14th week of 2016 patent applcation highlights part 47 |
Patent application number | Title | Published |
20160099887 | CLOUD INDEPENDENT TUNING SERVICE FOR AUTONOMOUSLY MANAGED WORKLOADS - Systems, methods, and computer program products to perform an operation comprising receiving, from a workload in a cloud computing environment, an abstract request to modify resources allocated to the workload, translating, by a tuning service, the abstract request to a set of requirements to fulfill the abstract request, identifying, by the tuning service, a resource configuration suitable to satisfy the set of requirements, and providing, by the tuning service, the resource configuration to fulfill the abstract request. | 2016-04-07 |
20160099888 | CLOUD INDEPENDENT TUNING SERVICE FOR AUTONOMOUSLY MANAGED WORKLOADS - Method to perform an operation comprising receiving, from a workload in a cloud computing environment, an abstract request to modify resources allocated to the workload, translating, by a tuning service, the abstract request to a set of requirements to fulfill the abstract request, identifying, by the tuning service, a resource configuration suitable to satisfy the set of requirements, and providing, by the tuning service, the resource configuration to fulfill the abstract request. | 2016-04-07 |
20160099889 | METHOD AND APPARATUS FOR ALLOCATING NETWORK MEDIUM DATA RESOURCES - A method of allocating network medium data resources is disclosed. The method is performed at an apparatus having one or more processors and memory for storing programs to be executed by the one or more processors. The method includes selecting, from a set of virtual requests, a virtual request including a requested resource usage time range consisting of multiple unit time periods. The method includes identifying a set of requests conflicting with the selected virtual request, where the set of conflicting requests includes one virtual request and one actual request. The method includes calculating, based on the set of conflicting requests, a maximum allocatable resource volume for each unit time period within the requested resource usage time range. The method further includes determining, based on the maximum allocatable resource volumes and the selected virtual request, an allocatable resource volume for each unit time period within the requested resource usage time. | 2016-04-07 |
20160099890 | Relay Optimization using Software Defined Networking - Various embodiments provide a system for modifying a channel binding in order to relay packets between a relay client and a peer in a peer-to-peer (P2P) communication event across a network. A relay server receives a request to bind a channel in order to relay the packets for the communication event. The relay server creates requirements for a communication path. The relay server sends the requirements to a Software Defined Networking (SDN) controller. The SDN controller in turn creates and installs flows and flow tables in SDN switches to relay the packets across the network for the communication event. | 2016-04-07 |
20160099891 | PACKET PROCESSING METHOD, APPARATUS AND SYSTEM - This application provides a packet processing method, a device and a system. The system includes a layer 4 forwarding device, a layer 7 forwarding device, and a controller. The controller sends a first forwarding entry to the layer 4 forwarding device, where the first forwarding entry includes a first keyword and a first processing policy corresponding to the first keyword, the first keyword includes layer 4 information for matching a packet, and the first forwarding entry is used to instruct the layer 4 forwarding device to send a second packet to the layer 7 forwarding device according to the first processing policy when a first packet matching the first keyword is received; and the controller sends, to the layer 7 forwarding device, a control rule used to instruct the layer 7 forwarding device in packet processing. | 2016-04-07 |
20160099892 | VIRTUAL AGENT PROXY IN A REAL-TIME CHAT SERVICE - Techniques are disclosed for implementing real-time chat systems including virtual agents as chat participants, and more specifically, to the use of a virtual agent proxy in a real-time chat service. Certain techniques are disclosed that allow for seamless chat transitions between virtual agents and live agents. A chat server may include a virtual agent (VA) proxy module. The VA proxy module intercepts messages received at the chat server from end users, forwards them to virtual agents, and posts responses from the virtual agents back to be displayed to the corresponding end users. The VA proxy module thereby loosely couples virtual agents to the chat server, allowing the virtual agents to participate in chats just as live agents do. The chat server may determine that chat escalations and de-escalations are to occur, and can provide a full transcript of the chat to new chat participants. | 2016-04-07 |
20160099893 | TRANSMISSION SYSTEM, COMMUNICATIONS CONTROL APPARATUS, TRANSMISSION TERMINAL, COMMUNICATIONS METHOD, AND TRANSMISSION METHOD - Disclosed is a transmission system including a first transmission terminal and a second transmission terminal in which the first transmission terminal transmits data to the second transmission terminal. The transmission system includes a first communications connector configured to connect first data communications between the first transmission terminal specified by first identification information and the second transmission terminal specified by second identification information, a determination part configured to refer to registered information registering third identification information in association with the first identification information of the first transmission terminal, acquire the third identification information in association with the first identification information, and determine whether the third identification information is included in transmission data transmitted by the first transmission terminal, and an addition part configured to add first information indicating that determination is made on the transmission data by the determination part. | 2016-04-07 |
20160099894 | Aggregated Presence Over User Federated Devices - One embodiment of a system for aggregating and distributing presence information comprises a hosted presence aggregator server. The hosted presence aggregator server receives an update of presence information from a user device and relays the presence information update to another user device, wherein the user devices are part of a federation of user devices controlled by a single user which relay updates in presence status of the single user to one another via the hosted presence aggregator server. | 2016-04-07 |
20160099895 | System and Method for Alerting a List of Multiple Recipients of a User's Request for Assistance - A request for assistance from a user employing a first user device is received. The request is converted into a plurality of formatted requests. Each formatted request is formatted for receipt by a respective recipient in the list of recipients. Each of the plurality of formatted requests is broadcasted to each respective recipient in the list of recipients. A location of the first user device is provided to each recipient in the list of recipients. An assistance response to the request is received. The assistance response is sent by a particular recipient in the list of recipients. A message is broadcasted to each recipient in the list of recipients, other than the particular recipient, indicating that the particular recipient provided the assistance response. Upon receiving an update message from the particular recipient, the update message is broadcasted to each recipient in the list of recipients other than the particular recipient. | 2016-04-07 |
20160099896 | System and Method for Attaching a Remotely Stored Attachment to an Email - An electronic mail message sent from a sender device is received by an email server. The electronic mail message includes an attachment holder block including an authentication token and an address of an attachment stored at a remote server. The authentication token is transmitted to the remote server to login to the remote server to access the attachment. The attachment is retrieved from the remote server using the address of the attachment. The attachment is attached to the electronic mail message by replacing the attachment holder block with the attachment. The electronic mail message including the attachment is transmitted to a recipient. | 2016-04-07 |
20160099897 | INFORMATION SHARING METHOD AND ELECTRONIC DEVICE THEREOF - An information sharing method that includes receiving additional information about content on a webpage, inputting the additional information into a message including a Uniform Resource Identifier (URI) of the webpage, specifying a destination of the message including the URI of the webpage and the additional information, and transmitting the message to the destination. | 2016-04-07 |
20160099898 | FILTER RULE GENERATION APPARATUS AND FILTER RULE GENERATION METHOD - A filter rule generation apparatus includes a storage unit and a processor. The storage unit is configured to store instructions. The processor, in accordance with each of the instructions stored on the storage unit, executes a process that causes the filter rule generation apparatus to perform extracting a co-occurrence message group per system, based on a co-occurrence probability, from a plurality of logs in which messages are accumulated, the messages being generated within systems, first generating value information representing a degree of similarity in operation between the systems, based on the extracted co-occurrence message group, clustering the systems, based on the value information, and second generating a rule for extracting messages from the logs of the systems included in each cluster, based on the co-occurrence message group in the cluster generated by the clustering. | 2016-04-07 |
20160099899 | EFFICIENT USE OF RESOURCES IN MESSAGE CLASSIFICATION - A system and method are disclosed for routing a message through a plurality of test methods. The method includes: receiving a message; applying a first test method to the message; updating a state of the message based on the first test method; and determining a second test method to be applied to the message based on the state. | 2016-04-07 |
