24th week of 2022 patent applcation highlights part 80 |
Patent application number | Title | Published |
20220191110 | SERVICE PROVIDING APPARATUS AND METHOD - A service provision method according to one aspect of the present invention includes providing, to a user terminal ( | 2022-06-16 |
20220191111 | CONVERSATIONAL BOTs PLATFORM - Provided herein are system, methods and computer program products for using a bot server for initiating and controlling bot instances, specifically conversation bot instances at client devices for interacting with users associated with the client devices. The bot server may communicate with a remote cloud service providing bot services for initiating and operating the bot instances to retrieve logic metadata used to control the bot instances and may use this metadata to initiate and control one or more bot instances at the client devices to interact with the associated users. In particular, the bot server may be deployed at a network edge in close network proximity to the client devices. | 2022-06-16 |
20220191112 | MANAGING RADIO-BASED PRIVATE NETWORKS - Disclosed are various embodiments for managing radio-based private networks. In one embodiment, a cellular network comprises at least one cell that provides a radio-based private network coverage of a site of an organization. The system further comprises at least one computing device in a cloud provider network that implements one or more network functions for an associated core network of the radio-based private network. | 2022-06-16 |
20220191113 | METHOD AND APPARATUS FOR MONITORING ABNORMAL IOT DEVICE - Provided is a method performed by a computing device for monitoring an abnormal behavior of a plurality IoT devices. The method comprises determining abnormality of a behavior of each of the plurality of IoT devices based on traffic data representing the behavior of each of the plurality of IoT devices, clustering the behavior of each of the plurality of IoT devices based on the traffic data and a result of the determining the abnormality and generating data for representing a plurality of clusters formed as a result of the clustering such that a first cluster corresponding to a normal behavior cluster and a second cluster corresponding to an abnormal behavior cluster are displayed on different planes, the first cluster and the second cluster being divided based on the result of the determining the abnormality. | 2022-06-16 |
20220191114 | DEVICE CLASSIFICATION - Systems, methods, and related technologies for device classification are described. In certain aspects, traffic data associated with a device and data from an external system can be accessed. The data can be processed to determine a device classification for the device. An action can be initiated based on the classification. | 2022-06-16 |
20220191115 | SYSTEMS AND METHODS TO AUTOMATICALLY PERFORM ACTIONS BASED ON MEDIA CONTENT - Systems and methods are provided for automatically responding to network connectivity issues in a media stream. One example method includes transmitting, from a first computing device, a media stream to one or more secondary computing devices. A network connectivity issue between the first computing device and one or more of the secondary computing devices is detected. If a network connectivity issue is detected, a notification is transmitted to one or more of the secondary computing devices. | 2022-06-16 |
20220191116 | TCP/IP SOCKET RESILIENCY AND HEALTH MANAGEMENT - Disclosed herein are system, method, and apparatus for account inheritance. The method performed at an application server includes receiving, via an application programming interface (API), data information received by each authorization gateway of a plurality of authorization gateways. The method includes performing calculation of an overall health of each authorization gateway of the plurality of authorization gateways based on a predetermined value of a weight assigned to each server of the plurality of servers and the value of service level corresponding to each server of the plurality of servers. The method includes balancing load of each authorization gateway of the plurality of authorization gateways by routing at least one client request message to a set of one or more authorization gateways of the plurality of authorization gateways based on the calculated overall health of each authorization gateway of the plurality of authorization gateways that is above a specific threshold value. | 2022-06-16 |
20220191117 | ENABLING A ROUND-TRIP PACKET LOSS MEASUREMENT IN A PACKET-SWITCHED COMMUNICATION NETWORK - A method for enabling a round-trip packet loss measurement between two nodes of a packet-switched communication network exchanging packets comprising a packet loss field settable to an idle value or one or more measurement values. The first node transmits to the second node first packets having the packet loss field set to a measurement value. Upon reception of each first packet, the second node transmits back to the first node a respective second packet having the packet loss field set to a measurement value. Upon reception of each second packet, the first node transmits back to the second node a respective third packet having the packet loss field set to a measurement value. A measurement point placed between the two nodes may count the number of first packets and the number of third packets and use them to provide a round-trip packet loss measurement. | 2022-06-16 |
20220191118 | SYSTEMS AND METHODS FOR MANAGING ON-SITE COMMUNICATIONS FOR LATENCY-DEPENDENT APPLICATIONS - The present disclosure is directed to systems and methods for managing on-site communications of a machine with a latency-dependent application installed. The method includes, for example, (i) receiving geographical information associated with a work site; (ii) receiving historical communications information associated with the work site; (iii) analyzing the historical communications information and the geographical information; (iv) generating an instruction for implementing the latency-dependent application of the machine based on a latency requirement of the latency-dependent application; and (v) implementing the latency-dependent application of the machine based on the instruction. The historical communications information includes a communications event, a duration of the communications event, and a frequency of the communications event. | 2022-06-16 |
20220191119 | TECHNIQUES FOR DETECTING CHANGES TO CIRCUIT DELAYS IN TELECOMMUNICATIONS NETWORKS - In various embodiments, a monitoring application assesses delays associated with a circuit within a network. The monitoring application determines a measured trip time between a first device and a second device that is connected to the first device via the circuit. The measured trip time is associated with a first variance attributable to the first device. The monitoring application performs one or more digital signal processing operations based on the measured trip time to generate a predicted trip time. The predicted trip time is associated with a second variance attributable to the first device that is less than the first variance. Based on the predicted trip time, the monitoring application determines characteristic(s) of the delay associated with the circuit. Advantageously, reducing variations attributable to the first device when generating the first predicted trip time increases the accuracy with which the monitoring application can determine the characteristic(s) of the delay. | 2022-06-16 |
20220191120 | TRAFFIC FLOW TRACE IN A NETWORK - An example network orchestrator of a SDN is configured to receive, based on a user input, credentials associated with a traffic flow. Based on the credentials, it is determined whether the traffic flow is received at an ingress overlay network node. Route information and encapsulation information of the traffic flow is extracted from the ingress overlay network node. A first set of underlay network nodes each of which is a potential next hop for the traffic flow is identified. It is determined, based on the encapsulation information, whether the traffic flow is received by one of the first set of underlay network nodes, It is determined whether the traffic flow is received at an egress overlay network node from one of the first. A network trace of the traffic flow is determined based on the determinations of whether the traffic flow is received at the ingress overlay network node, one of the first set of underlay network nodes, and the egress overlay network node. Based on the network trace, a fault in a link between network nodes or in the ingress overlay network node or in the egress overlay network node or in one of the first set of underlay network nodes is detected. | 2022-06-16 |
20220191121 | AIRCRAFT SYSTEMS WITH BUILT IN TESTS - A control system for an aircraft system can include a controller configured to connect to one or more subsystems of the aircraft system, the controller having a built-in-test (BIT) module configured to test the one or more subsystems of the aircraft system and output test data. The control system can include a wireless communication module operatively connected to the controller and configured to receive the output data and to output a wireless signal as a function of the test data. | 2022-06-16 |
20220191122 | SYSTEMS AND METHODS FOR ESTABLISHING A VIRTUALIZED CHANNEL AND COMMUNICATING THEREWITH - The present disclosure is directed to systems and methods for virtualizing communications within a plurality of telematics channels operatively connected to a target machine. The method includes (i) generating a virtualized channel in addition to the plurality of telematics channels operatively connected to the target machine; (ii) predicting one or more values for the virtualized channel based on a mathematical function derived from a first set of telematics channels of a source machine; (iii) receiving measurements from the plurality of telematics channels from the target machine; and (iv) applying the mathematical function to the target machine based upon the one or more predicted values of the virtualized channel and the received measurements from the plurality of telematics channels from the target machine. | 2022-06-16 |
