17th week of 2022 patent applcation highlights part 69 |
Patent application number | Title | Published |
20220131772 | COOPERATIVE LEARNING SYSTEM AND MONITORING SYSTEM - A cooperative learning system usable for process monitoring in which a monitoring model is provided for each of plural processes arranged in chronological order at predetermined transition time period intervals. The system stores, in chronological order, first monitoring data in a first process, second monitoring data in a second process, and at least one monitoring result from the first process output from a first monitoring model using the first monitoring data as an input parameter. The system performs parent model learning processing for the first monitoring model using the first monitoring data and the monitoring result from the first monitoring model, and performs child model learning processing for a second monitoring model using a monitoring result from the first monitoring model at a first time as teacher data and using the second monitoring data at a second time shifted from the first time by a transition period as an input parameter. | 2022-04-28 |
20220131773 | DATA CENTER TRAFFIC ANALYTICS SYNCHRONIZATION - A network analytics system can receive first sensor data, including first network activity and a first timestamp associated with a first clock of a first node, and second sensor data, including second network activity and a second timestamp associated with a second clock of a second node. The system can determine a first delta between the first clock and a third clock based on the first timestamp, and a second delta between the second clock and the third clock. The system can determine a first communication latency associated with a first sensor of the first node, and a second communication latency associated with a second sensor of the second node. The system can generate a report that synchronizes one or more data flows between the first node and the second node based on the first delta, the second delta, the first communication latency, and the second communication latency. | 2022-04-28 |
20220131774 | DATA VOLUME REPORTING IN 5GS - A method performed by a first network node includes generating a data volume report based on one or more characteristics associated with data communicated between the first network node and a user equipment. The one or more characteristics identify that the data volume report is to be generated on at least one of a per Data Radio Bearer basis and a per Quality of Service basis. The data volume report is transmitted to a second network node. The data volume report further includes an indication of a radio access technology type associated with the data volume report. | 2022-04-28 |
20220131775 | NETWORK INFORMATION COLLECTION DEVICE AND METHOD THEREFOR - A network information collection device is provided, which connects, for example, artificial intelligence with each of a plurality of systems in one-to-one relationships. It includes an information collection and accumulation unit | 2022-04-28 |
20220131776 | MANAGEMENT APPARATUS OR DEVICE INFORMATION TRANSMITTING APPARATUS - A management apparatus communicates with a device information transmitting apparatus via a communication network under a predetermined communication condition. The device information transmitting apparatus transmits device information about a predetermined device. The management apparatus includes a first measuring unit that measures communication quality in the communication network, a first determining unit that determines a degree of decrease in the communication quality, and a first control unit that executes first control in accordance with the degree of decrease in the communication quality. In the first control, the first control unit changes the communication condition in accordance with a degree of priority of each of a plurality of pieces of information transmitted between the device information transmitting apparatus and the management apparatus. | 2022-04-28 |
20220131777 | WEB QUALITY ESTIMATION APPARATUS AND PROGRAM - An object is to provide possible web quality estimation for changes in network quality without simulating each combination of network qualities or acquiring operation log information in advance. One aspect of the present invention is a web quality estimation device that estimates web quality which is a processing time of a web content, based on input of a content identifier of the web content and one or more network qualities, and includes: a content characteristic storage unit that stores correspondence information between a content identifier for identifying a web content and one or more content characteristics for a plurality of web contents; and a web quality estimation unit that receives input of a content identifier and one or more network qualities, refers to the corresponding information to acquire one or more content characteristics corresponding to the input content identifier, and estimates web quality from the one or more content characteristics and the input one or more network qualities. | 2022-04-28 |
20220131778 | MONITORING SYSTEM - A monitoring system comprises a monitoring agent that keeps information related to a communication status of a low-power terminal that communicates under low power, and a monitoring device that monitors the status of the low-power terminal. The monitoring device includes a requesting unit that requests information related to the communication status of the low-power terminal. The monitoring agent includes a response generation unit that generates a response to the request from the monitoring device on a basis of the information related to the communication status of the low-power terminal, and a transmission unit that transmits the response to the monitoring device. | 2022-04-28 |
20220131779 | Managing Information Technology Infrastructure Based On User Experience - A system and a method are disclosed for managing information technology (IT) infrastructure. Client devices interact with applications of an enterprise that may be hosted in data centers of the enterprise or as software as a service (SaaS) applications. An IT management system receives session information from client devices. The session information describes interactions of client devices with applications, for example, response time of applications for each interaction. The IT management system analyzes the session information received from various client devices to identify issues with IT infrastructure. The IT management system generates warning messages describing the issues identified and sends them for review, for example, by a system administrator. | 2022-04-28 |
20220131780 | SYSTEMS AND METHODS FOR TRACKING AND CALCULATING GRANULAR NETWORK PERFORMANCE METRICS BASED ON USER TRAFFIC - A system described herein may provide for the tracking and/or calculating of performance metrics associated with a network by marking traffic and determining performance characteristics of the marked traffic. Such performance characteristics or metrics may include throughput, latency, jitter, and/or other metrics. The marking may be performed on “user” traffic, which may be traffic that is generated or sent via the network by an application or service (e.g., a voice call service, a content streaming service, etc.), as opposed to “synthetic” or “test” traffic, which is traffic that is generated or sent for the purposes of testing performance of the network (e.g., traffic related to a “speed test” or the like). | 2022-04-28 |
20220131781 | METHOD AND DEVICE FOR NETWORK PATH PROBE - This present disclosure describes path probe methods and devices. The methods comprise receiving a first path probe packet; establishing a first association according to link information in the first path probe packet and a path label of a network path to be probed; determining a third association based on an IP address in the first path probe packet and the path label of the network path to be probed. The IP address includes an IP address of an adjacent network node of the first network node, and a third association includes an association of the path label with the IP address of the adjacent node. The path probe method may reduce system overhead. In the transmission process, the number of network nodes may also be set according to needs. An IP overlay network based on label switching is realized. | 2022-04-28 |
20220131782 | Method and Apparatus for Providing Network Experience Testing - A method of obtaining qualitative information regarding network capabilities includes determining network identification information for an access network of a user responsive to receipt of a request from a user device to detect the access network of the user, determining network parameters for the access network, performing one or more additional network tests specific to categories of services or applications to obtain a qualitative assessment of the access network's capabilities relative to different categories of services or applications, and/or providing a graphical display of the qualitative assessment on the user device. | 2022-04-28 |
20220131783 | SYSTEMS AND METHODS FOR TESTING OPERATIONS FOR DISTRIBUTED DEVICE SYSTEMS - Systems and methods for testing operations for distributed device systems may use a test signal that is generated at a central unit and looped back internally within the central unit to test the central unit. The test signal may then be sent over a communication medium to a remote unit and looped back to the central unit to test the communication path. Further, the remote unit may include a testing circuit to test internally. By sequentially testing devices within the distributed device system, problems may be isolated and potentially repaired without having to return a device to a manufacturer facility. Even when such returns are needed, only the problematic device is returned, potentially saving time in the installation. | 2022-04-28 |