20160099900 | Generating A Relationship History - Systems and methods for generation of a relationship history or text for a new message. In one embodiment, a method includes: scanning, by a computing device, a set of messages to or from a user to generate a plurality of profiles for persons associated with the messages, each person being a sender or a recipient of at least one of the set of messages, and the persons including a first person; generating, via the computer, a relationship history using the plurality of profiles, wherein the relationship history is for a relationship between the user and the first person; and presenting the relationship history to the user. | 2016-04-07 |
20160099901 | Ephemeral Gallery of Ephemeral Messages - A server has a processor and a memory storing instructions executed by the processor to maintain an ephemeral gallery of ephemeral messages. An ephemeral message is posted to the ephemeral gallery. The ephemeral message has an associated message duration parameter and a gallery participation parameter. An ephemeral message is removed from the ephemeral gallery in response to the identification of an expired gallery participation parameter. | 2016-04-07 |
20160099902 | PROCESSING MESSAGES FOR RETRIEVAL FROM A MESSAGE QUEUING SYSTEM - Methods and systems are provided for processing messages for retrieval from a message queuing system. The method may be carried out at a message sending component, and may include: receiving requests from multiple clients, where a request includes at least one required record; forming a union of requests, such that a common record of multiple requests is handled once; providing the common record with an associated reference count of requests requiring the record, and associated metadata listing the client requests in the record; sending a record response to a queuing system when processed including the reference count and the metadata listing the client requests; determining when all records in a request have been sent; and notifying a client that the request can be retrieved from the message queuing system, including a response list indicating to the client the identifier of the requested records retained at the message queuing system. | 2016-04-07 |
20160099903 | IDENTIFYING COMMUNICATION PARTICIPANTS TO A RECIPIENT OF A MESSAGE - Participant identifiers, or display names, for participants in an electronic communication can be selected such that each participant's display name is unique relative within a defined set of “relevant” participants, such as all participants in an electronic communication exchange or all contacts in a contacts list maintained for a specific user. Selection of display names can be optimized to provide a unique display name for each participant using a reduced or minimized number of characters. | 2016-04-07 |
20160099904 | METHOD, DEVICE AND SOFTWARE PRODUCT FOR FILLING AN ADDRESS FIELD OF AN ELECTRONIC MESSAGE - A content, context or the like as entered by a user may be used to automatically evaluate a recipient or recipients to whom the message is directed. A method for filling a recipient address field of an electronic message in a messaging application executable on a communication terminal begins by selecting a content chunk from a content area of said message and deciding whether said content chunk matches a predefined addressee identifier pattern. If the content chunk matches a predefined addressee identifier pattern then the a name portion is extracted from the content chunk. The name portion is compared with entries in a predefined directory. It the name portion matches an entry then a recipient address proposal is created based on an address stored in the directory. That recipient address proposal is filled into said recipient address field of said message. | 2016-04-07 |
20160099905 | AD-HOC Micro-Blogging Groups - Systems and methods are disclosed for distributing micro-blog posts to ad-hoc micro-blogging groups. In one embodiment, a micro-blog post of a user is obtained. A crowd in which the user is located is determined, where the crowd is a group of spatially proximate users. The micro-blog post of the user is tagged with a crowd identifier of the crowd in which the user is located such that the micro-blog post includes a crowd identifier tag. Publication of the micro-blog post including the crowd identifier tag is then effected. | 2016-04-07 |
20160099906 | METHOD AND APPARATUS FOR SOCIAL NETWORK COMMUNICATION OVER A MEDIA NETWORK - A system that transmits a request to initiate a communication session with a member device of a social network may include, for example, activating a speech capture element, maintaining activation of the speech capture element in accordance with a pattern of prior speech messages, detecting a speech message at the activated speech capture element, and transmitting the detected speech message, or a derivative thereof, to the member device of the social network. Other embodiments are disclosed. | 2016-04-07 |
20160099907 | SOCIAL NETWORKING WEBSITE SYSTEM WITH AUTOMATIC PARTICIPATION BASED ON CURRENT LOCATION INFORMATION - A social networking website system with automatic registration based on a current location information. Individuals are automatically enrolled into social network services based on a current location determined from their mobile devices. In particular, farmers in rural places can be enrolled into social networks in their local districts, and they can interact with others using audio and video messages employing their local languages. Such interaction can be adhoc in nature, employing audio messages, or audio and video messages. In general, automatic memberships to social networks, social groups and to discussion lists are provided to users, based on user's current location. | 2016-04-07 |
20160099908 | EMAIL AND INSTANT MESSAGING AGENT FOR DIALOG SYSTEM - Provided are methods and systems for email communication and instant messaging through a dialog system. The method may commence with enabling a user to create a personal account with a server. The personal account may be associated with the user and with the dialog system. The method may continue with enabling the user to establish a list of trusted email addresses. The method may further include receiving a notification from the server. The notification may be associated with a communication addressed to the user from one of the trusted email addresses. Upon receiving the notification, a first message associated with the notification may be delivered to the user. Upon receiving of an instruction associated with the notification from the user, an inquiry to receive the communication may be sent to the server. The method may further include delivering a second message associated with the communication to the user. | 2016-04-07 |
20160099909 | METHODS OF DETECTING AND ASSIGNING IP ADDRESSES TO DEVICES WITH ARP REQUESTS - A method of discovering and assigning an IP address to a device to be discovered in a communication network having multiple interconnected nodes includes continuously monitoring, by the device to be discovered, the network for address resolution protocol (ARP) requests. The discoverer node transmits a number of ARP request to the network. The device to be discovered receives the number of ARP requests. The device to be discovered determines whether the number of ARP requests are unanswered by other devices in the network. The device to be discovered answers to the number of ARP requests with an ARP reply to claim an IP address associated with the number of ARP requests. The discoverer node and the device to be discovered exchange a pair of User Datagram Protocol (UDP) packets to complete the detection process. | 2016-04-07 |
20160099910 | DOCSIS/MOCA ENABLED COAX DISTRIBUTION SYSTEM - System, method and apparatus implementing a smart splitter for use within a DOCSIS/MoCA enabled coaxial distribution system, the splitter for coupling radiofrequency (RF) signal between an input connection and a plurality of output connections, wherein each output connection is associated with a respective outlet, the splitter including a management module, configured to receive identifying data associated with at least one outlet or customer device connected thereto. | 2016-04-07 |
20160099911 | UNIVERSAL DHCP HELPERS - The present disclosure generally relates to techniques for providing an Internet protocol (IP) address to a client device communicatively coupled to a network. The technique can include: sending, by the client and over the network, a request for an IP address; receiving, by a router, the request; forwarding, by the router, the request to a universal helper server; receiving, by the universal helper server, the request; determining, by the universal helper server, an IP address of a DHCP server; forwarding, by the universal helper server, the request to the DHCP server; providing to the router, by the DHCP server, a client IP address; and sending, from the router to the client, the client IP address, such that the client is configured with the client IP address such that the client can receive point to point messages. | 2016-04-07 |
20160099912 | SYSTEMS, METHODS, AND COMPUTER-READABLE MEDIA FOR ALLOCATION AND RENEWAL OF IP ADDRESSES - Embodiments relate to methods, devices, and computer-implemented methods for internet protocol (“IP”) address assignment by a dynamic host configuration protocol (“DHCP”) server. The method includes receiving, from a client device, a DHCP discovery message for allocation of an IP address; assigning, by a processor, an IP address to the client device for a first lease period based on the DHCP discovery message; providing the IP address that was assigned to the client device; receiving, from the client device, an IP address lease renewal request during the first lease period; and renewing the first lease period to establish a second lease period that is longer than the first lease period based on a length of time the IP address that was assigned is in use by the client device. | 2016-04-07 |
