05th week of 2021 patent applcation highlights part 72 |
Patent application number | Title | Published |
20210036978 | COMPUTING SYSTEM WITH AN EMAIL PRIVACY FILTER AND RELATED METHODS - A client computing device includes a display, and a processor coupled to the display. The processor is configured to identify sensitive information within an email. In response to identification of sensitive information within the email, the processor determines that the email is to be hidden from view after receipt of the email based on one or more rules, so as to prevent presentation of the sensitive information to an unauthorized viewer via the display. | 2021-02-04 |
20210036979 | Devices, Systems and Processes for Providing Geo-Located and Content-to-Comment Synchronized User Circles - Devices, systems and processes for providing geo-located and content-to-comment synchronized user circles are described. For at least one embodiment, a system for facilitating a geo-location based user circle may include a hub configured to facilitate a sharing of comments between a first user and a second user via a user circle. The first user and the second user may be selected for participation in the user circle based upon a circleID associated each of a first user device and a second user device. A first user device, communicatively coupled to the hub, may be configured to facilitate a capture of the comments provided by the first user. A second user device, communicatively coupled to the hub, may be configured to facilitate a presentation of the comments to the second user. And, a second device geoID may be used to indicate a location of the second user device. | 2021-02-04 |
20210036980 | COMPUTERIZED SYSTEM AND METHOD FOR PROVIDING A MODIFIED VIEWPORT INBOX DISPLAY - Disclosed are systems and methods for improving interactions with and between computers in content providing, searching and/or hosting systems supported by or configured with devices, servers and/or platforms. The disclosed systems and methods provide a novel framework that uses data related to users' personal, online and real-world activity, and inbox viewport information to identify messages that the users will interact with the next time the users view their inbox. Based on this, the user's inbox view can be modified so that third party messages can be situated amongst those messages (e.g., adjacent to or within n positions), so that the user will most likely view that message when interacting with the messages deemed important to the user. Thus, the disclosed framework provides mechanisms for message platforms, systems and applications to modify a user's inbox to strategically position messages from third party providers to capture the attention of the receiving user. | 2021-02-04 |
20210036981 | SYSTEMS AND METHODS FOR CONTENT SERVER RENDEZVOUS IN A DUAL STACK PROTOCOL NETWORK - Implementations described and claimed herein provide systems and methods for serving content over a network. In one implementation, a method of serving content is provided. The method includes maintaining a first address record associated with serving a resource and a second address record associated with serving the same resource. The first address record is further associated with a first protocol for a first device capable of serving the resource. Similarly, the second address record is associated with a second protocol, different from the first protocol, for a second device, distinct from the first device, capable of serving the resource. The method further includes providing, in response to at least one resolution request for the resource, the first address record and the second address record. | 2021-02-04 |
20210036982 | LINKING USERS TO VIEWED CONTENT IN DYNAMIC INTERNET PROTOCOL ADDRESS ENVIRONMENTS - A computer-implemented method includes receiving an internet protocol address and an identifier for a display and storing the display's internet protocol address and the display's identifier in a viewing record. A device's internet protocol address and a user identifier are received for a request sent by the device to a server. The display's internet protocol address is determined to match the device's internet protocol address and in response the display's identifier is associated with the user identifier. A display identifier in a viewing record and the association between the display's identifier and the user identifier are then used to determine that content listed in the viewing record was viewed by a user represented by the user identifier. | 2021-02-04 |
20210036983 | Data Routing Through a Gateway Cluster of a Wide Area Network - An example includes a manager gateway of a gateway cluster, comprising processing circuitry and a memory including instructions that cause the gateway to generate a virtual IP address for each gateway of the gateway cluster. The instructions further cause the gateway to receive an indication that a client device has joined a LAN. The instructions further cause the gateway to determine an anchor gateway to which the client device is to be anchored. The instructions further cause the gateway to transmit a first message anchoring the client device to the anchor gateway. The instructions further cause the gateway to transmit a second message offering an address to the client device. | 2021-02-04 |
20210036984 | NETWORK ADDRESS TRANSLATION - A NAT method, apparatus and device are provided. According to the method, a target IP address and its reference port are obtained from a NAT resource pool, the reference port being a port in a corresponding consecutive port range. A first five-tuple is generated based on the target IP address, the reference port and an original five-tuple of the packet, and a second five-tuple is obtained by masking first-class bits of the reference port of the first five-tuple. Based on a hash result of the second five-tuple, a target bit indicating a non-conflicting state is determined from a pre-constructed bitmap. The state indicated by the target bit is set to be a conflicting state, and a target five-tuple is generated based on the target bit. The target five-tuple and the original five-tuple are recorded in a session table, and the packet is NAT-processed based on the target five-tuple. | 2021-02-04 |
20210036985 | Methods and Apparatus for Operating and Managing a Constrained Device Within a Network | 2021-02-04 |
20210036986 | METHOD FOR APPLYING TCP/IP PROTOCOL IN MESH NETWORK - Disclosed is a method for applying a TCP/IP protocol in a mesh network, comprising: constructing protocol stack models of a root node and one or more ordinary nodes in the mesh network; the root node using a custom IE in a management frame to share an IP configuration acquired by itself from a router, a MAC address of itself, and a MAC address of the router with the ordinary nodes; each ordinary node adopting a static IP configuration mode to set its IP configuration as that of the root node; the root node acquiring a port range available for each ordinary node; and each node in the mesh network communicating with an external IP network over a TCP/IP protocol stack. In the invention, when an IP datagram is forwarded in the mesh network, there is no need to perform layer-by-layer NAT, and no need to recalculate a checksum of the IP datagram when it reaches the root node, thereby greatly improving network communication efficiency. | 2021-02-04 |
20210036987 | WIDE AREA NETWORK EDGE DEVICE CONNECTIVITY FOR HIGH AVAILABILITY AND EXTENSIBILITY - A WAN controller can configure a first WAN interface on a first WAN edge device to connect to a first transport network. The WAN controller can configure a second WAN interface on a second WAN edge device to connect to a second transport network. The WAN controller or the first WAN edge device, connected to a first access device of an access network, can determine the first WAN edge device has no Layer 2 connectivity to the second WAN edge device, connected to a second access device of the access network. The WAN controller or the first WAN edge device can establish a tunnel between the first WAN edge device and the second WAN interface. The WAN controller can route a specified class of WAN traffic received by the first WAN edge device from the access network through the tunnel. | 2021-02-04 |
20210036988 | SYSTEMS AND METHODS FOR OBTAINING PERMANENT MAC ADDRESSES - A network server is provided. The network server includes at least one processor in communication with at least one memory device. The network server is programmed to receive an access request originating from a user device, perform an authentication process for connecting with the user device, transmit, to the user device, a request message for a media access control (MAC) address of the user device, receive, from the user device, a response message including the MAC address of the user device, and determine whether to grant the access request based on the MAC address of the user device. | 2021-02-04 |
20210036989 | Protocol Isolation for Security - In accordance with some embodiments, a first apparatus that provides protocol isolation includes a controller, one or more re-configurable data communication devices operable to provide alternative transport of data for a native data communication device on a second apparatus to an external device, and one or more data converters coupled to the one or more re-configurable data communication devices. The protocol isolation method performed by the first apparatus includes establishing a local communication channel with the second apparatus. The method further includes exchanging the data via the local communication channel with the second apparatus according to a first protocol. The method also includes converting the data to a second protocol different from the first protocol. The method additionally includes exchanging, via a first re-configurable data communication device of the one or more re-configurable data communication devices, the converted data with the external device according to the second protocol. | 2021-02-04 |
