Data quality awareness in security analytics solutions is provided. A system can include one or more processors, coupled to memory. The system can receive a data set comprising one or more events generated for interactions between a plurality of computing devices that execute applications over a network. The system can select a field in the one or more events of the data set that impacts an action performed with the data set based on a model trained via machine learning with a historical data set of events generated for interactions between computing devices. The system can determine a data quality score based on values of the field in the one or more events of the data set. The system can provide an indication of performance of the action with the data set based on a comparison of the data quality score with a threshold.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
According to one aspect, a method can include: receiving, by a computing device, historical data for an organization having a plurality of host machines that can be selectively powered on to provide capacity for hosting computing sessions; receiving, by a computing device, a configuration value of the organization indicating a probability that there will be available capacity when new computing sessions are initiated; determining, by the computing device, capacities needed to satisfy the probability at different points in time based on the historical data; and auto-scaling the host machines at one or more times according to the determined capacities.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
3.
PROVIDING REMOTE ACCESS AND PACKET RETRANSMISSION VIA THIRD PARTY NETWORKS
The present solution provides systems and methods for providing remote access and packet retransmission via third party networks. A device can receive a client request to establish a session with a virtual server. The client and the virtual server can communicate using a presentation services protocol over a lower-level protocol. The device can select a node on a network to use for the session between the client and the virtual server. The device can cause an installation of one or more network stacks on the node, the one or more network stacks configured to communicate with the client and the virtual server using the presentation services protocol over the lower-level protocol and to handle retransmissions of packets between the client, the node, and virtual servers. The device can cause each of the client and the virtual server to establish the session via the node.
A method of troubleshooting an application includes receiving, from an analytics engine, data representing a performance metric of the application and a tenant identifier associated with the application; sending, to the analytics service, a request to receive at least one user identifier associated with the tenant identifier; receiving, from the analytics service, at least one user identifier; selecting, from a database, a message based at least in part on the performance metric of the application; and sending the message to the application associated with the at least one user identifier.
A client computing device includes a display and a processor coupled to the display. The processor operates a browser to access a store providing resources that are available. The available resources are displayed within a web page on a display. A launch message is generated in response to one of the resources being selected. An extension cooperating with the browser is operated to append a store ID identifying the store to the launch message. An adapter is operated to receive from the extension the launch message with the store ID, and assign a native messaging host process to the store. The native messaging host process is external the extension and supports communications with a native app on the client computing device. The native app is used to initiate launch of the selected resource.
Systems and methods for key performance benchmarking may include receiving for a plurality of client devices of a tenant, a duration for performing a plurality of actions to log into a resource. The systems and methods can include determining metrics for each action of the plurality of actions. The systems and methods can include generating, by the one or more processors, one or more recommendations corresponding to at least one action of the plurality of actions, to reduce the duration to log into the resource.
G06F 11/34 - Enregistrement ou évaluation statistique de l'activité du calculateur, p.ex. des interruptions ou des opérations d'entrée–sortie
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 9/50 - Allocation de ressources, p.ex. de l'unité centrale de traitement [UCT]
Described embodiments provide systems and methods for intelligent load balancing of hosted sessions. A processor can determine a plurality of metrics for each of a plurality of machines configured to connect client devices with hosted sessions. The processor can receive, from a client device, a request to establish a connection with one of the plurality of machines to access a hosted session. The processor can determine a score for each of the plurality of machines based at least on the plurality of metrics for each of the plurality of machines. The processor can select a machine from the plurality of machines as a function of the score and a resource cost of the machine. The processor can cause the client device to connect to the selected machine for the hosted session.
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p.ex. la mémoire disponible ou la charge de travail
H04L 47/125 - Prévention de la congestion; Récupération de la congestion en équilibrant la charge, p.ex. par ingénierie de trafic
H04L 67/1029 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour accéder à un serveur parmi une pluralité de serveurs répliqués en utilisant des données liées à l'état des serveurs par un répartiteur de charge
8.
RECOMMENDING NETWORK SECURITY RULE UPDATES BASED ON CHANGES IN THE NETWORK DATA
The present solution provides systems and methods for recommending updated network security rules based on changes in the network data. The present solution can use a rule identifying an entity, an attribute of the entity and a value of the attribute. The solution can detect, responsive to monitoring the network environment, a change in one of the entity, the attribute or the value. The solution can generate, responsive to the detection, an updated rule. The solution can apply the updated rule to previous network traffic to which the rules was applied. In response to determining that effectiveness of the updated rule is greater than that of the prior rule, the solution can provide a recommendation to use the updated rule.
Systems and methods for autonomous program signature generation may include one or more processor(s) that identify a client device executing an autonomous program based at least on traffic from a plurality of client devices. The processor(s) may classify the autonomous program into one or more classifications based on an attribute of the autonomous program. The processor(s) may store an association between the autonomous program and the one or more classifications. In some implementations, the processor(s) may receive a plurality of entries over a time window, corresponding to associations between respective autonomous programs executing on client devices and classification(s) of the autonomous program. The processor(s) may identify one or more features for a respective user agent corresponding to the autonomous program and a corresponding classification of the autonomous program. The processor(s) may train a machine learning model using the one or more features for each entry and the corresponding classification.
One disclosed method involves storing, in a storage medium, at least a first keyword corresponding to content of a video, after storing the first keyword, receiving, via a video playback application, an indication that playback of the video is initiated, in response to receipt of the indication, retrieving the first keyword from the storage medium, querying at least one data source for information corresponding to the first keyword, and causing a client device to display a representation of the information.
A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to deploy public key enumeration code and private key enumeration code to a plurality of endpoint devices for execution on the endpoint devices. The at least one processor is further configured to collect public keys and associated public key metadata from the endpoint devices, and to collect private key metadata from the endpoint devices. The public keys and associated public key metadata are generated by the public key enumeration code and the private key metadata is generated by the private key enumeration code. The at least one processor is further configured to generate a graph illustrating trust relationships between user accounts on the endpoint devices. The graph is based on the collected public keys, the collected public key metadata, and the collected private key metadata.
H04L 9/30 - Clé publique, c. à d. l'algorithme de chiffrement étant impossible à inverser par ordinateur et les clés de chiffrement des utilisateurs n'exigeant pas le secret
G06F 16/901 - Indexation; Structures de données à cet effet; Structures de stockage
Methods and systems for performing one or more path selection processes that determine connection conditions and send the data via established, multi-path, connections are described herein. The one or more path selection processes may be performed in a remote computing environment where the established, multi-path, connections are between two endpoint devices and are available to communicate data for a remote application and/or a remote desktop. Based on the one or more path selection processes, data for the remote application and/or the remote desktop may be sent via a connection that differs from connection assignments that were configured when the connections were initially established. Additionally, as part of the one or more path selection processes, routing information that indicates a routing path may be inserted into data sent via the connections. An intermediary device may be caused to route the data according to the routing path indicated by the routing information.
Described embodiments provide systems and methods for determining a scale for buffers of a session. A device may identify a round trip time (RTT) of a session with a client for which one or more of a plurality of buffers are provided. The device may detect an indication in advance of an activity on the client to access through the session. The device may determine, responsive to detecting the indication, a scale based at least on a type of the activity. The device may set a number for the plurality of buffers to provide for the session in accordance with the scale and the RTT.
H04L 47/283 - Commande de flux; Commande de la congestion par rapport à des considérations temporelles en réponse à des retards de traitement, p.ex. causés par une gigue ou un temps d'aller-retour [RTT]
14.
SYSTEMS AND METHODS FOR MANAGING AUTOSCALED USER SPACE NETWORKING STACK
Managing an autoscaled user space networking stack is provided. A cluster of containers are disposed in a userspace separate from a kernel space of a device. Each container in the cluster of containers can execute a respective one of a plurality of virtual functions, for a network interface card of the device, to cause packets received by the device to bypass the kernel space. The device can forward, via a load balancing technique, a packet received by the device to a container in the cluster of containers. The container can execute a virtual function of the plurality of virtual functions. The device can update a queue for a core managed by the virtual function. The update can cause the core to process the packet in accordance with the queue.
A system and method for estimating text intelligibility for content provided by a computing resource. A method includes obtaining a text object from a computing resource, the object being configurable for display on at least one client device. Analyzing the text object for intelligibility, including: applying a weight to each character in the text object based on modeled Unicode weights, the modeled Unicode weights being determined from an analysis of a set of domain resources; determining a total weight for the text object based on the weight applied to each character; determining a viability rate for words in the text object; and generating an intelligibility analysis for the text object based on the total weight and viability rate; and effectuating an operational change at the computing resource based on the intelligibility analysis.