20160099913 | Internet Protocol (IP) Address Virtualization for Terminal Server Sessions - Techniques are disclosed for virtualizing internet protocol (IP) addresses in terminal server sessions. Techniques include receiving requests for a virtual IP address from a client component, determining whether the requestor can use the virtual IP address, and either returning a requested virtual IP address or returning an indication that the requestor cannot use a virtual IP address. Methods for determining whether a virtual IP address can be used and methods for choosing a virtual IP address are disclosed. | 2016-04-07 |
20160099914 | DEVICE IDENTIFICATION IN A PICONET - An illustrative example device for communicating in a piconet includes a communication module configured to at least receive signals corresponding to a plurality of other devices, respectively. A first one of the signals indicates that a corresponding first one of the devices is capable of communicating in the piconet. A controller determines a first device name of the first device based on the first one of the signals and determines whether the first device name conflicts with a name of another device currently in the piconet. The controller modifies the first device name if the first device name conflicts with the name of the other device currently in the piconet and assigns the modified first device name to the first device for communications with the first device in the piconet. | 2016-04-07 |
20160099915 | SECURITY CONTEXT MANAGEMENT IN MULTI-TENANT ENVIRONMENTS - Examples of the present disclosure describe security context enforcement in a multi-tenant environment. Security context data may be transmitted through an un-secure multi-tenant computational environment. The security context data is secured by protection layers that restrict untrusted resources from running tenant applications and restrict the ability of unauthorized tenants to access context information associated with a tenant. Data may be received and evaluated at a component of a multi-tenant environment. If the component is a trusted component and the security context data indicates that the tenant is authorized to execute an application using a specified context, the component may run a tenant application in a context associated with the security context data. | 2016-04-07 |
20160099916 | SYSTEMS AND METHODS FOR PROTECTING NETWORK DEVICES - Embodiments of the present disclosure help protect network devices from unauthorized access. Among other things, embodiments of the disclosure allow full access to application servers and other network devices that a client is allowed to access, while preventing all access (or even knowledge) of network devices the client is not allowed to access. | 2016-04-07 |
20160099917 | MULTI-TUNNELING VIRTUAL NETWORK ADAPTER - Among other things, embodiments of the present disclosure allow multiple virtual private network connections to be created without the need for administrative privileges, and allow network traffic to be routed using a single virtual adapter instead of a dedicated virtual adapter for each virtual network connection. | 2016-04-07 |
20160099918 | SYSTEM AND METHOD TO PROVIDE BUILT-IN AND MOBILE VPN CONNECTIVITY - A system and method for facilitating the establishment of a virtual private network between a network and a remote computer, the system having: a mobile device connectable to the remote computer and storing a user profile, virtual private network information, and password information; virtual private network software being located on one of the mobile device and the remote computer; an access point communicating with the network; and communication means for communications between the access point and one of the mobile device and the remote computer, wherein the user profile, virtual private network information, and password information is passed to the virtual private network software upon connection of the mobile device to the remote computer, the virtual private network software using the user profile, virtual private network information, and password information to establish a virtual private network through the communications means and the access point to the network. | 2016-04-07 |
20160099919 | SYSTEM AND METHOD FOR PROVIDING A SECURE ONE-TIME USE CAPSULE BASED PERSONALIZED AND ENCRYPTED ON-DEMAND COMMUNICATION PLATFORM - A secure one-time use capsule based personalized and encrypted on-demand communication platform enables encrypted personalized secure on-demand stateless single-use capsuled communication channels over the Internet. Using the personalized capsuled secure communication system, a greater degree of communication security can be achieved than in the existing conventional methods. In one embodiment, the personalized capsuled secure communication system includes a capsule infrastructure system ( | 2016-04-07 |
20160099920 | METHOD FOR ESTABLISHING A CRYPTOGRAPHICALLY PROTECTED COMMUNICATION CHANNEL - Some embodiments are directed to a cryptographic method for providing an electronic first device, an electronic second device and an electronic intermediary device, the cryptographic method establishing a cryptographically protected communication channel between the first device and the second device. The method comprises establishing a session identifier (SID) between the first device and the intermediary device. The first device sends the session identifier and a first key element to the second device over an out-of-band channel. The second device sends a registration message comprising the session identifier to the intermediary device. The first and second device can communicate through the intermediary device protected using a shared key derived at the first and second device. | 2016-04-07 |
20160099921 | FINE GRAIN RIGHTS MANAGEMENT OF STREAMING CONTENT - The present invention provides methods, apparatuses, and systems for delivering protected streaming content to a receiving device. In an aspect of the present invention, a broadcaster provides streaming content. To ensure viewers are properly authorized, the streaming content is encrypted with a traffic key. The traffic key is provided to the users via a key stream message, which is encrypted with a service key. The user obtains at least one rights object from a rights issuers and the at least one rights object includes the service key so that the streaming content may be used. The at least one rights object also contains information regarding usage rights that may be configured by the rights issuer so that, depending on the user and/or the receiving device, different rights may be available. The key stream message may include a program category variable value that indicates the type of content and in conjunction with the rights object, determines what usage rights exist for the streaming content. | 2016-04-07 |
20160099922 | SECURE SHARED KEY SHARING SYSTEMS AND METHODS - Systems and methods used to securely communicate a shared key to devices. One embodiment describes a method to securely communicate a shared key to a first device and a second device that includes receiving, using the first device, a shared key and unique identifier pairing associated with the first device from a key generator; receiving, using a trusted third party, the shared key and unique identifier pairing from the key generator; generating, using the first device, a signature using the unique identifier and the shared key; transmitting, using the first device, the signature and the unique identifier to the trusted third party; verifying, using the trusted third party, the unique identifier based on the signature; determining, using the trusted third party, the shared key when the unique identifier is verified; and transmitting, using the trusted third party, the shared key to the second device to enable the first device and the second device to communicate securely by encoding and decoding communicated data using the shared key. | 2016-04-07 |
20160099923 | CLIENT ACCESSIBLE SECURE AREA IN A MOBILE DEVICE SECURITY MODULE - A security module has an assigned unique electronic identifier. The security module has a communication interface, a non-volatile memory, and a processing unit coupled to the communication interface and the non-volatile memory. One or more unassigned secure domains are formed in the non-volatile memory, and each of the unassigned secure domains has an assigned unique application identifier (AID). Each of the unassigned secure domains is accessible via a respective first security value, and using the respective first security value, each of the unassigned secure domains can be assigned to a service provider before or after the security module is deployed. | 2016-04-07 |
20160099924 | USING CREDENTIALS STORED IN DIFFERENT DIRECTORIES TO ACCESS A COMMON ENDPOINT - A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint. | 2016-04-07 |
20160099925 | SYSTEMS AND METHODS FOR DETERMINING DIGITAL DEGREES OF SEPARATION FOR DIGITAL PROGRAM IMPLEMENTATION - This disclosure relates generally to enterprise software management, and more particularly to systems and methods for determining digital degrees of separation for digital program implementation. In one embodiment, a digital degrees of separation determination system is disclosed, comprising a hardware processor, and a memory storing instructions executable by the processor for obtaining user credentials, and determining a user classification based on the user credentials. The processor may execute the instructions for identifying a user digital need based on the user classification, and querying a database for market-available software applications related to the user digital need. Further, the processor may execute the instructions for obtaining a list of user-accessible software applications related to the user digital need, and comparing characteristics of the market-available software applications to the user-accessible software applications. Also, the processor may execute the instructions for calculating a digital degrees of separation based on the comparison. | 2016-04-07 |
20160099926 | METHOD OF SEQUENTIALLY AUTHENTICATING CAN PACKETS USING DIVIDED MACS AND APPARATUS FOR IMPLEMENTING THE SAME - A method of transmitting K messages using divided message authentication codes (MACs) in a controller area network (CAN) includes: generating a MAC using a first message and a specific MAC, performing a first operation with respect to j using j-th messages subsequent to the first message and a second MAC part of the generated MAC, performing a second operation with respect to j using a result of the performed first operation and a j-th subblock subsequent to a first MAC subblock among K MAC subblocks obtained by dividing a first MAC part of the generated MAC, transmitting the first message along with the first MAC subblock, and transmitting K-1 j-th messages in an order of j, each of the j-th messages being transmitted along with a j-th result of the performed second operation. | 2016-04-07 |
