The present disclosure describes systems and methods for detection and mitigation of malicious encryption. A security agent on an infected computing device may monitor data writes to disk, memory, or network transmission buffers for strings that may represent encryption keys or moduli. The security agent may apply one or more techniques to decode and parse the string to either identify or extract the keys, or rule out the string as containing an encryption key or modulus. If a key is identified, or its presence cannot be excluded, then the security agent may generate an alert and take mitigation actions.
Embodiments of systems and methods for DNS leak prevention and protection are disclosed herein. In particular, certain embodiments include a local DNS protection agent installed on a system and an associated trusted external DNS protection server. The DNS protection agent prevents DNS leaks from applications on the system such that all DNS requests from the system are confined to requests from the DNS protection agent to the associated DNS protection server. As the DNS leak prevention provided by the DNS protection agent stops applications on the system from circumventing the DNS protection server, all DNS requests originating from the system remain under the control of the DNS protection server and thus desired DNS protection (e.g., as implemented on the DNS protection server) may be maintained. Certain embodiments prevent applications from using certain DNS security protocols, such as DoH and DoT, without going through the DNS protection agent.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
H04L 67/60 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
3.
COMPOSITE EXTRACTION SYSTEMS AND METHODS FOR ARTIFICIAL INTELLIGENCE PLATFORM
A text mining system providing NLP and NLU capabilities is operable to perform, at a first processing layer, a first operation on input data to produce metadata about the input data. At a second processing layer, a rules module applies a composite AI extraction rule to further process the input data. The composite AI extraction rule has a rule condition that leverages the metadata from the first operation and a rule action that involves a second operation. Other composite AI extraction rules involving multiple text mining operations may also be applied. For instance, a rule may specify using the tonality of a document from a sentiment analysis to classify the document according to a relevant taxonomy. Another rule may specify classifying documents of a particular type under a specific category. In this way, new/enhanced information about the input data can be deduced, validated, and/or enriched.
Systems and methods are provided for a device to obtain a query, such as from a user. The query is vectorized to obtain a numerical representation of the query and provided to a vector database to find the nearest vectors corresponding to most relevant context, such as for a particular domain or subject matter. The query, query vector, and context vectors, and optionally past query history and past query responses, are provided to an artificial intelligence, such as a large language model (LLM), to receive a response to the query without providing the context to the LLM.
A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats.
Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system.
G06F 21/33 - User authentication using certificates
G06F 21/41 - User authentication where a single sign-on provides access to a plurality of computers
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
7.
SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT TO GENERATE A WEB APPLICATION USING REUSABLE THEMES
In general, the technology relates to a method for using reusable themes. The method includes receiving, from a browser executing on a device, a request for a theme implementation file, wherein the theme implementation file defines a look and feel style for a webpage and specifies a relative location for content that is used by the look and feel style, receiving, from the browser executing on the device, a request for the content, wherein the request for the content comprises the relative location of the content, resolving the relative location for the content to generate an absolute location for the content using a location of the theme implementation file, receiving the content from the absolute location of the content and forwarding the content to the device.
Systems and methods for image modification to increase contrast between text and non-text pixels within the image. In one embodiment, an original document image is scaled to a predetermined size for processing by a convolutional neural network. The convolutional neural network identifies a probability that each pixel in the scaled is text and generates a heat map of these probabilities. The heat map is then scaled back to the size of the original document image, and the probabilities in the heat map are used to adjust the intensities of the text and non-text pixels. For positive text, intensities of text pixels are reduced and intensities of non-text pixels are increased in order to increase the contrast of the text against the background of the image. Optical character recognition may then be performed on the contrast-adjusted image.
G06V 10/82 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
G06F 18/2413 - Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
G06N 5/046 - Forward inferencingProduction systems
G06T 3/4046 - Scaling of whole images or parts thereof, e.g. expanding or contracting using neural networks
G06T 5/92 - Dynamic range modification of images or parts thereof based on global image properties
G06V 10/22 - Image preprocessing by selection of a specific region containing or referencing a patternLocating or processing of specific regions to guide the detection or recognition
G06V 10/44 - Local feature extraction by analysis of parts of the pattern, e.g. by detecting edges, contours, loops, corners, strokes or intersectionsConnectivity analysis, e.g. of connected components
G06V 20/62 - Text, e.g. of license plates, overlay texts or captions on TV images
Methods, devices and computer program products facilitate the storage, access and management of log files that are associated with particular client devices. The log files provide a record of user or client device activities that are periodically sent to a data backup center. A dedicated log file server facilitates the processing and storage of an increasingly large number of log files that are generated by new and existing client devices. A storage server pre-processes the received log files to facilitate the processing and storage of the log files by the log file server. This Abstract is provided for the sole purpose of complying with the Abstract requirement rules. This Abstract is submitted with the explicit understanding that it will not be used to interpret or to limit the scope or the meaning of the claims.
G06F 3/06 - Digital input from, or digital output to, record carriers
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
G06F 16/17 - Details of further file system functions
G06F 16/174 - Redundancy elimination performed by the file system
SYSTEMS AND METHODS FOR IMAGE BASED CONTENT CAPTURE AND EXTRACTION UTILIZING DEEP LEARNING NEURAL NETWORK AND BOUNDING BOX DETECTION TRAINING TECHNIQUES
Systems, methods, and computer program products for image recognition in which instructions are executable by a processor to dynamically generate simulated documents and corresponding images, which are then used to train a fully convolutional neural network. A plurality of document components are provided, and the processor selects subsets of the document components. The document components in each subset are used to dynamically generate a corresponding simulated document and a simulated document image. The convolutional neural network processes the simulated document image to produce a recognition output. Information corresponding to the document components from which the image was generated is used as an expected output. The recognition output and expected output are compared, and weights of the convolutional neural network are adjusted based on the differences between them.
G06V 10/82 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
G06F 18/214 - Generating training patternsBootstrap methods, e.g. bagging or boosting
G06F 18/2413 - Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
A computer system comprising a processor and a memory storing instructions that, when executed by the processor, cause the computer system to perform a set of operations. The set of operations comprises collecting domain attribute data comprising one or more domain attribute features for a domain, collecting sampled domain profile data comprising one or more domain profile features for the domain and generating, using the domain attribute data and the sampled domain profile data, a domain reputation assignment utilizing a neural network.
