Abstract: Provided is a method and system for interworking between applications of devices. An inter-device application interworking method may provide a function capable of processing an action associated with a single communication session through interworking between applications installed on a plurality of electronic devices, respectively, in response to a presence of the plurality of electronic devices of a user identified in association with a single account of the user.

Abstract: The techniques describe a network device comprising one or more processors configured to: receive configuration data configuring a plurality of virtual network nodes, wherein the configuration data configures a virtual client node including a corresponding line card having a port connected to a first customer network device, and configures a virtual core node including a corresponding line card having a port connected to a core network; provision a layer-2 (L2) circuit that includes, as an access interface, an interface logically connecting the virtual client node and virtual core node, wherein the L2 circuit provides connectivity between the virtual client node and a remote virtual client node; and forward, via the L2 circuit, packets between the virtual client node and the remote virtual client node to realize a logical network between the first customer network device and a second customer network device connected to the remote virtual PE node.

Abstract: Methods and systems for developing, modifying, and distributing software applications for enterprise systems are described herein. A software component, such as a native mobile application or a template application, may be modified into a managed mobile application, and metadata associated with the managed mobile application may be generated. The managed application and associated metadata may be provided to one or more application stores, such as public application stores and/or enterprise application stores. Managed applications and/or associated metadata may be retrieved by computing devices from public application stores and/or enterprise application stores, and may be executed as managed applications in an enterprise system.

Abstract: Techniques are provided for training, by a system operatively coupled to a processor, an attention weighted recurrent neural network encoder-decoder (AWRNNED) using an iterative process based on one or more paragraphs of agent sentences from respective transcripts of one or more conversations between one or more agents and one or more customers, and based on one or more customer response sentences from the respective transcripts, and generating, by the system, one or more groups respectively comprising one or more agent sentences and one or more customer response sentences selected based on attention weights of the AWRNNED.

Abstract: A computer-implemented method of securely controlling access to data, the method including a consolidation server creating and securely storing a consolidated file labelled by a user device ID, including a first record including a first app ID and a first account ID, and a second record including a second app ID and a second account ID, transmitting encrypted data, including the consolidated file, to the user device, receiving encrypted data indicating a request to modify the first record from the user device, and responsive thereto, modifying the first record according to the request to modify the first record and securely storing a resulting modified first record, and transmitting to the first issuer server encrypted data, including the first app ID and the first account ID, indicating an instruction to modify the first app's access rights to data relating to the first account according to the request.

Abstract: In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource.

Abstract: In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource.

Abstract: An operating method for a push authentication system and device, belonging to the field of information security.

Abstract: The described technology provides a single sign-on capability so that a user who is already signed on to a web application from a client application may not be required to sign-on again when he/she later needs access to the web application from the same or another client application. The technology also provides a multiple login prevention capability to detect multiple sign-on events using the same credentials and disable one or more of the associated multiple sessions.

Abstract: One embodiment of the invention is directed to a computer-implemented method comprising, receiving registration information for one or more application programming interfaces (APIs) at a registrar computer system associated with a federated network of computing devices. The method further comprises generating a unique address for each API included in the registration information. The method further comprises generating a token confirming the registration of the APIs where the token identifies a trust relationship within the federated network of computing devices. The method further comprises receiving a request for the token from another registrar computer system that includes a canonical address for a particular API of the one or more APIs. The method further comprises providing the token to establish a secure connection with the federated network of computing devices.

Abstract: A technique to deliver Personally Identifiable Information (PIT) of a first subscriber from the plurality of subscribers that reside in a private network toward a first server from the plurality of IP servers that reside in a public network wherein the first server is involved in at least one transaction with the first subscriber is disclosed. In addition a Network-Address Translator (NAT) is used in order to allocate to the first subscriber a public IP address. Further, the communication between the first subscriber and the first IP server is encrypted. An example embodiment of the disclosed technique may impersonate the first subscriber and send the PII over an impersonated packet.

Abstract: Single sign-on (SSO) techniques of the present disclosure provide for enterprise application user identities that are bound to a mobile identity (e.g. IMSI) associated with a user equipment (UE) for authentication, using general bootstrapping architecture (GBA)/general authentication architecture (GAA) functionality in combination with identity provider (IDP) functionality (e.g. OpenID Connect), all of which may be provided in an enterprise network. The present techniques need not rely on GBA/GAA infrastructure of a mobile network operator (MNO), and have little or no impact or effect on the mobile network.

