41st week of 2021 patent applcation highlights part 58 |
Patent application number | Title | Published |
20210320849 | METHOD FOR MANAGING SYSTEM AND APPARATUS THEREFOR - The present disclosure provides a method of managing a system and an apparatus therefor. The method of the present disclosure may include providing a menu management tool for managing a menu of a system, setting an item of the menu and an authority to access the item by receiving an input through the menu management tool, and providing, when a terminal having the authority accesses the system, information regarding the item to the terminal. | 2021-10-14 |
20210320850 | SYSTEMS AND METHODS OF USING ADAPTIVE NETWORK INFRASTRUCTURES - A method, system, and computer-readable medium may provide for receiving network performance indicator data associated with a network slice connected to a user equipment (UE) device via a first type of network infrastructure; determining, based on the network performance indicator data, that one or more service level agreements (SLAs) for the network slice will not be met or are not currently being met; identifying a second type of network infrastructure based on service requirements for the network slice, wherein the network requirements include the one or more SLAs and a service profile; accessing a network function virtualization infrastructure (NFVI) inventory to determine a supportability for the instantiation of the second type of network infrastructure; and instructing an orchestrator to deploy the second type of network infrastructure over the access network. | 2021-10-14 |
20210320851 | Simulation System and Method for Simulating Processing of Reservation Enquiries for Multicast Data Streams in Communications Networks - Simulation system and method for simulating processing of reservation enquiries for multicast data streams in communications networks, wherein communication devices which are to be simulated with regard to their behaviour are functionally divided into a communication control plane designated as a control plane and into a data transmission plane designated as a data plane, where simulation system components formed by software containers which are executable in a sequence control environment are case provided for functions of the communication devices associated with the control plane, network infrastructure devices are modelled on the data plane by resources provided via each of the network infrastructure devices, and where the software containers associated with the communication devices are selectively executed in the sequence control environment and coupled together there according to a predetermined topology. | 2021-10-14 |
20210320852 | Software-definable network service configuration method - Service deployment in the conventional network is very complicated. Operator needs to plan the service path in advance, and then manually configure the policy for each node on the service path. The software-definable network service configuration method disclosed in the present invention is different from the conventional network. On the one hand, the control layer has a global network resource view to more easily plan service paths for service requests. On the other hand, the control layer adopts a centralized management of physical switch nodes in the data layer via a southbound interface, which makes it easier to automatically implement policy configuration in physical switch nodes. | 2021-10-14 |
20210320853 | PREDICTING APPLICATION AND NETWORK PERFORMANCE - An application and network analytics platform can capture comprehensive telemetry from servers and network devices operating within a network. The platform can discover flows running through the network, applications generating the flows, servers hosting the applications, computing resources provisioned and consumed by the applications, and network topology, among other insights. The platform can generate various models relating one set of application and network performance metrics to another. For example, the platform can model application latency as a function of computing resources provisioned to and/or actually used by the application, its host's total resources, and/or the distance of its host relative to other elements of the network. The platform can change the model by moving, removing, or adding elements to predict how the change affects application and network performance. In some situations, the platform can automatically act on predictions to improve application and network performance. | 2021-10-14 |
20210320854 | NETWORK PERFORMANCE ENHANCEMENT SYSTEM - A system to analyze and improve network traffic latency in networks including at least one IP Anycast network, based on first derivative graphs generated from directed acyclic graphs generated at periodic intervals for end user devices and network servers. The first derivative graphs are reduced to a best-performance path and applied to make application-specific data routing changes in the network. | 2021-10-14 |
20210320855 | Determining Reliability Information for a Network Component - The present disclosure relates to a method, apparatus and system for determining reliability information for a network component ( | 2021-10-14 |
20210320856 | PERFORMANCE MEASUREMENT IN A PACKET-SWITCHED COMMUNICATION NETWORK - It is disclosed a method for performing a performance measurement on a packet flow transmitted through a packet-switched communication network. In the packet flow, first blocks of packets having a first packet feature and second blocks of packets having a second packet feature are provided by periodically switching a packet feature in the packet flow, so that the first blocks of packets alternate in time with the second blocks of packets. Two or more measurement points on the path of the packet flow provide performance parameters relating to the first and second blocks of packets, and alternately provide their values to a network controller, which the controller uses to perform the performance measurement. The periodic switching of the packet feature and the alternate provision of the performance parameter values are in response to remote commands received from the controller. | 2021-10-14 |