Embodiments disclosed herein relate to systems and methods for providing a smart cache. In embodiments, a variable time to live (TTL) may be calculated and associated with data as it is stored in a cache. The variable TTL may be calculated based upon reputation and/or category information related to the source of the data. The reputation and/or category information may include TTL modifiers for adjusting the TTL for data from a particular data source that is stored in the cache. In further embodiments, a feedback method may be employed to update reputation and/or category information for a particular data source.
H04L 67/5682 - Policies or rules for updating, deleting or replacing the stored data
G06F 12/0802 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
G06F 12/0864 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches using pseudo-associative means, e.g. set-associative or hashing
G06F 12/0875 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack
G06F 12/128 - Replacement control using replacement algorithms adapted to multidimensional cache systems, e.g. set-associative, multicache, multiset or multilevel
G06F 16/957 - Browsing optimisation, e.g. caching or content distillation
Systems and methods are provided for a device to obtain a query, such as from a user. The query is vectorized to obtain a numerical representation of the query and provided to a vector database to find the nearest vectors corresponding to most relevant context, such as for a particular domain or subject matter. The query, query vector, and context vectors, and optionally past query history and past query responses, are provided to an artificial intelligence, such as a large language model (LLM), to receive a response to the query without providing the context to the LLM.
Methods and systems for determining, presenting and analyzing API usage of an application are disclosed herein. Embodiments of an API monitor as presented herein may serve to provide tightly coupled insight into API usage by an application to ascertain and provide knowledge and visibility into API usage by an application associated with the API monitor, including API calls made by both a frontend and a backend of an application.
A protection module operates to analyze threats, at the protocol level (e.g., at the HTML level), by intercepting all requests that a browser engine resident in a computing device sends and receives, and the protection agent completes the requests without the help of the browser engine. And then the protection module analyzes and/or modifies the completed data before the browser engine has access to it, to, for example, display it. After performing all of its processing, removing, and/or adding any code as needed, the protection module provides the HTML content to the browser engine, and the browser engine receives responses from the protection agent as if it was speaking to an actual web server, when in fact, browser engine is speaking to an analysis engine of the protection module.
Systems, methods and products for enabling parallelized verification of a forensic copy generated using a non-parallelizable hashing algorithm. Disclosed embodiments generate the forensic copy of a data source using a non-parallelizable algorithm. In addition to generating a hash of the source data, intermediate hash states are stored for successive blocks of data from the data source. During verification of the forensic copy, the intermediate hash states and identifiers of the data blocks are retrieved from a data structure that is saved with the forensic copy. The non-parallelizable algorithm is used to hash each data block using the intermediate hash state preceding the data block as a starting hash state, then the hash of the data block is compared to the intermediate hash state following the data block to verify the data block. If all data blocks are successfully verified, the forensic copy is verified, otherwise verification fails.
H04L 9/06 - Arrangements for secret or secure communicationsNetwork security protocols the encryption apparatus using shift registers or memories for blockwise coding, e.g. D.E.S. systems
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
Ideogram character analysis includes partitioning an original ideogram character into strokes and mapping each stroke to a corresponding stroke identifier (id) to create an original stroke id sequence that includes stroke identifiers. A candidate ideogram character that has a candidate stroke id sequence within a threshold distance to the original stroke id sequence is selected. One or more embodiments may create a new phrase by replacing the original ideogram character with the candidate ideogram character in a search phrase. One or more embodiments perform a search using the search phrase and the new phrase to obtain a result and present the result. One or more embodiments may replace an original ideogram character in a character recognized document with the candidate ideogram character and store the character recognized document.
G06F 16/583 - Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually using metadata automatically derived from the content
G06V 10/70 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning
G06V 10/98 - Detection or correction of errors, e.g. by rescanning the pattern or by human interventionEvaluation of the quality of the acquired patterns
G06V 30/28 - Character recognition specially adapted to the type of the alphabet, e.g. Latin alphabet
Core entities are each defined as a subset of base entities that satisfy one or more core entity connection relationships. Base stories are each defined as a subset of core entities that satisfy one or more story connection relationships. A risk score of each core entity is calculated based on previously calculated risk scores of the base entities. A risk score of each base story is calculated based on the calculated risk score of each core entity of the base story. Selected base stories are extended with external content to generate corresponding extended stories.
Core entities are each defined as a subset of base entities that satisfy one or more core entity connection relationships. Base stories are each defined as a subset of core entities that satisfy one or more story connection relationships. A risk score of each core entity is calculated based on previously calculated risk scores of the base entities. A risk score of each base story is calculated based on the calculated risk score of each core entity of the base story. Selected base stories are extended with external content to generate corresponding extended stories.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.
Domain-specific images used for training an optical character recognition (OCR) machine learning model are generated as follows. Universal resource locator (URL) addresses of web pages associated with a particular domain are retrieved. Words in the web pages associated with the particular domain are determined. Domain-relevant n-grams of the words are identified for the particular domain. Corresponding domain-specific images of each domain-relevant n gram for the particular domain are generated.
G06V 10/764 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using classification, e.g. of video objects
In general, embodiments of the technology relate to a method and system for implementing a dynamic content type (DCT) in a content management system. More specifically, embodiments of the technology relate to using a DCT in order to change and/or extend the functionality of the content management system.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
Examples of the present disclosure describe systems and methods for providing advanced file modification heuristics. In aspects, software content is selected for monitoring. The monitoring comprises determining when the software content performs file accesses that are followed by read and/or write operations. The read/write operations are analyzed in real-time to determine whether the software content is modifying file content. If the monitoring indicates the software content is modifying accessed files, mathematical calculations are applied to the read-write operations to determine the nature of the modifications. Based on the determined nature of the file modifications, the actions of the software content may be categorized and halted prior to completion; thereby, mitigating malicious cyberattacks and/or unauthorized accesses.
Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
One embodiment comprises a data processing system for populating selections in an evaluation operator interface. The system may record voice sessions of phone calls, transcribe the voice sessions and store transactions including the voice sessions and transcripts. The system receives a request from a client computer for an evaluation to evaluate a transaction that was assigned an automated score according to the automated scoring template based on a transcript of the transaction having matched a lexicon. The system generates the evaluation. Generating the evaluation comprises setting an answer control for a question in the evaluation to a preselected answer based on a defined correspondence between the automated score and the preselected answer, the preselected answer selected from a defined set of acceptable answers to the question. The system may generate page code for the answer control that sets the answer control to the preselected answer.