Abstract: This document describes techniques and apparatuses for securely transferring a single sign-on session between a browser session and a client application. Responsive to a launch request from the browser session, a server sends a launch command to launch the application on the client to transfer the single sign-on session from the browser session to the application. The launch command includes a first security credential and a second security credential. The application then initiates a registration process by sending to the server the first security credential and a client identification unique to the client. The server passes the client identification to the browser session which confirms to the server that the client identification matches the client identification unique to the client. The server then sends the application a third security credential, and the application returns the client identification and an encrypted version of the second security credential relative to the third security credential.

Abstract: An online system customizes video conversations between users of the online system. During a video conversation, the online system presents a composite view to the participating users. The composite view may include visual representations of the users, a background graphic, or other types of graphics such as masks and props that the users can wear or interact with in the environment of the video conversation. The visual representations may be generated based on a live video feed of the users or include avatars of the users. The online system can determine the graphics based on information about the users. For instance, the online system determines a background graphic showing a location that the users have each visited. Upon viewing the background graphic, the users may be encouraged to interact with the background graphic or other graphics included in the composite view, which can promote an engaging video conversation experience.

Abstract: A system and a method for authenticating a device of a user is provided. A set of parameters of the device or the user are captured from the device. The set of parameters are categorized into first and second categories including first and second parameters, respectively. One of the first and second categories is selected based on a trust score of the device. The first challenge is generated based on the first parameters, when the first category is selected. The second challenge is generated based on the second parameters, when the second category is selected. The first or the second challenge is transmitted to the device, and a response message is received in response to the first or second challenge. The response message is validated to authenticate the device of the user.

Abstract: Embodiments are disclosed that relate generally to software defined networking (SDN), and more particularly, but not by way of limitation, to devices, systems, and methods for a security policy analysis framework for distributed SDN-based cloud computing environments. The ease of programmability in SDN makes it a great platform implementation of various initiatives that involve application deployment, dynamic topology changes, and decentralized network management in a multi-tenant data center environment. However, implementing security solutions in such an environment is fraught with policy conflicts and consistency issues with the hardness of this problem being affected by the distribution scheme for the SDN controllers.

Abstract: Provided is novel technology for secure security data transmission and more particularly for registering network-enabled security devices such as IP cameras to a security server over a public network such as to a cloud-based security service. An enrolment server is provided that is logged into using a computing device to request and receive an activation code for the security device. The activation code is then provided to the security device, e.g. directly by the computing device. The Security device authenticates itself based on the activation code and in one example provides a public key that will be used to verify its registration. Data transmissions by the device are secured in part on the basis of its registration.

Abstract: Techniques are described that provide a session management authorization token by receiving a session request message to establish a protocol data unit (PDU) session for a logical data network associated with a user equipment (UE), the session request message may include one or more session parameters; verifying that the UE is authorized to establish the PDU session for the logical data network; receiving a key associated with the PDU session; generating an authorization token based on the received key and the session parameters; and transmitting a session response message including the generated authorization token to the UE.

Abstract: A computer readable medium having instructions embodied therewith, the instructions executable by a processor or programmable circuitry of a federation server to cause the processor or programmable circuitry to perform operations including configuring a plurality of identification (ID) federations between the federation server and a plurality of applications such that each of the plurality of ID federations is between the federation server and one of the plurality of applications, receiving a first authentication request for authenticating a user who has been authenticated on a first application of the plurality of applications using an ID federation between the first application and the federation server from among the plurality of ID federations, and sending a second authentication request to a second application of the plurality of applications for authenticating the user using an ID federation between the federation server and the second application from among the plurality of ID federations.

Abstract: Disclosed is a method for web-based real-time communication by a user equipment (UE), including transmitting, to a web server, a message requesting information about an Internet protocol multimedia subsystem (IMS) network to which the UE is to access, receiving, from the web server, address information of the IMS network to which the UE is to access, in response to the transmitted message, when receiving, from the web server, an instruction to hold establishment of a bearer for a web-based real-time data service, restricting transmission of a signaling message for the web-based real-time data service until the bearer is established, and when sensing establishment of the bearer, transmitting, to an access point of the IMS network, at least one subsequent signaling message for the web-based real-time data service through the bearer.

Abstract: A server, primary client device, and secondary device may be provided. The server may be configured to receive a login request sent by a secondary client device, the login request including a secondary account identifier and an encoded image, the secondary account identifier associated with a secondary account. The server may decode the encoded image to identify a primary account identifier and an expiration time indicator encoded in the encoded image. The server may determine that the secondary account is linked with a primary account. The server may compare the expiration time indicator with the request time to determine that the encoded image has not expired. The server may authorize privileged communication with the secondary client device in response to the secondary account being linked with the primary account and determination that the encoded image has not expired.