20220191123 | COMMUNICATION SYSTEM TESTER AND RELATED METHODS - The present disclosure relates to systems and methods for testing communication systems. In one embodiment, a communication device tester may include a traffic disciplining subsystem to generate a first stream of data packets satisfying a metric and may communicate the first stream of data packets to a test device in a first test scenario. A delay subsystem may generate a variable delay in a second stream of data packets and communicate the second stream of data packets to the test device in a second test scenario. A data corruption subsystem may corrupt a third stream of data packets and communicate the third stream of data packets to the test device in a third test scenario. A test subsystem may determine whether the test device satisfies at least one criterion of each of the first test scenario, the second test scenario, and the third test scenario. | 2022-06-16 |
20220191124 | SOFTWARE EMULATED SWITCHING OF DUAL NETWORK DEVICES - In an environment comprising a group of servers and at least two network devices, a link fault is detected. A data cable connects each of the servers to both network devices. An active communication path from one of the network devices to the servers is determined. In response to detecting a failure of the active communication path, a second of the network devices is indicated as the active network device. The configuration is detected by the network devices based on packets received at the network devices. | 2022-06-16 |
20220191125 | METHOD AND DEVICE FOR SELECTING RECOMMENDED NODE IN BEHAVIOR DEVIATION MODEL - A method for selecting a recommended node in a behavior deviation model includes: determining a candidate path starting from a delegation node to a target node based on a preset network topology; determining candidate recommended nodes passing through each candidate path, and acquiring a first behavior deviation corresponding to the target node at each candidate node; reading a second behavior deviation of each candidate recommended node from a central node in the network topology; calculating an average deviation value for the target node based on second behavior deviations and first behavior deviations; determining a candidate path with the smallest average deviation value as a target candidate path; and in response to the average deviation value of the target candidate path being less than or equal to a preset warning value, determining the candidate recommended node on the target candidate path as a recommended node. | 2022-06-16 |
20220191126 | EDGE DEVICE WITH MULTIPLE ROUTING TABLES - Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router. | 2022-06-16 |
20220191127 | METHOD AND SYSTEM FOR PROVIDING NETWORK INGRESS FAIRNESS BETWEEN APPLICATIONS - Methods and systems are provided to facilitate network ingress fairness between applications. At an ingress port of a network, the applications providing data communications are reviewed so that and arbitration process can be used to fairly allocate bandwidth at that ingress port. In a typical process, the bandwidth is allocated based upon the number of flow channels, irrespective of the source and characteristics of those flow channels. At the ingress port, an examination of the application providing the data communication will allow for a more appropriate allocation of input bandwidth. | 2022-06-16 |
20220191128 | SYSTEM AND METHOD FOR PERFORMING ON-THE-FLY REDUCTION IN A NETWORK - A switch capable of on-the-fly reduction in a network is provided. The switch is equipped with a reduction engine that can be dynamically configured to perform on-the-fly reduction. As a result, the network can facilitate an efficient and scalable environment for high performance computing. | 2022-06-16 |
20220191129 | SYSTEMS AND METHODS FOR BUILDING WIRELESS MESH NETWORKS - Disclosed herein is a system comprising a set of wireless communication nodes that are configured to operate as part of a wireless mesh network. Each respective wireless communication node may be directly coupled to at least one other wireless communication node via a respective short-hop wireless link, and at least a first pair of wireless nodes may be both (a) indirectly coupled to one another via a first communication path that comprises one or more intermediary wireless communication nodes and two or more short-hop wireless links and (b) directly coupled to one another via a first long-hop wireless link that provides a second communication path between the first pair of wireless communication nodes having a lesser number of hops than the first communication path. A fiber access point may be directly coupled to a first wireless communication node of the set of wireless communication nodes. | 2022-06-16 |
20220191130 | OAM-BASED SUBOPTIMAL ECMP PATH DETECTION IN SOFTWARE-DEFINED FABRIC - A node of a network configured to forward packets based on network programming instructions encoded in the packets, performs a method. The method includes generating a probe packet encoded with a replication network programming instruction. The replication network programming instruction is configured to validate equal-cost multi-path (ECMP) routing in the network from the node to a destination by remotely triggering transit nodes of the network, that are traversed by the probe packet, to each perform replicate-and-forward actions. The replicate-and-forward actions include: identifying ECMP paths toward the destination; generating, for the ECMP paths, replicated probe packets that each include the replication network programming instruction; and forwarding the replicated probe packets along the ECMP paths. The method further includes forwarding the probe packet toward the destination. | 2022-06-16 |
20220191131 | HIGHLY AVAILABLE DATA-PROCESSING NETWORK FUNCTIONS FOR RADIO-BASED NETWORKS - Disclosed are various embodiments that provide highly available data-processing network functions for radio-based networks. In one embodiment, a tunnel host consistently routes network traffic associated with a range of network addresses in a radio-based network to a first instance of a data-processing network function instead of a second instance of the data-processing network function. A problem with the first instance of the data-processing network function is then detected. Additional network traffic associated with the range of network addresses is redirected from the first instance of the data-processing network function to the second instance of the data-processing network function. | 2022-06-16 |
20220191132 | METHOD FOR REESTABLISHING LABEL SWITCHED PATH, AND NETWORK APPARATUS - The present disclosure relates to a method for reestablishing a label switched path, LSP, and a network apparatus. The method is performed at a network apparatus and includes: detecting a breakage of a label distribution protocol, LDP, session between the network apparatus and a first downstream network apparatus in which the first downstream network apparatus is in a first label switched path, LSP, from the network apparatus to a destination network apparatus; calculating a second LSP from the network apparatus to the destination network apparatus, by using a constrained shortest path first, CSPF, algorithm; and replacing the first LSP with the second LSP. A LSP broke broken due to a breakage of a LDP session may be reestablished easier and quicker using the arrangements described herein. | 2022-06-16 |
20220191133 | MALLEABLE ROUTING FOR DATA PACKETS - Various implementations disclosed herein enable malleable routing for data packets. For example, in various implementations, a method of routing a type of data packets is performed by a device. In some implementations, the device includes a non-transitory memory and one or more processors coupled with the non-transitory memory. In some implementations, the method includes determining a routing criterion to transmit a set of data packets across a network. In some implementations, the method includes identifying network nodes and communication links in the network that satisfy the routing criterion. In some implementations, the method includes determining a route for the set of data packets through the network nodes and the communication links that satisfy the routing criterion. In some implementations, the method includes configuring the network nodes that are on the route with configuration information that allows the set of data packets to propagate along the route. | 2022-06-16 |
20220191134 | MALLEABLE ROUTING FOR DATA PACKETS - Various implementations disclosed herein enable malleable routing for data packets. For example, in various implementations, a method of routing a type of data packets is performed by a device. In some implementations, the device includes a non-transitory memory and one or more processors coupled with the non-transitory memory. In some implementations, the method includes determining a routing criterion to transmit a set of data packets across a network. In some implementations, the method includes identifying network nodes and communication links in the network that satisfy the routing criterion. In some implementations, the method includes determining a route for the set of data packets through the network nodes and the communication links that satisfy the routing criterion. In some implementations, the method includes configuring the network nodes that are on the route with configuration information that allows the set of data packets to propagate along the route. | 2022-06-16 |
20220191135 | DETECTING AND COMMUNICATING WITH SILENT HOSTS IN SOFTWARE-DEFINED NETWORKS - Systems, methods, and computer-readable media for discovering silent hosts in a software-defined network and directing traffic to the silent hosts in a scalable and targeted manner include determining interfaces of a fabric device that are connected to respective one or more endpoints, where the fabric device is configured to connect the endpoints to a network fabric of the software-defined network. At least a first interface is identified, where an address of a first endpoint connected to the first interface is not available at the fabric device. A first notification is transmitted to a control plane of the software-defined network based on identifying the first interface, where the control plane may create a flood list which includes the fabric device. Traffic intended for the first endpoint from the network fabric is received by the fabric device can be based on the flood list. | 2022-06-16 |