Systems and methods for the design, deployment and utilization of targeted communications based upon audiences are disclosed. More specifically, embodiments may allow the targeting of communications to users based on a user's audience affiliation and may allow the dynamic targeting of communications based on an audience with which a user is affiliated, including audiences determined from user interactions with a web site.
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
G06Q 30/02 - MarketingPrice estimation or determinationFundraising
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies or resolving scheduling conflicts
H04N 21/658 - Transmission by the client directed to the server
28.
COMPOSITE EXTRACTION SYSTEMS AND METHODS FOR ARTIFICIAL INTELLIGENCE PLATFORM
A text mining system providing NLP and NLU capabilities is operable to perform, at a first processing layer, a first operation on input data to produce metadata about the input data. At a second processing layer, a rules module applies a composite AI extraction rule to further process the input data. The composite AI extraction rule has a rule condition that leverages the metadata from the first operation and a rule action that involves a second operation. Other composite AI extraction rules involving multiple text mining operations may also be applied. For instance, a rule may specify using the tonality of a document from a sentiment analysis to classify the document according to a relevant taxonomy. Another rule may specify classifying documents of a particular type under a specific category. In this way, new/enhanced information about the input data can be deduced, validated, and/or enriched.
Examples of the present disclosure describe systems and methods for monitoring the security privileges of a process. In aspects, when a process is created, the corresponding process security token and privilege information is detected and recorded. At subsequent “checkpoints,” the security token is evaluated to determine whether the security token has been replaced, or whether new or unexpected privileges have been granted to the created process. When a modification to the security token is determined, a warning or indication of the modification is generated and the process may be terminated to prevent the use of the modified security token.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Examples of the present disclosure describe systems and methods for behavioral threat detection definition compilation. In an example, one or more sets of rule instructions may be packaged for distribution and/or use by a behavioral threat detection engine. As an example, a set of rule instructions is compiled into an intermediate language and assembled in to a compiled behavior rule binary. Event linking is performed, wherein other rules launched by the rule and/or events that launch the rule or are processed by the rule are identified, and such information may be stored accordingly. The behavior rule binary may be packaged with other rules associated with identifying a specific behavior. The packaged behavior rule is distributed to one or more computing devices for use with a behavioral threat detection engine. For example, the threat detection engine may execute the behavior rule using a rule virtual machine.
One embodiment comprises a non-transitory computer readable medium comprising computer-executable instructions executable to access a conversation-enabled document and expose the conversation-enabled document on a conversation channel as a conversation into the conversation-enabled document. The conversation-enabled document can comprise a conversation component for controlling a conversation interface into the conversation-enabled document, the conversation component specifying conversation steps, routing between conversation steps and a document variable to accept a conversation participant response. The computer-executable instructions can be executable to set a document variable value in the conversation-enabled document based on the participant response received via the conversation interface; and render the conversation-enabled document to a response channel using the document variable and the page template.
H04L 51/02 - User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail using automatic reactions or user delegation, e.g. automatic replies or chatbot-generated messages
Peer device protection enables a first device comprising a digital security agent to remedy security issues on (or associated with) a set of devices visible to the first device. In aspects, a first device comprising a digital security agent may identify a set of devices visible to the first device. The first device may monitor the set of devices to collect data, such as types of communications and data points of interest. The digital security agent may apply threat detection to the collected data to identify anomalous network behavior. When anomalous network behavior is detected, the first device may cause an indicator of compromise (IOC) to be generated. Based on the IOC, the first device may facilitate remediation of the anomalous network behavior and/or apply security to one or more devices in the set of devices.
A method and system for a content broker, including a unified object index, where the content broker is coupled to the unified object index and receives, from a requesting entity, a request to perform an action on an object and the object is stored in the content repository. The method further including obtaining the object associated with the request from a content repository, determining, using the unified object index, a normalized object type associated with the object, obtaining a governance rule based on the normalized object type, and servicing the request using the governance rule.
A digital asset management system is enhanced with an end-to-end deep zoom feature functionality that receives a user request to generate a deep zoom image of an asset, performs an image conversion if necessary, generates the deep zoom image and stores corresponding image folders and files in a transient storage separate from assets managed by the digital asset management system, and cleans up the deep zoom files after a pre-configured time period. The deep zoom image is rendered directly from the transient storage without having to involve the repository, which is separately managed by the digital asset management system. A new Web context is created and provided for viewing the deep zoom image within a browser-based user interface of the digital asset management system for a seamless user experience.
A reconfigurable automatic document-classification system and method provides classification metrics to a user and enables the user to reconfigure the classification model. The user can refine the classification model by adding or removing exemplars, creating, editing or deleting rules, or performing other such adjustments to the classification model. This technology enhances the overall transparency and defensibility of the auto-classification process.
Examples of the present disclosure describe systems and methods for behavioral threat detection definition. In an example, a behavior rule comprising a set of rule instructions is used to define one or more events indicative of a behavior. For example, a set of events from which one event must be matched may be defined or a set of events from which all events must be matched may be defined. In some examples, events are matched based on an event name or type, or may be matched based on one or more parameters. Exact and/or inexact matching may be used. The set of rule instructions ultimately specifies one or more halt instructions, thereby indicating that a determination as to the presence of the behavior has been made. Example determinations include, but are not limited to, a match determination, a non-match determination, or an indication that additional monitoring should be performed.
Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting exploits. In aspects, various “checkpoints” may be identified in software code. At each checkpoint, the current stack pointer, stack base, and stack limit for each mode of execution may be obtained. The current stack pointer for each mode of execution may be evaluated to determine whether the stack pointer falls within a stack range between the stack base and the stack limit of the respective mode of execution. When the stack pointer is determined to be outside of the expected stack range, a stack pivot exploit is detected and one or more remedial actions may be automatically performed.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
B01D 15/18 - Selective adsorption, e.g. chromatography characterised by constructional or operational features relating to flow patterns
The present disclosure describes systems and methods for remote management of appliances. The appliance may be configured to periodically check in a predetermined online location for the presence of a trigger file identifying one or more appliances directed to contact a management server for maintenance. If the file is present at the predetermined location and the file includes the identifier of the appliance, the appliance may initiate a connection to the management server. If the file is not found, then the appliance may reset a call timer and attempt to retrieve the file at a later time. To avoid having to configure addresses on the appliance, link local IPv6 addresses may be configured for use over a virtual private network, allowing administration, regardless of the network configuration or local IP address of the appliance.
