Abstract: A TCP communication scheme which ensures safe communication up to the communication path near a terminal and eliminates direct attacks from hackers, etc. A terminal (A) and terminal (B) are connected to a relay apparatus (X) and relay apparatus (Y), where the terminal (A) and the terminal (B) are the endpoint terminals positioned at the two ends of a TCP communication connection. The relay apparatuses (X, Y) are each connected to a network (NET). The relay apparatuses (X and Y) are provided so as to be between the terminals (A and B) which had been performing conventional TCP communication, and neither of the relay apparatuses (X and Y) have IP addresses. The relay apparatuses (X and Y) take over the TCP connection between the terminal (A) and the terminal (B), divide the connection into three TCP connections, and establish TCP communication.

Abstract: A system includes a user interface presented to a developer. The developer selects a first function to supplement functionality of a first application with external functionality available from third party applications. A code generation module provides a software object to the developer for incorporation into a first state of the first application. The first state includes a user interface element associated with an entity. User selection of the user interface element initiates preparation of a query wrapper including a combination of the entity's name and a predefined text string corresponding to the first function. The query wrapper is transmitted to a search system and a result set is received and displayed. A first item of the result set includes an access mechanism for a specified state of a target application. User selection of the first item causes the access mechanism to open the target application to the specified state.

Abstract: Systems and methods are disclosed for dynamic addressing of optical fiber sensors in fiber optic interferometry systems. Events that occur along the optical fiber span have defining attributes such as location along the optical fiber span, type, magnitude, time of occurrence, and duration. The event attributes may be used to dynamically form a unique address that fully defines and identifies the event. Other information, such as the corresponding identifier for one or more of the optical fiber span and the corresponding fiber optic interrogator may be included as part of the unique address.

Abstract: Domain name variants may be generated and/or displayed by accessing historical domain name information and identifying, based on the accessed historical domain name information a set of swap options. The swap options may include one or more graphemes. Variants of a domain names may be determined based on the identified set of swap options.

Abstract: The present invention is directed towards systems and methods for managing one or more SSL sessions. A first node from a cluster of nodes intermediary between a client and a server may receive a first request from the client to use a first session established with the server. The first request may include a session identifier of the first session. The first node may determine that the first session is not identified in a cache of the first node. The first node may identify, via a hash table responsive to the determination, an owner node of the first session from the cluster using a key. The key may be determined based on the session identifier. The first node may send a second request to the identified owner node for session data of the first session. The session data may be for establishing a second session with the server.

Abstract: A system that performs redundant encoding for real-time communications (“RTC”) establishes a tunnel by a tunneling server with a tunneling client of user equipment (“UE”). The system receives a request from the UE to enable the redundant encoding for an inner socket of the tunnel and sends a response back to the UE to indicate that the redundant encoding is enabled for the inner socket, where the response includes a buffer size. For each first frame received on the inner socket, the system stores the first frame in a buffer of the buffer size. The system further receives a reference that corresponds to a second frame from the UE on the inner socket and retrieves the second frame that corresponds to the first reference from the buffer.

Abstract: A first server comprises: an information request reception unit that receives a request transmitted by a user terminal; an instruction code generating unit that generates a predetermined tag of causing the user terminal to connect to a second server for which a common session ID is to be used, and to receive the common session ID from the second server; an information generating unit that generates a web page that includes the predetermined tag, as a web page that is transmitted to the user terminal in response to the request; and an information transmission unit that transmits, to the user terminal, the common session ID and the generated web page including the predetermined tag.

Abstract: Concepts and technologies disclosed herein are directed to a cloud delivery platform. The cloud delivery platform can publish a cloud deployable offering. The cloud delivery platform can order, from a cloud orchestrator, one or more resources to be utilized by the cloud deployable offering. The cloud delivery platform can provision the cloud deployable offering on the resource(s). The cloud delivery platform can manage the cloud deployable offering to ensure that the cloud deployable offering meets a level of service. The cloud delivery platform can monitor one or more components of the cloud delivery platform to determine whether an event has occurred, and in response to determining that an event has occurred, the cloud delivery platform can broadcast the event.