20210320857 | REMEDIAL ACTION BASED ON MONITORED WIRELESS THROUGHPUT - In order to maintain performance during wireless communication, a transmitting electronic device may selectively perform a remedial action based on a monitored throughput. In particular, the transmitting electronic device may monitor communication with one or more receiving electronic devices, and may calculate a throughput metric based on the monitored communication. For example, the transmitting electronic device may monitor data rates, may receive feedback about the communication from at least one of the receiving electronic devices, and may determine an observed distribution of the data rates. Then, the transmitting electronic device may compare the throughput metric to a threshold value. If the throughput metric is less than the threshold value, the transmitting electronic device may perform the remedial action. This remedial action may include: denying subsequent association requests, discontinuing an existing association; and/or notifying a cellular-telephone network that the remedial action was needed. | 2021-10-14 |
20210320858 | PREVENTING TRAFFIC OUTAGES DURING ADDRESS RESOLUTION PROTOCOL (ARP) STORMS - A device may determine internet protocol (IP) traffic monitoring criteria and may monitor IP traffic based on the IP traffic monitoring criteria. The device may update, based on monitoring the IP traffic, a table of currently active IP traffic flows and may update, based on the table of currently active IP traffic flows, an address resolution protocol (ARP) packet filter. The device may receive one or more ARP packets from a different device and may determine whether to accept or discard the one or more ARP packets based on the ARP packet filter. The device may update an ARP table based on determining to accept the one or more ARP packets. | 2021-10-14 |
20210320859 | AN ARCHITECTURE FOR MANAGING IPV4 BASED CUSTOMER PREMISSES EQUIPMENTS THROUGH IPV6 - The present invention is basically related to a system which is For managing IPv4 based network through IPv6 based TR-069 communication and which provides a solution allowing new subscriber registrations to the networks that has reached maximum number of IP (Internet Protocol) usage. | 2021-10-14 |
20210320860 | SYSTEMS AND METHODS FOR BUILDING WIRELESS MESH NETWORKS - Disclosed herein is a system comprising a set of wireless communication nodes that are configured to operate as part of a wireless mesh network. Each respective wireless communication node may be directly coupled to at least one other wireless communication node via a respective short-hop wireless link, and at least a first pair of wireless nodes may be both (a) indirectly coupled to one another via a first communication path that comprises one or more intermediary wireless communication nodes and two or more short-hop wireless links and (b) directly coupled to one another via a first long-hop wireless link that provides a second communication path between the first pair of wireless communication nodes having a lesser number of hops than the first communication path. A fiber access point may be directly coupled to a first wireless communication node of the set of wireless communication nodes. | 2021-10-14 |
20210320861 | PATH COMPRESSION IN ROUTING OF SOURCE ROUTED PACKETS - Various example embodiments relate generally to supporting path compression in routing of source routed packets in communication networks. Various example embodiments for supporting path compression in routing of source routed packets may be configured to support path compression in routing of source routed packets based on use of various source routing protocols which may be based on various underlying communication protocols. Various example embodiments for supporting path compression in routing of source routed packets may be configured to support path compression in routing of source routed packets based on encoding of a set of hops within a header of a source routed packet using a path identifier (e.g., a path label, a path address, or the like) representing the set of hops (e.g., a set of hops providing a segment of the path, a set of hops providing a protection path configured to protect a portion of the path, or the like). | 2021-10-14 |
20210320862 | DATA TRANSMISSION METHOD, APPARATUS, AND DEVICE, AND COMPUTER STORAGE MEDIUM - A data transmission method, apparatus, and device, and a computer storage medium are provided. The method includes: obtaining an application packet of a target application; transmitting the application packet to a first routing device by using a network data channel, and transmitting, by using the first routing device, the application packet to a proxy server; meanwhile, transmitting the same application packet to a second routing device by using a short-range wireless data channel different from the network data channel, and transmitting, by using the second routing device, the application packet to the proxy server. The proxy server performs, a deduplication mechanism on the application packet and transmit the application packet to an application server corresponding to the target application. | 2021-10-14 |
