS tunnel, a first notification packet that is based on an IGP, where the first notification packet includes an ELC flag, which is used to indicate that the first Egress LSR has ELC; after learning from the first notification packet that the first Egress LSR has ELC, inserting a label into a first packet, to generate a second packet, where the label forms an MPLS label stack, which includes, from bottom to top, a first EL, a first ELI, and a first TL; and sending the second packet to the first Egress LSR through the first MPLS tunnel. According to the solutions of this invention, a Transit LSR of the first MPLS tunnel may perform load balancing when forwarding the second packet.

Abstract: A method including: storing, in at least one hardware module of a network device having a plurality of ports, attributes for at least one access control list and associated actions that cause network packets received at one of the plurality of ports that match the attributes for the at least one access control list, to be directed into a service chain that includes at least a first application performed by any one of a first plurality of redundant network processing appliance elements connected to another port of the plurality of ports; directing received network packets that match the attributes for the at least one access control list into the service chain; and load balancing network packets among the first plurality of redundant network processing appliance elements for the first application based on the attributes stored in the at least one hardware module of the network device.

Abstract: Aspects of data re-direction are described, which can include software-defined networking (SDN) data re-direction operations. Some aspects include data re-direction operations performed by one or more virtualized network functions. In some aspects, a network router decodes an indication of a handover of a user equipment (UE) from a first end point (EP) to a second EP, based on the indication, the router can update a relocation table including the UE identifier, an identifier of the first EP, and an identifier of the second EP. The router can receive a data packet for the UE, configured for transmission to the first EP, and modify the data packet, based on the relocation table, for rerouting to the second EP. In some aspects, the router can decode handover prediction information, including an indication of a predicted future geographic location of the UE, and update the relocation table based on the handover prediction information.

Abstract: Embodiments are directed to managing communication over one or more networks. An underlay network that couples a source gateway and a target gateway using underlay protocols may be provided such that the target gateway includes two or more port groups that may each be associated with a separate target node. An overlay network may be provided on the underlay network based on policy information such that the source gateway and the target gateway may each be assigned separate gateway identifiers (GIDs) that are associated with the overlay network. In response to the source gateway authorizing a source node to employ the overlay network to communicate one or more encrypted payloads to a target node, the one or more encrypted payloads may be provided to the target node based on the overlay network and the policy information.

Abstract: Various embodiments of the invention disclosed herein provide techniques for mitigating a distributed denial of service (DDoS) attack on a targeted computer system. A border gateway protocol (BGP) controller receives, via a first router, a BGP message that includes an indicator indicating that a computer system associated with the first router is under a DDoS attack. In response to receiving the BGP message, the BGP controller, in performs one or more operations to mitigate the DDoS attack. As a result, the time between detection of a DDoS attack and mitigating the attack is reduced relative to prior approaches. After receiving the BGP message indicating a DDoS attack is in progress, the DDoS attack mitigation platform automatically takes steps to mitigate the DDoS attack without further manual intervention. Consequently, the targeted computer system recovers more quickly and begins to respond to legitimate network requests sooner relative to prior approaches.

Abstract: The present invention relates to a method, an apparatus, and a computer-readable medium for providing an internet browsing service through a tactile interface device, and more particularly, to a method, an apparatus, and a computer-readable medium for providing an internet browsing service through a tactile interface device, which allow a visually impaired person to intuitively use, interact, and control the tactile interface device that corresponds to a multi-array tactile cell-based smart braille device in order to increase the efficiency of the use of a smart device (smart phone, smart pad, etc.) or a smart braille device and to improve the level of informatization of the visually impaired person, so that the visually impaired person may intuitively use the content of a web page.