20210036990 | DISTRIBUTED IDENTITY-BASED FIREWALLS - Systems and techniques are described for monitoring network communications using a distributed firewall. One of the techniques includes receiving, at a driver executing in a guest operating system of a virtual machine, a request to open a network connection from a process associated with a user, wherein the driver performs operations comprising: obtaining identity information for the user; providing the identity information and data identifying the network connection to an identity module external to the driver; and receiving, by a distributed firewall, data associating the identity information with the data identifying the network connection from the identity module, wherein the distributed firewall performs operations comprising: receiving an outgoing packet from the virtual machine; determining that the identity information corresponds to the outgoing packet; and evaluating one or more routing rules based at least in part on the identity information. | 2021-02-04 |
20210036991 | SYSTEM AND METHOD FOR IMPLEMENTING A WEB APPLICATION FIREWALL AS A CUSTOMIZED SERVICE - A web application firewall (WAF) receives an application request from a router, wherein the application request is directed to a web application, and wherein the web application firewall is associated with the web application. The WAF updates the application request to include a first header, wherein the first header includes a copy of a uniform resource locator of the application request, and updates the uniform resource locator to indicate an address of the web application firewall. The WAF analyzes the application request to determine whether the application request is secure, wherein the analysis is based on a rule, and in response to a determination that the application request is secure, updates the application request to include a second header, wherein the second header includes an encrypted signature. | 2021-02-04 |
20210036992 | SYSTEM AND METHOD FOR IDENTIFYING NETWORK ADDRESSES ASSIGNED TO COMPUTING DEVICES - A method, computer program product, and computing system for providing, via a first computing device connected to a network, one or more network requests to a second computing device connected to the network, wherein each of the one or more network requests include an IP address and a predefined identification indicator. Identification information associated with the second computing device may be received from the second computing device in response to at least one network request of the one or more network requests including an IP address assigned to the second computing device. The IP address assigned to the second computing device may be paired, via the first computing device, with the identification information associated with the second | 2021-02-04 |
20210036993 | AUTOMATED FIREWALL FEEDBACK FROM NETWORK TRAFFIC ANALYSIS - Security rule feedback systems and methods include capturing network traffic data, the network traffic data including a plurality of traffic records. The traffic records are grouped into first and second traffic records having corresponding first and second source address identifiers, first and second source port identifiers, first and second destination address identifiers, and first and second destination port identifiers. Network interfaces associated with the first and second records are identified based on source address identifiers. Security rule populations are associated to the network interfaces. A determination is made as to a direction of network traffic based on the security rule populations. Thereby, dispensable security rules may be identified. | 2021-02-04 |
20210036994 | DATA AGGREGATION USING PROXY ENTRY OF CREDENTIALS - Certain aspects of the present disclosure provide techniques for entering user credentials through a proxy. One example method generally includes receiving, at a user device, a push request for user data from a cloud server and receiving a request file from an aggregation system. The method further includes injecting user credentials stored on the user device into the request file, wherein when injected the user credentials replace at least one dummy entry of the request file, and transmitting the request file to a data source associated with the request file. The method further includes receiving user data from the data source and transmitting the user data to the aggregation system. | 2021-02-04 |
20210036995 | DATA PROCESSING METHOD, DEVICE, AND SYSTEM - Provided are a data processing method, device, and system. The data processing method comprises: acquiring a first data packet in a local client network; determining sensitive data in the first data packet; masking the sensitive data in the first data packet, and generating a second data packet from the first data packet; and sending the generated second data packet. | 2021-02-04 |
20210036996 | METHOD FOR CONNECTIONS OF PEER DEVICES - The present disclosure relates to a method for connections of peer devices with features: a first peer box produces authentication information which will be saved in an authentication storage module and comprises a network location and an encryption key of the first peer box; the authentication storage module is electrically connected with a second peer box such that both the network location and the encryption key of the first peer box are received by the second peer box through the authentication information; both the network location and the encryption key of the second peer box are added into the authentication information in the authentication storage module from the second peer box; finally, the authentication storage module is electrically connected with a third peer box such that both the network locations and the encryption keys of the former peer boxes are received by the third peer box through the authentication information. | 2021-02-04 |
20210036997 | SECURE KEY MANAGEMENT PROTOCOL FOR DISTRIBUTED NETWORK ENCRYPTION - For an encryption management module of a host that executes one or more data compute nodes (DCNs), some embodiments of the invention provide a method of providing key management and encryption services. The method initially receives an encryption key ticket at an encryption management module to be used to retrieve an encryption key identified by the ticket from a key manager. When the encryption key has been retrieved, the method uses the encryption key to encrypt a message sent by a data compute node executing on the host requiring encryption according to an encryption rule. The encryption key ticket, in some embodiments, is generated for an encryption management module to implement the principle of least privilege. The ticket acts as a security token in retrieving encryption keys from a key manager. Ticket distribution and encryption rule distribution are independent of each other in some embodiments. | 2021-02-04 |
20210036998 | CLOUD KEY MANAGEMENT FOR AFU SECURITY - An apparatus for cloud key management may include a networking interface, a memory, and a processor, coupled to the memory and the networking interface, the networking interface to couple the apparatus to one or more endpoint servers (EPSs) of a cloud service provider (CSP), each EPS including a hardware accelerator, and a management node (MN) of the CSP. The apparatus may further include an accelerator functional unit (AFU) developer interface module operated by the processor to receive cryptographic material (CM) for each of one or more AFU developers (AFUDs) and store it into the memory, the CM includes a public key hash (PKH), and an encryption key (EK) to decrypt an AFU of the AFUD. The apparatus may also include an EK communication module operated by the processor to: receive, from the MN, a request to send to a targeted EPS an encrypted lookup table (LUT), the LUT including PKHs and associated EKs for a set of the one or more AFUDs from which the targeted EPS is authorized to receive AFUs, and in response to the request, send, to the targeted EPS, the LUT. | 2021-02-04 |
20210036999 | METHOD AND APPARATUS FOR COMMUNICATION BETWEEN INTERNET OF THINGS DEVICES - A method including establishing a communication connection of a first Internet of Things device with a trusted device; acquiring a first communication key, the first communication key being provided to the first Internet of Things device and/or a second Internet of Things device via the trusted device; performing, on the basis of the first communication key, encrypted communication with the second Internet of Things device, thereby ensuring that the first Internet of Things device and the second Internet of Things device are capable of acquiring the first communication key, and performing encrypted communication on the basis of the first communication key, thus enhancing the security and reliability of communication between the first Internet of Things device and the second Internet of Things device. | 2021-02-04 |
20210037000 | SECURING A GROUP-BASED COMMUNICATION SYSTEM VIA IDENTITY VERIFICATION - Securing a group-based communication system may comprise identity verification of a user based on tracking an entity's interactions with a computing device associated with a user profile registered with the group-based communication system. The identity verification techniques may comprise capturing various inputs at a computing device associated with a user profile registered with the group-based communication system and storing and/or transmitting the inputs and/or interaction parameters quantifying features of the inputs to a security component of the group-based communication system. The security component may generate a data structure based at least in part on comparing the interaction parameters to historical interaction parameters and the data structure may be used to generate a trust score for verifying or denying the entity interacting with the computing device. | 2021-02-04 |
20210037001 | Enclave Interactions - Aspects of the disclosure provide various methods relating to enclaves. For instance, a method of authentication for an enclave entity with a second entity may include receiving, by one or more processors of a host computing device of the enclave entity, a request and an assertion of identity for the second entity, the assertion including identity information for the second identity; using an assertion verifier of the enclave entity to determine whether the assertion is valid; when the assertion is valid, extracting the identity information; authenticating the second entity using an access control list for the enclave entity to determine whether the identity information meets expectations of the access control list; when the identity information meets the expectations of the access control list, completing the request. | 2021-02-04 |