20220191136 | Label Management Method, Data Stream Processing Method, and Device - A label management method includes allocating, by a controller, a source label to a data stream, sending, by the controller, a first Border Gateway Protocol (BGP) update packet to an ingress network device on a label switching path (LSP) of the data stream, and sending a second BGP update packet to an egress network device on the LSP of the data stream, where the first BGP update packet includes a stream identifier of the data stream and the source label, and the second BGP update packet includes a mapping relationship between the source label and a source object of the data stream. | 2022-06-16 |
20220191137 | Systems and Methods for Applying SD-WAN Policies to Router-Generated Traffic - In one embodiment, a method includes receiving non-Internet Protocol (IP) traffic from one or more non-IP traffic sources. The method also includes terminating the non-IP traffic and re-originating the non-IP traffic as first IP traffic in accordance with one or more software-defined networking in a wide area network (SD-WAN) protocols. The method further includes communicating the first IP traffic to an SD-WAN link in accordance with one or more SD-WAN policies. | 2022-06-16 |
20220191138 | Method for Making Host Network Performance Requirement Programmable, Device, and System - A packet sending method that supports a host in imposing a network performance requirement includes that a network device receives a first service packet from the host, where the first service packet includes a first identifier, and the first identifier indicates a network performance requirement of the first service packet; the network device adds a segment list to the first service packet based on an element to obtain a second service packet, where the element includes the first identifier, and a forwarding path corresponding to the segment list meets the network performance requirement; and the network device forwards the second service packet through the forwarding path. | 2022-06-16 |
20220191139 | RELIABLE GENERIC ROUTING ENCAPSULATION TUNNELS - A router encapsulates a payload of a packet in a generic routing encapsulation (GRE) header that defines a connectionless GRE tunnel. The router also encapsulates the payload and the GRE header in one or more reliable transport headers associated with a connection formed using a reliable transport layer. The router conveys the packet via the connectionless GRE tunnel over the reliable transport layer. In some cases, the GRE header is a network virtualization using GRE (NVGRE) header that allows multiple NVGRE overlays to be multiplexed onto a single IP underlay tunnel. The reliable transport layer can be implemented as Transmission Control Protocol (TCP) layer, a QUIC protocol, a Stream Control Transmission Protocol (SCTP) or a QUIC protocol to establish a set of multiplexed sub-connections or streams over a single connection between two endpoints of the tunnel, or a transport layer security (TLS) cryptographic protocol. | 2022-06-16 |
20220191140 | DATA TRANSMISSION CONTROL METHOD, APPARATUS, AND STORAGE MEDIUM - A first node determines, based on a data flow identifier of a data flow and a packet header, a first data packet corresponding to an egress port same as the data flow from the to-be-transmitted data packet; obtains, based on the meta information, a meta information value corresponding to the first data packet; and when determining that the feedback trigger condition is met, sends a second data packet to a second node, where the second data packet is used to enable the second node to reduce a transmission rate of at least one data flow in data flows corresponding to the first data packet, or sends, to a third node, indication information used to reduce a transmission rate of at least one data flow in data flows corresponding to the first data packet. | 2022-06-16 |
20220191141 | ENCRYPTED TUNNEL MIGRATION - Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein. | 2022-06-16 |
20220191142 | CONGESTION DETECTION USING MACHINE LEARNING ON ARBITRARY END-TO-END PATHS - In one embodiment, a device predicts a range of bitrates expected to be required by one or more applications associated with traffic conveyed via a particular path in a network. The device obtains telemetry data indicative of observed bitrates associated with the traffic conveyed via the particular path in the network. The device identifies, a presence of congestion along the particular path in the network, by comparing the observed bitrates to the range of bitrates expected to be required by the one or more applications. The device causes at least a portion of the traffic to be re-routed from the particular path to a second path in the network, when the device identifies the presence of congestion along the particular path. | 2022-06-16 |
20220191143 | USING THROUGHPUT MODE DISTRIBUTION AS A PROXY FOR QUALITY OF EXPERIENCE AND PATH SELECTION IN THE INTERNET - In one embodiment, a device calculates one or more distributions of bitrates associated with an application whose traffic is conveyed via one or more paths in a network. The device detects throughput modes of the application, based on the one or more distributions of bitrates associated with the application. The device associates each throughput mode with a quality of experience label, to form a plurality of pairs of throughput modes and quality of experience labels. The device estimates a quality of experience metric for the application, based on a bitrate of the application and the plurality of pairs of throughput modes and quality of experience labels. | 2022-06-16 |
20220191144 | SYSTEM AND METHOD FOR LOW LATENCY NETWORK SWITCHING - A network switch and associated method of operation for establishing a low latency transmission path through the network which bypasses the packet queue and scheduler of the switch fabric. The network switch transmits each of a plurality of data packets to the identified destination egress port over the low latency transmission if the data packet is identified to be transmitted over the low latency transmission path from the ingress port to the destination egress port, and transmits the data packet to the destination egress port through the packet queue and scheduler if the data packet is not identified to be transmitted over the low latency transmission path from the ingress port to the destination egress ports. | 2022-06-16 |
20220191145 | MAINTAINING QUALITY OF SERVICE TREATMENT OF PACKETS USING SECURITY PARAMETER INDEX VALUES - Techniques for load balancing encrypted traffic based on security parameter index (SPI) values of packet headers and sets of 5-tuple values of the packet headers are described herein. Additionally, techniques for including quality of service (QoS)-type information in SPI value fields of packet headers are also described herein. The QoS-type information may indicate a particular traffic class according to which the packet is to be handled. Further, techniques for pre-configuring a backend host such that encrypted traffic may be migrated to the backend host from another backend host without causing temporary service disruptions are also described herein. | 2022-06-16 |
20220191146 | Procedures for Packet Flow Description Management - Periodic requests for to Packet Flow Description, PFD, data updates on all Application Ids generate a constant background load in several network function nodes, even if applications have not been updated. There is provided a mechanism to optimize PFD management updates in a telecommunication network, whereby PFD data for a selected number of applications are stored and updated permanently, whilst PFD data for other applications are only temporarily stored so that storage and updates are released when these other applications are not in use. A list of permanent Application Ids is configured for the most frequently used applications. When a control rule specifies an Application Id not included in the list of permanent Application Ids, the specified Application Id is included in a list of temporary Application Ids, which are periodically checked and, when not used, are removed from the list of temporary Application Ids. | 2022-06-16 |
20220191147 | Computer Program and Method for Data Communication - A computer program and method for data communication in a network having a plurality of network nodes, via which method data packets are to be transferred between communication partners over protected connections, wherein the data packets originate from at least two different sending communication partners, or senders, and wherein the sending frequencies of at least two senders, at which the senders send data packets that are to be transferred over a protected connection, differ from one another, and the sending frequencies and/or variables representing same being taken into account when finding a path for the transfer of the data packets of at least one protected connection. | 2022-06-16 |
20220191148 | TIME-SENSITIVE DATA DELIVERY IN DISTRIBUTED COMPUTING SYSTEMS - Techniques of time-sensitive data delivery in distributed computing systems are disclosed herein. In one example, a server can disseminate the same information to multiple endpoints in a distributed computing system by transmitting multiple packets to the multiple endpoints hosted on additional servers in the distributed computing system. The multiple packets individually include a header field containing a delivery time before which the packets are not forwarded to corresponding final destinations and a payload containing data representing copies of information identical to one another destined to the multiple endpoints hosted on the additional servers. | 2022-06-16 |
