39th week of 2018 patent applcation highlights part 76 |
Patent application number | Title | Published |
20180278521 | SYSTEM AND METHOD FOR PROVIDING A BIT INDEXED SERVICE CHAIN - Disclosed is a method that modifies a bit indexed explicit replication (BIER) algorithm. The method includes receiving a packet at a node, wherein the packet includes a BIER header identifying a bitstring, the bitstring including a first bit indicating a first destination and a second bit indicating a second destination and forwarding the packet through one or more networks toward the first destination and the second destination based on the bitstring and a predetermined bit selection order. The predetermined bit selection order causes a sequential delivery of the packet to the first destination and the second destination. After the packet arrives at the first destination, the method includes setting the first bit to zero in the bitstring and forwarding the packet through the one or more networks toward the second destination according to the updated bitstring. | 2018-09-27 |
20180278522 | SYSTEM AND METHOD TO FACILITATE CONTENT FORWARDING USING BIT INDEX EXPLICIT REPLICATION (BIER) IN AN INFORMATION-CENTRIC NETWORKING (ICN) ENVIRONMENT - A method is provided in one example embodiment and may include receiving a packet by a forwarder in an Information-Centric Networking (ICN) network; determining Bit Index Explicit Replication (BIER) information associated with the packet; and forwarding the packet based, at least in part, on the BIER information associated with the packet. The packet can be an interest packet or a data packet received by the forwarder in the ICN network. | 2018-09-27 |
20180278523 | Gigabit Router - A method includes receiving a data packet over one of a wireless communication link or a wired communication link from a user device in the local network. The data packet includes internet protocol (IP) address information. The method also includes determining whether the IP address information includes corresponding packet forwarding rules. When the IP address information includes corresponding packet forwarding rules, the method includes performing network address translation on the IP address information by mapping a source IP address from a private source IP address subnet to a public source IP address subnet, attaching the public source IP address subnet to the header of the data packet, and forwarding the data packet from the Ethernet switch to an external network port. The external network port is configured to connect the network routing device to the external network. | 2018-09-27 |
20180278524 | METHOD AND APPARATUS FOR RELAYING PACKET TRANSMISSION AND UPDATING NETWORK ADDRESS INFORMATION IN COMMUNICATION SYSTEM - A method to transmit and receive a packet in a bridge of a communication system is provided. The method includes receiving a first packet from a first network. The method also includes converting a medium access control (MAC) layer source address of the received first packet into a MAC address of the bridge. The method further includes transmitting the address-converted first packet to a node of a second network | 2018-09-27 |
20180278525 | Field Checking Based Caching of ACL Lookups to Ease ACL Lookup Search - In a network element cache operation is enhanced by extracting a set of fields from a packet, constructing a hash key from the extracted fields, and identifying a subset of the fields, wherein the field values thereof fail to exist in a set of classification rules. The hash key by is modified by masking the subset of the extracted fields. A hash lookup is performed using the modified hash key in a cache memory that stores a portion of the classification rules. The packet is processed responsively to the lookup. | 2018-09-27 |
20180278526 | ADDRESS CONVERTING DEVICE, INFORMATION PROCESSING SYSTEM, AND METHOD OF PROVIDING SERVICE - A device for converting an address, the device includes: a memory; and a processor coupled to the memory and configured to: receive a request packet of contents from a first information processing device; convert a first transmission source address included in the request packet to a second transmission source address by using a conversion table corresponding to a communication path of the request packet; and transmit the request packet to a second information processing device which determines whether to provide the contents based on the second transmission source address included in the request packet. | 2018-09-27 |
20180278527 | APPARATUS AND METHOD OF GENERATING LOOKUPS AND MAKING DECISIONS FOR PACKET MODIFYING AND FORWARDING IN A SOFTWARE-DEFINED NETWORK ENGINE - Embodiments of the present invention relate to a Lookup and Decision Engine (LDE) for generating lookup keys for input tokens and modifying the input tokens based on contents of lookup results. The input tokens are parsed from network packet headers by a Parser, and the tokens are then modified by the LDE. The modified tokens guide how corresponding network packets will be modified or forwarded by other components in a software-defined networking (SDN) system. The design of the LDE is highly flexible and protocol independent. Conditions and rules for generating lookup keys and for modifying tokens are fully programmable such that the LDE can perform a wide variety of reconfigurable network features and protocols in the SDN system. | 2018-09-27 |
20180278528 | METHOD AND DEVICE FOR DETECTING CONGESTION ON A TRANSMISSION LINK - Detection of the congestion on a link based on an exchange of messages between a sender and a receiver, one sender and several receivers or several senders and one receiver. This equipment is connected to the ends of a transmission channel. One of the items of equipment is designated as the master and the others slaves. These exchanges are aimed at enabling the master to calculate and compare the rate of the data send and the rate of the data received. A divergence in the rates calculated reveals a congestion on the link. All these exchanges are made in the application layer and therefore do not involve the underlying layers. | 2018-09-27 |
20180278529 | A GUI UPDATING METHOD AND DEVICE - A graphical interface update method and graphical interface update apparatus are provided. The method includes: determining a dirty region, the dirty region being a region that needs to be changed in a graphical interface; obtaining a drawing instruction, the drawing instruction indicating a drawing area; calculating an intersection set between the drawing area and the dirty region; and sending, to a user equipment, an instruction data stream indicating the intersection set, the user equipment updating the graphical interface according to the instruction data stream. | 2018-09-27 |
20180278530 | LOAD BALANCING SYSTEMS, DEVICES, AND METHODS - Embodiments regard load balancing data on one or more network ports. A device may include processing circuitry, the processing circuitry to transmit a first packet of a first series of packets to a destination device via a first port, determine a time gap between a first packet and a second packet of the first series of packets, and in response to a determination that the time gap is greater than a time threshold, transmit the second packet to the destination device via a second port. | 2018-09-27 |
20180278531 | METHOD AND APPARATUS FOR IMPLEMENTING LOAD SHARING - The present disclosure discloses a method and an apparatus for implementing load sharing. The method includes: for a congested first link on a first forwarding node, selecting, by a network device, a packet flow forwarded by using the first link; selecting a second link that may be used to forward the packet flow and that is not congested after available bandwidth of the second link is occupied by the packet flow, where the second link is a link between the first forwarding node and a second forwarding node; selecting a first hash gene corresponding to the second link; determining that a third link is not in a congested state after available bandwidth of the third link is occupied by the packet flow; and saving the first hash gene in a source node of the packet flow, where the third link is a link that is on the second forwarding node. | 2018-09-27 |
20180278532 | DYNAMIC ADVERTISEMENT ROUTING - Dynamic advertisement routing is disclosed. For example, a plurality of internet protocol (“IP”) addresses associated with respective plurality of target nodes is stored in a routing pool. Each IP address in the routing pool is pinged through each of first and second load balancer network interfaces. Network routes associated with target nodes are updated based on a first plurality of ping responses. Communications sessions are established with target nodes through respective network routes. IP addresses are pinged and respective latencies in a latency cache are updated based on a second plurality of ping responses. A first request directed to the plurality of target nodes is received and is determined to be sent to a first target node based on the latency cache forwarded to the first target node via the first network route. | 2018-09-27 |
20180278533 | REAL-TIME TRAFFIC ANALYSIS OVER MOBILE NETWORKS - A device can determine a set of flow characteristics associated with an encrypted traffic flow. The set of flow characteristics can include a cumulative length of payload packets included in the encrypted traffic flow, an average payload length of the payload packets, and a throughput associated with the encrypted traffic flow. The device can determine, based on the set of flow characteristics, whether the encrypted traffic flow is likely to be a video traffic flow. The device can cause the encrypted traffic flow to be managed based on whether the encrypted traffic flow is likely to be a video traffic flow. | 2018-09-27 |
20180278534 | APPLICATION TRAFFIC PAIRING - Systems, devices, and methods for reporting information in real time about traffic generated by each application for a device are described. In one aspect, the network can configure a list of applications user equipment (UE) devices need to report traffic information for and then when one of these applications starts a communication, the UE may send traffic descriptor(s) describing the traffic generated by the application. In this way the network can accurately identify the traffic and take actions based on UE report and local policy or subscription. | 2018-09-27 |