20210037002 | VIRTUAL NETWORK SYSTEM, VIRTUAL NETWORK CONTROL METHOD, ORCHESTRATION APPARATUS, CONTROL APPARATUS, AND CONTROL METHOD AND CONTROL PROGRAM OF CONTROL APPARATUS - A system according to this invention is directed to a virtual network system that prevents unauthorized registration, alteration, or occurrence of erroneous registration when registering a virtual network function produced by a third party or system vender. The virtual network system includes an acceptor that accepts a virtual network function performing one of functions included in a virtual network service and information of a provider providing the virtual network function from the provider, a first authenticator that authenticates, based on the virtual network function and the provider information, that the provider is a valid provider, and a registration unit that registers the virtual network function when the first authenticator authenticates that the provider is a valid provider. | 2021-02-04 |
20210037003 | CONTROLLED TOKEN DISTRIBUTION TO PROTECT AGAINST MALICIOUS DATA AND RESOURCE ACCESS - Techniques are described for controlling data and resource access. For example, methods and systems can facilitate controlled token distribution across systems and token processing in a manner so as to limit access to and to protect data that includes access codes. | 2021-02-04 |
20210037004 | SIGNING IN TO MULTIPLE ACCOUNTS WITH A SINGLE GESTURE - Methods, systems and computer program products are provided for signing into multiple accounts with a single gesture. Multiple sessions may be generated for multiple user identities based on a single authentication gesture, such as providing a phone number or email and a texted or emailed one-time code or providing a fast online identity (FIDO) key and an unlock gesture. Resources, such as applications, need not, but may be multi-identity aware to support signing into multiple accounts with a single gesture. Users may utilize their multiple identities without any additional sign-ins. Resources or session managers may receive multiple session artifacts concurrently or separately without additional sign-ins. Resources may indicate a capability to receive multiple session artifacts, for example, in registration or call parameters. Multiple identities may be revealed only after verification, for example, to prevent divulging identities to third parties aware of usernames such as phone numbers and email addresses. | 2021-02-04 |
20210037005 | System And Method Of Single Sign On To Master Website And Silent Authentication For Subservient Websites - Systems and methods are provided that may be implemented as an identity management system to provide a single sign on to a master website and silent authentication for subservient websites. The identity management system may include an identity provider server and a user management server. The identity provider server may authenticate a user, redirect an authenticated user to the user management server, and receive and verify a silent authentication request including a cryptographic signature and a modified message on behalf of the authenticated user from the user management server. | 2021-02-04 |
20210037006 | SECURITY CERTIFICATE IDENTITY ANALYSIS - The technology described herein uses data in certificate transparency (CT) logs to identify security certificates that are likely to be used for phishing or brand violation. The technology described uses machine vision technology to analyze the domain name in a CT log as a user would view it. The domain name in the CT log is rendered as it might appear in a web browser's address bar. The rendered domain name is then converted to a text string using optical character recognition (OCR). The text string generated by OCR is then analyzed by a brand detection system to determine whether the text string matches a brand name. When a known brand is detected, a trust analysis is performed to determine whether the security certificate in the CT log is actually associated with the brand. | 2021-02-04 |
20210037007 | METHOD AND DEVICE FOR PERFORMING ONBOARDING - Provided is an API invoker of performing an onboarding. The API invoker includes a transceiver and a processor coupled with the transceiver and configured to obtain, from a service provider, onboarding information including an onboarding credential and information of a CAPIF core function, establish a secure session with the CAPIF core function based on the onboarding information and control the transceiver to transmit, to the CAPIF core function, an onboard API invoker request message along with the onboarding credential and to receive an onboard API invoker response message based on a result of a validating the onboarding credential at the CAPIF core function. | 2021-02-04 |
20210037008 | ARCHITECTURE FOR CLOUDCHAIN DRIVEN ECOSYSTEM - Described are platforms, systems, and methods for a secure exchange of personal data with brand data. In one aspect, a method comprises receiving, from a computing device, a request for ownership of a brand, the request comprising a data grouping; persist a smart contract to a distributed ledger, the smart contract associated with the brand and generated based on the data grouping satisfying a criterion for ownership of the brand; and providing, to the computing device, by executing the smart contract, a plurality of opportunities based on the data grouping satisfying the criterion for ownership. | 2021-02-04 |
20210037009 | BIOMETRIC DATA SUB-SAMPLING DURING DECENTRALIZED BIOMETRIC AUTHENTICATION - A biometric authentication platform uses fault-tolerant distributed computing to determine if a supplied biometric sample and a template sample, which may be stored in a registry, are from the same person. Samples may be subdivided and assigned to Sub-Sample Processing Clusters for processing in parallel to determine sub-results. A consensus authentication result may then be determined by the processing cluster based upon the sub-results. | 2021-02-04 |
20210037010 | METHOD AND APPARATUS FOR MULTI-FACTOR VERIFICATION OF A COMPUTING DEVICE LOCATION WITHIN A PRESET GEOGRAPHIC AREA - A location multi-factor verification method may comprise initiating a boot process of a client device via firmware of the client device, receiving, via a network interface device, an access point (AP) beacon frame identifying a nearby AP, transmitting the AP beacon frame to a location determination service via the network interface device, receiving a geographic location estimation from the location determination service, based on the AP beacon frame, transmitting the geographic location estimation to the nearby AP, and granting a user of the client device access to an operating system of the client device if a boot process authorization instruction is received at the client device via the network interface device. | 2021-02-04 |
20210037011 | IDENTITY INTERMEDIARY SERVICE AUTHORIZATION - Examples include service authentication for a principal. A request to access a first service of a plurality of services of a network may be received from a principal by an identity intermediary. An identifier of the first service may be stored at the identity intermediary, and an unsigned credential of the principal and a principal identifier may be transferred from the identity intermediary to a credential provider. The principal identifier and the credential signed by the credential provider may be received, and the signed credential may be transmitted to the first service for authentication. | 2021-02-04 |
20210037012 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, AND INFORMATION PROCESSING METHOD - An information processing system includes an authentication server, a proxy authentication terminal, and an information processing device. The authentication server is connected to a wide-area line located outside a prescribed area, has an authentication privilege, and issues an authentication code. The proxy authentication terminal is connected to the authentication server through the wide-area line, has a proxy authentication privilege which serves as a proxy for the authentication privilege, and issues a proxy authentication code. The information processing device is connected to the proxy authentication terminal through a local-area line located within the prescribed area, receives the proxy authentication code from the proxy authentication terminal, and instructs processing of a job. | 2021-02-04 |
20210037013 | USER AUTHENTICATION USING CONNECTION INFORMATION PROVIDED BY A BLOCKCHAIN NETWORK - Apparatuses, methods, and systems are disclosed for user authentication using a connection information package provided by a blockchain network. One apparatus includes a processor and a transceiver that receives, from a first address on a blockchain network, a plurality of connection information packages and also receives, from a first function, a request to authenticate a user. The processor determines whether the first function is associated with one of the plurality of connection information packages. In response to the first function being associated with a valid one of the plurality of connection information package, the processor accepts the request to authenticate a user. | 2021-02-04 |
20210037014 | UNIVERSAL OPERATING SYSTEM - A universal operating system and associated processes and procedures, which, together, are configurable to provide at least one operating system resource. The at least one operating system resource may be utilized by at least one cyber system for providing at least one individual with safe, secure, private cyber interactions with accurately identified instances of the individual's cyber devices, with other parties, and with the cyber devices of other parties. Processes and procedures are also provided which may be configured to provide an individual with the ability to selectively grant or selectively deny another party or a cyber device access to at least one part of the individual's cyber activities, cyber interactions, cyber assets, and cyber resources. A universal operating system is also provided which is configurable for providing interoperable use of cyber content, cyber devices, and cyber programming throughout at least one cyber system. | 2021-02-04 |
