36th week of 2019 patent applcation highlights part 47 |
Patent application number | Title | Published |
20190273674 | TEST SYSTEM AND METHOD FOR TRIGGERING OR SEARCHING IN INPUT DATA DECODED WITH A USER DEFINED PROTOCOL - A test system for triggering or searching in input data decoded with a user defined protocol is provided. The test system comprises a processor and a display. The processor is configured to control the display to display a graphical user interface (GUI), and to receive input data. The GUI is configured to provide an input structure for a user to define protocol layer frames for decoding the input data. Based on the defined protocol layer frames, the processor is configured to generate a set of trigger or search options, and to control the display to display the set of trigger or search options. | 2019-09-05 |
20190273675 | HARDWARE ARCHITECTURE FOR UNIVERSAL TESTING SYSTEM: CABLE MODEM TEST - A hardware architecture for a universal testing system used for performing tests on cable modem devices (OUT) is disclosed. According to certain embodiments, a CMTS test harness enables the DUT to respond to test phone calls from the MOCA interface and which test phone calls terminate at the DUT's phone port. | 2019-09-05 |
20190273676 | MSDC SCALING THROUGH ON-DEMAND PATH UPDATE - In one embodiment, a copy of an original packet of a traffic flow is created at an ingress leaf node of a cloud switch. The ingress leaf node forwards the original packet along a less-specific path through the cloud switch, the less-specific path based on a domain index of an egress domain for the original packet. The copy of the original packet is modified to create a more specific path learn request packet. The ingress leaf node forwards the more specific path learn request packet along the less-specific path through the cloud switch. The ingress leaf node received back a more specific path learn request reply packet that includes an indication of a fabric system port. The ingress leaf node then programs a forwarding table based on the indication of the fabric system port, to have subsequent packets of the traffic flow forwarded along a more-specific path. | 2019-09-05 |
20190273677 | TRAFFIC ACTIVITY- BASED SIGNALING TO ADJUST FORWARDING BEHAVIOR OF PACKETS - The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software defined network (SDN). In one embodiment, a system may include a communications interface configured to receive a plurality of ingress packets. A forwarding subsystem may match a subset of the plurality of ingress packets with the data flow and forwarding the subset of the plurality of ingress packets based on a first instruction set associated with the data flow. A statistical information subsystem may update a meter count associated with the subset of the plurality of ingress packets matched with the data flow. A logic engine configured to determine that the meter count fails to satisfy a threshold, change a port link state based on the failure to satisfy the threshold; and transition from the first instruction set to a second instruction set associated with the flow data. | 2019-09-05 |
20190273678 | METHOD AND DEVICE FOR FORWARDING PACKET - Provided is a method and a device for forwarding a packet. The method includes: receiving, by a first node, a packet to be forwarded, where a destination address of the packet is a second node; searching, by the first node, a plurality of pre-generated paths for a target path corresponding to the packet, where the plurality of pre-generated paths include a first path, a second path and a third path; searching, by the first node, a plurality of pre-generated segment lists for a target segment list corresponding to the target path when the target path is one of the first path or the second path; and searching, by the first node, the target path for a next hop node for forwarding to the second node and forwarding the packet to the next hop node according to the target segment list. | 2019-09-05 |
20190273679 | Using PCE as SDN Controller - Embodiments relate generally to systems and methods for transitioning a system from a tradition network to a Software Defined Network (SDN) enabled network. In some embodiments, the systems and methods may comprise the use of a Path Computation Element (PCE) as a central controller. Smooth transition between traditional network and the new SDN enabled network, especially from a cost impact assessment perspective, may be accomplished using the existing PCE components from the current network to function as the central controller of the SDN network is one choice, which not only achieves the goal of having a centralized controller to provide the functionalities needed for the central controller, but also leverages the existing PCE network components. | 2019-09-05 |
20190273680 | EXPOSING A SUBSET OF HOSTS ON AN OVERLAY NETWORK TO COMPONENTS EXTERNAL TO THE OVERLAY NETWORK WITHOUT EXPOSING ANOTHER SUBSET OF HOSTS ON THE OVERLAY NETWORK - Techniques for exposing a subset of hosts on an overlay network, without exposing another subset of hosts on the overlay network, are disclosed. A component associated with an overlay network exposes a subset of hosts on the overlay network to components external to the overlay network. The component exposes the subset of hosts by distributing a mapping between (a) the hosts to-be-exposed and (b) the substrate addresses associated with the hosts. Alternatively, a component external to an overlay network exposes a subset of hosts on the overlay network to additional components external to the overlay network. The component exposes the subset of hosts by distributing a mapping between (a) the hosts to-be-exposed and (b) a substrate address associated with the particular component. In either embodiment, a mapping for hosts to-be-hidden is not distributed. | 2019-09-05 |
20190273681 | Adding multi-tenant awareness to a network packet processing device on a Software Defined Network (SDN) - “Multi-tenant awareness” is added to a set of one or more packet processing devices in a Software Defined Network (SDN) having a controller. For each of one or more tenants, information in a table associates network protocol address attributes with an Internet Protocol (IP) address unique to the tenant. The table is associated with a multiple-layer translation layer being managed by the SDN controller. As a data packet traverses the translation layer, network protocol address attributes are translated according to values in the table to enable logical routing of the packet (to a given PPD. This translation occurs dynamically (or “on-the-fly”) as packets are “on route” to their destination. By implementing a multi-layer network address translation (NAT), one layer may be used to translate network protocol address source attributes, while a second layer may be used to translate network protocol address destination attributes. | 2019-09-05 |
20190273682 | METHOD AND SYSTEM FOR MANAGING NETWORK COMMUNICATIONS - A system that incorporates teachings of the present disclosure may include, for example avoiding data copy and task switching by processing protocol headers of network PDUs as a serial tape to be processed in order such as by a single method. Other processing includes reducing stages and simplifying protocol processing and multiplexing during network communications. Address changing in an active network can be implemented by assigning multiple addresses to an entity so that a new address can replace the old address. Peer-to-peer application searching can be performed among networks that can be accessible or non-accessible networks. Utilizing anycast sets that include selected and alternative addresses to enable immediate or near immediate alternative route selection on failure or congestion. Other embodiments are disclosed. | 2019-09-05 |
20190273683 | GENERIC COMMUNICATION CHANNEL FOR INFORMATION EXCHANGE BETWEEN A HYPERVISOR AND A VIRTUAL MACHINE - Certain embodiments described herein are generally directed to configuring a generic channel for exchanging information between a hypervisor and a virtual machine run by the hypervisor that resides on a host machine. In some embodiments, the generic channel represents a network or communication path enabled by a logical switch that connects a HyperBus running on the hypervisor and a node agent running on the virtual machine. In some embodiments, network traffic handled by the generic channel is isolated from incoming and outgoing network traffic between the virtual machine and one or more other virtual machines or hosts. | 2019-09-05 |
20190273684 | Call Admission Control and Preemption Control Over a Secure Tactical Network - In a secure network where the network characteristics are not known, a call admission control algorithm and a preemption control algorithm based on a destination node informing the source node of the observed carried traffic are used to regulate the amount of traffic that needs to be preempted by the source. The amount of traffic that needs to be preempted is based on the carried traffic measured at the destination node. The traffic to be preempted is based on the priority of the traffic, where the lowest priority traffic is the first to be preempted until the amount of traffic preempted is sufficient to allow the remaining traffic to pass through the network without congestion. | 2019-09-05 |
20190273685 | ADAPTIVE PRIVATE NETWORK ASYNCRHONOUS DISTRIBUTED SHARED MEMORY SERVICES - A highly predicable quality shared distributed memory process is achieved using less than predicable public and private internet protocol networks as the means for communications within the processing interconnect. An adaptive private network (APN) service provides the ability for the distributed memory process to communicate data via an APN conduit service, to use high throughput paths by bandwidth allocation to higher quality paths avoiding lower quality paths, to deliver reliability via fast retransmissions on single packet loss detection, to deliver reliability and timely communication through redundancy transmissions via duplicate transmissions on high a best path and on a most independent path from the best path, to lower latency via high resolution clock synchronized path monitoring and high latency path avoidance, to monitor packet loss and provide loss prone path avoidance, and to avoid congestion by use of high resolution clock synchronized enabled congestion monitoring and avoidance. | 2019-09-05 |
