A method for enhanced SEPP firewall filtering for health check messages includes performing an N32-c security capability exchange with at least one remote SEPP to establish security parameters for communicating with the at least one remote SEPP over an N32-f interface. The method further includes maintaining N32-f context information for the at least one remote SEPP with which an N32-c security capability exchange has been successfully completed. The method further incudes receiving a health check message and accessing the N32-f context information to determine whether an originator of the health check message corresponds to a SEPP with which an N32-c security capability exchange has been successfully completed. The method further includes performing a network security action when the SEPP determines that the health check message does not correspond to a SEPP with which an N32-c security capability exchange has been successfully completed.
Techniques for data communication protocols for data transmission and software assurance in a cloud environment are disclosed. Data is received from a first component and at a first adapter using a first communication protocol. The data is transmitted, by the first adapter and to a proxy, using a second communication protocol. The proxy audits the data, and (i) blocks passage of the data, or (ii) forwards the data to a second adapter using the second communication protocol, to cause the second adapter to transmit the data to a second component using the first communication protocol. The proxy is within a tenancy of a cloud environment. The first adapter and the first component are within a first section of the cloud environment. The second adapter and the second component are within a second section of the cloud environment. Neither of the first or second sections is within the tenancy.
Systems, methods, and computer readable media are presented to determine that a condition has been satisfied for resizing an array. A new storage unit is created, and a first storage unit is referenced from the new storage unit. A hash table header is updated to enable the first storage unit and the new storage unit for routing new hash table requests. When a request for a resource is received, a determination is made that the resource maps to the new storage unit and previously mapped to the first storage unit. The first storage unit is identified based on at least a reference of the new storage unit, and a latch is acquired on the first storage unit. The latch is used to remove a first resource mapping for the resource from the first storage unit and add a second resource mapping for the resource to the new storage unit before releasing the latch on the first storage unit.
Techniques include accessing a set of documents; generating a final unified representation for each document of the set of documents, wherein generating the final unified representation comprises performing an iterative process for each document, and wherein the iterative process comprises: encoding, using a semantic embedding vector, a document's core semantic features in a semantic encoding, mapping a time domain for at least the document into a dimensional vector space to encode temporal information into a temporal encoding, and aggregating the semantic encoding and temporal encoding to generate the final unified representation; generating a query embedding, where the query embedding comprises a time-aware embedding for a query; comparing the query embedding to the final unified representation for each document of the set of documents; identifying one or more documents of the set of documents based on the comparing; and providing the one or more identified documents for downstream use.
Techniques are disclosed to establish trust in a cluster of edge devices. A new cloud-computing edge device can be connected to a cluster of cloud-computing edge devices. The new cloud-computing edge device can store a fleet encryption key and a plurality of public encryption keys corresponding to the cluster of cloud-computing edge devices. The new cloud-computing edge device can use the fleet encryption key to generate encrypted message data including a new public encryption key and send the encrypted message data to the cluster. If the encrypted message data is successfully decrypted by the cluster of cloud-computing edge devices, the new cloud-computing edge device can send a request for a session token to the cluster of cloud-computing edge devices. If a signature of the request is verified, the new cloud-computing edge device can receive the session token and establish a communication session with the cluster of cloud-computing edge devices.
Systems, methods, and computer-readable media are provided for implementing an application security management system. An application instance is executed that uses an interface that wraps external resource access functionality of the application instance. The interface is used to allow access from the application instance to one or more external resources, and an application security management system managing the interface logs requests. A call is received including a request for access to a resource external to the application instance along with metadata about functionality carried out by the application instance in association with the request. A use-case is determined for the request based at least in part on the metadata. The use-case is compared to a set of rules that map different use-cases to different candidate external resources to determine if the request to the resource is valid for the use-case. When the resource is not valid for the use-case, the request is rejected and logged.
Systems, methods, and computer-readable media are provided for using bytecode injection to control an application's access to external resources. An application security management system accesses a request made by an application instance using a resource access bytecode instruction for access to a resource. Upon detecting the request, the application security management system injects a validation bytecode instruction to complete execution before the request. The validation bytecode instruction is based at least in part on the request and one or more states of the application instance. Execution of the validation bytecode instruction determines whether access is prevented or not. The application security management system uses the validation bytecode instruction to prevent access to the resource if one or more conditions are satisfied based at least in part on the one or more states of the application instance. The application security management system also logs the request and metadata to a resource access log.
Systems, methods, and computer-readable media are provided for controlling an application's access to sensors based on application status and/or other metadata. An application security management system accesses a request by an application instance on a device for a given instance of access to an audio, image, location, sensitive data, or network access resource of the device. The request is made to an interface that controls access to the audio, image, location, sensitive data, or network access resource based on stored rules. Metadata associated with the request indicates which state of candidate states the application instance is in at a time of the request and/or past states of the application instance prior to the request. Based at least in part on the given application state or states or a pattern thereof, and at least one of the stored rules, the application security management system determines whether to grant the given instance of access. The application security management system may also log the request and the metadata to a resource access log.
Techniques for federated statistical and traffic flow analysis for anomaly detection in a cloud environment are disclosed. A plurality of payloads are received from first one or more components of the cloud environment and at a gateway of the cloud environment. The plurality of payloads are destined for second one or more components of the cloud environment. One or more attributes of each of the plurality of payloads are determined. Based on the one or more attributes of each of the payloads, the plurality of payloads is divided into two or more groups. For each group, one or more statistical data are gathered, based on the corresponding subset of the plurality of payloads for the corresponding group. The statistical data are analyzed, to detect an anomalous issue with one group of the two or more groups. Information associated with the anomalous issue are displayed on a user interface.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
G06F 3/0484 - Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
A security tool is provided to check for security issues with a progression candidate version of code. The security tool identifies a progressed version of code that addresses a documented security issue that was present in a prior version of code and has a same ancestor version of code as the progression candidate version of code. Based on a difference between the progressed version of code and the prior version of code, the security tool determines whether a similar difference has been made between other versions of code in a lineage of the progression candidate version of code. Based on determining that a similar difference has not been made, the security tool stores an indication that the progression candidate version of code is associated with the documented security issue. The security tool may also determine a proposed change to the progression candidate version of code based on the difference.
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
11.
SYSTEM AND METHOD FOR SOFTWARE APPLICATION DEVELOPMENT INCLUDING PORTABLE AND EXTENSIBLE DYNAMIC USER INTERFACES AND DATA VALIDATION
Embodiments described herein are generally directed to client/server software application development frameworks, and are particularly directed to systems and methods for supporting portable and extensible dynamic user interfaces and data validation. An application development framework is provided, wherein a rules engine component and rules are provided at both the client-side and the server-side, for use with a particular application. The rules engine and rules can be different implementations at each end. The client and server can communicate to exchange the latest versions of the rules; however the rules themselves are agnostic as to which (client-side or server-side) engine they are run on. The system allows users to configure policies associated with a client-side user interface and a backend server, that operate together to provide application portability and extensibility, for example to control the presentation, logic, defaulting, and operation of a data set associated with a dynamic user interface.
Techniques for dynamically generating and updating clusters for categorizing data by using a hybrid implementation of supervised and unsupervised machine learning models are disclosed. A system trains a supervised prediction-type machine learning model to categorize data into a design-time defined set of data clusters. The system trains the prediction-type model using a training data set to generate predictions for assigning data to design-time defined data clusters. If the prediction-type model predicts that a data record does not correspond to any of the design-time defined data clusters, the system applies an unsupervised clustering-type machine learning model to the data record. The clustering-type model predicts a data cluster for the record. If the system detects a retraining trigger, the system retrains the classification-type model to include a new classification based on a runtime defined data cluster generated by the clustering-type model.