20210320863 | PACKET PROCESSING METHOD, APPARATUS, AND DEVICE, AND PACKET FORWARDING METHOD, APPARATUS, AND DEVICE - Embodiments of this application disclose a packet processing method, apparatus, and device, and a packet forwarding method, apparatus, and device, to improve packet forwarding efficiency, save storage space of a network device, and expand a network scale. The packet processing method in the embodiments of this application includes: obtaining a packet including a destination address; obtaining outbound interface information of a network device on a forwarding path based on the destination address of the packet, where the forwarding path is a path for forwarding the packet from a source device to a destination device corresponding to the destination address; and encapsulating a packet header for the packet, where the packet header includes the outbound interface information of the network device that forwards the packet on the forwarding path. | 2021-10-14 |
20210320864 | DOMAIN NAME SYSTEM (DNS) OPTIMIZATION FOR WIDE AREA NETWORKS - A method including receiving, in a controller, from a client device in a network, a resolution query specifying a host name, is provided. The method includes parsing the resolution query to determine whether the host name is associated with an core host or with a public host, and directing the resolution query to a remote domain name system server dedicated to service the core host when the host name is associated with an enterprise name. The method also includes directing the resolution query to a local domain name system server when the host name is associated with a public service provided by the public host. A system to perform the above method is also provided. | 2021-10-14 |
20210320865 | FLOW-BASED LOCAL EGRESS IN A MULTISITE DATACENTER - A method for a hypervisor to implement flow-based local egress in a multisite datacenter is disclosed. The method comprises: determining whether a first data packet of a first data flow has been received. If the first data packet has been received, then the hypervisor determines a MAC address of a first local gateway in a first site of a multisite datacenter that communicated the first data packet, and stores the MAC address of the first local gateway and a 5-tuple for the first data flow. Upon determining that a response for the first data flow has been received, the hypervisor determines whether the response includes the MAC address of the first local gateway. If the response includes a MAC address of another local gateway, then the hypervisor replaces, in the response, the MAC address of another local gateway with the MAC address of the first local gateway. | 2021-10-14 |
20210320866 | FLOW CONTROL TECHNOLOGIES - Examples described herein relate to a switch that is to receive a message identifying congestion in a second switch; drop the message; generate a pause frame; and cause transmission of the pause frame to at least one sender of packets to a congested queue in the second switch. In some examples, the message includes one or more of: a destination IP address, Differentiated Services Code Point (DSCP) value, or pause duration for the congested queue. In some examples, the DSCP value is to identify a traffic class of the congested queue. In some examples, the pause frame is consistent with Priority Flow Control (PFC) of IEEE 802.1Qbb (2011). In some examples, the switch is to: store, from the message identifying congestion in the second switch, congestion information associated with the congested queue comprising one or more of: destination internet protocol (IP) address, Differentiated Services Code Point (DSCP) value, or pause end time of the congested queue. | 2021-10-14 |
20210320867 | ADAPTIVE PRIVATE NETWORK ASYNCHRONOUS DISTRIBUTED SHARED MEMORY SERVICES - A highly predicable quality shared distributed memory process is achieved using less than predicable public and private internet protocol networks as the means for communications within the processing interconnect. An adaptive private network (APN) service provides the ability for the distributed memory process to communicate data via an APN conduit service, to use high throughput paths by bandwidth allocation to higher quality paths avoiding lower quality paths, to deliver reliability via fast retransmissions on single packet loss detection, to deliver reliability and timely communication through redundancy transmissions via duplicate transmissions on high a best path and on a most independent path from the best path, to lower latency via high resolution clock synchronized path monitoring and high latency path avoidance, to monitor packet loss and provide loss prone path avoidance, and to avoid congestion by use of high resolution clock synchronized enabled congestion monitoring and avoidance. | 2021-10-14 |
20210320868 | DYNAMICALLY BALANCING INBOUND TRAFFIC IN A MULTI-NETWORK INTERFACE-ENABLED PROCESSING SYSTEM - Examples described herein provide a computer-implemented method that includes registering at least one of a plurality of virtual internet protocol addresses (VIPAs) to each of a plurality of network adapters. The method further includes distributing, by each of the plurality of network adapters, inbound data among each of the plurality of network adapters using an address resolution protocol. | 2021-10-14 |
20210320869 | SYSTEM AND METHOD FOR SYNTHESIS OF A NETWORK-ON-CHIP TO DETERMINE OPTIMAL PATH WITH LOAD BALANCING - A system, and corresponding method, is described for finding the optimal or the best set of routes from a master to each of its connected slaves, for all the masters and slaves using a Network-on-Chip (NoC). More precisely, some embodiments of the invention apply to a class of NoCs that utilize a two-dimensional mesh topology, wherein a set of switches are arranged on a two-dimensional grid. Masters (initiators or sources) inject data packets or traffic into the NoC. Slaves (targets or destinations) service the data packets or traffic traveling through the NoC. The NoC includes switches and links. Additionally, the optimal routes defined by the system includes moving the traffic in a way that avoids deadlock scenarios. | 2021-10-14 |