Abstract: Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user.

Abstract: Methods are provided to authorize a secondary user device for a network service provided over a network. Responsive to receiving a request from a primary user device, a voucher may be transmitted over the network to the primary user device. A request for an authorization waiver may be received from the secondary user device over the network, wherein the request for the authorization waiver includes the voucher that was transmitted to the primary user device. Responsive to receiving the request from the secondary user device including the voucher, an authorization waiver may be transmitted to the secondary user device. Related methods of operating primary and secondary user devices are also discussed.

Abstract: Systems and methods for embodiments of artificial intelligence systems for identity management are disclosed. Specifically, embodiments of an identity management system may provide identity management in association with cloud services used by an enterprise and, in particular, may provide identity management in association with cloud based services that may be accessed through federated access providers.

Abstract: Methods, systems, and computer program products for cloud-based adaptive configuration and control of a network device include, detecting an access by a user through the network device to a cloud-based service; and responsive to the detected access, configuring the network device to be controlled by the user via a cloud-based configuration controller. Further implementations include, receiving a configuration request from the network device, wherein the configuration request includes access information pertaining to an access made by a user to a cloud-based service; determining a cloud-based identity of the user based upon the received access information; associating the cloud-based identity with an ownership identifier; forming one or more instructions to configure the network device with the ownership identifier as an owner of the network device; and transmitting the one or more instructions to the network device.

Abstract: Techniques related to login information data processing are described. In one example method, a smart contract is created based on a predetermined smart contract template. The smart contract includes login information corresponding to a user. The created smart contract is stored at a storage address in a blockchain network based on the identifier. A login information query request is received from the user, and the login information query request includes the identifier. At least one smart contract is retrieved from the blockchain network based on the identifier, and the smart contract corresponding to the user is determined from the at least one retrieved smart contract. The smart contract corresponds to the user is executed to obtain at least one login information, and sending the obtained login information to the user.

Abstract: Methods, apparatus, systems and articles of manufacture are disclosed to facilitate end-user defined policy management. An example apparatus includes an edge node interface to detect addition of a networked user device to a service gateway, and to extract publish information from the networked user device. The example apparatus also includes a device context manager to identify tag parameters based on the publish information from the networked user device, and a tag manager to prohibit unauthorized disclosure of the networked user device by setting values of the tag parameters based on a user profile associated with a type of the networked user device.

Abstract: The invention relates to an industrial testing device communicating with a data center located in a remote computer network, such as the cloud. Disclosed is a method of registering the device to the cloud and specifying the geographical location of the data center. The method includes selecting a data center from a list of available data centers based on regulations specific to a device type of the industrial testing device. Features are configured for communication between the device and the selected data center.

Abstract: Some embodiments relate to systems and methods for selection of auto parts with automatic part selection and dynamic pricing. A system may automatically connect to a plurality of auto parts electronic stores over a wide area network and receive user input specifying parts that the user desires to purchase. The user input may include vehicle information terms that may be mapped to an auto parts vocabulary particular to each respective auto parts electronic store. Required vehicle information and specific conditions for each auto parts electronic store may be automatically completed using the auto parts vocabulary particular to each auto parts electronic store and part/pricing information may be received from at least two of the auto parts electronic stores in response. At least a subset of the part/pricing information from the at least two auto parts electronic stores may be displayed.

Abstract: The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Described herein are systems and methods for providing access to a database in a multi-tenant environment, including the use of a connection pool, and support for live addition of a tenant. When a pluggable database (PDB), for use by a tenant, is added to a multi-tenant database, it can generate an event to notify the connection pool. The connection pool environment consumes this PDB-add event, and dynamically configures a new tenant to access the shared pool. Since the new tenant addition is based on receipt of an event from the database, the connection pool does not require manual configuration for that tenant. Once a tenant is added, it can borrow connections from the pool in the same manner as existing tenants, and can also share existing pool properties, such as, for example a maximum pool size, or maximum number of connections per tenant.

Abstract: Improved methods and systems for integrating client-side single sign-on (SSO) authentication security infrastructure with a mobile authorization protocol are disclosed that provide clients with secured SSO mobile access to third-party services. Embodiments of the present invention leverage SSO authentication protocols that are utilized at many client-side systems already and integrate these SSO authentication protocols with a mobile SSO authorization protocol, thereby effectively extending the SSO framework to mobile service requests of web services at third-party service provider systems. Embodiments of the present invention provide a secure and automated solution which may be implemented in any existing client-side SSO frameworks with minimum cost and time, while providing a lightweight and secure solution that provides users using either native applications or mobile web application to access third-party web services.