20180278535 | COMMUNICATION DEVICE, COMMUNICATION METHOD, AND STORAGE MEDIUM - According to an aspect of the present invention, a device includes a transmitter and receiver that transmits and receives communication packets to and from other device, and a processor. The processor receives a packet containing first information indicating a structure type of data from the other device via the transmitter and receiver and communicates data corresponding to the first information with the other device via the transmitter and receiver. | 2018-09-27 |
20180278536 | COMBINED PAUSE-RESUME AND CREDIT-BASED FLOW-CONTROL - A communication system includes a transmit (TX) device and a receive (RX) device. The TX device is configured to transmit data over a communication link. The RX device is configured to receive the data transmitted by the TX device over the communication link, to buffer the received data in an RX buffer, to assess a fill level of the RX buffer, to select, depending on the fill level of the RX buffer, either a pause-resume flow-control scheme or a credit-based flow-control scheme, and to apply the selected flow-control scheme in coordination with the TX device. | 2018-09-27 |
20180278537 | DATA COMMUNICATION DEVICE, METHOD FOR CONTROLLING DATA COMMUNICATION, AND PROGRAM - A data communication device includes: a reception unit that receives data from a transmission device; a transmission unit that transmits the data to a reception device; a setting unit that sets, when the reception unit starts to receive the data, an amount of the data received by the reception unit to an amount that is independent from a transmission speed of the data from the transmission unit to the reception device; an updating unit that updates the set amount to an amount that corresponds to the transmission speed after the reception unit has received the set amount of the data; and a suppression unit that interrupts the transmission device from transmitting the data until the transmission unit transmits the updated amount of the data after the reception unit has received the updated amount of the data. | 2018-09-27 |
20180278538 | SYSTEM AND METHOD FOR DYNAMIC QUEUE MANAGEMENT USING QUEUE PROTOCOLS - A system and method for efficiently processing and managing data stored in a queue. A processing device may process the data stored in the queue. Queue protocols can be applied to the queue to efficiently process and manage data stored in the queue. Queue protocols may facilitate efficient use of processing resources that process the data stored in one or more queues. A queue protocol may include at least a first protocol for facilitating transfer of data in the queue to another queue processed by another processing device or a second protocol for inhibiting transfer of data in the queue to another queue. | 2018-09-27 |
20180278539 | RELAXED RELIABLE DATAGRAM - Provided are systems and methods for reliable, out-of-order transmission of packets. In some implementations, provided is an apparatus configured to communicate with a network and a host device. The apparatus may receive messages from the host device at a send queue, where each message includes destination information. The apparatus may further determine, using the destination information and an identify of the send queue, a transport context associated with a destination on the network. The apparatus may further, for each message and using the transport context, generate a packet including the message and transmit the packet over the network. The apparatus may further monitor status for each transmitted packet. | 2018-09-27 |
20180278540 | CONNECTIONLESS TRANSPORT SERVICE - Provided are systems and methods for reliable, out-of-order receipt of packets. In some implementations, provided is an apparatus configured to communicate with a network and a host device. The apparatus may receive packets over the network at a receive queue. The packets may originate from a source on the network, and may be received out of order. The apparatus may further, for each received packet, identify a transport context associated with the source and a destination of the packet, and determine whether the packet can be accepted. Upon determining that the packet can be accepted, the apparatus may further identify the one receive queue at which the packet was received; determine a user application to receive the packet, transfer the packet from the one receive queue to a buffer in host memory, and identify an order in which the packet was received with respect to other packets. | 2018-09-27 |
20180278541 | Software-Defined Data Center and Service Cluster Scheduling and Traffic Monitoring Method Therefor - A software-defined data center (SDDC) and a service cluster scheduling and traffic monitoring method therefor. A software defined networking (SDN) controller implements a scheduling and decision function of load balancing. As a load balancer, the SDN controller follows a serving node load balancing principle, and customizes a packet forwarding flow table to instruct an edge switch to direct user traffic to a specified serving node. The SDN controller may monitor load of a serving node in a service cluster, execute a load balancing function of the load balancer according to a load monitoring result, and select a target virtual machine. Using the SDN controller as a load balancer, a dynamic expansion capability of the SDN may be multiplexed at a control layer, and a network resource of the SDN network may be multiplexed at a network forwarding layer. Implementation complexity is low, and investment costs are low. | 2018-09-27 |
20180278542 | AUTONOMOUS RESOURCE GOVERNOR IN DISTRIBUTED SYSTEMS FOR PROTECTING SHARED RESOURCES - Variety of approaches to provide an autonomous governor in a distributed system for preserving a shared resource are described. A hosted service initiates operations to provide the autonomous governor upon determining the shared resource to be managed. An initial lease count is designated to the shared resource. The initial lease count corresponds to an estimated capacity of the shared resource. Next, an assigned lease count is determined by incrementing or decrementing the initial lease count based on a detected actual capacity of the shared resource. Upon detecting a steady state of the assigned lease count, the assigned lease count is incremented to determine whether the actual capacity of the shared resource is increased. | 2018-09-27 |
20180278543 | METHODS, DEVICES AND SYSTEMS FOR MANAGING NETWORK VIDEO TRAFFIC - Aspects of the subject disclosure may include, for example, embodiments include receiving training data comprising historical states for network resources of a communication network. Further embodiments include generating a Riemannian geometry of the communication network according to the historical states for network resources. Each network resource is one of a vertex or an edge within the first Riemannian geometry. Additional embodiments include determining paths along the Riemannian geometry. Each path comprises at least one network resource. Also, embodiments include determining a velocity vector of each path according to at least one historical state. Embodiments include identifying a group of velocity vectors that generate a sub-geometry within the Riemannian geometry and provisioning a portion of network resources according to the group of velocity vectors and the sub-geometry. Other embodiments are disclosed. | 2018-09-27 |
20180278544 | ENABLING A TRADITIONAL LANGUAGE PLATFORM TO PARTICIPATE IN A JAVA ENTERPRISE COMPUTING ENVIRONMENT - A method, system and computer program is provided for enabling varying computer applications that are running in Enterprise Information System to send request to a cluster of Java Enterprise Server (J2EE server) cluster. One or more computers provide an application server environment including one or more servers operating within the application server environment to run an application. The computers create a cluster of resource adapters and create a cluster thread for each of the resource adapters to read a cluster port from configured properties, wherein the cluster thread for each of the resource adapters enables an enterprise information system to participate in a cluster of J2EE runtime servers. | 2018-09-27 |
20180278545 | SYSTEMS AND METHODS FOR COMMON POLICY PLATFORM - A converged small cell communication system includes a mobile network core, a data over cable service interface specification (DOCSIS) core, and a common policy platform for managing a service flow of a user equipment within a communication vicinity of the small cell communication system. The mobile network core includes a policy engine and a packet data network gateway (PGW). The DOCSIS core includes a packetcable multimedia (PCMM) unit having a policy server and an application manager, and a cable modem termination system (CMTS). | 2018-09-27 |
20180278546 | MANAGING DEVICES WITHIN A VEHICULAR COMMUNICATION NETWORK - A system for determining the servicing needs of a vehicle. In various embodiments, the system includes a remote server and a vehicle control module of the vehicle. The vehicle control module includes a first communication interface to enable communications with at least one vehicle device via a network fabric of the vehicle. The vehicle control module is configured to receive status data, from the vehicle device, relating to a performance status or operational status of the vehicle. The vehicle control module further includes a second communication interface that enables wireless communications with the remote server. The wireless communications include sending status data to the remote server. The remote server is configured to receive and interpret the status data to determine if the vehicle requires service, and send a response to the vehicle. When service is required, the response may cause the vehicle to provide a service indication. | 2018-09-27 |
