40th week of 2021 patent applcation highlights part 71 |
Patent application number | Title | Published |
20210314241 | PROVISIONING SERVER FOR AUTOMATED DATA PROVIDER PROVISIONING AND ASSOCIATED METHODS - A provisioning server for automated provisioning and associated methods are disclosed. The provisioning server extracts data from a data transfer instruction for a data provider addition based on a matching data transfer instruction template, and parses the extracted data in accordance with the matching data transfer instruction template to identify an account identifier. Data transfer information for an identified data provider and an identified account identifier from a data provider database are determined. The data provider database comprises data provider information comprising data provider names for a plurality of data providers registered with the provisioning server. A data provider record is generated and stored in a data provider list of the account in an account database. The data provider record includes the identified data provider name, identified account identifier and the data transfer information. | 2021-10-07 |
20210314242 | CORRELATION SCORE BASED COMMONNESS INDICATION ASSOCIATED WITH A POINT ANOMALY PERTINENT TO DATA PATTERN CHANGES IN A CLOUD-BASED APPLICATION ACCELERATION AS A SERVICE ENVIRONMENT - A method implemented through a server of a cloud computing network including subscribers of application acceleration as a service provided therethrough includes detecting a point anomaly in real-time data associated with each network entity based on determining whether the real-time data falls outside a threshold expected value thereof, and representing the detected point anomaly in a full mesh Q node graph, with Q being a number of features applicable for the each network entity. The method also includes capturing a transition in the point anomaly associated with a newly detected anomaly or non-anomaly in the real-time data associated with one or more of the Q number of features via the representation of the full mesh Q node graph, and deriving a current data correlation score for the point anomaly across the captured transition via the representation of the full mesh Q node graph. | 2021-10-07 |
20210314243 | SYSTEM AND METHOD FOR NON-INVASIVE NETWORKED DEVICE INSPECTION BASED ON PASSIVELY-CAPTURED DEVICE TRAFFIC - A method for non-invasive network device inspection includes identifying a target device, and receiving, at a compute device: a copy of a first set of messages sent to the target device, and a copy of a second set of messages sent from the target device. The copy of the first set of messages and the copy of the second set of messages are stored as historical data. The device is then emulated, via a processor of the compute device, based on the historical data. The emulating includes receiving a signal encoding a request from a remote requestor, and comparing at least a portion of the request to at least a subset of the historical data, to determine a response representative of a response from the target device. | 2021-10-07 |
20210314244 | SYSTEMS AND METHODS FOR THERMAL MITIGATION OF USER EQUIPMENT - A device may receive a thermal report from a user equipment. The thermal report may indicate a temperature of the user equipment. The device may determine, based on the thermal report, whether the temperature of the user equipment satisfies a temperature threshold. The device may select a network action to reduce the temperature of the user equipment based on the temperature of the user equipment satisfying the temperature threshold. The device may perform the network action. | 2021-10-07 |
20210314245 | TECHNOLOGIES FOR DYNAMICALLY MANAGING RESOURCES IN DISAGGREGATED ACCELERATORS - Technologies for dynamically managing resources in disaggregated accelerators include an accelerator. The accelerator includes acceleration circuitry with multiple logic portions, each capable of executing a different workload. Additionally, the accelerator includes communication circuitry to receive a workload to be executed by a logic portion of the accelerator and a dynamic resource allocation logic unit to identify a resource utilization threshold associated with one or more shared resources of the accelerator to be used by a logic portion in the execution of the workload, limit, as a function of the resource utilization threshold, the utilization of the one or more shared resources by the logic portion as the logic portion executes the workload, and subsequently adjust the resource utilization threshold as the workload is executed. Other embodiments are also described and claimed. | 2021-10-07 |
20210314246 | DATA PACKET LOSS DETECTION - The representative embodiments discussed in the present disclosure relate to techniques with which data packet loss, such as Transmission Control Protocol (TCP) packet loss, may be detected. More specifically, in some embodiments, by detecting a TCP packet with an enabled selective acknowledgement (SACK) signal, the loss (e.g., drop) of an additional TCP packet may be determined. Moreover, using information included in the detected TCP packet, an operational efficiency of a cloud computing system and/or a component of the cloud computing system may be determined. | 2021-10-07 |
20210314247 | METHOD AND APPARATUS FOR CONTINUOUS INTEGRATION TESTING OF NETWORK ACCESS DEVICES - Disclosed herein are methods and apparatus for continuous integration testing of network access devices. A testing platform includes a virtual environmental library and a processor. The processor executes a test code, where the test code in cooperation with the virtual environmental library generates a virtual environment for testing a network access device loaded with a device code, the virtual environment includes virtual clients, a virtual service provider, and emulates communication interfaces and network message behavior for the virtual clients and the virtual service provider as perceived by the network access device, exercises the device code and the network access device by instructing the virtual clients and the virtual service provider to engage the network access device to perform defined activities, captures events in response to performance of the defined activities, evaluates the captured events against expected events, and outputs results including the captured events and pass/fail determinations. | 2021-10-07 |
20210314248 | UPDATING CONNECTION-TRACKING RECORDS AT A NETWORK EDGE USING FLOW PROGRAMMING - Some embodiments provide a method of performing stateful services that keeps track of changes to states of service nodes to update connection tracker records when necessary. At least one global state value indicating a state of the service nodes is maintained at the edge device. The method generates a record in a connection tracker storage including the current global state value as a flow state value for a first data message in a data message flow. Each time a data message is received for the data message flow, the stored state value (i.e., a flow state value) is compared to the relevant global state value to determine if the stored action may have been updated. After a change in the global state value relevant to the flow the method examines a flow programming table to determine if the flow has been affected by a flow programming instruction(s) that caused the global state value to change. | 2021-10-07 |
20210314249 | BORDER NODE TRAFFIC CONVERGENCE - Techniques for network routing border convergence are described. Backup paths for external connections for a network are established and provide for a temporary path for network traffic during network routing convergence, preventing traffic loss at network border nodes. | 2021-10-07 |
20210314250 | Auto re-segmentation to assign new applications in a microsegmented network - Systems and methods include, subsequent to performing auto segmentation on a network that includes a set of policies of allowable and block communications, observing communication between a plurality of hosts on the network; determining unassigned communication paths based on the observing that are either blocked because of a lack of a policy of the set of policies or because there is no policy of the set of policies for coverage thereof; and assigning the unassigned communication paths to corresponding policies of the set of policies. The assigning can be based on heuristics. The assigning can be performed without reperforming auto segmentation. | 2021-10-07 |
20210314251 | EDGE DEVICE WITH MULTIPLE ROUTING TABLES - Some embodiments provide a method for configuring an edge computing device to implement a logical router belonging to a logical network. The method configures a datapath executing on the edge computing device to use a first routing table associated with the logical router for processing data messages routed to the logical router. The method configures a routing protocol application executing on the edge computing device to (i) use the first routing table for exchanging routes with a network external to the logical network and (ii) use a second routing table for exchanging routes with other edge computing devices that implement the logical router. | 2021-10-07 |
20210314252 | USING APPLIED-TO FIELD TO IDENTIFY CONNECTION-TRACKING RECORDS FOR DIFFERENT INTERFACES - Some embodiments configure an edge forwarding element to perform service insertion operations to identify stateful services to perform for data messages received for forwarding by the edge forwarding element at multiple virtual interfaces of the edge forwarding element. The service insertion operation, in some embodiments, includes applying a set of service insertion rules. The service insertion rules (1) specify a set of criteria and a corresponding action to take for data messages matching the criteria and (2) are associated with a set of interfaces to which the service insertion rules are applied. In some embodiments, the action is specified using a universally unique identifier (UUID) that is then used as a matching criteria for a subsequent policy lookup that identifies a type of service insertion and a set of next hop data. | 2021-10-07 |
