A device can include an internal secure processing environment (SE) and communicate with a configuration system. The device may utilize a near field communications (NFC) radio. A mobile handset can connect with the SE in the device using NFC. The mobile handset can communicate with the configuration system and receive configuration data and a software package for the device. The SE can derive a PKI key pair and send the derived public key to the configuration system via the mobile handset. The SE and the configuration system can mutually derive an encryption key using the derived PKI key pair. The configuration data can be transmitted over the NFC radio, and the mobile handset can establish a Wi-Fi access point. The software package can be encrypted using the encryption key and transmitted to the device over the established Wi-Fi access point, thereby completing a configuration step for the device.

This disclosure describes techniques for providing users of services provided by network-based service platforms with additional control for approving patches that are to be deployed to computing resources that support their services. In some examples, the techniques include generating and using a “snapshot,” or list, of patches that are preliminarily approved for deployment. Prior to deploying the patches to the computing resources, users are provided with access to the snapshot and are able to modify the snapshot. For example, users can modify the snapshot by adding patches, removing patches, specifying a sequence in which the patches are to be deployed, and so forth. The snapshot of patches may be “frozen” for a period of time, meaning that patches that during the period of time, only patches in the snapshot are deployed, and patches that are not included in the snapshot are not permitted to be deployed to computing resources.

A method for configuring at least one OPC UA PubSub subscriber in an in particular industrial network, in which a) a virtual address space is provided for the at least one subscriber on a configuration module that is separate from the at least one subscriber, b) a configuration for the at least one subscriber is performed and/or a configuration already existing for the at least one subscriber is changed in the virtual address space of the at least one subscriber, c) the configuration module converts the configuration and/or configuration change into at least one PubSub message, d) the at least one PubSub message is transmitted to the at least one subscriber, and e) the at least one subscriber is configured according to the at least one PubSub message. In addition, the invention relates to an automation system, a computer program and a computer-readable medium.

Systems and methods are disclosed for integrating with third-party applications. An extension module operates with a user interface application on a client computing device. The extension module enables integration of functionality of an associated middleware system. The extension module extracts data from a user interface of a third-party application system based on a regular expression template. The extension module transmits data to the middleware system and receives information from the middleware system. The extension module can alter at least a portion of the user interface based on the information received from the middleware system.

Methods, systems, and devices for wireless communications are described. A user equipment (UE) associated with an unmanned aerial vehicle (UAV) in a cellular terrestrial network may establish a connection with a unified data management (UDM) entity for communications with an unmanned aerial system service supplier (USS). The UE, or an access and mobility management function (AMF), may receive a security configuration from the UDM entity in a non-access stratum transport message. The security configuration may include one or more security credentials that enable communications between the UE and the USS. The AMF may transmit an acknowledgement message indicating the UE successfully received the indication of the security configuration. The UDM may transmit a message to the USS based on receiving the acknowledgment message. The UE may transmit a registration request to the USS. The UE and the USS may communicate according to the security credentials of the security configuration.

Disclosed herein are embodiments of methods, devices and systems for device fingerprinting and automatic and dynamic software deployment to one or more endpoints on a computer network. The device fingerprinting systems and devices herein are configured to operate with limited data without sitting between network devices and the internet, without monitoring all network traffic, and without limited or no active scanning. The embodiments herein may passively collect information as distributed peers and may perform very limited active scans. In some embodiments, the information is used as an input to a custom hierarchical learning model to fingerprint devices on a network by identifying attributes of the devices such as the operating system family, operating system version, and device role. In some embodiments, a dynamic deployer selection process may be utilized to simply and efficiently deploy software. Some embodiments herein involve end-to-end encryption of credentials in a deployment process.

A feature is updated on a computing device. One or more composite image files are accessed that correspond to updates to be implemented in the computing device. The composite image files are signed containers. A runtime in-memory merge of the composite image files is performed. The merged composite image files are exposed as a read-only volume. The features are made available to the computing device. A system boot using the read-only volume can be initiated.

Subscription management system and method provides real time subscription data dissemination to multiple computer devices of respective clients based on client subscriptions, using a UI message framework that decreases size and frequency of transmission of UI messages to service the subscriptions.

The present disclosure is directed to a system/method for utilizing SaaS proxy platform to provide a transparent proxy solution and allow deployment of a hybrid network having a uniform proxy/Internet access environment for both on-network and off-network user traffic. A granular architecture for steering of user Internet traffic is presented that utilizes a SaaS agent as a primary proxy control based on modifications to the PAC files to allow for surgical traffic control. The proposed approach utilizes SaaS proxy agent beyond its intended capabilities and provides a solution that improves uniformity of user Internet experience as well as improving security and network resiliency in a hybrid network.

Data is received describing a local model of a first device generated by the first device based on sensor readings at the first device and a global model is updated that is hosted remote from the first device based on the local model and modeling devices in a plurality of different asset taxonomies. A particular operating state affecting one or more of a set of devices deployed in a particular machine-to-machine network is detected and the particular machine-to-machine network is automatically reconfigured based on the global model.