20160099927 | HACKER SECURITY SOLUTION FOR PACKAGE TRANSFER TO AND FROM A VEHICLE - A cloud based system for a package exchange with a vehicle service is discussed. The system can have servers having processors, ports, and databases and a security module running on the processors to receive a virtual key and one of a request for package exchange with a vehicle service, data, or both, from a package delivery vehicle. The virtual key has a first shelf life and is used for authentication of communications from the delivery vehicle. The security module can receive a security token having a second shelf life from a user. The security token is used for verification of the user and target vehicle. After the first authentication and in an overlap window of the two shelf lives, the security module can send the one or more commands to an on-board actuation module of the target vehicle to cause an electro-mechanical operation in the target vehicle. | 2016-04-07 |
20160099928 | SYSTEMS AND METHODS FOR MANAGING CONNECTIONS FOR UNIVERSAL PLUG-AND-PLAY DEVICES - Systems and methods of managing network connections are disclosed. The method includes receiving a communication from a media device that requests permission to allow a connection between the media device and a client device, processing the communication by querying at least one database with the identifying information for the client device, if a unique identifier for the client device is received from the database, comparing the unique identifier for the client device with a unique identifier for the media device, in the event that the unique identifier for the client device matches the unique identifier for the media device, returning a result to the media device that allows the connection between the media device and the client device, and in the event that the unique identifier for the client device does not match the unique identifier for the media device, returning a result to the media device that does not allow the connection between the media device and the client device. | 2016-04-07 |
20160099929 | USER AUTHENTICATION BASED ON SELF-SELECTED PREFERENCES - Embodiments of the invention are directed to a system, method, and a computer program product for a user authentication based on self-selected preferences. The system typically including a memory, a processor, and a module configured to receive a request to execute a user action from a user associated with an application, wherein the user action requires one or more authentication credentials; receive one or more authentication credentials from the user based on a user-selected preference; validate the one or more authentication credentials based on the user-selected preference; and execute the user action based on a successful validation of the one or more authentication credentials | 2016-04-07 |
20160099930 | RESTRICTION OF IP ACCESS BASED ON PERSONAL PERFORMANCE - An application on a computing device communicatively coupled to a communications network for receiving restriction input from a parent user of the application. The application includes a reception module configured for receiving physical activity data from a wearable computing device worn by a child user. The application also includes an access control module configured for: receiving a request from the child user to access particular content on the communications network, comparing the received physical activity data from the wearable computing device to a physical activity threshold and determining whether the physical activity threshold has been met, comparing the particular content to the definition of accepted content, determining whether the particular content comprises accepted content, and, providing to the child user access to the particular content on the communications network if the particular content comprises accepted content and the physical activity threshold has been met. | 2016-04-07 |
20160099931 | Single Sign Off Handling by Network Device in Federated Identity Deployment - In one implementation, a network device provides a single signoff service to one or more endpoints in software as a service (SaaS) sessions. The network device is configured to monitor a session between a software as a service (SaaS) provider and an endpoint device and to identify a network event trigger associated with the session. In response to the network event trigger, a signoff message is generated to the SaaS provider by the network device. The SaaS provider is configured to purge the session in response to the signoff message. | 2016-04-07 |
20160099932 | PROCESSING APPARATUS, AUTHORITY SETTING METHOD, AND STORAGE MEDIUM STORING PROGRAM - A processing apparatus performs: in response to reception of first information by one of the network interface and the user interface, identifying, as a first function, a function corresponding to the first information out of a plurality of functions relating to image data; setting a first authority corresponding to the first information, the first authority being authority to use the first function; after setting the first authority, when one of the network interface and the user interface receives second information different from the first information and when functions identified by the second information out of the plurality of functions include at least part of the first function and a function other than the first function, identifying the function other than the first function as a second function; and setting a second authority corresponding to the second information, the second authority being authority to use the second function. | 2016-04-07 |
20160099933 | DISTRIBUTED SINGLE SIGN ON TECHNOLOGIES INCLUDING PRIVACY PROTECTION AND PROACTIVE UPDATING - Technologies for distributed single sign-on operable to provide user access to a plurality of services via authentication to a single entity. The distributed single sign-on technologies provide a set of authentication servers and methods for privacy protection based on splitting secret keys and user profiles into secure shares and periodically updating shares among the authentication servers without affecting the underlying secrets. The correctness of the received partial token or partial profiles can be verified with non-interactive zero-knowledge proofs. | 2016-04-07 |
20160099934 | AUTHENTICATED SESSION ESTABLISHMENT - Methods, devices, and machine-readable media are provided to provide secure communications between entities. As provided in this disclosure, this may include receiving a request to begin a new communication session, determining one or more desired parameters of the session, and determining whether the desired parameters of the message match proposed parameters provided by the entity requesting the new communication session. When the one or more proposed parameters match the one or more desired parameters, a secure communication session is established between the entities. | 2016-04-07 |
20160099935 | SECURE ACCESS TO INDIVIDUAL INFORMATION - A facility for accessing information relating to a person is described. In a reader device, the facility accesses first credentials stored in a first storage device, second credentials stored in a second storage device, and third credentials stored in the reader device. In the reader device, the facility uses a combination of the first credentials, second credentials, and third credentials to decrypt information relating to the person stored in the first storage device. | 2016-04-07 |
20160099936 | BLUETOOTH LOW ENERGY HOSTLESS PRIVATE ADDRESS RESOLUTION - Conventional Bluetooth low energy (or like personal wireless network) controllers cannot resolve private addresses without some calculation from a host processor but leaving the host processor on or awaking it from a sleep each time a non-trusted device attempts to connect wastes power. Hostless private address resolution allows a host controller to enter a sleep state off while the Bluetooth controller advertises its device name, primary services, rejects connection requests from non-trusted devices with public and private addresses, and awakens the host controller upon a connection request from a trusted client device with a public or private address. Not only does this approach reduce power consumption by allowing the host processor to remain in the sleep state it simultaneously ensures security by allowing the private address resolution to remain active on the Bluetooth controller. | 2016-04-07 |
20160099937 | METHODS AND SYSTEMS FOR AUTHENTICATING USERS - A method of authenticating users to reduce transaction risks includes indicating a desire to conduct a transaction and determining whether the transaction requires access to protected resources. Moreover, the method determines whether inputted information is known, determines a state of a communications device when the inputted information is known, and transmits a biometric authentication request from a server to an authentication system when the state of the communications device is enrolled. Additionally, the method includes validating the communications device, capturing biometric authentication data in accordance with a biometric authentication data capture request with the communications device, biometrically authenticating the user, generating a one-time pass-phrase and storing the one-time pass-phrase on the authentication system when the user is authenticated, comparing the transmitted one-time pass-phrase against the stored one-time pass-phrase, and granting access to the protected resources when the transmitted and stored one-time pass-phrases match. | 2016-04-07 |
