26th week of 2015 patent applcation highlights part 76 |
Patent application number | Title | Published |
20150180799 | HIERARCHICAL/LOSSLESS PACKET PREEMPTION TO REDUCE LATENCY JITTER IN FLOW-CONTROLLED PACKET-BASED NETWORKS - Methods, apparatus, and systems for implementing hierarchical and lossless packet preemption and interleaving to reduce latency jitter in flow-controller packet-based networks. Fabric packets are divided into a plurality of data units, with data units for different fabric packets buffered in separate buffers. Data units are pulled from the buffers and added to a transmit stream in which groups of data units are interleaved. Upon receipt by a receiver, the groups of data units are separated out and buffered in separate buffers under which data units for the same fabric packets are grouped together. In one aspect, each buffer is associated with a respective virtual lane (VL), and the fabric packets are effectively transferred over fabric links using virtual lanes. VLs may have different levels of priority under which data units for fabric packets in higher-priority VLs may preempt fabric packets in lower-priority VLs. By transferring data units rather than entire packets, transmission of a packet can be temporarily paused in favor of a higher-priority packet. Multiple levels of preemption and interleaving in a nested manner are supported. | 2015-06-25 |
20150180800 | QUALITY OF SERVICE (QOS) CONFIGURATION IN LOW-POWER AND LOSSY NETWORKS - In one embodiment, a distributed intelligence agent (DIA) in a computer network performs deep packet inspection on received packets to determine packet flows, and calculates per-flow service level agreement (SLA) metrics for the packets based on timestamp values placed in the packets by respective origin devices in the computer network. By comparing the SLA metrics to respective SLAs to determine whether the respective SLAs are met, then in response to a particular SLA not being met for a particular flow, the DIA may download determined quality of service (QoS) configuration parameters to one or more visited devices along n calculated paths from a corresponding origin device for the particular flow to the DIA. In addition, in one or more embodiments, the QoS configuration parameters may be adjusted or de-configured based on whether they were successful. | 2015-06-25 |
20150180801 | Method and Apparatus for Implementing and Managing Virtual Switches - In general, the present invention relates to a virtual platform in which one or more distributed virtual switches can be created for use in virtual networking. According to some aspects, the distributed virtual switch according to the invention provides the ability for virtual and physical machines to more readily, securely, and efficiently communicate with each other even if they are not located on the same physical host and/or in the same subnet or VLAN. According other aspects, the distributed virtual switches of the invention can support integration with traditional IP networks and support sophisticated IP technologies including NAT functionality, stateful firewalling, and notifying the IP network of workload migration. According to further aspects, the virtual platform of the invention creates one or more distributed virtual switches which may be allocated to a tenant, application, or other entity requiring isolation and/or independent configuration state. According to still further aspects, the virtual platform of the invention manages and/or uses VLAN or tunnels (e.g, GRE) to create a distributed virtual switch for a network while working with existing switches and routers in the network. The present invention finds utility in both enterprise networks, datacenters and other facilities. | 2015-06-25 |
20150180802 | RULE-BASED NETWORK TRAFFIC INTERCEPTION AND DISTRIBUTION SCHEME - Using a hash function, an L | 2015-06-25 |
20150180803 | NETWORK DEVICE AND INFORMATION TRANSMISSION METHOD - The application provides a network device, which includes: a main control board and a service board, where the main control board includes a processor and a switching chip, and the service board includes a physical layer component. The switching chip is connected to the physical layer component by using a system bus. The system bus consists of a SerDes link, and is configured to transmit service data and control information of a port of the physical layer component. The processor controls the port of the physical layer component by using the control information of the port of the physical layer component. The network device transmits the service data and the control information by using the system bus, so that the service board does not need to set a CPU processing the control information, thereby expanding an interface flexibly, and reducing device complexity and hardware costs. | 2015-06-25 |
20150180804 | METHOD FOR SETTING CAPACITY OF BUFFER - The present disclosure relates to method for setting capacity of buffer, the method including initializing a plurality of sub-buffers forming a main buffer (initializing step), receiving a storage frequency and a remaining capacity from the plurality of sub-buffers and comparing the storage frequency with the remaining capacity (comparison data reception step), determining whether a current storage frequency of the plurality of sub-buffers and a past storage frequency are equal (data comparison step), calculating an allocation capacity of the plurality of sub-buffers (set capacity calculation step), and re-setting the capacity of the plurality of sub-buffers using the allocation capacity calculated by the setting capacity calculation step (capacity re-setting step). | 2015-06-25 |
20150180805 | BUS CONTROL DEVICE, RELAY DEVICE, AND BUS SYSTEM - A bus control device ( | 2015-06-25 |
20150180806 | STATELESS MESSAGE ROUTING - Defining a scalable cluster for high volume message delivery and delivering messages between actors is described. Actors are mapped to virtual nodes and virtual nodes to nodes using mathematical algorithms. The mathematical algorithms are further used to determine address information of actors for message delivery. | 2015-06-25 |
20150180807 | Multi-Modal Communication Through Modal-Specific Interfaces - Technologies are described herein for providing multi-modal communication through modal-specific interfaces. In one method, a communication in a first modality is received from a first interface across a computer network. The communication is converted into a second modality. Upon converting the communication into the second modality, the communication is provided to a second interface across the computer network. | 2015-06-25 |
20150180808 | METHOD AND SYSTEM FOR CORRELATING CONVERSATIONS IN A MESSAGING ENVIRONMENT - A computer based method for correlating conversations is provided, including the steps of providing a discussion interface at an interface device, receiving an indication that one of several messages displayed at the discussion interface is part of an active conversation, providing a message entry location for imputing new messages associated with the discussion interface, and receiving new messages at the message entry location. New messages received are automatically associated with the active conversation by displaying them with a visual cue shared by all messages associated with the active conversation. | 2015-06-25 |
20150180809 | SELECTION OF A LINK IN A RECEIVED MESSAGE FOR SPEAKING REPLY, WHICH IS CONVERTED INTO TEXT FORM FOR DELIVERY - A link, called an X-Link™ and is placed in a message (SMS, MMS, email etc.) that is sent to a user and displayed on their device (e.g. mobile telephone). When the link is selected by the user, it connects the user's device to a conversion system, enabling the user to speak a reply which is then converted to a text based reply message; the reply message is then sent to the original message sender (and/or another appropriate recipient). This approach enables a text message to be responded to by voice: it is an example of an asymmetric communication. There are many circumstances where this approach is very useful—for example if the message is a SMS and the recipient does not know how to respond using SMS, or is in an environment where it is difficult (perhaps when walking or driving). | 2015-06-25 |
20150180810 | FRAMEWORK TO CONTROL AND MEASURE THE FLOW OF MESSAGES - A system and method for regulating the flow of an electronic message in a social network comprises: creating the electronic message posted by a user in a social network, associating various permissions with the electronic message, notifying the user, information relating to flow of the electronic message from the user in the social network to other user, creating the path of the electronic message flow from the user in the social network to the other user and traversing the path of the electronic message flow from the user in the social network to the other user. | 2015-06-25 |