20210320870 | MIGRATION FROM A LEGACY NETWORK APPLIANCE TO A NETWORK FUNCTION VIRTUALIZATION (NFV) APPLIANCE - A computing device includes an appliance status table to store at least one of reliability and performance data for one or more network functions virtualization (NFV) appliances and one or more legacy network appliances. The computing device includes a load controller to configure an Internet Protocol (IP) filter rule to select a packet for which processing of the packet is to be migrated from a selected one of the one or more legacy network appliances to a selected one of the one or more NFV appliances, and to update the appliance status table with received at least one of reliability and performance data for the one or more legacy network appliances and the one or more NFV appliances. The computing device includes a packet distributor to receive the packet, to select one of the one or more NFV appliances based at least in part on the appliance status table, and to send the packet to the selected NFV appliance. Other embodiments are described herein. | 2021-10-14 |
20210320871 | MOBILE MANAGEMENT SYSTEM - Mobile management method and system. The method includes receiving from an application on a client a DNS query for a host name; retrieving reputation data associated with the host name from a local cache on the client; determining whether a policy associated with the host name and the reputation data associated with the host name exists; and one of: sending network flows one of: through a VPN tunnel to a server or out a local proxy on the client to a private or public network; or blocking the network flow based on the determined policy for the host name. | 2021-10-14 |
20210320872 | CLOUD COMPUTING DATA CENTER SYSTEM, GATEWAY, SERVER, AND PACKET PROCESSING METHOD - A cloud computing data center system includes a first server, a second server, a cloud management platform, and a switch. The first server includes a first computing node and a first distributed gateway. The first distributed gateway receives a management packet sent by the cloud management platform. The first distributed gateway records network information of the second VLAN. A first virtual machine sends a first service packet that carries service data to a second virtual machine. The first distributed gateway receives the first service packet, modifies the first service packet based on the network information of the second VLAN, and sends the second service packet to the switch. A second distributed gateway receives the second service packet forwarded by the switch, and sends the service data carried in the second service packet to the second virtual machine. In this way, network reliability may be improved. | 2021-10-14 |
20210320873 | MODIFICATIONLESS PACKET PRIORITIZATION FOR FRAME GENERATION - Modification less packet prioritization for frame generation is disclosed. An aggregation device receives, via a digital communication interface, a plurality of encapsulated packets, each respective encapsulated packet of the plurality of encapsulated packets comprising a priority indicator and a packet to which the priority indicator corresponds. The aggregation device extracts a corresponding plurality of packets from the plurality of encapsulated packets and generates a frame that comprises a subset of packets selected from the plurality of packets based at least in part on the priority indicators that correspond to the plurality of packets. The aggregation device transmits the frame via a second communication interface. | 2021-10-14 |
20210320874 | PACKET PRIORITIZATION FOR FRAME GENERATION - Packet prioritization for frame generation is disclosed. A modem receives, via a first communication interface, a flow priority structure that comprises one or more modem packet flow identifiers, and for each modem packet flow identifier, a corresponding packet flow priority indicator. Each modem packet flow identifier identifies a different packet flow associated with a computing device to which the modem is communicatively coupled. The modem receives, via a second communication interface, a plurality of packets, each packet corresponding to one of the packet flow priority indicators. The modem generates a frame that includes a subset of packets selected from the plurality of packets based at least in part on the packet flow priority indicators that correspond to the plurality of packets, and transmits the frame via the first communication interface to an aggregation device. | 2021-10-14 |
20210320875 | SWITCH-BASED ADAPTIVE TRANSFORMATION FOR EDGE APPLIANCES - A network switch includes a memory device to store a stream information of a plurality of data streams being handled by the network switch, the stream information including a stream identifier, a stream service level agreement (SLA), and a stream traffic type; accelerator circuitry to apply stream transformation functions to data streams; telemetry circuitry to monitor egress ports of the network switch; and scheduler circuitry to: receive telemetry data from the telemetry circuitry to determine that a utilization of egress ports of the network switch is over a threshold utilization; determine a selected data stream of the plurality of data streams to transform; use the accelerator circuitry to transform the selected data stream to produce a transformed data stream, wherein the transformed data stream complies with a corresponding stream SLA; and transmit the transformed data stream on an egress port. | 2021-10-14 |