Abstract: Methods, systems, and apparatuses are described for automatic identification and mapping of consumer electronic devices to ports on an HDMI switch. A device that is connected to an HDMI switch is identified based on data received over an HDMI connection, and ports on the HDMI switch are automatically mapped and configured. Methods, systems, and apparatuses are described for back-end database creation for automatic identification and mapping of consumer electronic devices to ports on an HDMI switch. The back-end database may be created by the based on video and audio signatures received from a consumer electronic device and based on remote control information and signatures.

Abstract: Technology is described for establishing and transferring transmission control protocol (TCP) connections. A connection may be established when an acknowledgement (ACK) packet is received from the client. A connection handoff packet may be generated that includes connection parameters that describe the connection with the client. The connection handoff packet may be sent to a destination host to enable the destination host to take over the connection with the client based on the connection parameters in the SYN cookie.

Abstract: In one example embodiment, a method for optimizing aggregation routing over a network may include detecting that aggregated account data is unavailable over a network from a first data aggregator server, detecting that the aggregated account data is available over the network from a second data aggregator server, formatting a request for the aggregated account data to be compatible with the second data aggregator server, routing the formatted request over the network to the second data aggregator server, and receiving the requested aggregated account data over the network from the second data aggregator server.

Abstract: A system and method for achieving Business Continuity and Application Continuity with the system comprising one or more resources of multiple end users or service providers logically connected to one or more cloud infrastructures wherein the collection of resources forms a Continuity Grid or a part of Continuity Grid or sub Grid for which continuity is needed and wherein the Continuity Grid or part of continuity grid or sub Grid are paired with the Continuity Peer Grids located in the same or different cloud infrastructures to satisfy continuity requirements of the Continuity Grid or part of Continuity Grid or sub Grid.

Abstract: An endpoint computer includes a local client that transmits web traffic to a local proxy that also runs on the endpoint computer. The local proxy obtains a customer identity string that identifies a user of the local client as a paying customer of an SaaS scanning service provided by an SaaS scanning system. The local proxy inserts the customer identity string into the web traffic and thereafter transmits the web traffic to the SaaS scanning system, which authenticates the customer identity string before scanning the web traffic for web threats. The local client transmits the web traffic to the local proxy using a communication protocol and the local proxy can transmit the web traffic to the SaaS scanning system using the same or different communication protocol.

Abstract: A system includes a data store storing information identifying multiple functions and corresponding unique identifiers. Each of the functions corresponds to external functionality available from third party applications. The system receives a selection from an application developer of a function to supplement functionality of an application under development. The system provides a software object to the application developer for incorporation into a state of the application. The software object includes instructions for extracting text from the state and preparing a query wrapper including the corresponding unique identifier of the function and the extracted text. The instructions receive a result set, including an item that includes an identifier of a target application and an access mechanism for a specified state of the target application. The instructions display the item and, in response to user selection of the item, actuate the access mechanism to open the target application to the specified state.

Abstract: A method, computer program product, and system performing a method that includes a processor(s) of a local/private computing system (LPCS) receiving, via a public computing system and a communication network, on behalf of a user of the public computer system, a request to use computing resource(s) belonging to the LPCS. The processor(s) determine a set of usage parameters comprising a first usage limitation, with the first usage limitation including a first limitation type and first limitation value, and with the first usage limitation defining a limit on usage of the computing resource(s) on behalf of the user. The processor(s) receives, via the public computing system and the communication network, a workload of the user. The processor(s) processes the workload, which includes the processor limiting, by machine logic, usage of the resources(s), on behalf of the user, in accordance with the usage parameters.

