Abstract: Systems, devices, media, and methods are presented for transmitting shared visual content between networked devices with a linked source for the visual content by accessing and presenting visual content, receiving a network location for a network resource associated with the visual content, linking the network location to the visual content to generate linked visual content, and cause presentation of the linked visual content in a draft message within a graphical user interface.

Abstract: A system which comprises a series of native applications, suited to run on mobile devices, and a series of web-based applications for which functionality and processing are optimized. The native applications and the web-based applications are coordinated to optimize processes of acquiring, storing and disseminating data for speed, integrity and security.

Abstract: A tool can be designed that identifies differences or gaps in coverage between network management systems without deploying both network management systems (i.e., an already deployed network management system and a comparison network management system). This “certification gap analyzer” can analyze the coverage of the current network management system in comparison with the certification of the comparison network management system and identify gaps in coverage between devices and device components (collectively referred to hereinafter as “managed objects”) certified in the different network management systems. The certification gap analyzer can present a comparison of coverage of managed objects by leveraging naming patterns of managed objects.

Abstract: A search engine system with privacy protection, including a data indexer configured to create an index of data, a search engine configured to search the index of the data in response to a query, and create a search result set including excerpts from the data, and a privacy protector configured to identify at least one data entity within at least one excerpt of the search result set that meets at least one predefined entity extraction criterion, redact the search result set by removing the data entity from the excerpt, and present the redacted search result set on a computer output device.

Abstract: A method, system and/or an apparatus to detect discrepancy in infrastructure security configurations from translated security best practice configurations in heterogeneous environments is disclosed. A method of an infrastructure security server communicatively coupled with a set of heterogeneous infrastructures translates a set of security best practice configurations of the heterogeneous infrastructures and/or a set of common vulnerabilities and exposures (CVE) of the heterogeneous infrastructures to programmatic execution. The method monitors the infrastructure security configurations associated with the heterogeneous infrastructures using a processor and a memory. The method analyzes the infrastructure security configurations based on the translated security best practice configurations and/or the translated common vulnerabilities and exposures (CVE).

Abstract: A process triggering method is disclosed. The method may be implemented by a processor. The method may comprise receiving an input operation on an unlock interface of a terminal device, determining input operation information corresponding to the input operation, determining triggering operation information matching with the determined input operation information, determining a process corresponding to the input operation according to a predetermined corresponding relationship between the triggering operation information and the process, and triggering the process.

Abstract: Systems, methods, and software described herein enhance the generation of large-scale processing framework clusters and corresponding edge services. In one implementation, a method includes identifying a request for a large-scale processing cluster, and identifying one or more edge services based on the type and version of the large-scale processing cluster. The method further provides generating a user interface that indicates the one or more edge services available, receiving a selection of at least one edge service in the one or more edge services, and initiating execution of the large-scale processing framework cluster and the at least one edge service, wherein the at least one edge service is provided with configuration information for the large-scale processing framework cluster.

Abstract: A system that includes a first network device in a first network configured to send a file from a plurality of files to a compliance controller in the first network. The compliance controller is configured to determine whether the file satisfies a set of compliance rules and to send the file to the virtual machine in the first network in response to determining that the file satisfies the set of compliance rules. The virtual machine is configured to send the file to a second network device in a second network via a network interface. The network interface is configured to block the first network device from sending the file from the first memory to the second network device in the second network. The network interface is also configured to send the file from the virtual machine to the second network device in the second network.

Abstract: A second operating system accessing resources from an external service. A method includes sending an anonymized request, for an anonymized user corresponding to an authorized user, for resources, through a broker. A request for proof indicating that the anonymized user is authorized to obtain the resources is received from the broker. As a result, a request is send to a first operating system for the proof that the anonymized user is authorized to obtain the resources. Proof is received from the first operating system, based on the anonymized user being associated with the authorized user, that the anonymized user is authorized to obtain the resources. The proof is provided to the broker. As a result, the resources are obtained by the second operating system from the service.

Abstract: Disclosed are various examples of selectively enabling multi-factor authentication for applications on managed devices. An identity provider receives an authentication request for a first client application executed in a managed client device. The authentication request includes a first authentication factor corresponding to a management credential. The identity provider then determines whether one or more second authentication factors should be requested. If so, the identity provider then requests the second authentication factor(s) from a second client application. The identity provider receives the second authentication factor(s) from the second client application. The identity provider then authenticates the first client application in response to verifying the first authentication factor and the second authentication factor(s).