20210314253 | GENERATING FORWARD AND REVERSE DIRECTION CONNECTION-TRACKING RECORDS FOR SERVICE PATHS AT A NETWORK EDGE - Some embodiments provide stateful services in a chain of services identified for some data messages. The edge forwarding element receives a data message at a particular interface of the edge forwarding element that is traversing the edge forwarding element in a forward direction between two machines. The edge forwarding element identifies (1) a set of stateful services for the received data message and (2) a next hop associated with the identified set of stateful services in the forward direction and a next hop associated with the identified set of stateful services in the reverse direction. Based on the identified set of services and the next hops for the forward and reverse directions, the edge forwarding element generates and stores first and second connection tracking records for the forward and reverse data message flows, respectively used to forward data messages received subsequently for the flow. | 2021-10-07 |
20210314254 | MULTI-PATH ACCESS NETWORK - A method for providing multi-path network access to a client in a network includes, by a first circuitry; i) providing routing of packets between the network and a first access network; ii) providing forwarding of packets within the first communication network; iii) intercepting packets from the client node destined for a destination node outside the first communication network; iv) forwarding the intercepted packets to a multi-path agent within the first network; and by the multi-path agent: i) receiving the intercepted packets from the first routing circuitry; ii) transforming the intercepted packets to multi-path packets supporting a multi-path networking protocol; and iv) forwarding, the multi-path packets to the first and/or second routing circuitry for further routing. | 2021-10-07 |
20210314255 | DYNAMIC MULTIPATHING USING PROGRAMMABLE DATA PLANE CIRCUITS IN HARDWARE FORWARDING ELEMENTS - Some embodiments provide a novel method for adjusting a path for a packet flow from a source machine to a destination machine in a network. The method of some embodiments identifies a condition at a first forwarding element along a first path traversed by the packet flow through the network. The first path traverses through a hardware, second forwarding element before the first forwarding element. In some embodiments, the second forwarding element includes a programmable data plane circuit. The method, in some embodiments, uses an application programming interface (API) of the programmable data plane circuit to provide a set of parameters to the data plane circuit that cause the data plane circuit to forego selecting the first path to forward the packets of the packet flow to the destination machine and instead to select a second path, not traversing the first forwarding element, to the destination machine. | 2021-10-07 |
20210314256 | ROUTE EXCHANGE BETWEEN LOGICAL ROUTERS IN DIFFERENT DATACENTERS - Some embodiments provide a method for a first edge device in a first datacenter that implements a centralized routing component of a logical router that spans multiple datacenters and handles data traffic between a logical network implemented across the multiple datacenters and external networks. From a second edge device in a second datacenter, the method receives via routing protocol a route having a particular routing protocol tag. When the first datacenter is a primary datacenter for the logical router such that all data traffic between the logical network and the external networks is handled by one or more centralized routing components implemented at the first datacenter, the method uses the routing protocol tag to determine whether to advertise the received route to the external networks. | 2021-10-07 |
20210314257 | LOGICAL ROUTER IMPLEMENTATION ACROSS MULTIPLE DATACENTERS - Some embodiments provide a method for implementing a logical network across multiple datacenters. The method receives a configuration for a logical router that handles data traffic between the logical network implemented in the plurality of datacenters and networks external to the logical network. The method, for each datacenter defines (i) an active centralized routing component of the logical router in the datacenter and (ii) a standby centralized routing component of the logical router in the datacenter. The centralized routing components for a particular datacenter handle the data traffic between the logical network in the particular datacenter and the external networks. The active and standby centralized routing components are each assigned to edge computing devices in the datacenter that implement the centralized routing components. | 2021-10-07 |
20210314258 | PRIMARY DATACENTER FOR LOGICAL ROUTER - Some embodiments provide a method for implementing a logical router that spans multiple datacenters. The method receives a configuration for a set of logical switches and a logical router (LR) that (i) handles data traffic between data compute nodes (DCNs) connected to the logical switches and endpoints not connected to the set of logical switches and (ii) performs stateful services on the traffic. The DCNs include at least one DCN operating in each datacenter. For each datacenter, the method defines a centralized routing component (SR) for the LR for handling the traffic between the DCNs in the datacenter and the endpoints not connected to the set of logical switches. The method designates one of the SRs as a primary SR and the other SRs as secondary SRs. The secondary SRs forward traffic, received from DCNs in their respective datacenters and for which stateful services are required, to the primary SR. | 2021-10-07 |
20210314259 | AUTOMATIC CONFIGURATION AND CONNECTION OF HETEROGENEOUS BANDWIDTH MANAGED MULTICAST FABRICS - Techniques for utilizing Software-Defined Networking (SDN) controllers and network border leaf nodes of respective cloud computing networks to configure a data transmission route for a multicast group. Each border leaf node may maintain a respective external sources database, including a number of records indicating associations between a multicast data source, one or more respective border leaf nodes disposed in the same network as the multicast data source, and network capability information. A border leaf node, disposed in the same network as a multicast data source, may broadcast a local source discovery message to all border leaf nodes in remote networks to which it is communicatively coupled. A border leaf node may also communicate network capability information associated with one or more remote networks to a local SDN controller. The SDN controller may utilize the network capability information to configure a data transmission route to one or more destination nodes. | 2021-10-07 |
20210314260 | Method for using authenticated requests to select network routes - The present invention enables the selection of network routes based on a combination of traditional route table entries, identity policy information, and trust level information determined dynamically for each network session. This enables a network operator to apply different policies to network entities presenting differing identity credentials. It also allows network operators to block access to networks and network resources when identity credentials are not provided or are unauthorized. | 2021-10-07 |
20210314261 | SYSTEMS AND METHODS FOR IDENTIFYING CANDIDATE FLOWS IN DATA PACKET NETWORKS - A computer-implemented method and a transport manager system operate to reduce network congestion by detecting one or more data flows in a network, determining, using a candidate flow detection threshold, whether a data flow of the one or more data flows is a candidate flow, the candidate flow detection threshold being based on one or more characteristics of the one or more data flows, and in response to determining that the data flow is the candidate flow, managing the data flow. A consumption rate, a duration, a number of bytes communicated, a throughput, or aggregated characteristics of the one or more data flows may be used to determine the candidate flow detection threshold. | 2021-10-07 |
20210314262 | COMMUNICATION SYSTEM AND COMMUNICATION METHOD - A communication system ( | 2021-10-07 |
20210314263 | SCALABLE OVERLAY MULTICAST ROUTING - The disclosure provides an approach for reducing congestion within a network, the network comprising a plurality of subnets, the plurality of subnets comprising a plurality of host machines and a plurality of virtual computing instances (VCIs) running on the plurality of host machines. Embodiments include receiving, by an edge services gateway (ESG) of a first subnet of the plurality of subnets, membership information for a group identifying a subset of the plurality of host machines. Embodiments include receiving a multicast packet directed to the group and selecting from the plurality of host machines, a replicator host machine for the multicast packet. Embodiments include sending, to the replicator host machine, the multicast packet along with metadata indicating that the replicator host machine is to replicate the multicast packet to remaining host machines of the subset of the plurality of host machines identified in the membership information for the group. | 2021-10-07 |
20210314264 | METHOD AND APPARATUS FOR USER PLANE RESOURCE SELECTION FOR 5G CORE - A User Plane Function (UPF) of 5G Core network performs a search for the next hop in the data path, using utilities (e.g., Internet Control Message Protocol (ICMP) traceroute), and determines the capability of the next router and/or other hops in the path. The UPF updates (e.g., using the PATCH command) the Network Repository Function (NRF) with the gathered information. The UPF also updates the NRF the UPF's position in the current route, and the role(s) the UPF is playing at a given time, e.g., Branching Point (BP), Intermediate User Plane Function (I-UPF), and the like. The SMF is enabled to identify the UPF's capability for a given PDU Session. The selection of a given UPF for non-suitable roles can be prevented, and the UPF can be selected for those roles in which the UPF is more suitable at a given time. | 2021-10-07 |
