A first computing system may determine that a first event is represented in first data received from a second computing system. Based at least in part on the first event being represented in the first data, the first computing system may generate a time- ordered schedule of events that includes an indication of the first event, and may send, to a client device, second data representing the time-ordered schedule of events.
Described embodiments provide systems and methods for detection of the degradation of a virtual desktop environment. A computing device may receive data from a plurality of client devices. The computing device may identify a subset of client devices from the plurality of client devices with at least one characteristic in common based on the received data. The computing device may determine a ratio of the identified subset of client devices, the ratio being a comparison of client devices of the subset with a value above a first threshold to a total number of client devices of the subset, and the value being indicative of a characteristic of performance for that client device. The computing device may identify a cause of an anomaly in the performance of the application based on the ratio exceeding a second threshold.
H04L 41/0631 - Management of faults, events, alarms or notifications using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
3.
SECURE INFORMATION EXCHANGE IN FEDERATED AUTHENTICATION
Methods, apparatuses, systems, and computer-readable mediums for sharing user credentials in federated authentication are described herein. An identity provider may receive a user credential from a user device. The identity provider may receive, from a relying party, a request for an access token. The identity provider may encrypt the user credential based on a nonce that is uniquely generated for the relying party. The identity provider may send a response to the relying party. The response may include the access token, the encrypted user credential, and the nonce.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
A computer system s configured to autonomously provision at least a portion of a desktop as a service (DaaS) system is provided. The computer system includes a memory, a network interface, and a processor configured to receive, via the network interface, a request to add a catalog of virtual desktops to an account associated with a tenant of the computing service, and transmit, in response to reception of the request, a plurality of requests to the computing service. The plurality of requests comprise at least one request to create a first virtual network associated with the tenant within the computing service, at least one request to connect the first virtual network to a second virtual network within the computing service, and at least one request to create the catalog within the computing service.
A system and method for sharing resources between client devices in a virtual computing environment. A method is disclosed that includes receiving a request from a first client device for a list of available resources that are locally connected to other client devices and that are unavailable to the first client device via an enterprise service within the virtual computing environment; providing the list of available resources to the first client device; receiving a selection of a resource included within the list of available resources from the first client device; providing a push notification to a second client device connected to the selected resource to establish a connection with the selected resource; and providing, to the first client device, access to the selected resource via the established connection.
G06F 9/50 - Allocation of resources, e.g. of the central processing unit [CPU]
G06F 9/455 - Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
6.
AUTONOMOUS LEARNING OF ENTITY VALUES IN ARTIFICIAL INTELLIGENCE CONVERSATIONAL SYSTEMS
A computer system configured for autonomous learning of entity values is provided. The computer system includes a memory that stores associations between entities and fields of response data. The computer system also includes a processor configured to receive a request to process an intent; generate a request to fulfill the intent; transmit the request to a fulfillment service; receive, from the fulfillment service, response data specifying values of the fields; identify the values of the fields within the response data; identify the entities via the associations using the fields; store, within the memory, the values of the fields as values of the entities; and retrain a natural language processor usirg the values of the entities.
Described embodiments provide systems and methods for providing remote application action feed cards. A ticket can be received from a client device. The ticket can be indicative of an action of a remote application and the remote application can be accessible by a group of users. The device can receive information about the action identified in the received ticket from at least one user of the group of users in response to provision of a determined key and the received ticket to the group of users. The device can provide the received information to client devices of user of the group of users to identify actions of other users of the group of users.
A computing system may determine that first data was copied from a first application to a buffer of a first computing environment, and that the first data was received by a second application in a second computing environment. The computing system may identify second data copied from the first application to the buffer and, in response to the second data being copied from the first application to the buffer and based at least in part on the second application having received the first data, may cause the second data to be transferred from the buffer to the second computing environment. The computing system may further evaluate the second data to determine whether it includes potentially private information, and may cause the second data to be transferred to the second computing environment based at least in part on the second data being free of potentially private information.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
9.
SYSTEM AND RELATED METHODS PROVIDING CHANNEL SWITCHING BETWEEN APPLIANCES
A computing system may include a first appliance and a plurality of second appliances connected to different Points of Presence (PoPs). The second appliance may be connected to the first appliance by a plurality of different channels. The first appliance may be configured to establish a virtual connection across the plurality of different channels for data communication through the PoPs, and to switch the different channels between the second appliances without interrupting the virtual connection.
Techniques are disclosed for a hybrid undo/redo for text editing, where non- linear undo and redo operations are performed across dynamic regions in a document and linear undo and redo operations are performed within the dynamic regions in the document. In an example, the hybrid undo/redo may be achieved by maintaining respective region offset values for the dynamic regions created in a document by the edits made to the document. In operation, the respective region offset values associated with the dynamic regions can be used to negate or otherwise counteract the effect of edits made in the dynamic regions.
A method may involve receiving, by a computing system, an input indicative of an individual with whom a user of a client device is to communicate. The computing system may determine data of a plurality of applications, the data being indicative of the individual being available with at least one of the plurality of applications. The computing system may select, based at least in part on the data, a first application, from among the plurality of applications, for communication with the individual, and may cause the client device to output an indication that the first application can be used to communicate with the individual.
In some embodiments, a method for intelligent feature delivery in a computing environment can include: identifying, by a service executing within the computing environment, a first feature not enabled for a tenant of the computing environment; extracting, by the service, data about the first feature from one or more data sources; processing, by the service, the extracted data to generate data tokens; determining, by the service, one or more impact areas of the first feature using the data tokens; and providing, by the service, a recommendation to the tenant to enable the first feature or to not enable the first feature based on the determined impact areas.
Techniques are disclosed for integrated booking of rooms and media resources, such as display devices. An example methodology implementing the techniques includes responsive to an activation of an access Uniform Resource Locator (URL) on a computing device, receiving information associated with a booking of a room and a display device, generating a token for accessing the display device and providing to the computing device the token and an address of the display device. The method also includes, responsive to receiving the token from the display device, authenticating the token and, responsive to authenticating the token, allowing use of the display device.
A method for generating microapp recommendations comprises receiving observational data that characterizes interactions between users and applications. The method further comprises defining a set of correlation trees based on the received observational data. Each correlation tree in the set represents a sequence of interactions between one of the users and one or more of the applications. The set includes a first quantity of correlation trees. The method further comprises identifying a subset of similar correlation trees, each of which is included in the set. The subset includes a second quantity of correlation trees that is less than the first quantity. The method further comprises making a determination that the second quantity is greater than a threshold quantity. The method further comprises, in response to making the determination, generating a microapp recommendation based on the sequence of interactions represented by a correlation tree that is representative of the subset.
