34th week of 2015 patent applcation highlights part 67 |
Patent application number | Title | Published |
20150236998 | COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR INTEGRATING A SOCIAL NETWORK INFORMATION FEED WITH A NETWORK COMMUNICATIONS APPLICATION - Disclosed are systems, apparatus, and methods for integrating an information feed. In various implementations, an identity of a user may be determined based on authentication information, where the authentication information identifies a user profile. In some implementations, profile information is identified based on the determined identity, where the profile information identifies one or more entities tracked using one or more information feeds associated with the user profile, and where the one or more information feeds comprises one or more feed items stored in a database system. In various implementations, the identified profile information is associated with a user account provided by a network communications application. | 2015-08-20 |
20150236999 | JOINT COMMUNICATION SESSIONS - Online communication sessions may be joined in an environment that includes receiving a first communication between a first user and a second user and enabling the rendering of the first communication at devices associated with the first and second users. A second communication between the first user and a third user is received and the rendering of the second communication at devices associated with the first and third users is enabled. After receiving the first and second communications, a trigger to join at least the communication sessions associated with the first, second, and third users is received from the first, second, or third user. Information structured and arranged to render, in a single window, text associated with the first and second communications at the devices associated with the first, second, and third users is generated. | 2015-08-20 |
20150237000 | ENABLING MAPPING IDENTIFICATION OF ONLINE IDENTITIES BETWEEN DIFFERENT MESSAGING SERVICES - A method and system for populating identities in a message service involves registering a user of a first messaging service with a second messaging service. User identities for users other than the registered user may be identified. These user identities may be associated with the first messaging service and may be stored in a list associated with the registered user. It is determined if each identified user identity has a matching user identity associated with the second messaging service. If so, a database associated with the second messaging service is populated with the matching user identities. Determining whether a matching user identity exists may be performed, for example, by making character strings comparisons between user identities or using a database that stores a mapping of first messaging service user identities to second messaging service user identities. The mapping database may be generated as corresponding user identities are discovered. | 2015-08-20 |
20150237001 | METHOD OF AND SYSTEM FOR PROVIDING A CLIENT DEVICE WITH AN AUTOMATIC UPDATE OF AN IP ADDRESS ASSOCIATED WITH A DOMAIN NAME - Method of providing client device with automatic update of an IP address associated with domain name, comprising: If domain name is member of second set being subset of first set, obtaining by server from first domain name resolution service a first IP address. If domain name is member of third set being subset of second set, sending to client device first IP address. If domain name is member of second set, and if second IP address associated with domain name being different from first IP address is obtainable by server from second domain name resolution service, obtaining by server from second domain name resolution service second IP address. If domain name is member of third set, sending to client device second IP address without server having received from client device request for an IP address associated with domain name after server has sent to client device first IP address. | 2015-08-20 |
20150237002 | Centralized Configuration with Dynamic Distributed Address Management - The present disclosure discloses a network device and/or method for centralized configuration with dynamic distributed address management. The disclosed network device receives, at a first network node, a range of sub network addresses and a specified size for a sub network. The disclosed network device then divides the range of sub network addresses into a plurality of sub-ranges of sub network addresses based on the specified size. Further, the network device allocates the plurality of sub-ranges of sub network addresses to a plurality of sub networks, and transmits an allocated sub-range of sub network addresses to a corresponding sub network at a second network node through an established secure communication channel. Moreover, the network device can retrieve a profile template that includes the range of sub network addresses and the specified size of the sub network; and create a profile based on the profile template. | 2015-08-20 |
20150237003 | COMPUTERIZED TECHNIQUES FOR NETWORK ADDRESS ASSIGNMENT - Computer-implemented systems, methods, and computer-readable media are provided for assigning an IP address to a client device through an authentication process without needing to receive a dynamic host configuration protocol (DHCP) discover message to trigger the authentication process. In accordance with some embodiments, a message requesting assignment of an IP address to the client device is received, and a determination is made that identification information for the client device is not stored in a storage device. A request for authentication of the client device is then sent in response to the determination. An indication that the server authenticated the client device is received in response to the request, and the network address is assigned to the client device in response to the indication. | 2015-08-20 |
20150237004 | METHODS AND APPARATUS FOR PROVIDING HIGH SPEED CONNECTIVITY TO A HOTEL ENVIRONMENT - One or more processors are configured to associate a first local IP address with a computer while the computer is connected to a first network access node thereby providing the computer with access to a network. The first local IP address is one of a plurality of local IP addresses used on the network. The one or more processors monitor transmissions received from the first network access node to determine when the computer requests an Internet transaction. When the computer requests an Internet transaction, a first one of the globally unique IP addresses is associated with the first local IP address thereby allowing the computer to conduct the Internet transaction. The first globally unique IP address is disassociated from the first local IP address after termination of the Internet transaction and is then available for association with any of the local IP addresses used on the network. | 2015-08-20 |
20150237005 | ADDRESS PROCESSING - According to an example, an address may be processed through snooping, by a network device, of a packet sent from a DHCP client for confirming whether an IP address is available and recording a temporary snooping table item associated with the IP address according to the snooped packet. In addition, at least one packet for applying for the IP address may be generated according to the snooped packet, a DUID of a DHCP server may be added to the at least one packet for applying for the IP address and the at least one packet may be sent to a DHCP server. In response to the DHCP server confirming that the IP address is available, at least one reply packet may be received from the DHCP server and the IP address may be recorded. | 2015-08-20 |
20150237006 | Method and Device for Sending Cloud Server Address - A method for sending a cloud server address to a desktop cloud terminal, where a terminal management server receives a request message from a desktop cloud terminal, obtains, by means of parsing, an address of the desktop cloud terminal carried in the request message, queries a mapping table according to the address of the desktop cloud terminal, acquires an address of a cloud server accessible to the desktop cloud terminal, generates a request response message, and sends the request response message to the desktop cloud terminal, where the request response message carries the address of the cloud server accessible to the desktop cloud terminal. Therefore a system administrator does not need to manually configure the cloud server address on the terminal management server for the desktop cloud terminal, and a desktop cloud terminal user does not need to manually configure the desktop cloud terminal. | 2015-08-20 |
20150237007 | METHOD, DEVICE, AND SYSTEM FOR AUTOMATICALLY SELECTING IPV6 ADDRESS TRANSMISSION MODE - A method, device, and system for automatically selecting an IPv6 address transmission mode are provided. The method includes a Gateway General Packet Radio Service (GPRS) Support Node (GGSN) device adding an identifier of a currently adopted address allocation mode through configuration, and informing it to a mobile terminal; the mobile terminal device obtaining IPv6 address identifier information issued by the GGSN device after completing Packet Data Protocol (PDP) context activation; the mobile terminal device sending a standard router solicitation (RS) message to the GGSN device; the GGSN device attaching the currently adopted address allocation mode when responding with allocated IPv6 address prefix information to the mobile terminal device; and the mobile terminal device analyzing the current address allocation mode sent by the GGSN device, and determining whether the current address allocation mode is to allocate a unique identifier or a unique prefix, and then executing corresponding processing. | 2015-08-20 |
20150237008 | MULTI-SERVICES GATEWAY DEVICE AT USER PREMISES - An application gateway including application service programming logically positioned on a user premises side of a network demarcation forming an edge of the wide area network at a user premises can provide managed services to a user and one or more endpoint devices associated with the application gateway. The application gateway can be controlled remotely by the application service provider through a service management center and configured to execute an application service provided from the application service provider. The application gateway executes the application service at the user premises independent of application services executing on the application service provider's network. An application service logic manager can communicate with an application service enforcement manager to verify that the request conforms with policy and usage rules associated with the application service in order to authorize execution of the application service on the application gateway, either directly or through endpoint devices. | 2015-08-20 |