20210320876 | MECHANISM TO COORDINATE END TO END QUALITY OF SERVICE BETWEEN NETWORK NODES AND SERVICE PROVIDER CORE - Systems, methods, and devices are disclosed for providing a quality of service between nodes. A service provider can receive, from a first node of a customer network to an ingress node of a service provider network, packets bound for a second node on the customer network that is remote from the first node. The packets are mapped to a network segment according to a traffic type based on an identifier associated with the packets that identifies the traffic type of the packets. The packets are sent via their mapped network segment to an egress node with connectivity to the second node of the customer network according to a quality of service associated with the traffic type identified by the identifier. | 2021-10-14 |
20210320877 | NETWORK CONGESTION REDUCTION BASED ON ROUTING AND MATCHING DATA PACKETS - A data transaction processing system includes a quarantine system that delays messages configured to accept a delay before being processed by the data transaction processing system. During periods of heavy network traffic, the imposed delay reduces network congestion by distributing/load leveling messages according to available computing resources. Separating messages over time also reduces the processing latency of the data transaction processing system. Messages that are routed and delayed through the quarantine system may be executed at a better transactional value than other non-delayed messages. | 2021-10-14 |
20210320878 | SYSTEMS AND METHODS FOR TRANSPORT BASED NETWORK SLICING ORCHESTRATION AND MANAGEMENT - A network device obtains service requirements associated with a customer identifier, obtains a first profile describing an infrastructure design of multiple transport domains associated with at least one network slice of a network, and obtains a second profile describing performance characteristics of the multiple transport domains of the at least one network slice. The network device receives training data associated with performance measurements of the multiple transport domains of the at least one network slice, and updates a machine learning model based on the training data. The network device selects at least one of the multiple transport domains for orchestration using the updated machine learning model, the service requirements, the first profile, and the second profile. | 2021-10-14 |
20210320879 | METHODS AND APPARATUS FOR MEMORY USAGE OF HELPING USER EQUIPMENT DURING SIDELINK RETRANSMISSION - Apparatus, methods, and computer-readable media for facilitating usage of memory of helping UEs during sidelink retransmission are disclosed herein. An example method for wireless communication at a first user equipment (UE) includes receiving, from a wireless device, a first packet and a second packet for sidelink retransmission to at least one second UE, the second packet being received after the first packet. The example method also includes dropping the first packet or the second packet prior to retransmission based on at least one of a packet priority or an indication from the wireless device. | 2021-10-14 |
20210320880 | Queueing System with Head-of-Line Block Avoidance - Control logic circuitry stores packets in a queue in an order in which the packets are received. A head entry of the queue corresponds to an oldest packet in the order. The control logic circuitry receives flow control information corresponding to multiple target devices including at least a first target device and a second target device. The control logic circuitry determines, using the flow control information, whether the oldest packet stored in the head entry can be transferred to the first target device, and in response to determining that the oldest packet stored in the head entry cannot be transferred to the first target device, i) selects an other entry with an other packet behind the head entry according to the order, and ii) transfers the other packet to the second target device prior to transferring the oldest packet in the head entry to the first target device. | 2021-10-14 |
20210320881 | NIC PRIORITY QUEUE STEERING AND PROCESSOR UNIT FREQUENCY TUNING BASED ON PACKET FLOW ANALYTICS - In one embodiment, a system comprising a network interface controller comprising circuitry to determine per-flow analytics information for a plurality of packet flows; and facilitate differential rate processing of a plurality of packet queues for the plurality of packet flows based on the per-flow analytics information. | 2021-10-14 |
20210320882 | System, Apparatus, And Method For Controlling Internet Devices Via A Mobile Device Session - Methods, a system, and apparatus for managing the separation and distribution of digital controls wherein the digital content in a network system includes receiving a request from any one of control devices, host server response to control device request (and output devices), host server may either non-discriminatively or discriminatively broadcast to any of the control devices, and control device handling responses throughout home network system. The methods, system, and computer readable medium include user experience optimized application types for (optimally) separating and distributing the associated control and associated status information elements during active sessions from the host server to the control devices and output devices within a network system. Configuring a control session comprises receiving a request to execute an input/output application from a control application executing on a mobile control device Configuring the control session also includes aggregating a plurality of real-world connectable processing nodes into an application session set of processing nodes by allocating at least one function required by the input/output application for execution on each processing node in the set of processing nodes, wherein the set of processing nodes is determined based on processing requirements of the input/output application. | 2021-10-14 |
20210320883 | COORDINATED INTERNET PROTOCOL PACKET FILTERING - The present application relates to devices and components including apparatus, systems, and methods for user equipments and network components performing or assisting in packet filtering operations. | 2021-10-14 |