20220191149 | REDUCED SIZED ENCODING OF PACKET LENGTH FIELD - Implementations of the present disclosure are directed to systems and methods for reducing the size of packet headers without reducing the range of packet lengths supported. A packet header includes a fixed-width length field. Using a linear encoding, the maximum packet size is a linear function of the fixed-width length field. Thus, to expand the range of sizes available, either the granularity of the field must be decreased (e.g., by changing the measure of the field from flits to double-flits) or the size of the field must be increased (e.g., by changing the size of the field from 4 bits to 5 bits). However, by using a non-linear encoding, the difference between the minimum and maximum size can be increased without decreasing the granularity within a first range of field values and without increasing the size of the length field. | 2022-06-16 |
20220191150 | Multipoint Ethernet Bus - An industrial system for controlling backplane communication including a cluster manager linked to Input/Output modules via a multipoint low voltage differential signaling, MLVDS, bus through passive base plates. The MLVDS bus contains a transmission line and a reception line for the cluster manager. The transmission line of the MLVDS bus is shared by the Input/Output modules for receiving data transmitted by the cluster manager. The reception line of the MLVDS bus is shared by the Input/Output modules for transmitting data to the cluster manager. The Input/Output modules are synchronized in time with the cluster manager and configured to send data on the reception line of the MLVDS bus at respective scheduled time windows. | 2022-06-16 |
20220191151 | Pluggable Data Resource Management Controller - Systems, methods, and machine-readable media for defining data formats, reflecting system states of managed systems, and managing aspects of those systems via a logically centralized proxy are disclosed. Resources may be represented within a resource provider definition, a package of data format and interaction methods used to instantiate a resource provider, which is a running instance of an executable from the resource provider definition. Users may submit new resource provider definitions, view a list of definitions, and delete definitions. A resource provider service may access the resource provider definition and instantiate a resource provider. The resource provider instance instantiated from the resource provider definition exposes an API, via the resource provider service, to manage data items defined for the resource(s) in the resource provider definition. When the resource is changed, information tracking the state may be updated to reflect the new state of the managed resource. | 2022-06-16 |
20220191152 | SYSTEMS AND METHODS FOR PERFORMING SELF-CONTAINED POSTURE ASSESSMENT FROM WITHIN A PROTECTED PORTABLE-CODE WORKSPACE - Systems and methods for performing self-contained posture assessment from within a protected portable-code workspace are described. In some embodiments, an Information Handling System (IHS) may include a processor and a memory having program instructions that, upon execution, cause the IHS to: transmit, from an orchestration service to a local agent, a workspace definition that references an application, where the application comprises a first portion of code provided by a developer and a second portion of code provided by the orchestration service; and receive, from a local agent at the orchestration service, a message in response to the execution of the second portion of code within a workspace instantiated based upon the workspace definition. The second portion of code may inspect the contents of the runtime memory of the workspace upon execution, for example, by performing a stack canary check, a hash analysis, a boundary check, and/or a memory scan. | 2022-06-16 |
20220191153 | Packet Forwarding Method, Computer Device, and Intermediate Device - An intermediate device in a computer device includes a first agent unit supporting single-root input/output (I/O) virtualization (SR-IOV) and a second agent unit supporting Virtio, and the first agent unit and the second agent unit each are an agent of a function unit in a network adapter such that, a virtual machine in the computer device may use an SR-IOV technology or a Virtio technology, and does not configure two sets of independent resource pools to separately support corresponding virtualization technologies, to implement normalization of the resource pools. In addition, the intermediate device implements hardware offloading of Virtio protocol packet forwarding using hardware. | 2022-06-16 |
20220191154 | VITRUAL-ASSISTANT-BASED RESOLUTION OF USER INQUIRIES VIA FAILURE-TRIGGERED DOCUMENT PRESENTATION - In certain embodiments, document-based resolution of user inquiries may be facilitated. A predicted intent of the user is determined based on chat activity information associated with the user. A response to a user inquiry may be provided to the user via a chat interface based on the predicted intent. User response may be obtained for the response, which may indicate a failure in providing a resolution to the user (e.g., regarding a user inquiry). Upon detecting a failure in providing the resolution, a document associated with the user and matching the predicted intent may be obtained and presented to via the chat interface. The document may have content related to the predicted intent. The document may be presented as a response to the user response to seek a confirmation from the user regarding its relevance to the user inquiry. | 2022-06-16 |
20220191155 | Use of Machine-Learning Models in Creating Messages for Advocacy Campaigns - An advocacy system uses trained machine learning models to create messages that are sent to advocates or policymakers to achieve desired outcomes for an organization. Desired outcomes can include, for example: an advocate sending a message to a policymaker or legislative representative advocating in favor or the organization's position on an issue; a policymaker acting or voting in favor of the organization's position on an issue; or an advocate making a financial contribution to the organization. The machine learning models can be configured to select possible message characteristics or features that the system will include/use in creating/sending messages to/for individual senders and recipients. The machine learning models can be trained based on message characteristics, personal profile characteristics of senders/recipients, and outcomes from previously sent messages. Personal profile characteristics of senders/recipients can indicate correlations between certain message characteristics and certain outcomes of sending messages. | 2022-06-16 |
20220191156 | SYSTEM AND METHOD FOR PROVIDING DIGITAL MEDIA CONTENT WITH A CONVERSATIONAL MESSAGING ENVIRONMENT - A media server provides access to digital media content within a third-party conversational messaging environment. The media server includes one or more processors and memory storing one or more programs, including instructions for: receiving, via an application programming interface (API), information from a user's interaction within a conversation of the third-party conversational messaging environment determining, via a recommendation engine, a recommended media item based on the user's interaction within the conversation; and providing, to a device of the user, the recommended media item based on the user's interaction with the conversation. | 2022-06-16 |
20220191157 | MODIFYING AN AVATAR TO REFLECT A USER'S EXPRESSION IN A MESSAGING PLATFORM - Systems and methods are provided for facilitating the presentation of expressive intent and other status information with messaging and other communication applications. The expressive intent is based on expressive effect data associated with the message recipients and/or message senders. The expressive intent can be conveyed through avatars and modified message content. The avatars convey gestures, emotions and other status information and the presentation of the avatars can be reactive to detected state information of the message recipient(s), message sender(s) and/or corresponding messaging device(s). | 2022-06-16 |
20220191158 | METHOD AND SERVER FOR PROVIDING CONTENT LIST AND OPERATING METHOD OF USER TERMINAL - Provided are a method and server for providing a content list. The method and server for providing a content list includes: providing source content to a chat room, receiving a request for providing a content list related to the source content from a first terminal of a first member; providing at least one of a first content list including at least one keyword-related content selected from among the entire contents stored in the server based on a keyword of the source content and a second content list including at least one group-related content belonging to the same group as a group of the source content among the entire contents, receiving information on selection content selected by the first member among the contents included in the at least one content list, from the first terminal, and providing the selection content to the chat room. | 2022-06-16 |
20220191159 | DEVICE AND METHOD FOR GENERATING AN ELECTRONIC CARD - An electronic-card generating device stores profile data of a sender and character data of a virtual character corresponding to the sender. The electronic-card generating device decides an interaction mode of the virtual character according to the profile data of the sender and the character data of the virtual character, and generates an interactive electronic card according to the interaction mode of the virtual character. The interaction mode is a mixed-reality (MR) interaction mode or an augmented-reality (AR) interaction mode. The electronic-card generating device further transmits the interactive electronic card to a recipient device such that a recipient interacts with the virtual character through the interaction mode in an MR environment or an AR environment constructed by the recipient device. | 2022-06-16 |
20220191160 | MESSAGE-BASED PRESENTATION OF MICROAPP USER INTERFACE CONTROLS - In some implementations, a method may involve determining, by a computing system, that a first message sent by a system of record for delivery to a client device is indicative of a first action that can be taken with respect to the system of record. The computing system may determine at least one user interface (UI) element that is selectable to cause the system of record to take the first action, and may generate, based at least in part on the first message being indicative of the first action, at least one command that causes the client device to present the at least one UI element. | 2022-06-16 |