Abstract: In a method for improving the performance of a computer system by releasing computer resources, a list P of programs installed on a computer system is determined. All relevant extension points EP of the computer system are searched for registered entries. A list A of automatically starting programs is generated by assigning the registered entries at the relevant extension points EP to the installed programs, respectively. The list A of the automatically starting programs is compared with a list S of system-required programs and a list V of used programs. Programs that are not system-required and programs that have not been used for a longer period of time are deactivated and computer resources that have been used by the deactivated programs are released. The deactivation of programs can be done by the user or automatically and can be cancelled when necessary.

Abstract: A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information.

Abstract: Techniques are disclosed for authorization of devices entering a network. A new device entering a network sends an authorization request. Another device in the network may receive the request and prompt the user to approve the device. The user can use a device identifier provided by the new device in approving the new device. Assuming the identifier provided by the new device matches an identifier accessible by the authorizing device, the user authorizes the new device. A key is then generated for the new device, which allows access to an appropriate range of network services. Authorization decisions can be synchronized among the various devices in a network, so even if an authorizing device leaves the network, the new device key can be validated. A security service can be replicated in a new device once the device is authorized to access the network.

Abstract: A system, method, and computer program product for implementing a phishing assessment of a target computer network that includes a phishing assessment platform for generating parameters for the phishing assessment; generating the phishing assessment parameters includes identifying a target domain name for the phishing assessment; identifying a pseudo domain name based on the target domain name; generating a pseudo web page using one or more features and attributes of an entity; and implementing the phishing assessment using the pseudo domain name and pseudo web page.

Abstract: A user configurable interface view can be generated for a media device or other information handling system that is independent of any interface views defined by media content providers. Generating the user configurable interface view includes identifying content data streams that are included in user interface views defined by the media content providers and then selecting a desired subset of the data content streams. The selected data content streams are then aggregated and the user configurable interface view is generated. The resulting user interface view will be independent of any interface views defined by the media content providers.

Abstract: Techniques for maintaining dynamic configuration information of a multi-host off-cluster service on a cluster are described. An apparatus may comprise a dynamic configuration validation service component to execute to execute a dynamic configuration validation service for scanning files in a cluster of nodes. The dynamic configuration validation service component operative to validate a scanner version for each one of multiple scanners for scanning a file in a cluster of nodes, maintain the scanner version in a list of valid scanner versions for the multiple scanners, and scan the file by one of the one of multiple scanners having the scanner version contained in the list of the valid scanner versions.

Abstract: A telematics system that includes a security controller is provided. The security controller is responsible for ensuring secure access to and controlled use of resources in the vehicle. The security measures relied on by the security controller can be based on digital certificates that grant rights to certificate holders, e.g., application developers. In the case in which applications are to be used with vehicle resources, procedures are implemented to make sure that certified applications do not jeopardize vehicle resources' security and vehicle users' safety. Relationships among interested entities are established to promote and support secure vehicle resource access and usage. The entities can include vehicle makers, communication service providers, communication apparatus vendors, vehicle subsystem suppliers, application developers, as well as vehicle owners/users.

Abstract: An electronic transmission system and method for converting and transmitting transmissions to provide secure communication between a plurality of users and protect or secure content of each transmission by preventing unauthorized individuals from capturing and viewing or hearing the transmitted content in its entirety. The electronic transmission system breaks a transmission apart into a random plurality of pieces and randomly transmits each piece separately to a plurality of remote servers. If an unauthorized party tries to intercept and access an electronic transmission, they will not be able to capture the entire transmission and will not be able to recompile its actual content, but rather misleading content. A password or other suitable authentication requirement(s) authenticates the intended recipient and allows the original pieces to be retrieved and re-compiled for viewing or hearing.

Abstract: A system is disclosed for tracking assets in a facility. The system may have at least one asset having a service processor containing identification information which uniquely identifies the at least one asset among a group of assets. The at least one asset may further have a module for reporting the identification information to a gateway device. A data center infrastructure management system may be used which is in communication with the gateway device for receiving the identification information. The identification information may subsequently be used with an asset tracking system.