20210320884 | Systems and Methods for SRv6 Micro Segment Insertion - The present disclosure relates to methods and systems for inserting micro segments into a data packet. The methods may include the steps of receiving a packet with a destination address corresponding to a Micro Segment Identifier (uSID) carrier having one or more existing micro segments followed by one or more empty micro segment positions, receiving information relating to one or more new micro segments to be inserted into the uSID carrier, the one or more new micro segments associated with a new bit length, calculating a remaining bit length of the uSID carrier, the remaining bit length associated with the one or more empty micro segment positions in the uSID carrier, wherein, if the remaining bit length is greater than or equal to the new bit length, updating the uSID carrier by inserting the new micro segments, and forwarding the packet to destinations associated with the updated uSID carrier. | 2021-10-14 |
20210320885 | SERVER, SERVER SYSTEM, AND METHOD OF INCREASING NETWORK BANDWIDTH OF SERVER - [Problem] An available network bandwidth is increased without limiting processing of applications. | 2021-10-14 |
20210320886 | METHODS AND APPARATUS FOR DETERMINISTIC LOW LATENCY PACKET FORWARDING FOR DAISY CHAINING OF NETWORK DEVICES - Methods, apparatus, systems, and articles of manufacture are disclosed for deterministic low latency packet forwarding for daisy chaining of network devices. An example apparatus includes fabric circuitry, first data interface circuitry and second data interface circuitry coupled to the fabric circuitry, the first data interface circuitry to, in response to a receipt of a data packet, identify the data packet to be transmitted to third data interface circuitry, a data forwarding buffer, and packet forwarding engine circuitry coupled to the data forwarding buffer and the fabric circuitry, the packet forwarding engine circuitry to store the data packet in the data forwarding buffer, and instruct the second data interface circuitry to transmit the data packet from the data forwarding buffer to the third data interface circuitry. | 2021-10-14 |
20210320887 | REPROGRAMMING MULTICAST REPLICATION USING REAL-TIME BUFFER FEEDBACK - Methods and systems are described for programming a substitution of ingress replication buffering for egress replication buffering after identifying egress buffer errors (such as overflow) for multicast traffic. A network element is configured to identify which ports drop packets by monitoring egress buffers and/or multicast traffic in real time. A hardware forwarding engine provides feedback to a control plane processor of the network element to adapt and selectively reprogram multicast ingress replication, temporarily, for certain egress ports that may have, e.g., egress buffer errors or risk of issues due to high network traffic. Using virtual output queues in ingress buffers may reduce risk of egress port congestion, as egress buffers have more limited resources than ingress buffers; however, relying solely on ingress replication for multicast traffic may hinder unicast traffic. Ingress buffer replication of multicast traffic may be used selectively and temporarily. | 2021-10-14 |
20210320888 | METHODS AND SYSTEMS FOR CONFIGURING AN EMAIL ENGINE - Systems and methods for configuring an email engine associated with sequences of engagements are described. The email engine is associated with a first sequence of engagements and a second sequence of engagements. The email engine is configured to be activated based on completion of the first sequence of engagements. The email engine may be configured to generate and send an email to an email recipient based on a set of parameters unique to the email recipient and based on one or more government regulations. When the sending of the email is prevented because of the set of parameters or the government regulations, an error notification may be generated, and the second sequence of engagements may not be activated. | 2021-10-14 |
20210320889 | GENERIC DISAMBIGUATION - A disambiguation dialog may be generated by determining candidate responses based on an intent of a user's message. A utility value and a relevance probability may be determined for each of the candidate responses. An intermediate ranking may be computed for each of the candidate responses based on the utility value and the relevance probability. Candidate dialogs may be formed with the top candidate response, the top two candidate responses, and so on. Additional candidate dialogs may be generated by varying a presentation format of the candidate responses. Discoverability probabilities may be associated with each of the candidate responses within a candidate dialog. A joint metric for each candidate dialog may be computed as a function of the utility value, relevance probability and discoverability probability associated with each of the candidate responses included in the candidate dialog. The highest ranked candidate dialog may be selected as the disambiguation dialog. | 2021-10-14 |
20210320890 | METHOD AND DEVICE FOR DISPLAYING TEXT AND VIDEO IN TWO THREADS - The present invention discloses a method and device for displaying text and video in two threads. The method comprises: when receiving video message, switching display state of chat interface from sleep state to play state to play the video message on background of the chat interface; in process of playing the video message, responding to user terminal's operation instructions to chat control and/or play control on the chat interface; and at the end of the video message playing, switching the display state of the chat interface from play state to sleep state. The present invention can display text message and video message in two threads on the same operation interface, so that users can get the text message and video message at the same time, and the efficiency of message acquisition can be improved. | 2021-10-14 |