20220191161 | SYSTEM AND METHOD FOR REGULATING ELECTRONIC MESSAGE TRANSMISSIONS - Systems and methods for regulating electronic messages transmissions. A message delay system is disposed between one or more first entities and a second entity within at least one network. Electronic messages are received from among at least one the first entities and the second entity at one or more message arrival times. A message delay component applies a delay to each received electronic message, based on a predefined delay time common to all of the first entities and a first entity delay offset associated with a first entity that is associated with the received message. The first entity delay offset is based on a geographical origin of the first entity relative to a geographical origin of the second entity. Each delayed message is transmitted to a designated recipient via the network, where the designated recipient is among the second entity and the first entities. | 2022-06-16 |
20220191162 | NETWORK NODES AND METHODS PERFORMED THEREIN FOR HANDLING MESSAGES - A method performed by a first network node in a wireless communications network, for handling messages of a user. The first network node receives, from a second network node, one or more messages or notifications of messages associated to the user, and a respective privacy indication for each message. The first network node further handles, based on the respective privacy indication, each message or notification of message. | 2022-06-16 |
20220191163 | Facilitating Communication Between Resources In Different Network Environments - Some embodiments provide a method for connecting a client of a first network to a service of a second network. The method includes registering the service of the second network. The method then receives, from a client of the first network, a request to communicate with the service, the client not having an address of the service. The method further assigns an IP address to the service and sends the IP address to the client. Additionally, the method sends, to an inter-network hub that connects the first network and the second network, a message in order for the inter-network hub to establish a first tunnel between the inter-network hub and a first gateway associated with the client and a second tunnel between the inter-network hub and a second gateway associated with the service. | 2022-06-16 |
20220191164 | USE OF PARTIAL HASH OF DOMAIN NAME TO RETURN IP ADDRESS ASSOCIATED WITH THE DOMAIN NAME - In one aspect, a first device may include at least one processor and storage accessible to the at least one processor. The storage may include instructions executable by the at least one processor to receive, from a second device, a partial hash of a domain name. The instructions may also be executable to use the partial hash and a probabilistic data structure to identify an Internet protocol (IP) address associated with the domain name. Responsive to identifying the IP address, the instructions may be executable to transmit the IP address to the second device. | 2022-06-16 |
20220191165 | DOMAIN NAME SYSTEM SERVER DETERMINING METHOD, AND REQUEST PROCESSING METHOD, APPARATUS, AND SYSTEM - Embodiments of this application disclose a domain name system server determining method, and a request processing method, apparatus, and system. An embodiment of this application provides a domain name system server determining method, including: A session management function network element determines an address of a first domain name system server based on a first location of user equipment, where the first domain name system server is a local domain name system server that resolves a domain name of a first application into a corresponding first Internet protocol address, which is associated with the first location; and the session management function network element sends the address of the first domain name system server to a first device. | 2022-06-16 |
20220191166 | NETWORK ADDRESS RESOLUTION - A content delivery method including the operations of receiving a uniform resource locator resolution request at an authoritative name server for a domain where the uniform resource resolution request is received based, at least in part, on a host name of the uniform resource resolution request where the host name is uniquely related to a resource associated with the uniform resource resolution request. The method further including the operation of tracking a popularity of the resource based on the host name uniquely related to the resource and providing a location within a network capable of delivering the resource where the provided location is based on the popularity of the resource. | 2022-06-16 |
20220191167 | ORGANIZATIONAL MODELLING FOR ROUTING RPA RELATED SERVICES OF AN RPA CLOUD SUITE - Systems and methods for implementing an RPA (robotic process automation) cloud suite comprising a plurality of RPA related services are provided. Each of the plurality of RPA related services of the RPA cloud suite is associated with one of a plurality of nodes of a hierarchical model. A routing address for each respective RPA related service of the plurality of RPA related services is defined according to a standardized format for the RPA cloud suite based on the node associated with the respective RPA related service. | 2022-06-16 |
20220191168 | CLOUD INFRASTRUCTURE RESOURCE INFORMATION SCANNING - Systems, methods, and other embodiments associated with cloud infrastructure resource information scanning are described. In one embodiment, a computer implemented method includes scanning a cloud network computing system tenancy to, for each subdivision of a set of subdivisions of the tenancy, (i) identify an IP address range assigned to the subdivision, and (ii) identify any immediate parent subdivision to which the subdivision belongs; for each subdivision in the set of subdivisions, determining a proportion of the IP address range assigned to the subdivision that is free in the subdivision based on the identified IP address ranges and the identified parent subdivisions for the subdivision; generating a graphical user interface showing the proportion of the IP address range that is free for one or more of the set of subdivisions; and transmitting the graphical user interface for display on a computing device associated with a user. | 2022-06-16 |
20220191169 | SERVICE HANDLING IN SOFTWARE DEFINED NETWORKING BASED CONTAINER ORCHESTRATION SYSTEMS - A method by a software defined networking (SDN) controller to configure a switch to perform translation module bypass in a container orchestration system. The method includes receiving a translation rule for a flow from a load balancer, sending translation module bypass instructions to a switch in response to receiving the translation rule for the flow, where the translation module bypass instructions include instructions for the switch to stop sending packets belonging to the flow to the translation module and to apply a network address translation specified by the translation rule for the flow to the packets belonging to the flow, and send an indication to the load balancer that the packets belonging to the flow are to bypass the translation module to cause the load balancer to disable timeout processing for the flow in the translation module. | 2022-06-16 |
20220191170 | Access Point Name Configuration Method and Apparatus, and Readable Storage Medium - Provided are an Access Point Name (APN) configuration method and apparatus, and a readable storage medium. The APN configuration method includes: determining, by a terminal, an APN category of a candidate APN, wherein the APN category includes an APN used in a 5G network or an APN used in a non-5G network; determining, by the terminal, a network mode of the terminal according to a configuration parameter of the terminal, wherein the network mode includes a network mode supporting the 5G network or a network mode not supporting the 5G network; and determining, by the terminal, according to whether the APN category matches the network mode, whether to execute network access based on the candidate APN. | 2022-06-16 |
20220191171 | Methods and Systems for Efficient Encrypted SNI filtering for Cybersecurity Applications - A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets. | 2022-06-16 |
20220191172 | SYSTEMS AND METHODS FOR WEB TRAFFIC CONTROL - A system for web traffic control is provided that is based on information related to a user's previous online activity. In one embodiment, the system is able to collect information about incoming traffic, compare the information to a generated ruleset, and make and implement a decision about how to handle each request/user interaction. In one embodiment, the ruleset is based on e-commerce rules. An e-commerce rule is a unit of decision making logic based on the user's previous online activity on the e-commerce platform, e.g. “If request is to add an item to user's cart, and if user already added something to their cart less than one second ago, then block request”. In some embodiments, the rules may be executed at the firewall and/or in a web application on the e-commerce platform. In some embodiments, one or more rules may be recommended to a merchant. | 2022-06-16 |
20220191173 | SYSTEMS AND METHODS FOR PERFORMING DYNAMIC FIREWALL RULE EVALUATION - A firewall rule evaluation service scores firewall rules based on characteristics of logical objects that fall within ranges of Internet Protocol (IP) addresses corresponding to the firewall rules. Firewall rule scoring criteria may cause scores to be assigned to individual firewall rules based on an inverse relationship to quantities of discrete Autonomous Systems as well as aggregate numbers of and/or severity scores for threat intelligence flagged IP addresses granted access by individual firewall rules. The firewall rule evaluation service may further determine firewall rule recommendations for replacing firewall rules spanning multiple IP prefixes for different Autonomous Systems with more narrowly defined firewall rules that precisely encompass IP prefixes corresponding to single autonomous systems or multiple related Autonomous Systems (e.g., Autonomous Systems operated by a single trustworthy entity). | 2022-06-16 |
