16th week of 2018 patent applcation highlights part 60 |
Patent application number | Title | Published |
20180109503 | Method and System for Managing Communications in a System Comprising a Receiver Entity, a Sender Entity, and a Network Entity - It is provided a system comprising a sender entity, a receiver entity, and a network entity interposed between the sender entity and the receiver entity. The receiver entity is configured to send a connection request to the sender entity, and to further send to the sender entity at least one encrypted meta-information for said connection. The sender entity is configured to insert the at least one encrypted meta-information into at least one packet of the connection. The network entity is configured to decrypt the at least one meta-information and to process the at least one packet on the basis of the decrypted at least one meta-information. | 2018-04-19 |
20180109504 | SYSTEM AND ASSOCIATED SOFTWARE FOR PROVIDING ADVANCED DATA PROTECTIONS IN A DEFENSE-IN-DEPTH SYSTEM BY INTEGRATING MULTI-FACTOR AUTHENTICATION WITH CRYPTOGRAPHIC OFFLOADING - The advanced data protection system is implemented by distributing data encryption across multiple isolated computing systems and using multi-factor authentication to access remote, protected decryption material. Architectural components include: Client application software reading/writing from/to a client data store executing on a client host computer, client application plug-ins communicating with external authentication devices, server application software reading/write data from/to a server data store executing on a host computer which is physically or virtually isolated from the client host computer, authentication devices, components, or systems integrated with or connected to the client computer and exposing programmatic interfaces to client application software, and secure networking components executing on both hosts that provide secure data exchange. The system employs certain associated software that incrementally encrypts client data on both the client and server, storing portions of the results on each computer, and requiring multi-factor authentication for distributed decryption material recovery. | 2018-04-19 |
20180109505 | AUTHENTICATING MOBILE APPLICATIONS USING POLICY FILES - Examples of techniques for authenticating mobile applications are described herein. A method includes receiving, via a first server, a key pair and a policy file associated with a mobile service from a second server. Authentication of the mobile application is performed based on the key pair and the policy file. A scope token is generated with an application scope in response to authenticating the mobile application. Authentication of a client device is performed corresponding to the mobile application and a user to generate a doubly-authenticated scope token including a device scope and application authenticity scope. The doubly-authenticated scope token is sent to a security gateway for user authentication. A trebly-authenticated scope token is received with a grant token request and a grant token is sent to the mobile application. The grant token is received from the mobile application. An access token is generated and sent to the mobile application. | 2018-04-19 |
20180109506 | ABSTRACTING AN AUTHENTICATION SEQUENCE USING HTTP - An enterprise server is provisioned with an authentication response language, where the authentication response language allows the enterprise server to issue instructions for authentication steps to an enterprise client, which enables the enterprise client to execute a set of instructions for navigating an authentication sequence. The set of instructions installed into and served by the enterprise server varies depending on a protocol inherently used by the authentication topology. The enterprise client, when accessing a protected resource, and not already authenticated, receives a set of authentication instructions from the enterprise server formulated in the authentication response language. The client starts to interpret the provided authentication instructions, but controls the presentation layer and interface of any user interactions. The client follows the sequence by sending requests and receiving responses from one or more servers in the topology until the sequence is complete. | 2018-04-19 |
20180109507 | SYSTEMS AND METHODS TO AUTHENTICATE USERS AND/OR CONTROL ACCESS MADE BY USERS ON A COMPUTER NETWORK USING A GRAPH SCORE - A controller for user authentication and access control, configured to: store data representing a graph having: nodes representing data elements associated with accesses made using an access token; and links among the nodes representing connections between the data elements identified in details of the accesses. In response to receiving details of an access made using the access token, the controller updates the graph according to the details and determines a plurality of measurements of the graph. After computing a score of the graph based on a weighted average of the measurements, the controller authenticates the user of the access and/or controls the access based on the score. | 2018-04-19 |
20180109508 | SYSTEMS AND METHODS FOR DATA MANAGEMENT AND THE USE OF SALTS AND KEYS IN DATA ENCRYPTION/DECRYPTION - Methods and systems for encrypting sensitive information are disclosed comprising hashing sensitive information by a hash function and selecting a salt or key salt based, at least in part, on the hashed sensitive information. If a salt is selected, the selected salt is combined with the hashed sensitive information to yield combined sensitive information, which is encrypted and stored. If a key is selected, such as an AES key, for example, the sensitive information is encrypted by the selected encryption key, and stored. The keys and salts may be encrypted by a cryptographic processing system that generates and stores keys, such as a key management system and/or a hardware security module, for further protection. The salts may be concatenated into a binary large object prior to encryption. Methods and systems for updating of stored records comprising encrypted sensitive information are also described. | 2018-04-19 |
20180109509 | SYSTEMS AND METHODS FOR LOGIN AND AUTHORIZATION - Systems and methods are provided for login and authorization. For example, a third-party terminal receives a login request from a user and sends an authorization request from the third-party terminal to a network server; the network server generates first two-dimensional-barcode information and sends the first two-dimensional-barcode information to the third-party terminal; the third-party terminal displays a first two-dimensional-barcode image; a mobile terminal extracts the first two-dimensional-barcode information from the first two-dimensional-barcode image and sends first user account information and the first two-dimensional-barcode information to the network server; the network server validates the first user account information and the first two-dimensional-barcode information based on at least information associated with stored second user account information and second two-dimensional-barcode information generated by the network server. | 2018-04-19 |
20180109510 | SYSTEMS AND METHODS FOR GENERATING MULTI-DIMENSIONAL PASSWORD AND AUTHENTICATING THEREOF - Systems and methods for multi-dimensional password generation and authentication is provided. The method includes selecting a virtual reality (VR) environment, rendering interactive objects in the VR environment, tracking a first set of activities including user behavior, user interaction with the objects, and changes made to the objects, the behavior including user position(s), head rotation, time spent on a particular position, GPS coordinates, and the changes include one of position, shape, color, and rotation of the objects. The method generates a multi-dimensional password based on the first set of tracked activities, and authenticates based on comparison of a second set of tracked activities and the first set of activities. When the comparison results in mismatch, the system generates a one-time multi-dimensional image, based on which a third set of activities are tracked and compared with the first set of activities for resetting the password or authenticating the user accordingly. | 2018-04-19 |
20180109511 | PRIVATE SIMULTANEOUS AUTHENTICATION OF EQUALS - A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret. | 2018-04-19 |
20180109512 | MOBILE BASED MULTI-CHANNEL CITIZEN ACCOUNT ORIGINATION IN DIGITAL ECONOMY - Gathering and verifying customer information via SMS and in-person representatives. Customer account information is received, wherein the customer account information is given to a business correspondent by a customer. A verification of the customer account information is received, wherein the verification is performed by the business correspondent. A hash is generated with the customer account information. The hash is sent to a data center. An account number is received from the data center. An enrollment PIN is received, wherein the enrollment PIN is sent from the data center to the customer, the customer gives the enrollment PIN to the business correspondent, and the business correspondent enters the enrollment PIN into the business correspondent app, and wherein the enrollment PIN is linked to the account number. The data center is synced after receiving the enrollment PIN. | 2018-04-19 |