20180278547 | METHODS AND APPARATUS RELATED TO A FLEXIBLE DATA CENTER SECURITY ARCHITECTURE - In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device. | 2018-09-27 |
20180278548 | END-TO-END, IN SITU PACKET ENRICHMENT FOR NETWORK ANALYTICS - End-to-end, in situ packet enrichment for network analytics includes receiving, at a network device is a part of an end-to-end path in a network, a template that specifies unique information elements to be added to a header of a packet traversing the network device when different combinations of network features are applied to the packet at the network device. When the network device applies one or more of the network features to the packet, the network device inserts one a particular information element of the unique information elements into the header of the packet based on the template and the one or more network features applied to the packet. The particular information element inserted into the header is resolvable to a list of the one or more network features applied to the packet at the network device. | 2018-09-27 |
20180278549 | SWITCH ARBITRATION BASED ON DISTINCT-FLOW COUNTS - A network switch includes circuitry and multiple ports, including multiple input ports and at least one output port, configured to connect to a communication network. The circuitry includes multiple distinct-flow counters, which are each associated with a respective input port and with the output port, and which are configured to estimate respective distinct-flow counts of distinct data flows received via the respective input ports and destined to the output port. The circuitry is configured to store packets that are destined to the output port and were received via the multiple input ports in multiple queues, to determine a transmission schedule for the packets stored in the queues, based on the estimated distinct-flow counts, and to transmit the packets via the output port in accordance with the determined transmission schedule. | 2018-09-27 |
20180278550 | Buffer Optimization in Modular Switches - In a packet network of ingress nodes and egress nodes connected by a fabric transmit queues are associated with a hash table that stores packet descriptors. When new packets are received in the ingress nodes, credits are obtained from the egress nodes that reflect capacities of the transmit queues to accommodate the new packets. The credits are consumed by transmitting at least a portion of the new packets from the ingress nodes to the egress nodes via the fabric and storing descriptors of the new packets in a hash table. In order to transmit the packets in order by sequence number, when a desired packet sequence number is found by a hash lookup, the new packet having that sequence number is forwarded through the egress nodes. | 2018-09-27 |
20180278551 | ADVANCED MESSAGE QUEUING PROTOCOL (AMQP) MESSAGE BROKER AND MESSAGING CLIENT INTERACTIONS VIA DYNAMIC PROGRAMMING COMMANDS USING MESSAGE PROPERTIES - A method and an information handling system (IHS) transform an initial message having an identified protocol format to an encapsulated message having an advanced message queuing protocol (AMQP) format. A dynamic message brokering (DMB) module interacts with an AMQP client application to generate a binding key and a routing key corresponding to message attributes of the initial message. The DMB module dynamically applies one or more of the binding key and the routing key to respective programming command modules, including a provider module, to generate an AMQP client message which is forwarded to an AMQP server. The AMQP server creates a queue for messages having attributes that are identifiable within the received client message, and uses the binding key to bind the queue to a specified exchange. The AMQP server routes the received client message to the queue, using the routing key, enabling subscribers to retrieve the messages. | 2018-09-27 |
20180278552 | ACCESSING CHAT SESSIONS VIA CHAT BOTS FOR MULTI-USER AUTHORIZATION OF TRANSACTIONS - A method for multi-user authorization of transactions via chat sessions is discussed. The method includes accessing, via a chat bot, a chat text in a chat session by a first chat application instance of a first device to a second chat application instance of a second device. The method includes determining, based on analysis of the chat text, onboarding intent of a transaction originating at the second device, the onboarding intent indicating that the transaction be performed at a payment system. Responsive to determining the onboarding intent, the method determines whether user of the first chat application instance has an account at the payment system. Responsive to determining that the user has the account at the payment system, communication is transmitted to the second device prompting the second device to authorize the chat bot to obtain authorization credentials, from the first device, for the transaction. | 2018-09-27 |
20180278553 | ANSWER MESSAGE RECOMMENDATION METHOD AND DEVICE THEREFOR - Provided are a device for transmitting an answer message including a display configured to display information, a communicator configured to receive a question message from another device, a processor configured to control the display to display graphics representing a plurality of pieces of recommendation information which are includable in an answer message for the received question message and relations between the plurality of pieces of recommendation information, and a user input unit configured to receive a user input that selects at least one of the plurality of pieces of recommendation information, wherein the communicator is further configured to transmit an answer message including the selected recommendation information to the another device according to the user input. | 2018-09-27 |
20180278554 | METHODS AND SYSTEMS FOR A BIMODAL AUTO-RESPONSE MECHANISM FOR MESSAGING APPLICATIONS - Systems and methods of automatically generating a proposed response to user input are provided. A method includes receiving, via a text-based messaging system, a plurality of messages from a user, determining a respective confidence level for each message of the plurality of messages that the respective message has a respective intent corresponding to a respective defined intent, generating, responsive to the defined intent of a first message of the plurality of messages being a structured intent, a first proposed communication from the structured intent, and generating, responsive to the defined intent of a second message of the plurality of messages being a predictive intent and the confidence level of the second message meeting a defined threshold, a second proposed communication from the predictive intent. | 2018-09-27 |
20180278555 | SHARED AND PER-USER BOT GROUP MESSAGING METHOD - Methods, apparatuses, and computing systems are provided for bot messaging. In an implementation, a method may include one or more of receiving, by a group messaging service coupled to the internet and a group including one or more user nodes, a message including a message address and a first group identifier, determining that the group includes a bot, the bot including a software application for performing one or more tasks over the internet. The method also includes determining whether the bot is a user bot responsive to one user node in the group or a group bot responsive to each of the one or more user nodes. In response to determining the bot is a group bot, the method also includes identifying that the message address corresponds to the group bot and sending, by the group messaging service, the message to the group bot. | 2018-09-27 |
20180278556 | BOT GROUP MESSAGING USING GENERAL VOICE LIBRARIES - Methods, apparatuses, and computing systems are provided for bot messaging. In an implementation, a method may include one or more of receiving, by a group messaging service coupled to the internet and a group including one or more user nodes, a message including recorded audio, a message address and a first group identifier, and determining that the group includes a bot, the bot including a software application for performing one or more tasks over the internet. The method may also include selecting a voice library to process the recorded audio, processing, by the selected voice library, the recorded audio to produce enhanced text, determining whether the bot is a user bot responsive to a user node in the group or a group bot responsive to each of the one or more user nodes, and sending, by the group messaging service, the enhanced text to the determined user bot or group bot. | 2018-09-27 |
20180278557 | BOT GROUP MESSAGING METHOD - Methods, apparatuses, and computing systems are provided for bot messaging. In an implementation, a method may include one or more of receiving, by a group messaging service coupled to the internet and a group, a message from a user node of the group. The message includes an address and an identification of the group and the user node. The method further includes determining that the group includes a bot, which includes a software application for performing one or more tasks over the internet. The method also includes identifying that the message address corresponds to the bot and sending, by the group messaging service, the message to the bot. | 2018-09-27 |
20180278558 | SMART POSITIONING OF CHAT HEADS - In particular embodiments, a client computing device of a user provides for presentation a user interface that includes one or more components. The client computing device may receive an indication of a message to the user. The client computing device may automatically modify the user interface to accommodate presentation of an interactive element associated with the message. The client computing device may modify the user interface at least in part by automatically modifying one or more of the components. The client computing device may automatically provide for presentation the user interface as modified and the interactive element associated with the message. | 2018-09-27 |