A computing system includes a server to stream a base disk image over a communications network, and a client machine. The client machine includes a read cache to store preboot data including a network driver, and a processor coupled to the read cache. The processor initiates prebooting of the client machine using the preboot data, and after the network driver is running, receives the streamed base disk image from the server via the communications network to continue booting the client machine.
Methods and systems for determining information of applications are described herein. A computing device may receive, from one or more client devices, data indicating application usage events. The computing device may determine, based on the data, popular applications that a target user regularly uses. The computing device may determine, based on the data, recommended applications that users similar to the target user regularly use. The computing device may determine, based on the popular applications and/or the recommended applications, a collection of applications for the target user. The collection of applications may be displayed on a user interface of a client device associated with the target user for expedited access of interested applications.
Methods and systems for device authentication based on generating and displaying an optically scannable visual representation of a public portion of a hardware secured encryption key (EK) are described herein. A client certificate is encrypted with the public portion of the EK based on a scan of the displayed visual representation. A connection may be established between a computing device and a server using the encrypted client certificate and a private portion of the EK to authenticate the computing device. In some implementations, a request is received from a second computing device to access a first computing device, and includes data encrypted using a public portion of an EK acquired from a displayed optically scannable visual representation of the public portion of the EK. The second computing device is provided access to the first computing device based on decryption of the encrypted data using a private portion of the EK.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
18.
TRIGGERING EVENT NOTIFICATIONS BASED ON MESSAGES TO APPLICATION USERS
In accordance with one disclosed method, a first computing system may receive a message from an application hosted on a second computing system, the message being indicative of an event of the application. In response to receiving the message, the first computing system may generate a notification indicative of the event and send the generated notification to a client device. The first computing system may receive a response to the notification from the client device, and may process the response so as to cause the application to take an action responsive to the event.
Docket No. : ID19-0104 -W001 -CTX00022WOU1 ABSTRACT OF THE DISCLOSURE Techniques are provided for secure message passing. A sender process has a clear (non-encrypted) text message to pass to a recipient process as an encrypted message. The sender generates a message encryption key (MEK) for encrypting the message and sends the MEK to a first intermediary process, which encrypts the MEK. The sender uses the MEK to encrypt the message and passes both the encrypted message and the encrypted MEK to a second intermediary process. The second intermediary verifies that the sender is authorized to send messages and retains the encrypted message and the encrypted MEK. The second intemiediary passes the encrypted message and the encrypted MEK to the recipient, which requests decryption of the encrypted MEK from the first intemiediary. The first intemiediary then decrypts the MEK and returns it to the recipient. Finally, the recipient decrypts the message using the MEK. Date Recue/Date Received 2020-12-17
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
20.
INTELLIGENT CONTEXTUAL GROUPING OF NOTIFICATIONS IN AN ACTIVITY FEED
A system determines that resource activity notifications, including at least a first notification and a second notification, are to be sent to a client device operated by a user. The first notification includes a first user interface element, and the second notification includes a second user interface element. The system determines, based on content of the resource activity notifications, that a subset of the resource activity notifications are contextually related, the subset including at least the first notification and the second notification,. The system provides the first subset of the resource activity notifications to the client device as a first group, thus enabling the user to operate a user interface of the client device to select the first user interface element to take a first action and to select the second user interface element to take a second action.
A computer system to track and enhance performance of a virtual workspace system is provided. The computer system receives requests to profile phases of a distributed process executed by hosts coupled to one another via a network. Each of phase includes operations executed by processes hosted by the hosts. Each of phase either starts with receipt of a request via a user interface of a virtualization client or ends with provision of a response to the request via the user interface. The computer system identifies event log entries that each include an identifier of an event marking a start or an end of one of the operations, constructs a performance profile based on the event log entries, and transmits the performance profile to the user interface.
OP200244 ¨ 59¨ AB STRAC T Disclosed, among other things, is a computing system that may translate a first message, which is indicative of a first event of a remote application, into a format communicable over a control channel of a cellular network, and may send the first message to a client device over the control channel. Also disclosed is client device that may translate a second message, which is indicative an action to be taken with respect to the remote application, into a format communicable over the control channel, and may send the second message to the computing system over the control channel. (FIG. 1) Date Recue/Date Received 2021-04-13
Methods and systems for automated application launching are described herein. A computing device may receive a message, the message indicative of an application for a given event and a time in which to launch the application for the given event, from a client device. Based on the content of the message, the computing device may generate a plurality of text strings based on content of the message. The computing device may identify the application based on a comparison of the plurality of text strings with one or more entries of a database of applications and may launch the application in response to the identification of the application and at the time indicated in the received message, so as to make ready the application for use for the given event.
Methods, systems, and apparatuses for discovering dynamic path maximum transmission unit (PMTU) between a sending computing device and a receiving computing device (e.g., a client device and a host device) are described herein. A sending computing device may iteratively transmit bursts of probe packets, each burst being defined by a search range between a maximum packet size and a minimum packet size. The sending computing device may iteratively update the search range based on the previous iteration until the search converges on the PMTU. When the PMTU is discovered, each of the computing devices may update their transport and presentation layer buffers based on the discovered PMTU without any other protocol level disruption. In a multi-path scenario, the computing device may discover PMTU for each of the paths and select a performance optimal path based on the individual PMTUs and other network characteristics such as loss, latency, and throughput.
One method involves parsing contents of an email file to determine a first individual who sent a first email communication represented in the file and a second individual who received the first email communication, presenting, by a display screen, a graphical user interface including a graphical representation of at least the first email communication, the graphical representation including a first icon representing the first individual, a second icon representing the second individual, and a third icon representing the first email communication, determining a selection of an icon from among at least the first icon, the second icon, and the third icon, determining that at least a first portion of the contents has a first relationship with the selected icon, and presenting an indication on the display screen corresponding to the first portion.
G06F 3/04817 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance using icons
Attorney Ref : 1313P042CA01 ABSTRACT A virtual disk is provided to a computing environment. The virtual disk includes identity information to enable identification of a virtual machine within the computing environment. A size of the virtual disk is increased within the computing environment to enable the virtual disk to act as a storage for the identity information and as a cache of other system data to operate the virtual machine. The virtual machine is booted within the computing environment. The virtual machine is configured to at least access the virtual disk that includes both identity information and caches other system data to operate the virtual machine. Related apparatus, systems, techniques and articles are also described. Date Recue/Date Received 2021-02-26
Techniques process, in a user device, pointer input from an input device. Such techniques involve providing the input from the input device to a remote desktop session which is hosted on equipment that is remote from the user device. Such techniques further involve detecting an event on the user device, the event being indicative of deactivation of the remote desktop session. Such techniques further involve, in response to detecting the event, providing the input from the input device to at least one local application executable on the user device to enable continued processing of the input from the input device with use of the at least one local application instead of the remote desktop session.