20180109513 | MOBILE BASED MULTI-CHANNEL CITIZEN ACCOUNT ORIGINATION IN DIGITAL ECONOMY - Gathering and verifying customer information via SMS and in-person representatives. A hash is received with customer account information from a business correspondent application, wherein the account information is given in-person to a business correspondent, the business correspondent enters the account information into the business correspondent app, the account information is verified by the business correspondent after entering the account information in the business correspondent app, and the hash is generated by the business correspondent app after the business correspondent app receives confirmation of verification of the account information from the business correspondent. An account number is generated for the customer. The account number is sent to the business correspondent app and to the customer. An enrollment PIN is sent to the customer, wherein the enrollment PIN is linked to the account number. The business correspondent app is synced after the business correspondent app receives the enrollment PIN from the customer. | 2018-04-19 |
20180109514 | AUTHENTICATION-FREE CONFIGURATION FOR SERVICE CONTROLLERS - Embodiments generally relate to out-of-band management of a computing system. The present technology discloses enable a primary service controller to provide a centralized configuration of multiple secondary service controllers so that they can share a same configuration. It can utilize an authentication-free protocol to modify and manage credentials for a large number of service controllers. | 2018-04-19 |
20180109515 | SYSTEM, SERVICE PROVIDING APPARATUS, CONTROL METHOD FOR SYSTEM, AND STORAGE MEDIUM - A client terminal includes a first acquisition unit configured to acquire, in response to a user, who has received a service provided by the second service providing apparatus, issuing an instruction for requesting provision of a service by a first service providing apparatus, information indicating a tenant of the first service providing apparatus associated with a community to which the user belongs. | 2018-04-19 |
20180109516 | METHOD FOR PROVIDING CERTIFICATE SERVICE BASED ON SMART CONTRACT AND SERVER USING THE SAME - A method for providing a certificate registration service based on a smart contract, wherein the smart contract is source code compilable into executable byte code, is configured to perform procedures if particular conditions are satisfied, and wherein integrity is verified by a consensus, is provided. The method includes steps of: (a) acquiring a public key PubA of a user device, an IdhashA which is hashed personal information, and a VcertA which includes validity conditions, acquiring the smart contract corresponding to the validity conditions and byte code; (b) registering the PubA, the IdhashA and the byte code with a private blockchain database, and acquiring PrivTxidA locating certificate information in the private blockchain database; (c) registering the PrivTxidA and a state of the smart contract with an SDB; and (d) acquiring and registering a hash value calculated using the PubA, the IdhashA and the byte code, and its neighboring hash value. | 2018-04-19 |
20180109517 | A METHOD FOR AUTHENTICATING A USER WHEN LOGGING IN AT AN ONLINE SERVICE - Provided is a method for authenticating a user when logging in at an online service, where the online service is provided by a server arrangement and the method is based on a communication between the online service and a primary device and between the online service and a secondary device. The method comprising the following steps: a user identification specified by the user at the secondary device and not including any credential is received by the online service; an authentication request is transmitted by the online service to the primary device where the primary device is associated with the user identification; an authentication response comprising at least one credential is transmitted by the primary device to the online service, where the at least one credential originates from a storage in the primary device and is only transmitted through the authentication response upon a successful local authentication of the user at the primary device. | 2018-04-19 |
20180109518 | Data Processing Based on Two-Dimensional Code - The present disclosure provides example methods and apparatuses of data processing based on a two-dimensional code. The two-dimensional code is generated upon receiving a data processing request from a user of a first communication device. Information relating to the data processing request obtained through scanning the two-dimensional code by a second communication device is received. A user interface for data processing is generated at the second communication device based on the information relating to the data processing request. The present techniques for data processing based on the two-dimensional code use the two-dimensional code to complete logging-in and avoid the tedious logging-in process, thereby conveniently, efficiently, and securely implements data output processing. | 2018-04-19 |
20180109519 | Method for Generating An Authenticating Document - A method for generating an authenticating document for verifying whether a password is inputted by a genuine holder of the password is to be implemented by a network server communicable with a mobile device. The method includes: receiving, by the network server from the mobile device, a password inputted by a user via an input unit of the mobile device, and a dynamic image that is captured by an image capture module of the mobile device and that is associated with a motion of the user during input of the password; and compiling, by the network server, the authenticating document based on the password and the dynamic image when the password is verified by the network server to be correct. | 2018-04-19 |
20180109520 | Automatic Association of Authentication Credentials with Biometrics - A computing device may receive authentication information. Within a time-out period, a fingerprint may also be received. The computing device may assign one or more authentication credentials to the fingerprint based on authentication credentials associated with the received authentication information. In some implementations, the computing device may assign the authentication credentials associated with the received authentication information to the biometric. However, in other implementations, the computing device may assign different authentication credentials to the biometric based on one or more user preferences, defaults, security policies, and/or enterprise policies. In various implementations, the authentication credentials assigned to the biometric may be altered, such as by adding and/or removing one or more authentication credentials. Such alteration may be performed in response to a received user request, changed enterprise policy, changed security policy, fraud alert, and/or other such factor. | 2018-04-19 |
20180109521 | METHOD OF MUTUAL AUTHENTICATION BETWEEN AGENT AND DATA MANAGER IN U-HEALTH ENVIRONMENT - Disclosed is a method of mutual authentication between an agent and a data manager in a u-health environment, in which the agent performs identification recognition using an identification (ID) of the agent, i.e., a System-id, a secret key, encryption, and a one-time use random number generator, instead of using biometric scan data of an existing IEEE 11073 agent, and hence bidirectional authentication, rather than unidirectional authentication, is allowed. | 2018-04-19 |
20180109522 | RFID AUTHENTICATION ARCHITECTURE AND METHODS FOR RFID AUTHENTICATION - A method for mutual authentication in an RFID system comprising an RFID reader and an RFID tag, the method comprising requesting an identification from the tag, receiving the identification, using the received identification to select a password associated with the identification, generating a password key based on the selected password, encrypting the selected password using the password key, and transmitting the encrypted password to the tag. | 2018-04-19 |
20180109523 | SYSTEM AND METHOD OF FACILITATING THE IDENTIFICATION OF A COMPUTER ON A NETWORK - A system and method for facilitating identification of an attacking computer in a network is provided. A user attempting to login to a network application may be presented with a screen prior to the login which lists preconditions of gaining access to the application. If a user concurs with the preconditions, a security module is downloaded to the user's computer and executed which gathers various configuration settings and transmits the gathered information to a predetermined destination. The security module may also attempt to place a call to a predetermined destination over a modem in the computer to cause registration of caller-ID data when answered at the predetermined destination. Once the security check is completed, login may proceed with the network application. Any data gathered by the security module may be stored for later recall and use to identify the computer in the event of an attack. | 2018-04-19 |
20180109524 | CROSS SECURITY LAYER SECURE COMMUNICATION - A security layer in an industrial control and automation system includes a user database, a web server, a secure token server (STS), and an application server. The user database is configured to store identities of users with credentials to access controls of the security layer. The web server is configured to identify an operator using a client device. The STS is configured to authenticate the operator for the security layer. The application server is configured to negotiate access for the client device for a target application server in a target security layer. | 2018-04-19 |
20180109525 | ELECTRONIC COMPUTING DEVICE INCLUDING ONLINE CONNECTIVITY AND PERMANENTLY OFFLINE COMPUTING - A computing system includes two separate computer modules within the same computing housing. The computing system protects data from one computer from online threats by permanently keeping the computer offline and disconnected from networks or the Internet. Sensitive or important data may thus be worked on without fear of exposure to online threats that may sneak into the data storage using subterfuge or undetected entry. The user may switch to the other computer which has network connectivity to access network data or the Internet while the data in the offline computer is safely disconnected and protected from access by the other computer's connectivity. | 2018-04-19 |