Abstract: Certain examples described herein make use of an intermediate network device (110) in a service provider network (104) to enable the modification of network requests to provide enhanced functionality. These examples use a rotating network identifier that is inserted into a network request that is receivable by a server device (108) located outside of the service provider network (104). An association between the network identifier and data originating from the service provider network may be effected via a mapping that exists for the predefined time period. In certain examples, a data broker (114) is introduced within the telecommunications network (100). The data broker (114) may be configured based on the aforementioned mapping between the network identifier and data originating from the service provider network. The data broker is adapted to use the mapping to provide data to the server device (108).

Abstract: A method and a device for establishing a connection. The method includes the steps of: obtaining, by a group member device of a wireless device group, information about a to-be-connected device and then sending the information to a group owner device of the wireless device group, and/or transmitting, by the group member device, information about the group owner device to the to-be-connected device, where the information about the to-be-connected device and/or the information about the group owner device is used by the to-be-connected device and the group owner device to discover each other; and enabling, by the group member device, the to-be-connected device and the group owner device to share a first password, wherein the first password is used by the to-be-connected device and the group owner device to establish a connection after the to-be-connected device and the group owner device discover each other.

Abstract: A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor.

Abstract: Logic to “loosely” manage synch frame transmissions in a synch network via the devices synched to the network that implement the logic. Logic may distributedly adjust the frequency of attempting synch frame transmissions without estimating the size of the neighborhood. Logic in devices of a synch network to let each device maintain a Transmission Window (TW). Logic to determine the frequency of attempting synch frame transmissions based upon the TW. Logic to increase TW if the device detects a synch frame transmission. Logic to decrease TW if the device successfully transmits a synch frame. Logic to balance power consumption and discovery timing by adjusting the decrease in TW responsive to a synch transmission in relation to the increase in TW responsive to detection of a synch transmitted by another device.

Abstract: A trusted computing host is described that provides various security computations and other functions in a distributed multitenant and/or virtualized computing environment. The trusted host computing device can communicate with one or more host computing devices that host virtual machines to provide a number of security-related functions, including but not limited to boot firmware measurement, cryptographic key management, remote attestation, as well as security and forensics management. The trusted computing host maintains an isolated partition for each host computing device in the environment and communicates with peripheral cards on host computing devices in order to provide one or more security functions.

Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

Abstract: Systems and methods for compute resource configuration, verification, and remediation are provided herein. An example method includes verifying compliance of an operating system and compute assets provisioned configured within a middleware of a computing device using a pre-defined configuration profile, the compliance being determined by comparison of run-time hardware and software attributes of the compute assets to the pre-defined configuration profile comprising hardware and software requirements for the client.

Abstract: Systems and methods include: implementing a first machine learning model to generate an output of a global digital threat score for an online activity based on an input of the collected digital event data; implementing a second machine learning model that generates a category inference of a category of digital fraud or a category of digital abuse from a plurality of digital fraud or digital abuse categories; selecting a third machine learning model from an ensemble of digital fraud or digital abuse machine learning models based on the category inference generated by the second machine learning model, wherein the ensemble of digital fraud or digital abuse machine learning models comprise a plurality of disparate digital fraud or digital abuse category-specific machine learning models; and implementing the selected third machine learning model to generate a digital fraud or digital abuse category-specific threat score based on the digital event data.

Abstract: A managed access system is for mobile wireless devices (MWDs) in a facility, with the facility being geographically within a wireless communications network of a communications carrier. The system may include antennas arranged at the facility, radio equipment coupled to the antennas, a network interface device configured to provide communications with the communications carrier, and a management access controller.

Abstract: A mobile computing device for transmitting token data to a key card reading device having an activation mechanism is provided. The computing device is programmed to receive token data representing access data of a key card, generate a transmission signal representing the access data of the key card based on the token data in response to receiving the token data, and output the transmission signal to the key card reading device. The access data causes the key card reading device to activate the activation mechanism. The transmission signal causes the key card reading device to activate the activation mechanism when the mobile computing device is placed near the key card reading device and the transmission signal is authenticated by the key card reading device.

Abstract: A method for providing access to a target electronic device through a first service running on a different electronic device may include receiving in the first service a command directed to the target electronic device from a command sender and receiving in the service device operation status parameters of the target electronic device. The device operation status parameters may include properties of the target electronic device such as a battery level, a battery charging rate, an age, a planned lifespan, a recent wireless usage, an internal temperature, or any of the above in relation to an intervening electronic device over which communication to the target electronic device travels, or any combination thereof. The method may also include using the device operation status parameters to determine, using the service, whether to provide or not to provide an update signal incorporating the command or information to the target electronic device.

Abstract: An information device includes a reader, and a data processor. The reader reads, from a removable medium, ticket data that is provided from a server upon successful authentication, and that includes information representing a content of data processing to be executable upon the successful authentication. The data processor executes the data processing represented in the ticket data.