20190273686 | EVENT-BASED FLOW CONTROL IN SOFTWARE-DEFINED NETWORKS - A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation during defined event windows. The event window(s) may be defined by start event inputs and stop event inputs. The event inputs may include, without limitation, a combination of parameter-based inputs and/or temporal inputs. In one specific embodiment, the networking device detects a network event and modifies a network operation profile for a preset time period and/or until an interrupt or stop event is detected. | 2019-09-05 |
20190273687 | DETERMINING CONNECTIONS OF A NETWORK BETWEEN SOURCE AND TARGET NODES IN A DATABASE - In an embodiment of the invention, a system determines connections between source and target nodes in a network by determining edges with common nodes between the source and target nodes within the network for each of one or more hops. Each determined edge links a pair of nodes in a network path between the source and target nodes. The system removes certain edges from the determined edges to produce a resulting set of edges. In particular, each removed edge is an edge that includes a node within a loop in the network or is an edge that is unconnected to another edge. The system determines connections between the source and target nodes based on the resulting set of edges. Embodiments of the present invention further include a method and computer program product for determining connections between source and target nodes in a network in substantially the same manners described above. | 2019-09-05 |
20190273688 | EFFICIENT POLICY ENFORCEMENT FOR DOWNLINK TRAFFIC USING NETWORK ACCESS TOKENS - CONTROL-PLANE APPROACH - A gateway device detects a trigger associated with a device and, in response, identifies an application service associated with the device, obtains a traffic network policy associated with the application service, and obtains a network access token based on the traffic network policy. The network access token facilitates validating and/or mapping a downlink data packet obtained at the gateway device in user-plane traffic that is destined for the device. The network access token is sent to an entity in control-plane signaling. Subsequently, the gateway device obtains a downlink data packet including the network access token. The gateway device verifies the network access token and/or maps the downlink data packet to the device using data obtained from the network access token. The network access token may be removed from the downlink data packet before the downlink data packet is sent to the device according to the mapping. | 2019-09-05 |
20190273689 | EQUATION-BASED RATE CONTROL USING NETWORK DELAY FOR VARIABLE BITRATE SCENARIOS - Technologies are described for performing equation-based rate control using delay. For example, an observed network data rate and a network delay can be obtained for a network communication. A target network data rate can be calculated using the observed network data rate and the network delay. The target network data rate is calculated using an equation-based approach. For example, the equation-based rate control can set the target network data rate to a value that is directly proportional to the observed network data rate and inversely related to the network delay. The target network data rate is used to set the bitrate for the network communication. | 2019-09-05 |
20190273690 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD - A communication device: stores flow condition information for identifying a flow and flow counter information that indicates, for each flow, an input flow volume of a flow inputted to the communication device, and an output flow volume of a flow outputted by the communication device; identifies a flow to which data inputted to the communication device belongs, with reference to the flow condition information; updates the input flow volume of the flow in the flow counter information; identifies a flow to which data outputted by the communication device belongs, with reference to the flow condition information; updates the output flow volume of the flow in the flow counter information; and identifies a flow in which a communication anomaly has occurred on the basis of results of a comparison process for comparing the input flow volume to the output flow volume with reference to the flow counter information. | 2019-09-05 |
20190273691 | TIME-BASED NETWORK OPERATION PROFILES IN A SOFTWARE-DEFINED NETWORK - A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. The first and second network operation profiles are stored within a memory of the networking device to be selectively implemented during different time periods based on a precision time input via a precision time input port on the networking device. In some embodiments, the networking device may detect a network event and implement a network operation profile for a preset time period based on the precision time input. | 2019-09-05 |
20190273692 | HANDLING PATH ISSUES FOR STORAGE COPY SERVICES - A method for determining path health to conduct a plurality of Input-Output (IO) operations along a healthy path in a network is provided. The present invention may include receiving an IO request from a user and sending the received IO request on a first path. The present invention may include determining a first IO response has exceeded a threshold time on the first path. The present invention may include determining the first path has degraded based on the exceeded threshold time. The present invention may include generating a duplicate IO request and sending on a second path. The present invention may include receiving the duplicated IO response before receiving the original IO response. The present invention may include determining a health state associated with the slower path. The present invention may include refreshing a path state machine based on the determined health state associated with the slow path. | 2019-09-05 |
20190273693 | TECHNOLOGIES FOR PACING NETWORK PACKET TRANSMISSIONS - Technologies for pacing network packet transmissions include a computing device. The computing device includes a compute engine and a network interface controller (NIC). The NIC is to select a first transmit descriptor from a window of transmit descriptors. The first transmit descriptor is associated with a packet stream. The NIC is also to identify a node of a plurality of nodes of a hierarchical scheduler. The node is associated with the selected first transmit descriptor. The NIC is also to determine whether the identified node has a target amount of transmission credits available and transmit, in response to a determination that the identified node has a target amount of transmission credits available, the network packet associated with the first transmit descriptor to a target computing device. | 2019-09-05 |
20190273694 | ADJUSTABLE BIT MASK FOR HIGH-SPEED NATIVE LOAD BALANCING ON A SWITCH - In an example, a network switch is configured to natively act as a high-speed load balancer. Numerous load-balancing techniques may be used, including one that bases the traffic “bucket” on a source IP address of an incoming packet. This particular technique provides a network administrator a powerful tool for shaping network traffic. For example, by assigning certain classes of computers on the network particular IP addresses, the network administrator can ensure that the traffic is load balanced in a desirable fashion. To further increase flexibility, the network administrator may apply a bit mask to the IP address, and expose only a portion, selected from a desired octet of the address. | 2019-09-05 |
20190273695 | LATENCY REDUCTION WITH PRE-MOVING OF DISTRIBUTED DATA AND ADAPTIVE ALLOCATING OF COMPUTE OPERATIONS - Latency in responding to queries directed to geographically distributed data can be reduced by allocating individual steps, of a multi-step compute operation requested by the query, among the geographically distributed computing devices so as to reduce the duration of shuffling of intermediate data among such devices, and, additionally, by pre-moving, prior to the receipt of the query, portions of the distributed data that are input to a first step of the multistep compute operation, to, again, reduce the duration of the exchange of intermediate data. The pre-moving of input data occurring, and the adaptive allocation of intermediate steps, are prioritized for high-value data sets. Additionally, a threshold increase in a quantity of data exchanged across network communications can be established to avoid incurring network communication usage without an attendant gain in latency reduction. | 2019-09-05 |
20190273696 | ROUTER FABRIC - A router fabric for switching real time broadcast video signals in a media processing network includes a logic device configured to route multiple channels of packetized video signals to another network device, a crossbar switch configured to be coupled to a plurality of input/output components and to switch video data of the multiple channels between the logic device and the plurality of input/output components in response to a control instruction, and a controller configured to map routing addresses for each video signal relative to the system clock, and to send the control instruction with the mapping to the crossbar switch and the logic device. | 2019-09-05 |
20190273697 | Data Migration Method and Apparatus - The present application relates to a data migration method and an apparatus, which are applied to a scenario in which a user plane gateway communicating with a terminal is changed from a source user plane gateway to a target user plane gateway. The target user plane gateway receives an address of the terminal from a control plane gateway, obtains an Ethernet data packet based on the address of the terminal, and sends the Ethernet data packet to an Ethernet interface, so that a switch obtains the Ethernet data packet through the Ethernet interface, and updates a MAC address table based on the Ethernet data packet. Thus, the switch updates the MAC address table in a timely manner, and the switch can send, through a correct port based on an updated MAC address table, downlink data to the terminal, to effectively prevent a loss of the downlink data. | 2019-09-05 |