20150180811 | SYSTEMS AND METHODS FOR CLUSTERING ELECTRONIC MESSAGES - Systems and methods for clustering electronic messages are disclosed. In some implementations, a method includes, at a computing device, responsive to a determination that a message body of a first electronic message satisfies a set of content-based clustering rules associated with a first message cluster, assigning the electronic message to the message cluster. A cluster graphic is displayed for the message cluster. The cluster graphic is characterized by (a) a first state in which messages in the message cluster are individually depicted and (b) a second state, which replaces the first state upon user input and collectively represents a plurality of messages in the message cluster. Each message in the message cluster is either (i) addressed at least to a first recipient or (ii) originates from the first recipient. | 2015-06-25 |
20150180812 | ACTIVE E-MAIL FILTER WITH CHALLENGE-RESPONSE - When a user receives potential junk e-mail from an unknown sender address, an active filter installed in or cooperating with the user's e-mail system sends a challenge e-mail back to the sender address. Unless the user receives a correct response e-mail from the sender address and/or a response that meets formal criteria, the active filter rejects the original e-mail and blocks future e-mail from that sender address. The challenge preferably includes a question that the sender must correctly answer in his response. The question is such that only humans can interpret and respond to it correctly. For example, the question may relate to and/or be incorporated in an image in the challenge. Lists of approved and blocked sender addresses are compiled. The user may directly enter addresses in the address lists. Addresses to which the user has sent e-mail may also be included directly in the approved list. | 2015-06-25 |
20150180813 | MESSAGE DELIVERY IN MESSAGING NETWORKS - In response to receipt of a request message from a requester, a reply message is created. The reply message includes a message identifier of the request message copied from the received request message. The reply message is published to each of a group of replicated message queues. The reply message is identifiable by the requester using the copied message identifier of the request message on any one of the group of replicated message queues prior to being consumed by the requester. | 2015-06-25 |
20150180814 | SYSTEM AND METHOD OF SUPPORTING CONSTRUCTIVE DISCOURSE ON COMPUTERS AND MOBILE DEVICES - A system and method to allow a user to engage in a collaborative discourse embedded in messaging platforms such as email or instant messaging, and to visualize the structure of that discourse. The system provides the ability to create and modify tree-like structures, which can represent outlines or tables of contents employed in documents. These structures take the place of traditional documents in representing the work product of a knowledge worker. These structures are related to the discourse in that messages may refer to nodes of these structures, and hence be understood to be related. It is the interplay between the creation of a structured message-based discourse and the persistent outline-form knowledge structures that allows message-based correspondence, including the reading and writing of documents, to be performed with increased efficiency and at a higher level of integration. | 2015-06-25 |
20150180815 | SYSTEM FOR PUSH SERVICE NOTIFICATION BASED ON USER HISTORY - Disclosed herein is a framework for pushing service notifications to users via selected channels that are chosen based on user history. In accordance with one aspect, the framework determines if a notification is to be sent to a particular user. The framework may further determine if the notification requires an action. If the notification requires no action, the framework may choose, from multiple channels, a channel with lowest receive time duration. The framework may then send the notification via the chosen channel. | 2015-06-25 |
20150180816 | Customized Location Notification - A location-aware device operated by a first user allows the first user to request a custom notification from a second user upon the occurrence of a custom notification event specified by the first user. The custom notifications can be sent automatically from the second user's device in a text message session, e-mail thread, as an automated telephone message or by using any other available communication mode. In some implementations, the first user can request receipt of a custom notification upon occurrence of a custom notification event that is related to a POI specified by the first user. | 2015-06-25 |
20150180817 | Short Message Distribution Center - A message distribution center (MDC) is interposed between content providers and a wireless carrier to subjectively examine and direct messages via SMTP based on desired rules (e.g., non-peak hours, paying subscribers only, etc.) using standard SMTP Gateway and other well-known protocols. The MDC includes an individual queue for each subscriber, and the provider is informed through conventional SMTP protocol messages that the short message has been accepted. If the carrier has specifically disallowed service for a particular MIN (e.g., in the case of churning), then the content provider is informed through an SMTP interchange that the recipient is invalid. An MDC provides a single mechanism for interacting with subscribers of multiple carriers, regardless of each carrier's underlying infrastructure. For the carrier, an MDC can protect their SS7 network by intelligently throttling messages and configuring message delivery parameters to be more network friendly. An MDC can receive outside a relevant wireless network recipient handset presence information. In the disclosed embodiment, a content provider communicates with the MDC using SMTP protocol messages, and the MDC communicates with wireless carriers preferably using RMI/SMPP techniques. | 2015-06-25 |
20150180818 | Interface for Product Reviews Identified in Online Reviewer Generated Content - Systems and methods for facilitating the exchange of information relating to product review data expressed by a reviewer with a social media platform or in other platforms are provided. More particularly, a reviewer can optionally surface product review data extracted from reviewer generated content. The product review data can include a sentiment expression about a product or service. The reviewer can optionally make the product review data available to a third party entity that might be interested in the product review data. An interface can be provided between the reviewer and the entity that enables the entity to interact with reviewer. For instance, the entity can offer an incentive to the reviewer for a specified use of the product review data. | 2015-06-25 |
20150180819 | PROVISION DEVICE, PROVISION METHOD, PROGRAM, AND RECORDING MEDIUM - A provision device ( | 2015-06-25 |
20150180820 | Social Data Associated with Bookmarks to Multimedia Content - Members of a social network service may share real-time comments about multimedia content they are viewing. The comments are attached to bookmarks that allow other members to view the video and add to the discussion thread. | 2015-06-25 |
20150180821 | SYSTEMS AND METHODS FOR GENERATING ELECTRONIC MEETING INVITATIONS IN VIDEO COMMUNICATIONS AND OTHER SERVICES - A method and related apparatus for generating electronic meeting invitations in video communication and other services is described, including using an agent to automatically respond to electronic meeting invitations generated by users such that the response includes the generated connection information that will allow the intended participants to access the video communication or other service. | 2015-06-25 |
20150180822 | REGISTERING CLIENT COMPUTING DEVICES FOR ONLINE COMMUNICATION SESSIONS - Registering a client computing device for online communication sessions. A registration server receives a message that has a push token that is unique to the client computing device and a phone number of the client computing device from an SMS (Short Message Service) transit device, which received an SMS message having the push token from the client computing device and determined the phone number of the client computing device from that SMS message. The registration server associates the push token and the phone number and stores it in a registration data store, which is used for inviting users for online communication sessions. | 2015-06-25 |
20150180823 | System and data card for stateless automatic configuration of IPv6 address and method for implementing the same - Disclosed are a system and data card for stateless automatic configuration of an IPv6 address and the method for implementing the same, and the method includes: an IPv6 address configuration way of a data card is set and stored according to an IPv6 address allocation strategy of a current network, after successful establishment of an IPv6 dialup connection and reception of a router advertisement request message transmitted by a terminal for acquiring a prefix address, the data card determines the set IPv6 address allocation way, and when the set IPv6 address allocation way is a static configuration way, a router advertisement response message is discarded and a valid IPv6 global unicast address is reported to the terminal. By means of the system, data card and method, it is possible to solve a problem that data transmission can not be normally performed by an existing data card implementing dialup in an Ethernet link way when interface identifiers are allocated by a network. | 2015-06-25 |