Abstract: A command endpoint used by Domain Generation Algorithm (DGA) malware is identified using machine learning-based clustering. According to this technique, at least one attribute associated with a candidate resolved DNS name is identified. The candidate resolved DNS name has associated therewith a set of names that are failed DNS lookups but that cluster with the candidate resolved DNS name. A set of additional names that share the at least one attribute with the candidate resolved DNS name are then identified. For the set of additional names, an extent to which the set of additional names also clusters with the set of names that are failed DNS lookups is then determined. The candidate resolved DNS name is characterized as associated with the command endpoint when the set of additional names cluster with the set of names that are failed DNS lookups to a configurable degree.

Abstract: In one embodiment, a method is performed at a node in a multi-site enterprise fabric. The method includes obtaining map entries from a fabric control plane of the multi-site enterprise fabric, where the map entries are associated with identifiers of endpoints in external networks, site and virtual network identifiers of sites in the multi-site enterprise fabric, location identifiers of border nodes, and characteristics of the border nodes. The method further includes receiving a request from a source to connect to an external endpoint. After deriving an external endpoint identifier and source parameters, the method additionally includes establishing at least one connection between the source and the external endpoint via border node(s) that are selected from the map entries based at least in part on the source parameters, the external endpoint identifier, and characteristics of the border node(s) with their site and virtual network identifier(s) along the at least one connection.

Abstract: A host system pushing hosted Universal Resource Locators (URLs) to mobile computing devices is provided. The host system includes at least one host computing device configured to receive first merchant data and first Internet of Technology (IOT) data associated with a merchant computing device, enroll the merchant computing device using the first merchant data and the first IOT data, and build an IOT device profile. The host computing device is also configured to generate a hosted URL associated with the merchant computing device and push the hosted URL, using a URL signal, to a user computing device via an IOT device. The host computing device is further configured to instruct the user computing device to convert the URL signal into a URL address and instruct the user computing device to load the URL address in a browser of the user computing device.

Abstract: A computer-implemented method in a content delivery network (CDN) having multiple delivery servers. The CDN delivers content on behalf of at least one content provider. Distinct delivery servers are logically grouped into delivery server groups. One or more CDN name servers are associated with some of the delivery server groups. Network map data are determined using network data determined by the CDN name servers associated with at least some of the deliver server groups. The network data with respect to a CDN name server relative to a resolver is based on an estimated popularity of that CDN name server for that resolver. Responsive to a client request, including a hostname associated with a content provider, at least one CDN name server determines, using network map data, at least one delivery server to process the client request.

Abstract: Techniques reduce data recovery time of a storage system. The techniques involve: determining a plurality of service layers associated with a data recovery process of the storage system, the plurality of service layers being obtained by partitioning a plurality of services related to the data recovery process based on a data recovery order; in response to a start of data recovery in a target service layer among the plurality of service layers, determining, from at least one service layer lower than the target service layer among the plurality of service layers, at least one service unrelated to the data recovery in the target service layer; and disabling the determined service. With such techniques, unnecessary services in lower layers can be disabled during the data recovery process, and thereby the data recovery time may be reduced.

Abstract: Mobile devices such as cellular telephones are provided that communicate with wireless networks. Cellular telephone network equipment may communicate with a cellular telephone over a data connection. The cellular telephone may have an internet protocol (IP) address that allows data to be provided to the cellular telephone over the data connection. To conserve resources and release unused IP addresses, the cellular telephone network equipment may deactivate inactive data connections after a period of inactivity. A baseband processor within a mobile device may periodically send User Datagram Protocol (UDP) keep-alive packets over the data connection to ensure that the data connection remains active. The keep-alive packets may be directed to a packet sink server or may be associated with a black hole route. An applications processor in the telephone may remain in sleep mode during keep-alive packet transmission to conserve power.

Abstract: Systems and methods for managing a global virtual network connection between an endpoint device and an access point server are disclosed. In one embodiment the network system may include an endpoint device, an access point server, and a control server. The endpoint device and the access point server may be connected with a first tunnel. The access point server and the control server may be connected with a second tunnel.