20210314265 | POLICY-BASED PROXIMITY ROUTING - In some embodiments, a first network device in a first site sets a first IP address for an interface of the first network device to a value of a second IP address of a second network device in a second site. Policies are added in a policy table to cover IP addresses used in the second site and a specific route for a third IP address associated with a first workload migrated from the second site to the first site is added into a routing table. The first workload is on a stretched network that is coupled via a layer 2 channel. The policy table configures the first network device to send a second packet from the first workload to a third workload in the second site via the layer 2 channel when an IP address for the third workload does not match an eligible route in the routing table. | 2021-10-07 |
20210314266 | METHOD, APPARATUS AND SYSTEMS FOR SUPPORTING PACKET DELIVERY - The present invention provides methods, apparatuses and systems supporting in-order packet delivery during application relocation or UP (User Plane) path management events such as DNAI (Data Network Access Identifier) changes. In-order packet delivery may be enforced, ensured or supported by using an indication that in-order packet delivery is requested or required for a particular traffic flow of a UE during a user plane path management event. The methods may be performed by apparatuses implementing an application function (AF), a policy control function (PCF), a session management function (SMF), or UP entities such as PDU session anchors, of the communication network, or systems implementing a combination thereof. The SMF may configure UP entities to transmit packets and flow end markers to support in-order packet delivery and provide flow end marker information to the UP entities. The UP entities may signal path changes using flow end markers. | 2021-10-07 |
20210314267 | PACKET TRANSFER APPARATUS, METHOD, AND PROGRAM - Provided is a packet transfer apparatus configured to per form packet exchange processing for exchanging multiple continuous packets with low delay while maintaining fairness between communication flows of the same priority level. A packet transfer apparatus | 2021-10-07 |
20210314268 | USING MULTIPLE TRANSPORT MECHANISMS TO PROVIDE SERVICES AT THE EDGE OF A NETWORK - Some embodiments provide novel methods for providing different types of services for a logical network associated with an edge forwarding element acting between the logical network and an external network. The edge forwarding element receives data messages for forwarding and performs a service classification operation to select a set of services of a particular type for the data message. The particular type of service is one of multiple different types of services that use different transport mechanisms to forward the data to a set of service nodes (e.g., service virtual machines, or service appliances, etc.) that provide the service. The edge forwarding element then receives the data message after the selected set of services has been performed and performs a forwarding operation to forward the data message. In some embodiments, the method is also performed by edge forwarding elements that are at the edges of logical network segments within the logical network. | 2021-10-07 |
20210314269 | FILTERING NETWORK TRAFFIC FROM AUTOMATED SCANNERS - Methods, systems, and devices for filtering network traffic from automated scanner are described. A device (e.g., an application server) may receive an activity message associated with an interaction with an electronic communication message and identify, from the activity message, at least a source identifier of the activity message and one or more attributes associated with the electronic communication message. The device may then add the activity message to a mapping of source identifiers and attributes associated with previously received activity messages and classify the activity message as being associated with an automated scanner based on a comparison of the received activity message to the mapping over a previous time window. Upon classifying the activity message, the device may transmit a classification result to an external server. | 2021-10-07 |
20210314270 | DYNAMIC PACKET BUFFERING DURATION - Certain aspects of the present disclosure provide techniques for packet buffering. A method that may be performed by a receiving node includes dynamically determining one or more time durations to buffer packets. The one or more time durations can be different than a time duration of a configured timer for buffering the packets. The receiving node may input one or more parameters to a machine learning algorithm and obtain, as output of the machine learning algorithm based on the input one or more parameters, one or more time durations to buffer packets. The receiving node buffers packets for the determined one or more time durations. The receiving node may use machine learning to dynamically determine the one or more time durations to buffer packet. The buffering may be at a radio link control (RLC) reassembling buffer and/or a packet data convergence protocol (PDCP) buffer. | 2021-10-07 |
20210314271 | METHOD AND COMPUTING DEVICES FOR ENFORCING PACKET ORDER BASED ON PACKET MARKING - Method and computing devices for enforcing packet order based on packet marking. Upon occurrence of a link failure, a first device reallocates traffic initially forwarded through the failed link to an alternative link and marks the reallocated traffic with a first flag. Upon recovery of the failed link, the reallocated traffic is forwarded again through the recovered link and marked with a second flag different from the first flag. A second device calculates a reference inter-packet time for received traffic marked with the first flag. For received traffic marked with the second flag, the second device calculates a current inter-packet time. The current inter-packet time is compared with the reference inter-packet time, to determine if the traffic marked with the second flag shall be forwarded immediately or if the forwarding shall be delayed. | 2021-10-07 |
20210314272 | DEVICE, METHOD, AND SYSTEM THAT VIRTUALIZE A NETWORK - A virtual circuit in a network device reformats one or more incoming data streams at a non-predetermined data rate into one or more outgoing data streams at a predetermined data rate, thereby allowing multiple data streams with non-predetermined data rates that are less than the predetermined data rate to be combined and output from a single network port, and a single data stream with a non-predetermined data rate that is greater than the predetermined data rate to be split and output from two or more network ports. | 2021-10-07 |
20210314273 | ENABLING MULTI-TENANT VIRTUAL SERVERS IN A CLOUD SYSTEM - Methods and systems for generating and executing a database process are described. One example method includes receiving a request at the virtual server according to the infrastructure protocol, the infrastructure protocol configured to perform actions on virtual server resources; determining an application associated with the request; and performing one or more actions associated with the request using a set of application resources associated with the application. | 2021-10-07 |
20210314274 | MULTIMEDIA CONTENT STEERING - The disclosed computer-implemented method includes accessing information related to a playback session in which at least a portion of requested multimedia content is streamed over a network to a client electronic device. The method further includes accessing network topology information for the network to identify which route through the network was used to provide the requested multimedia content during the playback session, including indicating which end node was used to provide the multimedia content. Still further, the method includes accessing network steering factors that indicate why the requested multimedia content was steered through the identified network route, determining, based on the network steering factors, which end node would have been more suited to providing the requested multimedia content for the playback session, and then transferring the requested multimedia content to the determined end node for provisioning during subsequent playback sessions. Various other methods, systems, and computer-readable media are also disclosed. | 2021-10-07 |
20210314275 | IMPLEMENTING NETWORK CONSTRAINT EXCEPTIONS ON A PER DEVICE BASIS - Implementing network constraint exceptions on a per device basis is disclosed. A network manager determines that a subscriber device associated with a subscriber network is to be granted an exception to a network constraint of the subscriber network. An aggregation device that is coupled to a set of subscriber networks including the subscriber network is sent aggregation device instructions to grant the exception to packets associated with the subscriber device that flow through the aggregation device. A network gateway device that serves as a network gateway for the subscriber network is sent gateway device instructions to associate packets associated with the subscriber device with information for identifying the packets as being associated with the subscriber device. | 2021-10-07 |
20210314276 | SYSTEM AND METHOD TO CONTROL A CROSS DOMAIN WORKFLOW BASED ON A HIERACHICAL ENGINE FRAMEWORK - Provided are a system and method for controlling a workflow across domains on the basis of a hierarchical engine framework. Inventive workflow control makes it possible to configure a flexible hierarchical engine framework and provide a workflow service with low latency. Also, the system and method make it possible to control a workflow by building an engine and a data pipeline across domains. | 2021-10-07 |