20210320891 | SYSTEMS AND METHODS FOR GENERATING TASKS BASED ON CHAT SESSIONS BETWEEN USERS OF A COLLABORATION ENVIRONMENT - Systems and methods for generating tasks based on chat sessions between users of a collaboration environment are disclosed. Exemplary implementations may: obtain content information characterizing content of the chat sessions between the users of the collaboration environment; generate tasks for the users based on the content from the chat sessions, a first task being generated based on the first content information for the first chat session; and/or store information defining the tasks generated as part of the state information such that the first task is defined by a first task record. | 2021-10-14 |
20210320892 | RATE LIMITING ACTIONS WITH A MESSAGE QUEUE - Systems and methods for processing email messages are described. A method may include obtaining, from a database associated with the database system, data identifying a plurality of email messages for a plurality of email senders, the email messages associated with one or more sales cadences and an email service; enqueuing, by the server computing system, data identifying one or more email messages of the plurality of email messages into a queue provided that no data identifying two email messages associated with a first email sender are in the queue concurrently; and dequeuing, by the server computing system, the data identifying the one or more email messages from the queue, each dequeued data identifying an email message to be processed by the email service, wherein said enqueuing is performed provided that no dequeued data identifying two email messages associated with a second email sender are concurrently waiting to be processed by the email service. | 2021-10-14 |
20210320893 | TRIGGERING EVENT NOTIFICATIONS BASED ON MESSAGES TO APPLICATION USERS - In accordance with one disclosed method, a first computing system may receive a message from an application hosted on a second computing system, the message being indicative of an event of the application. In response to receiving the message, the first computing system may generate a notification indicative of the event and send the generated notification to a client device. The first computing system may receive a response to the notification from the client device, and may process the response so as to cause the application to take an action responsive to the event. | 2021-10-14 |
20210320894 | DEVICE FOR RESPONSE OPERATION FOR SIGNAL FROM UNSPECIFIED SENDER AND DEVICE FOR RESPONSE OPERATION FOR SIGNAL TO UNSPECIFIED RECEIVER - Focusing on the diversity of how people communicate with each other, the objective of the invention is to provide a signal-responsive device that achieves a digital-based method of communicating that has been nonexistent until now. Provided is a signal response operation device which sends, to a receiving device of a receiving subject, signals from a plurality of sending devices for which senders are not specified, and causes the receiving device to operate. A server registers the receiving device of the receiving subject, and groups and registers each sending device of a plurality of the senders which includes persons who have been selected by or have agreed with the receiving subject. By any of the plurality of senders operating the sending devices, the server sends a signal to the receiving device in response to the sending of a signal from the registered sender. | 2021-10-14 |
20210320895 | ADDRESS RESOLUTION INFORMATION ACQUISITION (ARIA) FOR A COMPUTING DEVICE - Address resolution information acquisition (ARIA) for a computing device is described. In some examples, ARIA includes a computing device (e.g., an Internet of things (IoT) node, a gateway, a server) determining, without use of an address resolution protocol (ARP), address resolution information of one or more other computing devices (e.g., a IoT node, a gateway, a server). In one example, the computing device uses data flowing to or from its application layer, transport layer, or network layer to determine address resolution information of another computing device. The address resolution information can comprise one or more of a link layer address (e.g., a media access control (MAC) address) and an Internet layer address (e.g., an Internet protocol (IP) address). Usage of a cache for storing or deleting address resolution information can also be part of ARIA. | 2021-10-14 |
20210320896 | DOMAIN NAME SERVER ALLOCATION METHOD AND APPARATUS - In a domain name system (DNS) server allocation method, a session management function (SMF) receives a session establishment request message sent by UE, where the request message includes a name of a data network to be accessed by the UE. The SMF obtains an IP address of a first DNS server based on the name of the data network and a geographical location of the UE. The SMF then sends to the UE a session establishment response message that includes the IP address of the first DNS server. | 2021-10-14 |
20210320897 | Local Area Network (LAN) Service in Fifth Generation (5G) Systems - Methods, systems, and storage media are described for providing fifth generation-local area network (5G LAN)-type services and 5G LAN communications over 5G Systems. Other embodiments may be described and/or claimed. | 2021-10-14 |