Systems, methods, and computer-readable media are provided for intelligent code integration, deployment, and analysis. An example intelligent code analysis system is configured to access and maintain an issue knowledge base storing information about code issues and/or issue resolutions associated with one or more software pipelines managed by the system. The system may process a natural language request about one or more code issues, issue resolutions, and/or sets of code. The system may additionally or alternatively analyze code issues to determine sets of code that should be newly associated with the issues, and/or analyze sets of code to determine issues that should be newly associated with the sets of code. The system generates a prompt that includes content from the natural language request, information about code issues, and/or information about sets of code. The system prompts a large language model (LLM) with the prompt and provides a response for the natural language request based on a result of execution of the prompt by the LLM.
Discussed herein are techniques that utilize hierarchical locality information of host machines included in a cluster network for the execution of general workloads. Hierarchical locality information for each host machine of a plurality of host machines is stored. The hierarchical locality information for a host machine identifying, for each locality of a plurality of localities, location information for the locality. Responsive to receiving a request requesting execution of a workload, the hierarchical locality information for the plurality of host machines is obtained and provided (e.g., to a customer) in response to the request.
Techniques for facilitating connectivity to vPLCs created in a CSP-provided infrastructure in a region. Within the CSP-provided infrastructure in a region, when the destination of a packet is determined to be an endpoint associated with a particular vPLC, the packet is tagged with information related to the particular vPLC. The vPLC-related information for the particular vPLC can include, for example, a vPLC identifier identifying the particular vPLC, an identifier identifying a customer associated with the endpoint, a virtual cloud network identifier identifying a virtual cloud network (VCN) belonging to the particular vPLC and where the endpoint is part of the VCN, and other vPLC-related information. The packet is then routed or communicated within the CSP-provided infrastructure in a region along with the tagged vPLC-related information. The vPLC-related information is used as part of the connectivity and for routing of packets within the CSP-provided infrastructure in a region.
G06Q 20/40 - Authorisation, e.g. identification of payer or payee, verification of customer or shop credentialsReview and approval of payers, e.g. check of credit lines or negative lists
G06Q 50/40 - Business processes related to the transportation industry
H04L 41/5041 - Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
H04L 43/045 - Processing captured monitoring data, e.g. for logfile generation for graphical visualisation of monitoring data
H04L 45/00 - Routing or path finding of packets in data switching networks
Techniques are described for data management. An example method can include receiving, by a first data center in a first region, a message indicating that an intermediate computing system managed by the first data center has received data from a second data center in a second region, the data stored in an isolated environment of the intermediate computing system. The method can further include determining a criterion for validating the data. The method can further include transmitting to the intermediate computing system, first control instructions to validate the data while stored in the isolated environment based at least in part on the criterion. The method can further include receiving validation results from the intermediate computing system. The method can further include causing the data to be released from the isolated environment based at least in part on the validation results.
A method may include receiving a request for a secure partition on an HSM from a client device and provisioning the secure partition on the HSM. The method may include generating a control server and a load balancer. The method may include generating, by a certificate service, a CSR signed by the certificate service. The method may include transmitting the CSR to the client device and receiving a first certificate including the public key of the first public private key pair and a private key of a second public private key pair. The method may include receiving a second certificate generated by an external certificate authority and signed with a public key of the second public private key pair. The method may include storing the first certificate and the second certificate on the secure partition in a location such that the second is accessible by the control server.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Techniques for automatically de-identifying sensitive information in audio conversations by combining un-transcribed voice activity detection (VAD) with large language model (LLM) analysis are disclosed. An audio de-identification system processes speech-to-text transcriptions while identifying segments where automatic speech recognition (ASR) failed to transcribe spoken content. These un-transcribed segments are represented as placeholders in prompts sent to an LLM, which analyzes the surrounding textual context to determine if sensitive information (such as PII or PHI) was likely spoken during these gaps. When sensitive content is identified, the system modifies the corresponding audio segments through an audio identification tactic. This approach addresses the technical challenge of incomplete de-identification in automated audio processing by leveraging LLMs' contextual understanding to detect sensitive information in segments that traditional ASR systems miss, particularly in scenarios involving poor audio quality or diverse accents. The result is a more comprehensive and reliable audio de-identification system.
Techniques for automatically deidentifying sensitive information in textual data using large language models (LLMs) are disclosed. A process iteratively identifies and removes sensitive entities from input text by sending portions to an LLM for analysis. The LLM determines if specific entities are sensitive, and based on its output, the identified entities are removed, and the text is updated. This cycle repeats for a predetermined number of iterations until no sensitive entities remain or until another termination condition is met. The method addresses limitations of traditional de-identification approaches by leveraging LLMs' advanced language understanding capabilities while managing computational resources efficiently. By employing an iterative approach, the accuracy and thoroughness of de-identification is improved, effectively removing sensitive information while preserving the text's usefulness. This process offers technical advantages in protecting sensitive information, adapting to diverse and context-dependent data, and optimizing computational resources for improved efficiency and reliability in de-identification tasks.
A method and system for enhancing sensitive entity de-identification in textual data using large language models (LLMs) are disclosed. The method includes performing a primary de-identification procedure on input text to identify an initial set of sensitive entities, constructing a prompt containing the identified entities and a portion of the input text, and processing the prompt using an LLM to identify additional sensitive entities not detected in the primary procedure. A de-identified text is generated by removing both the initially identified entities and the LLM-identified entities from the input text. The de-identified text is stored in a non-transitory computer-readable medium. The system improves recall in sensitive information detection by leveraging LLMs'advanced language understanding capabilities to complement traditional de-identification methods, resulting in more comprehensive protection of sensitive information in applications such as medical records processing.
An interceptor on the sending side intercepts an outgoing service request and attaches a unique identifier header that must be presented with the request and with any retries of the request. An interceptor on the receiving side sees the unique identifier and queries a private data store to see if the request has been processed previously. If the request has not been seen before on the receiving side, the application processes the request as usual, and the receiving side interceptor captures the return payload along with the unique identifier. If the request has been seen before, then the receiving side interceptor simply returns the captured payload from the successful processing by the application.
H04L 67/60 - Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
H04L 41/50 - Network service management, e.g. ensuring proper service fulfilment according to agreements
A method includes obtaining a data flow graph of a unit of computer program code. The unit of computer program code includes a dataflow fact. The data flow graph has a data flow path corresponding to the dataflow fact. The method further includes augmenting the data flow graph by adding a correlation to the dataflow fact of the data flow graph according to an instruction type in the unit of computer program code. An augmented data flow graph is obtained, having a first set of data flow paths corresponding to the dataflow fact. The method further includes merging a first data flow path and a second data flow path of the first set of data flow paths corresponding to the dataflow fact, to obtain a transformed data flow graph having a second set of data flow paths corresponding to the dataflow fact.
G06F 21/56 - Computer malware detection or handling, e.g. anti-virus arrangements
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
23.
SYNTHETIC DOCUMENT GENERATION PIPELINE FOR TRAINING ARTIFICIAL INTELLIGENCE MODELS
Embodiments described herein are directed towards a synthetic document generation pipeline for training artificial intelligence models. One embodiment includes a method including a device that receives an instruction to generate a document to be used as a training instance for a first machine learning model, the instruction including an element configuration, a document class configuration, a format configuration, an augmentation configuration, and data bias and fairness. The device can receive an element from an interface based at least in part on the element configuration, the element can simulate a real-world image, real-world text, or real-world machine-readable visual code. The device can generate metadata describe a layout for the element on the document based on the document class configuration. The device can generate the document by arranging the element on the document based on the metadata, wherein the document is generated in a format based on the format configuration.