20220131784 | Disaggregated Border Gateway Protocol (BGP) - Disaggregated border gateway protocol (BGP) enables an eBGP session between an internal node an external node to continue despite failover of a perimeter through which the eBGP session is established. eBGP control traffic is trapped by a perimeter router and forwarded to a BGP speaker on the internal node through an IP tunnel. Failover is detected in response to a change in a source address of the IP tunnel over which eBGP control traffic is received. The BGP speaker announces routes to the external node that include a reference to an internal address of an active perimeter router. In response to failover, the BGP speaker announces updated routes referencing the standby router for the perimeter router. | 2022-04-28 |
20220131785 | EXTERNAL BORDER GATEWAY PROTOCOL PEER ANALYSIS - External border gateway protocol peer analysis is disclosed. For each of a plurality of external border gateway protocol (EBGP) routers in a first autonomous system (AS), corresponding EBGP peer information about at least one EBGP peer router of the respective EBGP router is obtained. User interface imagery that comprises a plurality of EBGP router controls, each EBGP router control corresponding to one of the plurality of EBGP routers, is presented on a display device. A router selection input that identifies a first EBGP router control of the plurality of EBGP router controls is received, the first EBGP router control corresponding to a first EBGP router of the plurality of EBGP routers. In response to receiving the router selection input, user interface imagery that identifies the at least one EBGP peer router of the first EBGP router is presented on the display device. | 2022-04-28 |
20220131786 | METHOD AND SYSTEM FOR FACILITATING EFFICIENT MULTICAST FORWARDING OVER TUNNELS - A system that can facilitate multicast forwarding via overlay multicast tunnels in a network is provided. The system can operate as a tunnel endpoint and form a first overlay tunnel with a peer tunnel endpoint. During operation, the system can receive a join request for a multicast group via the first overlay tunnel. The system can identify a local port of the system associated with the multicast group indicated by the join request. The system can then include the first overlay tunnel in a set of forwarding tunnels for multicast traffic of the multicast group based on the join request. Subsequently, the system can forward the multicast traffic of the multicast group received from a local port via the set of forwarding tunnels, thereby limiting forwarding of the multicast traffic to tunnel endpoints associated with the multicast group. | 2022-04-28 |
20220131787 | System And Method For Relative Addressing Based On Physical Topology - A device and method for communicating between networked devices that define a path having a plurality of device positions includes designating a source device for a communication stream wherein the source device has a first port to communicate in a first direction of the path and a second port to communicate in a second direction in the path with devices networked to the source device. A port is selected from one of the first port or the second port of the source device for defining a direction of the communication stream from the source device. A hop count is provided indicating a relative location of a destination device for the communication stream, the hop count being an integer number of network device positions from the source device to the destination device along the path from the selected port. | 2022-04-28 |
20220131788 | DISPLAY SYSTEM FOR VEHICLE AND IMAGE DISPLAYING METHOD OF DISPLAY SYSTEM FOR VEHICLE - A display system for a vehicle includes: an application server including a switched outputter that switches between destinations to one of which the vehicle signal is to be outputted, and outputs the vehicle signal, and image generators that generate an image signal based on the vehicle signal; display clients that display an image based on the image signal; and a signal path determiner that determines a first signal path for transmission of the vehicle signal and the image signal among signal paths connecting the switched outputter, the image generators, and the display clients. When an anomaly occurs in at least one element among the image generators and the display clients, the signal path determiner changes a signal path for transmission of the vehicle signal and the image signal from the first signal path to a second signal path. | 2022-04-28 |
20220131789 | COMMUNICATION SYSTEM AND METHOD OF VERIFYING CONTINUITY - A continuity checking apparatus generates a continuity checking packet to which a predetermined flag and user attributes are assigned and transmits the generated continuity checking packet to an edge router connected to a service that is an entrance of a service chain. Each service transmits an arrival message with respect to the continuity checking packet to the continuity checking apparatus upon reception of the continuity checking packet to which the predetermined flag is assigned. In addition, each service transfers the continuity checking packet to a next service device of the service chain on the basis of the user attributes assigned to the received continuity checking packet. The continuity checking apparatus identifies a path representing service devices through which the continuity checking packet passes on the basis of the arrival message transmitted from each service, and determines whether the identified path is the same as a path of the service chain that is a continuity checking target. | 2022-04-28 |
20220131790 | SYSTEM AND METHODS FOR COMPUTING FLOODING TOPOLOGY - Methods of computing a flooding topology (FT) for a network are presented. The methods include a process for computing a FT that includes all nodes in the network and a process for ensuring that all nodes in the FT have at least two links in the FT. Some of the methods minimize a number of links of the nodes in the FT. Some of the methods also constrain some of the nodes in the FT to a maximum number of links. Some of the methods compute a first FT for nodes whose maximum number of links in the FT equal their number of links in the network, then compute a second FT for remaining nodes in the network, then combines the two FTs to compute a complete FT for the network. | 2022-04-28 |
20220131791 | DATA TRANSMISSION METHOD, NETWORK NODE, AND STORAGE MEDIUM - This application describes a data transmission method, a network node, and a storage medium for communications technologies. In this application, an underlay segment identifier corresponding to an underlay path is designed, and the underlay segment identifier is advertised, so that a node on a segment routing network can sense the underlay path by using the underlay segment identifier. In this way, when a data packet is transmitted, the data packet can be sent based on an underlay segment identifier carried in the data packet and through an underlay path corresponding to the underlay segment identifier. Therefore, an underlay path through which a data packet is to be transmitted may be specified based on a service requirement, so that different data packets can be transmitted through different underlay paths, thereby improving flexibility and facilitating traffic planning. | 2022-04-28 |
20220131792 | PACKET PROCESSING METHOD AND APPARATUS - A packet processing method and a related apparatus are provided. The method includes: obtaining a first packet including first indication information, wherein the first indication information is used to indicate a data flow corresponding to the first packet; determining a target flow entry in an integrated flow table based on the first indication information, wherein the integrated flow table includes at least one flow entry, each flow entry includes a unified match entry and a comprehensive behavior entry, the unified match entry uniquely identifies a data flow, a unified match entry of the target flow entry identifies the same data flow as indicated by the first indication information; and performing an operation on the first packet based on a comprehensive behavior entry included in the target flow entry. | 2022-04-28 |
20220131793 | Centralized Unit-Distributed Unit Communication Associated to Radio Link Failure Report and Beam Failure Recovery Attempts - According to certain embodiments, a method is performed by a network node comprising a CU. The method comprises receiving assistance information for mobility robustness optimization and forwarding the assistance information, configuration changes related to mobility robustness optimization, or both to a DU or to a second CU. According to certain embodiments, a method is performed by a network node comprising a DU. The method comprises receiving assistance information for mobility robustness optimization. The assistance information indicates that a failure may have originated in a cell of the DU. The method further comprises performing one or more parameter changes in one or more functions handled by the DU. | 2022-04-28 |
20220131794 | Dynamic Processing Trees - A method includes receiving a plurality of rules for processing packets arriving at at least one packet-processing device, the rules being based on multiple parameters associated with the packets. The method further includes causing the packet-processing device to process multiple subsets of the packets using different respective sequences of packet-processing instructions, which implement the rules via different respective parameter-value-ascertaining orders for ascertaining respective values of the parameters for each of the packets. The method further includes, based on the processing of the subsets, computing respective scores for the sequences of packet-processing instructions. The method further includes, based on the scores, selecting one of the sequences of packet-processing instructions. The method further includes causing the packet-processing device to process the packets using the selected sequence of packet-processing instructions. Other embodiments are also described. | 2022-04-28 |
20220131795 | Protocol Processing Method and Apparatus, and Storage Medium - Provided are a protocol processing method and apparatus, and a storage medium. The method includes: in a Routing In Fat Tree (RIFT), supporting an RIFT community structure to carry a Point of Delivery (PoD) field, and controlling, by a configured community structure policy, import or export of an RIFT route indicated in the PoD field. | 2022-04-28 |