20210314277 | USING ROUTER AS SERVICE NODE THROUGH LOGICAL SERVICE PLANE - Some embodiments facilitate the provision of a service reachable at a virtual internet protocol (VIP) address. The VIP address is used by clients to access a set of service nodes in the logical network. Facilitating the provision of the service, in some embodiments, includes returning a serviced data message to a load balancer that selected a service node to provide the service for the load balancer to track the state of the connection using the service logical forwarding element. To use the service logical forwarding element, some embodiments configure an egress datapath of the service nodes to intercept the serviced data message before being forwarded to a logical forwarding element in the datapath from the client to the service node, and determine if the serviced data message requires routing by the routing service provided as a service by the edge forwarding element. | 2021-10-07 |
20210314278 | COMMUNICATION SYSTEM AND COMMUNICATION METHOD - [Problem] Efficiently utilizing physical resources in a communication system that builds a virtual network based on various requirements. | 2021-10-07 |
20210314279 | COMPLETE AUTOZONING IN FIBRE CHANNEL SANS - An initiator emulator is implemented on a control plane of a switch fabric connected to target ports of a storage array having storage configured with logical partitions. After an initiator port of a server logs into the switch fabric and is blocked from discovering the target ports, the initiator emulator, acting as proxy for the initiator port, discovers information that indicates logical partition masking enforced at the target ports for the initiator port. The initiator emulator determines allowed (initiator (I), target (T)) (I, T) port combinations that should be allowed access via the switch fabric based on the information from the discovery. The initiator emulator configures the switch fabric with one or more zones based on the allowed (I, T) port combinations. The initiator emulator then sends to the initiator port an indication of a zone change to the switch fabric. | 2021-10-07 |
20210314280 | VIRTUAL NETWORK DEVICE - A virtual network device increases the effective number of local physical ports by converting each of the local physical ports into a plurality of virtual local physical ports, and the effective number of network physical ports by converting each of the network physical ports into a plurality of virtual network physical ports. | 2021-10-07 |
20210314281 | EFFICIENT PACKET RE-TRANSMISSION FOR EXPRESS DATA PATHS - A network packet is received from a network interface card (NIC). A determination is made, in view of a filter specifying handling of network packets, as to whether the network packet is to be modified. In response to determining that the network packet is to be modified, a portion of the network packet is modified in view of the filter. The modified portion of the network packet is provided to the NIC. | 2021-10-07 |
20210314282 | SYSTEMS AND METHODS FOR AGGREGATING USER SESSIONS FOR INTERACTIVE TRANSACTIONS USING VIRTUAL ASSISTANTS - Methods, apparatuses, and computer program products are described for aggregating user sessions for conversational exchanges using a virtual assistant. A user device can receive conversational inputs, convert the conversational inputs into textual strings, associate, based upon semantic analysis of different portions of the textual strings, a first network and a second network, and initiate, respectively, a first and second user session with a first response module of the first network and a second response module of the second network. The portions of textual strings can be transmitted to the first and second response modules via, respectively, the first and second user sessions. Once response fragments are received from the first and second response modules, the response fragments can be combined in a semantically suitable order to form a generated response. | 2021-10-07 |
20210314283 | SYSTEMS AND METHODS FOR COMMUNICATION ROUTING AND OPTIMIZATION AMONG MULTIPLE DISTRIBUTED LEDGERS - Systems and methods for communication routing among a plurality of distributed ledgers are disclosed. In one embodiment, in a distributed ledger routing engine comprising at least one computer processor, a method may include: (1) registering a plurality of participants, each participant associated with at least one distributed ledger; (2) storing identifying information for each of the participants, the identifying information identifying the at least one distributed ledger that the participant is associated; (3) receiving, from a messaging entity, a message for one of the participants; (4) identifying, from the identifying information, the distributed ledger with which the participant is associated; and (5) routing the message to a messaging service for the identified distributed ledger. The messaging service may write the message to its node in the identified distributed ledger. | 2021-10-07 |
20210314284 | EMOJI RESPONSE DISPLAY METHOD AND APPARATUS, TERMINAL DEVICE, AND SERVER - The present disclosure provides a method and an apparatus for displaying an emoji reply, a terminal device, and a server. The method includes: popping up an emoji box quickly in response to an operation performed by a user on a target chat message on a chat interface to pop up the emoji box, sending an emoji selected by the user from the emoji box to a server directly as an emoji reply; and displaying the emoji entered by the user and a user label on the target chat message in accordance with instruction information returned by the server. | 2021-10-07 |
20210314285 | GROUP CHAT INITIATING METHOD ON BASIS OF SHARED DOCUMENT, DEVICE AND APPARATUS THEREFOR, AND STORAGE MEDIUM - Disclosed is a chat initiating method, comprising: determining a first user account that accesses a shared document; obtaining a first identifier of a chat group inserted into the shared document; displaying, according to a state of whether the first user account has joint into the chat group, a group chat control corresponding to the state in the shared document, wherein the group chat control is used for joining the chat group or for displaying an interface of the chat group; and sending, in response to an operation on the group chat control, a corresponding group chat request. | 2021-10-07 |
20210314286 | SOCIAL PLATFORM WITH ENHANCED PRIVACY AND INTEGRATED CUSTOMIZATION FEATURES - Embodiments provide a social networking platform offering various services, such as, facilitating aggregation and management of a user's interaction on one or more social networking platforms, offering enhanced control over the level of privacy associated with the flow of user data, offering tools to customize the user's exposure to advertisement-related content on the social networking platform(s), integrating features to control aspects of how data/content is presented to and visualized by the user, empowering the user to multicast direct messages to other users without the other users having to meet certain constraints, empowering the user to create and/or join a group based on messaging threads, and the like. One or more of these enhanced services/features are associated with a powerful framework of authentication/permission model for access control. | 2021-10-07 |
20210314287 | OBTAINING SUMMARY CONTENT FROM SERVER - Systems and methods are provided for synchronizing messages. The systems and methods include operations for: accessing, by a server, a plurality of messages of a communication session implemented by a messaging application on a user device; generating, by the server, a summary of the communication session based on the plurality of messages; transmitting, by the server, data associated with the summary to the user device; and causing the user device to display of a summary view of the communication session based on the data received by the user device from the server. | 2021-10-07 |
20210314288 | SELECTIVE ARP PROXY - Some embodiments provide a method for proxying ARP requests. At an MFE that executes on a host computer operating at a first site to implement a distributed router along with at least one additional MFE at the first site, the method receives, from a router at a remote second site, an ARP request for an IP address associated with a logical switch that spans the first site and the remote second site, and to which both the distributed router and the router at the remote second site connect. The method determines whether a table that includes IP addresses for a set of DCNs that use the distributed router as a default gateway includes the IP address. When the IP address is in the table, the method proxies the request at the host computer. When the particular IP address is not in the table, the MFE does not proxy the request. | 2021-10-07 |
20210314289 | TUNNEL ENDPOINT GROUP RECORDS - Some embodiments provide a method for an MFE, in a first datacenter, to implement an LN spanning the first datacenter and a set of additional datacenters. The method stores records that each map one or more LN addresses for DCNs belonging to the LN and operating in the first datacenter to a different TEP address. The method stores an additional record that maps addresses for DCNs connected to a particular LFE of the LN and operating in the additional datacenters to a group of TEP addresses corresponding to LN gateways that handle data traffic for the particular LFE between the first datacenter and the additional datacenters. Upon receiving a data message with a destination address corresponding to a DCN connected to the particular LFE and operating in one of the additional datacenters, the method uses the additional record to identify a TEP address for encapsulating the data message. | 2021-10-07 |
20210314290 | DIRECTED MULTICAST BASED ON MULTI-DIMENSIONAL ADDRESSING RELATIVE TO IDENTIFIABLE LLN PROPERTIES - In one embodiment, a method comprises: receiving, by a root network device providing a DAG topology in a low power and lossy network (LLN), one or more multicast registration messages from an LLN device and identifying distinct properties of the LLN device; receiving, by the root network device, one or more multicast address group identifiers of one or more multicast streams to which the LLN device has subscribed, and associating the one or more multicast address group identifiers with the distinct properties; receiving a multicast message specifying one of the multicast address group identifiers; and generating, by the root network device, a directed multicast message having a multi-dimensional addressing data structure comprising a selected one of the distinct properties and the one multicast address group identifier, causing parent network devices in the DAG topology to selectively retransmit based on determining a child network device has the selected one distinct property. | 2021-10-07 |