Abstract: Provided is an electronic file transmission system comprising a data acquiring section that acquires data including an electronic file that is created or attached by a first communication terminal; an extracting section that extracts from the data the electronic file and recipient identification information identifying a correct recipient of the electronic file; an encoding section that encodes the extracted electronic file; and a management information transmitting section that transmits, to a pass phrase management apparatus that transmits to a second communication terminal a pass phrase needed to decode the encoded electronic file, first file identification information identifying the encoded electronic file, the pass phrase, and the recipient identification information.

Abstract: An approach is provided for providing security mechanism for proximity-based interactions among devices. A first device (e.g., a memory tag) may determine a request for interaction between the first device and a second device (e.g., a mobile phone), wherein at least the first device is associated with at least one first antenna and at least one second antenna. The first device may determine a first signal received by the at least one first antenna and a second signal received by the at least one second antenna. Further, the first device may determine one or more differences in one or more characteristics of the first signal and the second signal. Furthermore, the first device may process or facilitate a processing of the one or more differences to determine whether to allow the interaction.

Abstract: An information processing apparatus which is capable of reducing damage caused by invalid execution data received via a public network. The information processing apparatus carries out either communications using the public network or communications without using the public network with an external apparatus. An IP address assigned to the information processing apparatus is stored. Execution data for executing a job is received from the external apparatus. When the IP address assigned to the information processing apparatus is a global IP address that is for use in the communications using the public network, a setting is made to restrict execution of the execution data.

Abstract: A method of assigning tenancy to a device during bootstrapping between a device and a server in a network includes transmitting a device identifier to a bootstrap server. The method further includes receiving, at the device, a device server address to enable the device to register with the device server. The tenancy is assigned to the device with the device server address.

Abstract: A method of dividing a set of components of an integrated circuit is disclosed. Two or more different security labels are assigned to two or more non-overlapping subsets of the set of components. A handoff file is generated based on the non-overlapping subsets and sent to the integrated circuit. The set of components of the integrated circuit is divided according to the non-overlapping subsets based on the system handoff file.

Abstract: A system for processing a streaming media service and a method and a network device thereof are provided. The system includes a network device and an encoder. The network device has an embedded streaming function module. The encoder includes two egress ports, where the two egress ports of the encoder are connected to an active input port and a standby input port of the network device respectively. The encoder is configured to: receive a streaming media service signal, encode the streaming media service signal to generate a streaming media service coded signal, and send the streaming media service coded signal to the network device. The network device is configured to receive, by using the embedded streaming function module through the active input port or the standby input port, a streaming media service coded signal sent by the encoder, and provide the streaming media service coded signal for a terminal.

Abstract: In one embodiment, a method includes receiving, from a requestor, a request for an on-demand product. The method further includes determining an eligibility token format applicable to the request, wherein the eligibility token format comprises a plurality of partial segments of identifying information. The method also includes prompting the requestor to provide a plurality of partial-segment values corresponding to the plurality of partial segments. In addition, the method includes receiving the plurality of partial-segment values in response to the prompting. Moreover, the method includes generating an eligibility token from the plurality of partial-segment values. The method also includes determining the requestor's eligibility for the on-demand product based, at least in part, on a lookup of the eligibility token in an eligibility token repository. The eligibility token repository includes a plurality of eligibility tokens of the eligibility token format.

Abstract: A system and method for authenticating a candidate user accessing a host computing device as an authentic user is provided. The host computing device is in communication with an authenticating computing device. The method includes receiving, by the authenticating computing device, a request to authenticate the candidate user as an authentic user. The authentication request includes a user identifier. The method also includes retrieving, by the authenticating computing device, transaction data including payment transactions performed by the authentic user based on the user identifier. The method also includes generating, by the authenticating computing device, a challenge question and a correct answer based on the transaction data associated with the authentic user, and transmitting the challenge question for display on a candidate user computing device used by the candidate user.

Abstract: Requests are pre-generated to include a cryptographic key to be used in fulfilling the requests. The requests may be encoded in uniform resource locators and may include authentication information to enable a service provider to whom the requests are submitted to determine whether the requests are authorized. The requests may be passed to various entities who can then submit the requests to the service provider. The service provider, upon receipt of a request, can verify the authentication information and fulfill the request using a cryptographic key encoded in the request.

Abstract: In one embodiment, a movable area, referred to as a “lens,” on a graph display allows the user to preview the zoom level of the graph. When a node, line or other item in the graph is in the area of the lens, then the item can be shown at a different zoom level than rest of the graph. In particular embodiments, a heuristic algorithm can be used to dynamically determine the visual representation of a node when in the lens as unique from the depiction of the node when the node is outside of the lens. Operations can be made to the graph items within the lens such as adding, moving, deleting, or connecting items, etc. Other features are described.