20220131796 | CONTROL APPARATUS, CONTROL METHOD AND PROGRAM - A control apparatus configured to, in a network constituted by the multiple communication apparatuses, control one or more anchor nodes designated in advance among the multiple communication apparatuses, includes: a route creation unit configured to create route information including labels of communication apparatuses or links to be passed through, based on an input required condition; a route compression unit configured to divide the labels included in the route information in units of anchor nodes, and compress at least a portion of the labels included in the route information into a compressed label that can be expanded in at least one anchor node among the communication apparatuses determined based on the route information, so as not to exceed a processing limit of a communication apparatus determined based on the route information; and a distribution unit configured to distribute information for expanding the compressed label to the at least one anchor node. | 2022-04-28 |
20220131797 | METHOD AND DEVICE FOR DATA PACKET FORWARDING - This present disclosure describes data packet forwarding methods and devices. The methods comprise receiving a first data packet; acquiring the IP address of a second network node according to a path label in the first data packet; generating a second data packet according to the IP address of the second network node, and forwarding the second data packet. The data packet forwarding methods may reduce system overhead, for example, by reducing the number of header control bits used during packet exchange. In the transmission process, the number of network nodes may also be set according to needs. An IP overlay network based on label switching may also reduce costs, realize the sharing of transmission resources, and enable the integration of resources across operators, cloud service providers, and other types of network service providers. | 2022-04-28 |
20220131798 | IP-BASED ROUTING SUPPORT IN IAB - In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus of a network node are provided. The network node may receive, from a second network node, a routing configuration that maps a packet to a routing identifier (ID) based on a first header in the packet. The network node may receive a packet from a pre-hop node, the packet including the first header with a first address and a second header with a second address. The network node may determine that the second address matches an address of the first network node and that the first address mismatches an Internet protocol (IP) address of the first network node. The network node may replace, based on the received routing configuration and based on the address match and address mismatch determination, the second header with a third header, the third header including the routing ID. | 2022-04-28 |
20220131799 | AUTOMATICALLY ESTABLISHING AN ADDRESS MAPPING TABLE IN A HETEROGENEOUS DEVICE INTERCONNECT FABRIC - A method for automatically establishing an address-port mapping table of a switching device in an interconnect fabric uses hardware link-up and link-down processes to build and update the lowest cost (e.g., shortest path) port entries in the mapping table. Traffic loops are precluded by comparing cost values based on the source addresses of the devices in the interconnect fabric, without blocking any particular port. | 2022-04-28 |
20220131800 | Method to Mitigate Hash Correlation in Multi-Path Networks - Methods are provided for mitigating hash correlation. In this regard, a hash correlation may be found between a first switch and a second switch in a network. In this network, a first egress port is to be selected among a first group of egress ports at the first switch for forwarding packets, and a second egress port is to be selected among a second group of egress ports at the second switch for forwarding packets, where the first group has a first group size and the second group has a second group size. Upon finding the hash correlation, a new second group size coprime to the first group size may be selected, and the second group of egress ports may be mapped to a mapped group having the new second group size. The second switch may be configured to route packets according to the mapped group. | 2022-04-28 |
20220131801 | SYSTEMS AND METHODS FOR IMPLEMENTING MULTI-TABLE OPENFLOW FLOWS THAT HAVE COMBINATIONS OF PACKET EDITS - Systems and methods are provided herein for implementing multi-table OpenFlow flows that have combinations of packet edits. This may be accomplished by a network device receiving a first flow entry with a first set of actions to be installed into a flow table. The network device may determine that the first set of actions includes edits to a plurality of fields of a matched data packet. In response, the network device may change the first set of actions of the first flow entry to edit a first field of the data packet and create a second flow entry with a second set of actions to edit a second field of the data packet. The network device may install the first and second flow entries into one or more flow tables of the network device. | 2022-04-28 |
20220131802 | STORAGE SYSTEM WITH ADAPTIVE FLOW CONTROL USING MULTIPLE FEEDBACK LOOPS - At least one processing device comprises a processor and a memory coupled to the processor. The at least one processing device is configured to implement adaptive flow control in conjunction with processing of input-output operations in a storage system. The adaptive flow control comprises a first feedback loop in which a window size defining an amount of concurrent processing of the input-output operations in the storage system is adjusted responsive to a measured latency for processing of one or more of the input-output operations. The adaptive flow control further comprises a second feedback loop in which at least one latency threshold used to control adjustment of the window size in the first feedback loop is adjusted. The at least one processing device illustratively comprises at least one processing core of a multi-core storage node of a distributed storage system. | 2022-04-28 |
20220131803 | METHOD AND APPARATUS FOR PERFORMING SL COMMUNICATION ON BASIS OF STATE OF USER EQUIPMENT IN NR V2X - A method for performing wireless communication by a first device and an apparatus supporting same are provided. The method may comprise the steps of: measuring a congestion ratio for a resource associated with sidelink (SL); determining the priority of a service on the basis of the quality of service (QoS) of the service and a state of the first device; and determining a transmission parameter on the basis of the congestion ratio and the priority of the service. | 2022-04-28 |
20220131804 | LOAD DISTRIBUTION SYSTEM AND LOAD DISTRIBUTION METHOD - When the load becomes high, an identification unit ( | 2022-04-28 |
20220131805 | METHOD FOR PREDICTING CHANNEL LOAD - A method of a first transportation vehicle for predicting channel load. The first transportation vehicle predicts a critical area with channel congestion of at least one communication channel, determines a propagation trajectory of at least one second transportation vehicle and compares the propagation trajectory of the at least one second transportation vehicle and the critical area. Based on the comparison, the first transportation vehicle then selectively transmits a message having information on the critical area to at least one second transportation vehicle. Also disclosed is a transportation vehicle for performing the method and a computer program having instructions for performing the method. | 2022-04-28 |
20220131806 | QOS INFORMATION EXCHANGE TO SETUP A BACKHAUL ROUTING PATH IN IAB - In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus of a first network node are provided. The first network node may send quality of service (QoS) information and a request to a second network node to configure, based on the QoS information, a backhaul routing path for traffic between the first network node and a third network node via the second network node, the third network node having a signaling connection with the first network node. The first network node may communicate, with the second network node in response to the request, QoS mapping information. The first network node may configure an Internet protocol (IP) header of an IP packet based on the communicated QoS mapping information. The first network node may send the IP packet with the configured header to the second network node for routing through the backhaul routing path. | 2022-04-28 |
20220131807 | IDENTIFICATION OF FAULTY SD-WAN SEGMENT - Some embodiments provide a method for managing a network. Based on a first set of flow statistics received from network elements in the network, the method identifies a data message flow with degraded performance. The data message flow follows a path, between a first endpoint and a second endpoint through a set of the network elements in the network, that includes multiple segments. The method uses a second set of flow statistics received from the set of network elements to identify a particular segment of the path as a most likely contributor to the degraded performance of the particular flow. The method initiates a corrective action to resolve the degraded performance for the data message flow based on the identification of the particular segment. | 2022-04-28 |
20220131808 | Packet Forwarding Method and Device, And Computer-Readable Storage Medium - A destination node device starts a timer when the destination node device determines that a network topology changes; before the timer expires, the destination node device forwards the BIER packet by using an old forwarding table and establishes a new forwarding table, where the old forwarding table is a forwarding table used by the destination node device before the network topology changes, the new forwarding table is a forwarding table established by the destination node device based on the changed network topology; and after the timer expires, the destination node device switches the old forwarding table to the new forwarding table, and forwards the BIER packet according to the new forwarding table. | 2022-04-28 |