20150180824 | METHODS, APPARATUSES AND SYSTEMS FOR ASSIGNING IP ADDRESSES IN A VIRTUALIZED ENVIRONMENT - Some embodiments use proxies on host devices to capture broadcast DHCP traffic in a network. Each host in some embodiments executes one or more virtual machines (VMs). In some embodiments, a proxy operates on each host between each VM and the underlying network. For instance, in some embodiments, a VM's proxy operates between the VM and a physical forwarding element executing on the VM's host. To suppress DHCP broadcast, the proxy for a particular VM monitors the VM's traffic to detect and intercept a DHCP discover message. When the proxy receives a DHCP discover message, the proxy retrieves DHCP configuration data that was previously stored on the host for the VM. In some embodiments, the DHCP configuration data is stored on the host for the VM during the installation of the VM in response to an administrator's request or as part of an installation script that installs the VM. The DHCP configuration data in some embodiments is stored in one common data store for all the VMs that execute on the host, while in other embodiments, each VM's DHCP configuration data is stored in a DHCP data store that is uniquely maintained for the VM. In some of these latter embodiments, the data in the unique DHCP data store for a VM can easily migrate with the VM when the VM migrates from one host to another host. | 2015-06-25 |
20150180825 | METHOD OF IMS (SIP NETWORK) webRTC OPTIMIZED P2P COMMUNICATION - A WebRTC system, device and method enabling a P2P communication when both ends of a communication are WebRTC enabled devices. The system and devices also enable a WebRTC client to SIP device communication. A SIP interworking function is configured to receive a SDP1 from an originating WebRTC and obtain local media information from a media interworking function. The first SIP interworking function is configured to create a SDP2 based on the SDP1 and the local media information, create a SIP message comprising a message-body field including the SDP2 and an SIP extension header field including the SDP1, and send the SIP message to an IMS or SIP server. | 2015-06-25 |
20150180826 | Provisioning tool for a content delivery network (CDN) - A tool that allows a CDN customer, partner, or other authorized entity to create a DNS canonical name (CNAME) on the content delivery network without having to contact the content delivery network service provider directly. | 2015-06-25 |
20150180827 | SYSTEMS AND METHODS FOR MULTI-TENANT GENERIC TOP LEVEL DOMAIN DEPLOYMENT - A computer implemented method of providing registry services is disclosed. The method includes identifying one or more top level domains to be serviced; creating, by a processor, a TLD group for the one or more top level domains, wherein top level domains in the TLD group share at least one characteristic; provisioning the one or more top level domains; and registering the one or more top level domains with the TLD group. | 2015-06-25 |
20150180828 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR TOKENIZED DOMAIN NAME RESOLUTION - A method, system, and computer program product for tokenized domain name resolution are provided. The method includes receiving a tokenized domain name, where the tokenized domain name includes a domain name with one or more embedded tokens. The method also includes parsing the tokenized domain name to identify the one or more embedded tokens. The method further includes extracting the one or more embedded tokens from the tokenized domain name, and performing at least one predefined process in response to extracting the one or more embedded tokens. The method may also forward control to the domain name. | 2015-06-25 |
20150180829 | HUMAN USER VERIFICATION OF HIGH-RISK NETWORK ACCESS - Systems and methods for performing a human user test when a high-risk network access is captured by an intermediary security device are provided. According to one embodiment, when an intermediary security device identifies a high-risk network access that is potentially initiated by a human user or a piece of software running on the device of the human user, a human user test message is sent to the human user to verify that the high-risk network access was indeed initiated by the human user. After a response to the human user test message is received by the intermediary security device, it is determined if the response is a correct response to the human user test. The security device allows the high risk network access if the response is correct. | 2015-06-25 |
20150180830 | CONTEXT-AWARE NETWORK AND SITUATION MANAGEMENT FOR CRYPTO-PARTITIONED NETWORKS - This disclosure describes a context aware scalable dynamic network whereby network information concerning network elements in an untrusted (Black) network are gathered by network sensors, stored at a network sensor collector, and sent to another network sensor collector in a trusted (Red) network through a one-way guard. At the Red network, the network information from the Black network may be combined with network information from one or more Red networks. The combined network information may then be used to visualize a cross-domain network topology of both Red and Black networks, and to implement network management functions. | 2015-06-25 |
20150180831 | Bigoted IPv6 Filtering Apparatus - An apparatus accesses many locations of a store for information about a specific Internet Protocol address. A filter concentrates and condenses a diffuse population widely dispersed in a ginormous address range into a smaller storage space with controllable error rate. A cloud service acquires, aggregates, and distributes IP address data structure records from and to globally distributed network access devices. A system of filter elements operating in parallel determines a plurality of storage addresses in memory to represent Internet Protocol addresses categorized for security. A method determines a plurality of storage addresses from each Internet Protocol address so characteristics of the IP address can be accessed at the storage addresses. | 2015-06-25 |
20150180832 | SYSTEM AND METHOD FOR CONTROLLING VIRTUAL PRIVATE NETWORK ACCESS - Provided are a system and method for controlling virtual private network (VPN) access. The system includes a first VPN gateway, a second VPN gateway, a wireless local area network (WLAN) access control server configured to detect a corporate intranet connection of a wireless communication terminal connecting to a corporate intranet via the first VPN gateway, and a VPN setting change server configured to receive a request to change a VPN setting of the wireless communication terminal from the WLAN access control server and control the wireless communication terminal to change the VPN gateway currently in connection with the wireless communication terminal to the second VPN gateway in accordance with the VPN setting change request. | 2015-06-25 |
20150180833 | SYSTEM FOR THE UNIFIED ORGANIZATION, SECURE STORAGE AND SECURE RETRIEVAL OF DIGITAL AND PAPER DOCUMENTS - A method and system implements storing one or more encrypted electronic documents and document information associated therewith, organizing the one or more electronic documents to facilitate access by a user; and enabling remote secure access to the one or more electronic documents through a user device. The one or more electronic documents are a copy of one or more physical documents or a copy of documents that is not a physical document. The document information of an electronic document includes information on a location of the physical document. The electronic document(s) and the document information are stored in a separate storage databases. | 2015-06-25 |
20150180834 | SYSTEMS AND METHODS FOR INTRODUCING VARIATION IN SUB-SYSTEM OUTPUT SIGNALS TO PREVENT DEVICE FINGERPRINTING - A computer-implemented method for introducing variation in sub-system output signals to prevent device fingerprinting may include (1) intercepting, on a computing device, an output signal sent from a sub-system device on a computing device to a software component on the computing device, (2) identifying a margin of error for the output signal, (3), creating a modified output signal by introducing variation into the output signal in such a way that (a) the variation does not exceed the margin of error for the output signal and (b) the modified output signal cannot be used to identify the computing device, and (4) sending the modified output signal to the software component. Various other methods, systems, and computer-readable media are also disclosed. | 2015-06-25 |
20150180835 | SYSTEM AND METHOD FOR VERIFYING INTEGRITY OF CLOUD DATA USING UNCONNECTED TRUSTED DEVICE - The present invention provides a method and system for verifying integrity of cloud data using unconnected trusted device. The method involves requesting encrypted data though a terminal from a metadata offsite location on a cloud storage then entering encrypted data into an unconnected trusted device thereafter obtaining sentinel data from one or more predefined sentinel locations in encrypted data then requesting original data from the cloud storage through the terminal from the unconnected trusted device thereafter comparing sentinel data and original data for integrity and finally displaying the results. | 2015-06-25 |