A pre-trained context AI agent that was trained using one or more initial training data sets may be accessed. An input data set may be generated that includes a prompt and/or context to request generation of one or more synthetic data elements. A result that includes at least one synthetic data element may be accessed, where the result was generated by a natural language processing technique in response to the input data set. Identification a label for each of the at least one synthetic data element may be facilitated. The context AI agent may be fine-tuned using the label for each of the at least one synthetic data element.
Techniques for generating a layout for computing equipment in a data center are disclosed. The system represents a physical environment as a layout polygon and obstacles within the physical environment as obstacle polygons. The system represents groupings of racks as pod polygons. The system executes a positioning algorithm to place pod polygons in the layout polygon. The initial layout is optimized according to layout criteria. The system determines if any of the pod polygons in the initial layout collide with an obstacle polygon. The system attempts to resolve the collision by moving the colliding pod polygons or removing racks from a pod polygon. The system generates a basket tray path that minimizes the length of the basket tray path while avoiding obstacles in the path.
G06F 30/13 - Architectural design, e.g. computer-aided architectural design [CAAD] related to design of buildings, bridges, landscapes, production plants or roads
G06F 30/18 - Network design, e.g. design based on topological or interconnect aspects of utility systems, piping, heating ventilation air conditioning [HVAC] or cabling
G06F 30/27 - Design optimisation, verification or simulation using machine learning, e.g. artificial intelligence, neural networks, support vector machines [SVM] or training a model
Implementations of a healthcare software system interact with user(s) and/or healthcare provider(s) to permit secure access to patient healthcare data and support user-driven functionality. A user (patient) can interact with the healthcare software system via an application implemented at a user system. The healthcare software system can aggregate the user's health data from a variety of sources. The healthcare application can interact with the user to support user-driven healthcare, such as prompting care plan actions and/or medication actions, triggering health metric monitoring, generating user notes related to the user's healthcare, integrating questionnaires, defining and enforcing health data access permissions and restrictions, and the like.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
27.
REVERSE LOOKUP OF A USER ID TO A DOMAIN ID ACROSS SHARDS
A host computing device may receive a request to authorize an entity, the authorization request comprising an entity tag. The host may send a domain request, containing an entity tag, for a domain tag to a first fleet. The host may receive the domain tag from the first fleet and store the domain tag in a cache memory. The host may identify a data stripe tag, stored in a host database, associated with the domain tag. The host may send a fleet request for a fleet tag, with the data stripe tag, to a second fleet. The host may receive the fleet tag. The host may send an information request for a plurality of authentication information to an identified fleet associated with the fleet tag. The host may receive the plurality of authentication information. The host may determine whether to authorize the entity based on the authentication information.
Techniques for defining and using reusable modules to generate form control code are disclosed, including: displaying a form control implementation interface for applying form control functions to forms; receiving via the form control implementation interface: a first user input selecting a form control function of the form control functions; a second user input selecting one or more input parameters, for the form control function, that are to be extracted from the target form; a third user input selecting a target field of a target form, one or more attributes of the target field to be modified via execution of the form control function; generating form control code that extracts the one or more input parameters from form data received for the target form and applies the form control function to the one or more input parameters to modify the one or more attributes of the target field.
Techniques for performing an automatic route flip are disclosed herein. The techniques include receiving, for a communications network, a request to flip a primary route and a secondary route. The techniques further include responsive to receiving the request: causing routing information in a database to be updated, the database update changing a first path length associated with a first route to be updated to a third path length that causes the first route to become the secondary route and a second route to become the primary route. The techniques further include responsive to the database update and the second route becoming the primary route, causing a second host to route traffic to an endpoint using the second route instead of a first host routing traffic to the endpoint using the first route prior to receiving the request.
Herein is database transaction throttling to compensate for excessive redo generation and excessive database replication lag. Each time interval in a sequence of contiguous time intervals is assigned to a distinct respective redo counter in a circular buffer. While executing database statements in a database transaction, some of the redo counters are adjusted to reflect a fluctuating amount of redo generated by the transaction. When the redo generation rate of the database transaction is detected as exceeding a threshold, execution of the database statements in the database transaction is paused.
Techniques for generating a layout for computing equipment in a data center are disclosed. The system represents a physical environment as a layout polygon and obstacles within the physical environment as obstacle polygons. The system represents groupings of racks as pod polygons. The system executes a positioning algorithm to place pod polygons in the layout polygon. The initial layout is optimized according to layout criteria. The system determines if any of the pod polygons in the initial layout collide with an obstacle polygon. The system attempts to resolve the collision by moving the colliding pod polygons or removing racks from a pod polygon. The system generates a basket tray path that minimizes the length of the basket tray path while avoiding obstacles in the path.
G06F 30/13 - Architectural design, e.g. computer-aided architectural design [CAAD] related to design of buildings, bridges, landscapes, production plants or roads
G06F 30/20 - Design optimisation, verification or simulation
Systems, methods, and other embodiments associated with a profile configuration system are described including with a graphical user interface dashboard for creating a profile and automatically predicting target attributes for the profile with machine learning. The profile may be used by the system to control and guide actions against a database of transactions. For example, an automated machine learning process creates and trains a plurality of candidate machine learning models to predict a value for a target profile attribute. A best-fit machine learning model is selected from the candidates to generate the predicted value for the target profile attribute. Once the profile is created, query logic may be executed to search a database of transactions based on the profile attributes in the profile that match a set of transactions. The matching transactions are then routed and transferred into a reconciliation data table assigned to the account profile.
Various embodiments of the present technology generally relate to systems and methods for providing a service model engine. In an aspect a method includes identifying, by a service model engine, a swagger file from a network vendor and parsing the swagger file for API endpoints. The service model engine may generate resource specifications based on the API endpoints and may generate delivery actions for each API endpoint. Each delivery action may include delivery parameters for each API endpoint, The service model engine may also map each of the delivery parameters to corresponding characteristics in the resource specifications to generate parameter mappings. The service model engine may generate a service delivery model including the resource specifications, the delivery actions, and the parameter mappings, where the service delivery model is used by a service orchestration system to deliver respective services.
Techniques discussed herein relate to monitoring and/or detecting destabilization events of a host machine of a cloud computing environment. At least some of these destabilization events can be associated with a converged network adaptor of the host machine. The converged network adaptor may include a combination of functionality of a host network interface card (NIC) and functionality associated with a smart adaptor (e.g., a smart NIC). The smart adaptor may be configured to use at the host machine. A converged infrastructure management service may monitor operational data associated with the host machine to identify destabilization events that may be associated with the converged network adaptor. One or more remedial actions may be identified based at least in part on identifying these destabilizing events.
Techniques are disclosed for building a region data center using image-based resource deployment. A manager service executing in a distributed computing system can generate an image set for a first set of physical resources. The image set can include a software image including at least one software resource deployed to a first set of physical resources. Each software resource can include an agnostic identifier. The manager service can deploy the image set to a second set of physical resources and configure the software resources by at least converting the agnostic identifier of each software resource to a specific identifier corresponding to the second set of physical resources.
Embodiments permit a healthcare provider access to healthcare records of a user by a system associated with the healthcare provider. Embodiments scan a scannable visual access point displayed on a portable access point associated with the user and, in response to the scannable visual access point being scanned, generate a credential request. Embodiments transmit the credential request to a secure information manager, where the secure information manager manages the healthcare records. Embodiments receive a non-fungible token (“NFT”) in response to the credential request from the secure information manager, where the NFT is recorded on a blockchain. Embodiments transmit a data access request for the healthcare records to the secure information manager, the data access request including the NFT, and in response to the data access request, receives the healthcare records.