20220131809 | Time-Sensitive Networking (TSN) Packet Forwarding - A packet forwarding method includes receiving N Time-Sensitive Networking (TSN) packet flows, where each of the N TSN packet flows corresponds to a constraint condition that defines duration of a cycle, a maximum quantity of packets that are allowed to be transmitted in the cycle, and a maximum length of a single packet, and forwarding the N TSN packet flows based on a new constraint condition, where the new constraint condition is based on the constraint condition corresponding to each of the N TSN packet flows and defines duration of a new cycle, a new maximum quantity of new packets that are allowed to be transmitted in the new cycle, and a new maximum length of a new packet, where each of the N TSN packet flows is forwarded in a case in which a corresponding constraint condition is complied with. | 2022-04-28 |
20220131810 | DEVICE, METHOD, AND SYSTEM THAT VIRTUALIZE A NETWORKS - A virtual circuit in a network device reformats one or more incoming data streams at a non-predetermined data rate into an outgoing data stream at a predetermined data rate, thereby allowing multiple data streams with non-predetermined data rates that are less than the predetermined data rate to be combined and output from a single network port. | 2022-04-28 |
20220131811 | ADAPTIVE BUFFERING IN A DISTRIBUTED SYSTEM WITH LATENCY / ADAPTIVE TAIL DROP - A network device includes a switching system for directing packets between ingress ports and egress ports of the network device. The network device also includes a switching system manager that makes an identification of a state change of a virtual output queue of the switching system; and performs an action set, based on the state change, to modify a latency of the virtual output queue to meet a predetermined latency in response to the identification. | 2022-04-28 |
20220131812 | SID Allocation - A segment identifier (SID) manager interfaces with clients by way of a library. Clients implementing network services and needing SIDs according to internet SRv6, are allocated blocks by the SID manager using the library. Clients assign SIDs from the block independent of the SID manager using the library. Where a threshold portion of the block is assigned, the library requests an additional block of SIDs from the SID manager. Clients transmit context mappings of assigned SIDs to the SID manager for use by administrators and to enable recovery in the event of failure. | 2022-04-28 |
20220131813 | SYSTEMS AND METHODS FOR PERFORMING HEADER PROTECTION IN DISTRIBUTED SYSTEMS - Described embodiments provide systems and methods performing header protection. A device can receive from a client, a request relating to a first resource, for a second resource. The device can determine, using an identifier for the session, whether an address of the first resource has been previously accessed by the client during the session. The device can verify, using an address of the second resource, whether the address of the second resource is mapped to the address of the first resource for the session between the client and the device. The device can determine whether to provide access to the second resource responsive to the address of the first resource being previously accessed by the client during the session and the address of the second resource being mapped to the address of the first resource for the session. | 2022-04-28 |
20220131814 | SYSTEM AND METHOD FOR BANDWIDTH OPTIMIZATION WITH SUPPORT FOR MULTIPLE LINKS - A link management engine aggregates multiple links into a single link, and presents the single link to a bandwidth optimizer for a recommendation based on priorities assigned to applications. The engine may evaluate the recommendation for bandwidth optimization based on a current pipeline status, direct a packet to one of the multiple links based on the evaluation of the recommendation for bandwidth optimization, and generate a health report associated with the multiple links. | 2022-04-28 |
20220131815 | SYSTEM AND METHOD FOR CELLULAR NETWORK DATA STORAGE AND FORWARDING - A method and system for cellular network data storage and forwarding are provided. The method includes receiving storage-and-forward data from an application server, wherein the storage-and-forward data is directed to a device connected in a cellular network, wherein the device operates in at least a sleep state and a wakeup state; caching the received storage-and-forward data in a memory; checking if the device is currently in the wakeup state; and forwarding the cached storage-and-forward data to the device when the device is in the wakeup state. | 2022-04-28 |
20220131816 | VIRTUAL AGENT PORTAL INTEGRATION OF TWO FRAMEWORKS - The present approach relates to systems and methods for facilitating a client-agent conversation using dynamic, contextual information related to a client portal. The contextual information for the conversation may be determined using a server side script and/or a client side script that provides relevant portal usage data. The contextual information may be used to determine a conversation topic, which may be used to facilitate routing a request to chat to the appropriate agent for the topic. | 2022-04-28 |
20220131817 | TWO-WAY REAL TIME COMMUNICATION SYSTEM THAT ALLOWS ASYMMETRIC PARTICIPATION IN CONVERSATIONS ACROSS MULTIPLE ELECTRONIC PLATFORMS - Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a first communication as part of a conversation, from an unauthenticated user of a web browser. A conversation identifier is determined based on the first communication. A first responder, a communication protocol, and a communication address of the first responder is determined. The first communication is sent to the first responder and a first reply is received. The conversation identifier is determined based on the first reply and the first reply is mapped to the web browser. The first reply is sent to the web browser. | 2022-04-28 |
20220131818 | TWO-WAY REAL TIME COMMUNICATION SYSTEM THAT ALLOWS ASYMMETRIC PARTICIPATION IN CONVERSATIONS ACROSS MULTIPLE ELECTRONIC PLATFORMS - Methods, systems, and apparatuses, including computer programs encoded on computer-readable media, for receiving a first communication as part of a conversation, from an unauthenticated user of a web browser. A conversation identifier is determined based on the first communication. A first responder, a communication protocol, and a communication address of the first responder is determined. The first communication is sent to the first responder and a first reply is received. The conversation identifier is determined based on the first reply and the first reply is mapped to the web browser. The first reply is sent to the web browser. | 2022-04-28 |
20220131819 | Message Suggestions - A method may involve, for each of one or more messages that are selected from a plurality of messages from an account: (a) extracting one or more phrases from a respective selected message; (b) determining that a conversation includes the respective selected message and one or more other messages from the plurality of messages; (c) generating a first feature vector based on the conversation, wherein the first feature vector includes one or more first features, wherein the one or more first features include one or more words from the conversation; and (d) generating, by a computing system, one or more training-data sets, wherein each training-data set comprises one of the phrases and the first feature vector. The method may further involve: training, by the computing system, a machine-learning application with at least a portion of the one or more training-data sets that are generated for the one or more selected messages; applying the trained machine-learning application to process an incoming message to the account; and responsive to applying the trained machine-learning application, determining one or more reply messages corresponding to the incoming message, wherein the one or more reply messages include at least one of the extracted one or more phrases. | 2022-04-28 |
20220131820 | MATCHING AND CONNECTION METHODS AND SYSTEMS REQUIRING VIDEO COMMUNICATION - Methods and systems for matching and connecting people are described and comprise a plurality of user profiles and user accounts associated with a plurality of users wherein a user may be presented with user profiles of candidate matches, matched at least in part on criteria specified by the user. Following mutual match interest indications from two users, a match is created therebetween and a connection is possible, however, the connection between the two users is contingent on a qualified video chat therebetween and mutual connection interest indications therefrom. Communication between two users of a match is restricted and controlled towards satisfying the qualified video chat requirement. Upon establishing a connection, the two users are enabled for ongoing communication with each other. | 2022-04-28 |
20220131821 | DISCOVERING GRAYMAIL THROUGH REAL-TIME ANALYSIS OF INCOMING EMAIL - Techniques for identifying and processing graymail are disclosed. An electronic message store is accessed. A determination is made that a first message included in the electronic message store represents graymail, including by accessing a profile associated with an addressee of the first message. A remedial action is taken in response to determining that the first message represents graymail. | 2022-04-28 |
20220131822 | VOICE COMMUNICATION METHOD - Audio inputs are detected at an electronic device and translated into electronic communications for playback at an external electronic device. | 2022-04-28 |
20220131823 | DYNAMIC MEDIA OVERLAY WITH SMART WIDGET - Systems and methods are provided for receiving a background image for a media overlay to be applied to a message comprising an image or video, and at least one smart widget selection, and storing the media overlay comprising the background image and the at least one smart widget selection. The systems and methods further provide for receiving a request for the media overlay to be applied to a message comprising an image or video, analyzing context data associated with a computing device to determine that the media overlay is relevant to at least one aspect of the context data, determining data associated with the at least one smart widget based on the context data, and transmitting to the computing device, the media overlay and data associated with the at least one smart widget. | 2022-04-28 |