A computing device may include a memory and a processor cooperating with the memory and configured to provide a first application layer within a virtual machine responsive to a client device, with the first application layer including a first version of a first virtual application and at least one second virtual application compatible with the first version of the first virtual application. The processor may be further configured to provide a second application layer within the virtual machine responsive to the client device, with the second application layer including a second version of the first virtual application, and the second version being different than the first version in the first application layer. Further, the second version of the virtual application is not compatible with the at least one second virtual application.
Disclosed herein includes a system, a method, and a device for disabling services in a cluster. A master node of a plurality of nodes of a cluster can receive a disable instruction for a service of the cluster. The master node can transmit to the plurality of nodes a transition instruction to instruct the other nodes to stop accepting requests from one or more client devices for the service. The master node can receive, from each of the plurality of nodes, a client count value indicative of a number of current client connections from the one or more client devices to one or more respective nodes of the plurality of nodes. The master node can determine that the client count value is a zero value for each node of the plurality of nodes. The master node can transmit an out of service instruction to each node of the plurality of nodes to disable the service on the cluster.
H04L 41/0659 - Management of faults, events, alarms or notifications using network fault recovery by isolating or reconfiguring faulty entities
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
30.
DESKTOP VIRTUALIZATION WITH A DEDICATED CELLULAR NETWORK CONNECTION FOR CLIENT DEVICES
A computer system includes a virtual server to provide virtual computing sessions, and a client device to access one of the virtual computing sessions via a communications network. The client device includes a wireless transceiver connected to a cellular network. A server communicates with the client device via the cellular network based on the client device losing connectivity to the communications network. The cellular network provides a backup communications channel for the server to restore connectivity for the client device to access one of the virtual computing sessions via the communications network.
A computer system includes a client device that includes a physical power control input to change the client device between on/off states, and a virtual server running virtual machines, with the client device accessing one of the virtual machines. The computer system includes a computing platform that interfaces with the client device and the virtual server to map the client device to the virtual machine being accessed by the client device, and receive at least one power control signal from the client device based on selection of the physical power control input. The computing platform initiates, in response to the received at least one power control signal and the client device being mapped to the virtual machine, a change in an on/off state of the virtual machine to match a change in the on/off state of the client device so as to reboot the virtual machine.
Techniques are disclosed for content storage in a way that facilitates consistent and concurrent read/write processing of stored documents. An example methodology implementing the techniques includes segmenting the contents of a document into a plurality of content segments and storing the plurality of content segments within a data structure, the data structure including storage blocks having storage portions and buffer portions. The storage of the plurality of content segments includes storage of content segments within a storage portions of the storage blocks of the data structure. The method also includes receiving at least one change to the content and utilizing a buffer portion of at least one storage block to store the at least one change to the content.
Methods and systems for generation of a database schema compliant search query based on a natural language input are described herein. Natural language input may be received from a computing device. The natural language input may be associated with multiple search requests to a database. The natural language input may be parsed into a plurality of segments. The plurality of segments may be, for example, one or more words of a text string. At least one identifier for the plurality of segments may be associated with one or more confidence values. The natural language input may be converted into a single search query based on the confidence values and/or on a set of rules. The single search query may be initiated with respect to the database. The single search query may fetch content more efficiently than the multiple search requests.
Methods and systems for providing data analytics and generating real-time and historical views of network events using a single processing pipeline, managed by a single code base, are presented. A computing device may receive a stream of data indicative of a plurality of events occurring on a network. The computing device may process the stream of data to generate intermediate data and batch data using the single processing pipeline. The intermediate data may be available to generate historical views and the batch data may include a plurality of intermediate data for a time interval. The computing device may generate a historical view of the events based on a subset of intermediate data and the batch data. Finally, the computing device may provide the historical view to a processing layer to enable the computing device to respond to requests for information about the network.
H04L 43/04 - Processing captured monitoring data, e.g. for logfile generation
H04L 41/16 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks using machine learning or artificial intelligence
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
Described embodiments provide systems and methods for stream-based compression. An encoder of a first device receives an input stream of bytes including a first byte preceded by one or more second bytes. The encoder may determine to identify a prefix code for the first byte. The encoder may select a prefix code table using the one or more second bytes. The encoder may identify, from the selected prefix code table, the prefix code of the first byte. The encoder may generate an output stream of bytes by replacing the first byte in the input stream with the prefix code of the first byte. The encoder may transmit the output stream from the encoder of the first device to a decoder of a second device. The output stream may have a fewer number of bits than the input stream.
H03M 7/40 - Conversion to or from variable length codes, e.g. Shannon-Fano code, Huffman code, Morse code
H03M 7/42 - Conversion to or from variable length codes, e.g. Shannon-Fano code, Huffman code, Morse code using table look-up for the coding or decoding process, e.g. using read-only memory
36.
SECURING COMMUNICATIONS BETWEEN SERVICES IN A CLUSTER USING LOAD BALANCING SYSTEMS AND METHODS
Described embodiments provide systems and methods for securing communications between services in a cluster using load balancing. A first proxy of a first node of a cluster of nodes can receive a request for a service from at least one pod of the first node. The service can include a plurality of pods. The plurality of pods can execute in the cluster of nodes including the first node. The first proxy can select, responsive to a load balancing determination, a pod of a second node of the cluster of nodes to receive the request. An encrypted connection can be established with a second proxy of the second node. The request can be forwarded to the selected pod via the encrypted connection to the second proxy. The request can be decrypted at the second proxy and forwarded at the pod of the second node.
Typically, when a user switches sessions between devices, the user authenticates the sessions by providing user account information, password, and/or pin code input or other credentials. However, when the user is frequently switching sessions between devices, authenticating sessions may result in the user reducing or even stopping switching across mobile devices. Systems and methods according to this disclosure provide automatic session roaming across mobile devices using proximity authentication. Upon detecting an indication to initiate session roaming, the source device automatically roams the session on the source device to a target device based on a proximity of the source device to the target device. The session is handed off from the source device to the target device as an authenticated user session.
H04L 12/20 - Arrangements for providing special services to substations for converting transmission speed from the inherent speed of a substation to the inherent speed of other substations
38.
UNIFIED ACCESSIBILITY SETTINGS FOR INTELLIGENT WORKSPACE PLATFORMS
Described embodiments provide systems and methods for providing cross-application adaptive services. A computing system may receive, from a first client device, an identification of an user access requirement. The computing system may retrieve, from a requirement-adaptive service database, a system configuration corresponding to the user access requirement. The computing system may configure a hosted application according to the retrieved system configuration. The computing system may provide, to the first client device for rendering by an application of the first client device, the configured hosted application.