20190273698 | MULTICAST CHANNEL CONTROL INFORMATION - The present disclosure relates to a technique for configuring transmission of a multicast channel carrying scheduling information and data belonging to one or more multicast services, the scheduling information indicating scheduling of the multicast services mapped to the multicast channel. A method embodiment comprises the steps of configuring ( | 2019-09-05 |
20190273699 | GRACEFUL DESIGNATED ROUTER HANDOFF - In one embodiment, a first Protocol Independent Multicast (PIM) router includes port interfaces to receive multicast traffic from a first network and forward the traffic to at least one receiver, which is in a sub-network including other PIM routers, and a routing processor configured, in response to a decision for the first PIM router to relinquish being a designated router, to generate a PIM Hello message with a first option descriptor and a first priority, the first option descriptor indicating a staggered handoff process, and send the PIM Hello message, receipt of the PIM Hello message by the other PIM routers being operative to result in a designated router election electing a new designated router, the new designated router being operative to initiate the staggered handoff process causing the first PIM router to continue forwarding traffic until the new designated router has built a multicast routing tree. | 2019-09-05 |
20190273700 | Adding a Network Port to a Network Interface Card Via NC-SI Embedded CPU - A host computer is linked to a network interface controller having a plurality of network ports connectable to a data network. The network interface controller has an embedded central processing unit, a host interface linked to the host central processing unit, a sideband interface and a baseboard management controller linked to the network interface controller via the sideband interface. The baseboard management controller connects to a management network via the management network port. The embedded central processing unit in the network interface controller is linked to a datacenter manager via the management network port of the baseboard management controller, enabling the datacenter manager to instruct the embedded central processing unit to control data flows in the network interface controller between the host interface and the data network. | 2019-09-05 |
20190273701 | MULTI-PROFILE CHAT ENVIRONMENT - A multi-profile chat system may receive a chat request comprising a user identifier and chat data. The system may process the chat data to determine a chat profile request, a request topic, and/or a request sentiment. The system may retrieve a user profile and/or a user chat record based on the user identifier. The system may determine a chat profile based on the chat profile request, the request topic, the request sentiment, the user profile, and/or the user chat record. The system may generate a chat response based on the chat request and the chat profile. | 2019-09-05 |
20190273702 | METHOD FOR ADJUSTING A DEVICE BEHAVIOR BASED ON PRIVACY CLASSES - A system and method for adjusting a device behavior with respect to a privacy class. The method includes collecting sensory inputs from a plurality of sensors; analyzing the sensory inputs using at least the sensory inputs and at least a privacy class of a plurality of privacy classes; determining a privacy rule based on the analysis of the sensory inputs; and, initiating an engagement of the user based on the determined privacy rule. | 2019-09-05 |
20190273703 | METHOD, SYSTEM AND RECORDING MEDIUM FOR COMMUNICATING AND DISPLAYING CONTENT IN A MESSENGER APPLICATION - In one example embodiment, a communication method includes identifying a selection instruction for content provided by a content provider, and establishing a communication link between a first account of a user and a second account of a business operator relevant to the content based on the identification of the selection instruction. | 2019-09-05 |
20190273704 | System for Delivering Notification Messages Across Different Notification Media - A system for delivering notification messages across different notification media comprises a processor. A processor is configured to provide an indication of a new platform notification channel to one or more platform notification services. The indication is provided to one of the one or more platform notification services through a communication module specific to the one of the one or more platform notification services. The processor is configured to create a mapping from a new universal notification channel to a set of one or more platform notification channel identifiers. Each platform notification channel identifier of the set of platform notification channel identifiers is received from a platform notification service. The processor is configured to provide the set of one or more platform notification channel identifiers to a content provider of the new universal notification channel. The processor is coupled to the memory and is configured to store instructions. | 2019-09-05 |
20190273705 | MODIFICATION OF TEXTUAL MESSAGES - A writing style of content of a composed message, directed to a set of recipients, may be determined. A previous message that includes a first subset of recipients in the set of recipients may be analyzed. Writing habits of the first subset of recipients may be identified based on the analyzing. A difference between the writing style of the content and the writing habits of the first subset of recipients may be identified. The content of the composed message may be modified based on the difference. | 2019-09-05 |
20190273706 | INTEGRATING DIFFERENT MESSAGING APPLICATIONS WITHOUT RELYING ON MESSAGING PROTOCOLS - Performing an operation comprising receiving accessibility data generated by an operating system based on a first message outputted via a graphical user interface (GUI) of a first messaging client of a plurality of messaging clients executing on a device, extracting attributes of the first message from the received accessibility data and based on a first parsing rule, wherein the attributes comprise a text of the message, a sender of the message, and the first messaging client, and outputting for display an indication of the text of the message, the sender, and the first messaging client in a GUI of an integrated messaging application. | 2019-09-05 |
20190273707 | BREVITY - CODIFIED MESSAGING SYSTEM AND PROCESS WITH PRE-COMPOSED MESSAGES MADE OF PREFABRICATED ICONS, AND METHODS OF USE - Described herein is a codified social media messaging system, method and process based on pre-composed messages made of prefabricated icons that may be directed primarily at festive occasions and events. The prefabricated icons may comprise gender-specific prefabricated icons. The festive nature of these events may be incompatible with harmful messages, hence one function—that of a filter—imprinted in the design of positive prefabricated icons. Another function may aim to make messages as festive as the festive occasions they address. These functions may stem from the use of prefabricated icons, including animated icons, which act as guardians and catalysts of the positive character of the message. Within this codified messaging system, method and process, pre-composed messages made of prefabricated icons may perform the role of multi-use “connectors” between users. In some embodiments the system provides a system of memorabilia exchanges based on prefabricated icons. | 2019-09-05 |
20190273708 | SYSTEM AND METHOD FOR CONTEXTUAL MAIL RECOMMENDATIONS - An email system that enables users to request for and receive recommended messages which are relevant and contextually related to a received message via activation of a user interface element is disclosed. When a message is received, it is analyzed and keywords relevant to the received message along with named entities comprised in the received message are retrieved and stored. Upon activation of a user interface element, the relevant keywords are employed to retrieve other similar messages which are grouped into clusters. The clusters are further ranked based on their relevance to the received message and the top ranked messages from the most relevant cluster are selected for display to the user as the messages that are contextually relevant to the received message. The email system also facilitates execution of batch operations on the contextually relevant messages. | 2019-09-05 |
20190273709 | DYNAMIC DUTY-CYCLING OF PROCESSOR OF MOBILE DEVICE BASED ON OPERATING CONDITION OF MOBILE DEVICE - In one embodiment, the first processors of a mobile device determine an operating condition of the mobile device. These operating conditions are based on a current velocity of the mobile device, and the current time of day. If the operating conditions satisfy an operating criteria for the mobile device, the first processors send a message to second processors of the mobile device, causing one or more of the second processors to wake up from a sleeping state to an active state. | 2019-09-05 |
20190273710 | SYSTEM AND METHOD FOR ENTITY DETECTION IN MACHINE GENERATED MESSAGES - Disclosed is a system and method for email management that leverages information derived from automatically generated messages in order to identify types of messages and message content. The disclosed systems and methods apply the information learned from decoding previously received messages to other messages in a user's inbox to fully, or at least partially decode the information included within such messages. The disclosed systems and methods analyze messages received in a user's inbox to detect message specific information corresponding to types of content in the message and the location of such content in the messages. The message specific information is then applied to other newly received or identified messages to learn message specific information about those messages. Based on such learning, information can be extracted from such messages in order to increase a user's experience and increase monetization. | 2019-09-05 |
20190273711 | ENABLING WEARABLES TO COGNITIVELY ALTER NOTIFICATIONS AND IMPROVE SLEEP CYCLES - A method, computer system, and computer program product for cognitively adjusting a notification alert delivery time are provided. The embodiment may include receiving a message notification from a sender. The embodiment may also include determining an importance of the received message notification based on a plurality of notification attributes and a plurality of person attributes that are each associated with the received message notification. The embodiment may further include, in response to determining to alert a user of the received message notification based on the determined importance, identifying a current user sleep stage. The embodiment may also include, in response to determining the current user sleep stage will minimally impact the user, transmitting the received message notification to a user device. | 2019-09-05 |