Abstract: A method for supporting fast recovery of a User Equipment (UE) includes performing, by a serving base station, UE context synchronization for one or more other base stations in a related small cell cluster when a UE accesses the serving base station, performing, by a base station that the UE performs a radio resource control (RRC) connection re-establishment, the RRC connection re-establishment for the UE according to UE context saved in a synchronization process. The present also discloses another method and system for supporting UE fast recovery. By applying the technical solution disclosed by the present disclosure, when the UE moves in a small cell scenario, the UE can be recovered quickly in the case of a failure, so as to avoid the UE returns to an idle mode, avoid data loss, guarantee business continuity, and improve UE experience.

Abstract: A risk analysis system of associated with an enterprise system for determining delegation risks associated with assigning candidate individuals to perform various tasks. In some cases, the delegation risk analysis system may generate individual delegation risk scores to each candidate individual to assist in the delegation of tasks throughout an organization. In some examples, the delegation risk analysis system may determine the delegation risk scores based on context risk factors associated with the task and the individual and intrinsic delegation risk factors associated with the enterprise system.

Abstract: Systems and computer-implemented methods for authorizing respective access by each of a plurality of Internet users to a respective one or more Internet services provided by each of a plurality of Internet service providers. A system includes a processor, and non-transient computer readable storage media, at a single identity provider.

Abstract: Content (e.g., data, such as binary data) can be copied from one device and pasted to another device. One or more embodiments accomplish this by detecting when a request to perform a copy operation has been issued, receiving content that was selected at the time the request to perform the copy operation issued, and publishing the data to a server running on the device.

Abstract: Apparatus and methods concerning simulation of call quality are disclosed. In an example embodiment, computing server is communicatively coupled to a server. The computing server includes a communication circuit configured to receive a first set of data including audio of a call routed by the server. The computing server also includes a processing circuit configured to characterize a post-transmission quality state of the first set of data. The processing circuit is also configured to generate a second set of data including audio that is different from the audio of the call and data including characteristics indicative of the post-transmission quality state of a first set of data. The processing circuitry may configured to use the second set of data to provide security, protect the confidentiality and privacy, and/or monitor changes of behavior/quality for different audio CODECs, encryption, bit-rate, etc.

Abstract: Systems and methods for smart contact lens data transfer using Light Fidelity (Li-Fi) are disclosed. In embodiments, a computer-implemented method, comprises: pairing a smart contact lens with a remote computing device, the smart contact lens including a data receiving device and a light transmitting device; receiving, by the smart contact lens, data from the remote computing device; and transmitting, by the light transmitting device of the smart contact lens, the data to a receiver device through Li-Fi communication between the light transmitting device of the smart contact lens and the receiving device.

Abstract: An instrument includes: an invitation notification receiving unit configured to receive, from a server device configured to transmit a message to a user belonging to a group, an invitation notification to the group; an approval information transmitting unit configured to transmit, to the server device, approval information approving participation in the group when the received invitation notification is valid; and a session starting unit configured to start, upon the participation in the group, a session that is processing communications of for information with another instrument participating in the group.

Abstract: Methods and apparatus that automatically propagate access rules for access groups within clients' virtual networks on a provider network. A peering protocol may be used to advertise routes from a gateway of a client's external network to a virtual gateway of the client's virtual network via direct and/or virtual connections. The advertised routes may be automatically propagated into the virtual network so that traffic can flow between the source address ranges of the advertised routes and the virtual network. Access group information may be included as metadata with at least some route advertisements. Access rules for access groups on the virtual network may be automatically created or updated according to the metadata included with the advertised routes to allow access from network addresses on the client's external network to the client's resources in the access groups.

Abstract: Provided is a process of distributing offers to non-location-sensing devices based on a geolocation sensed by another device, the process comprising: obtaining a geolocation of a user from a mobile device of the user; associating the geolocation of the user with an identifier of the user in an offers engine; receiving a request for an offer from another computing device of the user, the request including or prompting obtaining data from the other computing device sufficient to identify the user; retrieving the geolocation of the user obtained from the mobile device by identifying the user with the data from the other computing device sufficient to identify the user account; selecting, with the offers engine, a responsive offer based on the geolocation of the user obtained from the mobile device; and sending the responsive offer to the other computing device of the user.