A first device connected to a network via a first connection may perform a method that involves determining a need for improved communication between the first device and the network, receiving a message from a second device that includes an indication of at least one performance parameter of a second connection between the second device and the network, establishing a peer-to-peer connection between the first device and the second device based at least in part on the indication, and communicating with the network via a communications channel that includes the peer-to-peer connection and the second connection.
Described herein are systems and methods for updating configuration of a device based on changes to microservices. A device may receive a request via a desired state application programming interface (API) to update a configuration of the device to manage a desired set of instances of microservices. The device may identify from the request, a first set of endpoint information for each instance of a microservice in the desired set of instances of microservices. The first set of endpoint information may include an internet protocol (IP) address and port of an endpoint of a respective instance of the microservice. The first set or second set of endpoint information may include a weight for each instance of the microservice.
H04L 41/082 - Configuration setting characterised by the conditions triggering a change of settings the condition being updates or upgrades of network functionality
G06F 9/44 - Arrangements for executing specific programs
A virtual server includes at least one processor to create a single composited layered image comprising an operating system layer and an application shortcut that includes a representation of an application while not including the application. The single composited layered image is provided as a virtual session to a client computing device. An application layer is mounted to the single composited layered image in response to a user of the client computing device interacting with the application shortcut, with the application layer including the application.
Systems and methods described herein provide for management of notifications. A computing device in communication with a client device receives a notification from at least one notification source. The notification may be for rendering on a screen at the client device. A policy engine of the computing device may identify a context of the notification. The policy engine may add a tag to the notification according to the identified context to control rendering of the notification at the client device. The computing device may transmit the notification with the tag to a notification service at the client device. The notification service may be configured to manage the notification at the client device in accordance with the tag.
Systems and method for controlling delivery of notifications on a per user basis. An agent, executed by a virtual machine, can establish one or more hooks to intercept notifications from an operating system of the virtual machine and one or more virtualized applications executed by the virtual machine accessible by a plurality of users. The agent can intercept, via the one or more hooks, a plurality of notifications for a plurality of users generated by the one or more virtualized applications or the operating system. The plurality of notifications can be sorted on a per user basis. The agent can communicate each user's notifications to a notification service to sort and aggregate the notifications with notifications from a plurality of applications used by each of the plurality of users. The notification service can select one or more notifications to provide to at least one device of a user.
A computing system may include a computing device configured to store and update published resource entitlements for a plurality of client devices. The system may further include a plurality of virtual delivery appliances configured to receive connection requests from the client devices, with the connection requests including a connection lease issued based upon the published resource entitlements for the client devices, request validation of the connection leases from the computing device, and provide the client devices with access to virtual sessions corresponding to the published resource entitlements responsive to validation of connection leases from the computing device. The computing device, responsive to validation requests from the virtual delivery appliances, may also compare the connection leases to the updated published resource entitlements and validate virtual session requests based thereon.
A computing system may include client devices configured to request connections to virtual sessions using connection leases issued based upon published resource entitlements, and a computing device configured to store and update the published resource entitlements. The system may also include a virtual delivery appliance configured to provide the client devices with access to the virtual sessions based upon connection descriptor files. A connector appliance may be configured to receive connection requests from the client devices including the connection leases, request validation of the connection leases from the computing device, and resolve the connection leases to the virtual delivery appliance and return a session validation to the client devices responsive to validation of the connection leases. The client devices may be configured to generate the connection descriptor files responsive to the session validations, and initiate connections with the virtual delivery appliance using the generated connection descriptor files.
Described embodiments provide systems and methods for hosted resource configuration, with intelligent personalization of a user's workspace experienced based on the user's available time. The system analyzes the user's schedule, location, and work habits, and prioritizes and maps tasks to available time slots, enabling the system to be more efficient, with less time identifying and selecting next tasks. The system may identify a period of time in which a user can perform a task associated with a hosted application; may identify at least one task associated with the hosted application, the at least one task including a duration within that of the identified period of time, and may provide, to a client device of the user, content of the hosted application based on the identified at least one task, the content enabling the user to accomplish the at least one task within the identified period of time.
Described herein are systems and methods for identifying a down, inactive or missing network link or microservice of a service graph.The system and methods described herein may identify a service graph for monitoring. The system and methods described herein may monitor the service graph topology, such as services and networks. The system and methods described herein may determine a link or node is down or inactive. The system and methods described herein may display indications in the service graph that the ode or link is down or inactive. The implementations described herein may increase the efficiency of diagnostics and monitoring of the links and nodes and may decrease downtime as a result of incidents by providing a faster mechanism by incidents may be remediated.
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 43/0811 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
48.
AUTOMATICALLY REPLICATE API CALLS TO SEPARATE DATA CENTERS
Described herein are systems and methods for transparent resiliency to multiple data centers. The systems and methods depicted determine if an application programming interface (API) call is idempotent. If the API call is idempotent, the calls can be concurrently forwarded to multiple datacenters. If the API call is not idempotent, the calls can be sent to each of a multiple datacenters in turn until a response is received or timeout occurs. Automatically providing multi-region calls in synchrony provides a faster response time during data center or regional failures. Automatically providing multi-region calls in synchrony at the appliance server side, moves the logic out of the client and into a transparent and centrally managed service. This can allow business logic to focus on the core logic and not on logic to retry requests or manage the multi -regional aspect of a dependent service
H04L 69/00 - Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
49.
SYSTEMS AND METHODS FOR VIRTUAL SESSION CONNECTION USING COMPONENT-BASED CONNECTION LEASES
A computing device may include a memory and a processor cooperating with the memory and configured to generate connection leases for published resources selected by client devices. The connection leases may provide instructions for connecting the client devices to virtual computing sessions corresponding to the published resources. Each connection lease may include a published resource lease component unique to the selected published resource, and a common lease component shared by a plurality of different published resources.
H04L 67/10 - Protocols in which an application is distributed across nodes in the network
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
A computing device may include a memory and a processor configured to cooperate with the memory to store an authentication token having first and second authentication credentials associated therewith. The first and second authentication credentials may be different from one another. The processor may further cooperate with a server to access a session based upon the authentication token.
Described embodiments provide systems and methods for managing client requests to access services provided by a data center. A method can include identifying, by a first device, metrics of client requests to a service communicated from a plurality of clients via one or more Internet service providers (ISPs) to a data center including a plurality of servers providing the service. The method can include identifying metrics of application programming interface (API) requests communicated between a plurality of microservices of the service responsive to the client requests being forwarded to the plurality of servers. The method can include identifying metrics of responses to the client requests. The method can include displaying a service graph generated to identify, via the metrics, an issue with at least one of the one or more ISPs, the plurality of microservices, or one or more WAN links.