20180278559 | MESSAGING SYSTEM AND METHOD - A method of cross-platform messaging including receiving, by a messaging system, at least one initial message having a message format, an initial message layout and data indicative of at least one user associated with the at least one initial message, and before delivery to a destination communication device associated with the at least one user, converting, by the messaging system, an initial message into an adapted message, and facilitating, by the messaging system, delivery of the adapted message to the destination communication device. The adapted message is characterized by, at least, an adapted message layout, and the adapted message layout differs from the initial message layout in a characteristic associated with respective message layout such as number of media objects, a graphical image of a media object, a size of a placeholder related to a media object, and a location of a media object within a respective message layout. | 2018-09-27 |
20180278560 | METHODS AND APPARATUS FOR DETERMINING NON-TEXTUAL REPLY CONTENT FOR INCLUSION IN A REPLY TO AN ELECTRONIC COMMUNICATION - Methods and apparatus related to determining non-textual reply content for a reply to an electronic communication and providing the non-textual reply content for inclusion in the reply. Some of those implementations are directed to determining, based on an electronic communication sent to a user, one or more electronic documents that are responsive to the electronic communication, and providing one or more of those electronic documents for inclusion in a reply by the user to the electronic communication. For example, the electronic documents may be automatically attached to the reply and/or link(s) to the electronic documents automatically provided in the reply. | 2018-09-27 |
20180278561 | DOCUMENT PROCESSING - A method and system for processing a text message to be sent by electronic mail to a receiving address. A text message addressed to the receiving address is generated. The text message is analyzed and a content score value is assigned to categories. Context data values relating to the text message and to context categories is collected. A context score value for each context category is determined by comparing the context data values of the text message with context data threshold values and by comparing the content score value of the text message for each content category against content threshold values. A surprise factor value is calculated by comparing the context score values with the content score values. Based on whether the surprise factor value is ascertained to be greater than a specified surprise factor threshold value, the electronic mail is or is not sent to the receiving address. | 2018-09-27 |
20180278562 | GENERATING A STITCHED DATA STREAM - Systems and methods provide for a server computer to receive a plurality of messages from a plurality of user computing devices, each message of the plurality of messages comprising a data stream, determine a subset of messages of the plurality of messages associated with a similar geolocation and time period, determine a set of messages of the subset of messages based on a match score for each pair of messages, and stitch together the set of messages to generate a stitched data stream from the data streams for each message of the set of messages based on a time period for each message, wherein the stitched data stream comprises messages with data streams that overlap in time periods such that there may be more than one data stream for a given time period. | 2018-09-27 |
20180278563 | SYSTEMS AND METHODS FOR MESSAGING AND COLLABORATION - A messaging and collaboration system creates channels pertaining to respective resource objects, and provides users with access to channels in accordance with access controls of the resource objects. The messaging and collaboration system manages sub-conversations as channel threads. A messaging interface provides an organized view of the channels and threads to which are user has access, and ties such channels and/or threads to the resource objects to which they pertain. | 2018-09-27 |
20180278564 | System and Method for Indirect Messaging - A system and method are provided for sending a message from a sender to a recipient. The method comprises enabling the recipient to be identified for the message; enabling an intermediary to be identified for the message; and sending the message to the intermediary to have the intermediary send the message to the recipient on behalf of the sender without divulging an identity associated with the sender to the recipient. | 2018-09-27 |
20180278565 | PHOTO STIMULUS BASED ON PROJECTED GAPS/INTEREST - A method, system, and computer product for expanding diversity of images uploaded to a network site includes identifying a location of a user device, analyzing social media data corresponding to an area within a threshold distance of the location of the user device, identifying at least one location of interest (LOI) of the area based on an analyzed result of the social media data, determining whether there are one or more image gaps corresponding to the at least one LOI based on the analyzed result of the social media data, and suggesting the user device to take one or more images of the at least one LOI, responsive to a determining that there are the one or more image gaps exist for the at least one LOI. | 2018-09-27 |
20180278566 | APPARATUS AND METHOD FOR MAINTAINING MESSAGE DATABASES IN EVENTUAL CONSISTENCY DISTRIBUTED DATABASE SYSTEMS - A method and electronic device are provided for maintaining a message store having a plurality of messages includes maintaining at the electronic device a client bookmark indicating a point in the message store up to which the content of the message store maintained at the electronic device is known to be complete, and a maximum message identifier (ID) indicating the largest message identifier of the plurality of messages of the message store that the electronic device has received, sending to a server a sync request message for the message store, the sync request message including the client bookmark in response to determining at least one of the client bookmark and the maximum message ID do not match, and the electronic device connecting with the server after a period of being disconnected. | 2018-09-27 |
20180278567 | MESSAGE QUEUE MANAGER - Aspects provide message queue management as a function of processing time estimation, wherein a processor stores a message directed to a user from a messaging server in a distraction queue, and predicts a processing time required by the user to process the received message as a function of sender identity or of an identified message topic or type. The processor increments a processing time counter value for the distraction queue with the predicted processing time of the message, and notifies the user of the received message and all other messages currently saved to the distraction queue in response to determining that the incremented processing time counter value meets a threshold value. | 2018-09-27 |
20180278568 | SYSTEM AND METHOD FOR MULTI-LINGUAL NETWORKING AND COMMUNICATION - A method and system are provided that facilitate multilingual communication and international social networking. In one respect, the system and method allow individual social network users to instantly message, or chat, with others in the social network according to personally-selected filters. For example, a user may choose to filter others in the social network by age, gender, location, political preference, relationship status, and even hobbies and interests regardless of any personal acquaintance between the user and filtered members. In another respect, the system and method provide automatic and real-time translation of any text or messages conveyed over the social network so that each user may easily communicate with each other user, regardless of any usual language barriers. Translated text and messages may be further cached in electronically stored memory for ease of future translation. | 2018-09-27 |
20180278569 | NOTIFICATION SERVICE PROCESSING APPARATUS ON BASIS OF INTERNET MESSAGE TRANSMISSION AND OPERATION METHOD THEREFOR - Disclosed are an Internet-message-based notification service providing apparatus and an operating method thereof. The present invention may provide an apparatus and method capable of providing a notification message service for preventing financial fraud, to a user free of charge by using a currently widely used Internet-based message service. The present invention may also provide a technology capable of successfully providing a notification message to a user by re-sending the notification message in the form of a mobile text message if the user does not read the notification message sent to the user by using an Internet-based message service. | 2018-09-27 |
20180278570 | METHOD FOR DNS RESPONSE REORDERING BASED ON PATH QUALITY AND CONNECTION PRIORITY FOR BETTER QOS - Described embodiments provide systems and method for reordering the IP addresses within a DNS response. The servers associated with a domain can often be located across multiple locations. The paths from a client to each of those different servers can have different link qualities. Additionally, the connection between the client and the domain can have different quality requirements. The present solution can consider the link qualities and the connection quality requirements to reorder the IP addresses within a DNS response. By reordering the IP addresses, the system can control to which of the servers the client connects and can ensure that the connection is made over a path that can fulfill the connection's quality requirements. | 2018-09-27 |
20180278571 | AUTOMATED AUTONOMOUS SYSTEM BASED DNS STEERING - Network performance data, such as routing trip time between autonomous systems and data centers, is gathered and aggregated to determine optimal mappings of autonomous systems and data centers. Autonomous system based DNS steering may be automated by repeating a life cycle of determining the optimal mappings. Data delivery strategies are applied to a portion of a network to deliver content using the optimal mappings. | 2018-09-27 |