Described embodiments provide systems and methods for automatic cluster scaling. A processor can receive a metric of a first metric type for a cluster of computing devices and an identification of a version of an application and. The processor can aggregate a metric of the first metric type for the version of the application and the metric for the cluster of computing devices to establish an third metric. The processor can determine the third metric exceeds a threshold for the first metric type for the cluster of computing devices, the threshold proportional to a capacity of the cluster of computing devices for the first metric type. The processor can increase a size of the cluster of computing devices.
A computing system is disclosed in which messages sent via one or more collaboration applications can be directed to an account of a web portal, rather than to another collaboration application, and an individual can be supplied with one or more access credentials to enable that individual to access such messages, and possibly also respond to received messages and/or initiate messages to one or more users of the one or more collaboration application, via the web portal.
H04L 51/224 - Surveillance ou traitement des messages en fournissant une notification sur les messages entrants, p.ex. des poussées de notifications des messages reçus
H04L 51/42 - Aspects liés aux boîtes aux lettres, p.ex. synchronisation des boîtes aux lettres
H04L 51/56 - Messagerie unifiée, p.ex. interactions entre courriel, messagerie instantanée ou messagerie IP convergente [CPM]
18.
CORRELATING SESSION FAILURES WITH APPLICATION FAULTS FROM APPLICATION UPGRADES
Described herein are systems and methods for determining an upgrade to an application as a cause of a failure in a session. A device may detect a failure in a session via which a client is accessing a first version of an application. The device may identify, in response to detecting the failure, first performance metrics for the first version of the application and second performance metrics for a second version of the application. The device may determine, based at least on the failure, the first performance metrics, and the second performance metrics, that an upgrade to the application to the first version from the second version is a cause of the failure in the session. The device may store an association between the first version of the application and the determination that the upgrade is the cause of the failure in the session.
In one aspect, an example methodology implementing the disclosed techniques can include, by a computing device, determining a topic of an electronic messaging session and determining whether a message including an image is being sent within the messaging session. The method can also include, responsive to a determination of a sending of a message including an image within the messaging session, by the computing device, determining contents of the image associated with the topic of the messaging session, generating a thumbnail image to include the contents of the image associated with the topic of the messaging session, and sending the generated thumbnail image with the message to another computing device. The another computing device can be a client associated with a recipient of the message.
G06V 10/24 - Alignement, centrage, détection de l’orientation ou correction de l’image
G06V 20/70 - RECONNAISSANCE OU COMPRÉHENSION D’IMAGES OU DE VIDÉOS Éléments spécifiques à la scène Étiquetage du contenu de scène, p.ex. en tirant des représentations syntaxiques ou sémantiques
Methods and systems for establishing trust in certificates based on remote user sessions are described herein. A computing device may establish, via a gateway, one or more remote user sessions of virtualized application, cloud-based applications, and/or remote desktops. The computing device may initiate an establishment process for a secure connection with a secure server. The computing device may, as part of the establishment process, may receive a certificate for the secure server. The computing device may locally determine whether the certificate is trusted. If the certificate is not trusted, the computing device may select a remote user session to perform a remote attempt for determining trust in the certificate. The computing device may send the certificate to the selected remote user session and may receive data indicating a result of the remote attempt. The computing device may determine whether the certificate is trusted by the remote attempt.
A computing system includes a virtual server to provide a remote desktop session that includes at least one remote app configured to generate notification sounds, and a client computing device to provide a local desktop session that includes at least one local app configured to generate notification sounds. The client computing device accesses the remote desktop session and launches one of the remote apps, and launches one of the local apps. The launched local app is the same as the launched remote app. The local and remote desktop sessions include respective local and remote sound controllers to intercept notification sounds generated by the local and remote apps. The local and remote sound controllers operate based on predetermined muting criteria so that one of the notification sounds is muted to avoid duplicated app notification sounds.
H04L 65/1089 - Procédures en session en supprimant des médias
H04L 65/80 - Dispositions, protocoles ou services dans les réseaux de communication de paquets de données pour prendre en charge les applications en temps réel en répondant à la qualité des services [QoS]
22.
SESSION PRESERVATION FOR AUTOMATED POWER MANAGEMENT
According to one aspect of the disclosure, a method comprises: receiving, by a first computing device, information about one or more applications running on a second computing device, the second computing device being one of a plurality of computing devices managed by the first computing device; determining, by the first computing device, whether to power down the second computing device based at least on an analysis of the information about the one or more applications; and responsive to a determination to shutdown the second computing device, sending, by the first computing device, a command to shutdown the second computing device, wherein the second computing device is configured to save state of the one or more applications to a storage device accessible to the plurality of computing devices.
G06F 1/3206 - Surveillance d’événements, de dispositifs ou de paramètres initiant un changement de mode d’alimentation
G06F 1/3287 - Gestion de l’alimentation, c. à d. passage en mode d’économie d’énergie amorcé par événements Économie d’énergie caractérisée par l'action entreprise par la mise hors tension d’une unité fonctionnelle individuelle dans un ordinateur
23.
EXPOSING STANDARDIZED EVENTS WITHIN AN API PROXY SYSTEM
In one disclosed embodiment, a computing system may receive, at a first application programming interface (API) endpoint, a first request for a first operation. The computing system may send, to a second API endpoint, a first API call requesting the first operation. In response to sending the first API call, the computing system may receive a first response to the first API call. The computing system may determine that at least one characteristic of the first request or the first response satisfies a criterion. The computing system may detect a first event based on the first request or the first response satisfying the criterion. The computing system may generate a first indication of the first event.
Methods, systems, and computer readable media for deploying an implementing scan functionality for virtual sessions are described herein. A user device may include a user device display and may be configured to access a virtual session. The user device may further be configured to present an identity code that includes identity information that is associated with a scan session and virtual session. A mobile device may include a camera, and may be configured to detect a user selection of a scan option within a client agent. The mobile device may further be configured to capture the identity code presented by the user device. The mobile device may capture with the camera one or more images as scan items. The mobile device may send, to a server associated with the virtual session, the scan items, and the identity information. The server may place the scan items in the virtual session.
One disclosed method involves detecting a request to download a file, via a network, to a first storage medium associated with a client device, and determining that the file is potentially sensitive. The method further involves initiating a process to download the file to a second storage medium rather than the first storage medium based at least in part on the file being potentially sensitive.
A system and method for initializing a virtual machine (VM) image is provided. The method includes steps of retrieving identity data from a metadata service implemented by a cloud environment; obtaining, from the cloud environment, a virtual identity disk assigned to a VM; and writing the identity data to the virtual identity disk assigned to the VM. The method may further comprise encrypting the identity data with a data encryption key (DEK) or a public key of a virtual trusted platform module (vTPM) responsive to the vTPM being available.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
27.
User Interface Activation in a Secure Network System
A process and system for improving a user experience when using remote browser applications is provided. While a remote browser application is being activated, including establishing an appropriate communication channel and launching the application, pre-cached content may be provided to the client device and user for immediate display and user interaction. User interaction with the pre-cached content may be recorded and stored and transferred to the remote browser application and live content upon completion of the remote browser application and session activation. In some examples, pre-caching the content may include retrieving the content from the content source and removing and/or adding code and data to one or more content files. The cached content may be updated based on various criteria.
H04L 41/22 - Dispositions pour la maintenance, l’administration ou la gestion des réseaux de commutation de données, p.ex. des réseaux de commutation de paquets comprenant des interfaces utilisateur graphiques spécialement adaptées [GUI]
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p.ex. protocole de transfert de fichier [FTP]
28.
EVALUATING THE QUALITY OF INTEGRATIONS FOR EXECUTING SEARCHES USING APPLICATION PROGRAMMING INTERFACES
In one disclosed embodiment, a computing system may receive a request to test accuracy of a search integration component for a system of record. The computing system may determine that a test corpus of files has been stored by the system of record. In response to the request, the computing system may send, to an API endpoint, an API call corresponding to a search query identified in a judgment list, the judgment list including data indicating a relevancy of files of the test corpus to the search query. The computing system may receive, from the search integration component, an API response to the API call, the API response identifying files stored by the system of record. The computing system may determine an accuracy score for the search integration component based on the judgement list and the files identified in the API response.