Abstract: Embodiments are directed to sharing secure communication secrets with a network monitoring device (NMD). The NMD may passively monitor network packets communicated between client computers and server computers. If a secure communication session is established between a client computer and a server computer, a key provider may provide the NMD a session key that corresponds to the secure communication session. The NMD may buffer each network packet associated with the secure communication session until the NMD is provided a session key for the secure communication session. The NMD may use the session key to decrypt network packets communicated between the client computer and the server computer. The NMD may then proceed to analyze the secure communication session based on the contents of the decrypted network packets.

Abstract: A system performs tunneling for real-time communications (“RTC”). The system establishes an unencrypted tunnel between a tunneling server and a user equipment (“UE”). Upon establishing the unencrypted tunnel, the UE creates a socket on the unencrypted tunnel. The system determines that the socket requires encrypted RTC, and establishes an encrypted tunnel between the tunneling server and the UE. Upon establishing the encrypted tunnel, the UE moves the socket from the unencrypted tunnel to the encrypted tunnel, and the system performs the encrypted RTC via the socket over the encrypted tunnel.

Abstract: Techniques are disclosed for dividing a TCP handshake into multiple parts, in a system comprising an edge device, an intermediary computing node, and a destination computing node. A client sends a TCP SYN packet to the edge device, to establish a TCP connection with the destination computing node. The edge device performs the handshake, and then forwards an ACK packet to the intermediary computing node. The intermediary computing node uses that ACK packet to generate a second SYN packet, and uses that SYN packet to perform a TCP handshake with the destination computing node. Then, TCP sequence numbers are converted between what is expected by the client and destination in packets sent between the two.

Abstract: A delivery managing device to which a plurality of terminals are connected through a network includes a creating unit that creates display information based on operation information indicating an operation input accepted by a terminal; a converting unit that converts the display information into video information; and a delivery unit that delivers the video information to a terminal. When non-public operation information is received from a terminal, the non-public operation information indicating operation information not to be published to another terminal, the delivery unit delivers video information that is converted from display information not based on the non-public operation information, to the other terminal.

Abstract: Disclosed are methods and systems for enabling a Home Node B (HNB) to discover the positioning capabilities of an HNB Gateway (HNB GW) in supporting particular positioning operations associated with transporting Positioning Calculation Application Part (PCAP) messages between the HNB and a standalone serving mobile location center (SAS).

Abstract: A method for operating a mobile device, not assigned to a motor vehicle, via an electronic device with a display and operator control device of the motor vehicle is made available. The program has program parts for a user interface and for operator control sequences which are assigned a digital certificate. The user interface comprises fixed areas for displaying variable contents. The program parts are transmitted together with the digital certificate to the electronic device of the motor vehicle and are carried out when the certificate is successfully checked. The transmission of data without protection by a digital certificate is restricted to the variable contents for display in the fixed areas of the user interface.

Abstract: A method and system for securing continued operation of a primary cloud-based computing environment (CBCE) residing in a first cloud environment are disclosed. The system comprises gathering information respective of the primary CBCE; storing the gathered information in a storage space, wherein the gathered information substantially provides a baseline to initiate the creation of a reconstructed CBCE upon a need to recreate the primary CBCE; updating the gathered information with new information gathered respective of changes to the primary CBCE; receiving a periodic status notification from the primary CBCE; and initiating a reconstruction of the primary CBCE in the second cloud environment responsive to the status notification requesting one of: a reconstruction request and failure of the primary CBCE.

Abstract: A diagnostic virtual machine having access to resources of an infrastructure as a service cloud may be created. A user device may be provided access to the diagnostic virtual machine. In some embodiments, the diagnostic virtual machine may be configured to monitor a cluster of hypervisors, and the resources of the infrastructure as a service cloud which the diagnostic virtual machine has access to may include physical resources of the infrastructure as a service cloud that are associated with the cluster of hypervisors.