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 9/00 - Arrangements for secret or secure communicationsNetwork security protocols
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Systems, methods, and other embodiments associated with LLM generation of solution stacks for software solutions are described. In one embodiment, an example method includes accessing a solution definition for a software solution. The solution definition is in human language. The example method includes generating a logical solution topology from the solution definition using a large language model. The example method includes generating a physical solution topology from the solution definition and the logical solution topology using the large language model. And, the example method includes translating the physical solution topology into a stack specification. The stack specification describes a solution stack for creation and implementation of the software solution. The stack specification includes a deployment specification, an implementation plan, and a development plan.
In one embodiment, a non-transitory computer-readable media stores instructions executable by processors for accessing a user input including a task description and a set of training data configured for prompt tuning, generating a baseline prompt based on the task description by an optimizer large language model (LLM), generating an output responsive to the user input based on the baseline prompt by a target LLM, generating modifications to the baseline prompt based on the set of training data and the output by the optimizer LLM, and generating a final prompt based on the modifications by the optimizer LLM.
Techniques discussed herein relate to an object-relational database management system (ODMS) (e.g., a PostgreSQL ODMS) that utilizes a shared block storage volume (SBSV) for storage. The SBSV may utilize a file system that enables a single-writer-multiple reader model in which a primary computing node may read or write to the SBSV and one or more replica computing nodes are restricted from writing to the SBSV. To enable the primary computing node to write data at its own pace, regardless of the status of synchronization at each of the one or more replica computing nodes, the SBSV may include a staging area that maintains data that has not yet been updated at one or more of the replica computing nodes. When the primary computing node no longer maintains the data in local memory, the one or more replica computing nodes may obtain the data from the staging area of the SBSV.
Techniques discussed herein relate to an object-relational database management system (ODMS) (e.g., a PostgreSQL ODMS) that provides in-line materialization of database pages corresponding to read requests. A replica node of the ODMS may be configured to share access to a shared block storage volume with a primary node. The replica node may receive log updates from the primary indicating changes to the object-relational database. The read replica, in response to receiving a read request, may update a previous version of a database page, store the database page in local memory, and replay the log updates to update the database page in local memory. Data may be provided from the updated database page in response to the read request.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
41.
STRUCTURING-BASED KEY INFORMATION EXTRACTION IN MULTIMODAL MODELS FOR ENHANCING DOCUMENT UNDERSTANDING
A system and method for extracting structured key information from diverse document types using large multimodal models (LMMs) is disclosed. The invention employs a zero-shot analysis to identify candidate keys within an input document, then selects a document schema from a document schema database based on the identified keys. The LMM is prompted with the selected document schema to generate structured key-value pairs, with field constraints enforced by the document schema. Relationships among extracted keys are mapped to a graph representation, enabling robust handling of complex document layouts. The system supports nested structures, tabular data, and alias definitions for fields, and can update document schemas based on ground truth feedback. The resulting structured output is provided in a machine-readable format, enabling reliable and scalable document understanding across varied domains such as invoices, health cards, and driving licenses.
User-level privacy preservation is implemented within federated machine learning. An aggregation server may distribute a machine learning model to multiple users each including respective private datasets. Individual users may train the model using the local, private dataset to generate one or more parameter updates. Prior to sending the generated parameter updates to the aggregation server for incorporation into the machine learning model, a user may modify the parameter updates by applying respective noise values to individual ones of the parameter updates to ensure differential privacy for the dataset private to the user. The aggregation server may then receive the respective modified parameter updates from the multiple users and aggregate the updates into a single set of parameter updates to update the machine learning model. The federated machine learning may further include iteratively performing said sending, training, modifying, receiving, aggregating and updating steps.
Hierarchical gradient averaging is performed as part of training a machine learning model to enforce subject level privacy. A sample of data items from a training data set is identified and respective gradients for the data items are determined. The gradients are then clipped. Each subject's clipped gradients in the sample are averaged. A noise value is added to a sum of the averaged gradients of each of the subjects in the sample. An average gradient for the entire sample is determined from the averaged gradients of the individual subjects with the added noise value. This average gradient for the entire sample is used for determining machine learning model updates.
A method implements static profiling with graph neural networks. The method includes executing a block model with a control flow graph to generate a block vector corresponding to a block of the control flow graph of source code. The method further includes executing a graph neural network model with the control flow graph and the block vector to generate a graph vector. The method further includes executing a feed-forward neural network with the graph vector to generate a branch-frequency prediction. The method further includes incorporating the branch-frequency prediction into a code profile.
Systems, methods, and other embodiments associated with efficient allocation of live connections for real-time transcriptions of virtual meetings are described. In one embodiment, an example method includes preemptively establishing a set of live connections to an automatic speech recognition service that are available for use, and fewer than the participants of a virtual meeting. In response to a participant of the virtual meeting becoming active, the method dedicate one WebSocket connection from the set of WebSocket connections to real-time transcription of an individual audio stream from the participant. The method labels transcription results received back through the one live connection with a username of the participant. And, the method injects the labeled transcription results back into the virtual meeting for display in a user interface.
Skew handling techniques are provided in parallel execution for even load balancing and scaling. In a compile-time solution, a dynamic sampling query is issued to detect partition skew. The compile-time solution determines the number of skewed partitions and uses a hybrid distribution scheme where skewed partitions use a random distribution and non-skewed partitions use the original server mapping. In a runtime solution, producer server processes create partition mapping vectors that contain partition mapping information. Each producer server process sends its partition mapping vector to the query coordinator (QC). The QC receives the partition mapping vectors from the producer server processes, merges the vectors, and determines a skew result based on the merged mapping vectors and sends the skew result to the producer server processes. The producer server process can alter distribution of skewed partitions based on the skew result.
G06F 16/27 - Replication, distribution or synchronisation of data between databases or within a distributed database systemDistributed database system architectures therefor
An approach of performing data center failover using an address that indicates a backup data center. The address includes common names indicating a data center with a domain and a backup datacenter with a replica of the domain. A cloud service provider can receive the address, establish a connection with an available data center, and failover to the backup data center if the data center with the connection becomes unavailable.
G06F 11/20 - Error detection or correction of the data by redundancy in hardware using active fault-masking, e.g. by switching out faulty elements or by switching in spare elements
G06F 11/07 - Responding to the occurrence of a fault, e.g. fault tolerance
48.
Defining And Using Reusable Modules To Generate Form Control Code
Techniques for defining and using reusable modules to generate form control code are disclosed, including: displaying a form control implementation interface for applying form control functions to forms; receiving via the form control implementation interface: a first user input selecting a form control function of the form control functions; a second user input selecting one or more input parameters, for the form control function, that are to be extracted from the target form; a third user input selecting a target field of a target form, one or more attributes of the target field to be modified via execution of the form control function; generating form control code that extracts the one or more input parameters from form data received for the target form and applies the form control function to the one or more input parameters to modify the one or more attributes of the target field.
Various embodiments of the present technology generally relate to systems and methods for providing a subscription resource engine to suppress transmission of event notifications to originating network functions (NFs). For example, a subscription resource engine may detect an event operation associated with a consumer NF within a network. The consumer NF may be subscribed to a producer NF such that the subscription allows the consumer NF to receive event notifications from the producer NF. The subscription resource engine may determine that the event operation is related to the subscription and generate a subscription resource header based on the subscription. Based on the subscription resource header, the subscription resource engine may then generate an indication to suppress transmission of an event notification to the consumer NF. The indication to suppress transmission of the event notification may cause the producer NF to skip transmission of the event notification to the consumer NF.