20180109526 | BOT PERMISSIONS - Permission control and management for messaging application bots is described. A method can include providing a messaging application, on a first computing device associated with a first user, to enable communication between the first user and another user, and detecting, at the messaging application, a user request. The method can also include programmatically determining that an action in response to the user request requires access to data associated with the first user, and causing a permission interface to be rendered in the messaging application, the permission interface enabling the first user to approve or prohibit access to the data associated with the first user. The method can include accessing the data associated with the first user and performing the action in response to the user request, upon receiving user input from the first user indicating approval of the access to the data associated with the first user. | 2018-04-19 |
20180109527 | DOMAIN NAME SYSTEM AND METHOD OF OPERATING USING RESTRICTED CHANNELS - A server system for a domain name system (DNS) which operates to concurrently provide both public-facing and restricted channels for receiving and handling Internet Protocol (IP) address requests from a population of computers. The server system implements an alternative DNS request handling process to provide a trusted computer entity with exclusive access to the restricted channels. | 2018-04-19 |
20180109528 | PEER TO PEER ENTERPRISE FILE SHARING - Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server. | 2018-04-19 |
20180109529 | PEER TO PEER ENTERPRISE FILE SHARING - Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server. | 2018-04-19 |
20180109530 | PEER TO PEER ENTERPRISE FILE SHARING - Disclosed are various embodiments for facilitating the distribution of files from a file repository. Files from a file repository can be distributed via peer to peer transmissions where the peer devices can perform authentication functions. The authentication can be performed based upon metadata associated with the files as well as based upon authentication requests submitted to an authentication server. | 2018-04-19 |
20180109531 | ANOMALY DETECTION USING TRIPOINT ARBITRATION - Systems, methods, and other embodiments associated with anomaly detection using tripoint arbitration are described. In one embodiment, a method includes identifying a set of clusters that correspond to a nominal sample of data points in a sample space. A point z is determined to be an anomaly with respect to the nominal sample when, for each cluster, a tripoint arbitration similarity between data points in the cluster calculated with z as arbiter is greater than a threshold. | 2018-04-19 |
20180109532 | SYSTEM AND METHOD FOR EMBEDDING FIRST PARTY WIDGETS IN THIRD-PARTY APPLICATIONS - Methods and systems for providing a third party application with access to files stored on a server are disclosed. A method may include receiving, from a browser at a client device, a request for a file stored on the server, wherein the request is received via a web page provided by the third party application and rendered by the browser, the web page comprising an embedded user interface (UI) component associated with the server to access the file stored on the server, wherein the request includes a document identifier associated with the file, an application identifier of the third-party application, and an origin identifier, wherein the origin identifier is associated with the web page provided by the third party application and rendered by the browser. The method may further include authenticating the application identifier at the server, wherein authenticating the application identifier comprises determining whether the application identifier references a valid application, and based on the document identifier, the authenticated application identifier and the origin identifier, granting access to the file for the third party application via the embedded UI component. | 2018-04-19 |
20180109533 | DEVICE MANAGEMENT FOR ISOLATION NETWORKS - In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form a virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server identifies a configuration for the particular node based on a node profile for the particular node. The server accesses a configuration interface of the particular node and instructs the particular node to use the identified configuration via the accessed configuration interface. | 2018-04-19 |
20180109534 | DETERMINING VIRTUAL ADAPTER ACCESS CONTROLS IN A COMPUTING ENVIRONMENT - A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s). | 2018-04-19 |
20180109535 | DETERMINING VIRTUAL ADAPTER ACCESS CONTROLS IN A COMPUTING ENVIRONMENT - A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s). | 2018-04-19 |
20180109536 | MAINTAINING A LIMITED USER PROFILE FOR SOCIAL NETWORKING SYSTEM USERS UNABLE TO ESTABLISH A USER PROFILE - A social networking system maintains a limited user profile associated with a user of the social networking system who does not satisfy one or more criteria for the social networking system to maintain a user profile. The limited user profile includes information describing the user and allows the user to be associated with limited types of interactions with the social networking system. An administrator is associated with the limited user profile and may modify information associated with the limited user profile as well as authorize or deny interactions involving the limited user profile. When the user satisfies criteria for the social networking system maintaining a user profile, the social networking system generates a user profile based on information in the limited user profile and prior interactions involving the limited user profile. | 2018-04-19 |
20180109537 | ASSIGNING A LEVEL OF TRUST BETWEEN ENTITIES IN AN ONLINE SYSTEM FOR DETERMING WHETHER TO PERMIT AN ACTION REQUESTED BY AN ENTITY - An online system assigns a level of trust between a requesting entity and a target entity based on connections between users of the online system associated with the requesting entity and users of the online system associated with the target entity in response to receiving a request from the requesting entity to perform an action that is directed towards the target entity. If the assigned level of trust exceeds a threshold level of trust, the online system permits the requesting entity to perform the action; otherwise, the online system denies the request. The level of trust between the entities may be used by the online system to determine whether to grant or deny additional types of requests received from the requesting entity (e.g., a request to create an advertising account to purchase advertising services provided by the online system). | 2018-04-19 |
20180109538 | SYSTEM AND METHOD FOR POLICY BASED ADAPTIVE APPLICATION CAPABILITY MANAGEMENT AND DEVICE ATTESTATION - A method provides policy based adaptive application capability management and device attestation for dynamic control of remote device operations. The method includes instrumenting applications installed on a remote device to examine their runtime application programming interface (API) invocations to trusted functions abstracted by a trusted services platform anchored to an underlying firmware, software or hardware root of trust, and managing the application security operations based on the execution context and dynamic privilege controls to restrict their capabilities. The invention also provides a local attestation agent to perform state measurements for platform trust, configuration and operational metrics, and generates device policy based platform and application level alerts. These alerts allow operations technology (OT) administrators to dynamically control the operational capabilities of applications, to deal with discovered vulnerabilities and exploits, before requiring distribution of application software upgrades or patches onto a large number of distributed remote devices. | 2018-04-19 |
20180109539 | INVALIDATION OF AN ACCESS TOKEN - A computer-implemented method for invalidating an access token includes generating an access token and an HTML file in response to receipt of a request for issuing the access token, the HTML file comprising a set of instructions for rendering on one window in a browser, a code for generating a child segment in a memory which is controlled by the window, and a code for invalidating the access token in response to completion of rendering on the child segment, in response to completion of receiving, from a resource server, one or more resources requested by a client program executed on the child segment or in response to closing of the window, sending the access token and the HTML file to the browser, and invalidating the access token, in response to receipt, from the browser, of a request for invalidating the access token. | 2018-04-19 |
20180109540 | SECURING ORDERED RESOURCE ACCESS - Ordered access to resources is controlled by restricting access to additional resources that are accessible when a client device provides an authentication provided when accessing an initial resource. When the client device accesses the initial resources, a set of access parameters are identified describing the request and the client device providing the request, and included with an expiration time in generating a token. The token and expiration date are provided in an authorization for the additional resources. When requesting the additional resources, the authorization is provided and verified by comparing the token in the authorization with a test token generated with reference to access parameters of the request for additional resources. When the tokens match, the additional resource is provided to the client device. | 2018-04-19 |