20160099938 | Authenticating Method and Apparatus Using Electronic Device - An authentication method and apparatus for an electronic device. A first electronic device transmits a mutual authentication request for the first electronic device and a second electronic device communication-connected with the first electronic device to an authentication server. The first electronic device receives mutual authentication information for each of the first electronic device and the second electronic device from the authentication server, and stores the mutual authentication information in the first electronic device and the second electronic device. The first electronic device determines whether reliability of an authentication state between the first electronic device and the second electronic device is maintained. The first electronic device acquires an authentication result for a service using the second electronic device from the authentication server by using the mutual authentication information for each of the first electronic device and the second electronic device, when the reliability is maintained. | 2016-04-07 |
20160099939 | METHOD OF AUTHENTICATING CAN PACKETS USING MIXTURE OF MACS AND APPARATUS FOR IMPLEMENTING THE SAME - A method and apparatus for authenticating packets in a controller area network (CAN) are disclosed. The method includes transmitting messages using a mixture of message authentication codes (MACs) in a controller area network (CAN). In addition, a first MAC is generated using a first message and the first MAC is divided into a first MAC part and a second MAC part. A second MAC is generated using a second message and the second MAC is divided into a third MAC part and a fourth MAC part. A linear operation is performed between the second MAC part and the third MAC part to generate a first authentication MAC. The first message is transmitted with the first MAC part and the second message is transmitted with the first authentication MAC. | 2016-04-07 |
20160099940 | Hostless mDNS-SD Responder with Authenticated Host Wake Service - Conventional wireless interface (WiFi) controllers cannot resolve authentication for trusted client devices without calculation from a host processor. Leaving the host processor on or awaking it from a sleep state each time a non-authenticated trusted client device attempts to connect wastes power. A hostless authenticated wake service allows a host controller to enter a sleep state while the WiFi controller responds to multicast domain name service-service discovery (mDNS-SD) queries from trusted client devices. Once a client device is authenticated, the WiFi controller may respond to a trusted client request to awake the host processor for further command processing and service provision. Not only does this approach reduce power consumption by allowing the host processor to remain in the sleep state, it allows trusted client devices to discover its presence while ensuring security. | 2016-04-07 |
20160099941 | AUTHENTICATING A LIMITED INPUT DEVICE VIA AN AUTHENTICATED APPLICATION - A limited input device, such as a camera, is authenticated based on a request received from an authenticated application. The application can request an application server to provide the application with a one-time authorization code. The request includes the device identifier associated with the camera. The server stores an association between the one-time authorization code and the device identifier of the camera, and provides the application with the one-time authorization code. The application provides the camera with the one-time authorization code. The camera transmits a request for an access token to the server, the request for the access token including the one-time authorization code and the device identifier associated with the camera. The server verifies the device identifier associated with the camera with that associated with the one-time authorization code, and upon a positive verification authenticates the camera by providing the camera with the access token. | 2016-04-07 |
20160099942 | DATA LEAK PROTECTION - Methods and systems for Data Leak Prevention (DLP) in an enterprise network are provided. According to one embodiment, a data leak protection method is provided. Information regarding a watermark filtering rule is received by a network security device. The information includes a sensitivity level and an action to be applied to files observed by the network security device that match the watermark filtering rule. A file attempted to be passed through the network security device is received by the network security device. A watermark embedded within the received file is detected by the network security device. A sensitivity level associated with the watermark is compared by the network security device to the sensitivity level of the watermark. When the comparison results in a match, then the action specified by the watermark filtering rule is performed by the network security device. | 2016-04-07 |
20160099943 | SHUT OFF MECHANISM FOR ALL INTERNET TRAFFIC - A client device providing enhanced network traffic security. The client device includes a processor and a network connection element selectively operable to provide two-way data traffic between the client device and a digital communications network such as the Internet. The client device includes a memory device managed by and accessible to the processor, and the memory device stores a network traffic schedule, which may be defined by a device operator through a shut-down mechanism user interface. The client device includes a shut-down mechanism causing the network connection element to provide the two-way data traffic between the client device and the network according to the network traffic schedule, which defines first and second time periods. The shut-down mechanism allows the network connection element to connect to the network during the first time period and prevents the network connection element to connect during the second time period. | 2016-04-07 |
20160099944 | Digital Rights Domain Management for Secure Content Distribution in a Local Network - Systems and methods for secure content distribution to playback devices connected to a local network via a residential gateway using secure links are disclosed. One embodiment of the invention includes a content server, a rights management server, a residential gateway configured to communicate with the content server and the rights management server via a network, and a playback device configured to communicate with the residential gateway via a local network. In addition, the residential gateway is configured to receive protected content from the content server, the playback device is configured to request access to the protected content from the residential gateway, the residential gateway is configured to request access to the protected content from the rights management server and the request includes information uniquely identifying the playback device, the rights management server is configured to provide access information to the residential gateway when the information uniquely identifying the playback device satisfies at least one predetermined criterion with respect to playback devices associated with the residential gateway, the residential gateway and the playback device are configured to create a secure link between the residential gateway and the playback device via the local network, and the residential gateway is configured to decrypt the protected content using the access information provided by the rights management server and to encrypt the decrypted content for distribution to the playback device via the secure link. | 2016-04-07 |
20160099945 | DNS SECURITY EXTENSIONS FOR EMULATED APPLICATIONS - The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be processed by a non-emulated interface in the host environment. The non-emulated interface may determine whether the domain-name-to-be-resolved resides in a zone on a list of secured zones. If so, the DNS query may be performed by the non-emulated interface using DNSSEC. DNS resolutions that do not pass the security checks may fail while DNS resolutions that pass the security checks will be returned to the customer. | 2016-04-07 |
20160099946 | CONTROLLING OPERATION OF A MACHINE AND DESCRIBING ACTIONS PERFORMED BY THE MACHINE THROUGH A SOCIAL NETWORKING SYSTEM - A social networking system includes information identifying a machine (e.g., a robot, a drone, a computer, a thermostat, etc.) and a connection between the machine and an owner of the machine, which is a user of the social networking system capable of authorizing an action by the machine. The owner of the machine associates permissions associated with various actions by the machine, where a permission associated with an action identifies one or more criteria for performing the action. Permissions may specify types of connections between social networking system users and the owner of the machine via the social networking system to allow social networking system users with specific types of connections to the owner of the machine to perform certain actions using the machine. Information describing an action performed by the machine may be communicated to other users of the social networking system via any suitable communication channel. | 2016-04-07 |
20160099947 | INFORMATION PROCESSING APPARATUS, COMMUNICATIONS METHOD, AND SYSTEM - An information processing apparatus includes a first communications connector configured to implement first data communications connection between a first transmission terminal specified by first identification information and a second transmission terminal specified by second identification information when authentication of the first transmission terminal is established, an identification information acquisition part configured to acquire third identification information and fourth identification information by referring to correspondence information registering the third identification information in association with the first identification information, and the fourth identification information in association with the second identification information when acquiring a second data communications connecting request including the first identification information and the second identification information from the first transmission terminal, and a connection request part configured to transmit the second data communications connecting request together with the third identification information and the fourth identification information acquired by the identification information acquisition part to another information processing apparatus. | 2016-04-07 |