H04L 67/125 - Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks involving control of end-device applications over a network
Systems and methods of tracking chain of custody of relevant electronic documents are provided. An example method begins with receiving an electronic document collection request. In response, a set of relevant electronic documents is retrieved, a tracking unit is generated, and the tracking unit is assigned to the set of relevant electronic documents. The tracking unit includes: a state machine having at least two stages including a specification stage for specifying the electronic document collection request and a review stage for displaying the relevant electronic documents, a plurality of Chain-Of-Custody (COC) statuses, and a plurality of number of relevant document values. The chain of custody of the set of relevant electronic documents is tracked. The set of relevant electronic documents generated by the electronic document collection request is displayed by a graphical user interface.
Examples of the present disclosure describe systems and methods of automatic inline detection based on static data. In aspects, a file being received by a recipient device may be analyzed using an inline parser. The inline parser may identify sections of the file and feature vectors may be created for the identified sections. The feature vectors may be used to calculate a score corresponding to the malicious status of the file as the information is being analyzed. If a score is determined to exceed a predetermined threshold, the file download process may be terminated. In aspects, the received files, file fragments, feature vectors and/or additional data may be collected and analyzed to build a probabilistic model used to identify potentially malicious files.
Responsive to a request to access heterogeneous repositories, a REST server queries a resource registry to find resources that match mapping information contained in the request. The resource registry returns resource registry tables containing the matching resources. The resource registry tables implement a unified data structure of a resource registry model and are generated at runtime by the resource registry mapping REST service configuration parameters to the fields of the unified data structure. The REST service configuration parameters are added to an extension SDK for REST extension developers to enhance REST service configuration for extension applications. The REST service configuration parameters are configured at implementation time and loaded/scanned into the REST server at runtime. The REST server iteratively evaluates the resource registry tables until all the matching resources have been evaluated. The evaluation result is used to determine whether to reject, accept, or redirect the request from the client device.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 16/25 - Integrating or interfacing systems involving database management systems
H04L 41/5041 - Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/133 - Protocols for remote procedure calls [RPC]
H04L 67/563 - Data redirection of data network streams
H04L 67/61 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources taking into account QoS or priority requirements
H04L 67/63 - Routing a service request depending on the request content or context
42.
NOTIFICATION SYSTEMS AND METHODS FOR CENTRALIZED THREADING AND PRESENTATION OF MESSAGES
A notification center system receives a message from a message source, the message comprising a message body, the message body comprising parameter-value pairs. The notification center system processes the message body to obtain a contextual string from the parameter-value pairs, appends a source identifier to the message, the source identifier identifying the message source, and stores the message appended with the source identifier in a platform-neutral format in a message store. Utilizing the contextual string, the message is then grouped, with other message(s) or by itself, with a message thread. The message is provided to a delivery mechanism for presentation of the message under the message thread. Content-aware contextual visual indicators may be determined for the message thread and the message based on different orders of specificity. The message thread and the message can then be displayed with their corresponding content-aware contextual visual indicators to provide additional insights.
Case management systems and techniques are disclosed. In various embodiments, a hierarchical document permission model is received, the model describing a document hierarchy comprising a plurality of hierarchically related document nodes and defining for each of at least a subset of said document nodes one or more document roles and for each such role one or more document permissions with respect to that document node. The hierarchical document permission model is used to determine and enforce permissions with respect to case management instances to which the hierarchical document permission model applies.
Case management systems and techniques are disclosed. In various embodiments, a definition is received that associates a descendant case role alias with a first case node at a first hierarchical level of a hierarchical data model, the definition further associating a permission with the descendant case role alias and referencing a referenced case role associated with a second case node at a second hierarchical level of the hierarchical data model. The definition is used to extend the permission to a user assigned to the referenced case role with respect to a case instance comprising the hierarchical data model.
Examples of the present disclosure describe systems and methods for sharing memory using a multi-ring shared, traversable and dynamic database. In aspects, the database may be synchronized and shared between multiple processes and/or operation mode protection rings of a system. The database may also be persisted to enable the management of information between hardware reboots and application sessions. The information stored in the database may be view independent, traversable, and resizable from various component views of the database. In some aspects, an event processor is additionally described. The event processor may use the database to allocate memory chunks of a shared heap to components/processes in one or more protection modes of the operating system.
Examples of the present disclosure describe systems and methods for detecting and mitigating stack pivoting using stack artifact verification. In aspects, function hooks may be added to one or more functions. When a hooked function executes, artifacts relating to the hooked function may be left on the stack memory (“stack”). The location of the artifacts on the stack may be stored in a local storage area. Each time a hook in a hooked function is subsequently executed, protection may be executed to determine whether an artifact remains in the location stored in the local storage area. If the artifact is no longer in the same location, a stack pivot may be detected and one or more remedial actions may be automatically performed.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
The present disclosure relates to systems and methods for identifying highly sensitive modules and taking a remediation or preventative action if such modules are accessed by malicious software. For example, the likelihood that a module is used for an exploit, and is thus sensitive, is categorized as high, medium, or low. The likelihood that a module can be used for an exploit can dictate whether, and to what degree, an application accessing the module is “suspicious.” However, in some instances, a sensitive module may have legitimate reasons to load when used in certain non-malicious ways. The system may also consider a trust level when determining what actions to take, such that an application and/or user having a higher trust level may be less suspicious when accessing a sensitive module as compared to an application or user having a lower trust level.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/55 - Detecting local intrusion or implementing counter-measures
Disclosed is a new intelligent forms automation solution for receiving a request or submission involving multiple types of non-native forms in a consistent manner. An engine locates a field in a non-native form, extracts a globally unique identifier (GUID) from the field and form data from data fields of the non-native form. The GUID is used by the engine to identify and retrieve a virtual copy of a native form identified. The engine fills the virtual copy of the native form with form data from the non-native form. Since the native form can have an associated workflow process, the form data from the non-native form is processed through the workflow. The native form and the non-native form can be created independently of one another. In some cases, a native form can be used to create a non-native form with a hidden field containing the GUID of the native form.
Examples of the present disclosure describe systems and methods for malicious software detection based on API trust. In an example, a set of software instructions executed by a computing device may call an API. A hook may be generated on the API, such that a threat processor may receive an indication when the API is called. Accordingly, the threat processor may generate a trust metric based on the execution of the set of software instructions, which may be used to determine whether the set of software instructions poses a potential threat. For example, one or more call stack frames may be evaluated to determine whether a return address is preceded by a call instruction, whether the return address is associated with a set of software instructions or memory associated with a set of software instructions, and/or whether the set of software instructions satisfies a variety of security criteria.