Described embodiments provide systems and methods for steering network traffic using dynamically generated configuration scripts. A first device may generate a configuration script for an application on the client for connecting with a server. The configuration script may specify the application to establish a direct connection or an indirect connection with the server. The first device may provide the configuration script to be invoked by the application to identify a first address to access the server based on a determination to establish the direct connection or the indirect connection. The first device may receive, from the client, an initiation request to connect with the server including the first address. The first device may determine second address by applying a routing policy to the first address. The first device may establish one of the direct connection or the indirect connection using the second address.
The implementations described herein provide a tool for identifying security issues and applying security policies to the service(s) and/ or microservices. Rather than a user (such as an administrator) reactively diagnosing security incidents, the systems and methods described herein may provide a tool by which the user can proactively monitor the use of the services and microservices for security issues and control the use of such microservices and services via policies. The systems and methods allow API granular policy control to determine which APIs may be granted or denies access based on a variety of criteria, such as but not limited to the source of the request, the specific API being called, temporal conditions, geography and so forth. The user can identify security concerns or issues on a per API basis.
Described embodiments provide systems and methods for recording metadata about a microservice for requests to the microservice. A device configured as a proxy to one or more microservices of a service can receive a registration request to register a microservice of the one or more microservices with the device. Metadata can be received during registration of the microservice with the device. The metadata can identify an identifier of the microservice, a deployment version of the microservice and a region of deployment of the microservice. The device can store the metadata in association with the microservice and record the metadata of the microservice registered with the device in association with a plurality of requests. The device can identify, via a user interface and the metadata recorded to the log, a change in operation of the microservice in connection with one of the deployment version or the region of the microservice.
Techniques are disclosed for rendering a watermark on content in a manner as to not obfuscate or otherwise cause visual defects to data elements in the content. An example methodology implementing the techniques includes segmenting a watermark to be rendered on the content into multiple watermark pieces. Then, prior to rendering a particular watermark piece, a check is made to determine whether there is a data element at the location in the content at which the particular watermark piece is to be rendered. If a data element is detected at that location, the particular watermark piece is rendered such that the data element overlays the particular watermark piece to render the watermark as a masked watermark. Otherwise, if no data element is detected at that location, the watermark piece is rendered on the content to be visible. The process is repeated to render the remaining watermark pieces.
Described embodiments provide systems and methods for using a call chain to identify dependencies among a plurality of microservices. A device intermediary to a plurality of microservices can receive a first request to access a first microservice. The processing of the first request can cause the first microservice to communicate a second request to a second microservice. A first unique identifier can be generated for the first request to the first microservice and the device can establish a call chain for identifying a plurality of requests to a first microservice through a last microservice of the plurality of microservices accessed responsive to the first request. The device can forward the first request including the call chain to the first microservice and the second request including the call chain to the second microservice. The device can identify, via the call chain, that the first microservice depends on the second microservice.
A method includes retrieving, by a workspace client on a computing device, a first set of resource associations from a workspace server. The first set of resource associations identify one or more data file-types executable by each application on a virtualization server. The method also includes generating, by the workspace client, from the first set of resource associations, a second set of resource associations. The second set of resource associations identify a subset of applications on the virtualization server operable to perform operations on each of the one or more data file-types. The method further includes obtaining, by a storage provider client on the computing device, the second set of resource associations. The storage provider client is configured to enable one or more applications on the virtualization server to execute at least one data file accessible from a storage provider.
Methods and systems for file locking are described herein. An on-premise file share may store files that are accessible to both a local on-premise client and a remote off-premise client. The off-premise file share may request to check-out one of the files. In response, one of multiple nodes may obtain for the file a file handle with exclusive write access. File locking information may be stored at the file share that indicates the node that holds the file handle and that indicates the file is in a locked state whereby other remote off-premise clients or local on-premise clients are prevented from editing the file.
Described embodiments provide systems and methods for securing offline data for shared accounts of a shared computing device. Cache files can be generated for a plurality of users of an application executable on the device to store user data corresponding to individual users of the application. An encryption key can be generated for one or more of the cache files and the encryption key can be associated with at least one user of the application. The encryption key can be associated with a user identifier so that the encryption key is not accessible by other users of the computing device. The user data can be encrypted in one of the cache files with the encryption key. The encrypted user data can be presented to a user via the shared computing device based on receipt of a user identifier that enables access to the encryption key.
G06F 21/30 - Authentication, i.e. establishing the identity or authorisation of security principals
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
G06F 21/80 - Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
G06F 12/14 - Protection against unauthorised use of memory
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
60.
COMPUTING SYSTEM WITH DUAL VIRTUAL DELIVERY AGENT REGISTRATION AND RELATED METHODS
A computing system may be in communication with client computing devices. The computing system may include a cloud infrastructure, an offline cache, and a VDA configured to concurrently have a first registration with the cloud infrastructure, and a second registration with the offline cache, and provide corresponding virtual desktop instances for the client computing devices based upon either the first registration or the second registration. The offline cache may be configured to broker local resources for the virtual desktop instances when the cloud infrastructure is unavailable. The VDA may be configured to transition to the offline cache using the second registration when the cloud infrastructure is unavailable.
A computer system is provided. The computer system can include a memory, a network interface, and at least one processor coupled to the memory and the network interface. The at least one processor can be configured to identify a file to provide to a computing device; predict a geolocation at which the computing device is to request access to the file; predict a network bandwidth to be available to the computing device at the geolocation; determine, based on the file and the network bandwidth, a first portion of the file to store in a cache of the computing device; and download, via the network interface, the first portion of the file to the cache.
When a user interacts with a web page application rendered and displayed by a browser on a device, changes to the web page associated with the user interaction might not be identically or otherwise appropriately rendered and displayed across browsers and/or devices that are different from the user's browser and device. Thus, it is important to ensure compatibility of web content across different browsers and/or devices during front end development and testing of a web page application. Systems and methods detect changes affecting a web page rendered by a browser on a device and synchronously or asynchronously duplicate the detected changes in the copies of the web page rendered and displayed by different browsers and/or devices.
Methods and systems for a unified application notification framework are described herein. A server may receive a notification from a service provider. The service provider may be associated with an application executable on a virtual machine. The virtual machine may be part of a virtual environment that includes a user interface. The server may determine an identifier for the received notification. The identifier may indicate the application on the virtual machine associated with the service provider. The server may provide the received notification to the user interface for display to a user. The received notification may be displayed without execution of the application on the virtual machine.
Methods and systems for automatic image capture are described herein. A user device may determine a reference orientation of the user device. The user device may monitor orientations of the user device as the user device is moved and/or rotated. Based on the reference orientation and the monitored orientations, the user device may determine to automatically capture images. The user device may organize captured images into a file for storing and/or sharing.