20220191174 | RESOURCE-PATH-BASED, DYNAMIC GROUP MEMBERSHIP SUPPORT FOR MEMBERSHIP GROUPS - In an embodiment, a computer-implemented method for providing dynamic mechanisms for resource-path-based, dynamic group membership support for local and external membership groups is described. A method comprises: detecting, by a group resolver implemented in a management and control plane, that information about an object stored in the plane was created or updated; determining whether a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group; in response to determining that a URI of the object matches a URI regular expression and other conditions specified in membership criteria created for a membership group: distributing the information about the object to network agents implemented in transport nodes to cause the network agents to automatically update a group membership policy associated with the membership group; and wherein the group membership policy affects packet forwarding behavior of a forwarding node. | 2022-06-16 |
20220191175 | DYNAMIC FILTER GENERATION AND DISTRIBUTION WITHIN COMPUTER NETWORKS - Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic. | 2022-06-16 |
20220191176 | SYSTEM AND METHOD FOR ROUTING-BASED INTERNET SECURITY - Method and system for improving the security of storing digital data in a memory or its delivery as a message over the Internet from a sender to a receiver using one or more hops is disclosed. The message is split at the sender into multiple overlapping or non-overlapping slices according to a slicing scheme, and the slices are encapsulated in packets each destined to a different relay server as an intermediate node according to a delivery scheme. The relay servers relay the received slices to another other relay server or to the receiver. Upon receiving all the packets containing all the slices, the receiver combines the slices reversing the slicing scheme, whereby reconstructing the message sent. | 2022-06-16 |
20220191177 | SYSTEM AND METHOD FOR SECURING MESSAGES - A secure method for opening network communication link/address (URL), at computer device, including identifying initiation for opening network communication link by designated browsing application, wherein the designated browsing application is configured only for presenting content of website addressed by the communication link using limited HTML code not including commands which includes at least one of: script language codes or CSS (cascading style); creating or extracting image or text of webpage associated with network communication link and presenting user with image and/or text. | 2022-06-16 |
20220191178 | METHOD AND SYSTEM FOR SECURE INFORMATION DISTRIBUTION BASED ON GROUP SHARED KEY - Disclosed is a system and a method for information distribution. The system comprises: a server for generating a group key and its corresponding key deriving parameter, wherein the server encrypts sensitive contents by using the group key to obtain encrypted information; and terminals configured to receive the encrypted information through an open channel, extract the group key, then decrypt the encrypted information by using the group key to obtain the original content. In the group forming process, each terminal encrypts its private identifier using the public key and submits the ciphertext to the server. In information distribution process, the server transmits the ciphertext of sensitive contents and the key deriving parameter to the terminals via open channel Because private information available only to respective group members is required for calculating the group key, this mechanism ensures that the sensitive content can be transmitted securely on the open channel. | 2022-06-16 |
20220191179 | Network Apparatus Controlling Method and Device - A network apparatus controlling method includes: in a device configuration stage, causing the libraries of a plurality of node devices to have the same network key; electrically connecting to the intermediary node device; obtaining the device name of the intermediary node device; according to the device name, identifying the library of the intermediary node device and the content of the library to confirm an accessing encryption process used by the library; and switching to the accessing encryption process to complete the accessing encryption process between the network apparatus controlling device and the intermediary node device such that the network apparatus controlling device can send an order data to the plurality of node devices in the mesh network via the intermediary node device. | 2022-06-16 |
20220191180 | ENCRYPTION MANAGEMENT - Aspects of the present disclosure relate to encryption management. A determination can be made whether an encryption algorithm is at-risk. In response to determining that the encryption algorithm is at-risk, data protected by the encryption algorithm can be identified. A security action can then be executed on the data protected by the encryption algorithm. | 2022-06-16 |
20220191181 | SEGMENTATION OF ENCRYPTED SEGMENTS IN NETWORKS - A first host receives a packet from a first compute node for a second compute node of a second host. The payload is larger than a maximum transmission unit size. The first packet is encapsulated with an outer header. The first host analyzes a length of at least a portion of the outer header in determining a size of an encrypted segment of the payload. Then, the first host forms a plurality of packets where each packet in the packets includes an encrypted segment of the payload, a respective encryption header, and a respective authentication value. The payload of the first packet is segmented to form a plurality of encrypted segments based on the size. The first host sends the packets to the second host and receives an indication that a packet was not received. A second packet including the encrypted segment is sent to the second compute node. | 2022-06-16 |
20220191182 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD, AND PROGRAM - An information processing system is provided, including: a sensor provided in a working machine; and a key information generator that generates key information based on one or more sensor values received from the sensor, the key information generator being provided in the working machine, the key information being used to transmit and receive information between the working machine and an external device provided outside the working machine. An information processing method and a non-transitory computer-readable recording medium are also provided. | 2022-06-16 |
20220191183 | METHOD AND APPARATUS FOR PROVIDING USER PROFILE - Disclosed are a server for providing a profile and a profile providing method performed by the server. A profile providing method performed by a server according to an example embodiment includes adding an interfacing object indicating that a user account is identity-verified to a profile interface of the user account, in accordance with the user account which is identity-verified, providing the profile interface including the interfacing object to another user account, in response to a request of the profile received from another user account, checking whether another user account is identity-verified in response to a request of certificate information of the user account received from another user account, and providing the certificate information to another user account based on whether another user account is identity-verified. | 2022-06-16 |
20220191184 | SYSTEM SECURITY INFRASTRUCTURE FACILITATING PROTECTING AGAINST FRAUDULENT USE OF INDIVIDUAL IDENTITY CREDENTIALS - A networked infrastructure is described that includes a set of programmed computing nodes, each node being configured with a processor and non-transitory computer readable media including computer-executable instructions that, when executed by the processor, facilitate a social security number registry server carrying out a method that provides an individual with the ability to remotely approve or disapprove, in real-time, the use of his/her social security number (SSN) by a relying party server. | 2022-06-16 |
20220191185 | INTEGRATION OF LEGACY AUTHENTICATION WITH CLOUD-BASED AUTHENTICATION - An identity provider of a cloud computing service provides authentication for on-premise applications that is subject to a legacy authentication protocol that differs from the cloud-based network authentication protocol used by the identity provider. The identity provider generates a security ticket for use to gain access to the on-premise application. The security ticket is embedded in a security token associated with a cloud-based network authentication protocol. A client application seeking access to the on-premise application extracts the embedded security ticket from the security token which is then used to access the on-premise application via a legacy authentication protocol. | 2022-06-16 |
20220191186 | ACCESS TO FEDERATED IDENTITIES ON A SHARED KIOSK COMPUTING DEVICE - A kiosk device is shared by many users of an organization in a sequential manner. The kiosk is provisioned so that each of the appropriate users of the organization may use it, and so that each such user may be provided with a federated identity by an external identity provider (IdP) system. The federated identity may be used to automatically provide the user with access to the user's different resources (e.g., the user's accounts on various third-party applications). An authenticator component of the kiosk device communicates with the external IdP system so as to securely and transparently provide the users with a federated identity. In order to provide additional security, the authenticator component and/or the IdP system may take into account organization-specific details when authenticating a user, such as whether a particular user is expected to be on duty with the organization at the current time. | 2022-06-16 |
20220191187 | METHOD AND SYSTEM FOR NEAR FIELD COMMUNICATION AUTHORIZATION SHARING - A computer implemented method and system for near field communication authentication sharing techniques is disclosed. The method comprises providing user credentials to access an application on a first device; sending a request to share the authentication with a second device; in response to the request, receiving an authentication code; and transmitting the authentication code to the second device, wherein sharing enables the second device to access the application on the second device without providing user credentials. | 2022-06-16 |