20210037015 | Client Device Configuration for Remote Digital Workspace Access - Client devices in public workspaces are typically reconfigured to default settings for each new user. Thus, a user may manually pre-configure a publicly accessible client device each time the user accesses a virtual workspace via the device. Systems and methods according to this disclosure provide client device configuration based on user identification. Upon launching a remote access application on a “fresh” client device that has not been configured for remote access, the user may be prompted to provide user identifying information, such as, biometric information. A user identification may be determined based on the user identifying information. Various configuration settings may be determined based on the user identification. The client device may be configured based on the determined configuration settings. After the client device is configured, the user may be prompted for authentication credentials. If the user is successfully authenticated, the user is authorized to access the user's virtual workspace. | 2021-02-04 |
20210037016 | EXTENDED REDIRECT MIRROR - Examples disclosed herein relate to a method comprising determining, at a first gateway, that a packet originating from a first device has hit an access control list (ACL) rule, wherein the first gateway has an Application Specific Integrated Circuit (ASIC) that does not have the capability to log packets that hit ACL rules. The method may include creating, at the first gateway, a copy of the packet and including, at the first gateway, an identification of the ACL Rule and an identification of the first device into a header of the copy of the packet. The method may include transmitting, from the first gateway, the copy of the packet to a first network device via a network tunnel. | 2021-02-04 |
20210037017 | NON-DISRUPTIVE LOGIN THROTTLING IN FIBRE CHANNEL NETWORKS - A method includes receiving a FLOGI message sent by a device seeking to log on to a network, wherein the device is in a same zone as reachable devices already logged into the network; in response to the FLOGI message, sending to the device a FC_ID, receiving from the device a query, including the FC_ID, for a list of devices with which the device can communicate, in response to the query, sending to the device an empty list of reachable devices with which the device can communicate within the same zone; after sending the empty list, programming, at least, an access control list (ACL) including information about the device; and after the ACL is programmed, triggering a RSCN message to be sent to the device to cause the device to, for the first time, obtain information about the reachable devices. | 2021-02-04 |
20210037018 | DISTRIBUTED APPLICATION PROGRAMMING INTERFACE WHITELISTING - Techniques are provided to implement distributed application programming interface (API) whitelisting for access control of a computing system. For example, an API gateway receives a client API request to access an application comprising a distributed microservices architecture. The API gateway initiates a whitelisting validation operation determine if the client API request is permitted. The whitelisting validation operation includes comparing an API endpoint of the client API request to a whitelist of permitted API endpoints of registered microservices of the application to determine whether the API endpoint of the client API request comprises a permitted API endpoint in the whitelist. The API gateway routes the client API request to a target microservice of the application, in response to the whitelisting validation operation determining that the client API request is permitted. | 2021-02-04 |
20210037019 | Network Filter - Systems and methods for managing a network are disclosed. One method can comprise transmitting a first identifier associated with a first service. Access to the first service can be provided to a user device using the first identifier. A filter element associated with the user device can be received. Transmission of a second identifier associated with a second service can be filtered based on the filter element, wherein filtering transmission inhibits access of the user device to the second service. | 2021-02-04 |
20210037020 | METHOD AND SYSTEM FOR LIVE DATING - Nextdate provides an online dating and game experience for all participants, including live streamers, contestants, and viewers. Nextdate offers advantages over both offline and online speed dating. In respect to offline speed dating, Nextdate is better in that it provides conversational prompts to the participants (the “star” and the contestant), as well as a “Love-o-meter” and audience comments that provide additional items and context to which the participants can respond. In respect to online speed dating, Nextdate includes features that remove the friction from traditional online dating experience and encourage user participation. Nextdate may be implemented as a standalone app or as a tab or feature of another video-centric social networking app. | 2021-02-04 |
20210037021 | USING SMART GROUPS FOR COMPUTER-BASED SECURITY AWARENESS TRAINING SYSTEMS - This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group. | 2021-02-04 |
20210037022 | METHOD AND SYSTEM FOR CONFIRMING E-MAIL AUTHENTICITY AND NON-TRANSITORY STORAGE MEDIUM THEREOF - A method and a system for confirming e-mail authenticity and a non-transitory storage medium thereof are provided. A sender electronic device produces a data fingerprint based on mail content of an e-mail, inserts the data fingerprint into the e-mail, and transmits the data fingerprint and the mail content to a data storage device to be stored. A receiver electronic device obtains the data fingerprint from the e-mail and acquires, based on the data fingerprint, the corresponding mail content from the data storage device. If the corresponding mail content is not stored in the data storage device or the acquired mail content does not accord with the mail content of the received e-mail, the receiver electronic device marks the e-mail as counterfeit. | 2021-02-04 |
20210037023 | SYSTEM AND METHOD FOR VERIFYING THE IDENTITY OF EMAIL SENDERS TO IMPROVE EMAIL SECURITY WITHIN AN ORGANIZATION - One variation of a method for verifying email senders includes: intercepting an email addressed to a target recipient within an organization, the email received from a sender at an inbound email address and including an inbound display name; accessing a whitelist including a verified display name and a set of verified email addresses corresponding to an employee within the organization; characterizing a display name difference between the inbound display name and the verified display name; in response to the display name difference falling below a threshold difference, comparing the inbound email address to the set of verified email addresses; in response to identifying the inbound email address in the set of verified email addresses, authorizing transmission of the email to the target recipient; and, in response to the set of verified email addresses omitting the inbound email address, withholding transmission of the email and flagging the email for authentication. | 2021-02-04 |
20210037024 | ADVANCE INCIDENT SCORING - Techniques and systems to provide a more intuitive user overview of events data by mapping unbounded incident scores to a fixed range and aggregating incident scores by different schemes. The system may detect possible malicious incidents associated with events processing on a host device. The events data may be gathered from events detected on the host device. The incident scores for incidents may be determined from the events data. The incident scores may be mapped to bins of a fixed range to highlight the significance of the incident scores. For instance, a first score mapped to a first bin may be insignificant while a second score mapped to a last bin may require urgent review. The incident scores may also be aggregated at different levels (e.g., host device, organization, industry, global, etc.) and at different time intervals to provide insights to the data. | 2021-02-04 |
20210037025 | PLATFORM FOR THE EXTRACTION OF OPERATIONAL TECHNOLOGY DATA TO DRIVE RISK MANAGEMENT APPLICATIONS - A method in one embodiment comprises receiving usage data from a first operational management system, the first operational management system utilizing a plurality of assets of an information technology infrastructure. The method also includes identifying, based at least in part on the received usage data, one or more asset relationships between at least two assets of the plurality of assets, and one or more user-asset relationships between one or more users and one or more of the plurality of assets. In the method, one or more parameters of a plurality of parameters are applied to the identified asset and user-asset relationships to determine one or more designations associated with the identified asset and user-asset relationships. The one or more designations are transmitted to a second operational management system to trigger a risk management workflow based at least in part on the one or more designations. | 2021-02-04 |
20210037026 | Protection of Traffic between Network Functions - Methods and network equipment in a core network for intercepting protected communication between core network (CN) network functions (NFs). A method performed by network equipment in a core network may include establishing a first connection with a first NF for which the network equipment serves as a proxy and establishing, on behalf of the first NF, a second connection that is towards a second NF and that is secure. The method may also include selectively forwarding communication between the first and second NFs over the first and second connections, including transmitting and/or receiving the communication on behalf of the first NF over the second connection. The method may further include intercepting the communication that the network equipment selectively forwards between the first and second NFs. | 2021-02-04 |
20210037027 | MALICIOUS INCIDENT VISUALIZATION - Techniques to provide visualizations of possible malicious incidents associated with an event on a host device may include causing presentation of graphics of a process or thread in a user interface. Information about detected events may be transmitted to a computing device that generates the visualizations for presentation to an analyst to verify the malicious incidents. Based on patterns and information conveyed in the visualizations, the computer device or host device may take action to protect operation of the host device caused by the event. | 2021-02-04 |