20210314291 | LOGICAL FORWARDING ELEMENT IDENTIFIER TRANSLATION BETWEEN DATACENTERS - Some embodiments provide a method for a computing device that implements a first logical network gateway in a first datacenter to process data messages between data compute nodes (DCNs) belonging to the logical network and operating in the first datacenter and DCNs belonging to the logical network and operating in a second datacenter. From a host computer in the first datacenter, the method receives a logical network data message encapsulated with a first tunnel header including a first virtual network identifier corresponding to a logical forwarding element of the logical network. The method removes the first tunnel header and encapsulates the logical network data message with a second tunnel header include a second virtual network identifier corresponding to the logical forwarding element. The method transmits the logical network data message encapsulated with the second tunnel header to a second logical network gateway in the second datacenter. | 2021-10-07 |
20210314292 | APPARATUS AND METHODS FOR PROXY ADDRESS RESOLUTION PROTOCOL (ARP) SERVICE FOR MULTI-LINK OPERATION - Embodiments of the present invention are drawn to electronic systems capable of transmitting a group addressed frame that identifies an MLD according to an MLD MAC address. The group addressed frame can include an ARP request, for example, and can be transmitted by an AP MLD responsive to an individually addressed frame transmitted by a non-AP STA MLD associated with the AP MLD. The AP MLD can provide a proxy ARP service for associated non-AP STA MLDs. | 2021-10-07 |
20210314293 | METHOD AND SYSTEM FOR USING TUNNEL EXTENSIBLE AUTHENTICATION PROTOCOL (TEAP) FOR SELF-SOVEREIGN IDENTITY BASED AUTHENTICATION - Systems and methods enabling network authentication using a Blockchain-based construct of self-sovereign identity are described. The disclosed self-sovereign identity-based network authentication method system and methods allow for a peer to submit a distributed identity (DID) or a verifiable claim as a credential to a TEAP server for authentication within a TEAP framework. Disclosed system and methods integrate Blockchain and TEAP in a manner that does not require overhauling the authentication standard, or creating a completely new authorization framework or new TEAP mechanism. | 2021-10-07 |
20210314294 | SYSTEMS AND METHODS FOR PROVIDING COMMUNICATIONS BETWEEN ON-PREMISES SERVERS AND REMOTE DEVICES - A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information. | 2021-10-07 |
20210314295 | DATA PROTECTION AUTOMATIC OPTIMIZATION SYSTEM AND METHOD - A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting. | 2021-10-07 |
20210314296 | AUTOMATED CLASSIFICATION OF NETWORK DEVICES TO PROTECTION GROUPS - A method and system for aggregating into a unique aggregated group (AG), protection groups (PGs) that are possible classifications with at least a threshold probability for a same unique combination of IP addresses. The PGs and the unique combination of IP addresses are included in the AG. Each of the IP addresses of the unique combination of IP addresses have respective associated probabilities for each PG included in the AG. The method further includes selecting and providing for display AGs based on the probabilities associated with the respective IP addresses included in the AGs, and providing for display at least one interactive graphical element in association with each AG selected for display. User activation of one of the interactive graphical element accepts assignment of one or more selected IP addresses included in the AG to a selected one of the one or more PGs included in the AG. | 2021-10-07 |
20210314297 | SYSTEM AND METHOD FOR PROVIDING APPLICATION ISOLATION ON A PHYSICAL, VIRTUAL OR CONTAINERIZED NETWORK OR HOST MACHINE - A method for isolating applications on a network, the method including: denying network traffic access to applications sitting behind an Access Gateway Engine; receiving a username of a user that logs onto the network; extracting a source address associated with the username; retrieving a list of applications with which the username is permitted to communicate; extracting application destination information for each application of the list of applications; generating an access control policy for the username, the access control policy allowing the username having the source address to communicate with the list of application each of which having respective the destination information; the Access Gateway Engine allowing or denying the network traffic, originating from the username source address, access to the applications, according to the access control policy for the user. | 2021-10-07 |
20210314298 | Network-based Authentication Rule Cleaning and Optimization - Techniques and systems for optimizing and cleaning rules for network-based authentication transactions are provided herein. A network-based authentication system may determine a plurality of rules that were previously used to evaluate a plurality of transactions. The network-based authentication system may also generate a false positive rate for one or more of the plurality of rules, A cleaning coefficient for a first rule of the plurality of rules may be generated by the network-based authentication system. Based on the cleaning coefficient and the false positive rate, the network-based authentication system may identify one or more rules from the plurality of rules to eliminate from the plurality of rules. The network-based authentication system may eliminate the one or more rules to generate a modified set of rules. Using the modified set of rules, the network-based authentication system may authenticate a network transaction. | 2021-10-07 |
20210314299 | METHODS FOR REVALIDATING FQDN RULESETS IN A FIREWALL - A method comprises: in response to detecting a new expression in a policy rule, updating a global version number to a new value; identifying a particular IP address that corresponds to an FQDN matching on the new expression; storing an entry comprising the particular IP address, the new expression, and an entry version number in a first data structure, the entry version number being assigned the new value; in response to detecting a new connection to a destination IP address: finding a matching entry in the first data structure corresponding to the destination IP address; determining whether the global version number matches the entry version number for the matching entry; and in response to determining that the global version number does not match the entry version number for the matching entry, sending update information to a slowpath process that associates an updated configuration information for the matching entry. | 2021-10-07 |
20210314300 | ADMINISTRATIVE POLICY CUSTOM RESOURCE DEFINITIONS - Some embodiments of the invention provide a method for deploying network elements for a set of machines in a set of one or more datacenters. The datacenter set is part of one availability zone in some embodiments. The method receives intent-based API (Application Programming Interface) requests, and parses these API requests to identify a set of network elements to connect and/or perform services for the set of machines. In some embodiments, the API is a hierarchical document that can specify multiple different compute and/or network elements at different levels of compute and/or network element hierarchy. The method performs automated processes to define a virtual private cloud (VPC) to connect the set of machines to a logical network that segregates the set of machines from other machines in the datacenter set. In some embodiments, the set of machines include virtual machines and containers, the VPC is defined with a supervisor cluster namespace, and the API requests are provided as YAML, files. | 2021-10-07 |
20210314301 | Private service edge nodes in a cloud-based system for private application access - Systems and methods include, connecting to a first service edge node in a cloud-based system and obtaining one or more addresses each for one or more service edge nodes in the cloud-based system, wherein the one or more service edge nodes include public service edge nodes and private service edge nodes; connecting to a second service edge node of the one or more service edge nodes using the corresponding address; providing a request for an application to the second service edge node; and responsive to policy and accessibility determined via the cloud-based system, receiving access to the application via a connector adjacent to the application. | 2021-10-07 |
20210314302 | IMPLEMENTING A CLIENT-SIDE POLICY ON CLIENT-SIDE LOGIC - Techniques are described herein that are capable of implementing a client-side policy on client-side logic. The client-side policy is configured to support client-side hooks by configuring a rule in the client-side policy to be applied to the client-side logic, which is configured to be executed in a browser of a client device in a network-based system. The rule indicates an administrator-defined action to be performed in response to a request to execute the client-side logic. The administrator-defined action is defined by an administrator of the network-based system. The request to execute the client-side logic in the browser is received. The administrator-defined action is performed based at least in part on the rule in the client-side policy in response to receipt of the request. | 2021-10-07 |
20210314303 | APPLICATION AWARE TCP PERFORMANCE TUNING ON HARDWARE ACCELERATED TCP PROXY SERVICES - Described are platforms, systems, and methods for actuating transmission control protocol/Internet protocol (TCP/IP) through a method comprises: identifying a computer workload during a handshake process for establishing a network connection with a remote host; configuring, based on the computer workload, one or more TCP/IP parameters of the network connection; and completing the handshake process to establish the network connection with the remote host. | 2021-10-07 |