Methods and systems for a centralized notification service are described herein. The centralized notification service may store notification data received from a plurality of devices and workspaces in a notification database. The notification database may store user account information, associated device and workspace information, associated application information, and notifications received or retrieved from each device and application associated with a user account. The notification service may receive notification data from a plurality of applications based on hooks injected into applications or into a notification manager service.
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
Methods and systems for path selection involving remote access protocols and/or user behavior are described herein. A request, from a first computing device, for content hosted on a second computing device may be received. Based on network state metrics, remote access protocol metrics, and/or user experience metrics, a path of a plurality of paths between the first computing device and the second computing device may be selected. The path need not be the most direct path between the first computing device and the second computing device, and may comprise remote access to a computing device on an intermediary server. Based on user behavior analysis performed with respect to user input data, a path may be re-selected, and/or the network state metrics, remote access protocol metrics, and/or user experience metrics may be weighted.
H04L 43/0817 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking functioning
H04W 40/02 - Communication route or path selection, e.g. power-based or shortest path routing
Methods and systems for recommending files to users are described herein. Files may be recommended to a user within a file sharing service. A recommender system may intelligently recommend files to users according to their preferences through machine learning. In addition, a recommender system may recommend files based on what is popular within a group to which the user belongs. The recommendations may be adjusted based on user interaction with one or more recommended files.
A computing system includes a mobile device having a wireless transceiver and an orientation sensor that senses orientation of the mobile device and generates orientation data based on the sensed orientation. A controller converts the orientation data to graphical pointer data, which is transmitted via the wireless transceiver to a local computing device, which translates the graphical pointer data to represent a graphical pointer being displayed on its display. The graphical pointer is controlled on the display of the local computing device by changing orientation of the mobile device.
Methods and systems for tracking image senders using client devices are described herein. A computing system may receive an image containing a first watermark vector corresponding to a user account of an image sender. The computing system may convert the image to a frequency domain image that contains the first watermark vector. From the frequency domain image, the computing system may identify the first watermark vector. The computing system may compare the first watermark vector to each of a plurality of stored watermark vectors, each corresponding to a known user account, to determine a probability of a match. The computing system may determine the user account of the sender of the image by determining which of the plurality of stored watermark vectors has a highest probability of a match, and may send, to a workplace administrator platform, an indication of the user account.
A virtual server includes one or more processors to determine a user layer from a user's personalization container, with the user layer associated with a source operating system computing environment and configured to store modifications to file system objects and registry objects made by the user within the source operating system computing environment. A snapshot of differences between a source operating system layer within the source operating system computing environment and a target operating system layer within a target operating system computing environment is determined. The user layer is modified based on a migration policy so that the file system objects and registry objects are compatible with the target operating system computing environment.
Methods and systems for authorizing a service request between two services in a network environment are disclosed. One method includes, in a recurring background process occurring separate from a service request, having a target service obtain a pre-authorization token including a signature of the request service. In response to confirming the pre- authorization token was issued by the request service, the pre-authorization token is acknowledged and stored for access by instance(s) of the target service. The acknowledged pre-authorization token is saved for use with service requests to the target service from the request service. In response to receiving a service request including pre- authorization token at an instance of the target service,the method confirms the pre-authorization token matches a stored, acknowledged pre-authorization token, and, if so confirmed, authorizes the service request. Pre-authorization tokens have a set duration. The methods and systems reduce computational overhead of the authorization, resulting in decreased latency.
H04L 67/63 - Routing a service request depending on the request content or context
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
72.
CLIENT COMPUTING DEVICE PROVIDING END-TO-END QUALITY OF SERVICE (QOS) CONTROL FOR SOFTWARE AS A SERVICE (SAAS) SESSIONS AND RELATED METHODS
A client computing device for use with a server configured to provide Software as a Service (SaaS) application sessions is provided. The client computing device may include a memory and a processor cooperating therewith to run a SaaS application session based upon a SaaS application data stream between the client computing device and the server, determine an end-to-end Quality of Service (QoS) for the SaaS application session, and change the SaaS application data stream based upon changes in the end-to-end QoS for the SaaS application session.
H04L 67/61 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources taking into account QoS or priority requirements
H04L 43/08 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters
A computing system includes a web server, client computing devices, a proxy between the web server and the client computing devices, and an analytics server. Each client computing device is operated by an end-user to access an application based on end-user events resulting in representational state transfer (REST) calls to the web server. The proxy passes through the REST calls to the web server and returns responses from the web server, with the return responses corresponding to activities being performed within the web application. The analytics server correlates the end-user events with the corresponding REST calls and return responses from the proxy for each client computing device, and uses vectorization to compare similar activities. The analytics server associates the similar activities with a quality indicator to identify anomalies within the application for corrective action to be taken.
A computer system may include a client computing device configured to run a native session of a Software as a Service (SaaS) application. The system may further include a server configured to run a hosted session of the SaaS application for the client computing device. The client computing device and the server may cooperate to switch between the native session of the SaaS application and the hosted session of the SaaS application based upon a context associated with the client computing device.
Methods and systems for shared file conflict detection on a computing device are described herein. A computing device stores a shared file that may be accessed by a variety of other computing devices. An operating system executing on one or more computing devices generates file handles corresponding to file operations associated with the shared file. One or more of the computing devices may receive, from a remote computing device, a request for a file operation associated with the shared file. A notification corresponding to file handles associated with the shared file may be transmitted to a user. The request for the file operation may be implemented or rejected based on file handles associated with the shared file, the file operation, and/or whether the file operation may cause an application to crash or cause data corruption.
G06F 16/176 - Support for shared access to files; File sharing support
G06F 8/71 - Version control ; Configuration management
G06F 9/52 - Program synchronisation; Mutual exclusion, e.g. by means of semaphores
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
76.
SYSTEMS AND METHODS FOR CONFIGURING THE USER INTERFACE OF A MOBILE DEVICE
Systems and methods for adjusting a user interface presented in a mobile device display. A method for adjusting a user interface presented on a mobile device display includes receiving sensor data from one or more sensors of a mobile device, determining a hand of a user that is holding the mobile device based on the received sensor data, and adjusting the user interface presented on the mobile device display based on the determination.
G06F 3/01 - Input arrangements or combined input and output arrangements for interaction between user and computer
G06F 3/0484 - Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
G06F 3/04883 - Interaction techniques based on graphical user interfaces [GUI] using specific features provided by the input device, e.g. functions controlled by the rotation of a mouse with dual sensing arrangements, or of the nature of the input device, e.g. tap gestures based on pressure sensed by a digitiser using a touch-screen or digitiser, e.g. input of commands through traced gestures for inputting data by handwriting, e.g. gesture or text
G06F 1/16 - Constructional details or arrangements
77.