A computing system includes first and second client computing devices accessing a communications network to establish a communications session. The first client computing device operates an audio analysis agent to determine network latency within the communications session based on communications with an audio analysis agent in the second client computing device. In response to the network latency exceeding a latency threshold, audio input from a user of the first client computing device is analyzed to determine a speaking status of the user. The audio analysis agent generates an indicator command message for the second client computing device based on the determined speaking status of the user. The second client computing device displays an indicator based on the indicator command message indicating when a user of the second client computing device can speak to avoid speech confliction with the user of said first client computing device.
G08B 5/36 - Systèmes de signalisation optique, p.ex. systèmes d'appel de personnes, indication à distance de l'occupation de sièges utilisant une transmission électromécanique utilisant des sources de lumière visible
G10L 25/87 - Détection de points discrets dans un signal de voix
30.
LOCATION-BASED PROXY FOR VIRTUAL MEETING OPTIMIZATION
Methods and apparatus for improving performance in a virtual meeting session in a distributed workspace system. One example of such a method includes acts of launching the virtual meeting session on a computing device of a first meeting participant, establishing a first connection between the computing device and a virtual meeting server, monitoring network latency conditions in the first network connection, upon determining that the network latency conditions exceed a predetermined threshold, selecting a proxy agent and establishing a second network connection between the computing device and the proxy agent, and establishing a third network connection between the virtual meeting server and the proxy agent to connect the computing device to the virtual meeting server through the proxy agent.
In some implementations, there may be provided a computer-implemented method that includes detecting, using at least one processor, a first action being executed on a data in a source computing application; determining, using the at least one processor, a source color theme associated with at least one of the source computing application and the data; determining, using the at least one processor, a destination color theme associated with a destination computing application, the destination computing application being communicatively coupled to the source application; comparing, using the at least one processor, the source color theme and the destination color theme; and executing, using the at least one processor, a second action on the data in the destination computing application based on the comparison of the source color theme and the destination color theme. Related systems, methods, and articles of manufacture are also disclosed.
A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to detect triggering of one or more threat detectors and activate a subset of nodes associated with the triggered threat detectors from a plurality of nodes in a Bayesian network in response to the detection. The at least one processor is further configured to determine that feedback associated with the triggered threat detectors is available and, if so, accumulate the feedback to a feedback node of the network, the feedback node associated with the triggered threat detectors. The at least one processor is further configured to calculate a probability of malicious action using the network to combine probabilities associated with the activated subset of nodes and the feedback node, determine that the probability exceeds a threshold value, and perform a security action in response to the determination.
A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to detect triggering of one or more threat detectors. The at least one processor is further configured to activate a subset of nodes from a plurality of nodes in a Bayesian network in response to the detection, the activated subset of nodes associated with the triggered threat detectors. The at least one processor is further configured to calculate a probability of malicious action using the Bayesian network to combine probabilities associated with the activated subset of nodes. The at least one processor is further configured to determine that the probability exceeds a threshold value. The at least one processor is further configured to perform a security action in response to the determination.
Methods and systems for managing virtual machines are described herein. A virtualization computing platform may host a plurality of virtual machines comprising. The platform may detect that the first user device is disconnected from the first virtual machine and determine, using a machine learning model, that the first virtual machine, during a time period while the user device is disconnected, is in an idle state. The platform may obtain, based on the determination that the first virtual machine is in the idle state, a snapshot of the first virtual machine and cease hosting the first virtual machine. If the platform receives a request from a second user device associated with the same user account to continuing using the virtual application executed previously by the first virtual machine, the platform may establish a second virtual machine and load, to memory of the second virtual machine, information associated with the snapshot.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
The present solution provides systems and methods for establishing and implementing a hostname-based split tunneling of client-side network traffic. A driver on a client can receive a first packet of an application that includes a hostname of a destination. The driver can receive from an agent of the client a real IP address and a spoofed IP address corresponding to the hostname, when the hostname matches one of a plurality of hostnames to exclude packet traffic from a VPN tunnel of the agent. The driver can receive from the agent a domain name service (DNS) response that includes the spoofed IP address and send the DNS response to cause the application to include the spoofed IP address in a second packet for the destination.
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
36.
Optimizing selection of zero trust network access cloud edge nodes for internal application delivery
The present solution provides systems and methods for a GSLB service to access a first plurality of measurements of network latency between a plurality of access-points and the first client device and a second plurality of measurements of network latency between the plurality of access-points and one or more of data centers. The GSLB service can receive, from the one or more data centers, health of an application deployed across the one or more data centers. The GSLB service can determine, according to the first plurality of measurements, the second plurality of measurements and the health of the application, a first data center of the one or more data centers and a first access-point of the plurality of access-points. The GSLB service can send, to the first client device, a domain name system (DNS) response identifying the first access-point and the first data center.
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
Methods and systems for enhanced QR code security are described herein. A computing platform may generate a QR code that includes an information code and a server code. The computing platform may split the QR code into first and second portions, where the first portion includes at least the server code. The computing platform may send, to a QR display device, the first portion for display. The computing platform may receive, from a user device, authentication credentials and a request for the second portion, sent to the computing platform based on identification of the computing platform through scanning, by the user device, the server code at the QR display device. The computing platform may send, based on validating the authentication credentials and to the user device, the second portion, where the user device is configured to re-assemble the QR code based on the first and second portions.
G06K 19/06 - Supports d'enregistrement pour utilisation avec des machines et avec au moins une partie prévue pour supporter des marques numériques caractérisés par le genre de marque numérique, p.ex. forme, nature, code
G06F 21/30 - Authentification, c. à d. détermination de l’identité ou de l’habilitation des responsables de la sécurité
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A privilege management method includes receiving, from a first user via a privileges plugin, a request to recommend a candidate to perform a task on behalf of the first user; calculating, responsive to the request to recommend the candidate, a recommendation score for each of a plurality of second users based on a position level score, a capability level score, a task similarity score, and a familiarity score; and sending a list of recommended candidates to the first user via the privileges plugin, where the list of recommended candidates includes at least one of the second users for which the recommendation score is greater than a threshold score.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
39.
SECURE INPUT METHOD EDITOR FOR VIRTUAL APPLICATIONS
In one aspect, an example methodology implementing the disclosed techniques may include, by a first computing device, detecting a text input to a user interface (UI) element of an application executing on the first computing device and, responsive to the detection of the text input, sending a request for text candidates associated with the text input to a second computing device. The method may also include, responsive to sending the request, receiving, by the first computing device from the second computing device, a list of one or more text candidates associated with the text input. The method may further include presenting, by the first computing device, the list of one or more text candidates in a composition window, the composition window being part of an input method editor (IME) executing on the first computing device, the composition window displayed on a screen of the first computing device.
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
A system and method for dynamically transforming email signatures. A method includes: receiving an email from an email client prior to delivery to an intended recipient, the email including an original signature; analyzing the email to obtain information associated with the intended recipient of the email; predicting a preferred language of the intended recipient based on the information; converting the original signature to a revised signature, wherein the revised signature utilizes the preferred language; and forwarding the email with the revised signature to the intended recipient.
H04L 51/07 - Messagerie d'utilisateur à utilisateur dans des réseaux à commutation de paquets, transmise selon des protocoles de stockage et de retransmission ou en temps réel, p.ex. courriel caractérisée par l'inclusion de contenus spécifiques
H04L 51/21 - Surveillance ou traitement des messages
H04L 51/42 - Aspects liés aux boîtes aux lettres, p.ex. synchronisation des boîtes aux lettres
41.
VIRTUAL DESKTOP SCREEN SHARING WITH MULTIPLE SHARERS IN A COLLABORATION SESSION
A computing system includes a virtual server providing first and second virtual desktops. A first client computing device accesses the first virtual desktop via a communications network, and shares content of the first virtual desktop as a screen sharer in a collaboration session. A second client computing device accesses the second virtual desktop via the communications network, and displays content of the second virtual desktop in a virtual desktop window. The second client computing device participates in the collaboration session as a screen viewer, and receives the shared screen content of the first virtual desktop. The shared screen content is displayed by the second client computing device in a shared screen window, with the shared screen window being separate from the virtual desktop window.