20190273712 | MESSAGE QUEUE MANAGER - Aspects provide message queue management as a function of processing time estimation, wherein a processor stores a message directed to a user from a messaging server in a distraction queue, and predicts a processing time required by the user to process the received message as a function of sender identity or of an identified message topic or type. The processor increments a processing time counter value for the distraction queue with the predicted processing time of the message, and notifies the user of the received message and all other messages currently saved to the distraction queue in response to determining that the incremented processing time counter value meets a threshold value. | 2019-09-05 |
20190273713 | ENHANCED DOMAIN NAME TRANSLATION IN CONTENT DELIVERY NETWORKS - Systems, methods, apparatuses, and software for operating content delivery networks are provided herein. In one example, a method of operating a domain name translation node in a first point-of-presence of a content delivery network is presented. The method includes receiving a translation message issued by an end user device for translation of a domain name into a content network address, and processing the translation message to identify a network address of a node that transferred the translation message. The method also includes selecting the content network address based at least in part on correlations between network addresses and performance factors to direct the end user device to a target cache node at a point-of-presence different than the point-of-presence of the domain name translation node, and transferring a response message indicating the content network address which directs the end user device to the target cache node at the second point-of-presence. | 2019-09-05 |
20190273714 | VENDOR KIOSK TRACKING AND ROUTING SYSTEM OVER LOCAL AREA NETWORK AND METHOD OF USE - A local area network tracking system and method of use is described herein. An exemplary embodiment of the system comprises a central tracker server that registers and tracks third-party vendor kiosks when the kiosks connect to a retail store local area network. The unique tracker server system is configured to efficiently route web application traffic on the same retail store local area network. The tracker server stores a local IP address and a unique identifier for each vendor kiosk connected to a particular retail store network. Customers connected to the network are routed to the tracker server to obtain the IP address for a suitable vendor kiosk, with which the customer can establish a direct wireless connection to that kiosk over the retail store network. The system described herein can be implemented without modifying any aspect of the retail store LAN infrastructure. | 2019-09-05 |
20190273715 | DOMAIN IDENTIFIER BASED ACCESS POLICY CONTROL - Methods, systems and computer readable media for domain identifier (ID) based access policy control are described. | 2019-09-05 |
20190273716 | Address Assignment and Data Forwarding in Computer Networks Background - When a network host ( | 2019-09-05 |
20190273717 | SELECTIVE PORT MIRRORING AND IN-BAND TRANSPORT OF NETWORK COMMUNICATIONS FOR INSPECTION - The present disclosure pertains to systems and methods of monitoring communication devices and communication links in a software-defined network (SDN). Network packets may be colored or tagged for routing to a packet analyzer. A VLAN bitmask may be added to a packet to identify the packet for inspection and, optionally, provide origin information identify a switch and/or port of origin. Port mirroring may be utilized and/or eventual routing of network packets to their original destination may ensure that network traffic is not disrupted. In one example, a most significant bit of a VLAN bitmask may be used by a match rule to identify packets intended for a packet analyzer without regard to original packet routing instructions and/or packet content. | 2019-09-05 |
20190273718 | INTERCEPTING NETWORK TRAFFIC ROUTED BY VIRTUAL SWITCHES FOR SELECTIVE SECURITY PROCESSING - Systems, methods, and apparatuses enable a microservice to intercept and filter network traffic generated by virtual machines (VMs) and routed by a virtual switch (vSwitch). The system assigns a unique port group and identifier (e.g., a VLAN) to each VM, and maintains a mapping between the unique identifier and a VLAN used to communicate network traffic from the vSwitch to a physical switch. When network traffic is sent from a VM, the network traffic is intercepted by a trunk and sent to a microservice. The microservice performs a mapping procedure to identify the VLAN for transmitting the network traffic to the physical switch. The microservice determines whether the network traffic requires further inspection or analysis, or whether the network traffic can be transmitted to the physical switch using the VLAN identified during the mapping procedure. | 2019-09-05 |
20190273719 | SYSTEM AND METHOD FOR MANAGING THE DATA PACKETS EXCHANGED ACROSS A COMPUTER NETWORK - To obviate the possibility of a data packet requesting for a communication between a source computer and a destination computer being blocked either by a source firewall or a destination firewall or both, the source computer is configured to transmit the data packet to an intermediary sever, bypassing the source firewall and the destination firewall. The intermediary server is configured to analyze the data packet transmitted from the source computer and is further configured to acknowledge the need to establish a communication between the source computer and the destination computer. The intermediary server subsequently generates a notification notifying the destination computer to establish a communication with the source computer. The intermediary server transmits a notification to the destination computer and triggers the destination computer to respond to the notification and establish a communication session with the source computer. | 2019-09-05 |
20190273720 | FIREWALL RULE REMEDIATION FOR IMPROVED NETWORK SECURITY AND PERFORMANCE - A firewall manager periodically accesses a set of servers to identify the various services currently active on each server. The firewall manager also periodically accesses a set of firewalls configured to protect those servers to identify various firewall rules implemented by those firewalls. The firewall manager then compares the services data with the rules data to identify any obsolete firewall rules that are (i) defined based on an IP address not currently allocated to any of the servers or (ii) defined based on a port of an active server that is not associated with any service running on server. Such rules are considered obsolete. Upon identifying any obsolete firewall rules, the firewall manager accesses the firewalls associated with those rules and then removes the obsolete rules. | 2019-09-05 |
20190273721 | NETWORK MANAGEMENT APPARATUS, NETWORK MANAGEMENT METHOD, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - A network management apparatus configured to obtain multiple rules that each control communication in accordance with an address range of a packet, divide a full set of the address range of the multiple rules into multiple subsets that are mutually disjoint in accordance with inclusion relations of the address range among the multiple rules, extract, with respect to each rule of the multiple rules, one or more subsets that are included in the address range from the multiple subsets, and determine, with respect to each rule of the multiple rules, an inclusion relation of the one or more subsets between a particular rule and another rule of the multiple rules that is assigned higher priority than that of the particular rule and determine disposition for each of the multiple rules in accordance with a determination result of the inclusion relation of the one or more subsets. | 2019-09-05 |
20190273722 | PASSPORT-CONTROLLED FIREWALL - A method and system for dynamically modifying rules in a firewall infrastructure. A signed passport is encrypted based on a public key certificate registered with a trusted signer. The signed passport includes a hash value that includes a heart-beat time-out interval and a firewall rule. A trigger signal within the heart-beat time-out interval is generated. The signed passport and the trigger signal are transmitted within the heart-beat time-out interval to a border control agent of a firewall in the firewall infrastructure. In response to receiving, from the border control agent, a continuous confirmation of the firewall rule within a time interval shorter than the heart-beat time-out interval, the firewall is modified according to the firewall rule. In response to determining that the trigger signal was not received by the border control agent within the heart-beat time-out interval, the firewall rule is reset. | 2019-09-05 |
20190273723 | DETERMINING IF A CORRESPONDENT DEVICE IS TRUSTED - For secure communications, a processor determines if a correspondent device is trusted. In response to the correspondent device not being trusted, the processor terminates communications with the correspondent device. In response to the correspondent device being trusted, the processor exchanges unencrypted communications with the correspondent device over an IP interface. | 2019-09-05 |
20190273724 | TRUST STATUS OF A COMMUNICATION SESSION - A device for operating a service network includes a processor and a memory in communication with the processor. The memory includes executable instructions that, when executed by the processor, cause the processor to control the device to perform functions of determining that a communication session is initiated between a first device connected to a first network and a second device connected to a second network, the service network connected between the first and second networks; identifying an attribute of the communication session; determining, based on the identified attribute, whether the communication is authenticated; and when it is determined that the communication is authenticated, sending, to the first or second network, a session notification indicating that the communication session is authenticated with the service network, which allows the first network to route a data stream for the communication session as a trusted data stream. | 2019-09-05 |