20180109541 | BLOCKCHAIN MINING USING TRUSTED NODES - Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more mobile communication devices and/or processing devices to facilitate and/or support one or more operations and/or techniques for blockchain mining using trusted nodes, such as via democratization of associated resources for fair blockchain mining, for example. | 2018-04-19 |
20180109542 | SYSTEM AND METHOD FOR GENERATING DATA SETS FOR LEARNING TO IDENTIFY USER ACTIONS - Embodiments for generating appropriate data sets for learning to identify user actions. A user uses one or more applications over a suitable period of time. As the user uses the applications, a monitoring device, acting as a “man-in-the-middle,” intermediates the exchange of encrypted communication between the applications and the servers that serve the applications. The monitoring device obtains, for each action performed by the user, two corresponding (bidirectional) flows of communication: an encrypted flow, and an unencrypted flow. Since the unencrypted flow indicates the type of action that was performed by the user, the correspondence between the encrypted flow and the unencrypted flow may be used to automatically label the encrypted flow, without decrypting the encrypted flow. Features of the encrypted communication may then be stored in association with the label to automatically generate appropriately-sized learning set for each application of interest. | 2018-04-19 |
20180109543 | MONITORING USE OF A SENSOR OF A COMPUTING DEVICE - Monitoring use of a sensor of a computing device. A sensor obtains information from an environment of the computing device. A co-processor provides functionality for the sensor, and at least one channel connects the co-processor to a central processing unit (CPU) of the computing device. Sensor data transmission is monitored over the at least one channel to determine when a transmission of data changes from a low data transmission mode to a high data transmission mode, and an alert is activated when the transmission of data is in the high data transmission mode. | 2018-04-19 |
20180109544 | PATH SCANNING FOR THE DETECTION OF ANOMALOUS SUBGRAPHS AND USE OF DNS REQUESTS AND HOST AGENTS FOR ANOMALY/CHANGE DETECTION AND NETWORK SITUATIONAL AWARENESS - A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior. | 2018-04-19 |
20180109545 | SYSTEMS AND METHODS FOR AUTOMATED RETRIEVAL, PROCESSING, AND DISTRIBUTION OF CYBER-THREAT INFORMATION - Systems and methods are provided for automated retrieval, processing, and/or distribution of cyber-threat information using a cyber-threat device. Consistent with disclosed embodiments, the cyber-threat device may receive cyber-threat information in first formats from internal sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may receive cyber-threat information second formats from external sources of cyber-threat information using an accessing component of the cyber-threat device. The cyber-threat device may process the received cyber-threat information in the first formats and the second formats into a standard format using a processing component of the cyber-threat device. The cyber-threat device may provide the processed items of cyber-threat information to a distributor using a distributing component of the cyber-threat device. The cyber-threat device may automatically report information concerning the processed items of cyber-threat information to a device of a user with a reporting component of the cyber-threat device. | 2018-04-19 |
20180109546 | Distributed Network Security Using a Logical Multi-Dimensional Label-Based Policy Model - A managed server (MS) within an administrative domain is quarantined. The administrative domain includes multiple MSs that use management instructions to configure management modules so that the configured management modules implement an administrative domain-wide management policy that comprises a set of one or more rules. The quarantined MS is isolated from other MSs. A description of the MS is modified to indicate that the MS is quarantined, thereby specifying a description of the quarantined MS. Cached actor-sets are updated to indicate the quarantined MS's changed state, thereby specifying updated actor-sets. A determination is made regarding which updated actor-sets are relevant to an other MS, thereby specifying currently-relevant updated actor-sets. A determination is made regarding whether the currently-relevant updated actor-sets differ from actor-sets previously sent to the other MS. Responsive to determining that the currently-relevant updated actor-sets are identical to the previously-sent actor-sets, no further action is taken. | 2018-04-19 |
20180109547 | DATA PROTECTION IN A NETWORKED COMPUTING ENVIRONMENT - Approaches for providing data protection in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes generating, by the at least one computer device, a second system in the networked computing environment, wherein the second system includes a patch based on the breach. The method additionally includes converting, by the at least one computer device, the first system to a decoy system. The method further includes generating, by the at least one computer device, a third system in the networked computing environment, wherein the third system has reduced security relative to the first system. | 2018-04-19 |
20180109548 | DATA PROTECTION IN A NETWORKED COMPUTING ENVIRONMENT - Approaches for providing data protection in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes generating, by the at least one computer device, a second system in the networked computing environment, wherein the second system includes a patch based on the breach. The method additionally includes converting, by the at least one computer device, the first system to a decoy system. The method further includes generating, by the at least one computer device, a third system in the networked computing environment, wherein the third system has reduced security relative to the first system. | 2018-04-19 |
20180109549 | SECURING SERVICES IN A NETWORKED COMPUTING ENVIRONMENT - A computer-implemented method includes: detecting, by a user device, an event that indicates a potential security compromise of the user device; determining, by the user device, a service accessible on the user device; sending, by the user device, a breach notification to a service provider corresponding to the service accessible on the user device; receiving, by the user device, a security profile from the service provider; and restricting, by the user device, access to the service provider by a client of the service provider on the user device until the security profile is satisfied by a user completing a security challenge defined in the security profile. | 2018-04-19 |
20180109550 | UNIVERSAL LINK TO EXTRACT AND CLASSIFY LOG DATA - A universal link to extract and classify log data is disclosed. In various embodiments, a set of candidate data values that match a top level pattern that is common to two or more types of data value of interest is identified. The candidate data values are processed through a plurality of successive filtering stages, each stage of which includes determining which, if any, of said candidates match a more specific pattern associated more specifically with a specific data value type. Candidates, if any, which match the more specific pattern are classified as being of a corresponding specific data type and are removed from the set of candidate data values. A structured data record that associates each candidate data value determined to be of a corresponding one of said types of data value of interest with said corresponding one of said types of data value of interest is generated and stored. | 2018-04-19 |
20180109551 | DEVICE PROFILING FOR ISOLATION NETWORKS - In one embodiment, a server instructs one or more networking devices in a local area network (LAN) to form virtual network overlay in the LAN that redirects traffic associated with a particular node in the LAN to the server. The server receives the redirected traffic associated with the particular node. The server determines a node profile for the particular node based in part on an analysis of the redirected traffic. The server configures the particular node based on the determined node profile for the particular node. | 2018-04-19 |
20180109552 | TECHNIQUES FOR MITIGATING NON-CROSS DOMAIN CODE EXECUTION VULNERABILITIES IN CELLULAR BASEBAND - Techniques for mitigating an attack on baseband on a mobile wireless device are provided. An example method according to these techniques includes detecting a network switch event in which the mobile wireless device has disconnected from a first wireless network and connected to a second wireless network, performing an integrity check on one or more components of the mobile wireless device responsive to detecting the network switch event, and performing one or more actions responsive to the integrity check indicating that the one or more components of the mobile wireless device have been modified. | 2018-04-19 |