20160099948 | METHOD AND SYSTEM FOR ENABLING ACCESS OF A CLIENT DEVICE TO A REMOTE DESKTOP - A computer implemented method, computer program product, and systems for enabling access of a client device to a remote desktop. The remote desktop is implemented within a remote virtual machine engine ( | 2016-04-07 |
20160099949 | Systems and Methods for Document-Level Access Control in a Contextual Collaboration Framework - Systems and methods are provided for managing contextual collaborations. User data corresponding to a plurality of users is stored. The plurality of users include at least a first and second user. A first computing device associated with the first user receives a first access-level designation for a first document included in a first contextual collaboration. The first access-level designation is stored in association with the first user and the first document. A request to access the first document included in the first contextual collaboration is received from a second computing device associated with a second user. Based on the stored first access-level designation, it is determined whether to provide access to the first document by the second computing device associated with the second user. A response is transmitted to the second computing device associated with the second user, the response granting or denying access to the first document. | 2016-04-07 |
20160099950 | USER AUTHENTICATION - A method, system, server processing system and computer readable medium for authenticating a user attempting to access a secure environment is disclosed. In one aspect, the server processing system is configured to: receive an authentication request to authenticate the user attempting to access the secure environment; transfer, to the user or a user device associated with the user, an index corresponding to a selected key from a keymap; receive data indicative of a code which is based on the selected key presented by the user device and a personal identifier, and determine, using the code whether the user is authenticated. Advantageously, the server processing system never stores nor receives data directly indicative of the personal identifier such that no one else is able to determine the personal identifier, not even an employee of the secure environment which the user is attempting to access. | 2016-04-07 |
20160099951 | CENTRALIZED STORAGE AND MANAGEMENT OF MALWARE MANIFESTS - Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and all versions, including temporary versions, of any files written to, updated by, or accessed by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data. | 2016-04-07 |
20160099952 | METHOD AND SYSTEM FOR TESTING AND VALIDATION OF CRYPTOGRAPHIC ALGORITHMS - A method for testing cryptographic algorithms includes: receiving one or more request files, wherein each request files is associated with a cryptographic algorithm and includes a plurality of tests; formatting the plurality of tests in each of the request files based on algorithm formatting rules; transmitting the request files; receiving a plurality of test results for each of the transmitted request files, wherein each test result corresponds to a test included in the respective request file and is generated by execution of the corresponding test using the cryptographic algorithm associated with the respective request file; generating a response file for each of the request files, wherein the response files includes a plurality of test results that correspond to each test included in the corresponding request file; formatting the plurality of tests results in each of the generated response files based on result formatting rules; and transmitting the response files. | 2016-04-07 |
20160099953 | APPLICATION ATTACK MONITORING - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing application attack monitoring. Actions can include: obtaining a security graph model associated with an attack vulnerability of a distributed application, the security graph model comprising a plurality of rule parts; screening log data obtained by a plurality of connectors to selectively obtain relevant log data corresponding to one or more of the rule parts, each connector being in communication with a respective components of the distributed application; evaluating the relevant log data based on the security graph model to provide an evaluation score; and in response to determining that the evaluation score is greater than a predetermined threshold, providing output indicating an attack on the distributed application. | 2016-04-07 |
20160099954 | APPARATUS AND METHOD FOR IDENTIFYING A DOMAIN NAME SYSTEM RESOURCE EXHAUSTION ATTACK - A machine includes a processor and a memory connected to the processor. The memory stores instructions executed by the processor to identify a resource attack in response to spikes in the number of unique subdomains being queried and spikes in the number of timeouts or delayed responses from a specified name server. | 2016-04-07 |
20160099955 | CLOUD BASED REPUTATION SYSTEM FOR BROWSER EXTENSIONS AND TOOLBARS - A method and apparatus for an automated classification rating of browser extensions is provided. | 2016-04-07 |
20160099956 | Detection of Mutated Apps and Usage Thereof - System, method and product for detection of mutated apps and usage thereof. A method comprises obtaining features of an Application Under Check (AUC); comparing the features with sets of features of applications to determine a host application of the AUC; determining that the AUC is a mutated application of the host application, wherein said determined comprises comparing the AUC with the host application; and in response to said determining, performing a predetermined action. A server may be configured to perform the steps of collecting features relating to trusted applications, wherein the trusted applications are potentially useable as a basis for a mutated application, wherein the features are features that are indicative of a mutated versions of the trusted applications; and retaining the features in a repository, whereby collecting and retaining a list of positive signatures of trusted applications that are useful to approximately identify a host application of a mutated application. | 2016-04-07 |
20160099957 | METHODS AND SYSTEMS FOR DETECTING AN ELECTRONIC INTRUSION - Methods and systems for detecting an electronic intrusion are described. A notification is received, over a network, from a server, the notification reporting a detection of a user activity. In response to receiving the notification reporting the detection of the user activity, the user activity is identified as a possible electronic intrusion into a user account. A location of a user corresponding to the user account is determined. Based at least in part on the location of the user, it is identified whether to communicate a request to the user for instructions to respond to the notification. A response is received from the user. The response includes instructions to block access to the user account at the server. Command information is communicated to the server based on the response. The command information includes a command to block access to the user account | 2016-04-07 |
20160099958 | CONTENT REQUEST RATE LIMITING IN A CONTENT DELIVERY SYSTEM - Systems, methods, and software for operating a content delivery node to monitor requests for content transferred by at least an end user device to detect when the requests comprise an attack on the content delivery node. Responsive to detecting the attack on the content delivery node, the content delivery node establishes a rate limit in the content delivery node on at least the requests for the content associated with the end user device, and transfers an indication of the attack comprising the rate limit for delivery to another content delivery node that directs the other content delivery node to apply the rate limit to further requests for the content before the further requests are received by the other content delivery node. | 2016-04-07 |
20160099959 | REPUTATION-BASED THREAT PROTECTION - Information concerning a plurality of identified threats provided by a plurality of preselected sources is stored in memory. An e-mail message may be received over a communication network. The received e-mail message is separated into a plurality of components. The stored information is searched to identify a reputation score associated with each of the plurality of components. It is then determined whether the e-mail is a threat based on the identified reputation score of each of the plurality of components. The determination is sent to a designated recipient. | 2016-04-07 |
20160099960 | System and method for scanning hosts using an autonomous, self-destructing payload - A method for scanning hosts using an autonomous, self-destructing payload, deploying, by a computing device, at least one payload to at least one host, the at least one payload comprising at least one instruction to scan the at least one host for malicious activity, an instruction to produce and store in the memory of the at least one host an encrypted output file, and an instruction to delete the payload. The method includes disconnecting, by the computing device, from the at least one host. The method includes executing, by the at least one host, the payload, while disconnected from the computing device. The method includes reconnecting, by the computing device, to the at least one host. The method includes retrieving, by the computing device, from the at least one host, the encrypted output file. The method includes analyzing, by the computing device, the encrypted output file for evidence of malicious activity. | 2016-04-07 |
20160099961 | DISTINGUISHING HUMAN-DRIVEN DNS QUERIES FROM MACHINE-TO-MACHINE DNS QUERIES - The present disclosure is related to a computer-implemented method and system for distinguishing human-driven Domain Name System (DNS) queries from Machine-to-Machine (M2M) DNS queries. The method includes receiving a DNS query, which includes a domain name, generating a probability score for the domain name based on one or more predetermined rules, and categorizing the DNS query as a human-driven DNS query or a M2M DNS query based on the probability score. | 2016-04-07 |