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
H04L 65/401 - Prise en charge des services ou des applications dans laquelle les services impliquent une session principale en temps réel et une ou plusieurs sessions parallèles additionnelles en temps réel ou sensibles au temps, p.ex. accès partagé à un tableau blanc ou mise en place d’une sous-conférence
Methods and systems for handling of invalid state parameters during authentication are described herein. A computing device may receive, from a web browser executing on a user device, first data. That data may comprise an indication of authentication of authentication credentials and a first state parameter. Based on that first state parameter being invalid, the computing device may generate a new state parameter and redirect the web browser to a web page associated with an identity provider application. The computing device may then receive, from the web browser, an indication of authentication of a cookie and the new state parameter. The computing device may provide, to the user device, access to one or more services.
Device access control can be implemented on a protected device to determine, based on a user input to the device, that a timeout threshold has been exceeded and to cause, in response to determining that the timeout threshold has been exceeded, an application graphical user interface (GUI) on the device to remove or blank content, such as text, images, or graphics, from the application window. The removal or blanking of the content can be performed on a window-by-window basis; that is, content is removed only from application windows of applications that are protected by an associated application protection policy. In some examples, the application protection policy can be established by an administrator of a digital workspace within which the protected application executes. Such a digital workspace can be implemented via a type of virtual processing environment that can be accessed via client computing devices.
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
G06F 3/0484 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] pour la commande de fonctions ou d’opérations spécifiques, p.ex. sélection ou transformation d’un objet, d’une image ou d’un élément de texte affiché, détermination d’une valeur de paramètre ou sélection d’une plage de valeurs
44.
Centralization of Authentication Servers for Different Resource Servers
Methods and systems for centralizing disparate authentication servers using scopes are described herein. A computing device may receive, from a client device, a first access request comprising authentication credentials and first scope data. The computing device may then send, to at least one first authentication server associated with the at least one first resource server, a first token request. The computing device may then receive a first token and provide that token to the client device. The computing device may then receive, from the client device, a second access request comprising second scope data. The computing device may send, to at least one second authentication server associated with the at least one second resource server, a second token request. The computing device may then receive a second token and provide that token to the client device.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p.ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
45.
SYSTEMS AND METHODS FOR SCHEDULING MULTIPLE PARTICIPANT TASKS
In one aspect, an example methodology implementing the disclosed techniques can include, by a computing device, identifying a task from a plurality of tasks that need to be scheduled and determining other tasks associated with participants associated with the task. The method may also include, by the computing device, determining one or more periods of time when the participants associated with the task are unavailable and determining one or more candidate time slots for the task based on time slots for which the other tasks are scheduled and the one or more periods of time when the participants associated with the task are unavailable. The method may further include, by the computing device, scheduling the task to be performed during one of the determined one or more candidate time slots.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
A task management process includes receiving, by a processor and from a task management service, one or more tasks to be performed by a user; computing, by the processor, a task score for each of the one or more tasks to be performed by the user; determining, by the processor, a mood status associated with the user; comparing, by the processor, the mood status to the task score for each of the one or more tasks to be performed by the user; determining, by the processor and based on the comparison, a recommended task from among each of the one or more tasks to be performed by the user; and sending, by the processor, the recommended task to the task management service for display to the user.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G16H 20/70 - TIC spécialement adaptées aux thérapies ou aux plans d’amélioration de la santé, p.ex. pour manier les prescriptions, orienter la thérapie ou surveiller l’observance par les patients concernant des thérapies mentales, p.ex. la thérapie psychologique ou le training autogène
A61B 5/16 - Dispositifs pour la psychotechnie; Test des temps de réaction
A61B 5/00 - Mesure servant à établir un diagnostic ; Identification des individus
47.
INACTIVITY LOGOFF ADJUSTMENT BASED ON SCHEDULED EVENTS
Systems and methods for inactivity logoff adjustment based on scheduled events are provided. A device can include one or more processors, coupled to memory. The device can detect a condition to terminate, at a first timestamp, a computing session established by the one or more processors. The device can identify, responsive to detection of the condition and prior to termination of the computing session, an event for execution in the computing session at a second timestamp subsequent to the first timestamp. The device can provide, based on a difference between the second timestamp and the first timestamp less than or equal to a threshold, a user interface element configured to extend the computing session to at least the second timestamp.
H04L 67/54 - Gestion de la présence, p.ex. surveillance ou enregistrement pour la réception des informations de connexion des utilisateurs ou état de connexion des utilisateurs
In one aspect, an illustrative methodology implementing the disclosed techniques includes, by a computing device, receiving input via an application of the computing device, the input to initiate navigation to an electronic resource, and determining that navigation to the electronic resource via the application is insecure. The method also includes, by the computing device, responsive to the determination that the navigation is insecure, modifying the navigation to the electronic resource so as to prevent navigation to the electronic resource via the application.
A method, a system, and a computer program product for managing multimedia streams of user devices. A reproduction of one or more multimedia streams on a first computing device is determined. A location of a second computing device being positioned in an area enclosed by one or more boundaries in a plurality of boundaries is detected. Each boundary in the plurality of boundaries is associated with a predetermined type of a multimedia stream in one or more multimedia streams. At least one of a pausing and an unpausing of the reproduction of one or more multimedia streams on the first computing device based on the detected location of the second computing device is executed.
H04N 21/218 - Source du contenu audio ou vidéo, p.ex. réseaux de disques locaux
H04L 65/61 - Diffusion en flux de paquets multimédias pour la prise en charge des services de diffusion par flux unidirectionnel, p.ex. radio sur Internet
50.
SYSTEMS AND METHODS FOR MANAGING STREAMS OF PACKETS VIA INTERMEDIARY DEVICES
Virtual application and desktop delivery may be optimized by supplying application metadata and user intent to the device between a client and a server hosting resources for the delivery. The data packets used to deliver the virtual application or desktop may be also tagged with references to the application. By supplying the metadata and tagging packets with the metadata, an intermediary network device may provide streams of data packets at the target QoS. In addition, the device may apply network resource allocation rules (e.g., firewalls and QoS configuration) for redirected content retrieved by the client out of band relative to a virtual channel such as the Internet. The network resource allocation rules may differ for different types of resources accessed. The device may also control a delivery agent on the server to modify communication sessions established through the virtual channels based on network conditions.
H04L 47/2441 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS en s'appuyant sur la classification des flux, p.ex. en utilisant des services intégrés [IntServ]
H04L 47/78 - Architectures d'allocation des ressources
H04L 47/80 - Actions liées au type d'utilisateur ou à la nature du flux
H04L 47/2475 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS pour la prise en charge des trafics caractérisés par le type d'applications
H04L 47/74 - Mesures pour pallier la non-disponibilité des ressources
H04L 47/76 - Contrôle d'admission; Allocation des ressources en utilisant l'allocation dynamique des ressources, p.ex. renégociation en cours d'appel sur requête de l'utilisateur ou sur requête du réseau en réponse à des changements dans les conditions du réseau
H04L 47/70 - Contrôle d'admission; Allocation des ressources
H04L 47/24 - Trafic caractérisé par des attributs spécifiques, p.ex. la priorité ou QoS
H04L 47/31 - Commande de flux; Commande de la congestion par marquage de paquets, p.ex. en utilisant des bits d'éligibilité de rejet [DE]
H04L 69/22 - Analyse syntaxique ou évaluation d’en-têtes
In one aspect, an example methodology implementing the disclosed techniques can include, by a computing device, receiving input events from a remote computing device, ones of the input events having an input event position associated with a position on a screen of the computing device being shared during a screen sharing session and, responsive to a determination that a first input event position of a first one of the input events is within a protected region of the shared screen, preventing the first one of the input events from being applied to the shared screen. The method can also include, by the computing device, responsive to a determination that a second input event position of a second one of the input events is not within the protected region of the shared screen, applying the second one of the input events to the shared screen.
G06F 3/14 - Sortie numérique vers un dispositif de visualisation
G06F 21/83 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs de saisie de données, p.ex. claviers, souris ou commandes desdits claviers ou souris
G06F 21/84 - Protection des dispositifs de saisie, d’affichage de données ou d’interconnexion dispositifs d’affichage, p.ex. écrans ou moniteurs
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
A computer system configured to determine safety of a suspected website is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to receive a request to visit the suspected website; send an incorrect password to the suspected website; receive a reply from the suspected website; and determine, based on the reply to the incorrect password, whether to execute a precautionary operation. The system may proceed with the request responsive to the reply including an error notification, as identified based on one or more of: a Document Object Model (DOM) tag; a re-appearance of a sign-in control; or an Application Programming Interface (API) call. Alternatively, the system may abandon the request responsive to the reply being affirmative, for example including a prompt or input field for a one-time password.