20180109553 | MITIGATING NETWORK ATTACKS - Systems and methods are described that enable the mitigation of network attacks directed to specific sets of content on a content delivery system. A set of content targeted in the attack may be identified based at least in part on a combination of network addresses to which attacked-related packets are transmitted. Thereafter, the content delivery system may mitigate the attack based on the identified target. For example, where both targeted and non-targeted sets of content are associated with the attacked network addresses, traffic directed to these sets of content may be separated, e.g., in order to reduce the impact of the attack on the non-targeted sets of content or increase the computing resources available to the targeted content. Redirection of traffic may occur using either or both of resolution-based redirection or routing-based redirection. | 2018-04-19 |
20180109554 | DISTRIBUTED DENIAL OF SERVICE ATTACK PROTECTION FOR INTERNET OF THINGS DEVICES - Presented herein are techniques for remediating a distributed denial of service attack. A methodology includes, at a network device, such as a constrained resource Internet of Things (IoT) device, receiving from an authorization server cryptographic material sufficient to validate and decrypt tokens carried in packets, detecting a denial of service attack that employs packets containing invalid tokens, and in response to detecting the denial of service attack, signaling a remediation server for assistance to remediate the denial of service attack, and sending to the remediation server the cryptographic material over a secure communication channel such that the remediation server enables validation and decryption of tokens carried in packets, subsequent to detection of the denial of service attack, that are destined for the network device. | 2018-04-19 |
20180109555 | INTER-DOMAIN DISTRIBUTED DENIAL OF SERVICE THREAT SIGNALING - In one embodiment, a primary server receives, from a client device, a first request to mitigate an external attack on the client device. The primary server sends, to a plurality of secondary servers, a second request to mitigate the external attack, wherein each one of the plurality of secondary servers has associated mitigation resources, and receives from at least one of the plurality of secondary servers an indication that it has mitigation resources capable of mitigating the external attack. The primary server sends, to the client device, a list including the secondary servers having mitigation resources capable of mitigating the attack, and receives, from the client device, an indication that a subset of the list is selected to mitigate the external attack. In response, the primary server sends a request for mitigation services to one of the secondary servers in the subset selected to mitigate the external attack. | 2018-04-19 |
20180109556 | SOFTWARE DEFINED NETWORK CAPABLE OF DETECTING DDoS ATTACKS AND SWITCH INCLUDED IN THE SAME - Software defined network capable of detecting a DDoS attack and a switch included in the same are disclosed. The software defined network comprises a controller arranged on a control plane of the software defined network, and a plurality of switches arranged on a data plane of the software defined network. Here, each of the switches collects packets received through corresponding external network and detects a DDoS attack by using the collected packets. | 2018-04-19 |
20180109557 | SOFTWARE DEFINED NETWORK CAPABLE OF DETECTING DDoS ATTACKS USING ARTIFICIAL INTELLIGENCE AND CONTROLLER INCLUDED IN THE SAME - Software defined network for detecting a DDoS attack using artificial intelligence and a controller included in the same are disclosed. The software defined network includes a controller arranged on a control plane of the software defined network, and a plurality of switches arranged on a data plane of the software defined network. Here, each of the switches collects flow which is aggregation of packets and transmits feature information concerning the flow to the controller, and the controller detects a DDoS attack by using the feature information concerning the flow and a back propagation neural network (BPNN). | 2018-04-19 |
20180109558 | SYSTEMS AND METHODS FOR DETECTING AND PREVENTING CYBER-THREATS | 2018-04-19 |
20180109559 | Detecting device masquerading in application programming interface (API) transactions - This disclosure describes a technique to determine whether a client computing device accessing an API is masquerading its device type (i.e., pretending to be a device that it is not). To this end, and according to this disclosure, the client performs certain processing requested by the server to reveal its actual processing capabilities and thereby its true device type, whereupon—once the server learns the true nature of the client device —it can take appropriate actions to mitigate or prevent further damage. To this end, during the API transaction the server returns information to the client device that causes the client device to perform certain computations or actions. The resulting activity is captured on the client computing and then transmitted back to the server, which then analyzes the data to inform its decision about the true client device type. Thus, when the server detects the true client device type (as opposed to the device type that the device is masquerading to be), it can take appropriate action to defend the site. | 2018-04-19 |
20180109560 | ANTI-SPOOFING PROTECTION IN AN AUTOMOTIVE ENVIRONMENT - To automatically identify an attempt at presenting falsified vehicle identifiers to portable devices, (i) a vehicle identifier reported by a vehicle with which the portable device is establishing a short-range communication link, and (ii) an indication of a current location of the portable device, are received from a portable device at a first time. An indication of a recent location at which the vehicle identifier was reported at a second time is obtained. The current location of the portable device is compared to the recent location of the vehicle, in view of the first time and the second time. In response to determining that the current location is not proximate to the recent reported location of the vehicle, an indication that the reported identifier is likely falsified is generated. | 2018-04-19 |
20180109561 | SYSTEMS AND METHODS FOR TRUSTED CLUSTER ATTESTATION - Systems, apparatuses, and methods for implementing trusted cluster attestation techniques are disclosed. A cluster includes multiple computing devices connected together and at least one cluster security module. The cluster security module collects measurement logs and attestations from N computing devices, with N being a positive integer greater than one. The cluster security module also maintains a log and calculates an attestation for its own hardware and/or software. The cluster security module combines the logs from the N computing device and the log of the cluster security module into an aggregate log, with N+1 logs combined into the aggregate log. Then, the cluster security module generates a single attestation for the cluster to represent the cluster as a whole. The cluster security module is configured to provide the single attestation and aggregate log to an external device responsive to receiving a challenge request from the external device. | 2018-04-19 |
20180109562 | SYSTEMS AND METHODS FOR NETWORK SECURITY MEMORY REDUCTION VIA DISTRIBUTED RULESETS - The present disclosure describes systems and methods for reducing rule set sizes via statistical redistribution throughout a plurality of network security appliances. A rule set may be generated for each security appliance that includes (i) a first set of rules based on known attacks, identified as rules for mandatory inclusion in the rule set; and (ii) a subset of the second set of rules, identified as rules for potential inclusion in the rule set, selected randomly according to a distribution percentage, score, or weight for each potentially included rule. Higher scored rules, which may be more likely vectors for potential attack, may be distributed to a greater number of appliances; while lower scored rules that may be less likely or represent more speculative attacks may be distributed to fewer appliances. | 2018-04-19 |
20180109563 | Hub and Agent Communication Through a Firewall - Hub and agent techniques allow safe command execution and data retrieval through firewall(s). In an example, cloud-based server of a company communicates with a plurality of agent applications operating on a remote customer's site. Using hub-and-agent techniques, cloud-based systems are able to direct the agents to perform functions for, and add value to, on-premises servers at remote customer locations. Secure communications techniques are introduced, allowing the hub server in the cloud to securely communicate with, and receive data from, the agents operating behind a firewall at a remote, on-customer-premises server. | 2018-04-19 |
20180109564 | TIMER MANAGEMENT FOR SESSION INITIATION PROTOCOL - Systems and methods for managing timers for Session Initiation Protocol (SIP) that facilitates network communications in an IP Multimedia Subsystem (IMS) are disclosed. Based on monitored network traffic, network performance measures can be determined to form a basis for dynamic configuration of SIP timers, which may reflect real time network status and optimize SIP based network communication. | 2018-04-19 |
20180109565 | METHODS AND SYSTEMS FOR ANALYZING STREAMING MEDIA SESSIONS - method for analyzing a streaming media session between at least two communicating entities includes at least one media stream having at least two packets communicated between the communicating entities during the streaming media session. At least two monitoring entities are configured to record a plurality of observations pertaining to at least one of: the media stream, the packets, devices associated with at least one of the communicating entities, wherein the monitoring entities include at least one of a network entity forwarding the media stream between the communicating entities. Observations are received from the monitoring entities, and processed to obtain a plurality of pre-processed observations. The pre-processed observations are analyzed to determine a session quality. A notification is sent to at least one of the monitoring entities during the streaming media session, if the session quality satisfies at least one quality criterion. | 2018-04-19 |