20150237009 | Secure Network Tunnel Between A Computing Device And An Endpoint - The present disclosure presents a system, method and apparatus herein enabling secure coupling of a computing device, such as a mobile device with an endpoint, such as an application server. The computing device can include any electronic device such as a computer, a server, an application server, a mobile device or tablet. The endpoint can be any electronic device as well that is located within an enterprise network. In at least one embodiment, the secure coupling of the mobile device with a computing device can include a security gateway server. In one example, the security gateway server can be a tunnel service server. In another embodiment, an application server can include a tunnel service module to provide the secure coupling with the mobile device. | 2015-08-20 |
20150237010 | LOW LATENCY SERVER-SIDE REDIRECTION OF UDP-BASED TRANSPORT PROTOCOLS TRAVERSING A CLIENT-SIDE NAT FIREWALL - Systems, methods, and machine-readable media for low latency server-side redirection of User Datagram Protocol (UDP)-based transport protocols traversing a client-side Network Address Translation (NAT) are provided. A request may be sent from a client for a data resource to a first server. The data resource may be received from a second server that has not been previously connected to the client. Receiving the data resource from the second server may be facilitated by the first server through redirecting the request to the second server and providing for the second server to connect to the client and directly respond to the request. The first server may lack at least one of the requested data resource or resources for providing the requested data resource. | 2015-08-20 |
20150237011 | SYSTEM AND METHOD FOR PROFILE BASED FILTERING OF OUTGOING INFORMATION IN A MOBILE ENVIRONMENT - A system and method in one embodiment includes modules for detecting an access request by an application to access information in a mobile device, determining that the application is a potential threat according to at least one policy filter, and blocking a send request by the application to send the information from the mobile device without a user's consent. More specific embodiments include user selecting the information through a selection menu on a graphical user interface that includes information categories pre-populated by an operating system of the mobile device, and keywords that can be input by the user. Other embodiments include queuing the send request in a queue with other requests, and presenting an outbox comprising the queue to the user to choose to consent to the requests. The outbox includes graphical elements configured to permit the user to selectively consent to any requests in the queue. | 2015-08-20 |
20150237012 | FILTERING NETWORK DATA TRANSFERS - Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets. | 2015-08-20 |
20150237013 | SPECIFYING POINT OF ENFORCEMENT IN A FIREWALL RULE - Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). | 2015-08-20 |
20150237014 | METHOD AND APPARATUS FOR DISTRIBUTING FIREWALL RULES - Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). | 2015-08-20 |
20150237015 | PROVISIONING FIREWALL RULES ON A FIREWALL ENFORCING DEVICE - Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). | 2015-08-20 |
20150237016 | PGP ENCRYPTED DATA TRANSFER - Example embodiments perform on-the-fly delivery of PGP encrypted data. A large data file is broken into chunks which are encrypted and delivered to a pipe object. The bytes of a chunk are read from the pipe object in the same order as they were written. Header and footer packets are prepared and delivered. | 2015-08-20 |
20150237017 | Communication Information Transmitting Process and System - It discloses a type of communication information transmitting process and system, which belongs to the field of communication technology. The process comprises: acquire selected fingerprint information of communication information receiving terminal, makes use of the fingerprint information of communication information receiving terminal to conduct identity authentication. After identity authentication of communication information receiving terminal is successfully completed, acquire communication information input by the user; wherein, the communication information comprises E-mail or SMS; transmit the communication information to FingerQ Information Exchange Platform, which encrypts communication information, and transmit encrypted communication information to said communication information receiving terminal. The system comprises: communication information transmitting terminal and FingerQ Information Exchange Platform. This invention makes communication information not easily be acquired by a third party; moreover acquired communication information is encrypted with high degree of safety. | 2015-08-20 |
20150237018 | METHOD FOR SECURELY CONFIGURING CUSTOMER PREMISE EQUIPMENT - A method for securely configuring a customer premise equipment in a network. The network including a configuration server, a DHCP server, and the customer premise equipment. The method includes receiving a request from the customer premise equipment for leasing an Internet Protocol (IP) address to the customer premise equipment. The method further includes embedding at least a portion of a Media Access Control (MAC) address of the customer premise equipment into the IP address leased to the customer premise equipment. The method includes leasing the IP address to the customer premise equipment. Further, the method enables authentication of customer premise equipment, before providing configuration to the customer premise equipment. The method includes use of characteristic attributes of the customer premise equipment to generate cryptographic keys for secure connection. Moreover, the method includes establishing a secure connection between the configuration server and the customer premise equipment for transfer of a configuration file and a set of encryption keys. The configuration file and the set of encryption keys are used to securely configure the customer premise equipment. | 2015-08-20 |
20150237019 | SYSTEM AND METHOD FOR MERGING ENCRYPTION DATA USING CIRCULAR ENCRYPTION KEY SWITCHING - A method for data privacy in a distributed communication system, in which a plurality of client terminals are arranged in a ring configuration merges encrypted streaming data using circular encryption key switching and without sharing any private keys in a distributed communication system. The merged data is then sent to client terminals to be further process by respective client terminals. | 2015-08-20 |
20150237020 | SYSTEM AND METHOD FOR OPERATING ON STREAMING ENCRYPTED DATA - Method for data privacy in a distributed communication system includes: receiving first and second encrypted data from first and second client terminals, each having a different data representation; analyzing the first and second data representations to determine a common data representation; translating the first and second encrypted data to a shared data representation using the common data representation; performing operations on the first encrypted data and second encrypted data to generate a first and second operated encrypted data; reverting the first operated encrypted data back to said first data representation and sending the reverted first encrypted date to the first client terminal for decryption by the first client terminal; and reverting the second operated encrypted data back to said second data representation and sending the reverted second encrypted date to the second client terminal for decryption by the second client terminal. | 2015-08-20 |
20150237021 | METHOD AND APPARATUS FOR QUERYING CONTENT PROTECTED BY IDENTITY-BASED ENCRYPTION - An approach is provided for reducing communication traffic/cost and protecting content by applying recipient criteria in identity-based encryption. A criterion application of a querier causes, at least in part, transmission of a query associated with a first user described according to a first set of criteria. Based on the query, the criterion application of the querier receives one or more second sets of criteria associated with respective second users, wherein the second sets of criteria are matched, at least in part, to the first set of criteria, and wherein at least one of the second sets of criteria is used as a public key for encrypting data according to an identity-based encryption scheme. A criterion application of an information store receives the query associated with the first user, and matches one or more second sets of criteria with all or part of the first set of criteria. | 2015-08-20 |
20150237022 | SYSTEM AND METHOD EMPLOYING AN AGILE NETWORK PROTOCOL FOR SECURE COMMUNICATIONS USING SECURE DOMAIN NAMES - A system for connecting a first network device and a second network device includes one or more servers. The servers are configured to: (a) receive, from the first network device, a request to look up a network address of the second network device based on an identifier associated with the second network device; (b) determine, in response to the request, whether the second network device is available for a secure communications service; and (c) initiate a virtual private network communication link between the first network device and the second network device based on a determination that the second network device is available for the secure communications service, wherein the secure communications service uses the virtual private network communication link. | 2015-08-20 |
20150237023 | SCALABLE NETWORK APPARATUS FOR CONTENT BASED SWITCHING OR VALIDATION ACCELERATION - A network apparatus is provided that may include one or more security accelerators. The network apparatus also includes a plurality of network units cascaded together. According to one embodiment, the plurality of network units comprise a plurality of content based message directors, each to route or direct received messages to one of a plurality of application servers based upon the application data in the message. According to another embodiment, the plurality of network units comprise a plurality of validation accelerators, each validation accelerator to validate at least a portion of a message before outputting the message. | 2015-08-20 |