G06F 21/53 - Contrôle des usagers, programmes ou dispositifs de préservation de l’intégrité des plates-formes, p.ex. des processeurs, des micrologiciels ou des systèmes d’exploitation au stade de l’exécution du programme, p.ex. intégrité de la pile, débordement de tampon ou prévention d'effacement involontaire de données par exécution dans un environnement restreint, p.ex. "boîte à sable" ou machine virtuelle sécurisée
53.
OPTIMIZING DATA STORAGE ACROSS MULTIPLE CONTENT REPOSITORIES
In one disclosed embodiment, a computing system may instruct a first content repository to store a first part of a file but not a second part of the file, the first content repository being associated with a first internet protocol (IP) address, and may instruct a second content repository to store the second part of the file but not the first part of the file, the second content repository being associated with a second IP address that is different than the first IP address. In response to the computing system receiving a request for the file from a client device, the computing system may instruct the client device to retrieve the second part of the file, but not the first part of the file, from the second content repository using the second IP address.
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p.ex. protocole de transfert de fichier [FTP]
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p.ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 67/52 - Services réseau spécialement adaptés à l'emplacement du terminal utilisateur
H04L 67/63 - Ordonnancement ou organisation du service des demandes d'application, p.ex. demandes de transmission de données d'application en utilisant l'analyse et l'optimisation des ressources réseau requises en acheminant une demande de service en fonction du contenu ou du contexte de la demande
54.
COMPUTING SYSTEM AND METHODS FOR PRELAUNCHING APPS IN VIRTUAL COMPUTING SESSIONS
A computing system includes a client computing device to display items in an application window, with at least one of the items having a file attachment that has not been opened by a user of the client computing device. A session broker in communications with the client computing device transmits a prelaunch application message to initiate prelaunch of an application that can be used to open the file attachment. A virtual server in communications with the session broker and the client computing device prelaunches in a virtual session the application that can be used to open the file attachment in response to receiving the prelaunch application message, and hides display of the prelaunched application until the user opens the file attachment.
One disclosed method involves receiving, by a browser and from a first origin, preauthorization data identifying a plurality of other origins that are permitted to send instructions to the browser that cause the browser to access one or more resources at the first origin, determining, by the browser, that data received from a second origin includes a first instruction to access a first resource at the first origin, determining, by the browser, that the second origin is included among the plurality of other origins identified by the preauthorization data, and accessing, by the browser and based at least in part on the second origin being included among the plurality of other origins, the first resource at the first origin based on the first instruction.
According to some embodiments, a method includes: receiving, by a computing device, information about a task of application, the task associated with a project; receiving, by the computing device, information about other tasks of the application including other tasks that have been completed and other tasks that have not been completed; calculating, by the computing device, a start date and an expected effort for the task based on analysis of the information received for the task and the other tasks; and causing, by the computing device, an update within the application to apply the calculated start date and expected effort to the task.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
57.
SYSTEMS AND METHODS FOR ROUTING REMOTE APPLICATION DATA
Systems and methods for a POP recommendation engine include one or more processors which may identify one or more cloud platforms selected from a plurality of cloud platforms for which to rank one or more points of presence (POP) of a plurality of POPs provided by each of the one or more cloud platforms. The processor(s) may receive metrics on performance of accessing one or more networks by devices via each of the one or more POPs of the plurality of POPs across each of the one or more cloud platforms. The processor(s) may determine a ranking of the plurality of POPs across the one or more cloud platforms based on the metrics. The processor(s) may generate a report identifying the rankings for at least the one or more POPs of the plurality of POPs across the one or more cloud platforms.
Described embodiments provide systems and methods of providing accessing to a file. A client device may store a copy of a file. The copy may be generated during active use of the file in which content of the file is accessible by the client device via an application hosted on a remote computing device. Responsive to a loss in connectivity that disrupts the active use of the file, the client device may identify a local application on the client device based at least on a type of the file. The client device may use the identified local application to access the copy of the file stored on the client device and continue the active use of content of the file. Subsequent to restoring the connectivity, the client device may provide the file to the remote computing device for synchronization of the file.
H04L 67/1097 - Protocoles dans lesquels une application est distribuée parmi les nœuds du réseau pour le stockage distribué de données dans des réseaux, p.ex. dispositions de transport pour le système de fichiers réseau [NFS], réseaux de stockage [SAN] ou stockage en réseau [NAS]
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p.ex. protocole de transfert de fichier [FTP]
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
59.
SYSTEMS AND METHODS FOR PREVENTING ONE-TIME PASSWORD PHISHING
Systems and methods for preventing phishing attacks are provided. For example, the computer system includes at least one processor that is configured to recognize a uniform resource locator (URL) to which a web browser is navigating as a URL associated with a website for which phishing protection is to be provided, the recognition based on an absence of the URL from a history of visited URLs for which a user has previously visited, monitor user input into one or more data fields associated with the website, determine whether the user input into the one or more data fields includes automatically generated one-time password (OTP) information by comparing the user input against one or more OTP information characteristics, and perform a security action in response to determining user entry of OTP information.
Systems and methods for indexing to an end-point instance and selecting an owner point of presence (POP) are provided. A system can include one or more processors coupled to memory. The system can receive a request to process a ticket used to authenticate a connection to a session between a client device and one or more servers. The system can locate a plurality of access points across a plurality of groups of access points that each maintain the ticket in storage on the plurality of access points based on a function applied to an identifier of the ticket. The system can provide the request to at least one access point of the plurality of access points located based on the function to perform the process on the ticket.
The present solution provides systems and methods for supporting network communication, including UDP network communication, between clients and servers at data centers, over a cloud VPN. An agent can receive a user datagram protocol (UDP) packet. The agent can generate a header for the UDP packet identifying a destination server at a data center of a plurality of data centers. The agent can establish a channel to a virtual private network (VPN) server of a cloud-based VPN as a service. The agent can encapsulate the UDP packet using the header and transmit, via the channel, the encapsulated UDP packet to the VPN server, the encapsulated UDP packet configured to identify the data center according to a table of the VPN server and content of the header.
H04L 69/16 - Implémentation ou adaptation du protocole Internet [IP], du protocole de contrôle de transmission [TCP] ou du protocole datagramme utilisateur [UDP]
A method may for audio quality verification may include generating a first transcript of a first audio data captured at a first client device engaged in a web conference session with a second client device. A second transcript of a second audio data received and/or output at the second client device may be generated and analyzed relative to the first transcript. In the event an above-threshold difference is detected between the first transcript and the second transcript, a notification may be generated for display at the first client device. The notification may indicate that the audio quality at the second client device fails to satisfy a quality threshold. Moreover, in some cases, the notification may identify portions of the first audio data that was not output at the second client device with sufficient audio quality, thereby enabling a repeat of those portions of the first audio data.
G10L 25/60 - Techniques d'analyses de la parole ou de la voix qui ne se limitent pas à un seul des groupes spécialement adaptées pour un usage particulier pour comparaison ou différentiation pour mesurer la qualité des signaux de voix
H04L 65/403 - Dispositions pour la communication multipartite, p.ex. pour les conférences
G10L 15/22 - Procédures utilisées pendant le processus de reconnaissance de la parole, p.ex. dialogue homme-machine
G06F 40/284 - Analyse lexicale, p.ex. segmentation en unités ou cooccurrence
G10L 15/30 - Reconnaissance distribuée, p.ex. dans les systèmes client-serveur, pour les applications en téléphonie mobile ou réseaux
G10L 15/26 - Systèmes de synthèse de texte à partir de la parole
Methods and systems for selectively capturing screen content are described herein. The projector associated with a plurality of layers may be initiated. The plurality of layers may comprise a surface layer that is a highest layer, a canvas layer that is the lowest layer and backdrop layer that is second lowest layer. Input associated with the positioning of the projector may be received. The portions of content may be determined to be between the surface layer and the backdrop layer and captured.
A contextual authentication method includes receiving a request to launch a web service and causing the web service to be launched on a remote browser. When a security event is detected, a security key obtained, based on a context of a client computing system, from a near-field communication (NFC) device connected to a mobile device. The security key is requested and received from the NFC device via the mobile device. The security key is delivered to the web service via the remote browser.