Abstract: A method for troubleshooting and performance analysis of a cloud based system, the method implemented by an analyzer service executed on one or more servers, and the analyzer service communicatively coupled to a network and to user devices, the method includes receiving results from execution of an analyzer application on each of the user devices, wherein the analyzer application is executed locally on user devices to perform tests comprising traceroutes and web page loads, and wherein the plurality of tests are performed both through the cloud based system to the network and directly to the network; processing the results to determine a status of the cloud based system and associated user devices communicating therewith; utilizing the status to identify bottlenecks and issues associated with the cloud based system and the network; and causing performance of remedial actions based on the identified bottlenecks and the issues.

Abstract: A method for secure electronic communication between one or more clients on one or more client computing devices. The method includes establishing a networked secure exchange server, where the networked secure exchange server comprises one or more secure electronic data exchange environments for communication between one or more clients. The method also includes providing, on one or more client computing devices, a client authentication interface operable to enable one or more authorized clients to access one or more of the secure electronic data exchange environments across a network, and enabling one or more of the authorized clients to exchange electronic communications through one or more secure electronic data exchange environments.

Abstract: An image forming system includes a first mobile terminal and an image forming apparatus. The first mobile terminal transmits first image data by carrying out first wireless communication. The image forming apparatus receives the first image data by carrying out the first wireless communication and forms an image on the basis of the first image data. The first mobile terminal includes first storage, a first communicator, and a first setting section. The image forming apparatus includes second storage, a second communicator, a second setting section, and an image forming section. The first and second storages both hold first communication setting information and are respectively able to hold second and third communication setting information.

Abstract: Various approaches enable real-time data encryption using an encryption profile that enables a customer to specify the type of data to encrypt and the encryption keys to use when encrypting the data. A profile editor that a customer (e.g., a customer of a content provider) can use to create and manage encryption profiles that can be used to encrypt data can be provided. A profile editor or set of request parameters can allow customers to configure content distributions and associate encryption keys with a profile to encrypt user sensitive data. A customer can select, define, and/or modify the encryption options or other configuration settings for a profile. Once set, the profile can be used to securely ingest user-submitted data to customers' web servers. For example, a request can be analyzed to determine data fields of the request. Based on one or more profiles associated with the customer, the data in those fields can be encrypted with the appropriate encryption key per the profiles.

Abstract: Techniques related to login information data processing are described. In one example method, a smart contract is created based on a predetermined smart contract template. The smart contract includes login information corresponding to a user. The created smart contract is stored at a storage address in a blockchain network based on the identifier. A login information query request is received from the user, and the login information query request includes the identifier. At least one smart contract is retrieved from the blockchain network based on the identifier, and the smart contract corresponding to the user is determined from the at least one retrieved smart contract. The smart contract corresponds to the user is executed to obtain at least one login information, and sending the obtained login information to the user.

Abstract: Verifying caller identification information is described. A query to verify a first communications connection associated with an observed caller ID is received. Using a second communications channel, a message to a device associated with the observed caller ID is transmitted. A response to the message is received. The message is evaluated to perform a security determination. The security determination is provided as output.

Abstract: In some embodiments, a client application at a client device can receive, from a browser application at the client device, a first message including a unique identifier associated with a session of the browser application at a website associated with a content management system. The client application can extract the unique identifier from the first message, and establish a connection between the client application and the content management system by sending, from the client application to the content management system, a second message including the unique identifier. The client application can then receive, from the content management system through the connection, a third message relayed by the content management system from the website, where the third message is associated with the unique identifier.

Abstract: A method is provided in which a JavaScript (JS) SDK file is called by an application. A plurality of login paths for logging in to the application is encapsulated in the JS SDK file. When the application is started, a running environment of the application is detected by using the JS SDK file. A login path supported by the running environment is determined by using the JS SDK file. Further, a first login path is sent to the application by using the JS SDK file. The first login path is the login path supported by the running environment and is one of the plurality of login paths.

Abstract: A network device in a network system which includes a plurality of network devices and a management system managing information collected from the plurality of network devices, the network devices comprising, a memory storing instructions; and a processor which is capable of executing the instructions causing the network device to: receive, from the management system, token information for another network device which is managed in the management system in the same management group as the network device; try communication with the another network device by using the received token information; and send information regarding the communication to the management system, wherein the token information is sent from a management application executed by the another network device to the management system, before a detection of an abnormality in the another network device by the management system.