20190273725 | BLOCKCHAIN-BASED METHOD AND SYSTEM FOR SPECIFYING THE RECIPIENT OF AN ELECTRONIC COMMUNICATION - The invention provides a method and corresponding system for controlling a blockchain transaction output and/or specifying the recipient of the output. It also provides a method of controlling and/or generating an electronic communication. The invention is a blockchain-implemented solution, which may or may not be the Bitcoin blockchain. In a preferred embodiment of the invention, the method may comprise the step of sending an electronic notification to a notification address which is provided as metadata within an unlocking script of an input of a transaction (Txi) on a blockchain. The unlocking script is provided in order to spend an output from a further transaction (Tx2) on the blockchain. The input of the transaction (Txi) and/or the output of the further transaction (Tx2) may be associated with a tokenised asset represented on, or referenced via, the blockchain. The notification address may be associated with an asset or resource represented on the blockchain, or a controller of an asset or resource represented on the blockchain. The notification address may be a network address, a cryptographic key, a uniform resource locator (URI), email address or any other address or identifier which can be represented in the metadata of a transaction script and used as a destination for an electronic communication. | 2019-09-05 |
20190273726 | SYSTEMS AND METHODS FOR MANAGING TELECOMMUNICATIONS - Systems and methods of the present disclosure are directed to a telecommunications management system (TMS) that receives an indication from a first user to participate in a telecommunication. The TMS can identify a characteristic of the first user and compare the characteristic with one or more characteristics of each user of a pool of users. The TMS can select, based on the comparison, a second user of the pool of users that matches the first user. The TMS can initiate, responsive to selecting the matching second user, an anonymous telecommunications channel between the first user and the second user. | 2019-09-05 |
20190273727 | Lightweight Secure Autonomic Control Plane - A network device includes a transmitter and a receiver to establish a secure connection with one or more network nodes as part of a Autonomic Control Plane (ACP) network. The network device also includes a processor coupled to the transmitter and receiver. The processor receives a request from an application to initiate a connection with a destination network node. The processor also receives packets from the application for transmission toward the destination network node. When the packets from the application are unencrypted, the processor end-to-end encrypts the unencrypted packets without notifying the application. The transmitter then transmits the encrypted packets towards the destination network node across the ACP network. | 2019-09-05 |
20190273728 | RESOUCE-BASED CIPHER SUITE SELECTION - Cipher suites and/or other parameters for cryptographic protection of communications are dynamically selected to more closely match the intended uses of the sessions. A client indicates a planned use of a session to a server. The client's indication of the planned use may be explicit or implicit. The server selects an appropriate set of parameters for cryptographic protection of communications based at least in part on the indicated planned use and the client and server complete a handshake process to establish a cryptographically protected communications session to use the selected set of parameters. | 2019-09-05 |
20190273729 | KEYCHAIN SYNCING - Some embodiments provide non-transitory machine-readable medium that stores a program which when executed by at least one processing unit of a device synchronizes a set of keychains stored on the device with a set of other devices. The device and the set of other devices are communicatively coupled to one another through a peer-to-peer (P2P) network. The program receives a modification to a keychain in the set of keychains stored on the device. The program generates an update request for each device in the set of other devices in order to synchronize the set of keychains stored on device with the set of other devices. The program transmits through the P2P network the set of update requests to the set of other devices over a set of separate, secure communication channels. | 2019-09-05 |
20190273730 | PASSPORTING CREDENTIALS BETWEEN A MOBILE APP AND A WEB BROWSER - Systems and methods for passporting credentials provide a mechanism by which a native app on a client device can invoke a service provider's core web site web addresses (URL) while keeping the existing session active and shared between the two experiences (native app and web flow) so that the end user does not need to re-login at each context switch. The mechanism can include a unique way for the web flow context to communicate conditions and pass control back to the native app context of the shared session. | 2019-09-05 |
20190273731 | Securing Authentication Processes - A method includes receiving a message belonging to an access request or to a response to the access request, the access request originating from a request-origin device and directed to a request-destination application. The method further includes, without using the request-destination application, subsequently to receiving the message, forwarding the message to a traffic-management server before communicating the message to a destination of the message, subsequently to forwarding the message, receiving the message from the traffic-management server, and subsequently to receiving the message from the traffic-management server, communicating the message to the destination of the message. Other embodiments are also described. | 2019-09-05 |
20190273732 | CUSTOM AUTHENTICATOR FOR ENTERPRISE WEB APPLICATION - A system and method for facilitating authenticating a client application to enable communications with another server-side application running on a server in communication with the client application (client). An example embodiment involves providing an authenticator for the client to a shared library that is accessible to the client and server, and then registering the authenticator for the client at the server. After registration, the client sends a request message (addressed to a server-side application) and token to the server. The token is derived using the authenticator at the shared library. The server then uses the token to check that the authenticator associated with the received token is registered. The server then communicates with the shared library to authenticate the client by verifying that the received token identifies the client that has provided the authenticator to the shared library. Client identity is then set to enable communications with the server-side application. | 2019-09-05 |
20190273733 | COMMUNICATIONS SYSTEM, COMMUNICATIONS DEVICE USED IN SAME, MANAGEMENT DEVICE, AND INFORMATION TERMINAL - A communications system includes a device connected to information terminals to enable a plurality of information terminals, mutually exchange data via a global network and enable highly confidential mutual communications between the information terminals included. The communications device includes a unit storing user authentication information for performing user authentication via the connected information terminal and pre-storing a device authentication listing pieces of device information in authentication of each communications device with regard to all the communications devices in the same group, the device authentication list being pre-stored in a state where the device authentication list is inaccessible from the user. When exchange of data is performed between the information terminals via the global network, the communications device configured to carry out user authentication process with the information terminal using the user authentication information and device-to-device authentication process with another communications device by referring to the device authentication list. | 2019-09-05 |
20190273734 | CONFIGURING CREDENTIALS TO FACILTATE SHARING DATA IN A SECURE MANNER - A system and method for facilitating sharing of credentials and other secret data in a networked computing environment. An example embodiment provides for access to data of an external data source by a software application, wherein the external data source requires use of credentials to allow access to the data, but where the credentials themselves are not to be supplied to the software application. An example method includes storing the credentials in a secure data store; providing a token to the application, the token associated with the credentials and with an indication of the external data source; transferring the token from the application to a secure connector; using the secure connector and the token to retrieve the credentials from the secure data store to the secure connector; using the secure connector and the credentials to request data from the external data source to the secure connector before transfer of the requested data to the application via the secure connector. | 2019-09-05 |
20190273735 | METHOD FOR AUTOMATED AUTHENTICATION OF VOIP PHONE - A method for automated authentication of a user VoIP phone supported by a Private Branch eXchange (PBX) configuration server is provided. A VoIP phone or a VoIP supported device is configured for an automated authentication by a vendor. The authentication method does not require manual entry of authentication data by a user. The unique VoIP phone authentication data can be provided by the vendor in a form of a MAC address. Additionally, the vendor can assign a digital certificate (containing public and private encryption keys) signed by the vendor to the VoIP phone. In this case, the VoIP phone vendor serves as a trusted authority. Thus, the VoIP phone automatically connects with the configuration server and the authentication transformation server (ATS) and the address where the VoIP phone sends the authentication data upon connection to the network is determined by the ATS. | 2019-09-05 |