20220131824 | MESSAGING SELECTION SYSTEMS IN NETWORKED ENVIRONMENTS - Users of personalized messaging systems can encounter message fatigue, thereby reducing the efficacy of a message on its intended recipient. Message fatigue can result in wasted computational resources and bandwidth as messages transmitted over a network to the user's client device are not acted upon at the client device. For applications involving desired user interactions and responses, personalized messaging can be a tool to achieve user engagement targets. The systems and methods presented herein may address several of the technical challenges with personalized messaging. | 2022-04-28 |
20220131825 | RESTRICTED GROUP CONTENT COLLECTION - A messaging server system receives a message creation input from a first client device that is associated with a first user registered with the messaging server system. The messaging server system determines, based on an entity graph representing connections between a plurality of users registered with the messaging server system, that the first user is within a threshold degree of connection with a second that initiated a group story in relation to a specified event. The messaging server system determines, based on location data received from the first client device, that the first client device was located within a geo-fence surrounding a geographic location of the specified event during a predetermined event window, the geo-fence and event window having been designated by the second user, and causes the first client device to present a user interface element, that enables the first user to submit content to the group story. | 2022-04-28 |
20220131826 | Routing across multiple subnetworks using address mapping - A router includes routing circuitry and a plurality of ports. The routing circuitry is configured to receive from a first subnetwork, via one of the ports, a packet destined to be delivered to a target node located in a second subnetwork, to select a mapping, from among two or more mappings, depending on a topological relation between the first subnetwork and the second subnetwork, to map a Layer-3 address of the packet into a Layer-2 address using the selected mapping, and to forward the packet via another one of the ports to the Layer-2 address. | 2022-04-28 |
20220131827 | COMMUNICATION METHOD, GATEWAY, AND MANAGEMENT METHOD AND APPARATUS IN HYBRID CLOUD ENVIRONMENT - This application provides a communication method, a gateway, and a management method and apparatus. A first data center is configured to provide non-public cloud services, and a second data center is configured to provide public cloud services. A gateway configured in the second data center is connected to a first subnet of the first data center, and is connected to a second subnet of the second data center. The first subnet and the second subnet have a same private network segment. The method includes: a layer 2 gateway receives a first address resolution protocol (ARP) request packet, which is used to request a MAC address of a second device in the second subnet, sent by a first device in the first subnet, and the gateway sends the first ARP reply packet, which carries a first MAC address of the gateway, to the first device. | 2022-04-28 |
20220131828 | TECHNOLOGIES FOR CONTENT DELIVERY NETWORK WITH MULTI-ACCESS EDGE COMPUTING - Technologies for mobile content delivery include an edge computing device, a mobile terminal, and a content delivery network server. The edge computing device has a network location between the mobile terminal and a core network, and the content delivery network server is accessed through the core network. The edge computing device receives a content request from the mobile terminal and modifies the content request to identify the network location of a zone-specific proxy of the edge computing device. The edge computing device forwards the content response to the content delivery network server. The content delivery network server may send a content response to the zone-specific proxy or the mobile terminal. The content response identifies an address of a network content resource. The network content resource is located at a surrogate content delivery network server of the edge computing device. Other embodiments are described and claimed. | 2022-04-28 |
20220131829 | METHODS FOR SPECIFYING THE TYPE OF MAC ADDRESS WITH DYNAMIC ASSIGNMENT MECHANISMS - A method performed by a WTRU may comprise receiving context information from infrastructure equipment and selecting a SLAP quadrant for MAC address allocation. The selecting may be based on the context information received from the infrastructure equipment, which may be a bootstrapping server for the WTRU. The method may further comprise transmitting, to a DHCP server, a DHCP message indicating the selected SLAP quadrant. In response to the transmitted DHCP message, a MAC address may be received and configured to the WTRU. Context information includes, but is not limited to, a number of nodes in a network, a type of network deployment, a type of network, a mobility configuration, a type of device management, a battery lifetime, a location or privacy configuration. | 2022-04-28 |
20220131830 | NETWORK ADDRESS TRANSLATION (NAT) TRAVERSAL AND PROXY BETWEEN USER PLANE FUNCTION (UPF) AND SESSION MANAGEMENT FUNCTION (SMF) - A method enables communication between Session Management Function (SMF) and User Plane Function (UPF) instances which are separately deployed behind Network Address Translation (NAT) services. The method includes configuring an SMF or a UPF to initiate an association with a corresponding UPF or SMF. The SMF registers first information with a Network Repository Function (NRF) enabling the remote UPF to communicate with the SMF through a NAT service. The method further includes obtaining second information from the NRF enabling the SMF to communicate with the remote UPF through the NAT service. The method also includes sending an association request to the remote UPF based on the second information and receiving an association response from the remote UPF through the NAT service. | 2022-04-28 |
20220131831 | WHITELIST DOMAIN NAME REGISTRY - Systems and methods for managing domain name registrations in accordance with rules and regulations of a domain name verification system are disclosed. The disclosed technology enables a domain name verification system to regulate the registration of domain names in accordance with its own domain name registration policies. This disclosed system uses a “whitelist” domain name registry to register “whitelist domain names” once pre-approval to register a corresponding target domain name has been granted. In this manner, the whitelist domain name registry system acts as a repository for pre-approved domain name registrations and enables pre-qualified registrants (including potential or prospective registrants) to then register a target domain name. | 2022-04-28 |
20220131832 | DYNAMIC NETWORK FEATURE PROCESSING DEVICE AND DYNAMIC NETWORK FEATURE PROCESSING METHOD - A dynamic network feature processing device includes a storage device and a processor. The storage device is configured to store a plurality of malicious feature groups. Each of the malicious feature groups corresponds to a malicious feature, and each of the malicious feature groups includes a plurality of malicious network addresses. The processor is coupled to the storage device. The processor is configured to: acquire an unknown network address of an unknown packet; compare the unknown network address with the malicious feature of each of the malicious feature groups; and filter the unknown packet when determining that the unknown network address matches at least one of the malicious feature of the plurality of malicious feature groups. | 2022-04-28 |
20220131833 | ABNORMAL PACKET DETECTION APPARATUS AND METHOD - An abnormal packet detection apparatus and method are provided. The abnormal packet detection apparatus stores a whitelist corresponding to a protocol port, wherein the whitelist includes at least one legal packet record. Each legal packet record includes a legal packet length, a legal source address, and a legal variation position set, and corresponds to a reference packet. The abnormal packet detection apparatus determines that a current packet length and a current source address of a to-be-analyzed packet are respectively the same as the legal packet length and the legal source address of a reference packet record among the at least one legal packet record, determines a current variation position of the to-be-analyzed packet by comparing the to-be-analyzed packet with the reference packet corresponding to the reference packet record, and generates a detection result by comparing the current variation position with the legal variation position set of the reference packet record. | 2022-04-28 |
20220131834 | DEVICE, METHOD AND COMPUTER PROGRAM FOR PROVIDING COMMUNICATION FOR A CONTROL APPLIANCE OF A VEHICLE, METHOD, CENTRAL DEVICE AND COMPUTER PROGRAM FOR PROVIDING AN UPDATE, CONTROL APPLIANCE, AND VEHICLE - Technologies and techniques for providing communication for a control appliance of a vehicle e to update a control appliance and a vehicle. An interface is provided for communication via a vehicle communication channel for the control appliance. The communication is based on information about authorized communication of the control appliance via the vehicle communication channel. The information includes at least one communication rule relating to the communication of the control appliance. The interface is configured such that it is independent from the control appliance such that the information about the authorized communication is protected from access by the control appliance. An updating message relating to the information about the authorized communication of the control appliance is identified via the vehicle communication channel. Information about the authorized communication is updated on the basis of the updating message. The updating of the information is independently carried out by the control appliance. | 2022-04-28 |