20180109566 | Universal Casting Service - A method for operating a universal casting service is described. The method receives a casting request from a first client; initiates a first casting session to a first casting device; establishes a first queue for the first casting device; adds a first media item to the queue from the first client; receives a casting request from a second client; and adds a second media item to the first queue from the second client. | 2018-04-19 |
20180109567 | Common Media Platform for Various Distributed Telecommunication Components - A method includes, with a bearer node, utilizing a first connection between the bearer node and a first type application node, the first type application node being associated with a first telecommunication service, the bearer node configured to process media traffic between endpoints. The method further includes, with the bearer node, utilizing a second connection between the bearer node and a second type application node, the second application node being associated with a second telecommunication service, the second telecommunication service being different than the first telecommunication service. The bearer node is configured to provide a common media platform to the first application node and the second application node. | 2018-04-19 |
20180109568 | METHOD, APPARATUS, AND COMPUTER-READABLE MEDIUM FOR VOICE CALL - A method, apparatus and computer-readable medium are provided for voice call in mobile communication technologies. The method may include: displaying at least one contact when an instruction for viewing contact information is received, the at least one contact including a plurality of pieces of contact information and a plurality of pieces of network service status, the network service status indicating whether corresponding contact terminal currently supports IMS based voice service; determining, when a selection instruction for selecting target contact information is received, call parameter range supported by a target contact terminal based on target network service status; and transmitting a request for voice call to a core network equipment. | 2018-04-19 |
20180109569 | METHOD FOR PROCESSING TELEPHONY SESSIONS OF A NETWORK - A method for processing telephony sessions of a network including at least one application server and a call router, the method including the steps of assigning a primary Uniform Resource Identifier (URI) and at least a secondary URI to an application; mapping a telephony session to the primary URI; communicating with the application server designated by the primary URI using an application layer protocol; receiving telephony instructions from the application server and processing the telephony instructions with the call router; detecting an application event; and upon detecting the application event, communicating with the application server designated by the secondary URI. | 2018-04-19 |
20180109570 | CONTROLLING VISIBILITY AND DISTRIBUTION OF SHARED CONFERENCING DATA - A meeting server receives shared content from a presenter device in an online conference session with one or more attendee devices. The meeting server generates one or more digital watermarks corresponding to the one or more attendee devices. Each respective digital watermark includes an indication of the presenter device and an indication of a respective attendee device. The meeting server transmits the shared content with the respective digital watermark to the respective attendee device as part of the online conference session. The respective digital watermark is visible in the shared content displayed on the respective attendee device. | 2018-04-19 |
20180109571 | Managing Drop-Ins on Focal Points of Activities - A computer-implemented method manages remote electronic drop-ins on local conversations. A local audio sensor transmits a captured conversation from a local cluster of persons to a remote communication device where members of the local cluster of persons are within a predefined distance of one another, and where the remote communication device is at a location that is beyond a human hearing range from the local audio sensor. One or more processors determine that the captured conversation is about a particular topic. A request from a remote user is received from the remote communication device to electronically drop in on a particular remote cluster of persons who are having a conversation about the particular topic. In response to receiving the request from the remote user, one or more processors selectively connect a local communication device proximate to the cluster of persons to the remote communication device. | 2018-04-19 |
20180109572 | ESTABLISHING A SOCIAL APPLICATION LAYER - A virtual space may be presented within a plurality of virtual environments provided by different platforms without requiring idiosyncratic APIs associated with the virtual space for each different platform. An API adaptor module may be configured to facilitate interfacing between a single virtual space API and platform APIs associated with two or more different platforms. A space module may be configured to execute an instance of a virtual space, and to implement the instance of the virtual space to determine view information defining views of the instance of the virtual space for presentation via two or more virtual environments provided by the two or more platforms. Facilitating user interactivity with the virtual space via a given virtual environment provided by a given platform may include interfacing between the virtual space API and a platform API associated with the given platform. | 2018-04-19 |
20180109573 | AGILE NETWORK PROTOCOL FOR SECURE VIDEO COMMUNICATIONS WITH ASSURED SYSTEM AVAILABILITY - A system and method for video conferencing over a secure communication link is disclosed. In various implementations, the system is configured connect to a communication network, store a plurality of network addresses of devices of registered users, each device of a registered user having an application program for conducting video conferencing between, the client device and the target device, and establish a secure communication link between the client device and the target device. The secure communication link is established in response to a query (a) generated by the client device and (b) including an identifier associated with a network address of the target device, the establishment of the secure communication link being based on a determination that the target device can accept a secure communication link connection with the client device. Video conferencing is conducted over the secure communication link connection between the client device and the target device. | 2018-04-19 |
20180109574 | MACHINE LEARNING COLLABORATION SYSTEM AND METHOD - A method, computer program product, and computer system for acquiring data representing a plurality of collaboration items, each collaboration item being associated with one of a communication and a collaboration among a subset of one or more users. Using a machine learning procedure, one of at least one latent variable and at least one action variable in a model of the data representing the plurality of collaboration items may be determined. At least one of a representation of the collaboration items may be presented to one or more users based upon, at least in part, the at least one latent variable, and potential collaboration actions may be presented to the one or more users based upon, at least in part, the at least one action variable. | 2018-04-19 |
20180109575 | SELECTION OF PREFERRED CONTENT - A user can specify particular news, weather, traffic, or other perishable content received on a particular Internet radio station or other media channel. The user can customize the station so that wherever the user is currently located, he can receive perishable content related to a preferred geographic location or other category. In some embodiments, a user can specify that a customized station plays local news from one city at the top of the hour, traffic from another city at 10 minutes past the hour, and music or other content at other times. The user can also customize original content from the personal libraries of specified users. Thus, a user can customize not only the genre of content or select a particular local station, but can also modify the perishable content provided by the customized station. | 2018-04-19 |
20180109576 | REAL-TIME CONTENT PROVIDING METHOD AND SYSTEM - Provided is a real-time content providing method. The real-time content providing method includes: providing page data to a plurality of user terminals; receiving an action request from a manager terminal or from one or more user terminals; determining a type of the action request; and transmitting action response data to the manager terminal or the one or more user terminals based on the determined type of the action request, wherein the action response data is one of first action response data about a setting change of the page data and second action response data about additional data for updating the page data, and the second action response data is used to request additional response data from a server different from a server determining the type of the action request. | 2018-04-19 |
20180109577 | SYSTEMS AND METHODS FOR ENABLING COMMUNICATIONS ASSOCIATED WITH DIGITAL MEDIA DISTRIBUTION - A device may be configured to signal a frame header indicating a Dynamic adaptive streaming over Hypertext Transfer Protocol message type and signal one or more supplied arguments corresponding to the message type, as JavaScript Object Notation encoded parameters. | 2018-04-19 |