20150180836 | CLOUD-BASED TRANSACTIONS METHODS AND SYSTEMS - Techniques for enhancing the security of a communication device when conducting a transaction using the communication device may include using a limited-use key (LUK) to generate a transaction cryptogram, and sending a token instead of a real account identifier and the transaction cryptogram to an access device to conduct the transaction. The LUK may be associated with a set of one or more limited-use thresholds that limits usage of the LUK, and the transaction can be authorized based on at least whether usage of the LUK has exceeded the set of one or more limited-use thresholds. | 2015-06-25 |
20150180837 | NETWORK SYSTEM AND NETWORKING METHOD - A network system may include a first terminal, a second terminal, and a networking auxiliary device providing a transmission key, which is invalidated when a predefined time elapses, to the first terminal and/or the second terminal. The first terminal may transmit a network key encrypted using the transmission key to the second terminal. The second terminal may decrypt the network key, encrypted using the transmission key, using the transmission key and then store the decrypted network key. The network system may improve security and readily commission the terminals. | 2015-06-25 |
20150180838 | MAJOR MANAGEMENT APPARATUS, AUTHORIZED MANAGEMENT APPARATUS, ELECTRONIC APPARATUS FOR DELEGATION MANAGEMENT, AND DELEGATION MANAGEMENT METHODS THEREOF - A major management apparatus, an authorized management apparatus, an electronic apparatus for delegation management, and delegation management methods thereof are provided. The major management apparatus generates a first and a second delegation deployment messages and respectively transmits them to the authorized management apparatus and the electronic apparatus. The authorized management apparatus encrypts an original authorized operation message into an authorized operation message by an authorization key included in the first delegation deployment message and transmits the authorized operation message to the electronic apparatus. The original authorized operation message includes an operation task message and a right level. The electronic apparatus decrypts the authorized operation message into the original authorized operation message by the authorization key included in the second delegation deployment message and performs an operation according to the operation task message and the right level. | 2015-06-25 |
20150180839 | PRIVATE DATA SHARING SYSTEM - A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data. | 2015-06-25 |
20150180840 | FIRMWARE UPGRADE METHOD AND SYSTEM THEREOF - A firmware transmission method through which a server transmits firmware, includes generating a secret key using a designated secret key generation function, encrypting original firmware using the secret key, encrypting the secret key using a public key of a reception terminal which is stored in advance, and generating a hash value by inputting the original firmware to a designated hash function, and encrypting the generated hash value using a private key of the server which is stored in advance, wherein firmware data including the encrypted original firmware, the encrypted secret key, and the encrypted hash value is transmitted to the reception terminal. Therefore, the firmware transmission method provides safe firmware upgrade. | 2015-06-25 |
20150180841 | PHYSICS-BASED KEY GENERATION - In some examples, a controller is configured to generate a key based on a physics-based output of a component. The controller may, for example, use the key to authenticate communication between at least two nodes, to encrypt data, or to decrypt data, may be generated based on a physics-based output generated a component. The output generated by the component may vary over time, such that the controller is configured to generate a different key, depending on the time at which the output from the component used to generate the key was generated by the component. In some examples, the key is not stored in a memory, and is a discrete signal that only exists in real-time while the component is active and generating the detectable output. | 2015-06-25 |
20150180842 | Secure Pairing of Devices via Pairing Facilitator-Intermediary Device - The present inventions, in one aspect, are directed to systems and circuitry for and/or methods of establishing communication having one or more pairing facilitator-intermediary devices (for example, a network connected server) to enable or facilitate pairing and/or registering at least two devices (e.g., (i) a portable biometric monitoring device and (ii) a smartphone, laptop and/or tablet) to, for example, recognize, interact and/or enable interoperability between such devices. The pairing facilitator-intermediary device may responsively communicates information to one or more of the devices (to be paired or registered) which, in response, enable or facilitate such devices to pair or register. The present inventions may be advantageous where one or both of the devices to be paired or registered is/are not configured (e.g., include a user interface or certain communication circuitry that is configured or includes functionality) to pair devices without use of a facilitator-intermediary device. | 2015-06-25 |
20150180843 | Method and System for Establishing Secure Communications Using Composite Key Cryptography - A method is disclosed for establishing a secure communication session using composite key cryptography. The method comprises generating a first plurality of secret keys all of which are known only to a first communicating party and each one of which is shared with exactly one of a plurality of stewards, and generating a second plurality of secret keys all of which are known only to a second communicating party and each one of which is shared with exactly one of the plurality of stewards. The first and second communicating parties each send information to the other through different stewards, each communication leg being encrypted using a secret key known only to the respective communicating party and steward. These communications are usable to distribute cryptographic seeds to the communicating parties for use in generating a temporary session key that can be used to encrypt direct communications between the parties. | 2015-06-25 |
20150180844 | LOW LATENCY AUTHENTICATION OF GATED MEDIA RELAY SERVICES - Media relay services are often used to establish sufficiently direct connections in order to enable provisioning of a real-time media service and/or improve the quality of real-time media services. However, media relay services are often gated using authentication systems that add undesirable delay to the delivery and/or access to a real-time media service, which in turn diminish the user experience. By contrast, various implementations disclosed herein include apparatuses, systems, and methods of providing low latency authentication of gated media relay services. For example, in some implementations, a method includes receiving a request for access to a gated media relay service, providing provisional access to the service until an authentication result is available, determining whether the requesting device is authorized to access the media relay service, and at least one of ending or continuing access to the media relay service based on the authentication result. | 2015-06-25 |
20150180845 | ELECTRONIC MAIL SYSTEM AND METHODS - Disclosed is an envelope content splitting (ECS) technology, including systems and methods, which can enable secure sending, retrieving and updating of emails. In addition, users of the ECS technology can register with a content server for obtaining a password that can be used to provide the user with access to the content server, including for storing, retrieving and updating content stored on the content server. | 2015-06-25 |
20150180846 | PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM - A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past. | 2015-06-25 |
20150180847 | Network Supporting Two-Factor Authentication for Modules with Embedded Universal Integrated Circuit Cards - A network with a set of servers can support authentication from a module, where the module includes an embedded universal integrated circuit card (eUICC). The network can send a first network module identity, a first key K, and an encrypted second key K for an eUICC profile to an eUICC subscription manager. The second key K can be encrypted with a symmetric key. The module can receive and activate the eUICC profile, and the network can authenticate the module using the first network module identity and the first key K. The network can (i) authenticate the user of the module using a second factor, and then (ii) send the symmetric key to the module. The module can decrypt the encrypted second key K using the symmetric key. The network can authenticate the module using the second key K. The module can comprise a mobile phone. | 2015-06-25 |
20150180848 | Push-Based Trust Model For Public Cloud Applications - In accordance with the exemplary embodiments of the invention there is at least a method and apparatus to perform operations including deploying, with a device of a private network, an application instance with an application web service in a cloud network; and based on the deploying, communicating with the application web service in the cloud network to establish a trust relationship with the application web service for the application instance. | 2015-06-25 |