Techniques provide mechanisms for logical referential integrity in relational database management systems. A child record with a foreign key can be inserted into a child table out of order from inserting parent record with the primary key without foreign key violations. When the child record is inserted a referential integrity check is performed to determine whether the primary key exists in a parent table. An integrant field for each child record is set to indicate whether the primary key exists. Query results can filter out records that do not have referential integrity.
Techniques for concurrently presenting a data object and messages related to the data object are disclosed. The system accesses a data object comprising a set of content. The system extracts and displays the set of content from the data object in a Graphical User Interface (GUI). The system determines that a set of messages is stored in association with the data object. The system presents the set of messages concurrently in the GUI with the set of content based on (a) the set of content from the data object being displayed and (b) the set of messages being stored in association with the data object. When presenting a different set of content, the system presents another set of messages associated with the different set of content. The system maps a new message to a data object when the new message is associated with the data object.
Techniques for dynamically resizing frames in a graphical user interface (GUI) window are disclosed. The system presents a GUI window on a display screen. The system presents, within the GUI window, a first frame that displays a first set of content and a second frame that displays a second set of content. The frames share space within the GUI window. The system detects a content transition, modifying the first set of content, corresponding to the first frame. In response to the content transition, the system increases the size of the first frame and decreases the size of the second frame without changing the size of the GUI window.
G06F 3/04845 - Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range for image manipulation, e.g. dragging, rotation, expansion or change of colour
53.
ML-Based Selection Of Components Of A Graphical User Interface Based On User-Defined Queries
Techniques for information to present to a user in response to a data type of a query result for a query received from the user are disclosed. The system executes the user provided query to generate the query result. Based on (a) the first data type of the query result and/or (b) characteristics of the user, the system selects a second data type and determines one or more values corresponding to the second data type that are not responsive to the first query. The system concurrently presents the query result corresponding to the first data type and the set of one or more values corresponding to the second data type.
Techniques are disclosed for consistent and scalable replication between source and target data stores in heterogeneous data environments. In one aspect, a method includes receiving, by a data storage system, a source data write from a source data store. The source data write is executed on a replica data store and a transaction is determined based on one or more data operations of the source data write. A router identifies one or more materializers based on the transaction and a mapping between a first schema and a second schema. The materializers generate one or more semantic objects based on the transaction, and the semantic objects are transmitted to target data stores. For each semantic object, the materializers generate a watermark based on a replica data store read timestamp. The data storage system may receive multiple writes causing race conditions that are resolved based on the watermarks and read timestamps.
Techniques are disclosed for touch-aware authorization and access control in hybrid data systems, including data systems supporting hybrid relational-document data models. In one aspect, a method includes receiving a query and determining a data path based on the query. The data path can include a set of touched paths of data in a data system. A touched path of the set of touched paths can be used to access a different touched path of the set of touched paths. Each touched path can be evaluated based on one or more access control policies to determine whether at least one touched path violates one or more access control policies. If at least one touched path violates one or more access control policies, access control of the data can be enforced by controlling the execution of the query on the data system.
A computer-implemented method includes receiving a query in natural language, generating an input for a large language model, the input including a prompt generated based on the query, and identifying a plurality of slots associated with a plurality of sections of a content item. The method further includes generating a query result based on the input, the query result including a subset of the plurality of slots selected, extracting one or more document chunks from a database storing a plurality of document chunks as one or more relevant document chunks associated with the query result, formatting the relevant document chunks into a response to the query, and providing the response to a client system. The plurality of document chunks is generated by dividing each content item of a plurality of content items into the plurality of document chunks based on sections within each content item.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
57.
EFFICIENT QUERYING WITH DIVERSELY ENCODED CLINICAL DATA
Techniques are disclosed for querying with semantic code expansion in a clinical data system. In one aspect, a method includes receiving a query containing a predicate specifying a clinical code and a semantic expansion parameter indicating a request for approximate matching. A vector embedding associated with the specified clinical code is retrieved from a pre-computed embedding index. A similarity search is performed in a vector space to identify semantically similar codes. Exact code mappings are retrieved for the specified clinical code from a mapping registry. A rewritten query predicate is generated include the exact code mappings and the semantically similar clinical code mappings. The rewritten query is executed against a clinical data store to retrieve results matching the exact and/or semantically similar codes. The results are annotated to distinguish between exact and semantic matches.
G16H 50/70 - ICT specially adapted for medical diagnosis, medical simulation or medical data miningICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
Techniques are disclosed for constraint-driven query routing in heterogeneous data environments with disparate data stores. In one aspect, a method includes receiving a query in a first programming language and associated with one or more constraints. The constraints can include freshness, feasibility, divergence, and/or execution time. An intent of the query is identified, and a dry run of the query is performed to evaluate whether a data store satisfies the constraints. An optimal data store is selected based on the dry run. A query result is generated by determining whether the query in the first programming language can be executed on the optimal data store. The query is executed on the optimal data store if the first programming language is executable on the optimal data store. Otherwise, the query is converted to a second query in a second programming that can be executed on the optimal data store.
A computer-implemented method includes receiving a query in natural language, generating an input for a generative large language model, the input including a prompt generated based on the query, and identifying a plurality of slots associated with a plurality of sections of a content item. The method further includes generating a query result based on the input, the query result including a subset of the plurality of slots selected, extracting one or more document chunks from a database storing a plurality of document chunks as one or more relevant document chunks associated with the query result, formatting the relevant document chunks into a response to the query, and providing the response to a client system. The plurality of document chunks is generated by dividing each content item of a plurality of content items into the plurality of document chunks based on sections within each content item.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
60.
SYSTEMS AND METHODS FOR GENERATING CLINICAL HANDOFF SUMMARIES
A computer-implemented method includes receiving a query to provide a summary of patient-specific information regarding a condition for a particular patient. The method includes determining a category for the query, retrieving data relevant to the query from an electronic health record (EHR) database, including at least structured and unstructured content, and processing and filtering the data as retrieved based on the category. The method further includes generating, by a generative machine learning model, a narrative summary including a first portion of filtered data and some of the unstructured content, generating a structured summary including a second portion of filtered data, including some of the structured content, and formatting the narrative summary and the structured summary into an output. Determining the category for the query includes selecting the category from a plurality of categories, and processing performed for a first category differs from processing performed for a second category.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
Agentic digital assistant methods and systems for generating a response to a user query are disclosed. A computer-implemented method includes accessing a query, obtaining an agent execution plan that identifies one or more agent actions to be executed and an order in which the one or more agent actions are to be executed, executing the agent execution plan to obtain one or more results for the one or more agent actions, and generating a response to the query using the one or more results.
Agentic digital assistant methods and systems for generating a response to a user query are disclosed. A computer-implemented method includes accessing a query, executing planner modules in parallel to generate respective executable actions to retrieve information for answering the query, using a primary planner module of the planner modules to generate an execution plan for executing the executable actions, executing the executable actions per the execution plan to generate a set of results for the executable actions, and generating a response to the query using the set of results.
Computer-implemented techniques are disclosed for constructing, augmenting, and utilizing graph-structured or other linked representations of data elements and associations derived from one or more sources to enable accurate, timely enrichment and analysis across multi-stage or other processing workflows. An intermediate representation of patient-specific data can be obtained. The intermediate representation can be processed to extract condition-related and medication-related information relevant to a patient encounter. Outputs can be processed to further filter and contextualize subsets of the condition-related and medication-related information. One or more filtering techniques including a knowledge-graph-based filtering technique can be applied. A clinical summary that includes facts derived from the intermediate representation can be generated.
G06F 16/28 - Databases characterised by their database models, e.g. relational or object models
G06N 3/042 - Knowledge-based neural networksLogical representations of neural networks
G16H 15/00 - ICT specially adapted for medical reports, e.g. generation or transmission thereof
G16H 50/70 - ICT specially adapted for medical diagnosis, medical simulation or medical data miningICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
64.