20150237024 | ITERATIVE DATA SECRET-SHARING TRANSFORMATION - Provided are a method, system, and article of manufacture for iterative data secret-sharing transformation and reconversion. In one aspect, data secret-sharing transformation and reconversion is provided in which each bit of an input stream of bits of data is split, on a bit by bit basis, into a pair of secret-sharing bits, and the secret-sharing bits of each pair of secret-sharing bits are separated into separate streams of secret-sharing bits. In this manner, one secret-sharing bit of each pair of secret-sharing bits may be placed in one stream of secret-sharing bits and the other secret-sharing bit of each pair may be placed in another stream of secret-sharing bits different from the one stream of secret-sharing bits. Confidentiality of the original input stream may be protected in the event one but not both streams of secret-sharing bits is obtained by unauthorized personnel. In another aspect, for an input stream of N bits, each received bit of the N bits of the input stream of data, may be interatively split, on a bit by bit basis, into a pair of secret-sharing bits, to generate as few as N+1 secret-sharing bits from the input stream of bits N bits. Other features and aspects may be realized, depending upon the particular application. | 2015-08-20 |
20150237025 | STORING A KEY TO AN ENCRYPTED FILE IN KERNEL MEMORY - Storing a key to an encrypted file in a kernel memory is disclosed. Authentication data may be received and authentication credentials of the authentication data may be stored in a file. The file may be encrypted and a key to the encrypted file may be generated. The encrypted file may be stored in a user space and the key may be stored in a kernel space. The key may be retrieved from the kernel space and applied to the encrypted file in the user space to decode the encrypted file and subsequently access the authentication credentials stored in the encrypted file. | 2015-08-20 |
20150237026 | System And Method For Secure Transactions - The present disclosure describes systems and methods directed towards a highly secure and intelligent, end to end provisioning, authentication, and transaction system which creates and/or consolidates user data for a unified profile for the user (e.g., a person, place, organization, object, etc.) to allow for the safe, secure, and verifiable exchange of information. | 2015-08-20 |
20150237027 | APPARATUS, METHOD AND SYSTEM FOR CONTEXT-AWARE SECURITY CONTROL IN CLOUD ENVIRONMENT - An apparatus, method and system for context-aware security control in a cloud environment are provided. The apparatus includes an authentication header inspection unit and a packet data processing unit. The authentication header inspection unit generates an authentication header based on the received context information and key of a user, compares the generated authentication header with the authentication header of packet data received from a remote user terminal, and outputs the results of the comparison. The packet data processing unit performs one of the transmission, modulation and discarding of packet data from the cloud server of a cloud service network based on the results of the comparison by the authentication header inspection unit. | 2015-08-20 |
20150237028 | OPERATING SYSTEM MONITORING AND PROTECTION METHOD UTILIZING A VARIABLE REQUEST STRING GENERATOR AND RECEIVER ALGORITHM - A novel method of monitoring and protecting on-line computer access from intrusions (hackers, viruses, worms, etc.) through the through the implementation of a specific algorithm that permits continuous and direct communication with both the user computer's operating system and the accessed server (at multiple contact points) for verification purposes during any on-line access event. The overall system depends on a string variable algorithm method that accords a contact point identifications to and for all operating systems and servers monitored thereby in order to provide a four-level protection system to allow for instantaneous and reliable recognition and identification of all components within such transactions by initiating electronic communication between the server and the algorithm system, the algorithm system and the operating system, and, ultimately, the operating system and the server. | 2015-08-20 |
20150237029 | SYSTEMS AND METHODS FOR IMPORTING RELATION CHAIN AND PROVIDING CONTACT INFORMATION - A computer system, serves as a first platform, provides a user with a first user account on the first platform. The user has a second user account on a second platform; the second user account includes a second contact identification associated with a contact of the user on the second platform; and the contact has a first contact account on the first platform associated with a first contact identification. The computer system also acquires the second contact identification from the second platform; acquires account information of the first contact account based on the second contact identification; and provides the account information of the first contact account to the user. | 2015-08-20 |
20150237030 | Method and Apparatus for Processing Authentication Request Message in a Social Network - A method and an apparatus for processing an authentication request message in a social network are provided. To improve the inefficiency of existing technology in processing user authentication and request to establish social relationship as well as inadequacy of parameters available for said authentication, the disclosed method includes a social network server detecting an authentication request message sent by a first client to a second client requesting to establish a social relationship with the second client. The social network server obtains information social attributes that are common to the first client and the second client, forwards the authentication request message, and sends the obtained information of common social attributes to the second client. The social attribute information is used by the second client to decide whether or not to authenticate the authentication request message. | 2015-08-20 |
20150237031 | SECURE AUTHENTICATION IN A MULTI-PARTY SYSTEM - An authentication server transmits a random number to and receives a other information from a service provider. Later, the first random number is received from a requester and a provider identifier, the received other information and provider authentication policy requirements are transmitted to the requester. A user identifier and validation information are received from the requester. The received validation information is determined to correspond to the provider authentication policy requirements, and compared with stored user validation information associated with the received user identifier to authenticate the requester. A message, including both the random number and other information, signed with a credential of the requesting user is received and transmitted to the first provider. | 2015-08-20 |
20150237032 | METHOD AND APPARATUS FOR AUTHENTICATING A COMMUNICATION DEVICE - A method and apparatus for authenticating a communication device is disclosed. An system that incorporates teachings of the present disclosure may include, for example, an authentication system having a controller element that receives from a communication device over a packet-switched network a terminal ID and a request to authenticate said communication device, generates a first registration ID, stores the first registration ID and a first communication identifier, transmits the first registration ID to the communication device, receives from an interactive response system a second communication identifier and a second registration ID that the interactive response system received during a communication session with the communication device over a circuit-switched network, and authenticates the communication device in response to detecting a match between the first and second communication identifiers and the first and second registration IDs. Additional embodiments are disclosed. | 2015-08-20 |
20150237033 | Creating Awareness of Accesses to Privacy-Sensitive Devices - Techniques for providing intuitive feedback to a user regarding which applications have access to a data stream captured by a privacy-sensitive device, such as a camera, a microphone, a location sensor, an accelerometer or the like. These techniques apprise the user of when an application is receiving potentially privacy-sensitive data and the identity of the application receiving the data. In some instances, this feedback comprises a graphical icon that visually represents the data stream being received and that dynamically alters with the received data stream. For instance, if an application receives a data stream from a camera of a computing device of the user, the described techniques may display an image of the video feed captured by the camera and being received by the application. This graphical icon intuitively alerts the user of the data stream that the application receives. | 2015-08-20 |
20150237034 | METHOD AND SYSTEM FOR ACCESSING DATA IN A DISTRIBUTED NETWORK SYSTEM - Disclosed are a method and a system for accessing data by a client device in a distributed network system having a central server system, at least one client device, and at least one business object server. The client device and business object server are coupled to the central server system via a communication network. In the business object server, a number of business objects are stored. Each business object server includes a number of offices; each business object is assigned to an office in the respective business object server. The central server system receives an access request message, which includes at least one unique client identifier; the central server system determines at least one access authorization by means of the client identifier, and generates access instructions for the business objects, which the client device is allowed to access. The business objects are read and are transmitted to the client device. | 2015-08-20 |