20220131835 | METHODS AND SYSTEMS FOR EFFICIENT ADAPTIVE LOGGING OF CYBER THREAT INCIDENTS - A packet-filtering network appliance protects networks from threats by enforcing policies on in-transit packets crossing network boundaries. The policies are composed of packet filtering rules derived from cyber threat intelligence (CTI). Logs of rule-matching packets and their flows are sent to cyberanalysis applications located at security operations centers (SOCs). Some cyber threats/attacks, or incidents, are composed of many different flows occurring at a very high rate, generating a flood of logs that may overwhelm computer, storage, network, and cyberanalysis resources, thereby compromising cyber defenses. The present disclosure describes incident logging that efficiently incorporates logs of many flows that comprise the incident, potentially reducing resource consumption while improving the informational/cyberanalytical value for cyberanalysis when compared to the component flow logs. Incident logging vs. flow logging can be automatically and adaptively switched on or off. | 2022-04-28 |
20220131836 | FIREWALL TECHNIQUES FOR COLORED OBJECTS ON ENDPOINTS - Threat detection instrumentation is simplified by providing and updating labels for computing objects in a context-sensitive manner. This may include simple labeling schemes to distinguish between objects, e.g., trusted/untrusted processes or corporate/private data. This may also include more granular labeling schemes such as a three-tiered scheme that identifies a category (e.g., financial, e-mail, game), static threat detection attributes (e.g., signatures, hashes, API calls), and explicit identification (e.g., what a file or process calls itself). By tracking such data for various computing objects and correlating these labels to malware occurrences, rules can be written for distribution to endpoints to facilitate threat detection based on, e.g., interactions of labeled objects, changes to object labels, and so forth. In this manner, threat detection based on complex interactions of computing objects can be characterized in a platform independent manner and pre-processed on endpoints without requiring significant communications overhead with a remote threat management facility. | 2022-04-28 |
20220131837 | SECURE ELEMENT AND METHOD - The present description discloses a secure element and a communication method comprising at least one operating system including at least one application having a register associated therewith, a buffer memory, and a router having a software layer. The software layer is configured to directing first messages using a first protocol and intended for the application to the buffer memory, and directing second messages using a second protocol different from the first protocol and intended for the application to the register. | 2022-04-28 |
20220131838 | END-TO-END DOUBLE-RATCHET ENCRYPTION WITH EPOCH KEY EXCHANGE - Systems, devices, and methods are disclosed for instantaneously decrypting data in an end-to-end encrypted secure messaging session while maintaining forward secrecy and post-compromise security using a double ratchet communication protocol. Unique message keys can be generated in a predictable progression independently on each device, ratcheting keys for each message on an as-needed basis, and a seed key and state for the predictable progression can be updated based on an asymmetric key exchange between the devices, thereby serving as a second ratchet. Message keys can feed a pseudo-random number generator (PRG) to generate the next message key in a progression. A Continuous Key Agreement (CKA) engine can use an asymmetric key pair to generate a shared secret key to feed a Pseudo-Random Function (PRF-PRNG) to reset the state of the PRG and provide a refresh key to the PRG. | 2022-04-28 |
20220131839 | SYSTEMS, METHODS AND CONTROLLERS FOR SECURE COMMUNICATIONS - In an example embodiment, a system includes a first controller configured to generate a network key and transform the network key and a second controller configured to obtain the transformed network key and form a network with the first controller, each of the first controller and the second controller being configured to generate a same symmetric key using the network key and values from the other of the first controller and second controller. | 2022-04-28 |
20220131840 | SYSTEM AND METHOD FOR IDENTITY VERIFICATION ACROSS MOBILE APPLICATIONS - Embodiments are directed to methods, apparatuses, computer readable media and systems for authenticating a user on a user device across multiple mobile applications. The identity of the user is validated by encoding and subsequently validating cryptographically encrypted data in a shared data store accessible by the mobile applications tied to the same entity. Specifically, the application leverages the authentication process of a trusted mobile application (e.g. a banking mobile application) to authenticate the same user on a untrusted mobile application (e.g. a merchant mobile application). | 2022-04-28 |
20220131841 | COMMUNICATION METHOD, INTERNET OF THINGS TERMINAL, GATEWAY DEVICE AND INTERNET OF THINGS SYSTEM - The present disclosure provides a communication method, an Internet of Things (IoT) terminal, a gateway device and an IoT system. A timestamp and a mask are used for operation, and a key is searched from a key table based on an operation result, such that the key can be dynamically generated based on changes of the timestamp without human intervention. Thus, the security of the IoT system is effectively improved without significantly increasing the computational consumption. | 2022-04-28 |
20220131842 | TRUSTED PLATFORM PROTECTION IN AN AUTONOMOUS VEHICLE - Disclosed are techniques for securing electronic control units (ECUs) in a vehicle. A security platform for a vehicle includes a key distribution center (KDC) for the vehicle. The KDC is configured to verify that a digital certificate associated with a first electronic control unit (ECU) on the vehicle is a valid certificate, where the digital certificate indicates a first security level of the first ECU. The KDC is configured to generate, based on the first security level of the first ECU, one or more security keys for secure communication between the first ECU and a set of ECUs on the vehicle, and provision the one or more security keys to the first ECU and the set of ECUs. In some embodiments, the KDC uses the provisioned keys to authenticate each ECU when the vehicle is powered up. | 2022-04-28 |
20220131843 | SECURE BOOTSTRAPPING OF CLIENT DEVICE WITH TRUSTED SERVER PROVIDED BY UNTRUSTED CLOUD SERVICE - A provisioning client obtains an identifier from a public server and a one-time password from a trusted server. The provisioning client combines the one-time password with the identifier to create an activation code for a client device and presents the activation code to the client device. The activation code enables the client device to download trusted cryptographic information from the trusted server in a communication session that is secured using the one-time password. | 2022-04-28 |
20220131844 | IDENTITY ACCESS MANAGEMENT USING ACCESS ATTEMPTS AND PROFILE UPDATES - Systems and methods for managing a reputation score of a user based on successful and failed logins, successful and failed multifactor authentications, and profile changes is described. The method includes receiving, by a server, status information of a user event from one or more computing devices. The status information includes one or more of an indicator of a successful login, an indicator of a failed login, an indicator of a successful multifactor authentication, an indicator of a failed multifactor authentication, an indicator of a profile update, and metadata associated with the user event from the one or more computing devices. The server updates events based on a type of the status information received and storing the events in a data store and determines whether a problematic situation has occurred. A reputation score of the user is updated when the problematic situation is determined. | 2022-04-28 |
20220131845 | Decentralized Processing Of Interactions On Delivery - A method includes generating, by a user device, an initial authorization request message for an interaction to obtain a resource from a resource provider. The user device transmits the initial authorization request message to a first node in a proxy network, wherein the first node processes the initial authorization request message and transmits a routing message to a second node in the proxy network based on the processing of the initial authorization request message, the second node being previously associated with the resource provider. The user device then receives from the second node and stores a pre-authorization approval indicator (PAAI). Upon delivery of the resource by an agent of the resource provider, the user device transmits an authorization request message including the pre-authorization approval indicator, wherein the agent device further processes and transmits the authorization request message to the proxy network for authorization by an authorizing entity. | 2022-04-28 |
20220131846 | Online Service Store for Endpoints - An online service store to configure services for endpoints in connection with validating authenticity of the endpoints. For example, a service can be ordered for an endpoint prior to the use of the endpoint. After receiving a request having identity data generated by a memory device configured in the endpoint, a server system can determine, based on a secret of the memory device and other data stored about the endpoint, the validity of the identity data and thus the authenticity of the endpoint. Based on the service ordered for the endpoint, the server system causes the endpoint to be connected to a client server to receive the service. The server system can cause the firmware of the endpoint to be updated to enable the endpoint to receive the service from the client server. | 2022-04-28 |