20210314304 | Network Monitoring Apparatus, and Remote Encryption and Remote Activation Method, Device and System Thereof - A network monitoring apparatus, and a remote encryption and remote activation method, device and system thereof are provided. The method includes the following steps: receiving an encrypted activation password sent by a client terminal; decrypting the encrypted activation password to obtain an original activation password; determining whether the original activation password meets a predetermined password strength requirement; when the original activation password meets the predetermined password strength requirement, activating the network monitoring apparatus and setting the original activation password as an administrator password; and returning information indicating that the network monitoring apparatus is successfully activated to the client terminal. A network monitoring apparatus, an encryption method of a network monitoring apparatus based on a client terminal, a client terminal, and a remote activation system based on a network monitoring apparatus are also provided. The present disclosure combines an asymmetric encryption mode and a symmetric encryption mode, so as to enhance a security of an activation process. | 2021-10-07 |
20210314305 | BLOCKCHAIN AUTONOMOUS AGENTS - A method of associating user identity with an autonomous agent embodied on a blockchain stored in a blockchain network, the method comprising the following steps: a user engaging in a user authentication process to obtain a set of one or more verified identity attributes of the user; computing an identity hash, by applying a hash function to input data comprising the set of verified identity attributes; and sending to the blockchain network a data package comprising the identity hash and an identifier of the autonomous agent; wherein the autonomous agent is embodied on the blockchain as program code and at least one associated state register for storing associated program state, and wherein the data package causes at least a portion of the autonomous agent's program code to be executed on a node of the blockchain network, which upon execution stores the identity hash in the at least one state register of the autonomous agent. | 2021-10-07 |
20210314306 | VIRTUAL TRANSPONDER UTILIZING INBAND TELEMETRY - Systems, methods, and apparatuses for a virtual transponder utilizing inband telemetry are disclosed. A disclosed method for a virtual transponder utilizing inband telemetry comprises receiving, by a vehicle, encrypted host commands from a host spacecraft operations center (SOC). The method further comprises receiving, by the vehicle via the host SOC, encrypted hosted commands from a hosted payload (HoP) operation center (HOC). Also, the method comprises reconfiguring a payload on the vehicle according to unencrypted host commands and/or unencrypted hosted commands. In addition, the method comprises transmitting payload data to a host receiving antenna and/or a hosted receiving antenna. In addition, the method comprises transmitting, by a host telemetry transmitter on the vehicle, encrypted host telemetry to the host SOC. Further, the method comprises transmitting, by the payload antenna, encrypted hosted telemetry to the HOC. | 2021-10-07 |
20210314307 | TRANSMITTING DEVICE AND TRANSMITTING METHOD, AND RECEIVING DEVICE AND RECEIVING METHOD - The present disclosure relates to a transmitting device and a transmitting method, and a receiving device and a receiving method which are capable of improving confidentiality and communication resistance in low power wide area (LPWA) communication. | 2021-10-07 |
20210314308 | IDENTIFIERS AND ACCESS TOKENS FOR PRIVACY IN CENTRALIZED ADDRESS MANAGEMENT - Identifiers and access tokens for privacy in centralized address management. In an embodiment, address information may be associated with a unique address identifier that can be used in place of the address information. For example, a user may register an address with his or her user account using the address identifier, rather than the address information. In addition, an organization may utilize the address identifier to obtain an access token that enables communication with the user at the associated address information. | 2021-10-07 |
20210314309 | DEVICE FOR PROVIDING IDENTIFICATION INFORMATION, AND SYSTEM FOR SAME - Disclosed is an electronic device including: a communication circuit set to communicate with at least one authentication server for providing an identification authentication service; and a processor, wherein the processor is set to: transmit, to the at least one authentication server, first identifying information corresponding to an object to which identification information is to be provided and second identifying information corresponding to the electronic device; receive, from the at least one authentication server, information about a first item among a plurality of items of the identification information, the information about the first item being determined at least partially on the basis of the first identifying information and the second identifying information; and display, through the display, information corresponding to a first value related to the first item among the plurality of items of the identification information in response to a successful user authentication. Various other embodiments comprehended through the specification are also possible. | 2021-10-07 |
20210314310 | SECURED LOGIN MANAGEMENT TO CONTAINER IMAGE REGISTRY IN A VIRTUALIZED COMPUTER SYSTEM - An example method of logging in an automation user to a container image registry in a virtualized computing system is described, the container image registry managing container images for deploying containers in the virtualized computing system. The method includes: receiving, at a credential manager in the container image registry, a login request from a service executing in the virtualized computing system representing the automation user, the login request for image access to the container image registry and including an automation token; authenticating the automation token as credentials of a robot account in the container image registry corresponding to the automation user; and authorizing the automation user as identified in the automation token of the login request in response to the robot account having privilege for the image access. | 2021-10-07 |
20210314311 | METHOD AND APPARATUS WITH PROVIDER INFORMATION ACCESS AUTHORIZATION - A method and apparatus with provider information access authorization are provided. The method includes receiving a single sign-on (SSO) token from a provider apparatus for a validated login request by a client device for a user account, wherein the SSO token is indicative of the provider apparatus having authorized secure protocol access with the provider apparatus to access information at the provider apparatus associated with the user account, retrieving customer information from the provider apparatus using the SSO token, receiving information from the client device, confirming whether, based on the information and the customer information that a user of the user account is eligible to complete a data exchange, and in response to a result of the confirming being that the user of the user account is confirmed eligible to compete the data exchange, cause the provider apparatus to process the data exchange corresponding to the information. | 2021-10-07 |
20210314312 | SYSTEM AND METHOD FOR TRANSFERRING DEVICE IDENTIFYING INFORMATION - Disclosed are various examples for transferring device identifying information during authentication. An enrollment request is received from a management component executed by a client device. A management service generates a unique device identifier for the client device and embeds it within a certificate to generate a device-identifying certificate. The management service instructs a certificate authority service to generate a public key that includes the unique device identifier and a private key for the client device, and provides the device-identifying certificate and the private key to the client device. | 2021-10-07 |
20210314313 | CERTIFICATE ISSUING SYSTEM BASED ON BLOCK CHAIN - The present invention provides a certificate issuing system based on a block chain, the system having a means for directly generating a certificate-specific public key and a certificate-specific private key in a user terminal operated by a user, guiding the certificate-specific public key and the certificate-specific private key so as to be generated in a state in which a network in the user terminal is blocked, and eliminating the costs incurred for constructing, operating, and maintaining the certificate issuing system having a high-grade security system linked therewith so as to block hacking, which occurred in the past, as much as possible, since the certificate-specific public key requiring maintenance is stored and managed in an electronic wallet, installed in servers that hold block chains, through a peer-to-peer network (P2P)-based distributed database, not by a server run by a certificate authority (CA). | 2021-10-07 |
20210314314 | DATA AGGREGATION USING A LIMITED-USE CODE - Apparatuses, methods, systems, and program products are disclosed for data aggregation using a limited-use code. An apparatus includes a message module configured to intercept a message comprising a limited-use code. A message may be sent from a third-party server and intended for a user of a hardware device. A limited-use code may be used to verify an identity of a user for access to a third-party server. An apparatus includes a parse module configured to parse a message to determine a limited-use code. An apparatus includes a submission module configured to provide a limited-use code to a third-party server without user input. An apparatus includes an authorization module configured to prompt a user for authorization prior to intercepting a message, parsing the message for a limited-use code, and providing the limited-use code to a third-party server without user input. | 2021-10-07 |