20190273736 | MULTI-FACTOR AUTHORIZATION FOR IEEE 802.1X-ENABLED NETWORKS - The present disclosure discloses a system and method for providing multi-factor authorization for IEEE 802.1x-enabled networks. Specifically, a network device authenticates a client device to obtain access to network resources in a network via a network authentication protocol. The network device then detects a device quarantine trigger indicating an increased level of suspicion that a current user of the client device is a non-authenticated user. In response to the device quarantine trigger, the network device temporarily places the client device from an authenticated state to a quarantined state pending completion of a particular workflow by the current user. The client device has limited access to the network resources while in the quarantined state regardless of a previous successful user and/or device authentication. | 2019-09-05 |
20190273737 | METHOD, SYSTEM, AND DEVICE FOR COMMUNICATING DATA BETWEEN DEVICES TO CONTROL ONE OF THE DEVICES - The present application discloses a method, device, and system for data transmission. The system includes a first terminal having an associated terminal ID and a server. At least one of the first terminal and the server establishes a channel between the first terminal and the server based at least in part on the terminal ID, the channel corresponding to a communication channel that is to be used by the first terminal and the server to communicate data. The terminal ID is used to authenticate the first terminal in connection with the channel being established between the first terminal and the server. | 2019-09-05 |
20190273738 | LOCAL VERIFICATION OF CODE AUTHENTICATION - Embodiments are directed to a computing device having execution hardware including at least one processor core, and non-volatile memory that stores verification module and a private symmetric key unique to the computing device. The verification module, when executed on the execution hardware, causes the execution hardware to perform pre-execution local authenticity verification of externally-supplied code in response to a command to launch that code. The local authenticity verification includes computation of a cryptographic message authentication code (MAC) of the externally-supplied code based on the private symmetric key, and verification of the MAC against a stored local authenticity verification value previously written to the non-volatile memory. In response to a positive verification of the of the MAC, execution of the externally-supplied code is permitted. | 2019-09-05 |
20190273739 | SYSTEMS AND METHODS FOR CONTROLLING ACCESS TO A BLOCKCHAIN - Systems and methods for controlling access to a blockchain are disclosed. The systems and methods are comprised of a security agent, a controller, an authenticator, a rules engine, and a policy engine. In certain embodiments, the security agent receives a message from an application, parses the message, and transmits the message to the controller if the message comprises one or more predetermined applicable rules or policies. The controller receives the message with its rules and policies, queries the rules engine and the policy engine to apply the rules and policies, and transmits an authentication request to the authenticator. The authenticator then requests an authentication signal from a user and transmits the results to the controller. The controller applies the results and forwards them to the security agent, which may or may not release the message to the blockchain depending the results. | 2019-09-05 |
20190273740 | SYSTEM AND METHODS TO ESTABLISH USER PROFILE USING MULTIPLE CHANNELS - Embodiments of the disclosure provide a method of establishing a user profile using multiple channels. Embodiments allow compatibility of the user profile across several authentication systems. The user profile is created upon registration and is updated with attributes after authenticating and authorizing the user according to a pre-defined assurance level. The user profile contains attributes pertaining to the user and user device. The attributes can be analyzed by authentication systems to optimize data security. | 2019-09-05 |
20190273741 | SENSOR-BASED HUMAN AUTHORIZATION EVALUATION - A resource-access management system detects whether a user is authorized to access resources. The system may include a user device being configured to include a sensor that detects sensor data associated with the user. Further, the system includes a client qualification engine that determines whether or not a client is authorized to access the resources by comparing the sensor data with a plurality of patterns for evaluating whether or not the user is an authorized user. User scores are generated based on the compared sensor data and the plurality of patterns. Further, a composite score corresponding to the user is generated using the sensor data, plurality of patterns, and one or more additional criteria. Whether the user is granted access to the resources, presented with unauthorized user tests, or blocked from access to the resources depends on the composite score and threshold values. | 2019-09-05 |
20190273742 | System and Method for Secure Control of Resources of Wireless Mobile Communication Devices - Systems and methods for secure control of a wireless mobile communication device are disclosed. Each of a plurality of domains includes at least one wireless mobile communication device asset. When a request to perform an operation affecting at least one of the assets is received, it is determined whether the request is permitted by the domain that includes the at least one affected asset, by determining whether the entity with which the request originated has a trust relationship with the domain, for example. The operation is completed where it is permitted by the domain. Wireless mobile communication device assets include software applications, persistent data, communication pipes, and configuration data, properties or user or subscriber profiles. | 2019-09-05 |
20190273743 | Session Security Splitting and Application Profiler - Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits. | 2019-09-05 |
20190273744 | SYSTEMS AND METHODS FOR RUNNING APPLICATIONS ON A MULTI-TENANT CONTAINER PLATFORM - The disclosed computer-implemented method for running applications on a multi-tenant container platform may include (1) receiving, at a host administrator service on a container host computing device and via a host administrator service socket handle, a request for a privileged operation from an application running in a non-privileged container, (2) performing, based on a user identifier of the application, a security check of a user associated with the application, (3) comparing, when the security check results in approval, a process identifier of the requested privileged operation against a whitelist of permitted operations to determine the requested privileged operation is permissible, and (4) initiating running, when the requested privileged operation is permissible, the requested privileged operation. Various other methods, systems, and computer-readable media are also disclosed. | 2019-09-05 |
20190273745 | SYSTEMS AND METHODS FOR BIG-DATA RESOURCE MANAGEMENT - Embodiments of the present disclosure include a platform for a resource provisioning system. The platform can execute big data analysis techniques to access-right data to generate statistics that characterize a set of users. For example, characteristics of users who access resources events can be analyzed with varying levels of detail. The access-right data can include access right assignments, and data identifying the users to which access rights are assigned. In some implementations, spatial management systems can access the platform to generate statistics for the resources. | 2019-09-05 |
20190273746 | MICROSERVICE ARCHITECTURE FOR IDENTITY AND ACCESS MANAGEMENT - Systems and methods for identity and access management are provided in a service mesh that includes a plurality of interconnected microservices. Each microservice is associated with a microgateway sidecar. The associated microgateway sidecar may intercept a request for the associated microservice sent over a communication network from a user device. Such request may include data regarding a context of the request. A token associated with the request may be enriched based on the context data and sent to at least one other microservice. A database of security policies for each of the microservices may be maintained. An authentication engine may generate a risk profile for the request based on the context data of the request and one or more of the security policies in the database. One or more of a plurality of available security workflows may be selected based on the risk profile. | 2019-09-05 |
20190273747 | GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM - A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy. | 2019-09-05 |
20190273748 | Gradual Credential Disablement - A method for a gradual credential disablement is provided. The method includes receiving, at data processing hardware, a request for access to a resource. The request includes a request authenticator. The method also includes comparing, by the data processing hardware, the request authenticator against a security credential associated with the resource. The method further includes determining, by the data processing hardware, whether the request authenticator satisfies the security credential. When the request authenticator satisfies the security credential, the method includes granting or denying, by the data processing hardware, access to the resource based on a request failure rate associated with the security credential. | 2019-09-05 |
20190273749 | Unauthorized Communication Detection Apparatus and Recording Medium - An unauthorized communication detection apparatus comprises: a reception module configured to receive operational data from a transmission source; a transmission module configured to transmit the operational data received by the reception module to a destination; a determination module configured to calculate a score of the operational data by a determination expression for calculating the score for determining whether the operational data is involved in unauthorized communication based on a learning model relating to a feature amount of a learning data group, and determine based on the calculated score whether the operational data is involved in unauthorized communication; and a transmission control module configured to control the transmission of the operational data performed by the transmission module based on a determination result obtained by the determination module. | 2019-09-05 |