20180278572 | DELEGATION OF CONTENT DLIVERY TO A LOCAL SERVICE - Provided is a method for delegation of local content delivery service. The method includes receiving a Domain Name System (DNS) query from a client to resolve a domain name to a network address associated with content provider by a content provider, determining that distribution of the content has been delegated by a content provider to a local content server associated with an Internet Service Provider (ISP), and based on predetermined criteria, resolving the domain name to the local content server. The resolution can include responding to the DNS query with an answer from a caching server, and returning, to the client, the answer pointing to the local content server, wherein upon receiving the answer, the client can establish a data communication channel with the local content server. The content can be downloaded to the local content server upon a request received by a provisioning system associated with the ISP. | 2018-09-27 |
20180278573 | PUBIC SAFETY CAMERA IDENTIFICATION SYSTEM AND METHOD - A method for identifying network cameras is disclosed. The method includes receiving name of an organization, identifying a range of internet protocol (IP) address associated with the organization, querying each IP address in the range of the IP addresses, receiving a response from the IP addresses in response to the queries, verifying the received response is from a camera by obtaining an image file from the IP address and analyzing the image file, and adding IP address to a list of identified cameras. | 2018-09-27 |
20180278574 | DEVICE AND METHOD FOR FORWARDING CONNECTIONS - A method for forwarding a connection at an interconnecting device is described. The method includes receiving from an originating device an incoming connection at an incoming port, determining by at least one hardware processor whether port translation is implemented for the incoming port, in case port translation is implemented for the incoming port, returning to the originating device by the at least one hardware processor a challenge intended to distinguish humans from computers, verifying by the at least one hardware processor that a response received in response to the challenge is a correct response to the challenge, and, in case the response is is a correct response to the challenge, forwarding, by the at least one hardware processor, the connection to a translated port corresponding to the incoming port according to the port translation. | 2018-09-27 |
20180278575 | PERSISTENT WWN-FCID ASSIGNMENT SYSTEM - A persistent WWN-FCID assignment system includes a Fibre Channel (FC) networking device and a server device that sets a persistent WWN-FCID bit in a second fabric login that is directed to the FC networking device subsequent to a first fabric login that was directed to the FC networking device and that resulted in the assignment of an FCID to a WWN for the server device. An FC Forwarder (FCF) device is coupled to the FC networking device and the server device. The FCF device receives the second fabric login from the server device. In response to determining that the persistent WWN-FCID bit is set in the second fabric login, the FCF device sends the FC networking device a second fabric discovery corresponding to the second fabric login through a port that was used to send the FC networking device a first fabric discovery corresponding to the first fabric login. | 2018-09-27 |
20180278576 | COMMUNICATION APPARATUS AND RECORDING MEDIUM - A communication apparatus includes: a transmitting unit that is capable of transmitting data to a designated destination through any of plural communication interfaces; a storage unit in which plural pieces of destination information are stored; and a registration unit that registers a communication interface used for data transmission in advance for each of the plural pieces of destination information stored in the storage unit. | 2018-09-27 |
20180278577 | HIGH AVAILABILITY BRIDGING BETWEEN LAYER 2 NETWORKS - The technology disclosed herein enables high availability bridging between Layer 2 (L2) networks. In a particular embodiment, a method includes high availability bridge cluster comprising a first bridge node and a second bridge node. The first and second bridge nodes include first and second active bridges and first and second standby bridges, respectively. The method provides, in the first active bridge, bridging network communications between two or more L2 networks. The second standby bridge acts as a failover bridge for the first active bridge. The method further provides generating a failure detection message that incorporates a hardware address of the first bridge node and transferring the failure detection message from the first bridge node to the second bridge node. In the second standby bridge, the method provides receiving the failure detection message and using the hardware address to synchronize bridging information between the first active bridge and the second standby bridge. | 2018-09-27 |
20180278578 | SYSTEM AND METHOD TO PROVIDE DUAL MULTICAST LID ALLOCATION PER MULTICAST GROUP TO FACILITATE BOTH FULL AND LIMITED PARTITION MEMBERS IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT - Systems and methods for providing dual multicast local identifiers (MLIDs) per multicast group to facilitate both full and limited partition members in a high performance computing environment. In accordance with an embodiment, in order to avoid the need for the above special handling of P_Key access violations, as well as to ensure complete isolation between limited partition members in terms of multicast traffic, two MLIDs can be allocated to a single MCG, in accordance with an embodiment. A first MLID can be allocated and used by end-ports for sending from full partition members to both full and limited partition members. Additionally, a second MLID can be allocated and used by end-ports for sending from limited partition members to full partition members. Using this scheme, a limited partition member can avoid sending multicast packets to other limited partition members in the MCG. | 2018-09-27 |
20180278579 | METHOD AND SYSTEM FOR IMPLEMENTING A CLUSTER-WIDE COMMUNICATION OVER A SINGLE PORT - A method and a system for implanting a handshake between a source cluster having files replicated to a destination cluster, the system comprising: a source cluster having a plurality of nodes and replication manager; and a destination cluster having a plurality of nodes, a replication manager and single port manager which run on each node of the destination cluster, wherein the replication managers of the source and destination clusters are configured to replicate all files and processes on the nodes of the source cluster to the nodes of the destination cluster, wherein all replicated files and processes register with the single port manager, and wherein the single port manager is configured to communicate with the source cluster via a single port and to provide descriptors of the required replicated files and processes via a kernel. | 2018-09-27 |
20180278580 | DYNAMIC BYPASS OF TLS CONNECTIONS MATCHING EXCLUSION LIST IN DPI-SSL IN A NAT DEPLOYMENT - The present invention provides the initiation of a transport layer security (TLS) session between a client device and a server using a firewall without interruption. The present invention holds a TLS hello message received from the client device until after the server has been validated. A firewall consistent with the present invention does not interrupt a transport layer control (TCP) connection that was established between the client device and the firewall before the TLS hello message was received by the firewall. | 2018-09-27 |
20180278581 | Wireless Internet Product System - Low resource internet devices such as consumer electronics products connect to web service by means of a proxy method where the connected device does not need to maintain the expensive and fragile web service interface itself, but rather uses simple low level protocols to communicate through a gateway that executes software to translate a low level proprietary wireless protocol to a proprietary low level internet protocol that can pass through a firewall to proxy servers that translate the low level protocols thus presenting an interface that makes the internet device appear to have a full web service interface to enable communication between the internet devices and the web server. | 2018-09-27 |
20180278582 | DIGITAL MEDIA CONTENT DISTRIBUTION BLOCKING - A method and system for improving a digital media content transfer blocking process is provided. The method includes detecting a request for access to digital media content from a digital media provider system. Network traffic across the network is identified and it is verified that the digital media content is comprised by the network traffic. In response, investigation platform software code is executed and a database system associated with the digital media provider system is queried. A system determines if a legitimate connection based relationship exists between a user device and the digital media provider system and the digital media content is monitored. The digital media content is determined to be unauthorized for use by said user and in response the digital media content is disabled from executing functions with respect to the user device of a user. | 2018-09-27 |
20180278583 | HARDWARE-ACCELERATED PAYLOAD FILTERING IN SECURE COMMUNICATION - Computing systems, devices, and associated methods of managing secure communication using hardware accelerators are disclosed herein. In one embodiment, a method includes receiving a data request from a user kernel requesting to read a message stored in a buffer. In response to receiving the data request, transmitting to a processor, data representing a request to validate content in the message. The method also includes receiving from the processor, data representing a validation result containing an indication whether the content in the message is valid and a header size of the message. When the indication indicates that the content of the message is valid, a header of the message is removed from the message according to the header size in the validation result to extract the payload and providing the extracted payload to the user kernel. | 2018-09-27 |