20160099962 | SITE SECURITY MONITOR - Techniques for monitoring site security are disclosed herein. Sites are scanned for security metric values associated with one or more security metrics. Normalized values for those scanned security metric values are calculated based on previously obtained values associated with one or more other security metrics associated with other scanned sites. Site security metrics are then calculated for the sites based on a subset of the normalized values and based at least in part on a comparison to other scanned sites. | 2016-04-07 |
20160099963 | METHODS AND SYSTEMS FOR SHARING RISK RESPONSES BETWEEN COLLECTIONS OF MOBILE COMMUNICATIONS DEVICES - Methods are provided for determining an enterprise risk level, for sharing security risk information between enterprises by identifying a security response by a first enterprise and then sharing the security response to a second enterprise when a relationship database profile for the first collection indicates the security response may be shared. Methods are also provided for determining whether to allow a request from an originating device where the request may have been initiated by a remote device. | 2016-04-07 |
20160099964 | SYSTEMS AND METHODS TO DETECT AND DEFEND AGAINST DISTRIBUTED DENIAL OF SERVICE ATTACKS - A method, operated by a Software Defined Networking (SDN) controller associated with an Autonomous System (AS) with one or more peering points, each peering point with an associated router communicatively coupled to the SDN controller, the method for detecting and defending against Distributed Denial of Service (DDoS) attacks, and the method includes receiving data from the one or more peering points; detecting malicious traffic at the one or more peering points; determining a peer quality measurement for the one or more peering points; and communicating the peer quality measurement and other data associated with the malicious traffic to one or more other SDN controllers, associated with Autonomous Systems connected through the one or more peering points, to facilitate convergence of the peer quality measurement back to a nominal level. | 2016-04-07 |
20160099965 | TCP CONNECTION RESOURCE DIVERSITY USING TUNABLE GEOMETRIC SERIES - Disclosed is a computer implemented method and apparatus for handling transport control protocol connections. The local host receives a transport control protocol socket connection request from a host. By subtracting a current port connection from maximum port connections to form a difference, the local host calculates the threshold based the difference divided by the tunable divisor, the tunable divisor not equal to one. The local host then determines whether the current port connections exceed the threshold. By responding to a determination that the current port connections exceed the threshold, the local host blocks the transport control protocol socket request based on the TCP socket connection request. | 2016-04-07 |
20160099966 | DISRUPTING AUTOMATED ATTACKS ON CLIENT-SERVER INTERACTIONS USING POLYMORPHIC APPLICATION PROGRAMMING INTERFACES - An app interacts with a human user of a user device that is executing the app while the app is also interacting over a network connection to an API server by making API calls to the API server and using the responses. An intermediary is provided between the API server and user devices/clients that modifies application programming interface interactions to disrupt automated attacks on those client-server interactions, at least as to those API interfaces that are known to be human-interaction API interfaces. The human-interaction API calls are disassociated to thwart automated attacks using those API calls. The disassociation can be provided through the use of user interface builder packages to provide instructions to the app as to performing human user interaction. Disassociating can be done by separating labels from their meaning, such as by assigning random values to the labels or other methods of obfuscating relations and structure. | 2016-04-07 |
20160099967 | SYSTEMS AND METHODS OF IDENTIFYING SUSPICIOUS HOSTNAMES - A method includes receiving a set of strings and applying one or more filters to generate a subset of strings that are determined to correspond to strings of interest. The method also includes retrieving domain name system (DNS) information associated with a first string of the subset. The method includes executing a rule-based engine to determine, based on application of one or more rules to the DNS information, whether to add the first string to a set of suspicious hostnames. | 2016-04-07 |
20160099968 | INFRASTRUCTURE LEVEL LAN SECURITY - Techniques are disclosed for securing traffic flowing across multi-tenant virtualized infrastructures using group key-based encryption. In one embodiment, an encryption module of a virtual machine (VM) host intercepts layer 2 (L2) frames sent via a virtual NIC (vNIC). The encryption module determines whether the vNIC is connected to a “secure wire,” and invokes an API exposed by a key management module to encrypt the frames using a group key associated with the secure wire, if any. Encryption may be performed for all frames from the vNIC, or according to a policy. In one embodiment, the encryption module may be located at a layer farthest from the vNIC, and encryption may be transparent to both the VM and a virtual switch. Unauthorized network entities which lack the group key cannot decipher the data of encrypted frames, even if they gain access to such frames. | 2016-04-07 |
20160099969 | ENFORCING POLICY COMPLIANCE ON A DEVICE - Disclosed herein is a method for enforcing policy compliance on a device that includes detecting a compliance action associated with an electronic device. The compliance action initiates verification that the electronic device is in compliance with a policy. The method also includes sending configuration information for the electronic device to a compliance authenticator in response to the compliance action. The compliance authenticator verifies that the configuration information complies with a policy. Further, the method includes receiving an authentication certificate in response to the compliance authenticator verifying the configuration information complies with the policy. The authentication certificate expires after a predetermined period of time. | 2016-04-07 |
20160099970 | Contract Broker for Secure Ad-Hoc Personal Data Sharing - The present disclosure is directed to a system and method for sharing sensitive personal data such as personally identifying data and financial data of a user. In an aspect the exchange of data is facilitated by a trusted contract broker, which is in communication with a client device and an external application. The contract broker having access to needs and rules for each of the client device and the external application, and the contract broker brokering the secure exchange of data between the client device and the contract broker according to said needs and rules. In an aspect, an electronic representation of a subset of personal data needed to satisfy an ad-hoc rule of said external application is generated in a client device and delivered to the external application. | 2016-04-07 |
20160099971 | End-To-End Secure Cloud Computing - A method includes receiving, at a control node of a cloud computing network, a first enterprise policy specific to the first enterprise and a second enterprise policy specific to the second enterprise, and managing communications between at least one user device of the first enterprise and the at least one enterprise application hosted on behalf of the first enterprise based on the first enterprise policy. The method also includes managing communications between at least one user device of the second enterprise and the at least one enterprise application hosted on behalf of the second enterprise based on the second enterprise policy. | 2016-04-07 |
20160099972 | Secure Execution of Enterprise Applications on Mobile Devices - A system is disclosed that includes components and features for enabling enterprise users to securely access enterprise resources (documents, data, application servers, etc.) using their mobile devices. An enterprise can use some or all components of the system to, for example, securely but flexibly implement a BYOD (bring your own device) policy in which users can run both personal applications and secure enterprise applications on their mobile devices. The system may, for example, implement policies for controlling mobile device accesses to enterprise resources based on device attributes (e.g., what mobile applications are installed), user attributes (e.g., the user's position or department), behavioral attributes, and other criteria. Client-side code installed on the mobile devices may further enhance security by, for example, creating a secure container for locally storing enterprise data, creating a secure execution environment for running enterprise applications, and/or creating secure application tunnels for communicating with the enterprise system. | 2016-04-07 |
20160099973 | LOCATION BASED SHARING OF A NETWORK ACCESS CREDENTIAL - A network access credential can be shared among devices based on location information for a device. Location information can include timed fingerprint location information. In an aspect, location information can be associated with a location of user equipment. This location information can be correlated with network access credentials. Location information can be used to access a relevant network access credential. The relevant network access credential can be shared with other devices. In an embodiment, sharing a network access credential can be between mobile devices. In another embodiment, sharing a network access credential can be between a remote computing device and a mobile device. Sharing a credential can allow for access to a network without having to generate or input new credentials. | 2016-04-07 |
20160099974 | SYSTEM AND METHOD FOR REMOTELY MANAGING SECURITY AND CONFIGURATION OF COMPUTE DEVICES - The present invention relates to a system that manages security of one or more computer systems and/or one or more different types of I/O channels such as USB, Ethernet, SATA, and SAS. According to certain aspects, the management system is distributed. That is, a central management system and computer subsystems are physically distributed within one or more geographical areas, and communicate with each other by passing messages through a computer network. According to certain additional aspects, the configuration and/or security functions performed by methods and apparatuses according to the invention can be logically transparent to the upstream host and to the downstream device. | 2016-04-07 |