20210037028 | MAPPING UNBOUNDED INCIDENT SCORES TO A FIXED RANGE - Techniques and systems to provide a more intuitive user overview of events data by mapping unbounded incident scores to a fixed range and aggregating incident scores by different schemes. The system may detect possible malicious incidents associated with events processing on a host device. The events data may be gathered from events detected on the host device. The incident scores for incidents may be determined from the events data. The incident scores may be mapped to bins of a fixed range to highlight the significance of the incident scores. For instance, a first score mapped to a first bin may be insignificant while a second score mapped to a last bin may require urgent review. The incident scores may also be aggregated at different levels (e.g., host device, organization, industry, global, etc.) and at different time intervals to provide insights to the data. | 2021-02-04 |
20210037029 | DETECTION OF ADVERSARY LATERAL MOVEMENT IN MULTI-DOMAIN IIOT ENVIRONMENTS - Implementations are directed to methods for detecting and identifying advanced persistent threats (APTs) in networks, including receiving first domain activity data from a first network domain and second domain activity data from a second network domain, including multiple alerts from the respective first and second network domains and where each alert of the multiple alerts results from one or more detected events in the respective first or second network domains. A classification determined for each alert of the multiple alerts with respect to a cyber kill chain. A dependency is then determined for each of one or more pairs of alerts and a graphical visualization of the multiple alerts is generated, where the graphical visualization includes multiple nodes and edges between the nodes, each node corresponding to the cyber kill chain and representing at least one alert, and each edge representing a dependency between alerts. | 2021-02-04 |
20210037030 | ANOMALY DETECTION BASED ON DATA RECORDS - An example computer-implemented method includes receiving, by a processing device, the data records. The data records can be of a plurality of data record types. The method further includes analyzing, by the processing device, the data records by comparing the data records of different record types. The method further includes identifying, by the processing device and based at least in part on the analysis, a unit of work that is flooding the data records as the anomaly. | 2021-02-04 |
20210037031 | CONTEXTUAL ANOMALY DETECTION ACROSS ASSETS - Methods, systems, and computer program products for contextual anomaly detection across assets are provided herein. A method includes obtaining time-series data frames corresponding to assets; clustering the assets into one or more cohorts based on the time-series data frames, each cohort comprising assets having statistically similar time-series data frames; for each given asset within each cohort: applying a time-context window to the portion of the time-series data frames corresponding to the given asset to generate at least one transformed data frame, and determining an asset distribution for the given asset based on the at least one transformed data frame; determining one or more of that at least one of the assets within at least one of the cohorts is anomalous and that at least one of the cohorts is anomalous; and causing at least one remediation action to be performed based on the determining. | 2021-02-04 |
20210037032 | METHODS AND SYSTEMS FOR AUTOMATED PARSING AND IDENTIFICATION OF TEXTUAL DATA - A method and system for parsing and identifying security log message data, which can include receiving system generated unstructured or partially semi-structured security log data from a plurality of source systems and devices, including a variety of different source systems and/or devices. The message data is received from the various sources in the form of raw log message data, as a stream of bytes received by a parsing system that identifies and extracts character features of the incoming raw messages. The extracted Character features are compiled into data structures that are evaluated by a model(s) to determine segmentation boundaries thereof and generate message tokens, which are further classified as including variable data field(s) or as a template text string. Template categorized message tokens are used to provide message fingerprint information for characterizing the overall form of the message, and for comparison to a collection of previously stored/evaluated message fingerprints by a classifier. If the message fingerprint is determined to match a stored fingerprint with or above a selected confidence level, the parsed message can be stored. Unidentified message forms/fingerprints can be routed to a labeling system for further analysis, the results of which are used to train and update the character identification and classification engines/models. | 2021-02-04 |
20210037033 | DETECTION OF DENIAL OF SERVICE ATTACKS - Embodiments are directed to monitoring network traffic over a network using one or more network monitoring computers. A monitoring engine may be instantiated to perform actions, including: monitoring network traffic to identify client requests provided by clients and server responses provided by servers in response to the client requests; determining request metrics associated with the client requests; and determining response metrics associated with the server responses. An analysis engine may be instantiated that performs actions, including: comparing the request metrics with the response metrics; determining atypical behavior associated with the clients based on the comparison such that the atypical behavior includes an absence of adaption by the clients to changes in the server responses; and providing alerts that may identify the clients be associated with the atypical behavior. | 2021-02-04 |
20210037034 | METHOD AND DEVICE FOR HANDLING AN ANOMALY AT A CONTROL UNIT - A method and device for handling an anomaly at a unit. The device is integrated into the unit. A variable is detected for handling attacks on the unit that defines an operation of the unit. A piece of information is determined depending on the variable that characterizes surroundings in which the unit is operated. It is checked depending on a comparison of the piece of information about the surroundings to a piece information about the setpoint surroundings for the operation of the unit, whether or not an anomaly is present in the operation of the unit. The unit is operated in a first operating mode having a first functional range, if no anomaly is detected. The unit is operated in a second operating mode having a second functional range, which is reduced or changed with regard to the first functional range, if an anomaly is detected. | 2021-02-04 |
20210037035 | VISUALIZATION AND CONTROL OF REMOTELY MONITORED HOSTS - Methods and systems for visualization of data associated with events detected on a monitored server host, and control of the host, are provided. A system may detect an incident on a remote server host. The system may present scores and activity graphs on a user interface for a human operator to review. The user interface may include animated activity graphs to show the progress of a past malicious event. The user interface may emphasize, de-emphasize, and/or hide subgraphs. The user interface may include quick-action buttons and wizards to permit users to immediately kill processes or isolate a computer from the network. The user interface may include controls to bulk-tag detected events associated with a subgraph. The user interface may present notifications/dashboards of significant malicious events in progress and update same when a new event rises in incident score into the top 10. | 2021-02-04 |
20210037036 | User Configurable Alert Notifications Applicable to Search Query Results - The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert. | 2021-02-04 |
20210037037 | PREDICTIVE MODEL SELECTION FOR ANOMALY DETECTION - In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model. | 2021-02-04 |
20210037038 | CYBERSECURITY VULNERABILITY CLASSIFICATION AND REMEDIATION BASED ON INSTALLATION BASE - A system, a method, and a computer program for remediating a cyberattack risk for a computing resource located at a node in a computer network having a plurality of nodes. The solution includes receiving vulnerability score data that has a severity level for a vulnerability in the computing resource at the node, receiving a number of installations value (N | 2021-02-04 |
20210037039 | VULNERABILITY SCANNER BASED ON NETWORK PROFILE - An approach is provided for vulnerability scanning that receives network access data from a secure network connection and stores the data in a memory. The set of network access data pertain to a set of network accessible resources. The set of network accessible resources are then accessed using the set of received network access data. A vulnerability scan is performed of the network accessible resources after which the access to the set of network accessible resources is released and the set of network access data is deleted from the memory. | 2021-02-04 |
20210037040 | INTELLIGENT SECURITY AUTOMATION AND CONTINUOUS VERIFICATION AND RESPONSE PLATFORM - A security testing platform can provide security teams with an extensible, cost-effective and flexible platform which can continuously test, evaluate and tune deployed security tools & policies. The security testing platform allows users to automatically simulate security threat attacks in order to measure the effectiveness of a security stack's prevention, detection and mitigation capabilities. A set of endpoints within the controlled environment may be configured to simulate the environment of the application being tested, which may be configured across multiple endpoints. Additional endpoints may also be configured as ‘attackers’ to orchestrate security attacks on the simulated environment. The security testing platform | 2021-02-04 |
20210037041 | METHOD TO RATE THE SECURITY OF A DEVICE THROUGH FINGERPRINT ANALYSIS - A method of operating an Internet of Things device is disclosed. In the method, electrical power is provided to electrical circuitry in the Internet of Things device. The Internet of Things device is communicately coupled to a network using a communications module having one or more transceiver. An activity module of the Internet of Things device is activated to perform a predetermined operation, wherein activating the activity module includes determining compliance of a plurality of measured system parameters against a plurality of system parameters of a device fingerprint stored within a non-transitory memory of the Internet of Things device during performance of the predetermined operation, and disabling the Internet of Things device due to at least two of the measured system parameters being out of compliance with predetermined system parameters. | 2021-02-04 |