20180278584 | Authenticating Access Configuration for Application Programming Interfaces - A system is configured to authorize client access to an application programming interface (API) of a host device. A proxy is configured to handle network traffic between a host and a client. Clients engage the host through the proxy to access an API of the host. An authorized client-side application permitted use of the API includes a Software Development Kit configured to generate a unique token and provide the token in association with an API request to the proxy. The proxy determines whether an interne protocol (IP) address of the client and the token match an existing IP-token pair. If no match exists, the proxy determines whether the token matches an existing token. The proxy authorizes the client access to the API when the IP and token match an existing pair or if the token does not match an existing token and the token is verified by the proxy. | 2018-09-27 |
20180278585 | SYSTEM AND METHOD FOR CHAT MESSAGING IN A ZERO-KNOWLEDGE VAULT ARCHITECTURE - A system and/or method includes facilitating secured chat messaging. An application module can derive a master password-based encryption key from a master password. The application module can generate a data key and encrypt the data key with the master password-based encryption key. The application module can generate a record key for encrypting chat messages of a chat thread and encrypt the record key with the data key. The application module can decrypt the chat messages in the chat thread with the record key, where the record key is decrypted with the data key, and where the data key is decrypted with the master password-based encryption key. The application module can display the decrypted chat messages. | 2018-09-27 |
20180278586 | KEYED HASH CONTACT TABLE - In an example, a method includes receiving a data package, the data package including a contact identification and a message payload; in response to determining that a key for the contact identification does not exist in a contact table: generating a key for the contact identification; and updating the contact table with the generated key to indicate an association between the key and the contact identification; calculating a hashed identification based on the generated key and contact identification; and associating the message payload with the hashed identification in a message table. | 2018-09-27 |
20180278587 | SYSTEM AND METHOD FOR CONTROLLING FEATURES ON A DEVICE - Trust between entities participating in an upgrade or enablement/disablement process is established and, to facilitate this remotely and securely, a highly tamper resistant point of trust in the system that is being produced is used. This point of trust enables a more efficient distribution system to be used. Through either a provisioning process or at later stages, i.e. subsequent to installation, manufacture, assembly, sale, etc.; the point of trust embodied as a feature controller on the device or system being modified is given a feature set (or updated feature set) that, when validated, is used to enable or disable entire features or to activate portions of the feature. | 2018-09-27 |
20180278588 | HARDWARE-ACCELERATED SECURE COMMUNICATION MANAGEMENT - Computing systems, devices, and associated methods of managing secure communication using hardware accelerators are disclosed herein. In one embodiment, a method includes receiving messages from a peer computing device via a computer network at a FPGA of a hardware accelerator and examining each of the received messages to determine whether the received messages contain application data. The method can then include forwarding a first subset of the received messages that do not contain application data to the processor for further processing and processing a second subset of the messages containing application data according to a security protocol without forwarding the second subset to the processor to reduce a consumption of bandwidth across the communications bridge. | 2018-09-27 |
20180278589 | Sending a Cryptogram to a POS While Disconnected From a Network - A system is configured for detecting a point of sale, receiving a personal identification number (PIN), generating a PIN based key using a message digest of the PIN, decrypting a data encryption key (DEK) using the PIN based key, and generating a DEK based dynamic key using the PIN based key. The system may also decrypt a session key using the DEK based dynamic key, generate a cryptogram from the session key, and send the cryptogram to the point of sale. | 2018-09-27 |
20180278590 | SECURITY SELF-AWARE SPECTROMETER - A security self-aware system for multi-bus spectrometers that ensures that only one ‘open’ or non-encrypted connection can be established, and that all other connections then must communicate over a TLS/SSL encrypted layer or not be connected is disclosed. | 2018-09-27 |
20180278591 | SYSTEMS AND METHODS FOR PROTECTING COMMUNICATIONS BETWEEN NODES - Systems and methods for protecting communications between at least two nodes protect the identity of a node requesting information, provide content of communications being sent and/or obscuring a type of communications being sent. Varying degrees of protection options including encryption, intermediate node termination and direct node communications are provided. | 2018-09-27 |
20180278592 | METHOD AND DEVICE FOR GENERATING ACCESS STRATUM KEY IN COMMUNICATIONS SYSTEM - In the communications system, a user equipment UE accesses a core network via a first network-side device by using a first air interface and connects to the first network-side device via a second network-side device by using a second air interface to access the core network. The method includes: acquiring, by the network-side device, an input parameter; calculating, by the network-side device, an access stratum root key KeNB* according to the input parameter and an access stratum root key KeNB on the first air interface, or using, by the network-side device, the KeNB as the KeNB*; and generating, by the second network-side device, an access stratum key on the second air interface according to the KeNB*, or sending, by the first network-side device, the KeNB* to the second network-side device. | 2018-09-27 |
20180278593 | SYSTEMS AND METHODS FOR REDUCING CYBER SECURITY INCIDENTS WITH INTELLIGENT PASSWORD MANAGEMENT - Systems and methods for reducing cyber security incidents in video surveillance and security systems with intelligent password management are provided. Some methods can include assessing a vulnerability of a current password for each of a plurality of cameras, responsive to detecting that the current password for at least one of the plurality of cameras is vulnerable, automatically generating an updated password for the at least one of the plurality of cameras, and assigning the updated password to the at least one of the plurality of cameras. | 2018-09-27 |
20180278594 | DISTRIBUTED AUTHENTICATION - Examples associated with distributed authentication are described. One example includes generating a paired public key and private key associated with a user. The private key is split into a set of shares, which are distributed to a set of devices associated with the user. A challenge is generated to authenticate the user to grant the user access to a resource upon receiving an authenticating response to the challenge. The challenge is distributed to members of the set of devices. Partial responses are received from members of the set of devices and combined into a group signature. The group signature serves as an authenticating response to the challenge when generated from partial responses received from a threshold number of members of the set of devices. | 2018-09-27 |
20180278595 | KEY CONFIGURATION METHOD, KEY MANAGEMENT CENTER, AND NETWORK ELEMENT - This application provides a key configuration method and an apparatus. A key management center obtains a service key, and performs encryption and/or integrity protection on the service key to obtain a token. The key management center sends the token to a first network element, the first network element forwards the token to a second network element, and the second network element obtains the service key based on the token. The service key is used to perform encryption and/or integrity protection on data transmitted between the first network element and the second network element. Therefore, security key configuration can be implemented through interaction between the key management center and the network elements, thereby laying a foundation for end-to-end security communication between the first network element and the second network element. | 2018-09-27 |
20180278596 | Distributed Key Secret For Rewritable Blockchain - A system includes circuitry for rewriting blockchains in a non-tamper-evident or tamper-evident operation using a key secret held in portions by multiple individually untrusted parties. The blockchains may include a series of blocks secured by integrity codes that may prevent non-tamper-evident rewrites by non-trusted parties that are not in possession of the key secret or individually-untrusted parties in possession of only a portion of the key secret. In some cases, multiple individually-untrusted parties may combine their portions into the key secret. As a group, the multiple individually-untrusted parties may perform non-tamper-evident operation with respect to at least one integrity code within the blockchain. | 2018-09-27 |