20150237035 | Securing Organizational Computing Assets over a Network Using Virtual Domains - A method for connecting to a trust broker system is disclosed. The electronic device stores encrypted identifying information for a plurality of client systems authorized to interact with the server system, wherein the encrypted identifying information is changed per client system per session. The electronic device creates a plurality of virtual domains; each virtual domain representing a set of services and information distinct from the other virtual domains. The electronic device stores permissions associated with each respective client system in the plurality of client system. The electronic device receives a request from a first client system, including encrypted identifying information associated with the first client system, for information associated with a first virtual domain and then retrieves stored permissions of the first client system based on the encrypted identifying information. The electronic device determines whether the first client system is permitted to access the requested first virtual domain. | 2015-08-20 |
20150237036 | INDUSTRIAL PROTOCOL SYSTEM AUTHENTICATION AND FIREWALL - Aspects of the present invention provide machines, systems, and methods in which industrial control systems may be secured from compromise and/or disruption via authentication and firewall. In particular, an industrial controller may: randomly generate an exchange key and send the exchange key to a client device in response to a transaction request originating from the client device; combine the exchange key with a locally stored pass key to produce an authentication code; and compare a challenge key received from the client device to the authentication code to determine a match between the challenge key and the authentication code. A successful match between the challenge key and the authentication code may allow the client device to further access the industrial controller using a common industrial protocol (CIP), and a failed match between the challenge key and the authentication code may prevent the client device from further access to the industrial controller. | 2015-08-20 |
20150237037 | WEB INTEGRATION, TIMING, ACCESS, AND DISTRIBUTION CONTROL - The present disclosure provides systems and techniques for improved back-end integration of third-party content and an administrative framework allowing for user experience management for a computer-based environment. Described herein, for example, are approaches to improving secure access to multiple web-based systems, integrating web-based content, and controlling timing of web interaction. The problems addressed herein relate to coordinating access and delivery of web content from and to multiple sources and multiple users in an integrated and time-controlled manner. | 2015-08-20 |
20150237038 | FINGERPRINT BASED AUTHENTICATION FOR SINGLE SIGN ON - A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor. | 2015-08-20 |
20150237039 | DEVICE FINGERPRINT REGISTRATION FOR SINGLE SIGN ON AUTHENTICATION - A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor. | 2015-08-20 |
20150237040 | DEVICE AUTHENTICATION IN AD-HOC NETWORKS - Technologies are generally described for methods and systems effective to authenticate an invited device. In some examples, a method for authenticating an invited device may include receiving, by an evaluating device, a first message from the invited device. The evaluating device may receive the first message at a first receiving time. The method may also include receiving, by the evaluating device, a second message from the inviting device. The evaluating device may receive the second message at a second receiving time. A first sending time, of the first message, and a second sending time, of the second message, may be mutually synchronized. The method may also include determining a receiving time difference between the first receiving time and the second receiving time. The method may also include, by the evaluating device, authenticating the invited device based on the receiving time difference, the first message and the second message. | 2015-08-20 |
20150237041 | ATTRIBUTE-BASED ACCESS CONTROL - Attribute-based access control is performed across a first and a second security domain in a federated distributed processing environment. A security token received in the second security domain from a first service provider in the first security domain includes access control attributes. Access control information associated with a request to process an online transaction in the second security domain is received from an identity provider in the second security domain. The access control information is mapped into access control attributes compatible with a format of the access control attributes of the received security token. The mapped access control attributes are appended to the received security token to create a modified security token. The modified security token is signed with a certificate of a second service provider in the second security domain, and the modified security token is issued for consuming by any service provider in the second security domain. | 2015-08-20 |
20150237042 | AUTOMATIC ELEVATION OF SYSTEM SECURITY - A system for automatic setting of system security comprises an input interface and a processor. The input interface is configured to receive an indication to set a secure mode. The processor is configured to: determine whether the indication to set the secure mode comprises an indication to set a certificate mode; in the event that the indication to set the secure mode comprises an indication to set a certificate mode: 1) detect one or more connected systems for which to set the certificate mode; 2) select one or more certificates for the certificate mode; 3) update initialization files for the certificate mode; and 4) reinitialize local and one or more connected systems. | 2015-08-20 |
20150237043 | IMAGE PROCESSING APPARATUS, AND AUTHENTICATION PROCESSING METHOD IN THE SAME - An image processing apparatus includes a function executing unit that executes a plurality of functions including image processing and browsing, a panel that displays a screen associated with the functions of the function executing unit, an authentication unit that authenticates a user based on an input to the panel, a storing unit that associates an authentication token indicating success of authentication by the authentication unit with user privilege level of the authenticated user, and a browser that sends the authentication token stored in the storing unit to a Web server to access content managed by the Web server. | 2015-08-20 |
20150237044 | User Authentication of Applications on Third-Party Devices Via User Devices - In one embodiment, a first computing device receives an access token from a second computing device, the access token being generated by the second computing device for a specific software application executing on a specific computing device; stores the access token; receives a request for the access token from a software application executing on a third computing device; verifies whether the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated; and sends the access token to the third computing device only when the software application is the same as the specific software application and the third computing device is the same as the specific computing device for which the access token is generated. | 2015-08-20 |
20150237045 | METHOD AND SYSTEM FOR ENHANCED BIOMETRIC AUTHENTICATION - A method allows for the biometric authentication of at least a first and a second user jointly representing a first legal entity or individually representing a first and the second legal entity with at least a first mobile station. The method includes the steps of enrolment and authenticating the users before performing a transaction by transferring biometric data to the authentication server that were captured from the first and the second user and by comparing the biometric data of the users received from the mobile station with biometric data retrieved from the database. The result is the provision of the corresponding authentication results required for the execution of the transaction. | 2015-08-20 |
20150237046 | METHOD AND APPARATUS FOR USER AUTHENTICATION - An electronic device is provided including a biometric sensor, a memory, and a processor configured to: initiate a transaction with a server; receive an authentication request from the server; retrieve a biometric template stored in a secure portion of the memory in response to the authentication request; capturing a biometric sample using the biometric sensor; comparing the biometric template with the biometric sample; and transmitting to the server a message indicating an outcome of the comparison. | 2015-08-20 |
20150237047 | AUTHENTICATION FREQUENCY AND CHALLENGE TYPE BASED ON APPLICATION USAGE - An apparatus and method are disclosed for determining authentication frequency (i.e., the length of time between authenticating and re-authenticating a user) and challenge type (e.g., username/password, fingerprint recognition, voice recognition, etc.) based on what software applications a user is running on a data-processing system, and how those applications are being used (e.g., what functions are used, what data is input to or output by the application, how often and for how long applications are used, what input devices and output devices are used, etc.) Advantageously, the illustrative embodiment enables authentication frequency and challenge type to be adjusted based on the likelihood of malicious activity and/or the potential cost of malicious activity, as inferred from current and past application usage. In addition, the illustrative embodiment enables selection of an authentication challenge type that is less intrusive to a user based on current application usage. | 2015-08-20 |
20150237048 | IDENTITY VERIFICATION METHOD AND DEVICE - A method and a device, of identity verification are disclosed. The method includes: receiving by a server, an identity verification request seat, from a terminal, where the identity verification request contains a specified user identifier; based on a user relationship chain of the specified user identifier, obtaining a verified user information set which includes user's information on the user relationship chain; providing the verified user information set to the terminal, in order to subsequently receive returned selected user's information; determining whether the received selected users information from the terminal matches the user's information on the user relationship chain; if the selected user's information received matches the user's information on the user relationship chain, confirming that the identity verification being successful. To pass the identity verification, the only requirement is that the selected user's information received from the terminal matches the user's information on the user relationship chain. | 2015-08-20 |