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
In some embodiments, a method can include: receiving, by a computing device, a plurality of messages, where at least a first one of the plurality of messages is associated with a first application and at least a second one of the plurality of messages is associated with a second application different from the first; receiving, by the computing device, information about one or more scheduled meetings; determining, by the computing device, one or more of the plurality of messages that are associated with a first meeting of the one or more scheduled meetings; and sending, by the computing device, information about the associations of the one or more of the plurality of messages and the first meeting to another computing device to enable the another computing device to display a list of the one or more of the plurality of messages in conjunction with the first meeting.
In one aspect, an example methodology implementing the disclosed techniques includes, by a computing device, responsive to a user requesting authorization to access an application, segmenting a string of content into a plurality of substrings of different lengths, the string of content being an input to access the application. The method also includes, responsive to a determination that data in a first data structure represents a first substring of the plurality, identifying a length of another substring and at least one type of character present within that substring based on the data in the first data structure, determining a risk of unauthorized use of the string of content based on the identified length and the at least one type of character present within that substring, and allowing access to the application using the string of content based on the determined risk.
G06F 21/57 - Certification ou préservation de plates-formes informatiques fiables, p.ex. démarrages ou arrêts sécurisés, suivis de version, contrôles de logiciel système, mises à jour sécurisées ou évaluation de vulnérabilité
Systems and methods for geographically distributed node replication include a first node which receives a message from a client based on a proximity of the first node to the client, the message transmitted to the first node via anycast routing from the client. The first node may replicate the message to a first subset of the geographically distributed system of nodes based on a geographic proximity of nodes within the first subset. The first node may publish the message to a data feed of a message bus for the system of nodes, to cause at least one node of the system of nodes to receive the message from the first node, the at least one node outside the first subset and subscribing to the data feed of the first node.
G06F 16/00 - Recherche d’informations; Structures de bases de données à cet effet; Structures de systèmes de fichiers à cet effet
G06F 16/27 - Réplication, distribution ou synchronisation de données entre bases de données ou dans un système de bases de données distribuées; Architectures de systèmes de bases de données distribuées à cet effet
H04L 67/1008 - Sélection du serveur pour la répartition de charge basée sur les paramètres des serveurs, p.ex. la mémoire disponible ou la charge de travail
H04L 67/1021 - Sélection du serveur pour la répartition de charge basée sur la localisation du client ou du serveur
H04L 67/1095 - Réplication ou mise en miroir des données, p.ex. l’ordonnancement ou le transport pour la synchronisation des données entre les nœuds du réseau
68.
PARTICIPANT ORIENTATION STABILIZATION FOR ONLINE MEETINGS
In one aspect, an example methodology implementing the disclosed techniques can include, by a first computing device, determining a reference image showing (e.g., encoding) an orientation of a user participating in an online meeting and receiving a video stream captured by a camera, the video stream associated with the online meeting. The method can also include, by the computing device, responsive to a determination of a change in the orientation of the user appearing within the video stream, providing modified video stream in which the orientation of the user is adjusted based on the reference image.
A computing device may include a memory and a processor coupled to the memory and configured to collect usage activity data across a plurality of different applications for a plurality of users, and determine different groups of users based upon cluster modeling of the usage activity data. The processor may further determine respective application priorities for the applications for each group of users based upon the usage activity data for the group of users, determine computing resource allocations for the applications of each group of users based upon the application priorities for the group of users, and run applications for the users with the computing resource allocations for the respective group of users applied thereto.
Embodiments described include systems and methods for securely managing browser plugins via embedded browser. The solution enables a client application or embedded browser to dynamically load the browser components into the embedded browser based on a risk or security profile and one or more policies. The policies can be centrally managed to enable only allowed browser components to be loaded within the embedded browser for a given risk profile. Based on the risk profile, a session established by the embedded browser can be transferred from the client application to a hosted browser at a secure server. When the session is transferred to the hosted browser, the present system can also redirect the browser component configurations to the hosted browser such that the same browser components are enabled, disabled, or modified at the hosted browser.
A method may include storing and updating published resource entitlements for a plurality of client devices at a computing device. The method may also include using a plurality of virtual delivery appliances to receive connection requests from the client devices, with the connection requests including connection leases having associated resource entitlements the client devices are respectively permitted to access, and request validation of the connection leases from the computing device. At the computing device, responsive to validation requests from the virtual delivery appliances, the connection leases may be compared to the updated published resource entitlements and validated based thereon. At the virtual delivery appliances, the client devices may be provided with access to virtual sessions corresponding to the published resource entitlements responsive to the virtual session request validations from the computing device.
A computer system is provided. The computer system includes a memory and a processor operably coupled to the memory. The processor is configured to receive a set of rules for generating a workflow that chains one or more tasks associated with one or more applications into the workflow; receive an indication of a task to be completed; generate a task-based workflow for the task to be completed based upon the set of rules, wherein the task-based workflow provides a user with an indication of a task to be completed and which of the one or more applications to use to complete the task; monitor interaction between the user and the task-based workflow; update the task-based workflow to indicate one or more completed tasks based upon the monitored interaction to create an updated workflow; and provide an indication of the updated workflow to the user.
Described embodiments provide systems and methods for updating a SSL certificate. A method can include sending, by a service executable on at least one server, a request to a vault to identify one or more SSL certificates identifiable by a common name, in response to a first request to access an application service. The service may identify a first SSL certificate having a furthest expiration date among the one or more SSL certificates. The service may store the first SSL certificate in a cache, the first SSL to be used to secure a connection to access the application service.
H04L 61/4511 - Répertoires de réseau; Correspondance nom-adresse en utilisant des protocoles normalisés d'accès aux répertoires en utilisant le système de noms de domaine [DNS]
H04L 67/133 - Protocoles pour les appels de procédure à distance [RPC]
74.
Spatial Audio Processing for Electronic Audio Reproduction
Spatial audio processing allows for the replication of real-world audio behavior. In some cases, audio sources may be associated with respective spatial audio areas that define which other individuals or objects are recipients of audio generated by the respective audio source. For example, individuals or objects within a spatial audio area will receive audio generated by an associated audio source, but not individuals or objects outside of that spatial audio area. These spatial audio areas may be dynamically re-shaped, re-sized, and/or re-located based on contextual analysis includes clustering analysis and evaluating ambient attributes and user intent. Contextual cues may include grouping of audio sources or a purpose of the environment, while ambient attributes may include characteristics of environmental objects (e.g., furniture) as well as temperature, ambient noise levels, and the like. Additionally, in some examples, user intent may be discerned based on movements and audio content.
Described embodiments provide systems and methods for defining a clip within a recording. A device may generate a recording of a session of a user via which a plurality of applications is accessible. The device may detect a transition of an application of the plurality of applications in a foreground of the session. The device may identify, from the recording, a frame corresponding to the transition in the foreground. The device may store an identification of the frame corresponding to the transition to define a clip of the user within the recording using the application in the session.
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
A system and method for providing multi-factor authentication using biometric data collected from a wearable. A disclosed method includes: receiving an authentication request for a user to access a resource via a client device; fetching a stored heartrate-voice (HRV) profile of the user; obtaining current heart data of the user from a wearable; obtaining a current voice sample of the user from the wearable or the client device; comparing the current heart data and current voice sample with the HRV profile; and authenticating the user in response to a match between the current heart data and current voice sample with the HRV profile.
A server computer system configured to proactively predict a session failure of a virtual service is provided. The server computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to receive one or more feature values associated with the virtual service. The processor can then evaluate a likelihood of session failure of the virtual service, such as a session launch failure, unresponsive state, or persistent session failure, in a future time interval based on the received feature values. The processor can then determine that the likelihood of session failure satisfies a classification test indicating the session failure is likely. Responsive to the determination, the processor can then execute a corrective operation, such as to end a user session, disable the virtual service, restart the virtual service, or render a user notification.
G06F 11/14 - Détection ou correction d'erreur dans les données par redondance dans les opérations, p.ex. en utilisant différentes séquences d'opérations aboutissant au même résultat
G06F 9/455 - Dispositions pour exécuter des programmes spécifiques Émulation; Interprétation; Simulation de logiciel, p.ex. virtualisation ou émulation des moteurs d’exécution d’applications ou de systèmes d’exploitation
78.