Managing content is disclosed. An indication is received that a content item comprising a body of managed content is associated with a business object not included in the body of managed content. The content item is linked with the business object.
The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, fragments may be duplicated and distributed to multiple providers, such that loss of communications to any one provider does not result in inability to access the data. This implementation may be combined with error correction techniques to allow recovery, even with loss of multiple providers. File synchronization may also be faster in these implementations by dividing reading and writing operations among multiple providers.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 16/178 - Techniques for file synchronisation in file systems
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 67/1095 - Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
52.
Systems and methods for detection and mitigation of malicious encryption
The present disclosure describes systems and methods for detection and mitigation of malicious encryption. A security agent on an infected computing device may monitor data writes to disk, memory, or network transmission buffers for strings that may represent encryption keys or moduli. The security agent may apply one or more techniques to decode and parse the string to either identify or extract the keys, or rule out the string as containing an encryption key or modulus. If a key is identified, or its presence cannot be excluded, then the security agent may generate an alert and take mitigation actions.
Embodiments provide systems and methods for logging events. A computer-implemented method, for example, includes a syslog connector providing a subscription to a cloud source that collects events from a plurality of data sources, the subscription comprising an event selection criterion, receiving event records from the cloud source according to the subscription, the received event records formatted according to a first format, transforming the event records received from the cloud source from the first format to syslog messages and storing, by the syslog connector, the syslog messages to a syslog data sink.
Case management systems and techniques are disclosed. In various embodiments, a case model definition defining a case model is received. The case model comprises a hierarchical permissions model comprising a plurality of hierarchical permission nodes, the plurality of hierarchical permission nodes including a first hierarchical permission node associated with a parent case node and having an associated first case role and a first permission for the first role, and a second hierarchical permission node associated with a child case node. At run time, the first permission with respect a case instance instantiated using the case model definition is enforced. Enforcing the first permission comprising applying the first permission to a request to perform a first action on an instance of the child case node based on the first case role and first permission.
Case management systems and techniques are disclosed. In various embodiments, a trait definition is received that associates with a case node comprising a case model an object associated with an external system, e.g., a document or other content object and/or a business or other software object. The trait definition is used to bind respective instances of the object to corresponding instances of the case node in case instances created based on the case model.
Embodiments provide systems and methods for logging events. A computer-implemented method comprises receiving input for selecting one or more event types to receive from an event collector, receiving, based on the one or more event types, a plurality of security events from the event collector, transforming each of the plurality of security events to a standard format to generate a plurality of formatted security events and transmitting the plurality of formatted security events to a security information and event management (SIEM) server.
Examples of the present disclosure describe systems and methods for selective export address table filtering. In aspects, the relative virtual address (RVA) of exported function names may be modified to point to a protected memory location. An exception handler may be registered to process exceptions relating to access violations of the protected memory location. If an exception is detected that indicates an attempt to access the protected memory location, the instruction pointer of the exception may be compared to an allowed range of memory addresses. If the instruction pointer address is outside the boundaries, remedial action may occur.
G06F 21/54 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure by adding security routines or objects to programs
G06F 21/55 - Detecting local intrusion or implementing counter-measures
58.
Generation of document editors having functions specified by role policies
Examples disclosed herein relate to generation of document editors having functions specified by role policies. Examples include acquisition of a request to provide a target user a document editor for a target document type and a determination, in response to the request, of which of a plurality of role policies is associated with the target user based on a role assigned to the target user in an enterprise, wherein each of the role policies is associated with a different role for the enterprise and specifies a different plurality of document editor functions permitted to be included in a document editor for the target document type for a user assigned to the associated role.
Responsive to user interaction, a data subject assessment service, hosted on an artificial intelligence (AI) platform operating in a cloud computing environment, is operable to define a data subject, create and configure a data subject project, and add the data subject to the data subject project. The data subject project is associated with AI models, each of which models a risk having a user-adjustable risk level. The data subject project thus configured and/or customized, for instance, with a custom rule, can be run on a collection of documents to assess the data subject through data subject assessment operations. Data subject assessment results thus produced can be searched for data subject relationships, using metadata from the data subject assessment operations. This fine-tunes the data subject assessment results and produces more granular, more precise results, based on which a report can be viewed and/or generated.
Examples of the present disclosure describe systems and methods for restricting access to application programming interfaces (APIs). For example, when a process calls an API, the API call may be intercepted by a security system for evaluation of its trustfulness before the API is allowed to run. Upon intercepting an API call, the process calling the API may be evaluated to determine if the process is known to the security system, such that known processes that are untrusted may be blocked from calling the API. Further, when the security system cannot identify the process calling the API, the security service may evaluate a call stack associated with the call operation to determine if attributes of the call operation are known to the security system. If the call operation is known to the security system as untrusted, the call operation may be blocked from calling the API.
G06F 21/51 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
Examples of the present disclosure describe systems and methods of issuing certificates. One embodiment includes a non-transitory, computer-readable medium comprising computer executable instructions stored thereon, the computer executable instructions executable for receiving a certificate request from an online identity, wherein the certificate request validates a reputation of the online identity, analyzing the certificate request, based on the analysis, determining to issue a certificate, and issuing the certificate to the online identity.
Systems and methods for image based content capture and extraction utilizing deep learning neural network and bounding box detection training techniques
Systems, methods, and computer program products for image recognition in which instructions are executable by a processor to dynamically generate simulated documents and corresponding images, which are then used to train a fully convolutional neural network. A plurality of document components are provided, and the processor selects subsets of the document components. The document components in each subset are used to dynamically generate a corresponding simulated document and a simulated document image. The convolutional neural network processes the simulated document image to produce a recognition output. Information corresponding to the document components from which the image was generated is used as an expected output. The recognition output and expected output are compared, and weights of the convolutional neural network are adjusted based on the differences between them.
G06V 10/82 - Arrangements for image or video recognition or understanding using pattern recognition or machine learning using neural networks
G06F 18/214 - Generating training patternsBootstrap methods, e.g. bagging or boosting
G06F 18/2413 - Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches based on distances to training or reference patterns
Embodiments as disclosed provide data processing systems and methods for controlling an automated survey system. One embodiment comprises: a processor; a data store storing a plurality of transactions thereon, each transaction comprising transaction metadata and a voice session recording of an inbound call, the transaction metadata for each transaction comprising an identifier for that transaction; a non-transitory computer readable medium having instructions executable on the processor for: generating, by the processor, a worklist for the survey campaign to control conducting of surveys by an automated survey system that is configured to execute the worklist, the worklist comprising a work item for each of the set of transactions and each work item comprising transaction identification data for a transaction from the set of transactions and contact information for the survey target for the transaction corresponding to the transaction identification data in the work item.