COMPUTING SYSTEM WITH GATEWAY DATA TRANSFER BASED UPON DEVICE DATA FLOW CHARACTERISTICS AND RELATED METHODS
A computing system may include a server, client computing devices, a gateway device in communication between the server and the client computing devices, and a local device to be coupled to a given client computing device and to be operable in a given virtual desktop instance associated with the given client computing device, thereby generating client initialization packets. The gateway device may be configured to when the local device is coupled to the given client computing device, determine whether a client packet from a plurality of client initialization packets is within a client mapping table, replace the client packet with a client mapping ID number to define compressed client initialization packets, and send the compressed client initialization packets to the server. The server may be configured to replace the client mapping ID number with the client packet in the compressed client initialization packets based upon a server mapping table.
A computing system includes a server, and a client computing device in communication with the server. The server is configured to provide a corresponding virtual desktop instance for the client computing device. The computing system may include a local device to be coupled to a given client computing device and to be operable in a given virtual desktop instance associated with the given client computing device, thereby generating client initialization packets. The server may be configured to generate a server mapping table. The given client computing device may be configured to generate a client mapping table, replace a client packet with a client mapping ID number to define compressed client initialization packets, and send the compressed client initialization packets to the server. The server may be configured to replace the client mapping ID number with the client packet in the compressed client initialization packets based upon the server mapping table.
Methods and systems are describe herein for optimized selection of wireless communications networks when multiple wireless communications networks are available to or for selection by a wireless communications device. A wireless communications device may select an optimal network on a per-application and/or per-transmission basis based on one or more policies defined and managed by the device and/or based on dynamic selection of a wireless network based on one or more probed network characteristics (e. g., latency, cost of traffic, data security, etc. ). When a state of the device satisfies conditions specified by the policies managed and enforced on the device (e. g., in an enterprise mobility management system), then the wireless network may be selected a defined by the applicable policy. However, when the state of the device does not match an existing policy, then wireless network selection may be based the dynamic probed of the various networks to determine a preferred wireless network.
Systems and methods for application security are provided herein. A server can receive data from a variety of different sources to perform a security assessment of an application executing on a device. The server can identify security capabilities of first and second instances of the application based on properties of the first and second instances of the application and a plurality of application program interfaces (APIs) corresponding to the first and second instances of the application. The server can determine a difference in security capabilities of the first and second instances of the application. The difference in security capabilities indicating a security vulnerability of the first instance of the application. The server can provide application data to the application executable on the mobile device in response to the difference in security capabilities of the first and second instances of the application being at or above a threshold level.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
81.
COMPUTER SYSTEM PROVIDING VIRTUAL COMPUTING SESSIONS THROUGH VIRTUAL DELIVERY AGENT LEASING WITH ENHANCED POWER SAVINGS AND CONNECTIVITY AND RELATED METHODS
A computer system may include a plurality of client computing devices, and a plurality of host computing devices each configured to provide virtual computing sessions for the client computing devices. Each host computing device may have a virtual delivery agent (VDA) associated therewith configured to connect the client computing devices with the virtual computing sessions. The VDAs within a first group may be configured to operate during off-peak hours, and VDAs within a second group different than the first group may be configured not to operate during the off-peak hours. The client computing devices may be configured to request virtual computing sessions from the VDAs in accordance with respective VDA leases, and each VDA lease may include at least one of the VDAs from the first group.
Methods and systems for augmenting communications using input data from mobile devices are described herein. A computing device may establish a connection with a mobile device having one or more input devices. The computing device may display a barcode that, when scanned by a mobile device, causes the mobile device to access a web page. The web page may be configured to cause the mobile device to transmit, e.g., via a web browser executing on the mobile device and to the computing device, input data from the input devices. The input data may be used by the computing device to replicate a physical input device connected to the computing device. The computing device may transmit the input data to a different computing device.
Methods and systems for securely using a web application to invoke an application to complete a task are described herein. The application may use identity information provided by the web application to determine whether to comply with requests from the web application. The web application may send the request to the application via a browser. The request may include the origin of the request in an origin header to prevent malicious websites from spoofing the origin of the request. The application may exchange information with a trust service to determine whether the web application domain is trusted and/or belongs to the same organization of the user.
A server for detecting a proxy device in a communications path may include a processor and a memory associated therewith. The processor may obtain an encrypted first portion of an encryption key from the client device. The encryption key may be based upon user-input credentials for a given user. The processor may also communicate an encrypted second portion of the encryption key to the client device based upon determining that the encrypted first portion matches a corresponding first portion of the encryption key indicative of an absence of the proxy device in the communications path. The processor may also detect a loss in connectivity between the server and the client device in response to the client device determining that the decrypted second portion of the encryption key does not match a corresponding second portion of the encryption key indicative of a proxy device in the communications path.
H04L 43/0811 - Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters by checking availability by checking connectivity
H04L 67/143 - Termination or inactivation of sessions, e.g. event-controlled end of session
H04L 9/32 - Arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system
85.
METHOD FOR OPTIMAL PATH SELECTION FOR DATA TRAFFIC UNDERGOING HIGH PROCESSING OR QUEUING DELAY
Described embodiments provide systems and methods for path selection proportional to a penalty delay in processing packets. A server-side intermediary may identify a delay penalty for processing packets of a server destined for a client. The server-side intermediary may be in communication via links of different latencies with a client-side intermediary. The server-side intermediary may select a second link with a latency that deviates from the lowest latency of a first link by the delay penalty. The server-side intermediary may transmit, to the client-side intermediary, duplicates of the packets via the selected second link with information indicating to hold the duplicates at the client-side intermediary. The server-side intermediary may receive an indication to drop or send the duplicates to the client. The server-side intermediary may transmit the indication to the client-side intermediary to drop or send the duplicates according to the indication.
H04L 67/288 - Distributed intermediate devices, i.e. intermediate devices for interaction with other intermediate devices on the same level
H04L 67/61 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources taking into account QoS or priority requirements
Systems and methods described herein provide for management of notifications. A server may receive proximity information indicative of a distance between the client device and a user of the client device, and idle state information of the client device. The server may determine a notification protection level using the proximity information and the idle state information. The server may receive a notification from the at least one notification source. The notification is for rendering on a screen of the client device. The notification manager may manage delivery of the received notification, according to the determined notification protection level.
A technique for managing communications over a network maintains multiple network paths simultaneously, exchanging the same data redundantly through the network paths and allowing a receiver to select one of the network paths as its source of data. In the event that a first, currently-selected network path becomes weak, for example, the receiver automatically and seamlessly switches its source of data to a second network path, while the first network path remains operational.