20150180849 | Mobile token - The present invention relates to a method for establishing a shared secret between a first and a second device ( | 2015-06-25 |
20150180850 | METHOD AND SYSTEM TO PROVIDE ADDITIONAL SECURITY MECHANISM FOR PACKAGED WEB APPLICATIONS - A method for authenticating a client application attempting to access a protected resource on a resource server includes receiving a request to access the protected resource at an authorization server. The request is received from the client application authorized by a resource owner of the protected resource. Further, the method includes redirecting the request to the resource server using a redirect identifier corresponding to a redirect endpoint of the client application. The redirect identifier is intercepted by a web run time engine prior to the redirect. Furthermore, the method includes determining a match between the intercepted redirect identifier and a pre-assigned redirect identifier with the client application stored at the web run time engine to authenticate the client application prior to providing access to the protected resource. | 2015-06-25 |
20150180851 | METHOD, DEVICE, AND SYSTEM FOR REGISTERING TERMINAL APPLICATION - Embodiments of the present invention disclose a method, a device, and a system for registering a terminal application. In the embodiments of the present invention, a download address information recommending request that is sent by a first terminal and carries a terminal identifier of a second terminal is received; and recommended download address information is returned to the first terminal, where the recommended download address information includes a terminal application download address and authentication information used for performing registration, so that the first terminal sends, to the second terminal, a recommending message carrying the recommended download address information, so as to make the second terminal register according to the terminal application download address and the authentication information used for performing registration. In this solution, less time is consumed and a registration success rate is high, which helps to improve an application activating rate for a user. | 2015-06-25 |
20150180852 | RECOVERY OF MANAGED SECURITY CREDENTIALS - Disclosed are various embodiments for recovery and other management functions relating to security credentials which may be centrally managed. Account data, which includes multiple security credentials for multiple network sites for a user, is stored by a service in an encrypted form. A request for the account data is obtained from a client. The request specifies a security credential for accessing the account data. The account data is sent to the client in response to determining that the client corresponds to a preauthorized client and in response to determining that the security credential for accessing the account data is valid. | 2015-06-25 |
20150180853 | EXTENSIBLE MECHANISM FOR SECURING OBJECTS USING CLAIMS - An extensible mechanism for providing access control for logical objects in a network environment. A security broker is able to dynamically register one or more claims providers, each of which can assert one or more claims about logical objects. The claims providers may be purpose built or may be third party applications which expose data or business rules for use. Claims may be augmented by additional claims providers after the original claim is asserted. The applicability of claims may be scope limited either at the time the claims provider is registered or when the user requests that a security token be issued. | 2015-06-25 |
20150180854 | SYSTEM AND/OR METHOD FOR AUTHENTICATION AND/OR AUTHORIZATION VIA A NETWORK - The subject matter disclosed herein relates to authenticating an identity of users desiring access to an application program and determining whether an authenticated user is authorized to access one or more aspects of the application program. | 2015-06-25 |
20150180855 | DUAL CODE AUTHENTICATION SYSTEM - A verification method and system are disclosed that verify a user. The user is provided a verification code via, for example, a website, to be communicated to the system via an application on a mobile communication device. If the correct verification code is communicated by the user, the user receives via the application a verification message containing another verification code, which the user submits to a website or on-line form or to another verification system for authentication. | 2015-06-25 |
20150180856 | CAPTCHA SYSTEMS AND METHODS - Systems and methods for verifying human users through cognitive processes that computers cannot imitate are described herein. Human cognitive language processing techniques may be used to verify human users. Visual patterns and tests may be used to distinguish between humans and computers because computer-based visual recognition is fundamentally different from human visual processing. Persistent plugins and tests may be used to continuously verify human users. | 2015-06-25 |
20150180857 | Simple user management service utilizing an access token - A system including a user management service server connected to a computer network that authenticates users on behalf of an app server delivering a website or app to a user operating a user client. The system further enables the easy integration of third-party services that utilize managed user data, such as: e-commerce, advertising, payments, content management, and any kind of service that includes user-generated content. | 2015-06-25 |
20150180858 | SINGLE SIGN ON (SSO) AUTHORIZATION AND AUTHENTICATION FOR MOBILE COMMUNICATION DEVICES - Single sign on (SSO) functionality is provided across native and hybrid applications executing on a mobile communication device, such that both native and hybrid applications can access authenticated services offered through respective application servers without repeatedly providing authentication credentials. In operation, the mobile device obtains an SSO token from an SSO server providing the SSO functionality, and native applications executing on the mobile device retrieve the SSO token from memory for use in accessing authenticated services. In the case of hybrid applications, an alias is assigned to the mobile device in response to receiving a page request received from the hybrid application. The alias is associated with SSO token of the mobile device in the SSO server, and is used to provide the SSO token directly to the hybrid application from the SSO server such that the hybrid application can use the SSO token for authentication. | 2015-06-25 |
20150180859 | LOGIN REQUESTING DEVICE AND METHOD FOR REQUESTING LOGIN TO SERVER AND STORAGE MEDIUM STORING A PROGRAM USED THEREFOR - One object is to provide a simpler setup for a plurality of application programs to share information required for logins with ensured security. In accordance with one aspect, an application program according to an embodiment includes: an authentication information requesting module configured to request an authentication token from another application program used for a login included in login history; a login requesting module configured to request a login to a server using the obtained authentication token; an authentication information storing module configured to newly obtain an authentication token in response to a login and store the authentication token in a storage area for the application program; a login history recording module configured to record into the login history a login using the application program; and an authentication information providing module configured to provide to the other application program the authentication token stored in the storage area for the application program. | 2015-06-25 |
20150180860 | MULTI-ALGORITHM KEY GENERATION AND CERTIFICATE INSTALL - Techniques are disclosed for generating multiple key pairs using different algorithms and similarly installing certificates signed using the different algorithms. A customer server receives a selection of algorithms for generating a public/private key pair (e.g., RSA, ECC, DSA, etc.). The customer server generates key pairs for each selection and also generates corresponding certificate signing requests (CSR). The customer server sends the CSRs to a certificate authority (CA). The CA generates certificates associated with algorithm and sends the certificates to the customer server. The customer server may prompt a user to select one or more of the certificates to install, and upon receiving the selection, the customer installs the certificates. | 2015-06-25 |