A system for delivering notification messages across different notification media comprises a processor. A processor is configured to provide an indication of a new platform notification channel to one or more platform notification services. The indication is provided to one of the one or more platform notification services through a communication module specific to the one of the one or more platform notification services. The processor is configured to create a mapping from a new universal notification channel to a set of one or more platform notification channel identifiers. Each platform notification channel identifier of the set of platform notification channel identifiers is received from a platform notification service. The processor is configured to provide the set of one or more platform notification channel identifiers to a content provider of the new universal notification channel. The processor is coupled to the memory and is configured to store instructions.
System and method for the indexing and searching of multilingual documents are disclosed. In some embodiments, these multilingual search system may analyze objects (and thus similarly search queries) using a multilingual object analyzer that fragments the text (content) of the object into one or more fragments. For each of those fragments, a language detection may be performed to identify a language associated with each fragment. Once the language is identified for that fragment, the fragment can be provided to a language analyzer for the identified language. The tokens for that fragment identified by that language analysis can then be indexed for that object. In this manner, all the tokens identified for each of the fragments by the respective language analyzer used for each fragment may be stored for the object and indexed to create a multilingual index.
Case management systems and techniques are disclosed. In various embodiments, an indication to create a case instance is received. A case model definition is parsed to determine a hierarchical data model to be used to create the case instance and a placeholder data to be associated with a case node comprising the hierarchical data model. The case model definition is used to create the case instance, including by associating the placeholder data with the case node in the case instance as created.
One embodiment comprises a non-transitory, computer-readable medium embodying thereon computer-executable instructions for receiving a document design, generating a conversation-enabled document from the document design, exposing the conversation-enabled document on a conversation channel, receiving a participant response, updating the conversation-enabled document based the participant response, and rendering a communication page on a second channel using the updated conversation-enabled document. The document design comprises a page template and a conversation template. The page template specifies content of the communication page and a variable to be populated with a first variable value. The conversation template defines a state machine for an automated conversation, the conversation template specifying a variable to which the participant response is to be written.
H04L 51/02 - User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail using automatic reactions or user delegation, e.g. automatic replies or chatbot-generated messages
Examples of the present disclosure describe systems and methods for discrete processor feature behavior collection and analysis. In aspects, a monitoring utility may initialize a set of debugging and/or performance monitoring feature sets for a microprocessor. When the microprocessor receives from software content a set of instructions that involves the loading of a set of modules or code segments, the set of modules or code segments may be evaluated by the monitoring utility. The monitoring utility may generate a process trace of the loaded set of modules or code segments. Based on the process trace output, various execution paths may be reconstructed in real-time. The system and/or API calls made by the microprocessor may then be compared to the process trace output to quickly observe the interaction between the software content and the operating system of the microprocessor.
Embodiments disclosed herein relate to systems and methods for providing a smart cache. In embodiments, a variable time to live (TTL) may be calculated and associated with data as it is stored in a cache. The variable TTL may be calculated based upon reputation and/or category information related to the source of the data. The reputation and/or category information may include TTL modifiers for adjusting the TTL for data from a particular data source that is stored in the cache. In further embodiments, a feedback method may be employed to update reputation and/or category information for a particular data source.
G06F 12/0802 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches
G06F 12/0864 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches using pseudo-associative means, e.g. set-associative or hashing
G06F 12/0875 - Addressing of a memory level in which the access to the desired data or data block requires associative addressing means, e.g. caches with dedicated cache, e.g. instruction or stack
G06F 12/128 - Replacement control using replacement algorithms adapted to multidimensional cache systems, e.g. set-associative, multicache, multiset or multilevel
G06F 16/957 - Browsing optimisation, e.g. caching or content distillation
Responsive to user interaction, a data subject assessment service, hosted on an artificial intelligence (AI) platform operating in a cloud computing environment, is operable to define a data subject, create and configure a data subject project, and add the data subject to the data subject project. The data subject project is associated with AI models, each of which models a risk having a user-adjustable risk level. The data subject project thus configured and/or customized, for instance, with a custom rule, can be run on a collection of documents to assess the data subject through data subject assessment operations. Data subject assessment results thus produced can be searched for data subject relationships, using metadata from the data subject assessment operations. This fine-tunes the data subject assessment results and produces more granular, more precise results, based on which a report can be viewed and/or generated.
In general, embodiments of the technology relate to a method and system for implementing external content type (ECT) object types in a content management system (CMS). More specifically, embodiments of the technology relate to augmenting the object model with a new class of object type—an external content type (ECT) object type. The ECT object types are a class of object types that are used to manage object (referred to as managed external objects) that are located in external data systems.
Aspects of the present disclosure are operable to protect against malicious objects, such as JavaScript code, which may be encountered, downloaded, or otherwise accessed from a content source by a computing system. In an example, antivirus software implementing aspects disclosed herein may be capable of detecting malicious objects in real-time. Aspects of the present disclosure aim to reduce the amount of time used to detect malicious code while maintaining detection accuracy, as detection delays and/or a high false positive rate may result in a negative user experience. Among other benefits, the systems and methods disclosed herein are operable to identify malicious objects encountered by a computing system while maintaining a high detection rate, a low false positive rate, and a high scanning speed.
A method for referencing and updating objects in a shared resource environment. A reference counter counts is incremented for every use of an object subtype in a session and decremented for every release of an object subtype in a session. A session counter is incremented upon the first instance of fetching an object type into a session cache and decremented upon having no instances of the object type in use in the session. When both the reference counter and the session counter are zero, the object type may be removed from the cache. When the object type needs to be updated, it is cloned into a local cache, and changes are made on the local copy. The global cache is then locked to all other users, the original object type is detached, and the cloned object type is swapped into the global cache, after which the global cache is unlocked.
Systems and methods for data reporting using a data aggregator and a data retrieval tool such as a file intelligence service. The data aggregator stores two sets of data reporting tables and designates a first one of the sets of tables as an active set and the second one of the sets as a non-active set. The active set of tables stores data corresponding to a most recently successfully completed search. The non-active set stores data retrieved by the data retrieval tool from disparate data sources according to current search. The data in the active set of tables is immediately available for use in requested reports. When the data aggregator completes the current search, it designates the non-active set of tables as the active set so that the data therein becomes available for use in requested reports.