20180278597 | DOWNLOADABLE SECURITY AND PROTECTION METHODS AND APPARATUS - Methods and apparatus for control of data and content protection mechanisms across a network using a download delivery paradigm. In one embodiment, conditional access (CA), digital rights management (DRM), and trusted domain (TD) security policies are delivered, configured and enforced with respect to consumer premises equipment (CPE) within a cable television network. A trusted domain is established within the user's premises within which content access, distribution, and reproduction can be controlled remotely by the network operator. The content may be distributed to secure or non-secure “output” domains consistent with the security policies enforced by secure CA, DRM, and TD clients running within the trusted domain. Legacy and retail CPE models are also supported. A network security architecture comprising an authentication proxy (AP), provisioning system (MPS), and conditional access system (CAS) is also disclosed, which can interface with a trusted authority (TA) for cryptographic element management and CPE/user device authentication. | 2018-09-27 |
20180278598 | SECURE DOMAIN NAME SYSTEM - A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers provided. A verification component provides a versification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, provides an answer to the query to an authentication component. The authentication component then provides an authentication such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the receive answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication the verification component drops the answer. | 2018-09-27 |
20180278599 | USING AN IP MULTIMEDIA SUBSYSTEM FOR HTTP SESSION AUTHENTICATION - Disclosed is a method and system for utilizing an Internet Protocol Multimedia Subsystem (IMS) to authenticate an HTTP session between a communication device and an online application program. The method includes registering a communication device on an IMS, and generating an authorization token which is sent to the communication device. The communication device then embeds the authorization token in HTTP request communication directed to the IMS. The IMS, after verifying the authorization token, forwards the HTTP request and token to a selected Web server that hosts an online application to authenticate an HTTP session. | 2018-09-27 |
20180278600 | MULTI-FACTOR MASKED ACCESS CONTROL SYSTEM - A multi-factor authentication system supports a variety of password entry mechanisms (e.g., alphanumeric, visual, voice, etc.) that can be used to authenticate a user to access multiple application/website destinations. Example methods and systems include a real-time password generator that creates unique and complex passwords independent of Internet connectivity for multiple different service providers (e.g., third party applications, cloud services, websites, etc. that include user authentication) without storing the passwords in local or network memory (e.g., a password vault). In response to receiving a login request, a user device prompts the user to provide an access code, and generates a destination key based on a securely stored identifier code. The destination key can be re-generated using the stored identifier code and the access code. The same stored identifier code and the received access code can be used to regenerate different destination keys for different applications or services. | 2018-09-27 |
20180278601 | USING TEMPORARY CREDENTIALS IN GUEST MODE - A method may receive, over a network and at a host's media player that is logged in to a host's media account, a play request from a guest's device. The play request may include a request to play a guest's media item from the guest's media account and may be compliant with a first protocol. In response to receiving the play request, the method may initiate a guest mode on the host's media player, log out the host's media account, and securely store the host's credentials. The method may log in the guest's media account with fewer permissions than the host's permissions. The method may play the guest's media item and establish a connection between the host's media player and the guest's device in accordance with a second protocol. Upon completion of playback, the method may log out the guest's media account and log in the host's media account. | 2018-09-27 |
20180278602 | DESKTOP APPLICATION FULFILLMENT PLATFORM WITH MULTIPLE AUTHENTICATION MECHANISMS - A service provider system may include an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform. | 2018-09-27 |
20180278603 | CONTROL METHOD FOR AUTHENTICATION/AUTHORIZATION SERVER, RESOURCE SERVER, AND AUTHENTICATION/AUTHORIZATION SYSTEM - A server is provided that, according to an access token issuance request from a client, issues a first access token to be verified by a resource server, or a second access token to be verified by an authorization server based on a predetermined parameter for the issuance request. | 2018-09-27 |
20180278604 | METHODS AND APPARATUS FOR ESTABLISHING A SECURE COMMUNICATION CHANNEL - A method for establishing a secure communication channel between an off-card entity and an embedded Universal Integrated Circuit Card (eUICC) is provided. The method involves establishing symmetric keys that are ephemeral in scope. Specifically, an off-card entity, and each eUICC in a set of eUICCs managed by the off-card entity, possess long-term Public Key Infrastructure (PKI) information. When a secure communication channel is to be established between the off-card entity and an eUICC, the eUICC and the off-card entity can authenticate one another in accordance with the respectively-possessed PKI information (e.g., verifying public keys). After authentication, the off-card entity and the eUICC establish a shared session-based symmetric key for implementing the secure communication channel. Specifically, the shared session-based symmetric key is generated according to whether perfect or half forward security is desired. Once the shared session-based symmetric key is established, the off-card entity and the eUICC can securely communicate information. | 2018-09-27 |
20180278605 | PRIVACY CONTROLS FOR SENSITIVE DISCUSSIONS - Privacy controls may be implemented using a configurable system of risk categorization for resources, physical security, sensitivity of discussion topics, prioritization of content, and identification of intended participants, by receiving participant profiles including biometric data from a plurality of participants and meeting criteria including an attendance requirement from an initiator of a meeting, scheduling a meeting based on the participant profiles and meeting criteria, generating biometric data by a biometric sensor located at meeting spaces for any participants that attend the meeting, comparing the generated biometric data to the biometric data of the participant profiles of participants identified by the attendance requirement, determining whether the generated biometric data matches the biometric data of the participant profiles of the participants identified by the attendance requirement, and transmitting a message to a computing device of the initiator indicating an outcome of the determination and ensuring enforcement of privacy controls. | 2018-09-27 |
20180278606 | BIOMETRIC AUTHENTICATION OF INDIVIDUALS UTILIZING CHARACTERISTICS OF BONE AND BLOOD VESSEL STRUCTURES - Biometric authentication of a subject utilizing bone and/or blood vessel (vein or artery) structures is provided. A vertice profile is generated from a non-invasive, multi-dimensional image scan of a subject or a portion thereof. The vertice profile is generated by identifying relative locations of divots and peaks on a surface of a bone structure or by identifying branch intersections and traversals of blood vessels. Additional varication techniques can be used for proof of life (verification of human subject). If authenticated, access to physical or digital/virtual assets is allowed. | 2018-09-27 |
20180278607 | Device Credentials Management - A technology is described for resolving device credentials for a device. An example method may include receiving device credentials for management by a service provider. The device credentials may include authentication credentials and a device policy document that specifies permissions used to authorize resource actions requested by the device. In response to receiving a message requesting that a resource perform a resource action associated with the device, the device may be authenticated using the authentication credentials, and the resource action may be authorized using the permissions specified in the device policy document. | 2018-09-27 |
20180278608 | TERMINAL MANAGEMENT APPARATUS, TERMINAL MANAGEMENT SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A terminal management apparatus includes a connection unit that connects, through a network, to a terminal apparatus to be managed, an authentication unit that authenticates the terminal apparatus using predetermined authentication information, a specific state determination unit that determines whether a predetermined specific state, in which a normal connection is not established, has occurred in relation to the terminal apparatus, and a connection controller that controls data communication with the terminal apparatus on a basis of a result of the authentication performed by the authentication unit and a result of the determination made by the specific state determination unit. | 2018-09-27 |
20180278609 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING METHOD - An information processing apparatus includes a memory and a processor coupled to the memory and configured to: store personal identification information indicating a person and proxy identification information indicating a proxy who acts on behalf of the person by associating the personal identification information and the proxy identification information with each other; obtain the personal identification information from the memory, which stores the personal identification information and personal information of the person in association with each other, based on the proxy identification information presented by the proxy; obtain the personal information from the memory based on the personal identification information obtained from the memory; and output the personal information obtained. | 2018-09-27 |