20150180861 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING METHOD AND COMPUTER READABLE RECORDING MEDIUM STORED A PROGRAM - Information processing system includes a first certification device which executes a first temporary certification, creates a first temporary certificate, transmits it to an external device, carries out a first formal certification and creates the first formal certificate, a second certification device which executes a second temporary certification based on the first temporary certification, creates a second temporary certificate, transmits it to the external device, carries out a second formal certification and creates the second formal certificate, and a processing device which verifies a validity of the first formal certificate corresponding to the first temporary certificate and a validity of the second formal certificate corresponding to the second temporary certificate from the user, in response to a information processing request from the user and determines to execute the information processing corresponding to the information processing request based on the verification result. | 2015-06-25 |
20150180862 | METHOD OF GENERATING ONE-TIME PASSWORD AND APPARATUS FOR PERFORMING THE SAME - Disclosed is a technology related to a method of generating an OTP and an apparatus for performing the same. The method includes receiving user secret information that is input according to execution of a process of providing an OTP; authenticating the user secret information by generating a response value based on the received user secret information and a challenge value received from a user verification apparatus, and transmitting the response value to the user verification apparatus; and generating an OTP using at least one of the user secret information, the challenge value and the response value as the user secret information is authenticated, thereby effectively dealing with loss or appropriation of a user terminal and also improving the security of an OTP. | 2015-06-25 |
20150180863 | AUTHORITY MANAGEMENT SERVER AND AUTHORITY MANAGEMENT METHOD - An API counting process that sets a limit number for an API used by a client, and when an access token is issued in response to a request from an authority delegation destination and a request to verify the issued access token is received, manages an API usage limit number on a client-by-client basis in accordance with the usage limit number for each API set for the authority delegation destination, is executed. The API usage number is incremented (S | 2015-06-25 |
20150180864 | CLIENT COMPUTER, REMOTE CONTROL SYSTEM, AND REMOTE CONTROL METHOD - A client computer that is connectable to a host computer by a network, includes a communication part to communicate with the host computer; a user input part; a system part to perform a function depending on an application; and a controller to control the system part to be put into a locking state to stop performing operations input by a user from the user input part if a locking signal is received from the host computer through the communication part, and to control the communication part to unlock the locking state if an unlocking signal is received from the host computer through the communication part. | 2015-06-25 |
20150180865 | Device and method for identity authentication - A device for identity authentication is disclosed in the invention, which comprises a client and a background, wherein the client comprises a plurality of terminal units and fingerprint sensors interconnecting with each terminal unit, each fingerprint sensor includes a collection and recognition device for collecting fingerprint information and a memory for storing fingerprint information and user information of the user corresponding to the fingerprint information. the background includes a identity authentication server interconnecting with the terminal units, and multiple application servers interconnecting with the identity authentication server. The terminal units are used for registering or confirming fingerprint information collected by the fingerprint sensors to distinguish the identities of users, and transmitting the result of registering or confirming to the identity authentication server of the background and the identity authentication server decides the permissions of users on the multiple application servers according to the result. | 2015-06-25 |
20150180866 | BIOMETRIC AUTHENTICATION DEVICE AND BIOMETRIC AUTHENTICATION METHOD - A biometric authentication device includes: a function module which executes a predetermined function; a biometric information acquisition unit which acquires biometric information of a user; a distance measurement unit which measures a distance to the user to output a measured value of the distance; a storage unit which stores data representing biometric information of a registrant; a biometric authentication unit which compares the acquired biometric information of the user with the biometric information of the registrant and authenticates the user when the biometric information of the user matches the biometric information of the registrant; a determination unit which determines whether or not to allow use of the predetermined function according to a temporal change of the measured value of the distance after the user has been authenticated; and a function control unit which controls enabling and disabling of the function module based on a determination result of the determination unit. | 2015-06-25 |
20150180867 | METHOD AND APPARATUS FOR PROVIDING MULTIPLEXED SECURITY TOKEN VALUES - An approach for providing multiplexed security token values is described. A security token value multiplexing platform may determine a time interval for generating a security token value, wherein the time interval is different from a previous time interval at which a previous security token value was generated. The security token value multiplexing platform may further select an algorithm from a plurality of algorithms for generating the security token value based on the time interval. The security token value multiplexing platform may also generate the security token value using the algorithm. | 2015-06-25 |
20150180868 | Security Token Caching in Centralized Authentication Systems - Methods, systems, and devices for determining a time-expiry algorithm based on a cached and verified security token, a disposition of the security token, and a cache table, where the disposition of the security token is based on whether the received security token is a single-use token or a multiple-use token and where the cache table is selected from two separate cache tables. | 2015-06-25 |
20150180869 | CLOUD-BASED SCALABLE AUTHENTICATION FOR ELECTRONIC DEVICES - A method registers one or more electronic devices for a client account for a relying party with an authenticator. A request for access to one or more services for the client account is sent by a particular electronic device to the relying party. A request for authentication is sent from the relying party to the particular electronic device. The request for authentication is redirected to the authenticator. A signed response corresponding to the relying party is generated by the authenticator in response to the request for authentication. The signed response is forwarded to the relying party. Access to one or more requested services is granted. | 2015-06-25 |
20150180870 | Authorization Authentication Method And Apparatus - A third-party application client performs authorization authentication with a user client and a platform server. The third party application obtains an access token and an open ID. The third-party application client interacts with the platform server for information related to the user ID by using the token, calls the user client or is called by the user client according to the open ID. The third-party application client may interact with the platform server for the information related to the user ID by using the token, so that other resources or information of the user accumulated for the platform server can be used by the third-party application client continuously. | 2015-06-25 |
20150180871 | FLEXIBLE AND GENERALIZED AUTHENTICATION - Various exemplary embodiments relate to a method, network node, and non-transitory machine-readable storage medium including one or more of the following: receiving, at an authentication server, a request message including a plurality of attributes having respective attribute names and respective attribute values; retrieving a profile object that identifies a first attribute name; reading a first attribute value from a first attribute of the plurality of attribute values, wherein the first attribute carries the first attribute name; generating a first subscription identifier that carries the first attribute value; identifying a first subscriber profile that stores the first subscription identifier; and authenticating the request message based on the first subscriber profile. | 2015-06-25 |
20150180872 | SYSTEM AND METHOD FOR HIERARCHICAL RESOURCE PERMISSIONS AND ROLE MANAGEMENT IN A MULTITENANT ENVIRONMENT - A system and method is provided for managing roles-based access to resources arranged in a hierarchy. A hierarchical roles-based access control system receives a request from a user to access a particular resource. The system identifies a set of permissions for the user based on user identification information provided with the request. Specifically, each permission in the set is associated with a respective resource and one or more actions that the user is authorized to perform on that resource. The system then determines a hierarchical lineage for the particular resource in relation to each resource associated with the set of permissions, and determines whether the user is authorized to access the particular resource based, at least in part, on the hierarchical lineage. | 2015-06-25 |