CONTEXTUAL APP PROTECTION FOR COLLABORATION SESSIONS
SEQ CHAPTER \h \r 1 SEQ CHAPTER \h \r 1 SEQ CHAPTER \h \r 1 SEQ CHAPTER \h \r 1A computing system includes a virtual server providing virtual computing sessions to be accessed by client computing devices. Collaboration apps operating in the virtual computing sessions allow users to participate in a collaboration session with other users. Each client computing device includes a processor to enable app protection to prevent an unauthorized transfer of data by a user of the client computing device when participating in a collaboration session. The virtual server determines when the user of one of the client computing devices is to be a presenter within the collaboration session, and in response to one of the users being the presenter while the other users are non-presenters, the virtual computing session disables app protection in the presenter's client computing device for the presenter to share their screen with the non-presenters.
G06F 21/62 - Protection de l’accès à des données via une plate-forme, p.ex. par clés ou règles de contrôle de l’accès
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
H04L 65/401 - Prise en charge des services ou des applications dans laquelle les services impliquent une session principale en temps réel et une ou plusieurs sessions parallèles additionnelles en temps réel ou sensibles au temps, p.ex. accès partagé à un tableau blanc ou mise en place d’une sous-conférence
79.
COMPUTING DEVICE AND METHODS PROVIDING ENHANCED LANGUAGE DETECTION AND DISPLAY FEATURES FOR VIRTUAL COMPUTING SESSIONS
A computing device may include a memory and a processor coupled to the memory and configured to run a browser to access a virtual computing session. The browser may have a first language associated therewith, and the virtual computing session may be provided in the first language responsive to the browser. The processor may be further configured to capture text input to the browser for the virtual computing session, determine whether the captured text corresponds to a second language different than the first language, and cause the virtual computing session to be provided in the second language responsive to determining the captured text corresponds to the second language.
G06F 40/47 - Traduction assistée par ordinateur, p.ex. utilisant des mémoires de traduction
G06F 40/51 - Traitement ou traduction du langage naturel Évaluation de la traduction
G06F 40/58 - Utilisation de traduction automatisée, p.ex. pour recherches multilingues, pour fournir aux dispositifs clients une traduction effectuée par le serveur ou pour la traduction en temps réel
In one disclosed method, a method performed by a computing system involves determining that a file is to be uploaded from a first remote device to the computing system; sending, to the first remote device, first data to enable a wireless connection to be established between the first remote device and a second remote device; receiving, from the first remote device, a first portion of the file; receiving, from the second remote device, a second portion of the file, the second remote device having received the second portion of the file from the first remote device via the wireless connection; and merging the first portion of the file and the second portion of the file to generate a copy of the file.
H04L 67/06 - Protocoles spécialement adaptés au transfert de fichiers, p.ex. protocole de transfert de fichier [FTP]
H04W 76/10 - Gestion de la connexion Établissement de la connexion
H04W 4/02 - Services utilisant des informations de localisation
H04W 4/80 - Services utilisant la communication de courte portée, p.ex. la communication en champ proche, l'identification par radiofréquence ou la communication à faible consommation d’énergie
H04W 4/70 - Services pour la communication de machine à machine ou la communication de type machine
81.
RESOURCE RECOMMENDATION SERVICE BASED ON USER EXPERTISE
A system and method for recommending resources to users based on user expertise. A disclosed method includes: extracting project and keyword data from interactions between a user and workspace applications; evaluating the project and keyword data to determine an expertise level of the user for at least one project; in response to a determined expertise level for the at least one project, determining a set of resources for the user based on historical workspace interactions of workspace users having a common expertise level; and outputting links to the set of resources to a virtual workspace of the user. Aspects analyze an expertise level for a topic and recommend resources at that level to reduce the learning curve. Aspects detect when a user is involved in a new project and determines and displays the expertise level. Resources recommended include, e.g., tools or applications, encountered problems and solutions, experts reported issues, etc.
G06Q 10/06 - Ressources, gestion de tâches, des ressources humaines ou de projets; Planification d’entreprise ou d’organisation; Modélisation d’entreprise ou d’organisation
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
In one aspect, an example methodology implementing the disclosed techniques can include, by a computing device, receiving a video stream from a first client device and, responsive to a determination that a second client device activated a downgrade feature and further responsive to a determination that a user of the first client device is not speaking, modifying the video stream to consume less resources. The method can also include, by the computing device, providing the modified video stream to the second client device.
A website access workflow includes receiving, from a browser associated with a user, a Universal Resource Locator (URL) associated with a website; comparing the URL with at least one domain name in a user domain name list associated with the user to determine whether the URL exists in the domain name list; in response to determining that the URL does not exist in the user domain name list, adding the URL to the user domain name list; and in response to a visit count representing a number of visits to the URL by the user being less than a threshold value, causing the browser to display a warning message. In response to receiving, from the browser, a user confirmation that the website is not malicious, the workflow includes sending permission to the browser to access the website using the URL and incrementing the visit count by one.
G06F 16/955 - Recherche dans le Web utilisant des identifiants d’information, p.ex. des localisateurs uniformisés de ressources [uniform resource locators - URL]
84.
PREVENTING ILLEGAL, MALICIOUS AND THEFT OF E-SIGNATURES WHILE REUSING E-SIGNATURES FROM MOBILE DEVICE
A technique for applying signatures to documents stores a user signature in a first device and selectively releases the user signature for incorporation into documents only after performing validation. The validation includes the first device scanning a machine-readable code displayed by a second device. The first device and the second device participate in respective sessions with an online system, which stores a document to be signed. The first device extracts information from the machine-readable code and attempts to validate that information with the online system. If the validation is successful, the first device may release the user signature, e.g., by sending the user signature to the online system for incorporation into the document.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
A computing system may (A) determine that a target service is to receive portions of a first file in a particular sequence from the computing system via a first hypertext transport protocol (HTTP) connection between the computing system and the target service, (B) receive a first portion of the first file from a client device via a second HTTP connection established between the computing system and the client device, (C) determine that the first portion of the first file is next in the particular sequence of file portions to be sent to the target service, (D) send, to the target service via the first HTTP connection, the first portion of the first file based at least in part on the first portion of the first file being next in the particular sequence, (E) receive a second portion of the first file from the client device via a third HTTP connection established between the computing system and the client device, (F) determine that the second portion of the first file is next in the particular sequence, and (G) send to the target service via the first HTTP connection, the second portion of the first file based at least in part on the second portion of the first file being next in the particular sequence.
Methods and systems for augmented key generation are described herein. A computing system may receive, from a first user device, an image of a keyboard of a second user device. The computing platform may detect, based on the image, a first missing key of the keyboard, and may generate an augmented version of the first missing key. The computing platform may send, to the first user device, the augmented version of the first missing key and commands directing the first user device to display the augmented version of the first missing key, which may cause the first user device to display the augmented version of the first missing key. Selection of the augmented version of the first missing key on the first user device may cause display of a character, corresponding to the first missing key, to be displayed at the second user device.
G06F 3/023 - Dispositions pour convertir sous une forme codée des éléments d'information discrets, p.ex. dispositions pour interpréter des codes générés par le clavier comme codes alphanumériques, comme codes d'opérande ou comme codes d'instruction
G06F 3/04886 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels par partition en zones à commande indépendante de la surface d’affichage de l’écran tactile ou de la tablette numérique, p.ex. claviers virtuels ou menus
G06V 20/20 - RECONNAISSANCE OU COMPRÉHENSION D’IMAGES OU DE VIDÉOS Éléments spécifiques à la scène dans les scènes de réalité augmentée
A method may include detecting, at a first client device engaged in a web conference session with a second client device, a selection of a user interface element associated with a first input mode in which at least a portion of content captured at the first client device is excluded from being shared with the second client device. In response to the selection of the user interface element, the first input mode may be activated at the first client device by disabling multiple input devices associated with the first client device such that at least the portion of the content captured at the first client device is excluded from being shared with the second client device. Meanwhile, when a second input node is activated at the first client device, the content captured at the first client device may be shared with the second client device without restrictions.
In some disclosed embodiments, a first computing system may receive a message indicating that a resource owner has authorized a client application to make application programming interface (API) calls to both (A) a first access-restricted resource controlled by the resource owner, and (B) a second access-restricted resource controlled by the resource owner. In response to the message, the first computing system may generate both (A) a first token that is configured to authenticate to a first API endpoint to access the first access-restricted resource but is not configured to authenticate to a second API endpoint to access the second access-restricted resource, and (B) a second token that is configured to authenticate to the second API endpoint to access the second access-restricted resource but is not configured to authenticate to the first API endpoint to access the first access-restricted resource.