Abstract: A computer implemented method receives a client request message to initiate a network connection. In response to the client request, the method generates a key to represent the client request. The key is generated independent of information provided in the client request message and is generated to correspond to a desired address in a data structure used to track client request message. The method then enters the generated key at the desired address in the data structure and transmits a response message that includes the key back to the client. The network connection between the client and the computer system is established according to the key.

Abstract: Systems and methods for enabling a computing device to be registered and authorized for network access, while deferring device hardware address capture until a later time. Subsequently, when the computing device connects to a network location at which the hardware address can be detected registration and authorization can be fully completed. In some cases, the subsequent completion can be performed automatically and without user intervention.

Abstract: When a first device receives an indication to establish a communication with a second device, a feature character string is generated. The first device is associated with a first public key and a first private key. The second device is associated with a second public key and a second private key. The second public key of the second device is obtained. The second public key is used to encrypt the feature character string. A first identification of the first device is at least partly based on the encrypted feature character string and is published. When the feature character string is obtained after decryption, the first public key of the first device is obtained. The second identification is an identification encrypted by the first public key. In response to a determination that the feature character string is obtained after decryption of the second identification, the communication between the first device and the second device is established.

Abstract: A web-based scoring system for golf tournaments utilizes web-enabled mobile devices for entering scores. The system provides a streamlined scoring process that leverages modern technology using only web browsers on the mobile devices. The system handles all authentications and scorer positioning in the tournament using URL/hyperlinks entered on the mobile devices. The system does not require a special scoring application to be loaded to the mobile devices.

Abstract: Coupling circuitry couples a network to a host. The host operating system is configured for transfer of data between the host and at least one peer via the network using at least one stateful connection to a peer according to a connection-oriented protocol. The coupling circuitry processes received connection attempt indications by attempting to establish a stateful connection to an indicated peer. For a genuine attempt by a peer to establish a stateful connection with the host, the coupling circuitry interoperates with the peer to perform establishment-phase protocol processing of the attempted stateful connection. For each of the established stateful connections, the coupling circuitry operates to cause a state of that established stateful connection to be provided from the coupling circuitry to the host, wherein the operating system of the host handles data transfer phase protocol processing of that established stateful connection.

Abstract: A role-based access control method and/or system permits end users to securely pair their mobile devices via a pairing apparatus with one or more instruments to, for example, remotely monitor operations of the instruments. In an embodiment, the process includes a pairing apparatus receiving a pairing request from an instrument including a unique access code, and receiving a pairing request from an end user mobile device that includes an end user mobile device identifier and an access code. If the unique access code matches the end user's access code, then the end user mobile device identifier is added to a security group and a successful pairing message is transmitted to at least one of the instrument and the end user mobile device.

Abstract: Various metrics as may be deployed in an active, passive, or hybrid validation architecture are disclosed. A computing device configured to monitor network game activity may identify an inconsistency between user game data and a particular game metric governing a particular aspect of the network gaming environment. Upon identification of an inconsistency between game data and a game metric, which may indicative of illicit game play, a validation process (e.g., active, passive, and/or hybrid) may be implemented to further confirm the existence of illicit game. Alternatively, an action to maintain integrity of the gaming community may be executed without further confirmation whereby a purportedly illicit game device may be ejected from the network.

Abstract: Embodiments of the present disclosure relate to the field of computer networks, and disclose a data packet transmission method and a related device and system. In the method, a traditional communication protocol (such as TCP) handshake process is optimized, so that data packet transmission may be implemented in the handshake process. The data packet transmission does not depend on completion of the handshake, thereby effectively reducing a data packet transmission delay caused by an RTT delay existing in the handshake process.

Abstract: Technologies for secure input and display of a virtual touch user interface include a computing device having a security monitor that may protect memory regions from being accessed by untrusted code. The security monitor may use hardware virtualization features such as extended page tables or directed I/O to protect the memory regions. A protected touch filter driver intercepts requests for touch input and allocates a transfer buffer. The transfer buffer is protected by the security monitor. A touch screen controller may write touch input data into the protected transfer buffer. The touch input data may be shared by the touch filter driver with authorized applications through a protected communication channel. A graphical virtual user interface may be generated by trusted code and rendered into a hardware overlay surface. The user interface may include a virtual keyboard. The security monitor may protect the overlay surface. Other embodiments are described and claimed.