20220191188 | SINGLE SIGN-ON ENABLED OAUTH TOKEN - Techniques are described for providing session management functionalities using an access token (e.g., an Open Authorization (OAuth) access token). Upon successful user authentication, a session (e.g., a single sign-on session) is created for the user along with a user identity token that includes information identifying the session. The user identity token is presentable in an access token request sent to an access token issuer authority (e.g., an OAuth server). Upon receiving the access token request, the user identity token is parsed to identify and validate the session against information stored for the session. The validation can include various session management-related checks. If the validation is successful, the token issuer authority generates the access token. In this manner, the access token that is generated is linked to the session. The access token can then be used by an application to gain access to a protected resource. | 2022-06-16 |
20220191189 | ACCELERATING OCSP RESPONSES VIA CONTENT DELIVERY NETWORK COLLABORATION - Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys. | 2022-06-16 |
20220191190 | ESTABLISHING AN AD-HOC SECURE CONNECTION BETWEEN TWO ELECTRONIC COMPUTING DEVICES USING A SELF-EXPIRING LOCALLY TRANSMITTED INFORMATION PACKET - Disclosed is a computer-implemented method for establishing a secure connection between two electronic computing devices which are located in a network environment, the two electronic computing devices being a first computing device offering the connection and a second computing device designated to accept the connection, the method comprising executing, by at least one processor of at least one computer, a connection-establishing application for exchanging an information packet between the first computing device and the second computing device comprising a secret usable for establishing the connection, and evaluating a response from the second computing device for establishing the secure connection. | 2022-06-16 |
20220191191 | CRYPTOGRAPHICALLY PROTECTED PROVISION OF A DIGITAL CERTIFICATE - Provided is a method for the cryptographically protected provision of a digital certificate for a device, including the following steps: generating a one-time security ID according to a provided secret and at least one item of device-specific information; in a configuration device, transmitting the one-time security ID to the device; and in the device, generating an item of security information according to the one-time security ID; requesting a certificate by a request message, which contains an item of device-specific information and which is cryptographically protected by the security information, from an issuing authority; and at the issuing authority, checking the security information by the device-specific ID and the secret provided to the issuing authority; and transmitting a certificate to the device in the event of a positive check result. | 2022-06-16 |
20220191192 | SECOND FACTOR BASED REALM SELECTION FOR FEDERATED AUTHENTICATIONS - In an approach for authentication of a username, a processor maintains a mapping of usernames and realms. A processor receives a username and a time-based one-time password code (TOTP code) for the username based on an authentication application. A processor, upon receiving the TOTP code: determines a realm from the mapping based on the received username and the received TOTP; and requests an entry of a credential relating to the username in the realm. A processor, upon receiving of the requested credential, authenticates the username by determining that the received credential matches an expected credential for the realm. | 2022-06-16 |
20220191193 | CROSS SITE REQUEST FORGERY (CSRF) PROTECTION FOR WEB BROWSERS - Techniques are described for providing an application programming interface (API) architecture that is capable of supporting cross-site request forgery (CSRF) protection with an attribute flag in a cookie, for client devices that utilize a stateless user session to interface with an API gateway. A client device may transmit session requests received by an API gateway. The API gateway may generate a session, and a cookie including session properties associated with the session. The cookie may further include the attribute flag associated with a CSRF token. By transmitting the cookie with the attribute flag to the client device, the client device may receive and insert the cookie into subsequent requests to indicate a requirement that the subsequent requests be accompanied by the CSRF token. In this way, the API gateway may utilize the attribute flag indicating the requirement for the CSRF token to protect the client device from malicious attacks. | 2022-06-16 |
20220191194 | IDENTITY-LINKED DEVICE INFORMATION FOR USER IDENTIFICATION AND TRANSACTION PERSONALIZATION VIA MOBILE TAGGING - Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products for using identity-linked device information for user identification and transaction personalization via mobile tagging, for example validating user identity and providing a user identifier and user information for transaction personalization. A user identification and personalization system may be provided to receive an electronic data transmission, from a user device over a carrier network, indicative of prior execution of an access link having been detected and decoded from a decodable visual representation. The transmission may include identity-linked device information injected by a carrier device via a header enrichment process. The system may further determine a user identifier based on the identity-linked device information, and transmit, to the user device for forwarding to a service provider device, an authentication indication including the user identifier. The user identifier may be used for various identification/personalization applications. | 2022-06-16 |
20220191195 | GENERATING AN EVALUATION-MASK FOR MULTI-FACTOR AUTHENTICATION - In an approach to improve multi-factor authentication embodiments generate an evaluation-mask over one or more modified items on a modified image created by a generative adversarial network (GAN). Further, embodiments create a scoring grid by comparing an original image with the modified image to identify different pixels between the original image and the modified image, and overlay the evaluation-mask over the identified different pixels on the modified image. Embodiments display the modified image as a multi-factor authentication prompt to a user and prompt the user to provide a response that identifies one or more modifications in the modified image. Additionally, embodiments compute an evaluation score based on a comparison of the response from the user with the evaluation-mask, to validate the response from the user, and authenticate and grant the user access to data or other resources if the evaluation score meets or exceeds a predetermined threshold. | 2022-06-16 |
20220191196 | SYSTEM AND METHOD FOR SECURING, PERFECTING AND ACCELERATING BIOMETRIC IDENTIFICATION VIA HOLOGRAPHIC ENVIRONMENTAL DATA - An electronic platform/system and method that uses electronic data to protect itself by realizing where an individual's device is and where it is being accessed from. As the internet expands into the physical world, with every device being IP enabled and addressable, the geographic proximity, network proximity, proximity to the access point of the internet, the authentication, encryption and presentation and flow of data can be linked to an increasingly addressable and measurable physical reality, a moment in time and a proximity to other data and objects using the system and method. The data itself is IP accessible in the form of IP addressable storage devices, and subject to the same techniques. Geographic, chronological and addressable interrelationship of the data as it is packetized and distributed, and the devices as they communicate, form a fabric. In total, a holographic layer of authorization, encryption, and distribution of data can be created by spanning the fabric of IP addressable objects and data. As the number of types of these devices proliferate, it becomes geometrically more complex to replicate the local fabric. A unique encryption key, access method, authentication method, and data distribution framework is disclosed. This unique key can further be utilized to subset biometric identification such that the number of biometric signatures to be compared may be minimized, potentially down to one, thereby geometrically speeding up biometric identification while perfecting its security. | 2022-06-16 |
20220191197 | SYSTEMS AND METHODS FOR PROVIDING BLOCK CHAIN-BASED MULTIFACTOR PERSONAL IDENTITY VERIFICATION - Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys. | 2022-06-16 |
20220191198 | SYSTEM ARCHITECTURE AND DATABASE FOR CONTEXT-BASED AUTHENTICATION - An authentication correlation (AC) computing device is provided. The AC computing device includes a processor and a memory. The AC computing device receives a first authentication request from a requesting computer device including an account identifier, a first timestamp, and at least one authentication factor, and determines a first security level of the first authentication request. The AC computing device stores the first security level and the first timestamp. The AC computing device is also configured to receive a second authentication request including the account identifier and a second timestamp, determine that the second authentication satisfies an authentication rule based on the account identifier, the second timestamp, and the stored authentication data wherein the rule defines a timeframe and an authentication threshold, and generate an authentication response based on the determination and the authentication rule wherein the authentication response includes an approval indicator. | 2022-06-16 |
