A tunnel connection is enabled between a user terminal and a service provider using a simpler network configuration. A communication system 10 includes a user terminal 20, a service provider 30, a carrier network 40 that connects the user terminal 20 and the service provider 30 to each other, and a network control device 50 that controls the carrier network 40. The network control device 50 sets respective virtual tunnel end points (VTEPs) for a POI terminal 46 that is on the carrier network 40 and that is connected to the service provider 30 and for the user terminal 20, and sets a virtual tunnel between the virtual tunnel end points. The user terminal 20 communicates with the service provider 30 via the virtual tunnel.

An apparatus includes a network component that is connected between at least two communication, installation and/or computer networks and is suitable and designed for allowing the passage of data traffic between the networks on the basis of adaptable and appropriately activated data traffic rules or for blocking the passage of data traffic through the network component. The network component has a communication relationship recording functionality for recording the communication relationships present during the passage of the data traffic. The recording functionality can be temporarily activated and/or deactivated for recording communication relationships, and the processing of the recorded communication relationships for the purpose of adapting and subsequently activating the data traffic rules is enabled only when the communication relationship recording functionality is deactivated. Also, a method for operating such a network component.

A method includes determining a corresponding level of a security model associated with each device of a plurality of devices connected to a network, each level of the security model having a corresponding tag; applying, to each of the plurality of devices, the corresponding tag based on the corresponding level of the security model with which each of the plurality of devices are associated; receiving, over a network connection, network traffic from at least one of the plurality of devices and the corresponding tag; analyzing the corresponding tag associated with the network traffic; determining a destination for the network traffic; applying one or more security measures to the network traffic based on the corresponding tag for the at least one device and a corresponding tag of the destination for the network traffic; and sending the network traffic to the destination with the corresponding tag of the destination.

Systems and methods for electronically creating and modifying a fitness plan are disclosed. The method may include receiving electronic user data, collecting electronic fitness data, and displaying a suggestion for a fitness activity based on the electronic user data and the electronic fitness data.

A collection apparatus that collects a URL of a Web page that leads to user operation and includes a search query generation unit that generates a search query by combining a digital content name and an associated keyword of the digital content. There is a fitness prediction unit that predicts a degree to which a Web page that leads to user operation is output as a search result when a search is performed by using the generated search query, a determination unit that searches for a Web page by using a search query in a search order that is based on the predicted degree, and determines analysis priority of a URL of a Web page on the basis of the degree and search result information. Further, there is a communication unit that outputs the URL of the retrieved Web page and the analysis priority of the URL.

Techniques for access point name and application identity based security enforcement in service provider networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for access point name (e.g., APN) and application identity (e.g., application identifier) based security enforcement in service provider networks includes monitoring network traffic on a service provider network at a security platform to identify an access point name for a new session; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the access point name and the application identifier.

Systems, methods, and media are used to identify phishing attacks. A notification of a phishing attempt with a parameter associated with a recipient of the phishing attempt is received at a security management node. In response, an indication of the phishing attempt is presented in a phishing attempt search interface. The phishing attempt search interface may be used to search for additional recipients, identify which recipients have been successfully targeted, and provide a summary of the recipients. Using this information, appropriate security measures in response to the phishing attempt for the recipients may be performed.

The invention discloses a dual-modes switching method for blocking a network connection, comprising: a data packet collecting step of collecting data packets transmitting from all network nodes in a network segment, a data packet analyzing step of analyzing the data packets collected to obtain network node identification data, a list comparing step of comparing the network node identification data with identification data registered in an information device list to determine an illegal network node, an illegal-network-node-type determining step of determining what kind of type the illegal network node is, and a network connection blocking step of switching a first network connection blocking mode and a second network connection blocking mode according to the type of the illegal network node, thereby blocking the network connection of the illegal network.

Embodiments described include systems and methods for providing peer-to-peer caching among client applications. A cache coordinator is configured to receive a first request to register an object stored in a cache by a first client application including a first embedded browser. The first embedded browser obtains the object via a session established by the first embedded browser with a first network application on a server of a second entity. The cache coordinator is configured to store a location of the first client application and a hash of the object. The cache coordinator is configured to receive a second request from a second client application. The second request requests the location of the object among peer client applications. The cache coordinator is configured to communicate identification of the location of the first client application to the second client application for retrieving the object from the cache of the first client application.

A cyber security protection system includes a plurality of threat information updating devices; and a proactive suspicious domain alert system, which including: a domain information monitoring device; a domain information storage device; and a security threat analysis device, arranged to operably communicate data with the plurality of threat information updating devices through a network. If the domain information monitoring device detects that a domain mapping of a suspect domain is changed and the new domain mapping of the suspect domain points to a predetermined local address, the domain information monitoring device would further monitor a domain mapping variation frequency of the suspect domain. If the domain mapping variation frequency of the suspect domain exceeds a predetermined value, the security threat analysis device adds the suspect domain into an alert list to render the plurality of threat information updating devices to block their member devices from accessing the suspect domain.