Using Physiological Sensor Data From Biomedical Sensors For Automated Task Status Tracking And Management
Techniques digitally tracking completion of user tasks based on physiological data obtained from biomedical sensors are disclosed. One or more embodiments manage a schedule of tasks for a specific user and presents the schedule to the user or to other users that have authorization to access the schedule (e.g., an authorized health care professional). In some embodiments, a system dynamically tracks the status of the tasks by obtaining physiological data from biomedical sensors of health monitoring devices. The physiological data may indicate if a particular task has been completed, as well as details related to the task. The system updates a record corresponding to the task based on the physiological data, thereby enabling the system to dynamically provide timely up-to-date tracking details regarding the schedule of tasks to the user.
In some aspects, techniques may include monitoring a primary load of a datacenter and a reserve load of the datacenter. The primary load and reserve load can be monitored by a computing device. The primary load of the datacenter can be configured to be powered by one or more primary generator blocks having a primary capacity, and the reserve load of the datacenter can be configured to be powered by one or more reserve generator blocks having a reserve capacity. Also, the techniques may include detecting that the primary load of the datacenter exceeds the primary capacity. In addition, the techniques may include connecting the reserve generator blocks to at least one of the primary generator blocks and the primary load using a computing device switch.
H02J 9/06 - Circuit arrangements for emergency or stand-by power supply, e.g. for emergency lighting in which the distribution system is disconnected from the normal source and connected to a standby source with automatic change-over
Techniques are described for managing secure connections (e.g., tunnels) between different endpoints using a pod of servers. Instead of computing devices connecting to a single server at a service IP address, the connections are spread among the different servers in the pod that can be reached using a public IP address.
A Productivity Assistant System (PAS) is described that uses specially-trained ML models (e.g., artificial neural networks (ANNs)) to predict a next action to be performed for a sequence of interactions made by a user with one or more applications or services. The predicted action is customized to that user or to a group of users to which the user belongs. Techniques are described for training and using one or more such machine learning models.
A source system migrates a virtual machine to a destination system by transferring an execution state of the virtual machine. To transfer the execution state, the source system generates a continuation element that includes a continuation capturing a state of a thread and a continuation root providing an entry point for resuming executing the thread at the state. Additionally, to transfer the execution state, the source system determines a set of elements that are reachable from the continuation root and generates a migration package that includes the continuation element and the set of elements. The migration package is transmitted to the destination system, and the destination system resumes executing the virtual machine at the execution state by loading the continuation and the set of elements and commencing executing the thread at the state based on the continuation and the set of elements.
A system manages network connectivity in cloud environments. The system receives a high-level connectivity description comprising entities and flows representing connections between entities. Based on the description, the system derives a network configuration and applies it to configure resources in a cloud network environment. The system detects modifications, additions, or removals of resources in the cloud environment. In response to detected changes, the system modifies the network configuration to maintain consistency with the high-level description while accounting for resource alterations. The system generates a modified network configuration and applies it to at least one resource in the cloud environment.
Techniques for an autonomous edit process for medical claims are disclosed. An electronic claim associated with a patient encounter is retrieved, along with a flag indicative of the claim being erroneous, and an error report identifying an error condition within the claim. A plurality of heterogeneous electronic medical records associated with the patient encounter is retrieved, the plurality including structured billing codes, structured data, semi-structured data, and/or free-text clinical notes. A feature-extraction engine transforms the plurality of heterogeneous electronic medical records into a unified machine-readable representation including semantic embeddings, which are processed by a trained machine learning (ML) model, to generate a mapping between the error condition and one or more spans within the unified representation. The ML model identifies documentary evidence within the one or more spans that satisfies a model-learned evidentiary relevance condition, and generates one or more machine-formatted corrective actions to resolve the error condition.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
Techniques for autonomous assignment of medical codes are disclosed. A natural-language health record is processed, to identify a portion of an extracted text. By applying a binary classification on the portion, a codability of the portion is identified. In response to a positive codability, two or more codes are assigned to the portion, by applying a multi-label classification to the portion. By applying a probability model, a first probability score indicative of a probability of a combination of the two or more codes being assigned to a single encounter is determined. By applying a language model, a second probability score indicative of the two or more codes assigned to the health record being correct is determined. A final probability score is assigned. In response to the final probability score being higher than a threshold, generation of an insurance record is caused, based on the two or more codes.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 15/00 - ICT specially adapted for medical reports, e.g. generation or transmission thereof
The present disclosure describes solutions to a confused identity security vulnerability that can arise during multicloud operations. In an example method, a second cloud environment receives, from a first cloud environment, a request to perform an operation involving a service manager for a cloud service offered in the second cloud environment. The request can include a first identifier and a URL. The second cloud environment outputs a network request to a network location identified by the URL. The second cloud environment receives a response including a second identifier, which it compares to the first identifier. Upon determining, based upon the comparing, that the second identifier matches the first identifier, the second cloud environment performs processing enable performance of the operation involving the service manager. Upon determining that the second identifier does not match the first identifier, the second cloud environment rejects the request to perform the operation.
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Agentic digital assistant methods and systems for generating a response to a user query are disclosed. A method includes receiving a query; identifying, from the input, one or more key phrases associated with one or more medical concepts; expanding the one or more medical concepts to include one or more other medical concepts that are related to the one or more medical concepts; identifying one or more portions of a database schema associated with the one or more medical concepts and the one or more other medical concepts; generating a prompt that comprises an instruction, the one or more portions of the database schema, and an utterance associated with the natural language component; transmitting the prompt to a machine learning model; receiving, from the machine learning model, a query result that includes information to answer the query; and providing the query result to the computing device associated with the user.
G16H 50/70 - ICT specially adapted for medical diagnosis, medical simulation or medical data miningICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
74.
SYSTEMS AND METHODS FOR GENERATING MEDICATION SUMMARIES
A computer-implemented method includes receiving a request to provide a summary of patient-specific information regarding a medication for a particular patient and retrieving data relevant to the request from a plurality of sources, the retrieved data including at least structured and semi-structured content, harmonizing the retrieved data for at least data structure and semantic alignment to generate harmonized data, filtering the harmonized data to extract fields in the harmonized data relevant to the request, generating an input for a generative machine learning model, the input including a prompt generated based on the request, generating, by the generative machine learning model, a query result associated with the input, the query result including a subset of the filtered, harmonized data, formating the query result into an output, the output including the summary of patient-specific information regarding the medication, and providing the output to a client system.
G16H 15/00 - ICT specially adapted for medical reports, e.g. generation or transmission thereof
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
G16H 20/10 - ICT specially adapted for therapies or health-improving plans, e.g. for handling prescriptions, for steering therapy or for monitoring patient compliance relating to drugs or medications, e.g. for ensuring correct administration to patients
G16H 50/70 - ICT specially adapted for medical diagnosis, medical simulation or medical data miningICT specially adapted for detecting, monitoring or modelling epidemics or pandemics for mining of medical data, e.g. analysing previous cases of other patients
75.
METHODS AND SYSTEMS FOR GENERATING A LOGICAL EXECUTION PLAN WITH DEPENDENCIES FOR EXECUTING AGENT ACTIONS IN AN AGENTIC DIGITAL ASSISTANT
Agentic digital assistant methods and systems for generating a response to a user query are disclosed. A method includes accessing a query regarding a person and database schema information for a database storing an electronic record for the person. An input for a generative machine learning model is generated based on the query and the database schema information. The input is provided to the generative machine learning model to an execution plan for executing actions in one or more stages to generate a set of results for use in generating a response to the query. The execution plan is executed to obtain the set of results. A response to the query is generated using the set of results.