20210037042 | REMOTE ATTESTATION IN NETWORK - The present disclosure relates to a remote attestation in a network. Embodiments provide a method comprising: attesting a first node in a network, by a node adjacent to the first node in the network; and generating an attestation result of the first node. A plurality of attestation results of the first node generated by a plurality of nodes adjacent to the first node in the network are combined to determine a credibility of the first node. In such embodiments, a fixed verifier for other nodes is eliminated, and a risk of a collapse due to a failure of such fixed verifier may be avoided. | 2021-02-04 |
20210037043 | MODIFYING TRIAGE INFORMATION BASED ON NETWORK MONITORING - Embodiments are directed to monitoring network traffic using NMCs that may be arranged to provide scores based on threat assessments associated with anomaly classes such that the anomaly classes may be associated with types of anomalous activity. NMCs may employ the anomaly classes, the scores, characteristics of the anomaly classes, or the like, to determine triage models. The NMCs may modify the scores based on the triage models or archival information associated with the anomaly classes. The NMCs may associate the modified scores with the anomaly classes. In response to detecting anomalous activity, the NMCs may provide other scores based on the anomalous activity and provide a report that includes the other scores to a user. | 2021-02-04 |
20210037044 | RESILIENT ESTIMATION FOR GRID SITUATIONAL AWARENESS - According to some embodiments, a system, method and non-transitory computer-readable medium are provided to protect a cyber-physical system having a plurality of monitoring nodes comprising: a normal space data source storing, for each of the plurality of monitoring nodes, a series of normal monitoring node values over time that represent normal operation of the cyber-physical system; a situational awareness module including an abnormal data generation platform, wherein the abnormal data generation platform is operative to generate abnormal data to represent abnormal operation of the cyber-physical system using values in the normal space data source and a generative model; a memory for storing program instructions; and a situational awareness processor, coupled to the memory, and in communication with the situational awareness module and operative to execute the program instructions to: receive a data signal, wherein the received data signal is an aggregation of data signals received from one or more of the plurality of monitoring nodes, wherein the data signal includes at least one real-time stream of data source signal values that represent a current operation of the cyber-physical system; determine, via a trained classifier, whether the received data signal is a normal signal or an abnormal signal, wherein the trained classifier is trained with the generated abnormal data and normal data; localize an origin of an anomaly when it is determined the received data signal is the abnormal signal; receive the determination and localization at a resilient estimator module; execute the resilient estimator module to generate a state estimation for the cyber-physical system. Numerous other aspects are provided. | 2021-02-04 |
20210037045 | SYSTEM AND METHOD FOR CYBER-SECURE COMMUNICATIONS - Cyber security for a communications network can be enhanced with benchmarking, logging, and monitoring message transfer latencies between nodes to detect any changes in equipment or configuration due to unauthorized surveillance. In addition, the transfer of the messages between nodes is provided with cyber attack mitigation measures to be able to maintain operations even if encryption is compromised. | 2021-02-04 |
20210037046 | Automated Threat Analysis of a System Design - Methods, apparatus, and processor-readable storage media for automated threat analysis of a system design are provided herein. An example method includes obtaining a design of a security architecture; analyzing the design to identify existing security controls in the architecture; in response to determining that the existing security controls fail to satisfy a mitigation criteria for mitigating at least one security threat: identifying one or more of at least one additional security control that mitigates the at least one security threat, and at least one change to at least one of the existing security controls that mitigates the at least one security threat; generating mitigation information indicative of one or more of the at least one additional security control and the changes; and revising the design based at least in part on the mitigation information. | 2021-02-04 |
20210037047 | REAL TIME MANAGEMENT OF BOTNET ATTACKS - A system and computer-implemented method of managing botnet attacks to a computer network is provided. The system and method includes receiving a DNS request included in network traffic, each DNS request included in the network traffic and including a domain name of a target host and identifying a source address of a source host, wherein the translation of the domain name, if translated, provides an IP address to the source host that requested the translation. The domain name of the DNS request is compared to a botnet domain repository, wherein the botnet domain repository includes one or more entries, each entry having a confirmation indicator that indicates whether the entry corresponds to a confirmed botnet. If determined by the comparison that the domain name of the DNS request is included in the botnet domain repository, then the source address of the DNS request is stored or updated in an infected host repository and a control signal is output to cause any future network traffic from the source address to be diverted to an administrator configured address. Each source address stored in the infected host repository identifies a host known to be infected. | 2021-02-04 |
20210037048 | Automated learning and detection of web bot transactions using deep learning - This disclosure describes a bot detection system that leverages deep learning to facilitate bot detection and mitigation, and that works even when an attacker changes an attack script. The approach herein provides for a system that rapidly and automatically (without human intervention) retrains on new, updated or modified attack vectors. | 2021-02-04 |
20210037049 | SYSTEM FOR ATTACK PROTECTION IN IOT DEVICES - An Internet of Things device is herein disclosed. The Internet of Things device comprises a communications module having circuitry to communicatively connect to a computer network, a memory operable to store data, a processor coupled to the memory and the communications module and operable to execute instructions stored in the memory, and an activity module, including at least one of a sensor and a control device. The activity module operates under control of the processor to perform a designated activity with at least one of the sensor and the control device. The activity module further communicates on the computer network via the communications module. The processor curtails a volume of communication of the communications module on the computer network if a measured value of a system parameter exceeds a threshold value. | 2021-02-04 |
20210037050 | METHOD FOR ATTACK PROTECTION IN IOT DEVICES - A method of operating an Internet of Things device is described. In the method, an electrical power is supplied to electrical circuitry in the Internet of Things device. The Internet of Things device is communicatively coupled to a computer network using circuitry of a transceiver and a communications module of the Internet of Things device. A detecting circuit is operated to indirectly monitor a level of activity of the communications module. If the level of activity of the communications module is determined to exceed a threshold value, a volume of communications between the Internet of Things device and the computer network is curtailed. | 2021-02-04 |
20210037051 | UTILIZING ROUTING ADVERTISEMENTS TO AUTOMATE DDOS SCRUBBING TECHNIQUES IN A TELECOMMUNICATIONS NETWORK - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for an orchestrator device associated with a scrubbing environment of a telecommunications network that receives one or more announced routing protocol advertisements from a customer device under an attack. In response to receiving the announcement, the orchestrator may configure one or more scrubbing devices of the network to begin providing the scrubbing service to packets matching the received routing announcement. A scrubbing service state for the customer may also be obtained or determined by the orchestrator. With the received route announcement and the customer profile and state information, the orchestrator may provide instructions to configure the scrubbing devices of the network based on the received information to dynamically automate scrubbing techniques without the need for a network administrator to manually configure the scrubbing environment or devices. | 2021-02-04 |
20210037052 | SYSTEMS AND METHODS FOR PREVENTING ROUTER ATTACKS - A system comprising a processor in electrical communication with a network and a non-transitory memory having instructions that, in response to an execution by the processor, cause the processor to monitor a routing information base (“RIB”) of the network, identify a change in the RIB, calculate a probability of suspiciousness of the change in the RIB, and classify the change in the RIB based on a continuum of trust are disclosed. Methods of managing routers are also disclosed. | 2021-02-04 |
20210037053 | SECURE COMMUNICATIONS SERVICE FOR INTERCEPTING SUSPICIOUS MESSAGES AND PERFORMING BACKCHANNEL VERIFICATION THEREON - A system and a method are disclosed for verifying a suspicious electronic communication. To this end, a secure communications service may detect an electronic communication comprising an identifier of a purported originator of the electronic communication and an identifier of an intended recipient, and determine that an attribute of the electronic communication corresponds to a suspicious attribute. Responsively, the service may intercept the electronic communication and storing the electronic communication in purgatory memory, so as to prevent the electronic communication from being populated in a private repository of the intended recipient, transmit a verification message, and receive a reply to the verification message that verifies the authenticity of the electronic communication. In response to receiving the reply, the service may release the electronic communication from the purgatory memory, so as to cause the electronic communication to be populated in the private repository of the intended recipient. | 2021-02-04 |