20190273750 | METHODS AND APPARATUS FOR DETECTING REMOTE CONTROL OF A CLIENT DEVICE - A system, method, and apparatus for detecting remote control of a client device are disclosed. An example network security apparatus includes a network switch configured to route first data packets between a client device and a content provider device, determine IP addresses of other devices that transmit second data packets to or receive second data packets from the client device, and throttle the second data packets destined for the client device. The apparatus also includes a controller configured to receive signal packets indicative of activity in relation to a webpage provided by the content provider device to the client device and instruct the network switch to throttle the second data packets after receiving one of the signal packets. The controller is also configured to provide an indication of a malicious device remotely controlling the client device responsive to not receiving another signal packet within a specified time period. | 2019-09-05 |
20190273751 | MANAGING SECURITY BREACHES IN A NETWORKED COMPUTING ENVIRONMENT - Approaches for managing security breaches in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a production system in the networked computing environment, wherein the networked computing environment includes a decoy system interweaved with the production system. The method also includes receiving, by the at least one computer device, a communication after the detecting the breach. The method further includes determining, by the at least one computer device, the communication is associated with one of a valid user and a malicious user. The method additionally includes, based on the determining, routing the valid user to an element of the production system when the communication is associated with the valid user and routing the malicious user to a corresponding element of the decoy system when the communication is associated with the malicious user. | 2019-09-05 |
20190273752 | CLOUD-BASED GATEWAY SECURITY SCANNING - Some embodiments of cloud-based gateway security scanning have been presented. In one embodiment, some data packets are received sequentially at a gateway device. The data packets constitute at least a part of a file being addressed to a client machine coupled to the gateway device. The gateway device forwards an identification of the file to a remote datacenter in parallel with forwarding the data packets to the client machine. The datacenter performs signature matching on the identification and returns a result of the signature matching to the gateway device. The gateway device determining whether to block the file from the client machine based on the result of the signature matching from the datacenter. | 2019-09-05 |
20190273753 | MONITORING FOR HYBRID APPLICATIONS - Some embodiments of the invention provide a novel method for monitoring instances of an application operating on a set of mobile devices. In some embodiments, the method receives content data to be used by the application and injects monitoring code into the content data before providing it to a web view of the application. In some embodiments, the content data includes various types of content (e.g., multimedia files, scripts, data files, etc.) received from a content server managed by the developer of the application and may be used by the native code and/or the web view of the hybrid application. The content data of some embodiments also includes monitoring code that is inserted by the developer of the application to monitor developer-specified events in the native code and/or web view. The method of some embodiments gathers monitored data from both the native code and the web view. | 2019-09-05 |
20190273754 | RESILIENT MANAGEMENT OF RESOURCE UTILIZATION - Endpoint devices for use, e.g., in distributed environments such as a healthcare institutions comprise, in various embodiments, (i) a processor, (ii) an operating system, (iii) a computer memory, and (iv) instructions stored in the memory and executable by the processor for defining a plurality of user applications, a plurality of sensors for monitoring calls to the operating system, a plurality of actuators for causing the processor to take specified actions for mitigating a threat or anomaly, and an intelligent controller for analyzing time-windowed data from the sensors based on a predictive response model to detect anomalous behavior, and upon detecting such behavior, instructing an actuator to take a specified mitigation action. | 2019-09-05 |
20190273755 | COMMUNICATION CONTROL DEVICE, COMMUNICATION CONTROL METHOD, AND PROGRAM - A communication control device that is included in a communication system in which a terminal device communicates a frame free of any transmission source information via a network, in which a detection device having a function of detecting a frame having a specific property, and a function of transmitting first information on the frame having a specific property to the network when the detection device detects a frame having a specific property is connected to the network, and the communication control device includes a control unit that refers to a frame storage unit that stores a frame that is a transmission target output from the terminal device to the network when the control unit determines that the first information has been received from the detection device connected to the network on the basis of information for determining being the first information transmitted by the detection device. | 2019-09-05 |
20190273756 | CONSEQUENCE-DRIVEN CYBER-INFORMED ENGINEERING AND RELATED SYSTEMS AND METHODS - Embodiments of the disclosure relate to a computer-implemented consequence-driven cyber-informed engineering tool for performing and reporting consequence-based prioritization, system-of-systems breakdown, consequence-based targeting, and mitigations and protections. Embodiments of a CCE tool may perform one or more steps of defining a target industrial control system (ICS), wherein the target ICS includes operational goals, critical functions, and critical services; determining one or more scored high consequence events (HCE) associated with the defined target ICS; prioritizing the scored HCEs according to an HCE severity index; and updating a dashboard with one or more representations of the prioritized HCEs, wherein the updated dashboard is associated with the CCE tool and presented at a display. | 2019-09-05 |
20190273757 | DYNAMIC DETECTION OF FIREWALL MISCONFIGURATIONS - An automated scanning service can be configured to dynamically determine potential firewall misconfigurations in a shared resource environment. The scanning service can interrogate one or more application programming interfaces (APIs) to determine the state of the relevant firewall ports. For each firewall port in a permitted state, a test or trace can be run to determine whether the corresponding host port is open. Similarly, information can be obtained indicating which host ports for the allocation are open, and a determination can be made as to whether the corresponding firewall ports are permitted. Once the determinations are made, any mismatch in port state can be reported as a potential misconfiguration. | 2019-09-05 |
20190273758 | RESOLVING CUSTOMER COMMUNICATION SECURITY VULNERABILITIES - Various embodiments for resolving customer communication security vulnerabilities are provided. Customer traffic data is stored in a database and analyzed to identify problem traffic. A report of a first user device and a usage history for the first user device is obtained. Similarities between the usage history of the first user device and the problem traffic are searched for to identify an issue. A first vulnerability is remedied on the first user device by a first remote action in response to the issue being identified. A second user device that is in a same account as the first user device and that has engaged in similar problematic communications as the first user device is identified. A second vulnerability is proactively remedied on the second user device by a second remote action. | 2019-09-05 |
20190273759 | SECURITY-RISK PLUGIN TO HELP TARGETED USERS INTERACT WITH WEB PAGES AND APPLICATIONS - The present disclosure relates to techniques for helping targeted users determine whether it is safe to supply personal information requested by a web site. In one embodiment, a method generally includes extracting textual content from a web page that requests information from a user and determining, based on the textual content, the type of information requested. A service type the web page provides is also determined based on the textual content. The service type and the information type are then compared to a set of predefined rules to determine a risk level associated with the web page. A visual indicator of the risk level is then displayed with the web page. | 2019-09-05 |
20190273760 | POLICY MANAGEMENT - In embodiments of the present invention improved capabilities are described for the operation of a threat management facility, wherein the threat management facility may provide for a plurality of computer asset protection services to a corporate computer network. The threat management facility may provide a policy management service as one of the plurality of protection services, wherein the policy management service may be adapted to provide corporate policy updates to a plurality of computer facilities associated with the corporate computer network. In addition, the corporate policy updates, and a related corporate policy, may relate to the acceptability of an operation of a computer application. | 2019-09-05 |
20190273761 | MULTI CLOUD POLICY ENACTMENT VIA ORGANIZATIONS TO CLOUD-PROVIDER PARTNERSHIPS - A method includes acts for establishing a subscription for an entity. The method includes receiving, at a cloud service provider, a request from an entity to establish a subscription. The request includes credentials for the entity that are not proper credentials for an organization associated with the entity that the entity should use to access services for the organization. The method further includes performing a corrective action based on detecting one or more factors to determine that the entity is associated with the organization. The method further includes providing services based on the corrective action. | 2019-09-05 |