20180109578 | HOUSEHOLD DEVICE-USER GRAPH FOR DELIVERING CONTENT - An online system generates a household device-user graph, which links one or more household devices in a household with one or more users, each of whom having a user profile in the online system. The household device-user graph can be used for effective content delivery to users of the online system. The device-user graph generated by the online system describes connections between household device users and household devices in the target household and usage of the household devices by the household device users. Each household device user represented in the device-user graph is connected to one or more household devices represented in the device-user graph. The online system determines whether one or more household device users identified in the device-user graph are users of the online system, and updates the user profiles of the identified household device users in response to a determination that the identified household device users are users of the online system. | 2018-04-19 |
20180109579 | ADAPTIVE BIT RATE STREAMING WITH MULTI-INTERFACE RECEPTION - In one embodiment, a method includes receiving content in a first format at a first interface at an adaptive bit rate client, playing the content received at the first interface at the adaptive bit rate client, monitoring network conditions at the first interface, receiving the content in a second format at a second interface at the adaptive bit rate client, and upon identifying a change in the network conditions at the first interface, switching from playing the content received on the first interface to playing the content received at the second interface at the adaptive bit rate client. An apparatus and logic are also disclosed herein. | 2018-04-19 |
20180109580 | VARIABLE CHECKPOINTING IN A STREAMING APPLICATION THAT INCLUDES TUPLE WINDOWS - A variable checkpoint mechanism in a streams manager checkpoints a streaming application based on periodic time periods for checkpoints. The variable checkpoint mechanism can take a checkpoint early before a periodic time period ends or late after the periodic time period ends based on predicted size of one or more tuple windows in the streaming application. The time for taking the checkpoint can be selected based on multiple checkpoint timing criteria, which include storage requirement for the checkpoint and predicted backpressure in the flow graph. In this manner the checkpoint timing of the variable checkpoint mechanism can be adjusted real-time to minimize the negative impact of checkpointing on the performance of the streaming application. | 2018-04-19 |
20180109581 | APPARATUS AND METHOD FOR PROVIDING STREAMING CONTENT USING REPRESENTATIONS - A method and apparatus for an adaptive Hypertext Transfer Protocol (HTTP) streaming service using metadata of media content are provided. The media content may include a sequence of one or more periods. Each of the periods may include one or more representations. The metadata may include information used to describe a relationship between the representations, and include information for terminals having different display bit depths. | 2018-04-19 |
20180109582 | OPERATING MEHTOD, APPARATUS AND COMPUTER READABLE STORAGE MEDIUM - The present disclosure relates to computer and internet technology, and more particularly to an operating method, apparatus, and computer readable storage medium. The method comprises: obtaining an information processing result in accordance with user interest information; identifying a second terminal device associated with the user interest information; and transmitting the information processing result to the second terminal device via a communication connection established with the second terminal device, wherein the second terminal device performs a corresponding operation in accordance with the information processing result. | 2018-04-19 |
20180109583 | Encoding Scalability with Brokers - A scalable architecture is provided for decentralized scaling of resources in a media content encoding platform. The scalable architecture is comprised of a first slicing tier, a second broker tier, and a third encoding tier. Each tier can be horizontally and vertically scaled independent of one another. The second broker tier receives media content slices from the first slicing tier. The second broker tier retains the slices directly in main memory of different brokers without writing the slices to a database or disk. The brokers distribute the slices from main memory across the third encoding tier for encoding based on availability of different encoders in the third tier. This architecture improves overall encoding performance as some of the delays associated with managing and distributing the slices at the second tier are eliminated by operation of the brokers. | 2018-04-19 |
20180109584 | RECONFIGURING A STREAMING APPLICATION TO REDUCE LATENCY MISMATCHES - A latency reconfiguration mechanism in a streams manager detects latency mismatches in a streaming application that affect the performance of the streaming application, and reconfigures the streaming application to minimize the latency mismatches. The reconfiguration can include fusing adjacent processing elements into a single processing element, co-locating adjacent processing elements on the same machine, moving processing elements and/or network links, adding parallel processing elements, and rearranging processing elements and/or network links to create more consistent latency paths. By minimizing latency mismatches and providing more consistent latency paths, the performance of a streaming application is increased by not having to perform significant reordering of data tuples. | 2018-04-19 |
20180109585 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - There is provided an information processing apparatus and an information processing method which are capable of setting AdaptationSet that does not include Representation. A file generating apparatus sets first AdaptationSet including a plurality of items of Representation corresponding to encoded streams having predetermined bit rates and second AdaptationSet not including Representation. The present disclosure is applicable to a file generating apparatus, etc. of an information processing system that distributes encoded streams of a mosaic image as an image of a moving-image content to a moving-image playback terminal according to a process equivalent to MPEG-DASH, for example. | 2018-04-19 |
20180109586 | Multimedia Streams Which Use Control Information to Associate Audiovisual Streams - A system and method for wirelessly transmitting audiovisual information. A first plurality of packets including audiovisual information may be generated. A second plurality of packets including error correction coding information for the audiovisual information may be generated. Control information for associating the error correction coding information with the audiovisual information may be generated, and a third plurality of packets including the control information may also be generated. The plurality of packets, including the first, second, and third pluralities of packets, may be transmitted to a mobile device in a wireless manner. The control information may inform the mobile device of the association of the first error correction coding information with the audiovisual information. | 2018-04-19 |
20180109587 | SYSTEM AND METHOD FOR DETERMINING QUALITY OF A MEDIA STREAM - A method for determining the quality of a media stream of a computer network including: receiving a packet from a traffic flow; determining whether the packet relates to a media stream; if the packet is related to the media stream, simulating a content player buffer related to the media stream; reviewing further data chunks associated with the media stream to determine quality events affecting the media stream; analyzing the effect of the quality event on a subscriber viewing the quality event; and determining a Quality of Experience score related to the media stream; otherwise allowing the packet to continue to the subscriber without further analysis. A system for determining the quality of a media stream, the system including modules configured to carry out the method for determining the quality of the media stream. | 2018-04-19 |
20180109588 | RESENDING A HYPERTEXT TRANSFER PROTOCOL REQUEST - Technologies related to resending hypertext transfer protocol (HTTP) requests are disclosed. One or more operations performed on a first web page is monitored. One or more HTTP requests that include the monitored one or more operations are sent to a server. Information associated with the one or more HTTP requests are recorded. Upon determining that an HTTP request of the one or more HTTP requests has failed to be sent, the HTTP request is recorded to a list of HTTP requests that failed to be sent. The HTTP request recorded to the list is deleted after receiving a normal response message from the server, and whether the list of HTTP requests that failed to be sent is empty is determined when redirecting from the first web page to a second web page. | 2018-04-19 |
20180109589 | CONTROLLING A DEVICE BASED ON LOG AND SENSOR DATA - In some examples, a computing device may receive sensor data for a target and at least one of: log data for the target, or historical log data and historical sensor data for a plurality of other targets. The computing device may determine at least one event classified as a non-uniform event in at least one of the log data or the historical log data, and may determine combined features, such as a feature vector, based on the sensor data and the non-uniform event(s). The computing device may determine an analysis result from the combined features. Further, based on the analysis result, the computing device may send a control signal to a device associated with the target for controlling the device, and/or may send a communication related to the target to another computing device. | 2018-04-19 |