20150237049 | DEVICE FINGERPRINT UPDATING FOR SINGLE SIGN ON AUTHENTICATION - A device fingerprinting system provides an additional factor of authentication. A user device may be redirected, along with user ID parameters, to authentication system. The user device may be sent instructions to execute that collect and send back device characteristic information to the authentication system. The authentication can create a unique fingerprint of the device, and determine if the fingerprint has been seen before. If seen before, the authentication system may send back an authentication token indicating the additional factor of authentication was a success. If the fingerprint has not been seen previously, the authentication system may conduct a one-time password authentication as the additional factor. If successful, the fingerprint may be stored in association with the user device for future authentication as an additional factor. | 2015-08-20 |
20150237050 | APPARATUS AND METHOD FOR PROVIDING HOME NETWORK ACCESS CONTROL - The present invention relates to controlling of an access for a device on home network middleware. The access control apparatus includes: an access control manager, a virtual device and a virtual device manager. The access control manager manages a list of authentication codes including an authorization level and authentication code for the device and a client requesting a service to the device; controls the access for the device by authenticating the client based on the list of authentication codes and checking whether the device control request is suitable for the authorization level of the client. The virtual device is generated in correspondence with the device to store device information and an encryption key required for encrypted communication with the device. The virtual device manager manages the virtual device corresponding to the device by checking the device periodically. | 2015-08-20 |
20150237051 | SYSTEM FOR ALLOCATING A WORK REQUEST - Embodiments of the present invention are directed to a system, method, and computer program product for allocating work requests. A system is configured to initiate the presentation of a first user interface to enable a first user to receive a work request received from a source; assign a category to the work request based on at least an objective and a priority level associated with the work request; and allocate the work request to a second user based on at least the category; transmit the allocated work request to the second user; initiate the presentation of a second user interface to enable a second user to retrieve the work request, and process the work request, wherein processing the work request further comprises addressing the work request based on at least the status and the priority level; and transmit the processed work request to third user for a quality assessment. | 2015-08-20 |
20150237052 | USER IDENTIFICATION BASED ACCESS CONTROL - A user's access to software applications installed on a device is limited by evaluating the context in which the user requests access to the application and determining, based on the context analysis, whether or not the user is to be given access to the application. When it is determined that the user requesting access is not a primary authorized user, the primary authorized user may be notified of the attempt to access the application. | 2015-08-20 |
20150237053 | FACILITATING THIRD PARTIES TO PERFORM BATCH PROCESSING OF REQUESTS REQUIRING AUTHORIZATION FROM RESOURCE OWNERS FOR REPEAT ACCESS TO RESOURCES - An aspect of the present disclosure facilitates third parties/server system to perform batch processing of requests requiring authorization from resource owners for repeat access to resources. In one embodiment, a server system/third party selects a next request from a batch of requests, with the next request requiring a protected resource (hosted on a second party) owned by a owner/user (first party). The server system checks whether an access token is present authorizing access of the protected resource by the server system on behalf of the owner. If the access token is not present, the server system communicates in an offline mode with the owner to receive the access token. The server system then processes the next request by accessing the protected resource using the present/received access token. | 2015-08-20 |
20150237054 | SYSTEM AND METHODS FOR AUTHORIZING OPERATIONS ON A SERVICE USING TRUSTED DEVICES - Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to perform an operation for a service; selecting, based on a database of trusted devices, a trusted device for authorizing the operation of the service; establishing a secure connection with the trusted device; sending to the trusted device via the secure connection a request to enter confidential information on the trusted device to authorize the operation of the service; receiving the confidential information from the trusted device; and determining whether to authorize the operation of the service based on the confidential information. | 2015-08-20 |
20150237055 | Network Access and Control for Mobile Devices - Systems, methods, and devices of the various embodiments enable content controls to be implemented by a modem of a mobile device to ensure the controls are implemented regardless of whether an application processor of the mobile device has been rooted. In an embodiment, content controls may be implemented by a modem or list component separate from the application processor when in a subsidized content delivery mode. In an embodiment, content controls may include a whitelist and/or a blacklist of IP addresses that addresses of content requests may be compared against to filter authorized content from unauthorized content. Content requests for authorized content may be sent to the content location, while content requests for unauthorized content may be dropped. In the various embodiments, a whitelist and/or blacklist may be updated on demand and/or automatically by a whitelist/blacklist management portal. | 2015-08-20 |
20150237056 | MEDIA DISSEMINATION SYSTEM - Methods and systems for providing content for a brand to an authorized party via a distributed computer system are disclosed. A plurality of content is curated for a brand wherein the plurality of content has been aggregated from data resulting from a search of a network that, at least in part, seeks out databases with an online profile for the brand. A request is received for a first content for the brand wherein the request is from an authorized party at a content application programming interface (API). The first content is identified among the plurality of content for the brand. The authorized party is provided with access to the first content via the content API. | 2015-08-20 |
20150237057 | METHOD FOR THE PROTECTED DEPOSIT OF EVENT PROTOCOL DATA OF A COMPUTER SYSTEM, COMPUTER PROGRAM PRODUCT AND COMPUTER SYSTEM - A method for the protected deposit of event protocol data of a computer system provides access control which prohibits access to event protocol data in the computer system and also performs:
| 2015-08-20 |
20150237058 | Multi-Function, Modular System for Network Security, Secure Communication, and Malware Protection - Representative embodiments are disclosed for providing network and system security. A representative apparatus includes an input-output connector coupleable to a data network; a network interface circuit having a communication port; a nonvolatile memory storing a configuration bit image; and a field programmable gate array (“FPGA”) coupled to the network interface circuit through the communication port, the FPGA configurable to appear solely as a communication device to the first network interface circuit, and to bidirectionally monitor all data packets transferred between the input-output connector and the first network interface circuit and any coupled host computing system. In another embodiment, the FPGA is further configurable for only a partial implementation of a communication protocol, such as a PCIe data link and/or physical layers. The FPGA may also monitor host memory and provide encryption and decryption functionality. The FPGA is not addressable within the computing system and therefore is largely undetectable by malware. | 2015-08-20 |
20150237059 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes a detector that detects an attack performed via a communication line, and a changing unit that changes a current attacked address of the information processing apparatus to an address different from the current attacked address if the attack is detected by the detector. | 2015-08-20 |
20150237060 | TARGET-BASED SMB AND DCE/RPC PROCESSING FOR AN INTRUSION DETECTION SYSTEM OR INTRUSION PREVENTION SYSTEM - A method performed in a processor of an intrusion detection/prevention system (IDS/IPS) checks for valid packets in an SMB named pipe in a communication network. In a processor configured as an IDS/IPS, a packet in a transmission is received and a kind of application of a target of the packet is determined. Also, the data in the packet is inspected by the IDS/IPS as part of the SMB named pipe on only one of a condition that: (a) the FID in an SMB command header of the packet is valid (i) for segments/fragments in the SMB named pipe and (ii) for the determined kind of application of the target of the packet, as indicated by a reassembly table, and (b) the determined kind of application of the target of the packet does not check the FID, as indicated by the reassembly table. | 2015-08-20 |