20210037054 | AUGMENTED DATA COLLECTION FROM SUSPECTED ATTACKERS OF A COMPUTER NETWORK - Technology for isolating suspicious activity on a plurality of servers for the purpose of mitigating damage (for example, unauthorized access to server data) to a network of computers and eliciting information about any suspicious clients involved in the suspicious activity. A suspicious client is identified, isolated, and permitted to continue interacting with the computer network to elicit information about the activity (for example, the identify of a suspicious client). Suspicious activity is defined by network administrators and determined using conventional techniques. The suspicious activity is isolated to prevent the suspicious client(s) from unauthorized and/or harmful actions on the network. The suspicious client(s) are permitted to resume network requests, in isolation, to covertly elicit information about the suspicious activity. Any data collected about the suspicious activity and/or suspicious client(s) are output, during and/or after the suspicious client(s) have disconnected from the network, for analysis. | 2021-02-04 |
20210037055 | TECHNIQUES FOR INCENTIVIZED INTRUSION DETECTION SYSTEM - The present disclosure relates generally to security solutions. More specifically, techniques (e.g., systems, methods, and devices) are provided to implement an incentivized-based intrusion detection system to detect malicious acts against an asset. The incentive may lure or facilitate the actor to provide information detecting malicious actions against an asset. | 2021-02-04 |
20210037056 | METHOD AND SYSTEM CREATING AND USING DATA CONFIDENCE FABRIC PROCESSING PATHS - In general, in one aspect, the invention relates to a method for managing data, the method includes performing, by a data confidence fabric (DCF) node, a trust operation with a remote DCF node, updating, based on the trust operation, a trust level associated with the remote DCF node to obtain an updated trust level, integrating, based on the updated trust level, the remote DCF node into a DCF processing path to obtain a second DCF processing path, wherein the DCF processing path comprises the DCF node, and processing data using the second DCF processing path. | 2021-02-04 |
20210037057 | SYSTEM RESOURCE MANAGEMENT IN SELF-HEALING NETWORKS - The present disclosure provides for system resource management in self-healing networks by grouping End Point Groups (EPGs) into a plurality of policy groups based on shared security policies; identifying a first policy group with a highest resource demand; assigning a first security policy corresponding to the first policy group to a first switch of a plurality of switches; identifying a second plurality of EPGs from the remaining EPGs that were not included in the first policy group; grouping the second plurality of EPGs into a second plurality of policy groups based on shared security policies; identifying a second policy group with a highest resource demand of the second plurality of policy groups; and assigning a second security policy corresponding to the second policy group to a second switch of the plurality of switches. | 2021-02-04 |
20210037058 | DYNAMIC ACCESS CONTROLS USING VERIFIABLE CLAIMS - Policy-based techniques are provided for dynamic access control for resources. One method comprises, upon a user attempt to access a given resource, identifying a policy defined for access to the given resource, wherein the policy comprises a rule and an allowed issuer of a verifiable claim; determining if the rule and the allowed issuer are satisfied based on an evaluation of the verifiable claim; and allowing the user to access the given resource if the rule and the allowed issuer are satisfied. A given rule can specify a threshold for a data item obtained from an allowed issuer. The policy can be stored by one or more policy hubs. A plurality of policy hubs can be organized in a hierarchical structure, such that one given policy is applied to the given resource in a predictable manner. | 2021-02-04 |
20210037059 | SEAMLESS MULTI-VENDOR SUPPORT FOR CHANGE OF AUTHORIZATION THROUGH RADIUS AND OTHER PROTOCOLS - A process, system, and non-transient computer readable medium that provides device automation support for the dynamic activation, authentication, and accounting of network access and network access devices while enabling seamless multi-vendor support for change of authorization through multiple network protocols. The process, system, and non-transient computer readable media also provides security threat remediation that can be automated at the device, network access, traffic inspection, and/or threat protection level by taking action on a device by triggering actions in a bidirectional manner. | 2021-02-04 |
20210037060 | System And Method For Distributed Network Access Control - Various embodiments of network access control (NAC) systems and methods are provided herein to control access to a network comprising a plurality of network endpoint nodes, where each network endpoint node includes a policy information point and a policy decision point. The policy information point within each network endpoint node stores a distributed ledger including one or more client policies that must be satisfied to access the network, and a smart contract including a set of predefined rules defining network access behaviors and actions. Upon receiving a network access request from a client device outside of the network, the policy decision point within each network endpoint node executes the smart contract to determine whether the client device should be granted access, denied access or have restricted access to the network, and executes consensus algorithm to select one of the network endpoint nodes to be a policy decision point leader. | 2021-02-04 |
20210037061 | MANAGING MACHINE LEARNED SECURITY FOR COMPUTER PROGRAM PRODUCTS - Methods, systems, and apparatuses, may manage machine learned security for computer program products, which may create dynamic micro-perimeters. | 2021-02-04 |
20210037062 | GATEWAY DEVICE AND MONITORING METHOD - Unexpected call disconnection during normal time is prevented. When a gateway device 1 installed on a POI border receives RTP packets even though reception of RTCP packets is stopped, the gateway device 1 generates RTCP packets and sends out the RTCP packets to the gateway device 1's own network side or the gateway device 1 generates a call control signal showing that media transfer is continued and sends out the call control signal to the gateway device 1's own network side. Thereby, even in the case of performing interruption monitoring of RTCP packets within the gateway device 1's own network, it is possible to prevent unexpected call disconnection during normal time accompanying change in RTCP packet sending-out conditions. | 2021-02-04 |
20210037063 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - There is provided an information processing device, an information processing method, and a computer program that enable to switch communication between virtual space and real space smoothly. The information processing device includes a communication control unit that controls communication performed in virtual space in which a virtual image corresponding to a real image of a user present in real space is created, interactively between users through the virtual image of the user; a user-information acquiring unit that acquires position information regarding a position of the user in the real space and attribute information including at least information regarding intimacy between the users at predetermined timing; and a switching control unit that controls switching between communication performed in the real space and communication performed in the virtual space according to at least either one of the position information and the attribute information. | 2021-02-04 |
20210037064 | In-Line AI Virtual Assistant - Novel tools and techniques for providing an in-line AI virtual assistant are provided. A system includes a session border controller coupled to an end-user device, and a session initiation protocol stack. The session initiation protocol stack includes a processor, and non-transitory computer readable media comprising instructions executable by the processor to: receive, from the session border controller, a call invite request; provision, via the AI virtual assistant service, an AI virtual assistant instance in response to the call invite request; and join the AI virtual assistant instance to a call with the end-user device. | 2021-02-04 |
20210037065 | Content Disposition System And Method For Processing Message Content In A Distributed Environment - In one embodiment, a wireless mobile User Equipment (UE) device comprises a message generator configured to send a SIP request message via a first IP network and a processor configured to process a SIP response message received from a network node via the first IP network, the processor further configured to process instructions to provide a treatment for at least one message body content of the SIP response message based on a value of a content type indicator independent of at least one of an absence of a content disposition indicator, a content disposition indicator without a value and a content disposition indicator having a value. The treatment, applied by the UE device, may comprise one of: (i) performing an Emergency Services (ES) call effectuated via a CS network and (ii) performing a registration and an ES call effectuated via an IP network. | 2021-02-04 |
20210037066 | SYSTEM, METHOD, AND COMPUTER-READABLE MEDIUM FOR BY-PASSING THE PUBLIC SWITCHED TELEPHONE NETWORK WHEN INTERCONNECTING AN ENTERPRISE NETWORK AND A CARRIER NETWORK - A system, method and computer-readable medium by-passing the public switched telephone network when routing a call from a carrier network to an enterprise network are provided. A carrier gateway server is communicatively coupled with an enterprise gateway server. The enterprise gateway server is adapted to publish direct inward dial numbers assigned to enterprise extensions to the carrier gateway server. Once published, call setups originated in the carrier network may be routed directly to an enterprise network having a terminal assigned the dialed number of the call setup. Advantageously, the carrier network operator does not incur any inter-connect fee from any public switched network operator | 2021-02-04 |