Abstract: In an aspect of the disclosure, a method, a computer-readable medium, and a computer system are provided. The computer system includes an initialization component of a host. The initialization component obtains a process file for dynamically creating a processing component on a management platform on a BMC of the host, the process file defining a logic to be implemented by the processing component, the initialization component operating to load an operating system of the host. The initialization component sends the process file to the BMC. The initialization component further sends a message to the BMC, the message including data to be processed by the processing component.

Abstract: Systems and methods for cloud based computing systems and, more particularly, techniques for providing centralized user access to network connected computing systems are disclosed. A method for handling access commands originating from at least one source application utilizing a first format, to at least one destination application utilizing a second format is disclosed. The method comprises receiving an access command from a user using at least one source application, and determining a type for the access command based on a data payload. Generating an action based on the type for the access command and the data payload, and translating the data payload into a common format, wherein the common format is determined using the first format and the second format. Lastly, responding to the access command using the translated data payload and action, wherein the response addresses the request for user access to the network connected computing systems.

Abstract: A single sign-on system using blockchain is disclosed. The single sign-on system may interconnect various organization systems over a peer-to-peer network, with each organization system having a blockchain node and an application programming interface (API). The blockchain node invokes and uses a smart contract to write registration credentials to the blockchain during a registration process. During a login process, the blockchain node invokes the smart contract to determine whether login credentials match stored login credentials in the blockchain. In response to matching login credentials, the API may generate a single sign-on token that can be used by a user device to access one or more organization systems connected over the network.

Abstract: A method for accessing service/data of a first network from a second network includes accessing the services and data of the first network from the second network includes registering a user device with the first network to access the services or data of the first network. The user device connects with the second network and authenticates the user device with the second network subsequent to registering the user device with the first network. The user device provides connectivity information of the first network to the second network to configure the second network to access the services or data of the first network. The first network is able to provide the services or data to the second network based on the user device being registered to access the services or data prior to being authenticated with the second network.

Abstract: A query referencing a function associated with a remote software component is received by a network-based data warehouse system. Temporary security credentials corresponding to a role at a cloud computing service platform are obtained. The role has permission to send calls to a web endpoint corresponding to the remote software component. A request comprising input data and electronically signed using the temporary security credentials is sent to a web Application Programming Interface (API) management system of the cloud computing service platform. The request, when received by the web API management system, causes the web API management system to invoke external functionality provided by the remote software component at the web endpoint with respect to the input data. A response comprising a result of invoking the external functionality is received from the web API management system, and the result data is processed according to the query.

Abstract: According to at least some example embodiments, service interworking methods and systems are provided to identify registered users using different user identification systems performed by a first server having at least one processor and configured to identify registered users using a first user identification system, the method comprising: generating a first reference identifier of a first user in association with a first identifier identifying the first user in the first user identification system; managing the first reference identifier in association with the first identifier; receiving a second identifier identifying the first user in a second user identification system from the first user; and transmitting the first reference identifier and the second identifier to a second server configured to identify registered users using the second user identification system.

Abstract: Systems and methods for coordinating security operations among members of a cooperative security fabric (CSF) are provided. According to one embodiment, a first network security appliance of a CSF receives incoming network traffic and determines if the incoming network traffic is transmitted from a second network security appliance based on the source address of the network traffic. If the incoming network traffic is from the second network security appliance, the first network security appliance determines operations that are executed by the second network security appliance and then determines local operations. The first network security appliance executes local operations to the incoming network traffic.

Abstract: Systems and methods for detecting abnormal user activity comprising: tracking, by the server, during a first time period, user activity associated with an application service, determining, by the server, that the user activity associated with the application service exceeds a respective first predetermined threshold of user activity during the first time period, in response to determining that the user activity exceeds the first predetermined threshold, tracking, during a second time period user activity associated with the application service, the tracking comprising tracking a content of the user interactions with the application service, determining that the user activity exceeds a second predetermined threshold of user activity during the second time period and in response to determining that the user activity exceeds the second predetermined threshold, triggering a user challenge procedure on a client device.

Abstract: Certain aspects involve facilitating the integration of sensitive data from a data provider into an instance of a web-based, third-party application. For example, a data provider service can receive an authentication API call from a third-party system. The authentication API call can include a user identifier and a request for an access token usable by a web-based interface of the third-party system. The data provider service can generate an access token for the third-party system from which the authentication API call is received. The data provider service can subsequently receive, from the user device, a feature API call including the access token and a feature request for sensitive data. The data provider service can generate output data specific to the user identified by the access token included in the feature API call. The data provider service can provide the output to the user device via the web-based interface.