20150237061 | METHODS AND SYSTEMS FOR ANALYZING DATA RELATED TO POSSIBLE ONLINE FRAUD - Various embodiments of the invention provide methods, systems and software for analyzing data. In particular embodiments, for example, a set of data about a web site may be analyzed to determine whether the web site is likely to be illegitimate (e.g., to be involved in a fraudulent scheme, such as a phishing scheme, the sale of gray market goods, etc.). In an exemplary embodiment, a set of data may be divided into a plurality of components (each of which, in some cases, may be considered a separate data set). Merely by way of example, a set of data may comprise data gathered from a plurality of data sources, and/or each component may comprise data gathered from one of the plurality of data source. As another example, a set of data may comprise a document with a plurality of sections, and each component may comprise one of the plurality of sections. Those skilled in the art will appreciate that the analysis of another component may comprise certain tests and/or evaluations, and that the analysis of another component may comprise different tests and/or evaluations. In other cases, the analysis of each component may comprise similar tests and/or evaluations. The variety of tests and/or evaluations generally will be implementation specific. | 2015-08-20 |
20150237062 | Risk Meter For Vulnerable Computing Devices - Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities. | 2015-08-20 |
20150237063 | APPARATUS, SYSTEM, AND METHOD FOR CORRELATING SECURITY VULNERABILITIES FROM MULTIPLE INDEPENDENT VULNERABILITY ASSESSMENT METHODS - The present disclosure relates to methods for correlating security vulnerability assessment data from a network vulnerability assessment, a static application security test (SAST) assessment and/or a zero day vulnerability metadata source. | 2015-08-20 |
20150237064 | METHOD AND APPARATUS FOR PREDICTING THE IMPACT OF SECURITY INCIDENTS IN COMPUTER SYSTEMS - Systems or methods gather information within a network of computers regarding the distribution of documents to calculate the impact of a cyber security incident for a given computer. Specific embodiments analyze word usage within data files and to determine that data files are different versions of a document and use presence of documents on a given computer to determine the impact of a security breach at that computer. | 2015-08-20 |
20150237065 | Ordered Computer Vulnerability Remediation Reporting - Techniques for ranking a set of vulnerabilities of a computing asset and set of remediations for a computing asset, and determining a risk score for one or more computing assets are provided. In one technique, vulnerabilities of computing assets in a customer network are received at a vulnerability intelligence platform. Breach data indicating set of breaches that occurred outside customer network is also received. A subset of the set of vulnerabilities that are most vulnerable to a breach is identified based on the breach data. In another technique, multiple vulnerabilities of a computing asset are determined. A risk score is generated for the computing asset based on the vulnerabilities. In another technique, multiple remediations associated with a risk score and multiple vulnerabilities are identified. The remediations are ordered based on the remediations that would reduce the risk score the most if those remediations were applied to remove the corresponding vulnerabilities. | 2015-08-20 |
20150237066 | ARRANGEMENT CONFIGURED TO MIGRATE A VIRTUAL MACHINE IN THE EVENT OF AN ATTACK - An arrangement for use in managing resources of a plurality of computing devices in response to an attack, the arrangement comprising: an interface configured to receive an indication of a parameter associated with a first computing device of the plurality of computing devices; and a migration module configured to migrate a virtual machine, or part of a virtual machine, from the first computing device to a second computing device in response to the indication received by the interface, wherein the parameter includes an indicator of a symptom of an attack against the first computing device or a program operating on the first computing device. | 2015-08-20 |
20150237067 | METHOD AND APPARATUS FOR DETECTING ATTACK ON SERVER - The present invention discloses a method and apparatus for detecting an attack on a server. The method comprises: calculating interval time after a current request is received by the server, wherein the interval time is interval time between a time when a previous request is received and a time when the current request is received, or interval time between a time when a previous request, of a same type as a type of the current request, is received and the time when the current request is received, or interval time between a time when a previous response to the previous request, of the same type as the type of the current request is sent by the server and a time when a response to the current request is sent by the server; calculating a baseline moving average of interval time and a trigger moving average of interval time according to the calculated interval time, wherein the baseline moving average reflects a change of interval time in a long history period, and the trigger moving average reflects a change of interval time in a recent period; and when a ratio of the baseline moving average to the trigger moving average is larger than a first threshold, determining there is an attack on the server. | 2015-08-20 |
20150237068 | TARGETED ATTACK PROTECTION USING PREDICTIVE SANDBOXING - Provided herein are systems and methods for targeted attack protection using predictive sandboxing. In exemplary embodiments, a method includes retrieving a URL from a message of a user and performing a preliminary determination to see if the URL can be discarded if it is not a candidate for sandboxing. The exemplary method includes computing a plurality of selection criteria factors for the URL if the URL passes the preliminary determination, each selection criteria factor having a respective factor threshold. The method can further include determining if any of the selection criteria factors for the URL exceeds the respective factor threshold for the respective selection criteria factor. Based on the determining, if any of the selection criteria factors exceeds the factor threshold for the selection criteria factor, the exemplary method automatically processes the URL using a sandbox. | 2015-08-20 |
20150237069 | SEAMLESS SWITCHER FOR ANTI-REPLAY CONNECTIONS IN MULITPLE NETWORK PROCESSOR SYSTEMS - Various exemplary embodiments relate to a method, network node, and non-transitory machine-readable storage medium including one or more of the following: receiving, at the network device, an ownership indication that a first network processor is currently serving an anti-replay connection; and in response to receiving the ownership indication, effecting a presetting in a second network processor of a current sequence number (SN) for the anti-replay connection to a first value that is greater than or equal to a re-key threshold value, wherein the network device includes at least one of the first network processor and the second network processor wherein the re-key threshold value is a value beyond which an SN triggers re-keying of the anti-replay connection, and wherein the second network processor utilizes the current sequence number upon beginning to serve the anti-replay connection. | 2015-08-20 |
20150237070 | SYSTEMS AND METHODS FOR APPLYING DATA LOSS PREVENTION POLICIES TO CLOSED-STORAGE PORTABLE DEVICES - A computer-implemented method for applying data loss prevention policies to closed-storage portable devices may include (1) injecting a data loss prevention component into at least one application process that is running on a computing device, (2) intercepting, via the data loss prevention component, an attempt by the application process to transfer a file to a closed-storage portable device that is connected to the computing device, (3) identifying a data loss prevention policy that applies to the attempt by the application process to transfer the file, (4) determining that the attempt by the application process to transfer the file violates the data loss prevention policy, and (5) performing a security action in response to determining that the attempt by the application process to transfer the file violates the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed. | 2015-08-20 |
20150237071 | NETWORK SECURITY SYSTEMS AND METHODS - This disclosure relates to systems and methods for managing connected devices and associated network connections. In certain embodiments, trust, privacy, safety, and/or security of information communicated between connected devices may be established in part through use of security associations and/or shared group tokens. In some embodiments, these security associations may be used to form an explicit private network associated with the user. A user may add and/or manage devices included in the explicit private network through management of various security associations associated with the network's constituent devices. | 2015-08-20 |
20150237072 | UNIFIED POLICY OVER HETEROGENOUS DEVICE TYPES - A system and method are disclosed for enforcing a normalized set of policy-based behaviors across two or more disparate client devices. The policy definition can be a common description of expected behavior, while a client-side policy engine interprets and implements platform specific details associated with the client. In one embodiment, a client device receives a generic policy definition from a network. The generic policy definition is applicable to disparate device types having different hardware and/or software platforms. A client policy engine can analyze the generic policy definition, compare it to client-side applications or functions and make intelligent decisions on how to apply the policy for the specific client. | 2015-08-20 |
20150237073 | METHOD AND SYSTEM FOR MANAGING SECURITY POLICIES - A system and method of managing security policies in an information technologies (IT) system are provided. In an example, the method includes receiving an input indicating a high-level security policy for the IT system, the received high-level security policy relating to non-functional system attributes for the IT system and received in a format that is not machine-enforceable at an enforcement entity of the IT system. A functional model for the IT system is determined, where the functional model indicates functional system attributes of the IT system. At least one pre-configured rule template is loaded, and at least one machine-enforceable rule is generated in a manner compliant with the received high-level security policy by iteratively filling the at least one pre-configured rule template with functional system attributes indicated by the functional model. After the generating step, the at least one machine-enforceable rule can be distributed (e.g., to an enforcement entity, an Intrusion Detection System (IDS), etc.). In another example, the receiving, determining, loading, generating and distributing steps can be performed at a policy node within an IT system. | 2015-08-20 |