According to some embodiments of the disclosure, a method includes: receiving, at a computing device, content of an online meeting; analyzing, by the computing device, the content to identify one or more topics communicated by one or more client devices participating in the online meeting; associating, by the computing device, ones of the one or more topics to one or more text segments of the content; and providing, by the computing device, annotations for the online meeting to at least one of the one or more client devices participating in the online meeting, the annotations representative of the one or more topics and the associated text segments.
Systems and methods for supporting multiple local browser tabs and windows during a remote browser session are described. A remote browser session may be, in some examples, a remote session accessed in a local browser tab with inputs to the remote session launching web pages and applications on a server rather than locally on a device. In some remote browser session experiences, further interactions with the launched web pages and applications may be limited to being within the local browser tab. The user can instead utilize functionality and methods where applications and browser windows can be started in or moved to individual tabs or windows of the local browser. Then those different tabs and windows may be selected to switch between applications and/or web sites that are running in a shared remote session on a server saving server resources.
One disclosed method involves causing, by a computing system, installation of at least a first application and a second application, determining, by the computing system, first application data indicative of modifications occurring in response to installation of the first application, determining, by the computing system, second application data indicative of modifications occurring in response to installation of the second application, and processing the first application data and the second application data to generate a set of application policies to control use of the first application and the second application at a user device.
One disclosed method involves a computing system determining a keyword of interest for an online meeting being presented via a user interface, determining that content of the online meeting corresponds to the keyword of interest, and causing, in response to the content of the online meeting corresponding to the keyword of interest, the user interface to output an indication that the content of the online meeting being presented is potentially of interest. Another disclosed method involves a computing system determining data indicative of a number of client devices, from a plurality of client devices participating in an online meeting, for which a user interface for the online meeting is presented in an active window, and causing, based at least in part on the data, a first client device, from the plurality of client devices, to output an indication that content of the online meeting being presented is potentially of interest.
A method includes operating a mobile device to establish a communications channel between the mobile device and a shared computing terminal. The shared computing terminal is accessible to a plurality of users other than a user of the mobile device. In response to authentication of the user of the mobile device with a remote computing device, the mobile device receives a code from the remote computing device. The mobile device provides the code to the shared computing terminal via the communications channel to enable the shared computing terminal to request a temporary access token from the remote computing device. The temporary access token is used by the shared computing terminal to launch a computing session with the remote computing device without transfer of a long-lived access token of the user from the mobile device to the shared computing terminal.
H04L 9/32 - Dispositions pour les communications secrètes ou protégées; Protocoles réseaux de sécurité comprenant des moyens pour vérifier l'identité ou l'autorisation d'un utilisateur du système
G06F 21/35 - Authentification de l’utilisateur impliquant l’utilisation de dispositifs externes supplémentaires, p.ex. clés électroniques ou cartes à puce intelligentes communiquant sans fils
G06F 21/36 - Authentification de l’utilisateur par représentation graphique ou iconique
94.
SYSTEMS AND METHODS FOR MANAGING NETWORK SERVICES BY AN SD-WAN APPLICATION AND AN SD-WAN DEVICE
Systems and methods for managing network services by an SD-WAN application and an SD-WAN device include a software-defined wide area network (SD-WAN) application executing on a client device detecting a presence of an SD-WAN device. The SD-WAN application establishes a connection between the SD-WAN application and the SD-WAN device. The SD-WAN application updates a configuration of the SD-WAN application, to cause the SD-WAN application to interoperate with the SD-WAN device for managing one or more network services.
Methods and systems for causing display of notes in an extended reality (XR) environment are described herein. A computing device may provide, to a user and via an XR device, an XR environment. The computing device may receive an indication that the user is presenting content. The computing device may capture one or more images of a physical environment around the XR device, then process the images to identify a location of a camera. The computing device may retrieve text corresponding to the content being presented and cause display, in the XR environment and based on the location, of the text. In this manner, the computing device may orient the eyes of the user towards a camera during presentation of content.
Described embodiments provide systems and methods for establishing a session. A client may identify, to access at least one of a plurality of services via a connector, a plurality of metrics on network conditions between the connector and a corresponding service of the plurality of services. The client may use at least one value of the plurality of metrics to scale each metric of the plurality of metrics. The client may determine a score for each service of the plurality of services as a function of each of the plurality of scaled metrics for the corresponding service. The client may select, from the plurality of services, a service based at least on the score. The client may establish a session with the connector to access the selected service.
Methods and systems for transparent user-interfaces are described herein. A computing device may generate an overlay that is transparent and positionable on top of a window of a user interface. The overlay may include visible content of an application different than another application of the window. Based on the visible content of the application and content of the another application, the computing device may determine a location of the overlay relative to the window. The computing device may provide, based on the determined location, the overlay on top of the window, so as to display the visible content of the application in a nonoverlapping fashion with the content of the another application to display and enable use of multiple applications with one window.
G06F 3/0481 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] fondées sur des propriétés spécifiques de l’objet d’interaction affiché ou sur un environnement basé sur les métaphores, p.ex. interaction avec des éléments du bureau telles les fenêtres ou les icônes, ou avec l’aide d’un curseur changeant de comport
G06F 3/0354 - Dispositifs de pointage déplacés ou positionnés par l'utilisateur; Leurs accessoires avec détection des mouvements relatifs en deux dimensions [2D] entre le dispositif de pointage ou une partie agissante dudit dispositif, et un plan ou une surface, p.ex. souris 2D, boules traçantes, crayons ou palets
G06F 3/04842 - Sélection des objets affichés ou des éléments de texte affichés
A client device may receive, from a remote computing system via a first communications channel, first graphics content for a virtual desktop of a computing environment hosted on the remote computing system and delivered to the client device. The first graphics content may be sent from the client device to at least one external. The client device may receive, from the remote computing system via a second communications channel, data indicative of at least one characteristic of plurality of resources hosted in the computing environment and accessible via the virtual desktop. While the virtual desktop is presented on the at least one external monitor and based at least in part on the received data, second graphics content indicative of the at least one characteristic of the plurality of resources may be presented on a touchscreen of the client device.
G06F 9/451 - Dispositions d’exécution pour interfaces utilisateur
G06F 3/0488 - Techniques d’interaction fondées sur les interfaces utilisateur graphiques [GUI] utilisant des caractéristiques spécifiques fournies par le périphérique d’entrée, p.ex. des fonctions commandées par la rotation d’une souris à deux capteurs, ou par la nature du périphérique d’entrée, p.ex. des gestes en fonction de la pression exer utilisant un écran tactile ou une tablette numérique, p.ex. entrée de commandes par des tracés gestuels
99.
SYSTEMS AND METHODS FOR SELECTING TUNNELS FOR TRANSMITTING APPLICATION TRAFFIC BY AN SD-WAN APPLICATION
Systems and methods for selecting tunnels for transmitting application traffic by an SD-WAN application include a software-defined wide area network (SD-WAN) application executing on a client device establishing a connection between the SD-WAN application and one or more applications. The SD-WAN application maintains a plurality of tunnels between the SD-WAN application and respective tunnel destinations. The SD-WAN application receives application traffic from an application of the one or more applications. The SD-WAN application selects, based on the application traffic, a respective tunnel of the plurality of tunnels via which to transmit the application traffic of the application. The SD-WAN application transmits the application traffic via the selected tunnel.
H04L 67/025 - Protocoles basés sur la technologie du Web, p.ex. protocole de transfert hypertexte [HTTP] pour la commande à distance ou la surveillance à distance des applications
100.
System and methods to detect faulty components during session launch
A computer system configured to identify errors in a session launch initiated by a client application is provided. The computer system includes a memory and at least one processor coupled to the memory. The at least one processor is configured to receive one or more events from one or more applications or devices involved in the session launch, wherein an event of the one or more events comprises information from an application or device call (e.g., an application programming interface (API) call) communicated during the session launch, the information comprising destination information; build a primary Directed Acyclic Graph (DAG) based on the information from the API call; determine an error identifier based on the primary DAG; retrieve a troubleshooting recommendation from a library based on the error identifier; and send the troubleshooting recommendation to the client application.
H04L 41/06 - Gestion des fautes, des événements, des alarmes ou des notifications
H04L 41/0631 - Gestion des fautes, des événements, des alarmes ou des notifications en utilisant l’analyse de la corrélation entre les notifications, les alarmes ou les événements en fonction de critères de décision, p.ex. la hiérarchie ou l’analyse temporelle ou arborescente