20220131847 | Subscription Sharing among a Group of Endpoints having Memory Devices Secured for Reliable Identity Validation - A server system configured to allow a group of endpoints to share a subscription. For example, data can be stored to associate the endpoint group with at least one subscriber identifier. After receiving a validation request containing identity data generated by a memory device configured in an endpoint in the group, the server system can validate the identity data based at least in part on a secret of the memory device. In response to a determination that the identity data is valid, the system can determine that the subscriber identifier is not currently assigned to any endpoint in the group and thus assign, based on the data associating the endpoint group with the subscriber identifier, the subscriber identifier to the endpoint to cause a service offered to an account represented by the subscriber identifier to be provided to the endpoint. | 2022-04-28 |
20220131848 | Management of Identifications of an Endpoint having a Memory Device Secured for Reliable Identity Validation - A server system stores data associating a secret of the memory device configured in an endpoint, a first identification, and device information of the endpoint. After receiving a request to bind a second identification to the endpoint, the server system can tie identity data of the endpoint to the second identification. For example, after receiving a validation request containing identity data generated by the memory device, the server system can verify a verification code in the identity data based at least in part on the secret of the memory device. The verification code is generated from a message presented in the identity data and a cryptographic key derived at least in part from the secret. Based on validating the identity data, the server system can provide a validation response to indicate that the identity data is generated by the endpoint having the second identification. | 2022-04-28 |
20220131849 | RULE-BASED FILTERING FOR SECURING PASSWORD LOGIN - In an approach for a rule-based filtering system for securing password logins, a processor receives a password input on a user device. A processor determines whether the password requires filtering. Responsive to determining the password requires filtering, a processor filters characters from the password based on a set of filtering rules to create a filtered password. A processor determines whether the filtered password matches a stored password. | 2022-04-28 |
20220131850 | MULTI-FACTOR AUTHENTICATION USING SYMBOLS - In some implementations, a server device may receive, from a first device, a credential and a request to access a resource. The server device may transmit, to a second device associated with the credential, an image that includes a first symbol composed of a set of elements. The server device may receive, from the first device, information associated with a second symbol formed via user interaction with a user interface of the first device. The second symbol may be formed by dragging elements, presented via the user interface, to an area of the user interface in which the second symbol is to be formed, or drawing elements in the area of the user interface in which the second symbol is to be formed. The server device may grant or denying access to the resource based on the first symbol and the information associated with the second symbol. | 2022-04-28 |
20220131851 | METHODS AND APPARATUSES FOR TEMPORARY SESSION AUTHENTICATION AND GOVERNOR LIMITS MANAGEMENT - Methods, and apparatuses are provided for access limitations to a network in a session using a formatted web token. The method includes: formatting a web token by a schema to create a formatted web token for user access to the network; receiving a log-in request for the user access to the network server via an app hosted by a computing device remotely located to the network server; in response to receipt of a user access request, creating the session by the network server with network limitations for user access to data and resources of the network; passing the formatted web token to a client for enabling user access to the data and resources of the network; decoding payload data of the formatted web token at the client to authenticate the user access; and enabling the client with access limitations based on decoded payload data. | 2022-04-28 |
20220131852 | DYNAMICALLY UNIFYING DISPARATE USER INTERFACE APPLICATIONS IN A CLOUD NATIVE ENVIRONMENT - Methods, apparatus, and processor-readable storage media for dynamically unifying disparate UI applications in a cloud native environment are provided herein. An example computer-implemented method includes obtaining information pertaining to a container-orchestration system operating within at least one cloud native environment; configuring, based on the obtained information, a single sign-on authentication mechanism for multiple user interface applications in the container-orchestration system; configuring, based on the obtained information, at least one ingress route for two or more of the multiple user interface applications in the container-orchestration system; configuring and rendering, based on information pertaining to the at least one ingress route, a common header in at least each of the two or more user interface applications; and performing one or more automated actions based on the configured single sign-on authentication mechanism, the at least one configured ingress route, and the configured and rendered common header. | 2022-04-28 |
20220131853 | WIRELESS LAN (WLAN) PUBLIC IDENTITY FEDERATION TRUST ARCHITECTURE - The disclosed technology relates to a process of evaluating any number of different identity providers (IDPs) and their respective set of credentials that are used to authenticate corresponding users to assist with the onboarding of the different IDPs in connection with Wi-Fi identity federations. In particular, the process allows a person's electronic identity and attributes (stored across one or more IDPs) to be determined once using a standard. Once trust has been established for the user, that trust can then be utilized across a number of different systems (e.g., Single-sign on). The same trust determination can be used without the need for the authenticity of the user identity to be re-evaluated with each new access request. | 2022-04-28 |
20220131854 | SYSTEMS AND METHODS FOR IDENTITY VERIFICATION REUSE - A method and apparatus for providing secure and efficient identity verification reuse to a user of a commerce platform are described. The method may include receiving a first set of user data associated with the user from a merchant system for identity verification of the user, and a second set of user data associated with the user, the second set of user data to verify a purported identity of the user. The method may also include verifying the purported identity of the user as a true identity of the user based on the first set of user data and the second set of user data. Furthermore, the method can include in response to a positive verification of the identity of the user, generating a cookie having an identifier and collecting a second authentication factor generated by a user device of the user, wherein the identifier of the cookie is associated with the second authentication factor by the commerce platform for identity verification reuse. | 2022-04-28 |
20220131855 | INFORMATION PROCESSING DEVICE, CONTROL METHOD FOR INFORMATION PROCESSING DEVICE, AND RECORDING MEDIUM - An information processing device includes a display control means that displays a log-in screen for a service which is provided by a collaboration service after accessing the collaboration service, a first transmission means that transmits a request for verification data to the collaboration service, a communication control means that communicates with an authenticator before authenticating a user, a second transmission means that transmits a request including verification data to the authenticator when an instruction for log-in is received, and a third transmission means that transmits signature data received from the authenticator to the collaboration service. At least one of transmission of the request to the collaboration service from the first transmission means and communication of the communication control means with the authenticator is performed without waiting until the instruction for log-in is received from the user after accessing the collaboration service. | 2022-04-28 |
20220131856 | Remote Attestation Method and Apparatus - This application discloses a remote attestation method and an apparatus. The method specifically includes: A first network device receives encrypted information and first measurement information of a second network device through the second network device, where the encrypted information is information obtained by encrypting second measurement information of a third network device; the first network device determines, based on the first measurement information, that the second network device is system-trusted; and the first network device decrypts the encrypted information to obtain the second measurement information. | 2022-04-28 |
20220131857 | MULTI-FACTOR AUTHENTICATION - Systems and methods for multi-factor authentication are based on validation of an inherence factor and a possession factor obtained in a “frictionless” or almost frictionless manner. A method conducted at a software application executing on a user device associated with a user and connected to a server computer, includes obtaining signing or encryption of a set of data elements using a cryptographic key securely stored for exclusive use by the software application and transmitting the signed or encrypted data elements to the server computer. The method includes transmitting, to the server computer, a payload including contextual data which includes behavioural data collected via one or more contextual data sources. The signed data elements represent a possession factor and the payload including contextual data represents an inherence factor for validation and multi-factor authentication by the server computer. | 2022-04-28 |