20150237074 | ROLE-BASED ATTRIBUTE BASED ACCESS CONTROL (RABAC) - Systems and methods are disclosed for receiving an access request from a user device, the access request including an identity claim for a user; evaluating a risk of access based on matching an attribute of the user device with attributes stored in a user information database; authenticating the access request based on the identity claim and the risk evaluation to determine an authentication confidence level; generating a token based on the confidence level and the attribute matched; producing an authorization response based on inputs from the token, a risk based access control, a role based access control, and an attribute based access control, in which the authorization response determines whether to allow access to a system, deny access to the system, or request additional input from the user device. | 2015-08-20 |
20150237075 | TRANSMISSION SYSTEM, METHOD AND PROGRAM - A transmission system for managing communication between a first terminal and a second terminal includes a reception unit configured to receive request information from the first terminal, the request information indicating a category of a request of a first user of the first terminal; and a transmission unit configured to transmit an output request to the second terminal. The second terminal outputs image data to be displayed on the first terminal according to the category of the request of the first user of the first terminal upon receiving the output request. | 2015-08-20 |
20150237076 | INTERNET BASED TELEPHONE LINE - In one embodiment, a telephone service method that provides subscribers with the functionality of an extra telephone line during data/Internet sessions is disclosed. Each subscriber has a unique telephone number Dns that can be dialed by anyone with access to the PSTN. When the Dns is dialed the call will be routed via the PSTN to the ILTD server. The ILTD server upon receiving the call attempt from the Dnc will analyze the dialed number (Dns) and determine if the subscriber's computer is able to receive the telephone call. If the subscriber's computer is actively engaged in an Internet Protocol session, with the ILTD client software running, the ILTD server will connect the call over the Internet to the ILTD client software. | 2015-08-20 |
20150237077 | ADAPTIVE MEDIA SHARING - Systems, methods, and devices are provided that enable adaptive media sharing among a group of communication devices. In one embodiment, unique URLs may be associated with each version of a media payload provided to a group of devices. In another embodiment, media payloads may be transcoded and a unique URL may be associated with each transcoded version of the media payload provided to a group of devices. In another embodiment, a determination about a most active of a user's devices may be used in sharing the media with a user associated with a plurality of devices. In another embodiment, a determination about a cost of downloading may facilitate the sharing of media with a user associated with a plurality of devices. In another embodiment, a determination about link quality may facilitate the sharing of media with a user associated with a plurality of devices. | 2015-08-20 |
20150237078 | METHOD AND APPARATUS FOR PLAYLIST SYNCHRONIZATION - The present application is applicable to the field of network technologies, and provides method and apparatus for playlist synchronization, where the method includes: detecting a user operation on a playlist of multimedia documents at a first terminal; generating an operation code according to the user operation on the playlist, the operation code including an identifier of the playlist; extracting identification information, the identification information including a user identifier and a globally unique identifier (GUID) of the first terminal; and sending the operation code and the identification information to the server, wherein the server is configured to identify a second terminal according to the operation code and the identification information and send the operation code to the second terminal such that the second terminal can perform a synchronization operation to a playlist of multimedia documents at the second terminal according to the operation code. | 2015-08-20 |
20150237079 | DEVICE WITH TV PHONE FUNCTION, NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM, AND CONTROL METHOD OF DEVICE WITH TV PHONE FUNCTION - A device and methods are disclosed. A call control module transmits a moving image captured by a photographing module and sound input by a sound input module to a communication partner device via a communication module, when the communication module receives a moving image from the communication partner device by the communication module, displays the received moving image in a display area set on a display surface, when the communication module receives sound from the communication partner device by the communication module, outputs the received sound from the sound output module, and outputs a transmission restraint signal for restraining transmission of a moving image to the communication partner device, when a first determination condition for use in judging that a user is not watching a moving image displayed in the display area is satisfied. | 2015-08-20 |
20150237080 | Method for Quickly Obtaining Decision Advice From Several People - A method for obtaining decision advice from a set of confidants comprises the steps of receiving a plurality of user inputs on a source communication device from a user to generate a pending decision, receiving at least one user input on the source communication device to select one or more confidants from the set of confidants, posting the user inputs to an application server that is being coupled with an application of the source communication device via at least one network, sending the user inputs to other communication devices associated with the one or more confidants, receiving a set of selections from at least one confidant and posting a message that indicates the user has made a decision. The user inputs are defined as a set of choices including at least one of a set of images and a set of text characters. | 2015-08-20 |
20150237081 | WIDE AREA AGGREGATED COMMUNICATIONS - Methods, systems, and techniques for federating operations, in an optimized way using wide area networks are provided. Example systems provide an API for generating and handling federated requests as an aggregation. In one example Wide Area Network Aggregation System, WANAS provides an API, a connection manager, and connection iterators to manage inter-site connections and requests, and inter-pod requests and messaging. These components cooperate to distribute a task across multiple physically disparate sites using a representative connection to the site and fan out of requests to other pods within the site. | 2015-08-20 |
20150237082 | DYNAMICALLY ENABLING AN INTERACTIVE ELEMENT WITHIN A NON-INTERACTIVE VIEW OF A SCREEN SHARING SESSION - A non-interactive screen sharing session executing within a computing device can be identified. The device can be communicatively linked to different computing devices of the screen sharing session. The contents of the remote screen buffer can be analyzed to determine a graphical representation of a Uniform Resource Locator (URL) within the contents prior to presenting the contents of the buffer within the device. A visible information item can be extracted and a non-visible reference can be established from the representation. An area surrounding the representation including a position and dimensions of the representation within the contents can be determined. The representation of the URL can be replaced with an interactive element in real-time. The element can include the visible and non-visible reference. The contents of the buffer can be presented within an interface associated with the session of the device, responsive to the replacing. | 2015-08-20 |
20150237083 | METHOD FOR DISPLAYING OBJECT IN TIMELINE AREA, OBJECT DISPLAY DEVICE, AND INFORMATION RECORDING MEDIUM HAVING RECORDED THEREON PROGRAM FOR IMPLEMENTING SAID METHOD - A method for displaying objects on a timeline area does not lower user retention and can increase the CVR. The present disclosure provides a method for displaying objects on a timeline area, including the steps of an object display device that manages a timeline of communication messages for a user of a Web service determining whether the user has taken an action within a predetermined time period on the timeline area of the Web service, displaying a first object on the timeline area when determining that the user has not taken the action, and displaying a second object that differs from the first object on the timeline area when determining that the user has taken the action. | 2015-08-20 |
20150237084 | DYNAMICALLY ENABLING AN INTERACTIVE ELEMENT WITHIN A NON-INTERACTIVE VIEW OF A SCREEN SHARING SESSION - A non-interactive screen sharing session executing within a computing device can be identified. The device can be communicatively linked to different computing devices of the screen sharing session. The contents of the remote screen buffer can be analyzed to determine a graphical representation of a Uniform Resource Locator (URL) within the contents prior to presenting the contents of the buffer within the device. A visible information item can be extracted and a non-visible reference can be established from the representation. An area surrounding the representation including a position and dimensions of the representation within the contents can be determined. The representation of the URL can be replaced with an interactive element in real-time. The element can include the visible and non-visible reference. The contents of the buffer can be presented within an interface associated with the session of the device, responsive to the replacing. | 2015-08-20 |