Abstract: Methods, systems, and computer program products are included for processing one or more buffers in a networking queue. An example method includes receiving one or more transmit requests or receive requests from a guest running on a virtual machine. The method also includes detecting that a networking backend has stopped processing buffers from a networking queue, each queued buffer corresponding to a transmit request or receive request. The method further includes in response to detecting that the networking backend has stopped processing buffers from the networking queue, flushing one or more buffers stored in the networking queue. A buffer corresponding to a receive request may be flushed by storing a set of dummy packets into the buffer. In contrast, a buffer corresponding to a transmit request may be flushed by discarding the buffer.

Abstract: The disclosed computer-implemented method may include (1) receiving, at a network node within a network, a packet from another network node within the network, (2) identifying, within the packet, a label stack that includes a plurality of labels that collectively represent at least a portion of an LSP within the network, (3) popping, from the label stack, a label that corresponds to a specific link to a further network node, and then upon popping the label from the label stack, (4) forwarding the packet to the further network node by way of the specific link. Various other methods, systems, and apparatuses are also disclosed.

Abstract: Methods and systems for high-availability data processing include detecting, at a first data processing system, a change in link state between the first data processing system and a second data processing system. A link state between the first data processing system and a third data processing system is changed responsive to the detection in accordance with a first high availability policy stored at the first data processing system. An identifier of the first data processing system is changed in accordance with the first high availability policy to conform to a second high availability policy stored at the first data processing system. The detection, change of the link state, and change of the identifier are repeated in accordance with the second high availability policy.

Abstract: An example method is provided in one example embodiment and may include determining a first routing metric associated with a first communication network, wherein the first routing metric identifies a capability of the first communication network to handle an Internet Protocol (IP) flow for a user equipment (UE); determining a second routing metric associated with a second communication network, wherein the second routing metric identifies a capability of the second communication network to handle the IP flow for the UE and wherein the second routing metric is different from the first routing metric; and routing the IP flow for the UE using the first communication network or the second communication network based, at least in part, on the first routing metric and the second routing metric.

Abstract: A scalable, threat detection system features computing nodes including a first computing node and a second computing node operating as a cluster. Each computing node features an analysis coordinator and an object analyzer. The analysis coordinator is configured to conduct an analysis of metadata associated with a suspicious object that is to be analyzed for malware, where the metadata being received from a remotely located network device and to store a portion of the metadata within a data store. The object analyzer is configured to retrieve the portion of the metadata from the data store, monitor a duration of retention of the metadata in the data store, and determine whether a timeout event has occurred for the object associated with the metadata based on retention of the metadata within the data store that exceeds a timeout value included as part of the metadata associated with the suspicious object for malware.

Abstract: Multiple geo-replicated and independent IoT (Internet of Things) hubs configured as servers with storage capacities are utilized and span across various regions in the world, to each of which IoT devices can connect and transmit telemetry data. The IoT devices, configured with sensors to generate telemetry data (e.g., temperature, pressure, etc.), can fail over to another geo-replicated IoT hub (the “target geo-replicated IoT hub”) when one IoT hub experiences technical failures or the IoT device changes location to a region which is covered by the target IoT hub. Upon receiving a connection request from the IoT device, the target geo-replicated IoT hub submits a proposal to available geo-replicated IoT hubs for ownership over the IoT device, that is, receive data from and transmit messages to the IoT device. A quorum is sought so that all IoT hubs are in agreement as to a current owner of the IoT device.

Abstract: The present disclosure involves systems, software, and computer implemented methods for event processing in background services. One example method includes receiving a request to create a daemon session, the request including at least one parameter. The session is created, including storing the at least one parameter in a memory storage that is configured to survive a restart of the session. A set of messages is received for the session. The messages are stored in a queue that is configured to survive a restart of the session. A determination is made that the session is to be restarted. A restart of the session is initiated, including providing the at least one parameter to the session during the restart of the daemon session and providing unprocessed messages to the session after the session has been restarted, to enable the session to process the unprocessed messages.

Abstract: Methods and systems are disclosed wherein TCP may approximate Reliable Transport Protocol (RTP) or UDP delivery for real-time video/data conferencing applications that have long RTT connections.