Abstract: Described systems and methods allow conducting computer security operations, such as detecting malware and spyware, in a bare-metal computer system. In some embodiments, a first processor of a computer system executes the code samples under assessment, whereas a second, distinct processor is used to carry out the assessment and to control various hardware components involved in the assessment. The described computer systems may be used in conjunction with a conventional anti-malware filter to increase throughput and/or the efficacy of malware scanning.

Abstract: The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol.

Abstract: An information handling system, method, and computer-readable media for obfuscating debugging filenames during a software build are described. The system comprises one or more processors, a memory, and one or more program modules stored on the memory and executable by the one or more processors. The one or more program modules compile a source code file of a plurality of source code files into a program, generate a debugging file including debugging information for the program, utilize a one-way deterministic function to generate an obfuscated filename for the debugging file, and include a link to the debugging file in the program, the link including the obfuscated filename.

Abstract: A device may receive information that identifies an attack signature for detecting an intrusion. The device may determine a device configuration that is vulnerable to the intrusion, may determine an endpoint device associated with the device configuration, and may determine a time period during which the endpoint device was associated with the device configuration. The device may determine an endpoint identifier associated with the endpoint device during the time period, and may identify network traffic information associated with the endpoint identifier during the time period. The device may apply the attack signature to the network traffic information, and may determine whether the endpoint device was subjected to the intrusion during the time period based on applying the attack signature to the network traffic information. The device may selectively perform an action based on determining whether the endpoint device was subjected to the intrusion.

Abstract: Automated systems and methods are provided for establishing or maintaining a personalized trusted social network for a community of users, with little or no input from any given user. To establish the personalized trusted social network, one or more trusted sources are identified for a given user. The identified trusted sources are added to a user profile for the given user. Also, identified are any annotations, bookmarks, or the like that the identified trusted sources have associated with any shared content. These annotations provide access to microcontent items that the identified trusted sources have integrated with the shared content to thereby enhance or enrich its context. One or more profiles are constructed or updated to track the associations between the identified trusted sources and their annotations. The profile information can be applied to enhance and personalize search and browsing experiences for the given user.

Abstract: A method is presented for secure communication, the method including generating a signature using a private key, a nonce, and at least one of an identifier and a key component; and transmitting the signature, the nonce, a security parameter, and the at least one of the identifier and the key component, wherein the security parameter associates a user identity with a public key, the public key being associated with the private key.

Abstract: A computer-implemented method for blocking flanking attacks on computing systems may include (1) detecting a denial-of-service attack targeting a computing network, (2) inferring, based at least in part on detecting the denial-of-service attack, a secondary attack targeting at least one computing resource within the computing network, (3) determining that the computing resource is subject to additional protection based on inferring the secondary attack targeting the computing resource, and (4) protecting the computing resource against the secondary attack by adding an authentication requirement for accessing the computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system, computer-readable storage medium storing at least one program, and a computer-implemented method for controlling a local utility are disclosed. A first request originating from an application and including a first token is received at a local utility. The application received a web page, including a plurality of links and the first token, from a first server. The plurality of links are received by the application from a second server. The first token is authenticated. Authentication includes sending the first token to a third server. In response to authenticating the first token, a second token is generated at the local utility. The second token is sent to the application for inclusion in subsequent requests from the application.

Abstract: The distributed message handling system is created by using session states to represent the plurality of session contexts in the message handling system. The session states are flat representations of the session context which completely describe the session. Utilizing the session states to handle system message requests allows the message handling system to distribute the handling of the message requests to a plurality of state machines. Advantageously, the distributed messaging system allows the message handling system to dynamically allocate message handling resources to application instances based on demand. Such dynamic allocation allows providers to efficiently allocate resources to meet demand while meeting application execution demands.