H04L 41/0668 - Management of faults, events, alarms or notifications using network fault recovery by dynamic selection of recovery network elements, e.g. replacement by the most appropriate element after failure
H04W 48/18 - Selecting a network or a communication service
H04L 41/0681 - Configuration of triggering conditions
Described embodiments provide systems and methods for invalidating a cache of a domain name system (DNS) information based on changes in internet protocol (IP) families. A mobile device having one or more network interfaces configured to communicate over a plurality of networks using a plurality of internet protocol (IP) families is configured to maintain a cache storing DNS information of one or more IP addresses of a first IP family of the plurality of IP families used by the mobile device for a connection to a first network of the plurality of networks. The device can detect a change in the connection of the mobile device from the first network using the first IP family to a second network using a second IP family different from the first IP family and flush at least the DNS information of one or more IP addresses of the first IP family from the cache to prevent use by the mobile device of an IP address that corresponds to an invalid cache entry.
Systems and methods for Optical Character Recognition ("OCR") based anti- spoofing for Unicode homograph. The method comprises: performing operations by a computing device to make an OCR identification on an original electronic address so as to obtain an OCR electronic address; encoding (a) the original electronic address to obtain an encoded access address and (b) the OCR electronic address to obtain an encoded OCR electronic address; comparing the encoded access address to the encoded OCR electronic address; and determining if a Unicode homograph spoofing situation exists based on results of the comparing.
90.
SECURE CONNECTION ESTABLISHED WITH THE USE OF ROUTING TOKENS
Systems and methods for establishing a secure connection are described. A server receives a plurality of routing tokens for establishing a service connection between a service node and the server along a network path through a plurality of network devices. The routing tokens can be validated by a corresponding network device. The server transmits a packet including the routing tokens to a first network device. The first network device validates a first routing token associated therewith, then directs the packet along the network path to a second network device, and so forth, until each of the network device receives and validates their routing token. The server establishes a cryptographic context between the service node and server for establishing a secure channel between the service node and the server. The server transmits a service node routing token to the service node via the secure channel for validation.
A multiple application display method is provided. An enterprise application management server (510) may determine one or more of secondary applications associated with a primary application. The enterprise application management server (510) may receive information associated with a triggering event that occurred in the primary application. The enterprise application management server (510) may determine a particular secondary application from the one or more secondary applications based on the received information associated with the triggering event. Accordingly, the enterprise application management server (510) may cause to display the particular secondary application simultaneously with the primary application on the screen of the mobile device.
Methods, systems, and computer-readable media for secure offline transmission of a plurality of data segments from a sending device to one or more receiving devices. The sending device and the one or more receiving devices may communicate via an offline local network. A secure, encrypted container may be created at the receiving device to temporarily cache the received data segments one at a time and the encrypted storage container prevents access by one or more applications of the receiving device to data stored therein based on storage instructions from the sending device. The encrypted container may be configured to store the data segments such that less than all of the data segments are stored at the receiving device at any one time.
H04L 67/1097 - Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
H04L 67/568 - Storing data temporarily at an intermediate stage, e.g. caching
Methods and systems for predictive execution of microservices. Execution of an application program interface request may entail execution of a plurality of microservices in a series. An events message may be transmitted to an events queue corresponding to the API request. The message may be based on an operating status of one or more microservices. Based on the events message, one or more of the microservices in the series may be configured to perform early execution steps before receiving an internal message from a previous microservice in the series. Such early execution steps may comprise authenticating a user and/or a microservice, retrieving and/or caching data, or the like. The one or more of the microservices may perform subsequent execution steps after receiving an internal message from a previous microservice in the series.
Systems and methods for detecting attacks using a handshake request are provided. A plurality of devices can receive a plurality of handshake requests to establish TLS connections that include a respective application request. At least one of the plurality of handshake requests can include a first application request. The plurality of devices can record each of the respective application requests to a registry of application requests. A first device of the plurality of devices can receive a subsequent handshake request to establish a subsequent TLS connection that includes the first application request. The first device can query, prior to accepting the first application request, the registry for the first application request. The first device can determine whether to accept or reject the first application request responsive to identifying from the query that the first application request has not been or has been recorded in the registry.
A client computing device includes a display, an embedded browser and a processor. The embedded browser accesses a web application that requires data to be entered by a user. The processor cooperates with the embedded browser to display on the display a web page from the web application, with the web page including a form requiring data to be entered by the user. The form is analyzed by the processor to generate an overlay, with the overlay being separate from the web application. The processor is further configured to display the overlay over the form to assist with the user entering the required data, collect the data entered by the user into the overlay, and populate the form on the displayed web page based on the collected data.
A computing system includes a client device and a form template server. The client device has a display associated therewith to display an application page from an application, and generate a screenshot of the form. The application page includes a form requiring data to be filled in by a user. The form template server compares a form template extracted from the screenshot to a private form template database for a match. The private form template database includes private form templates from different applications, with each private form template having user data associated therewith previously filled in for the user. The client device then populates the form on the display with the data from the matched private form template.
Systems and methods for applying an application layer policy to a transport layer security request are provided. A device, intermediary to one or more clients and one or more servers, can receive a transport layer security (TLS) request to establish a TLS connection between a client of the one or more clients and a server of the one or more servers. The TLS request can include an application layer request to a resource of the server. The device can apply an application layer policy to the application layer request of the TLS request. The device can determine, responsive to applying the application layer policy, whether to one of accept or reject at least the application layer request of the TLS request.
A method of dynamically controlling use of a shared computing resource by a set of virtual-computing sessions of a client computing device includes state identification operations on per-virtual-channel event data to identify activity states of virtual channels of the sessions, performing a resource allocation operation on activity state data including (i) accumulating activity state data for all virtual channels of each session to produce per-session activity values, and (ii) using the per-session activity values to generate resource usage control signals representing a target pattern of use of the shared computing resource by the sessions based on their activity values. An enforcement operation uses the resource usage control signals to establish the target pattern of use of the shared resource of the sessions.
A computer system may include at least one client computing device, and a plurality of host computing devices each configured to provide virtual computing sessions for the at least one client computing device. Each host computing device may have a virtual delivery agent (VDA) associated therewith configured to connect the at least one client computing device with the virtual computing sessions. The at least one client computing device may be configured to request virtual computing sessions from the VDAs in accordance with an ordered list of the VDAs. The VDAs may be configured to re-direct new session requests from the at least one client computing device to a lower VDA in the ordered list when an existing virtual computing session is already active with the host computing device associated with the lower VDA.
Embodiments described include systems and methods for generating and displaying live tiles for network applications. A small icon or thumbnail-like visual, referred to generally as a "live tile" or "tile", may be provided via a user interface to a user, with the tile displaying key relevant information from the application or network resource, without the user having to launch the complete application or manually access the resource. The contents of the live tile may be periodically and automatically updated, including performing authentication processes necessary to access the application or resource.