20220191199 | CLOUD DELIVERED ACCESS - Cloud delivered access may be provided. A network device may provide a client device with a pre-authentication virtual network and a pre-authentication address. Next, a policy may be received in response to the client device authenticating. The client device may then be moved to a post-authentication virtual network based on the policy. A post-authentication address may then be obtained for the client device in response to moving the client device to a post-authentication virtual network. Traffic for the client device may then be translated to the post-authentication address. | 2022-06-16 |
20220191200 | Pervasive Resource Identification - A method for pervasive resource identification includes receiving an authentication request from a first application service. The authentication request requests authentication of a user of a user device. The method includes obtaining device information associated with the user device of the user and generating a unique opaque identifier for the user device based on the device information. The method includes obtaining authentication credentials from the user device. The authentication credentials verify an identity of the user. In response to receiving the authentication credentials from the user device, the method includes generating an authentication token and encoding the unique opaque identifier into the authentication token. The method also includes transmitting the authentication token to the first application service. The authentication token, when received by the first application service, allows the first application service to adjust an interaction with the user device based on the unique opaque identifier. | 2022-06-16 |
20220191201 | PROCESSES AND METHOD FOR SAFE OF USE, MONITORING AND MANAGEMENT OF DEVICE ACCOUNTS IN TERMINAL MANNER - A method and structure uses a decentralized network to connect and manage multiple devices. The method includes the steps of: applying for a decentralized identity in the decentralized network, and binding the decentralized identity with a digital identity; storing a correspondingly generated binding information in the decentralized network; authorizing one of the devices, to which the digital identity is allowed to connect, and an allowable account; storing a correspondingly generated authorization information in the decentralized network; when necessary, updating and storing an authentication information of the bound digital identity in the decentralized network; retrieving the authentication information from the decentralized network through a terminal device to process certification for connecting the one of the devices. | 2022-06-16 |
20220191202 | CONSENT-BASED AUTHORIZATION SYSTEM - The subject matter of this specification can be implemented in, among other things, methods, systems, and computer-readable storage media. A method can include receiving a first request to retrieve an identifier token associated with a user account. The method can further include generating a first alphanumeric sequence associated with the user account and performing a randomization procedure on the first alphanumeric sequence to generate a second alphanumeric sequence. The method can further include generating the identifier token for a subscriber associated with the user account to provide to a second device. The method can further include receiving, from a third device, a second request including a second identifier token having a third alphanumeric sequence, the second request being associated with performing an action using sensitive data associated with the user account. The method can further include sending data including the second request to the third device. | 2022-06-16 |
20220191203 | METHODS AND APPARATUS FOR ESTABLISHING SHARED MEMORY SPACES FOR DATA ACCESS AND DISTRIBUTION - In some implementations, methods and apparatuses herein relate to generating shared memory spaces that can share files or applications between users and between user devices. A processor can allocate a first portion of a memory of a client device to serve as a shared memory space for at least one dynamic application object, and instantiating a user interface on a display associated with the client device. The user interface can be based on a content of the shared memory space and representing the at least one dynamic application object. A processor can define access rights for a user of a second electronic device for receiving a copy of the instantiated user interface. The processor can define user rights for the user for use of the at least one dynamic application object with the second electronic device. | 2022-06-16 |
20220191204 | AIR GAP-BASED NETWORK ISOLATION DEVICE - A network isolation device includes an internal network interface to connect the network isolation device to an internal network and an external network interface to connect the network isolation device to an external network. The network isolation device further includes an airgap device that operates to (i) close an air gap to connect the internal network to the external network, (ii) open the air gap to disconnect the internal network from the external network. The device further includes a signal receiver that receives a signal from a signal source, and based on the signal, performs an authentication process to determine whether the signal or the signal source are authorized. In response to determining that the signal or the signal source is authorized, the receiver operates the airgap device to close the air gap and connect the internal network to the external network. | 2022-06-16 |
20220191205 | ANALYSIS OF ROLE REACHABILITY WITH TRANSITIVE TAGS - Methods, systems, and computer-readable media for analysis of role reachability with transitive tags are disclosed. An access control analyzer determines a graph comprising a plurality of nodes and one or more edges. The nodes represent roles in a provider network hosting resources. The roles are associated with access control policies granting or denying access to individual resources. One or more of the access control policies grant or deny access based (at least in part) on one or more key-value attributes. The access control analyzer determines, based (at least in part) on a role reachability analysis of the graph, whether a first role can assume a second role using one or more role assumption steps for a particular state of the one or more attributes. The one or more attributes may comprise one or more transitive attributes that persist during the one or more role assumption steps. | 2022-06-16 |
20220191206 | ANALYSIS OF ROLE REACHABILITY USING POLICY COMPLEMENTS - Methods, systems, and computer-readable media for analysis of role reachability using policy complements are disclosed. An access control analyzer determines two nodes in a graph that potentially have a common edge. The nodes correspond to roles in a provider network, and the roles are associated with first and second access control policies that grant or deny access to resources. The access control analyzer performs a role reachability analysis that determines whether the first role can assume the second role for a particular state of one or more key-value tags. The role reachability analysis determines a third access control policy authorizing a negation of a role assumption request for the second role. The role reachability analysis performs analysis of the third access control policy with respect to a role assumption policy for the second role for the particular state of the one or more key-value tags. | 2022-06-16 |
20220191207 | IDENTIFICATION OF PERMUTATIONS OF PERMISSION GROUPS HAVING LOWEST SCORES - According to examples, an apparatus may include a processor that may identify activities of an entity on resources over a predetermined period of time, in which the entity is to use permissions assigned to the entity over the resources to perform the identified activities. The processor may also identify which of a plurality of groups of permissions includes the permissions the entity used to perform the identified activities and may determine permutations of the identified plurality of groups of permissions. The processor may further calculate respective scores for each of the determined permutations to identify permutations of the groups of permissions having the lowest scores and may output information pertaining to the determined permutations having the lowest scores. | 2022-06-16 |
20220191208 | HIGH-FIDELITY DATA MANAGEMENT FOR CROSS DOMAIN ANALYTICS - Systems for providing high-fidelity data management for cross domain analytics may include multiple components. An access management function component may control access to data stored in a data store of a business domain by a user account associated with a search engine domain. A data management function component may select based on at least one of one or more data access privileges for the user account associated with the search engine domain or one or more privacy policies, a data view of multiple data views for viewing the data, and one or more data filters for application to the data. An external API manager component may store in the data store of the business domain cross correlation information that correlates a plurality of machine learning model identifiers of machine learning models of the search engine domain with one or more corresponding business APIs of the business domain. | 2022-06-16 |
20220191209 | DEPERIMETERIZED ACCESS CONTROL SERVICE - Techniques for deperimeterized access control are described. A method of deperimeterized access control may include receiving, by a controller of a deperimeterized access control service, a single packet authorization (SPA) request for a session ticket from an agent on a electronic device, wherein the agent sends the request for the session ticket in response to intercepting traffic destined for a service associated with the deperimeterized access control service and determining that the agent does not have a session ticket for the service, authorizing the SPA request, providing a session ticket to the agent based on the request, receiving, by a gateway of the deperimeterized access control service, a request to initiate a session with a service, the request including the session ticket, validating the session ticket, and providing session parameters to the agent to be used to initiate the session between the electronic device and the service. | 2022-06-16 |