20150180873 | CONTROLLING ACCESS TO IP STREAMING CONTENT - There is described a method of controlling access to IP streaming content by a plurality of receivers. The method comprises the steps of (a) for each receiver in the plurality of receivers, providing that receiver with access to first control information for that receiver to enable that receiver to access a first portion of the content; (b) identifying a receiver from the plurality of receivers as an identified receiver; (c) updating the first control information so as to provide updated control information for each receiver, the updated control information being associated with a second portion of the content; and (d) configuring each receiver to fetch the updated control information for that receiver. For the identified receiver, the updated control information is invalid such that the identified receiver is unable to fully access the second portion of the content. A server configured to carry out the method is also described. | 2015-06-25 |
20150180874 | ELECTRONIC DEVICE, METHOD, AND COMPUTER PROGRAM PRODUCT - According to one embodiment, an electronic device includes communication controller and controller. The electronic device is for a first user and a second user configured to allow logging into an operating system. The communication controller connects to one of a first network and a second network, and communicates through a connected one of the first network and the second network. The controller enables a login of the first user and disables a login of the second user while the communication controller is connected to the first network. The controller enables a login of the second user and disables a login of the first user while the communication controller is connected to the second network. The controller sets the electronic device to be usable by one of the first user logged in and the second user logged in. | 2015-06-25 |
20150180875 | PRIVILEGED STATIC HOSTED WEB APPLICATIONS - A method can include receiving a static web application at a trusted server, validating assurance characteristics of the static web application, and upon successful validation of the static web application, providing access to the static web application via a URL that identifies the static web application at a trusted server location. The static web application, when executed on the browser running on the client device, can be granted at least one permission to utilize local resources of the client device during execution of the static web application by the browser. Upon receiving a change to an object of the static web application, the validating of the assurance characteristics of the static web application, as a whole, can be performed before the change to the object is made accessible via the URL. | 2015-06-25 |
20150180876 | AUTHENTICATED DISTRIBUTION OF COPIES FROM A STORED ELECTRONIC RECORD VERIFIED PAGE BY PAGE - Exemplary embodiments of methods and systems for authenticated distribution of copies from a stored electronic record verified page-by-page are disclosed. An original digitized document file is received by way of a secure web site. A signature image unique to the document originator is uploaded to the web site. A list of authorized recipients having respective recipient identifications is obtained. A marked document file corresponding to each of the authorized recipients is generated, wherein each marked document file includes a multiplicity of pages and displays respective testimonial content and bibliographic content. Substantially each of the pages is marked with a website seal corresponding to the secure website, the signature image, and the respective recipient identification. Each marked document file may be distributed for delivery to its respective authorized recipients. Users may register so that the documents distributed to them are securely stored, re-formatable and electronically accessible by the respective user. | 2015-06-25 |
20150180877 | Cloud Based Billing, Credential, And Data Sharing Management System - A novel solution is provided that utilizes the two-credential characteristics of accessing cloud-hosted data in a portal-oriented enterprise-specific solution. Cloud computing resources may be accessed through a separate, enterprise-specific portal clients used to manage a set of cloud service accounts. Individuals (e.g., employees of the enterprise or company) may access cloud computing resources via an instance of the portal client, and any communication between individuals in an enterprise and cloud services may be facilitated through the portal. Each portal client may also be configured to be compatible with any cloud service vendor. | 2015-06-25 |
20150180878 | UNAUTHORIZED USER CLASSIFICATION - Systems, methods, and machine-readable and executable instructions are provided for unauthorized use classification. Unauthorized user classification can include assigning a user a number of life points, wherein the user is identified through an associated intemet protocol (P) address and associated browser header information. Unauthorized user classification can also include receiving a first request for a first set of data and a second request for a second set of data from the user. Unauthorized user classification can include adjusting the number of life points based an a relationship between the first request and the second request, wherein the relationship is a pattern including the first request and the second request that is used to determine whether the user is an automated user. Unauthorized user classification can include classifying the user as unauthorized when the number of life points fall below a point threshold. | 2015-06-25 |
20150180879 | GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM - A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy. | 2015-06-25 |
20150180880 | DEVICE CONTROL METHOD, DEVICE CONTROL SYSTEM, AND SERVER DEVICE - A device control method used in a device control system in which an operation terminal is used to remotely operate a device with a server device mediating between the operation terminal and the device, the device control method including: acquiring, upon reception of an operation instruction for operation of the device from the operation terminal, environment information pertaining to at least one of the device and the operation terminal; performing a determination of whether or not to cause execution of processing corresponding to the operation instruction based on whether or not the environment information satisfies a predetermined condition; and causing the device to execute an execution command for execution of the processing when a result of the determination is affirmative, and not causing the device to execute the execution command when the result of the determination is negative. | 2015-06-25 |
20150180881 | OAM SECURITY AUTHENTICATION METHOD AND OAM TRANSMITTING/ RECEIVING DEVICES - The present invention provides an operations, administration and maintenance (OAM) security authentication method and OAM packet transmitting/receiving devices. An OAM packet is authenticated by utilizing a random number and an authentication code. A threshold for the number of failed authentication is determined If the number of failed authentication is greater than the threshold, the random number will be updated. According to the present invention, OAM packets constructed by malicious users or tampered with may be detected to increase security of OAM packets and avoid a denial-of-service (DOS) attack. | 2015-06-25 |
20150180882 | METHOD FOR PROTECTING A CHIP CARD AGAINST A PHYSICAL ATTACK INTENDED TO MODIFY THE LOGICAL BEHAVIOUR OF A FUNCTIONAL PROGRAM - A functional program stored in a memory area of an electronic card may be protected against an attack by disturbance of electrical origin intended to modify at least one logic state of at least one code of this program. The method may include: a storage step during which codes of the functional program and codes of a check program intended to check the logical behaviour of the functional program are stored in the memory of the card; and a step of executing at least one code of the functional program followed by a step of checking the logic states of the functional program by executing the check program. During the storage step, the codes of the check program are stored in a memory area formed by addresses that are defined so that the attack by disturbance of electrical origin has no influence on the logic states of this program. | 2015-06-25 |
20150180883 | CONTROL FLOW GRAPH REPRESENTATION AND CLASSIFICATION - A software sample is identified that includes code and a control flow graph is generated for each of a plurality of functions included in the sample. Features are identified in each of the functions that correspond to instances of a set of control flow fragment types. A feature set is generated for the sample from the identified features. | 2015-06-25 |
20150180884 | SYSTEM AND METHOD FOR LOCAL PROTECTION AGAINST MALICIOUS SOFTWARE - A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status. | 2015-06-25 |