20180109590 | Virtual Network State Management in Mobile Edge Computing - In an embodiment a method is provided for processing a computational task using a network node available on a network processing. The method including the network node performing the steps of processing a computational task, and transmitting at least one snapshot of state data related to the computational task to a UE associated with that computational task. The at least one snapshot of state data enables the UE to resume processing of the computational task from a snapshot point represented by the state data. | 2018-04-19 |
20180109591 | System and Method for Uninterrupted Learning - An adaptive server provides support for uninterrupted learning platform when connections to networks are unavailable or unstable. The adaptive server can communicate with a remote server through a local area network and switch to a cellular telecommunication network when the local area network is unavailable. The adaptive server can also act as a WiFi base station and accept connections from nearby student devices. | 2018-04-19 |
20180109592 | TRANSFER OF FILES WITH ARRAYS OF STRINGS IN SOAP MESSAGES - A method of transferring files in a data-processing network using a current node within the network includes reading an outbound content and outbound characteristics of an outbound file. An outbound message is created having outbound strings including a first set of the outbound strings representing the outbound characteristics and a second set of the outbound strings representing the outbound content. The outbound message is sent to a receiver node within the network. An inbound message is received from a sender node within the network. The inbound message has inbound strings including a first set of the inbound strings representing inbound characteristics and a second set of the inbound strings representing inbound content. An inbound file having the inbound content is stored, and the inbound characteristics are applied to the inbound file. | 2018-04-19 |
20180109593 | DEPLOYMENT MANAGEMENT OF COMPOSITE APPLICATIONS - A source IT-infrastructure hosts a composite application including multiple functional modules connected to each other via communication links. An abstract pattern includes first nodes and first links representing the functional modules and communication links and lacks resource-related data enabling a deployment engine to instantiate a resource for providing a runtime environment. A target IT-infrastructure has assigned a resource catalog including, for each resource available in the target IT-infrastructure, a specification of the resource's capabilities, and includes second nodes and links, each second node being a representation of one or more of the resources of the target IT-infrastructure and including an indication of the capabilities of one or more resources represented by the second node. The first nodes and links of the abstract pattern are iteratively supplemented by the second nodes and second links. | 2018-04-19 |
20180109594 | METHOD FOR MANAGING USER INFORMATION OF APPLICATION, DEVICE, AND SYSTEM - The present invention discloses a method for managing user information of an application. The method is applied to a user management device of a cloud platform, where the cloud platform is configured to bear an application registered by a user with the cloud platform. The method includes: receiving a user management registration request of a first application, where the first application is one of applications registered with the cloud platform, and the user management registration request of the first application carries an identifier of the first application; creating a user management instance for the first application according to the user management registration request and the identifier of the first application, where the user management instance is used to manage user information of the first application; and invoking the user management instance to process a service that is in the first application and related to the user information. | 2018-04-19 |
20180109595 | REMOTING GRAPHICAL COMPONENTS THROUGH A TIERED REMOTE ACCESS ARCHITECTURE - Systems and methods for providing remote access to a JAVA application using views. In accordance with some implementations, the JAVA application may create one or more user interfaces as JPanels. The JPanels may be replaced by remote JPanels that are communicated by a server remote access application to a client computing device. The client computing device execute a client remote access program that instantiates one or more views, where each corresponds to a remoted JPanel. User inputs may be received in the views and synchronized to the JAVA application's user interface. | 2018-04-19 |
20180109596 | MESSAGE TRANSFER SYSTEM, METHOD OF TRANSFERRING MESSAGES AND SOFTWARE PRODUCT - A message transfer system, method of transferring message and a software product. A message transfer system ( | 2018-04-19 |
20180109597 | SERVER-PROCESSOR HYBRID SYSTEM FOR PROCESSING DATA - The present invention relates to a server-processor hybrid system that comprises (among other things) a set (one or more) of front-end servers (e.g., mainframes) and a set of back-end application optimized processors. Moreover, implementations of the invention provide a server and processor hybrid system and method for distributing and managing the execution of applications at a fine-grained level via an I/O-connected hybrid system. This method allows one system to be used to manage and control the system functions, and one or more other systems to co-processor. | 2018-04-19 |
20180109598 | SERVER-PROCESSOR HYBRID SYSTEM FOR PROCESSING DATA - The present invention relates to a server-processor hybrid system that comprises (among other things) a set (one or more) of front-end servers (e.g., mainframes) and a set of back-end application optimized processors. Moreover, implementations of the invention provide a server and processor hybrid system and method for distributing and managing the execution of applications at a fine-grained level via an I/O-connected hybrid system. This method allows one system to be used to manage and control the system functions, and one or more other systems to co-processor. | 2018-04-19 |
20180109599 | DISTRIBUTED TEST SYSTEM ARCHITECTURE - The present invention is related to a method of connecting a first device comprising a processor and an application and a second device comprising a processor and an application, a distributed architecture system for facilitating modular communication between a plurality of applications, a plurality of devices, and a plurality of applications and devices, and a computer readable medium storing a program for causing a processor to connect a plurality of applications, a plurality of devices, and a plurality of applications and devices. | 2018-04-19 |
20180109600 | SERVER-PROCESSOR HYBRID SYSTEM FOR PROCESSING DATA - The present invention relates to a server-processor hybrid system that comprises (among other things) a set (one or more) of front-end servers (e.g., mainframes) and a set of back-end application optimized processors. Moreover, implementations of the invention provide a server and processor hybrid system and method for distributing and managing the execution of applications at a fine-grained level via an I/O-connected hybrid system. This method allows one system to be used to manage and control the system functions, and one or more other systems to co-processor. | 2018-04-19 |
20180109601 | SYSTEMS, METHODS, AND MEDIA FOR CAUSING AN ACTION TO BE PERFORMED ON A USER DEVICE - Systems, methods, and media for causing an action to be performed on a user device are provided. In some implementations, the systems comprise: a first user device comprising at least one hardware processor that is configured to: detect a second user device in proximity to the first user device; receive a user input indicative of an action to be performed; determine a plurality of candidate devices that are capable of performing the action, wherein the plurality of candidate devices includes the second user device; determine a plurality of device types corresponding to the plurality of candidate devices; determine a plurality of priorities associated with the plurality of candidate devices based at least in part on the plurality of device types; select a target device from the plurality of candidate devices based at least in part on the plurality of priorities; and cause the action to be performed by the target device. | 2018-04-19 |
20180109602 | HYBRID CLOUD NETWORK MONITORING SYSTEM FOR TENANT USE - Network traffic in a cloud computing system is monitored in response to a request to capture network traffic of a tenant port of a first virtual machine (VM) executing in the cloud computing system, wherein the first VM is associated with a first tenant organization different from a second organization managing the cloud computing system. A decapsulating VM having a first network interface and a second network interface is instantiated, wherein the decapsulating VM is inaccessible to the first tenant organization. An encapsulated port mirroring session from the tenant port of the first VM to the first network interface of the decapsulating VM is then established. A plurality of packets comprising captured network traffic received via the encapsulated port mirroring session are decapsulated, and the captured network traffic is forwarded via the second network interface of the decapsulating VM to a sniffer VM. | 2018-04-19 |