20160099975 | Extending organizational boundaries throughout a cloud architecture - An information sharing paradigm for a cloud computing solution enables flexible organizational boundaries with respect to cloud resources. Cloud service customers manage their own organization boundary but can extend that boundary selectively by associating cloud resources they own with sets of domain names that may be associated with requests for cloud resources that the organization may be willing to share with other organizations that are using the cloud environment, and by ensuring that any such requests for resources that are shared in this manner are associated with one or more message handling policies that have been defined by (or otherwise associated with) the resource-owning organization. Cloud resources owned by an organization (even those marked as “internal only”) may be selectively shared with one or more other organizations using the cloud environment depending on the domain names associated with the requests. Message handling policies are enforced with respect to shared resources. | 2016-04-07 |
20160099976 | Internet of Things Context-Enabled Device-Driven Tracking - A determination is made at a server that a network connected device is to control monitoring performed by a first network connected sensor. A first connection is established between the network connected device and the first network connected sensor, the first connection providing control of the first network connected sensor by the network connected device. A context change for the network connected device is determined. A second connection between the network connected device and a second network connected sensor is established, the second connection providing control of the second network connected sensor by the network connected device. | 2016-04-07 |
20160099977 | METHOD OF UTILIZING TOKEN TO ENABLE ELECTRONIC DEVICES TO ACT SIMULTANEOUSLY WITH EACH OTHER - The present invention is to provide a method enabling a first electronic device to execute steps of: connecting to a cloud server; establishing connection with a second electronic device to obtain a second device parameter stored in the second electronic device; transmitting a first device parameter stored therein and the second device parameter to the cloud server; receiving and storing a token generated by the cloud server, wherein the token is associated with management data stored in the cloud server when the cloud server determines that the first and second device parameters correspond to the management data; and transmitting the token to the second electronic device; such that the first and second electronic devices are stored with the same token, and the cloud server transmits a control instruction to the first and second electronic devices according to the tokens when the second electronic device is connected to the cloud server. | 2016-04-07 |
20160099978 | Distributed Audio Conferencing Architecture with Optimum Resource Utilization and Seamless Scalability - A conference call solution with one or more conference server, one or more conference bridge and one or more media mixer. A conference server is chosen as the conference bridge for the conference call using various optimization techniques. A media mixer for the conference call may also be chosen using various optimization techniques. The media mixer mixes media data from one or more conference bridge. If a conference bridge or the media mixer fails, the system recovers from the failure with minimal interruption to the users. | 2016-04-07 |
20160099979 | METHOD AND APPARATUS FOR RAPID SETUP OF A TELEPHONY COMMUNICATION USING MULTIPLE COMMUNICATION CHANNELS - A first telephony device sets up a first communication channel through an Internet protocol (IP) network for conducting an IP based telephony communication with a second telephony device. The first communication channel includes one or more media relays. The first telephony device then begins to conduct the telephony communication with the second telephony device over the first communication channel. While the initial stages of the telephony communication are ongoing, the first telephony device sets up a second communication channel with the second telephony device that does not utilize media relays. The telephony communication is then switched to the second communication channel. Proceeding in this fashion ensures that a communication channel can be rapidly established between the first and second telephony devices so that the telephony communication can quickly commence. | 2016-04-07 |
20160099980 | SPLIT SCREEN TELECONFERENCING - Techniques and mechanisms described herein facilitate conducting a teleconference between a remote client device and a teleconference system. According to various embodiments, the teleconference system may include a data input device that receives teleconference data and a teleconference output device that presents teleconference output data. The data input device and the data output device may reside at different network end points. The system identifies the presence of a user on two different devices and leverages the appropriate device for video capture and display. | 2016-04-07 |
20160099981 | METHOD FOR FILTERING SECTIONS OF SOCIAL NETWORK APPLICATIONS - A method for setting viewing options in a social network application is disclosed. First, a plurality of sections are provided. Second, a first order for the plurality of sections is provided wherein the sections are in the first order. Then an image icon to represent the user is provided. Next, a selection icon is provided for the viewing user to select, wherein when the selection icon is selected, the piece of content information is secured and the section is secured. Next, a plurality of secured sections is collected the secured sections is displayed in a second order. | 2016-04-07 |
20160099982 | METHODS AND SOFTWARE FOR WEB DOCUMENT SPECIFIC MESSAGING - The present invention is directed to methods and software for web document specific messaging. The methods and software may comprise first determining the digital identifier of a current web document from an application on a user device. The digital identifier is then received at the application server comprising a database. The database is queried for any viewable content associated with the digital identifiers. The viewable content may further be filtered based on user selected filters. The resulting filtered content is then displayed to the user. The user may further be able to input user content relating to the current web document and other user content, which may be viewable by other users depending on user selected privacy settings, this user content may be submitted and associated to the same digital identifier to be shared with other users. | 2016-04-07 |
20160099983 | ELECTRONIC CONFERENCE APPARATUS, METHOD FOR CONTROLLING SAME, AND DIGITAL PEN - An electronic conference apparatus, a method for controlling the same, and a digital pen are provided. The electronic conference apparatus includes a sensor configured to sense a touch point of a digital pen through first hand writer during a period in which handwriting is input to paper through second hand writer. The electronic conference apparatus further includes a controller configured to generate handwriting information based on the sensed touch point, and a communicator configured to transmit the handwriting information. | 2016-04-07 |
20160099984 | METHOD AND APPARATUS FOR REMOTE, MULTI-MEDIA COLLABORATION, INCLUDING ARCHIVE AND SEARCH CAPABILITY - Embodiments of a method and apparatus for remote collaboration include a central cloud computing infrastructure configurable to capture data related to online, remote collaborative session between users via any type of Internet capable user device. Data capture includes capture of data via services/systems external to the infrastructure, and services/systems internal to the infrastructure. Methods further comprise archiving session data including video and audio from a session and any data attachments users might add to the session (during or after the session). The session data can be searched by permitted users to find any data from a session, different session a participant attended. Permitted users can add data to a session, either during or after the session occurred. Added data includes book marks that mark a point in time of a session and can be associated with comments, data attachments, and more. A rich user interface graphically displays bookmarks, comments and data over the time of the session. | 2016-04-07 |
20160099985 | Combination of Unicast and Multicast User Plane Data - User plane data is communicated by cell-specific broadcasting of said user plane data in a cell and unicasting in parallel the same user plane data to at least one communication device participating a group service. When receiving the user plane data, a communication device receiving the eel- specific broadcasting and unicasting can combine the broadcast and unicast user plane data. | 2016-04-07 |
20160099986 | SYSTEM AND METHOD FOR CONCURRENT ELECTRONIC CONFERENCES - Method for scheduling and implementing an electronic meeting conducted among remotely-located users communicating with an agenda server, including: accepting a meeting agenda that includes a plurality of topics, a quorum, an identification of resources used by each topic, an identification of data used by each topic, and an identification of data produced by each topic; partitioning the meeting agenda into at least a first and second group of topics; searching for data dependencies between the first and second groups of topics; searching for resource dependencies between the first and second groups of topics; if data dependencies or resource dependencies are found between the first and second groups of topics, then repartitioning the meeting agenda until the data dependencies and resource dependencies between the first and second groups of topics are reduced below a predetermined dependency threshold; and concurrently scheduling and executing the first and second groups of topics. | 2016-04-07 |