20180278610 | Optimizing Data Replication Across Multiple Data Centers - Aspects of the disclosure relate to optimizing data replication across multiple data centers. A computing platform may receive, from an authentication hub computing platform, an event message corresponding to an event associated with the authentication hub computing platform. In response to receiving the event message, the computing platform may transform the event message to produce multiple transformed messages. The multiple transformed messages may include a first transformed message associated with a first topic and a second transformed message associated with a second topic different from the first topic. Subsequently, the computing platform may send, to at least one messaging service computing platform associated with at least one other data center different from a data center associated with the computing platform, the multiple transformed messages. In some instances, the event message may include information identifying a user account login event that occurred at the authentication hub computing platform. | 2018-09-27 |
20180278611 | SYSTEM AND METHOD FOR SECURING AN INTER-PROCESS COMMUNICATION VIA A NAMED PIPE - An information handling system operating a local inter-process communication securing system may comprise a memory and a processor executing machine readable code instructions of the local inter-process communication securing system performing a verification process of a candidate client application to instruct the candidate client application and a server application for which the local inter-process communication securing system acts as an API to establish a first named pipe having an endpoint address randomly generated by the local inter-process communication securing system, to receive a candidate client identification and a randomly generated string of alpha-numeric characters from the server application, and to instruct the server application to establish a first communication session, via the first named pipe, with the candidate client application upon determining the candidate client identification matches an authenticated client identification and that the randomly generated string of alpha-numeric characters is associated with the authenticated client identification, as stored at the local inter-process communication securing system, to verify that the candidate client application is the authenticated client application. Additionally, the authenticated client application may similarly verify a server application by only entering into the first communication session with the server application after receiving verification from a PKI that the server application is associated with a verified PKI certificate having an authentic signature. | 2018-09-27 |
20180278612 | TECHNIQUES FOR IMPLEMENTING A DATA STORAGE DEVICE AS A SECURITY DEVICE FOR MANAGING ACCESS TO RESOURCES - Techniques are disclosed for implementation of a data storage device as a security device for managing access to resources. These techniques can be implemented for multi-factor authentication (MFA) to provide multiple layers of security for managing access to resources in an enterprise and/or a cloud computing environments. As a security device, a storage device can be used a portable device to provide a point of trust for multi-factor authentication across any client application or device operated to access resources. A storage device may be configured with security data for authentication with an access management system. After configuration, a portable storage device may be used for authentication of a user without credential information at any client device based on accessibility of the device to the portable storage device. A storage device configured as a security device can ensure that legitimate users have an easy way to authenticate and access the resources. | 2018-09-27 |
20180278613 | SELF-DESTRUCTING SMART DATA CONTAINER - According to an embodiment of the present disclosure, a method is disclosed comprising receiving a request to access protected data stored in a smart data container. The method further comprises comparing a first device identifier associated with a first device from which the request to access the protected data stored in the smart data container was received to a second device identifier which uniquely identifies a second device that created the smart data container. The method further comprises allowing access to the protected data stored in the smart data container by the first device based on whether the first device identifier matches the second device identifier. | 2018-09-27 |
20180278614 | Access control of administrative operations within an application - A technique to implement access control from within an application begins by dynamically-generating a “management scope” for a transaction associated with a set of managed resources. The management scope is a collection of permissions defined by at least one of: a set of roles, and a set of resource administration rights, that are assigned to a first operator that issues the transaction. As the transaction executes, a request to alter the transaction is then received from a second operator. According to the technique, the management scope for the transaction and associated with the first operator is then evaluated against a management scope associated with the second operator. Upon determining the management scope associated with the first operator has a given relationship to the management scope for the second operator, the transaction is permitted to be altered in response to the request. The given relationship is scoped by one or more rules. | 2018-09-27 |
20180278615 | Cross Access Login Controller - Systems and methods here may be used for authorizing network access including using by a server computer with a processor and memory, for receiving, through the gateway support node, a request to access the first network associated with the gateway support node from a client device, wherein the request includes a client device identifier, sending a validation request of the client device identifier to the data storage server, receiving a validation response based on previously registered client device identifier information and previously registered credential information from a second network, from the data storage server and sending authorization approval to the gateway support node for the client device access request to the first network. | 2018-09-27 |
20180278616 | IN-VEHICLE COMMUNICATION SYSTEM, COMMUNICATION MANAGEMENT DEVICE, AND VEHICLE CONTROL DEVICE - An in-vehicle communication system includes vehicle control devices and a communication management device connected to a network. The communication management device includes: an abnormality detection unit that detects an abnormality and a kind of the abnormality on the basis of reception information received from any one of the vehicle control devices during communication between the vehicle control devices; an abnormality notification unit that notifies the other vehicle control devices of the kind of the abnormality in correspondence with the kind of the abnormality; and a transmission control unit that transmits the reception information to the other vehicle control devices in correspondence with the kind of the abnormality. The vehicle control devices execute a predetermined control in correspondence with the kind of the abnormality that is given in notification from the communication management device. | 2018-09-27 |
20180278617 | PREVENTING UNAUTHORIZED OUTGOING COMMUNICATIONS - A system, product and method for preventing unauthorized outgoing communications. The method comprises, in response to an attempt to transmit an outgoing communication by a transmitting software entity, obtaining a list of software entities which have performed Inter-Process Communication (IPC), directly or indirectly, with the transmitting software entity. The method further comprises for each software entity in the list of software entities, checking whether the software entity is an unauthorized software entity. In response to detecting an unauthorized software entity in the list of software entities, the outgoing communication may be blocked. As a result, the outgoing communication is prevented from being transmitted. | 2018-09-27 |
20180278618 | METHODS AND SYSTEMS FOR ESTABLISHING COMMUNICATION WITH USERS BASED ON BIOMETRIC DATA - Methods and systems are disclosed herein for establishing communication with users based on biometric data. For example, in response to determining that a user has a particular biometric state, the media guidance application may present an option to contact another user that is associated with that biometric state. | 2018-09-27 |
20180278619 | SYSTEMS AND METHODS FOR USER SPECIFIC DATA TRANSMISSION WITH IMPROVED DATA PROTECTION - In systems and computer-implemented methods for personal data transmission from a source computing device to a target computing device with improved data protection, the source computing device receives the personal data of a particular individual including one or more digital representations or more physical items. The physical items belong to an item selection of the particular individual. The source device generates a local data structure and stores the one or more digital representations in the local data structure. Upon receipt of a transmission request, a copy of the local data structure is sent to a buffer system and the local data structure is deleted from the source computing device. The target computing device receives login credentials from a user to access the target computing device, wherein the login credentials include a secret associated with the local data structure. The user is authenticated to grant access to the target computing device based on the received login credentials. The target computing device sends a retrieval request to the buffer system wherein the retrieval request is generated based on the login credentials to request the retrieval of the buffered data structure. In response to the retrieval request the target computing device receives a copy of the buffered data structure and grants access to the received data structure for the authenticated user, wherein the received data structure remains the only persisted copy of the data structure. | 2018-09-27 |
20180278620 | SEGREGATION OF PROTECTED RESOURCES FROM NETWORK FRONTEND - A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation. | 2018-09-27 |