20210314315 | SMART SECURITY STORAGE SYSTEM - Security functions for a memory corresponding to a smart security storage may be facilitated or executed through operation of utility application corresponding to a smart device. For example, encryption/decryption of data stored on the memory may be facilitated or executed by a security module under control of an access application corresponding to the smart device. Data securely stored on the memory may be explored and accessed by the smart device or a host computing device under control of the access application. | 2021-10-07 |
20210314316 | LOCAL ENCODING OF INTRINSIC AUTHENTICATION DATA - A device includes a processor, a machine-readable memory, and an optical capture device coupled to the processor. The processor generates a unique identifier of an object in view of the capture device. The unique identifier includes encoded information to locate a region of interest on the object, and a digital fingerprint extracted from the region of interest, locally encoding intrinsic authentication data of the object in the unique identifier. A reverse process for identification and or authentication of an object may be implement by locating an identifier on an object, recovering encoded information from the identifier, using that information to locate a region of interest, digital fingerprinting the located region of interest, and comparing the digital fingerprint to the digital fingerprint encoded in the unique identifier to obtain and present a result, without reliance on any exogenous database. | 2021-10-07 |
20210314317 | Biometric One Touch System - Embodiments disclosed herein generally related to a system and method of authenticating a user with a third party server. In one embodiment, a method is disclosed herein. A computing system receives, from a remote client device of the user, a token. The token includes personal identification information and a digitized file of a biometric captured by a biometric scanner. The computing system identifies via the personal identification information that the user has a user account. The computing system queries a database with the personal identification information and the digitized file to determine whether the biometric matches a stored biometric in the user account. Upon determining that the biometric matches the stored biometric, the computing system generates a message to be transmitted to the third party server that authenticates the user. The computing system transmits the message to the third party server. | 2021-10-07 |
20210314318 | SYSTEMS AND METHODS FOR MULTI-LEVEL AUTHENTICATION - A system described herein may provide for multiple levels of authentication, such that a User Equipment (“UE”) may receive secure content from an application server, which may include or may be implemented by a multi-access edge computing (“MEC”) system. As described herein, a user associated with a UE may register the UE and/or a particular application with an authentication system and/or the application server. The registration of the UE and/or the application may establish a “trust” relationship between the authentication system and the UE, such that a user-level authentication performed by the UE, such as biometric authentication, may be accepted by the authentication system and/or the application system as an authentication of the user. | 2021-10-07 |
20210314319 | SETTING UP A CONNECTION - The invention relates to a method for setting up a communication connection to a server for a requesting network device. The method comprises: receiving reference authentication data; storing the reference authentication data; comparing received the authentication data of the requesting network device to the reference authentication data; requesting a communication connection from the server; and generating an acknowledgement signal to the requesting network device, the acknowledgement signal indicating the requesting network device an acceptance to connect to the server and a network address to be used for the connection, receiving a connection request from the network device; and combining the connection request with the communication connection set up between the authentication server and the server. The invention also relates to an authentication server device, a communication system, and a computer program product. | 2021-10-07 |
20210314320 | AUTHENTICATION USING CREDENTIALS SUBMITTED VIA A USER PREMISES DEVICE - An authentication system can be operable to receive from a user premises device credentials associated with a user identity, wherein the user premises device can also be operable to monitor and control a premise of the user identity. The authentication system can process the credentials and transmit an authentication verification to an on-line system to enable access to the on-line system by a user equipment of the user identity. The authentication system can be used as a factor (or additional factor) of authentication, for example, to gain sooner access to an on-line system that has locked out a user identity in response to a personal denial of service (PDoS) attack. | 2021-10-07 |
20210314321 | BLOCKCHAIN-BASED SERVICE PROCESSING METHODS, APPARATUSES, DEVICES, AND STORAGE MEDIA - Disclosed herein are methods, systems, and apparatus, including computer programs encoded on computer storage media, for blockchain-based service processing. One of the methods includes receiving a service processing request by a first service processing platform from a first user. The first service processing platform is one of a plurality of service processing platforms that access a blockchain network, and service data of the first user is shared between the plurality of service processing platforms over the blockchain network. In response to a determination that the service processing request involves a second service processing platform of the plurality of service processing platforms, it is determined whether the service processing request is permitted to be executed. In response to determining that the service processing request is permitted to be executed, the service processing request is executed over the blockchain network. | 2021-10-07 |
20210314322 | METHOD, APPARATUS, SYSTEM AND STORAGE MEDIUM FOR ACCESS CONTROL POLICY CONFIGURATION - The present disclosure relates to a method, apparatus, system and storage medium for access control policy configuration. The method includes receiving a request for creating a target resource; determining, based on the request, whether an access control policy inheritance attribute is set for the target resource, the access control policy inheritance attribute indicating an inheritance relationship between access control policies of the target resource and its parent resource; and configuring the access control policy of the target resource according to a result of the determination. Thus, the efficiency of configuring an access control policy for a resource is improved. | 2021-10-07 |
20210314323 | DYNAMIC AUTHENTICATION AND AUTHORIZATION MECHANISMS - A computing system architecture includes a token generator communicable with a client token agent. The client token agent is communicable with a client database access agent. A database management system is communicable with the token agent. The database management system is communicable with the client database access agent. A client authorization management system is communicable with the database management system. The client authorization management system stores a list of authorized operations for a client. The list of authorized operations is configured to be changeable during a client login session. | 2021-10-07 |
20210314324 | DIGITALLY SECURE TRANSACTIONS OVER PUBLIC NETWORKS - A method, computer program product, and a system where a processor(s) obtains, via a web interface, from a client, over a public network connection, a request to register for a financial transaction; a smart contract comprises the requested financial transaction. The processor(s) maps the client to a pre-defined security profile based on a security level associated with the security profile. The processor(s) selects, based on the security level, encryption keys from a repository and security codes. The processor(s) executes an encryption script, to automatically encrypt the contents of the smart contract utilizing the encryption keys and the security codes and by embedding SafeMath library codes in the smart contract. | 2021-10-07 |
20210314325 | Graphical User Interface and Operator Console Management System for Distributed Terminal Network - A graphical user interface (GUI) and operator console management system for a distributed terminal network is described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations. | 2021-10-07 |
20210314326 | SYSTEMS AND METHODS FOR DIFFERENTIATED IDENTIFICATION FOR CONFIGURATION AND OPERATION - A differentiated identification system facilitates dynamically differentially morphed access for one or more requesters. The system receives an access request including at least one differentiable voucher from a requester and assesses the type of the received access request by considering the access request, the differentiable voucher and one or more semblances. The system then dynamically differentially morphs an access to one or more service or data based on the assessment of the access request type, enabling the system to provide the requester with dynamically differentially morphed access to the one or more service or data. | 2021-10-07 |
20210314327 | Method and Aparatus for Providing an Adaptable Security Level in an Electronic Communication - A method of communicating in a secure communication system, comprises the steps of assembling a message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient. | 2021-10-07 |
20210314328 | Customized View Of Restricted Information Recorded Into A Blockchain - Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level. | 2021-10-07 |