Agentic digital assistant methods and systems for generating a response to a user query are disclosed. A computer-implemented method includes accessing a query, obtaining an agent execution plan that identifies one or more agent actions to be executed and an order in which the one or more agent actions are to be executed, executing the agent execution plan to obtain one or more results for the one or more agent actions, and generating a response to the query using the one or more results.
Techniques for generating knowledge-adapted content based on a knowledge classification of a user are disclosed. A system determines that a trigger condition is satisfied for requesting a knowledge-adapted content element for augmenting information for display on a user interface. In response to determining that the trigger condition is satisfied, the system generates, in real time, an input prompt element for requesting the knowledge-adapted content element and directs the input prompt element to a machine learning (ML) model to generate the knowledge-adapted content element. The knowledge-adapted content element includes machine-generated content pertaining to the target concept. The system receives the knowledge-adapted content element from the ML model and augments the information at least by concurrently displaying the information and machine-generated content on the user interface.
G16H 10/60 - ICT specially adapted for the handling or processing of patient-related medical or healthcare data for patient-specific data, e.g. for electronic patient records
78.
Selecting Attributes to Display for a Set of Search Results
Techniques for presenting a set of machine-learning predicted database record attributes for displaying in response to a request to filter a set of query results are disclosed. In response to a query, a system returns a set of system results. Based on receiving a selection of a query filter, the system presents a set of filtered query results. For a record in the set of filtered query results, the system presents a value for at least one default attribute and a value for at least one machine-learning predicted attribute. The system supplements the default attributes by applying a machine learning model to a set of filter data. The machine learning model generates a set of predicted attributes to present together with the default attributes for the set of query results.
Techniques are described for enabling concurrent and non-blocking replication object deletion during cross-region replications. In some embodiments, in a target file system, a target replication pipeline as part of a cross-region replication, and a deletion pipeline operate in parallel. The deletion pipeline deletes processed objects reaching the last pipeline stage of the target replication pipeline after each checkpoint in the target replication pipeline. In some embodiments, after a non-recoverable failure during the cross-region replication, the cross-region replication can be restarted from the beginning (i.e., fresh restart) without waiting for its unused objects in the Object Store to be deleted by utilizing a generation number associated with each object to delete the unused objects in a background process while allowing deleting processed objects as normal for the freshly restarted cross-region replication.
G06F 11/14 - Error detection or correction of the data by redundancy in operation, e.g. by using different operation sequences leading to the same result
G06F 3/06 - Digital input from, or digital output to, record carriers
80.
METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR ROUTING, ALTERNATE ROUTING, AND LOAD BALANCING OF SERVICE-BASED INTERFACE (SBI) REQUEST MESSAGES TO NETWORK FUNCTIONS (NFs) LOCATED IN DIFFERENT REGIONS USING SERVICE COMMUNICATION PROXY (SCP)
A method for routing, alternate routing, or load balancing of SBI request messages among NFs that are members of the same NF set and located in different regions using an SCP includes actively learning NF topology information of NFs that are located in the different regions. The method further includes receiving an SBI request message and determining an NF set-Id of a first target NF of the SBI request message, the first target NF being located in a first region. The method further includes using the NF set-Id and the NF topology information to identify at least one second target NF that is in the same NF set as the first target NF and located in a different region from the first region. The method further includes routing, alternate routing, or load balancing the SBI request message to a least one of the first target NF and the at least one second target NF.
H04W 28/084 - Load balancing or load distribution among network function virtualisation [NFV] entitiesLoad balancing or load distribution among edge computing entities, e.g. multi-access edge computing
81.
MEMORY ISOLATION OF AN IN-DATABASE VIRTUAL MACHINE USING MEMORY PROTECTION KEYS
Disclosed herein are approaches to isolate the execution of an embedded programming language virtual machine (VM) in a multi-tenant database management system (DBMS). At least a portion of a shared memory area may be associated with a memory protection key. A VM embedded in a database process of a DBMS may initiate execution of a user program. Execution of the database process may transition to a privileged mode, which may enable access to the at least a portion of the shared memory area by the VM. The VM may access the at least a portion of the shared memory area. Execution of the database process may transition to an unprivileged mode and disable access to the shared memory area by the VM. Further, a signal handler may receive a signal from a DBMS, wherein the signal interrupts a VM executing a user program in a database process, and the signal handler executes in the database process. The signal handler may write, to a protection key rights register for user pages (PKRU register), a particular PKRU value associated with a particular access permission to a shared memory area of the DBMS. The signal handler may handle the signal and write, to the PKRU register, a runtime PKRU value. The runtime PKRU value may be associated with a runtime access permission to the shared memory area.
A method for network analytics data director (NADD)-informed configuration of a 3gpp-Sbi-Max-Rsp-Time header value includes receiving, at the NADD and from network functions (NFs), NF configuration details and copies of service-based interface (SBI) messages transmitted to and received by the NFs, determining service operation processing times of the NFs, and communicating, to an NF service consumer, NF analytics data including the service operation processing times and the NF configuration details. The method further includes automatically determining, by the NF service consumer and using the NF analytics data, a 3gpp-Sbi-Max-Rsp-Time header value for an SBI request message, adding, by the NF service consumer, the 3gpp-Sbi-Max-Rsp-Time header value to the SBI request message, and transmitting, by the NF service consumer, the SBI request message to a destination.
Techniques for embodiments generating ETL code for transforming normalized database tables, i.e., snowflake schema, and metadata from an operational database into star schema denormalized dimensions are disclosed. The system accesses metadata associated with the normalized database tables and analyzes the metadata to identify tables and relationships between the tables. Identifying tables includes identifying fact tables and dimension tables referenced by the fact tables. Pattern matching may be used to identify the tables within the normalized dimensions. The tables and the relationships between the tables are parsed to generate an abstract representation, i.e., abstract syntax tree, of the normalized database tables. The system generates an intermediate representation from the abstract representation that defines operations for denormalizing the normalized dimensions. The system renders the operations defined in the intermediate representation into ETL code for creating denormalized dimensions from the normalized dimensions in the operational database.
Provided is an improved approach to implement maintenance of inverted indexes, where asynchronous maintenance is performed in a very efficient and highly scalable manner. As a result, it becomes possible to keep search results as close to current as possible, thus allowing the asynchronous maintenance to be fast enough to reach full transactional consistency.
A Productivity Assistant System (PAS) is described that uses specially-trained ML models (e.g., artificial neural networks (ANNs)) to predict a next action to be performed for a sequence of interactions made by a user with one or more applications or services. The predicted action is customized to that user or to a group of users to which the user belongs. Techniques are described for training and using one or more such machine learning models.
The present disclosure describes solutions to a confused identity security vulnerability that can arise during multicloud operations. In an example method, a second cloud environment receives, from a first cloud environment, a request to perform an operation involving a service manager for a cloud service offered in the second cloud environment. The request can include a first identifier and a URL. The second cloud environment outputs a network request to a network location identified by the URL. The second cloud environment receives a response including a second identifier, which it compares to the first identifier. Upon determining, based upon the comparing, that the second identifier matches the first identifier, the second cloud environment performs processing enable performance of the operation involving the service manager. Upon determining that the second identifier does not match the first identifier, the second cloud environment rejects the request to perform the operation.
Techniques disclosed herein pertain to region building for cloud networks and, particularly, for region building process improvements. The techniques include accessing first configuration instructions for building a physical region of a cloud service provider and executing the first configuration instructions. Executing the first configuration instructions causes a first graph that includes nodes to be traversed. A second graph for replacing the first graph can be selected from among candidate graphs. The candidate graphs are generated by reducing an execution time associated with a node of the nodes of the first graph. Second configuration instructions that include instructions for traversing the second graph are generated and executed. Executing the second configuration instructions causes a second graph that includes the nodes to be traversed.