20190273762 | MANAGEMENT OF VOICE SERVICES FOR USER EQUIPMENTS IN COVERAGE ENHANCEMENT (CE) MODE B - Embodiments of the present disclosure describe methods, apparatuses, and systems for management of voice services GP for user equipments (UEs) in coverage enhancement (CE) mode B. A cellular protocol stack (CPS) of the UE may indicate to an internet for protocol (IP) multimedia services (IMS) circuitry of the UE that the UE is operating in the CE mode B (or will be operating in the CE mode B when it awakes from idle mode). The IMS circuitry may receive an SIP invite from an IMS server to invite the UE to engage in a mobile terminated (MT) call. In response to the SIP invite, the IMS circuitry of the UE may reject the SIP invite and deregister the UE from voice services. Other embodiments may be described and claimed. | 2019-09-05 |
20190273763 | SETTING MODE OF COMMUNICATION - A method in a communication system is disclosed. In the method a procedure for setting up a communication link between a first user equipment and a second user equipment via a communications network is initiated. Information regarding at least two modes of communication that can be used for communication via the communication link is signalled between the first and second user equipment. An indicator regarding a mode to be used for the communication is also signalled between the first user equipment and the second user equipment. After the signalling steps, a procedure for setting the mode of communication in accordance with the indicator is initiated in at least in one of the user equipment. According to an alternative embodiment signalling for reserving a possibility for at least tow different communication modes occurs between elements of the communication system. | 2019-09-05 |
20190273764 | RELAY SERVER - A relay server includes a network interface, a storage, and a controller. The network interface communicates with a user terminal and a device. The storage stores login information. When the user terminal performs a login, the controller transmits to the user terminal a device list including an identified sub ID. When receiving a connection request from the user terminal, the controller establishes, when a device to which a connection is requested is logged in, a communication session between the device and the user terminal. When the device to which a connection is requested is not logged in, the controller causes the device to log in and, after the device is logged in, establishes a communication session between the device and the user terminal. | 2019-09-05 |
20190273765 | APPARATUS AND METHOD FOR COMMUNICATIONS INVOLVING A LEGACY DEVICE - A gateway receives a message from a first terminal to establish a connection between the first terminal and a second terminal. The gateway sends a second message to the second terminal to offer a connection. After receiving the first message from the first terminal, the gateway receives subsequent third messages from the first terminal that identify candidates for assisting in the formation of the connection. The gateway saves information about these candidates. The gateway either uses such information for facilitating the formation of the connection or forwards that information to the second communication terminal after receiving an answer accepting the establishment of a connection from the second terminal and determining whether the second terminal has a WebRTC client. | 2019-09-05 |
20190273766 | SESSION PROCESSING IN INSTANT MESSAGING - An example method including: with respect to a local session contained in a local session list, determining a remote user account corresponding to the local session; and when it is determined that the remote user account is not included in a set particular account list, concealing the local session in the local session list. Through the above method, it is feasible to only add an account of a particular object to the particular account list. In this way, local sessions corresponding to other remote user accounts other than the account of the particular object will be concealed in the local session list, and thus it is convenient for a local user to look for a particular session. | 2019-09-05 |
20190273767 | CONDUCTING ELECTRONIC MEETINGS OVER COMPUTER NETWORKS USING INTERACTIVE WHITEBOARD APPLIANCES AND MOBILE DEVICES - An approach is provided for integrating mobile devices into electronic meetings conducted over computer networks using IWB appliances. The approach includes a user-friendly way for users to join electronic meetings using mobile devices. The approach also allows participants to command and control an electronic meeting using their mobile device, and to receive individualized output, such as meeting transcripts, real-time language translation, messages, prompts, meeting information, and personalized audio streams. | 2019-09-05 |
20190273768 | DATA TRANSMISSION METHOD IN WIRELESS COMMUNICATION SYSTEM, AND APPARATUS THEREFOR - A Station (STA) in a wireless communication system, the STA including a transceiver configured to transmit and receive a wireless signal; and a processor configured to control the transceiver. Further, the processor is further configured to: receive, from An access point (AP), a downlink (DL) multi-user (MU) Physical Protocol Data Unit (PPDU), wherein the DL MU PPDU includes a DL data and trigger frame for an uplink (UL) orthogonal frequency-division multiple access (OFDMA) transmission; and transmit, to the AP, an UL MU PPDU generated based on the DL MU PPDU, wherein the trigger frame is transmitted in a first frequency region of the DL MU PPDU, and the DL data is transmitted in a second frequency region of the DL MU PPDU, when the trigger frame is for multiple stations (STAs), and wherein the first frequency region and the second frequency region are different frequency region. | 2019-09-05 |
20190273769 | A METHOD FOR TRANSMITTING CONTENT TO MOBILE USER DEVICES - A method for accessing a service delivering content from a user terminal includes: transmitting a Uniform Resource Locator to a client module of the terminal, the URL including an identifier of a requested content and a command specifying a request or condition related to delivery to the user terminal of the requested content, if the requested content is available in the user terminal according to the specified condition, receiving the requested content from the client module, and if the requested content is not available in the user terminal according to the specified condition, transmitting the URL to a service broadcasting server. | 2019-09-05 |
20190273770 | VOLTE COMMUNICATION METHOD AND BASE STATION THEREOF - A VoLTE communication method and a base station thereof are disclosed. The method includes: receiving a VoLTE communication request sent by a calling terminal; determining and sending a first suggestion complying with the VoLTE communication carried out by the calling terminal to a network side, the first suggestion including a first suggested speech coding mode and a corresponding code rate thereof; receiving from the network side a final speech coding mode and a corresponding code rate that are determined based on the first suggested speech coding mode and the corresponding code rate; and sending the final speech coding mode and the corresponding code rate to the calling terminal, such that the speech coding mode and the corresponding cod rate may be adjusted synchronously on the both side of the VoLTE communication. | 2019-09-05 |
20190273771 | Maximum Sustainable Encoding Bit Rates for Video Downloads - Described embodiments include a system that includes a network interface and a processor. The processor is configured to identify, via the network interface, a state of congestion in a communication channel between a base station belonging to a cellular network and a client device, to calculate, responsively to the state of congestion, a maximum sustainable encoding bit rate (MSEBR) for a video that is being downloaded by the client device, from a server, via the communication channel, the video being encoded at a plurality of different predefined bit rates, and to inhibit the client device, in response to calculating the MSEBR, from downloading a segment of the video that is encoded at any one of the predefined bit rates that exceeds the MSEBR. Other embodiments are also described. | 2019-09-05 |
20190273772 | DATA PROCESSING METHOD AND APPARATUS IN SERVICE-ORIENTED ARCHITECTURE SYSTEM, AND THE SERVICE-ORIENTED ARCHITECTURE SYSTEM - Data processing method and apparatus in a Service-Oriented architecture (SOA) system are disclosed. The method replaces a target parameter having a larger data length included in an original HTTP request with an intermediate parameter having a smaller data length. A data length of a HTTP request that is converted from an original HTTP request is reduced as compared to a data length of the original HTTP request, thus reducing an amount of data that is transmitted, i.e., sent or received, by a target component, which accordingly reduces an amount of data transmitted in the SOA system and decreases a network overhead of the SOA system. | 2019-09-05 |
20190273773 | METHOD FOR MANAGING COMMUNICATION IN MISSION CRITICAL DATA (MCDATA) COMMUNICATION SYSTEM - Embodiments herein achieve systems and methods for managing communication in a Mission Critical data (MCData) communication system. The proposed method and system provides file distribution and data streaming in the MCData communication system. The proposed method and system provides a functional model and mechanisms to support mission critical data services. The functional model to support file distribution and data streaming, and associated procedures including one-to-one, one-to-many, and group data communications. Further, the proposed method and system provides mechanisms for optimizing radio resource utilization and backhaul link utilization in the MCData communication system. The proposed method and system provides radio resource utilization of the PC5 interface for the MC service, when multiple group members are under a relay node. Further, the proposed method and system can be used to reduce number of unicast transmissions between the MCData server and the MCData UEs by local routing at the relay node. | 2019-09-05 |