20210314329 | SYSTEMS, METHODS, AND MEDIA FOR AUTHORIZING EXTERNAL NETWORK ACCESS REQUESTS - Mechanisms for authorizing requests to access a resource are provided, the methods comprising: receiving a request to access the resource at a hardware processor from an Internet Protocol (IP) address; determining whether a rule applies to the request to access the resource; in response to determining that a rule does not apply to the request to access the resource, sending a request for authorization; receiving a response to the request for authorization; and in response to the response to the request for authorization indicating that access is authorized, providing a connection to the resource. | 2021-10-07 |
20210314330 | Enhanced Email Service - An enhanced email service that mitigates drawbacks of conventional email services by enabling transmission of encrypted content to a recipient regardless of the recipient having a prior relationship with the sender or having credentials issued from a certificate authority. A method is provided for receiving encrypted content and generating a message includes both the encrypted content as an attachment and a link to enable access to the encrypted content. The method may include transmitting the message to an intended recipient's mailbox while also storing the message in another mailbox to provide for subsequent decryption of the encrypted content. The link may provide the intended recipient of the message with access to the encrypted content in various ways depending on, for example, whether the recipient is viewing the message through a webmail browser or through a local mail client that is compatible with the enhanced email service. | 2021-10-07 |
20210314331 | SECURE IDENTITY VERIFICATION MARKETPLACE USING HASHED DATA AND FORWARD HASHING SEARCH FUNCTIONS - There are provided systems and methods for a secure identity verification marketplace using hashed data and forward hashing search functions. A service provider, such as an electronic transaction processor or other entity that may provide an online platform, may provide an online marketplace accessible by identity verification data bureaus, as well as entities requiring identity verification or other entities. The bureaus may utilize an SDK provided by the service provider to has their identity data and upload to the marketplace with metadata explaining the underlying identity verification data. This may be done so the underlying data is not revealed to the service provider or other entities without purchase and/or request to the bureau. When an entity searches for the data, a forward hashing function may determine hashes of different variations of the search query, which may be used to locate matching data. | 2021-10-07 |
20210314332 | Graph-Based Classification of Elements Such as Files Using a Tool Such as VirusTotal - A method of determining the level of maliciousness of an element using a directed hypergraph to classify the element based on information aggregated from its locally identified close neighbors, queried in a data base such as VirusTotal (VT). A crawling procedure is used starting from elements needing classification and collecting a set of their neighbors forming neighborhoods. These neighbors are then used to classify the elements. The neural network classifier is able to obtain as input an entire neighborhood. The input includes several feature vectors, one for each element in the neighborhood. In addition, a mapping of interconnections can be provided for each group of elements. Finally, a maliciousness level is provided for the elements in question. For an incriminated file one or more actions can be taken, such as isolating a machine that received the file, killing processes started by the file, removing persistence of the file on the network or affected computer, cleaning infected samples, modifying risk assessment for computer or network, generating a report, collecting additional artifacts, triggering a search for related elements, blocking a user from taking actions and sending information to other IT or security systems. For other element types, some of the above actions are applicable as well. In addition, there are other actions specific to particular element types, e.g. blocking an IP address or a web domain from network access, restricting user authorization, blocking access to an external device, shutting down computers, erasing memory devices, filtering e-mail messages, and many more. | 2021-10-07 |
20210314333 | CHURN-AWARE MACHINE LEARNING FOR CYBERSECURITY THREAT DETECTION - Churn-aware training of a classifier which reduces the difference between predictions of two different models, such as a prior generation of a classification model and a subsequent generation. A second dataset of labelled data is scored on a prior generation of a classification model, wherein the prior generation was trained on a first dataset of labelled data. A subsequent generation of a classification model is trained with the second dataset of labelled data, wherein in training of the subsequent generation, weighting of at least some of the labelled data in the second dataset, such as labelled data threat yielded an incorrect classification, is adjusted based on the score of such labelled data in the prior generation. | 2021-10-07 |
20210314334 | Content-Based Application Security for Distributed Computing System - A computer-implemented method of monitoring security of a set of computing devices in a distributed system, the distributed system having a plurality of computing devices, in communication with one another over a network, by a security software running in a computer node. The method includes comparing an app signature of the application running in a selected one of the set of computing devices to a reference app signatures generated from a respective functional replica of the application. | 2021-10-07 |
20210314335 | SECURED AUTOMATED OR SEMI-AUTOMATED SYSTEMS - Secured automated or semi-automated systems are provided herein. In one embodiment, a sensor system includes a sensor, a legacy computing environment that is configured to communicate with the sensor and process sensor raw data output, and transmit the processed sensor output to a first network node over the network, and a trusted computing environment configured to receive raw sensor output directly from the sensor and transmit the raw sensor output to an additional network node or the first network node over the network. | 2021-10-07 |
20210314336 | UNAUTHORIZED FRAME DETECTION DEVICE AND UNAUTHORIZED FRAME DETECTION METHOD - An unauthorized frame detection device that can keep an unauthorized ECU from spoofing as a legitimate server or client while suppressing an overhead during communication is provided. The unauthorized frame detection device includes a plurality of communication ports corresponding to the respective of networks, a communication controller, and an unauthorized frame detector. The plurality of communication ports are each connected to a corresponding predetermined network among the plurality of networks and each transmit or receive a frame via the predetermined network. The unauthorized frame detector determines whether an identifier of a service, a type of the service, and port information that are each included in the frame match a permission rule set in advance and outputs a result of the determination. | 2021-10-07 |
20210314337 | LATERAL MOVEMENT CANDIDATE DETECTION IN A COMPUTER NETWORK - A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data. | 2021-10-07 |
20210314338 | Network exposure detection and security assessment tool - Systems and methods include receiving a domain of interest; performing an analysis of the domain to extract namespaces of the domain, hosts associated with the domain, subdomains associated with the domain, namespaces of the subdomains, and addresses including address ranges of any identified namespaces; performing a Common Vulnerabilities and Exposures (CVE) search based on the analysis to identify a CVE list associated with the domain; determining weightings of the namespaces of the domain and the subdomains to provide a name list; obtaining cloud monitoring content associated with the domain; and utilizing the name list, the CVE list, and the cloud monitoring content to determine a risk associated with the domain. | 2021-10-07 |
20210314339 | ON-DEMAND AND PROACTIVE DETECTION OF APPLICATION MISCONFIGURATION SECURITY THREATS - Disclosed embodiments relate to systems and methods for dynamically and proactively scanning a computing environment for application misconfiguration security threats. Techniques include identifying an application configured for network communications; analyzing a network security configuration of the application; identifying, based on the analyzing, a target network address that the application is configured to use to redirect a network device to a target network resource; comparing the target network address to a whitelist of trusted target network addresses; assessing, based on the comparing, whether the network security configuration is misconfigured; and determining, based on the assessment, whether to provide a configuration validation status for the application. | 2021-10-07 |
20210314340 | MACHINE LEARNING-BASED ROLE DETERMINATION FOR ACCESS CONTROL TO ENTERPRISE SYSTEMS - In one example, a computer implemented method may include receiving a request from a user to access an enterprise system and obtaining, via a chatbot, user inputs by providing at least one of interactive menu-based and natural language-based queries on a graphical user interface in response to receiving the request. Further, the method may include determining a transaction code and/or an authorization code corresponding to the request in the enterprise system by applying natural language processing and a machine learning model to the obtained user inputs. Furthermore, the method may include determining a role corresponding to the transaction code and/or the authorization code by accessing the enterprise system and performing a risk assessment for the user to access the enterprise system based on the determined role and a user profile. Further, the method may include controlling the access to the enterprise system based on the risk assessment and the determined role. | 2021-10-07 |