20210037067 | SYSTEM AND METHOD FOR REGISTERING DEVICE FOR VOICE ASSISTANT SERVICE - A system and method for registering a new device for a voice assistant service. The method, performed by a server, of registering a new device for a voice assistant service includes: comparing functions of a pre-registered device with functions of the new device; identifying functions corresponding to the functions of the pre-registered device among the functions of the new device, based on the comparison; obtaining pre-registered utterance data related to at least some of the identified functions; generating action data for the new device based on the identified functions and the pre-registered utterance data. | 2021-02-04 |
20210037068 | CREATION AND SHARING OF CONTACTS GROUPS BETWEEN COMMUNICATION PARTICIPANTS - The technology disclosed herein enables the creation of a contacts group from participants in a communication session along with the ability to share that created contacts group. In a particular embodiment, a method includes identifying participants participating in a communication session and receiving first user input from a first participant of the participants. The first user input identifies a first selection of the participants comprising at least one of the participants. The method further includes obtaining first contact information for the first selection of the participants and including the first contact information in a first contacts group. The method also includes providing the first contacts group to a selection of one or more users. | 2021-02-04 |
20210037069 | MULTIPARTY REAL-TIME COMMUNICATIONS SUPPORT OVER INFORMATION-CENTRIC NETWORKING - Embodiments include technologies for creating a manifest for a conferencing event in a network, adding a name tag identifying the conferencing event to the manifest, receiving an interest packet including one or more parameters indicating a named flow being produced at a source node, adding content metadata of the named flow to the manifest, and sending the manifest to the source node. Further embodiments include adding, to the manifest, session-level metadata associated with a user of the source node. Embodiments include receiving a second interest packet with one or more second parameters identifying a user of a client node, where the second interest packet indicates a request to authorize the user of the client node to subscribe to the conferencing event. In further embodiments, session-level metadata associated with the user is added to the manifest if the user is authorized to subscribe to the conferencing event. | 2021-02-04 |
20210037070 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER-READABLE MEDIUM - An information processing system includes a plurality of communication terminals, and an information processing apparatus. The information processing apparatus includes first circuitry to acquire one or more images of a shared screen; store the acquired one or more images as one or more captured image; receive a selection of a particular captured image that is not to be displayed on at least one communication terminal of the plurality of communication terminals; generate data of a screen including the one or more captured images to be displayed on the at least one communication terminal, the screen not displaying at least a part of the one or more captured images based on the received selection; and transmit the generated data to the at least one communication terminal. Each of the plurality of communication terminals includes second circuitry configured to display the screen based on the received data. | 2021-02-04 |
20210037071 | EFFICIENT DISTRIBUTION AND DISPLAY OF MEDIA - Systems and methods are provided for providing media content to subscribers. A system includes a source device storing first and second items of digital media content and a computing device. The computing device includes a network interface configured to receive the first and second items of digital media content from the source device via a network connection and a media player configured to simultaneously provide the first and second items of digital media content to a display of the computing device. The media player includes a synchronization component that monitors a first playback position, associated with the first item of digital media content, and a second playback position, associated with the second item of digital media content, and alters the first playback position when a time difference between the first playback position and the second playback position exceeds a threshold value. | 2021-02-04 |
20210037072 | MANAGED DISTRIBUTION OF DATA STREAM CONTENTS - Configuration information indicating that one or more stream consumers are granted read-only access to contents of a shared-access data stream is stored at a stream management service. A virtual stream associated with the shared-access stream may be established. In response to a read request directed to the virtual stream, contents of a particular record of the shared-access data stream are provided. | 2021-02-04 |
20210037073 | TRANSFER OF DATA STREAMING SERVICES TO PROVIDE CONTINUOUS DATA FLOW - Embodiments regard transfer of data streaming services to provide continuous data flow. An embodiment of an apparatus includes a processor to process data for streaming to one or more organizations; and a memory to store data for streaming to the one or more organizations, wherein the apparatus is to provide a centralized work distribution service to track status of each of a plurality of data streams to the one or more organizations, and a plurality of nodes, each node being a virtual machine to stream one or more data streams to the one or more organizations, each node including a first daemon service to monitor connectivity of the node to dependency services for the node and, upon detecting a loss of connection to one or more of the dependency services, the node to discontinue ownership of the one or more data streams of the node and a second daemon service to poll the centralized work distribution service for data streams that are not assigned. | 2021-02-04 |
20210037074 | DISTRIBUTEDLY SYNCHRONIZED EDGE PLAYOUT SYSTEM - The same sequence of media items is pre-distributed to storage devices at multiple locations. A local program component, including content not in the pre-distributed sequence of media items, is obtained at a first media mixer at a first location. A control signal associated with playout of the pre-distributed media items is obtained at a first processing device co-located with the first media mixer. The local program component is transmitted to a second media mixer located at a second location. Separately from the local program component, the control signal is transmitted from the first processing device to a second processing device, co-located with the second media mixer. The control signal is synchronized to the local program component at the second location to generate a synchronized media program control. The pre-distributed sequence of media items is mixed with the local program component as directed by the synchronized media program control. | 2021-02-04 |
20210037075 | RECEPTION DEVICE, RECEPTION METHOD, TRANSMISSION DEVICE, AND TRANSMISSION METHOD - Disclosed is a reception device configured to acquire second metadata including a flag, the flag indicating whether or not there is a component stream transmitted from a server via the Internet for a service. The reception device is also configured to acquire first metadata based on the second metadata, the first metadata including information related to a component stream for the service transmitted in a broadcast signal using an Internet Protocol (IP) transmission scheme. Finally, the reception device is configured to access the component stream transmitted in the broadcast signal based on the first metadata, and control reproduction of the component stream transmitted in the broadcast signal. | 2021-02-04 |
20210037076 | METHODS AND SYSTEMS FOR A DECENTRALIZED DATA STREAMING AND DELIVERY NETWORK - Methods and systems for delivering data contents among peer nodes in a decentralized data delivery network are disclosed. The network comprises peer-to-peer (P2P) connections implemented on top of a content delivery network (CDN) having CDN servers that provide fragments of data files to network nodes. Such a hybrid network comprises viewer nodes, edge cacher nodes, tracker servers, and optionally a payment server. A smart tracker provides caching instructions to guide cachers in storing, delivering, and relaying content to viewer nodes. The smart tracker also provides peer lists to viewer nodes, by selecting active cacher nodes to provide access to data fragments, based on network locations and/or geolocations of neighboring nodes, and a content data type of the desired data file. A software development kit (SDK) is provided for integration into existing third-party content viewers so that the functionality of the hybrid network is available to users via existing content viewers. | 2021-02-04 |
20210037077 | Social Network Account Assisted Service Registration - Examples involve a control device using a social networking service to facilitate registration of a streaming media service with a media playback system. An example implementation receives (i) data indicating login credentials for a given account of a social networking service, and (ii) input data to configure streaming media services with a media playback system. Based on receiving the input data to configure the media playback system, the implementation queries the social networking service for streaming media services associated with the given account, and in response to the query, receives data indicating a first streaming media service associated with the given account. The implementation configures the media playback system to playback audio content from the first streaming media service that is associated with the given account and causes the media playback system to playback audio content from the first streaming media service. | 2021-02-04 |