20150180885 | Malicious Mobile Code Runtime Monitoring System and Methods - Protection systems and methods provide for protecting one or more personal computers (“PCs”) and/or other intermittently or persistently network accessible devices or processes from undesirable or otherwise malicious operations of Java TN applets, ActiveX™ controls, JavaScript™ scripts, Visual Basic scripts, add-ins, downloaded/uploaded programs or other “Downloadables” or “mobile code” in whole or part. A protection engine embodiment provides for monitoring information received, determining whether received information does or is likely to include executable code, and if so, causes mobile protection code (MPC) to be transferred to and rendered operable within a destination device of the received information. An MPC embodiment further provides, within a Downloadable-destination, for initiating the Downloadable, enabling malicious Downloadable operation attempts to be received by the MPC, and causing (predetermined) corresponding operations to be executed in response to the attempts. | 2015-06-25 |
20150180886 | Systems and Methods for Scheduling Analysis of Network Content for Malware - A method for detecting malicious network content comprises inspecting one or more packets of network content, identifying a suspicious characteristic of the network content, determining a score related to a probability that the network content includes malicious network content based on at least the suspicious characteristic, identifying the network content as suspicious if the score satisfies a threshold value, executing a virtual machine to process the suspicious network content, and analyzing a response of the virtual machine to detect malicious network content. | 2015-06-25 |
20150180887 | LOGGING ATTACK CONTEXT DATA - Methods and systems for improved attack context data logging are provided. According to one embodiment, configuration information is received from an administrator of a network security device. The configuration information includes information indicative of a quantity of packets to be captured for post attack analysis. Responsive to receipt of the configuration information, a size of a circular buffer is configured based thereon. Multiple packets directed to a network protected by the network security device are received from an external network. The received packets are temporarily buffered within the circular buffer. An analysis is performed to determine whether one of the received packets is potentially associated with a threat or undesired activity (“trigger packet”). Responsive to an affirmative determination, contextual information is captured by extracting information regarding at least a portion of the configured quantity of packets from the circular buffer and storing the contextual information within a log. | 2015-06-25 |
20150180888 | System, Method and Computer Program Product for Making a Scan Decision During Communication of Data Over a Network - A system, method, and computer program product are provided for scanning data during communication of the data over a network. In use, a process is initiated for determining whether to scan data, during communication of the data over the network. Further, the data is conditionally scanned based on the determination. | 2015-06-25 |
20150180889 | USING NEW EDGES FOR ANOMALY DETECTION IN COMPUTER NETWORKS - Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions. | 2015-06-25 |
20150180890 | MATRIX FACTORIZATION FOR AUTOMATED MALWARE DETECTION - Disclosed herein is a system and method for automatically identifying potential malware files or benign files in files that are not known to be malware. Vector distances for select features of the files are compared to vectors both known malware files and benign files. Based on the distance measures a malware score is obtained for the unknown file. If the malware score exceeds a threshold a researcher may be notified of the potential malware, or the file may be automatically classified as malware if the score is significantly high. | 2015-06-25 |
20150180891 | USING NETWORK LOCATIONS OBTAINED FROM MULTIPLE THREAT LISTS TO EVALUATE NETWORK DATA OR MACHINE DATA - Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations. | 2015-06-25 |
20150180892 | COUNTERING SECURITY THREATS WITH THE DOMAIN NAME SYSTEM - Described herein are methods, systems, and apparatus in which the functionality of a DNS server is modified to take into account security intelligence when determining an answer to return in response to a requesting client. Such a DNS server may consider a variety of security characteristics about the client and/or the client's request, as described more fully herein. Such a DNS server can react to clients in a variety of ways based on the threat assessment, preferably in a way that proactively counters or mitigates the perceived threat. | 2015-06-25 |
20150180893 | BEHAVIOR DETECTION SYSTEM FOR DETECTING ABNORMAL BEHAVIOR - Disclosed is a behavior detection system for detecting an abnormal behavior, can perform dynamic control based on situation information and a profile of each user to cope with an element threatening security of an internal infrastructure of an enterprise, such as information leakage, in BYOD and smart work environment. The system calculates probabilities of behaviors occurring for respective connection behavior elements, calculates standard deviations of the probabilities based on weighting factors and determines whether or not the calculated behavior occurrence probabilities and behavior standard deviation correspond to a normal behavior, existence of an abnormal connection behavior in a BYOD and smart work environment is detected and an abnormal user is detected by examining whether or not an average traffic volume, an average use time and traffic volume with respect to a use time exceeds respective standard values. | 2015-06-25 |
20150180894 | DETECTING ANOMALOUS ACTIVITY FROM ACCOUNTS OF AN ONLINE SERVICE - Anomalous activity is detected using event information that is received from accounts from within an online service. Generally, anomalous activity is detected by comparing a baseline profile that includes past event information for accounts of the online service with a recent profile that includes recent event information for the accounts. Anomalous activity is detected when the recent profile shows that one or more events are occurring more frequently as compared to the occurrence of the event the associated baseline profile. The events that are recorded and used in the anomaly detection may include all or a portion of events that are monitored by the online service. One or more reports may also be automatically generated and provided to one or more users to show activity that may be considered anomalous activity. | 2015-06-25 |
20150180895 | APPARATUS METHOD AND MEDIUM FOR TRACING THE ORIGIN OF NETWORK TRANSMISSIONS USING N-GRAM DISTRIBUTION OF DATA - A method, apparatus, and medium are provided for tracing the origin of network transmissions. Connection records are maintained at computer system for storing source and destination addresses. The connection records also maintain a statistical distribution of data corresponding to the data payload being transmitted. The statistical distribution can be compared to that of the connection records in order to identify the sender. The location of the sender can subsequently be determined from the source address stored in the connection record. The process can be repeated multiple times until the location of the original sender has been traced. | 2015-06-25 |
20150180896 | COLLABORATIVE PHISHING ATTACK DETECTION - Described herein are methods, network devices and machine-readable storage media for detecting whether a message is a phishing attack based on the collective responses from one or more individuals who have received that message. The individuals may flag the message as a possible phishing attack, and/or may provide a numerical ranking indicating the likelihood that the message is a possible phishing attack. As responses from different individuals may have a different degree of reliability, each response from an individual may be weighted with a corresponding trustworthiness level of that individual, in an overall determination as to whether a message is a phishing attack. A trustworthiness level of an individual may indicate a degree to which the response of that individual can be trusted and/or relied upon, and may be determined by how well that individual recognized simulated phishing attacks. | 2015-06-25 |
20150180897 | Intermediate Trust State - Embodiments of the invention relate to implementation of an intermediate trusted state of an electronic account based upon questionable account communication(s). A profile of malicious or unauthorized activity is created, and a profile of account activity is created. As account activity takes place, the activity is assessed against one or both of the profiles to statistically determine if the activity resembles that associated with malicious or unauthorized intent. The state of the account is placed in the intermediate trusted state if the activity statistically matches the unauthorized activity profile. An authentication activity enables the trusted state to be removed and for the account activity to resume. | 2015-06-25 |
20150180898 | Method for Detection of Persistent Malware on a Network Node - The present invention relates to methods and devices for detecting persistency of a first network node ( | 2015-06-25 |