This disclosure provides a system and method for selecting an application dialog layout design based on a response pattern for a task-based application. A plurality of user interface layouts may be generated based on a first user interface layout, where the first user interface layout is associated with a task included in a process of a computer-implemented software application. One or more performance metrics associated with each user interface layout of the plurality of user interface layouts may be monitored, where the one or more performance metrics characterize a performance of the task by one or more task users. A second user interface layout may be selected based on an analysis of the one or more performance metrics. The second user interface layout may be provided to a plurality of users of a computer-implemented software application.
G06F 3/01 - Input arrangements or combined input and output arrangements for interaction between user and computer
G06F 3/048 - Interaction techniques based on graphical user interfaces [GUI]
G06F 3/0481 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
G06F 9/451 - Execution arrangements for user interfaces
G06F 11/34 - Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation
G06F 3/00 - Input arrangements for transferring data to be processed into a form capable of being handled by the computerOutput arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
78.
Creation of component templates and removal of dead content therefrom
In one example of the disclosure, a set of electronic document templates is accessed and instances of duplicated document content are identified. Display of a user notice for first duplicated document content is caused. Responsive to receipt of data indicative of a user instruction to create a component template for the first duplicated content, the component template is created and stored.
A notification center system receives a message from a message source, the message comprising a message body, the message body comprising parameter-value pairs. The notification center system processes the message body to obtain a contextual string from the parameter-value pairs, appends a source identifier to the message, the source identifier identifying the message source, and stores the message appended with the source identifier in a platform-neutral format in a message store. Utilizing the contextual string, the message is then grouped, with other message(s) or by itself, with a message thread. The message is provided to a delivery mechanism for presentation of the message under the message thread. Content-aware contextual visual indicators may be determined for the message thread and the message based on different orders of specificity. The message thread and the message can then be displayed with their corresponding content-aware contextual visual indicators to provide additional insights.
Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Examples of the present disclosure describe systems and methods for exploit detection via induced exceptions. One embodiment of a method can include generating an inspection point, the inspection point causing an exception when a set of software instructions encounters the inspection point during an execution of the set of software instructions by a processor, registering an exception handler to handle the exception associated with by the inspection point; receiving, in response to the set of software instructions encountering the inspection point, an indication of an exception, accessing a context record associated with the execution of the set of software instructions, evaluating the context record to determine if an exploit is present using the first reputation information, and based on a determination that an exploit is present, performing a corrective action for the exploit.
G06F 21/00 - Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
82.
Method and system for enforcing governance across multiple content repositories using a content broker
A method and system for a content broker, including a unified object index, where the content broker is coupled to the unified object index and receives, from a requesting entity, a request to perform an action on an object and the object is stored in the content repository. The method further including obtaining the object associated with the request from a content repository, determining, using the unified object index, a normalized object type associated with the object, obtaining a governance rule based on the normalized object type, and servicing the request using the governance rule.
Case management systems and techniques are disclosed. In various embodiments, for each of a plurality of case nodes comprising a case model a trait definition comprising a corresponding set of traits associated with that case node is received. The respective trait definitions are used to bind each set of traits to the case node with which the set of traits is associated in case instances created based on the case model.
In general, the technology relates to navigation control in a web application that includes receiving an event of a navigation trigger in a first page of a web application, and obtaining, in response to the event, an expression for the navigation trigger. The technology further includes gathering data from a first data source specified by the expression. The technology further includes evaluating the expression using the data to select a second page from a set of possible target pages, where each of the possible target pages is separately pre-stored in a data repository. The technology further includes presenting the second page.
A method for providing a dormant state for content management servers is provided. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state.
H04L 41/08 - Configuration management of networks or network elements
H04L 12/12 - Arrangements for remote connection or disconnection of substations or of equipment thereof
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
H04L 41/0859 - Retrieval of network configurationTracking network configuration history by keeping history of different configuration generations or by rolling back to previous configuration versions
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
H04L 43/0805 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability
H04L 67/00 - Network arrangements or protocols for supporting network services or applications
The present disclosure describes systems and methods for aggregation and management of cloud storage among a plurality of providers via file fragmenting to provide increased reliability and security. In one implementation, fragments or blocks may be distributed among a plurality of cloud storage providers, such that no provider retains a complete copy of a file. Accordingly, even if an individual service is compromised, a malicious actor cannot access the data. In another implementation, file fragmenting may be performed in a non-standard method such that file headers and metadata are divided across separate fragments, obfuscating the original file metadata.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
G06F 16/14 - Details of searching files based on file metadata
G06F 16/17 - Details of further file system functions
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
Examples of the present disclosure describe systems and methods for state-based entity behavior analysis. In an example, entities of a computing environment may be represented using a hierarchical entity web. In some examples, an entity may have a state associated with it, which may be modeled using a place/transition (PT) network. Events within the computing environment may be evaluated by transitions of a PT network to determine whether an entity should change state. If an entity transitions from one state to another, one or more actions may be performed, including, but not limited to, taking a remedial action, generating a recommendation, and updating the state of one or more associated entities. Thus, aspects disclosed herein may provide a high-level overview of the state of entities of a computing environment, but may also be used to view in-depth information of entities at lower levels of the hierarchical entity web.
H04L 41/0853 - Retrieval of network configurationTracking network configuration history by actively collecting configuration information or by backing up configuration information
H04L 41/0893 - Assignment of logical groups to network elements
H04L 41/0816 - Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
A method for software application optimization using natural language-based queries. The method includes obtaining a user-provided query. The user-provided query includes a constraint to be used for an identification of an application element that matches the constraint, from a set of application elements of a software application. The user-provided query is a string that includes a human language sentence. The method further includes deriving a formalized query from the user-provided query by translating the user-provided query into a syntactic construct of segmented sentence elements and obtaining the application element that matches the constraint. Obtaining the application element that matches the constraint includes deriving a pattern representation of the user-provided query from the formalized query and identifying the application element that matches the pattern representation of the user-provided query from the plurality of application elements.