Techniques are disclosed for restricting access to a computing resource in a manner that does not block the performance of other operations in a multi-thread computing environment. A software gate receives a request from a thread for permission to access a computing resource. Responsive to receiving the request, the software gate determines that a dynamic permit limit currently prevents the request from being granted. The software gate returns a data structure indicating that the request is incomplete, adds the request to a queue of pending requests, and releases the thread. Once released, the thread is free to perform other operations while the request is pending. If the request subsequently becomes allowable, the software gate grants the request, removes the request from the queue, and updates the data structure to indicate the request is complete.
METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR FACILITATING PROCESSING OF INTER-PUBLIC LAND MOBILE NETWORK (PLMN) MESSAGES RELATING TO EXISTING SUBSCRIPTIONS
A method for facilitating processing of inter-public land mobile network (PLMN) messages relating to existing subscriptions includes receiving, at a first network function (NF) repository function (NRF), an inter-PLMN subscription creation request message for creating a subscription. The method further includes determining, by the first NRF, that the first NRF includes a resource for which the subscription is requested. The method further includes, in response to determining that the first NRF includes a resource for which the subscription is requested, generating, by the first NRF, a subscription creation response message indicating creation of the subscription. The first NRF includes, in the subscription creation response message, a hint indicating that the subscription is located on the first NRF and forwards the first NRF, the subscription creation response message towards a consumer NF.
H04W 8/18 - Processing of user or subscriber data, e.g. subscribed services, user preferences or user profilesTransfer of user or subscriber data
H04B 7/08 - Diversity systemsMulti-antenna systems, i.e. transmission or reception using multiple antennas using two or more spaced independent antennas at the receiving station
H04L 12/28 - Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
In accordance with an embodiment, described herein are systems and methods for automated identification of churned client entities (e.g., product purchasers or users, cloud service subscribers, or other types of client entities), generally referred to herein as customers; predictive assessment of customer attrition likelihood; and determination of temporal windows for strategic intervention. The system can be used, for example, to predict if a client (e.g., a customer) will churn; determine a churn timeframe or action window for possible action to address the churn; and/or automatically identify which clients or customers may have already churned. Data or information describing churned clients or customers can be used by the system to automatically determine and/or perform an action directed to particular clients or customers; or can be returned in the form of displayed reports or other data visualizations.
G06Q 10/0637 - Strategic management or analysis, e.g. setting a goal or target of an organisationPlanning actions based on goalsAnalysis or evaluation of effectiveness of goals
Provided is an event queue to implement an improved approach to coordinate the intake of work items that are received and operated upon by entities to maintain an inverted index. An improved approach is provided to implement maintenance of inverted indexes, where asynchronous maintenance is performed in a very efficient and highly scalable manner. Also disclosed is an improved approach to coordinate DML and DDL operations between maintenance processing entities and user processing entities.
Provided is an improved approach to implement maintenance of inverted indexes, where asynchronous maintenance is performed in a very efficient and highly scalable manner. As a result, it becomes possible to keep search results as close to current as possible, thus allowing the asynchronous maintenance to be fast enough to reach full transactional consistency.
Embodiments optimize hotel room pricing by generating a causal model including an estimate of a causal effect of a hotel room price on a demand of the hotel room. Embodiments receive historical hotel room reservation data and select one of a plurality of predictive models based at least on the causal model. Embodiments then map the price of the hotel room to the demand of the hotel room.
G06Q 10/02 - Reservations, e.g. for tickets, services or events
G06Q 10/04 - Forecasting or optimisation specially adapted for administrative or management purposes, e.g. linear programming or "cutting stock problem"
The present disclosure generally relates to systems and methods for intelligently predicting which tests to run on modified source code of an enterprise application. More specifically, the present disclosure relates to systems and methods that build a model using machine-learning algorithms to predict which tests to run on modified source code. The prediction may be based on the modification made to the application code of the enterprise application.
Embodiments optimize hotel room overbooking limits for reservations of hotel rooms of a hotel. Embodiments receive historical reservation data and determine an upgrade offer acceptance probability as a function offer price based on the historical reservation data. Embodiments determine a premium category occupancy distribution based on the historical reservation data and determine a basic category cancellation distribution based on the historical reservation data. Embodiments determine an optimal upgrade price as a function of overbooked rooms from the upgrade offer acceptance probability and determine a marginal revenue as a function of overbooked rooms based on the determined premium category occupancy distribution and the determined optimal upgrade price as a function of overbooked rooms. Embodiments determine a marginal loss as a function of overbooked rooms from the basic category cancellation distribution.
Techniques are described that enable, in a multi-region cloud environment, information regarding one or more tenancy sessions that a network access program (e.g., a browser) participates in to be efficiently stored in a centralized location. The centrally stored sessions information can then be used for various purposes such as for restricting the number of tenancy sessions using a network access program, sessions cleanup, and other sessions-related tasks. In certain implementations, the centrally stored sessions information is used to prevent the network access program from opening multiple sessions for the same tenancy. In such implementations, for a particular tenancy, the network access program is allowed to have only one active session for the particular tenancy at a time. The centrally stored sessions information facilitates efficient sessions management including session cleanup after a session is closed.
A system captures a facial image of a human face, and at approximately a same time as capturing the facial image of the human face, the system captures a three-dimensional spatial representation of the human face. The system determines that the facial image corresponds to the three-dimensional spatial representation, and responsive to determining that the facial image corresponds to the three-dimensional spatial representation, the system generates a certification corresponding to the facial image. The system stores and/or transmits the certification for use in a process for authenticating the facial image.
G06V 40/16 - Human faces, e.g. facial parts, sketches or expressions
G06F 21/32 - User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
G06V 10/74 - Image or video pattern matchingProximity measures in feature spaces
H04L 9/32 - Arrangements for secret or secure communicationsNetwork security protocols including means for verifying the identity or authority of a user of the system
Systems, methods, and other embodiments associated with modification of existing infrastructure designs by large language models (LLMs) are described. In one embodiment, a method includes accessing an existing graph of compute infrastructure. The existing graph represents a design of the compute infrastructure. The method includes accessing changed infrastructure requirements for the compute infrastructure that differ from the design. The changed infrastructure requirements are in human language. The method includes automatically generating a modified graph from the existing graph and the changed infrastructure requirements using an LLM. The LLM has been trained to generate new graph portions where the compute infrastructure is affected by the changed infrastructure requirements. The method includes converting the modified graph into a deployment specification. And, the method includes executing the deployment specification to automatically configure a target computer system to have modified compute infrastructure that conforms to the changed infrastructure requirements.
Techniques for managing tasks and resources using a map-based GUI are disclosed. A system determines locations and available actions associated with the tasks. The system generates a map representing a geographic region and markers indicating the locations of the tasks within the region. In response to the selection of a marker corresponding to a particular task, the system presents an interactive tooltip corresponding to the available action. Responsive to the selection of the graphic element, the system calls an API that performs the action while concurrently presenting the map.
Techniques may include receiving a request from a tenant to perform an operation with respect to a containerized application. The containerized application can be one of a plurality of containerized applications that are executing on the one or more second computing devices, and where workloads are assigned to the containerized applications by a service provider computing device. In addition, the techniques may include obtaining an identity for the request. The techniques may include providing the identity and the request to a resource manager computing device that is configured to query an access management computing device to determine whether the identity is permitted to perform the operation. The operation may include a change to a parameter of the one or more second computing devices. The techniques may include receiving a response to the request. The response can indicate whether the identity is permitted to perform the operation.