Abstract: Source information for requests submitted to a system are classified to enable differential handling of requests over a session whose source information changes over the session. For source information (e.g., an IP address) classified as fixed, stronger authentication may be required to fulfill requests when the source information changes during the session. Similarly, for source information classified as dynamic, source information may be allowed to change without requiring the stronger authentication.

Abstract: The innovations described in this disclosure include distinct differences that create a marketing and sales advantage. For convenience, these features are organized into several innovations, but the features described can be combined and implemented in various ways, both within a given innovation and across two or more innovations. Each innovation is unique in itself. Taken as a whole the innovations establish a demonstration category called “Demo Automation” or “Demonstration automation”. The innovations include, but are not limited to, automated self-configuring video content density and sequence based on personalization responses; automated responsive locked document library; sending a product demo that allows you to see who the recipient shared it with; and product demonstration analytics.

Abstract: A device facilitating countersigning updates for multi-chip devices includes at least one processor configured to receive, from a collocated chip, a data item and a software update, the data item being signed using a private key corresponding to a primary entity associated with the collocated chip and the data item comprising an authentication code generated using a symmetric key corresponding to a secondary entity associated with the software update. At least one processor is further configured to verify the data item using a public key associated with the primary entity. At least one processor is further configured to verify the software update based at least in part on the authentication code and using the symmetric key corresponding to the primary entity. At least one processor is further configured to install the software update when both the data item and the software update are verified, otherwise discard the software update.

Abstract: A virtual machine (VM) system includes a network, hosts that are able to communicate over the network, a storage cluster of nodes made up by the hosts, and VMs running on the hosts. As part of the storage cluster, the nodes pool their storage devices into a clustered datastore shared across all the nodes. The VMs are stored in the clustered datastore. Two of the nodes take roles of a reflector node and a backup reflector node. The other nodes, excluding the reflector node but including the backup reflector node, are configured to establish unicast connections over the network with the reflector node. The nodes in the storage cluster are configured to communicate clustering service information over the unicast connections.

Abstract: Systems and methods are provided for providing information associated with media contents are provided. The method comprises broadcasting a communication address associated with a playing device configured to play the media contents, the broadcasted communication address enables a user terminal device to communicate with the playing device; receiving, from the user terminal device, a request to acquire information associated with the media contents; determining an identifier associated with the information; and transmitting the identifier to the user terminal device. The identifier enables the user terminal device to acquire the information.

Abstract: A non-volatile mass storage device is provided comprising memory circuitry accessible to a host data processing device via a communication link. The non-volatile mass storage device comprises processing circuitry for locally accessing the memory circuitry of the file system and is capable of triggering generation of a file for storage on the memory circuitry by connection of the non-volatile mass storage device to the host data processing device. The generated file comprises information dependent upon a state of the non-volatile mass storage device. A corresponding method of operating a non-volatile mass storage device is provided and a computer program is provided for obtaining the information dependent upon the state of the non-volatile mass storage device, for locally accessing the memory circuitry and for generating the file for storage on the memory circuitry.

Abstract: Systems and methods include: implementing a first machine learning model to generate an output of a global digital threat score for an online activity based on an input of the collected digital event data; implementing a second machine learning model that generates a category inference of a category of digital fraud or a category of digital abuse from a plurality of digital fraud or digital abuse categories; selecting a third machine learning model from an ensemble of digital fraud or digital abuse machine learning models based on the category inference generated by the second machine learning model, wherein the ensemble of digital fraud or digital abuse machine learning models comprise a plurality of disparate digital fraud or digital abuse category-specific machine learning models; and implementing the selected third machine learning model to generate a digital fraud or digital abuse category-specific threat score based on the digital event data.

Abstract: The invention enables a software application to be executed on a mobile station in dependence of a SIM. Challenge data originating from the software application is input to the SIM to generate first response data using a security function of the SIM. The software application is enabled to be executed in dependence of the first response data. In addition, the challenge data may be transmitted to a verification server for the generation of second response data in dependence of the challenge data and possibly using an authentication center. The software application is then enabled to be executed in further dependence of the second response data.

Abstract: It is disclosed a method and a capillary gateway, CGW, (50, 60, 204, 304) capable to determine whether to allow a first machine-to-machine, M2M, device network access. The CGW is adapted to intercept (310) an authentication request message sent from a M2M device, and intercept (318) an authentication response message sent from a M2M management service. If the CGW determines that the authentication is successful based on the authentication response message and that there is a valid subscription for the M2M device and the authentication response message is received from a trusted management service, the CGW may allow (414) the first M2M device network access. Embodiments of the present disclosure have the advantage that disclosure can provide low-powered devices Internet reachability based on user subscriptions in non-traditional scenarios such as where devices are deployed straight out-of-the-box, i.e., without any customization.