An orchestration platform leverages an in-memory database for guaranteed synchronous processing of requests from origin devices. The in-memory database is created on a per-transaction basis and localized to a synchronous orchestration engine, which is a part of an orchestration platform. The in-memory database is serialized and stored in memory. To update the in-memory database, the in-memory database is deserialized and one or more database operations can be performed on the in-memory database. The updated in-memory database is communicated to a return to caller service which deserializes and extracts data from the updated in-memory database. The data is stored in a disk-based database that is accessible by an asynchronous orchestration engine. At this point, the updated in-memory database no longer exists.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
Case management systems and techniques are disclosed. In various embodiments, searching case instances is facilitated. An indication to create a composite index across hierarchical case nodes comprising a case model is received. Case instance data associated with the case model is used to generate the composite index. The composite index is made available to be used to optimize searches of a plurality of case instances with which the case instance data is associated.
A system for composing browser-based applications is enhanced with cross-tab communication capability. At design time, responsive to a configuration instruction from a user, the system configures a user interface (UI) event for a browser-based application such that the UI event is publishable across all open browser tabs at application runtime. Responsive to a publication instruction from the user, the system configures a first application page to generate the UI event at application runtime in response to a trigger and to publish the UI event to browser local storage. Responsive to a subscription instruction from the user, the system configures a second application page to periodically poll the browser local storage for the user interface event at application runtime and, in response to the UI event published by the first application page to the browser local storage, process the UI event and automatically immediately update the second application page.
Embodiments of systems and methods for DNS smart access are disclosed herein. In particular, certain embodiments include a local cache of trusted addresses resolved by a trusted DNS resolver. A DNS smart access agent monitors outbound communications from applications or processes on a client device. The DNS smart access agent blocks access to addresses that were not resolved through the trusted DNS resolver.
H04L 61/4511 - Network directoriesName-to-address mapping using standardised directoriesNetwork directoriesName-to-address mapping using standardised directory access protocols using domain name system [DNS]
93.
Systems and methods for stateless authentication and authorization using JWT access tokens
Systems and methods for secure stateless client-server communication. User credentials in a client authorization request are authenticated and used to generate a JSON web token (JWT). The JWT header and signature are encrypted and included in an HTTP-only cookie. The JWT payload is encrypted and sent to the client in a response body along with the HTTP-only cookie. Each subsequent client request includes the cookie and has the encrypted JWT payload in the request header. Upon receiving the request, the server decrypts the encrypted JWT payload from the header and decrypts the encrypted JWT header and signature from the cookie, then reconstructs the JWT from the JWT header, payload and signature. The server validates the JWT and, if valid, processes the request according to authorizations in the JWT payload.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Creating an object is disclosed. An instance of a sharable type is created. An instance of a lightweight type is created. The sharable type is designated as a parent of the lightweight type. The instance of the sharable type is designated as a parent of the instance of the lightweight type. The instance of the sharable type may be shared by one or more other instances of the lightweight type.
Migrating content between enterprise content management systems is described. A source object identifier is identified for metadata tables for content for a source enterprise content management system, based on a migration job definition. The metadata tables are retrieved from the source enterprise content management system, based on the source object identifier. A target object identifier is identified for a target enterprise content management system, based on the metadata tables and the migration job definition. An object identifier map is created that maps the source object identifier to the target object identifier. The metadata tables are stored to the target enterprise content management system, based on the object identifier map. The content for the source enterprise content management system is retrieved. The content is stored as content for the target enterprise content management system.
Cloning enterprise content management systems is described. A first remote procedure call is executed to a source database management system associated with a source enterprise content management system to retrieve a source object type from the source enterprise content management system. A second remote procedure call is executed to a target database management system associated with a target enterprise content management system to create a target object type in the target enterprise content management system, wherein the target object type is based on the source object type. Source metadata tables associated with the source object type are retrieved from the source enterprise content management system. The source metadata tables are stored as target metadata tables in the target enterprise content management system.
Systems and methods for secure stateless client-server communication. User credentials in a client authorization request are authenticated and used to generate a JSON web token (JWT). The JWT header and signature are encrypted and included in an HTTP-only cookie. The JWT payload is encrypted and sent to the client in a response body along with the HTTP-only cookie. Each subsequent client request includes the cookie and has the encrypted JWT payload in the request header. Upon receiving the request, the server decrypts the encrypted JWT payload from the header and decrypts the encrypted JWT header and signature from the cookie, then reconstructs the JWT from the JWT header, payload and signature. The server validates the JWT and, if valid, processes the request according to authorizations in the JWT payload.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
H04L 67/02 - Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
H04L 67/146 - Markers for unambiguous identification of a particular session, e.g. session cookie or URL-encoding
Systems and methods for the design, deployment and utilization of targeted communications based upon audiences are disclosed. More specifically, embodiments may allow the targeting of communications to users based on a user's audience affiliation and may allow the dynamic targeting of communications based on an audience with which a user is affiliated, including audiences determined from user interactions with a web site.
H04N 21/442 - Monitoring of processes or resources, e.g. detecting the failure of a recording device, monitoring the downstream bandwidth, the number of times a movie has been viewed or the storage space available from the internal hard disk
G06Q 30/02 - MarketingPrice estimation or determinationFundraising
H04N 21/45 - Management operations performed by the client for facilitating the reception of or the interaction with the content or administrating data related to the end-user or to the client device itself, e.g. learning user preferences for recommending movies or resolving scheduling conflicts
H04N 21/658 - Transmission by the client directed to the server
99.
SYSTEM AND METHOD FOR SYSTEM REPLICATION AND MIGRATION FOR IN-MEMORY DATABASE SYSTEMS
Systems and methods for performing server migrations in an in-memory database system environment are provided. Various embodiments of the present technology provide systems and methods for actively monitoring a queue of the in-memory database system at the target file system to determined when all of the contents of the queue have been flushed to disk. Responsive to the determination, the source file system can be shut down, and replicated to the target file system.
Examples of the present disclosure describe systems and methods for a behavioral threat detection engine. In examples, the behavioral threat detection engine manages execution of one or more virtual machines, wherein each virtual machine processes a rule in relation to a context. The behavioral threat detection engine uses any of a variety of techniques to identify when events occur. Accordingly, the behavioral threat detection engine provides event indications, in the form of event packets, to one or more virtual machines, such that corresponding rules are able to process the events accordingly. Eventually, a rule may make a determination as to the presence or absence of a behavior. As a result, execution of the associated virtual machine may be halted, thereby indicating to the behavioral threat detection engine that a determination has been made. Thus a behavioral threat detection engine employs a behavior-based approach to detecting malicious or potentially malicious behaviors.