20220131858 | USER AUTHENTICATED ENCRYPTED COMMUNICATION LINK - Systems and methods are provided for establishing a secure communication link between a first client and a second client. One exemplary computer-implemented method for establishing a secure communication link between a first diem and a second client includes accessing, from a storage, identification information of a user of the first client. The method further includes receiving a Domain Name Service (DNS) request from the first client requesting a secure network address corresponding to a secure domain name associated with the second client. The method further includes authenticating the user based on the user identification information. The method also includes transmitting the secure computer network address in response to the DNS request based on a determination that the user has been authenticated. A secure communication link between the first diem and the second client is established based on the secure computer network address. | 2022-04-28 |
20220131859 | INFORMATION PROVIDING SYSTEM AND INFORMATION PROVIDING METHOD - An object is to provide an information providing system and an information providing method in which an information providing device can provide information personalized for a user without an input of identification information of the user into the information providing device. | 2022-04-28 |
20220131860 | Method of authenticating terminal equipment using ARP - A method of authenticating terminal equipment using ARP is provided and tied to a network terminal equipment authentication system for 802.1X authentication. The method includes using the SU to scan ARP packets transmitted from units of TL to obtain an MAC address associated with a predetermined unit of TL, checking and modifying a terminal equipment record authorization MAC address list in the OU to add or delete an MAC address of the predetermined unit of TL, and authorizing the MIG to store a terminal equipment record authorization MAC address list in the OU of the RS to update data in the RS in real time. | 2022-04-28 |
20220131861 | ADDRESS VALIDATION USING SIGNATURES - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for generating signed addresses. One of the methods includes receiving, by a component from a device, a plurality of first requests, each first request for a physical address and including a virtual address, determining, by the component, a first physical address using the virtual address, generating a first signature for the first physical address, and providing, to the device, a response that includes the first signature, receiving, from the device, a plurality of second requests, each second request for access to a second physical address and including a second signature, determining, by the component for each of the plurality of second requests, whether the second physical address is valid using the second signature, and for each second request for which the second physical address is determined to be valid, servicing the corresponding second request. | 2022-04-28 |
20220131862 | METHOD AND SYSTEM FOR PERFORMING AN AUTHENTICATION AND AUTHORIZATION OPERATION ON VIDEO DATA USING A DATA PROCESSING UNIT - A method for processing video data is performed by a data processing unit (DPU). The method includes obtaining, by a data processing unit (DPU) of an edge device, video data; processing the video data to obtain video data chunks and video processing engine outcomes; generating authentication and authorization (AA) metadata based on the video data chunks and the video processing engine outcomes; associating the AA metadata with the video data chunks based on the video processing outcomes; and storing the AA metadata and the video data chunks. | 2022-04-28 |
20220131863 | SYSTEMS AND METHODS FOR ON-NETWORK DEVICE IDENTIFICATION - Systems and methods are described for on-network device identification. A user device may make an application programming interface (API) call to an address associated with a network device. The API call may comprise an indication of an address associated with the user device. Based on the API call, the network device may send an indication of the address to a computing device associated with an on-network service. The computing device associated with the on-network service may determine that the user device is authorized to connect to a network or to access an on-network service. | 2022-04-28 |
20220131864 | METHOD AND SYSTEM FOR ESTABLISHING APPLICATION WHITELISTING - A method for establishing application whitelisting includes: collecting inter-thread traffic logs sent from at least one server, wherein a plurality of distributed applications are hosted in the at least one server; discovering topology information in a green room environment based on the inter-thread traffic logs; creating a set of whitelisting rules based on the topology information; and enforcing the set of whitelisting rules. | 2022-04-28 |
20220131865 | METHOD AND SYSTEM FOR CHECKING PERMISSIONS COMPATIBILITY BETWEEN A CONFIGURATION MANAGEMENT SYSTEM AND AN ORCHESTRATION SYSTEM OF A COMPUTING CLUSTER - A method and a system for checking permissions compatibility between a configuration management system and an orchestration system of a computing cluster are disclosed. The method comprises: identifying a request to approve a change in at least one file of the computing cluster. Retrieving from a repository of the configuration management system an identity of a user for performing the change. Acquiring a denial response or an approval response received in response to a query provisioned to the orchestration system, the query is for rights to change the at least one file using the identity of the user. In response to the approval response, entering the approval response, into the configuration management system for confirming the checking permissions compatibility is approved. In response to the denial received, sending a message to the configuration management system, the message is indicative that the checking permissions compatibility is not approved. | 2022-04-28 |
20220131866 | METHOD AND SYSTEM FOR PARENTAL CONTROL OF BROADBAND DEVICES - A method, a system and a non-transitory computer readable medium are disclosed for preventing access to certain content and/or websites by providing preset keywords, a specific WiFi network (e.g., SSID) for certain users, and/or a preset ports that can be enabled and/or disabled, for example, by a toggle. The method includes populating a plurality of preset keyword filters, each of the plurality of preset keyword filters configured to block access to web content and third-party applications; configuring each of the plurality of preset keyword filters to be enabled or disabled by a toggle on a graphical user interface in communication with the gateway; and providing a custom keyword filter configured to receive custom keywords, the custom keyword filter configured to block access to web content and third-party applications for each of the custom keywords input via the graphical user interface in communication with the gateway. | 2022-04-28 |
20220131867 | DEVICE, METHOD, AND STORAGE MEDIUM - There is provided a device including; a registration unit configured to register a surveillance camera that is a work target; an access permission unit configured to permit access from a worker terminal to an image captured by the registered surveillance camera via a surveillance network to which the surveillance camera is connected; and an access prohibition unit configured to prohibit the access in response to work on the surveillance camera being completed. | 2022-04-28 |
20220131868 | Indirect Service-To-Service Role Mapping Systems and Methods - Service-to-service role mapping systems and methods are disclosed herein. An example role mapping service gathers user metadata before the role mapping by a second service. The user metadata is communicated to a first service which embeds the user metadata in a communication to the first service where the role mapping service maps one or more search engine service roles to a user based on the user metadata. | 2022-04-28 |
20220131869 | MANAGING SECURITY OF NETWORK COMMUNICATIONS IN AN INFORMATION HANDLING SYSTEM - A security level of data generated by an application may be communicated from the application layer to the network layer and that security level used to determine of several available network connects for transmitting the data. A method of communicating may include associating the plurality of network connections with security levels to form associations, the associations indicating security levels of data that may be transmitted over each of the plurality of network connections; receiving, at the network layer, data for transmission; determining, at the network layer, a security level for the data; determining, at the network layer, at least one network connection of a plurality of network connections to transmit the data based, at least in part, on the security level; and transmitting the data packet over the at least one network connection. | 2022-04-28 |
20220131870 | METHODS AND SYSTEMS FOR AUTHENTICATION FOR HIGH-RISK COMMUNICATIONS - An authentication method includes assigning a risk status to a request received from a remote interaction system, transmitting a notification communication to a device associated with the request, monitoring interaction data from an interaction network, and identifying, from the monitored interaction data, authentication interaction information, the authentication interaction information including a coded sequence and a predetermined authentication identifier. The authentication method also includes comparing the coded sequence in the authentication interaction information to an expected coded sequence and transmitting a verification communication after determining the coded sequence in the authentication interaction information matches the expected coded sequence. | 2022-04-28 |
20220131871 | LOCATION-AWARE AUTHENTICATION - A system for location-aware authentication is configured to receive an authentication request associated with an identifier of a user for accessing an application and retrieves user information associated with the identifier and the application. The system then determines that the user information includes a geofence and information associated with a device of the user. Based on the geofence and the device information, the system sends a geolocation data request to the device, causing the device to gather and send the device's current geolocation data to the computing system. A data structure is generated to store data related to the device's current geolocation and sent to the application, which in turn causes the application to grant or deny the authentication request. | 2022-04-28 |