20150237085 | CREATION, SHARING AND EMBEDDING OF INTERACTIVE CHARTS - Systems and methods for generating and sharing interactive charts are described. The interactive charts are generated in an online portal that allows users to customize the interactive features of the chart. An online portal may also be provided to allow users to automatically embed interactive chart(s) in another website without reprogramming the code of the website each time the interactive chart(s) are changed or new interactive chart(s) are added. | 2015-08-20 |
20150237086 | Local Media Rendering - Local media rendering of a multi-party call, performed by a Client User Equipment. The media is encoded by each party in the call, and sent as a media stream to a Media server, and the media server receives a request for media streams from each Client User Equipment, each media stream in the request associated with a client priority. The Media server selects the media streams to send to each Client User Equipment, based on the request, and further such that the number of streams does not exceed a determined maximum number, which is based, e.g., on the available bandwidth. | 2015-08-20 |
20150237087 | ONLINE ADDRESS BOOK WITH MULTI-USE INPUT BAR AND PROFILE BOOKMARKING - An online address book is configured to include a multi-user input bar to receive search terms intended to match contacts existing in a user's contact list. If a search term does not match any entry in the current contact list the search is extended by the multi-user input bar to include further candidate contacts. Candidate contacts are acquired through social profiles available from a set of networking sites linked-to over the Internet. A candidate contact that does match the search term is added to the contact list with a public profile whose contents are populated with contact data acquired from social profiles available through the networking sites. This practice of profile bookmarking may be applied iteratively across candidate contacts from various networking sites to build an extensive public profile. | 2015-08-20 |
20150237088 | Tagging Users of a Social Networking System in Content Outside of Social Networking System Domain - Users of a social networking system can tag other users in content items that are provided outside of the social networking system, such as pictures that are viewable on a website that is external to the social networking system. To enable a user to tag another user in a content item, an external system provides a user interface that enables the user to tag another user, optionally define a portion of the content item in which the tagged user appears, and provide an identity of the tagged user. The external system communicates with the social networking system to provide the tagging information to the social networking system. The tagging information is received by the social networking system, which imports the content item and displays the content item with the tagging information to other users in the social networking system. | 2015-08-20 |
20150237089 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS, AND METHOD OF PROGRAM UPDATE - A communication system is provided that includes a communication terminal that stores at least one program and a plurality of update apparatuses that provide update data for updating the program to the communication terminal. The communication terminal includes a memory that stores update apparatus information associated with communication bandwidth information, and processing circuitry that calculates an actual bandwidth obtained from a previous downloading of previous update data, determines an update apparatus for downloading next update data based on the calculated actual bandwidth and the update apparatus information stored in the memory, and downloads the next update data from the determined update apparatus. | 2015-08-20 |
20150237090 | STREAMING OF VARIABLE LENGTH CONTENT SEGMENTS - A content management system streams variable length segments of content items to client devices. The content management system stores a content item and makes the item available for access by one or more client devices. When a client device requests the content item from the content management system, the content management system sends the content item to the device by streaming the content item in segments. Specifically, the content management system partitions the content item into a sequence of variable length segments. An initial portion of the sequence includes rapid start segments that are configured as being the smallest segments in length from the sequence. A subsequent portion of the sequence includes the remaining segments having longer length(s). The content management system streams the segments to the client device in sequential order and in a streaming format. | 2015-08-20 |
20150237091 | Real-Time Transcode Transfer Method and System Based on HTTP under DLNA - Disclosed is a real-time transcode transfer method based on HTTP under DLNA, including: matching playing capability information with media item resource information, and according to the matching result, acquiring data of multimedia content from a digital media server. Also disclosed is a real-time transcode transfer system based on the HTTP under the DLNA. The present document can be used to realize the real-time transcoding of multimedia content and the real-time rebroadcasting of live stream based on the HTTP under the DLNA. | 2015-08-20 |
20150237092 | NETWORK CONDITION PREDICTIONS FOR MULTIMEDIA STREAMING - Network condition prediction and multimedia streaming consumption prediction are provided. The prediction may be based on a device's prior location, behavior, and statistics thereof. By gathering location data from users anonymously and securely, a virtual location network with millions of nodes are provided. Each virtual location, at a given time, is stored with associated network metrics gathered from various devices in a database. The database may comprise a probabilistic model and a behavioral model tracking device metrics. | 2015-08-20 |
20150237093 | ELECTRONIC MEDIA DISTRIBUTION SYSTEM - A system and method for sharing electronic content. A sending user can specify one or more criteria that a recipient memory device must have to store the content. The sending user can also specify a digital rights management control that can be associated with the content. The content can be transferred to the recipient if the recipient memory device has the specified properties. Software at the recipient can ensure that the content is handled in accordance with the digital rights management controls specified by the sender. | 2015-08-20 |
20150237094 | Method and Arrangement for Adaption in HTTP Streaming - A method of controlling adaptive HTTP streaming of media content between a HTTP server and a HTTP client in a communication system, in which system media content is arranged as a plurality of periods, and each such period comprises a plurality of representations of media segments, which method includes the steps of providing temporal alignment information for the media segments of the plurality of representations, which temporal alignment information provides indications about a temporal relation between the segments of the plurality of representations of the media content. Further, the method includes providing key frame location information for the media segments, which key frame location information provides indications about locations of key frames in the media segments of the plurality of representations. Finally, controlling adaptation of the HTTP streaming of the media content based on at least one of the provided temporal alignment information and the provided key frame location information. | 2015-08-20 |
20150237095 | METHOD AND APPARATUS FOR INSTANT PLAYBACK OF A MOVIE - Method and systems for classifying and segmenting a file or a collection of media data are disclosed. According one aspect, each title in a library of titles are divided into a header and a plurality of segments. Furthermore, a library of titles is categorized into a first band and a second band, based on popularity. Titles in the first band are more popular and segments of the titles are distributed to all subscriber units. Titles in the second band are less popular and only a percentage of the segments of titles in the second band are distributed to each subscriber unit. In some embodiments, each subscriber unit has segments of approximately five percent of titles in the second band. The header of each title is distributed to each subscriber unit. When a subscriber unit requests a title, an instruction is made to a set of subscriber units that have segments of the title to distribute the segments to the requesting subscriber unit. Other embodiments are disclosed. | 2015-08-20 |
20150237096 | ASYNCHRONOUS AUDIO AND VIDEO IN AN ENVIRONMENT - Embodiments of an electronic system for asynchronous audio and video in and environment includes a server with a connection to a wireless access point or a personal digital device that communicates with the server through the wireless access point. The server receives and stores an audio track that is to accompany a public display. The personal digital device acts as a client to the server. A user interface enables a user of the personal digital device to request an audio track corresponding to the public display. The server initiates a stream of the requested audio track to be wirelessly transmitted to and received by the personal digital device. The personal digital device plays at least some of the requested audio track to the user. | 2015-08-20 |
20150237097 | Display Protocol Interception in the Network for Services and Network-Based Multimedia Support for VDI - An apparatus and related method are provided for improving the performance of virtual desktop services. A network device is deployed in a network to intercept packets of a control session initiated by a client with a connection broker to obtain data from a host. The network device initiates a new control session to the connection broker on behalf of the client. The network device receives host information from the connection broker, replaces address information of the network device for the host information in a control session message and sends the control session message to the client. The network device establishes a data session with the client, initiates a data session with the host on behalf of the client and relays data between the data session with the host and the data session with the client such that the network device is transparent to the client and the host. | 2015-08-20 |