20210320898 | ADDRESS-SETTING DEVICE AND AIR CONDITIONING SYSTEM - A communication system includes a first device, second devices, and a communication line providing a serial connection from the first device to the second devices to establish a communication connection. An address setting device of the communication system is configured to set addresses of the second devices. The address setting device includes a communication controller. The communication controller is configured to transmit a transmission signal toward the second devices through the communication line and change at least one of an amplitude or a frequency of the transmission signal, and associate the addresses of the second devices with connection precedence of the second devices to the first device based on a reception signal received through the communication line. | 2021-10-14 |
20210320899 | NOTIFICATION DEVICE AND NOTIFICATION METHOD - A storage unit ( | 2021-10-14 |
20210320900 | MAC Address Dynamic Assignment for a Network Element - Approaches for dynamic assignment of a MAC address. An article of manufacture may comprise a non-volatile memory and a network element that comprises a CPU. The network element may be a remote PHY device, an Ethernet switch, a Remote MACPHY Device (RMD), a Passive Optical Network (PON) Optical Line Terminal (OLT), a Passive Optical Network (PON) Optical Network Unit (ONU), a Wi-Fi hot spot router, a Long-Term Evolution (LTE) device, an O-Ran device, or a Light Detection and Ranging (LIDAR) routing device. A communication link exists between the CPU of the network element and the non-volatile memory of the article of manufacture. A module on the network element causes the network element to retrieve, across the communication link, at least one MAC address from the non-volatile memory of the remote PHY node and adopt a MAC address to identify itself any time that the article of manufacture reboots. | 2021-10-14 |
20210320901 | AUTOTUNING A VIRTUAL FIREWALL - A device may receive an input associated with deploying a virtual firewall on a computing device. The device may determine a first set of characteristics associated with the virtual firewall and a second set of characteristics associated with a hypervisor associated with the computing device. The device may automatically tune the virtual firewall based on the first set of characteristics and the second set of characteristics. The device may deploy the virtual firewall after tuning the virtual firewall. | 2021-10-14 |
20210320902 | LOW DATA RATE SIGNALLING - In some examples, a method for generating a low data rate signal for transmission from a first network domain to a second network domain, the second network domain logically separated from the first network domain by a firewall, comprises encoding a signal from a first device logically positioned within the first network domain to form a data signal, and transmitting the data signal over an out-of-band communications channel from the first network domain to the second network domain. | 2021-10-14 |
20210320903 | Machine Learning of Firewall Insights - A computer-implemented method causes data processing hardware to perform operations for training a firewall utilization model. The operations include receiving firewall utilization data for firewall connection requests during a utilization period. The firewall utilization data includes hit counts for each sub-rule associated with at least one firewall rule. The operations also include generating training data based on the firewall utilization data. The training data includes unused sub-rules corresponding to sub-rules having no hits during the utilization period and hit sub-rules corresponding to sub-rules having more than zero hits during the utilization period. The operations also include training a firewall utilization model on the training data. The operations further include, for each sub-rule associated with the at least one firewall rule, determining a corresponding sub-rule utilization probability indicating a likelihood the sub-rule will be used for a future connection request. | 2021-10-14 |
20210320904 | Controlling Computing Device Virtual Private Network Usage With A Wearable Device - A wearable device enables access to VPN endpoint devices for secure data communication and privacy for a computing device. The wearable device stores VPN configuration information for a user, which includes the user's VPN credentials for each of one or more remote VPN endpoint devices. When the wearable device is in close proximity to a computing device and is being worn by a user that is authenticated to at least one of the wearable device and the computing device, the wearable device communicates the configuration information to the computing device. The computing device can then use this VPN configuration information to establish a VPN connection to a VPN endpoint device. | 2021-10-14 |
20210320905 | CHROMOSOMAL IDENTIFICATION - The present invention relates to a method, apparatus, and system for communication with a user's family members using the DNA of the user without making the DNA profile public. According to a first aspect, there is provided a computer implemented method of locating one or more members of a familial network, comprising the steps of: generating one or more encryption keys derived from a first genomic sequence; encrypting a message using the or each encryption key to form an encrypted message; sending the encrypted message to one or more remote devices wherein decrypting the encrypted message at the one or more remote devices uses one or more encryption keys derived from a second genomic sequence; and receiving a confirmation regarding whether the decryption of the encrypted message was successful by any of the one or more remote devices. | 2021-10-14 |
20210320906 | CRYPTOGRAPHIC PROXY SERVICE - A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination. | 2021-10-14 |
20210320907 | Encrypted 1-Bit Audio Distribution System - An innovative system for transmitting encrypted 1-bit audio over an Ethernet network comprises using an omni-directional micro-electrical-mechanical system acoustic sensor element ( | 2021-10-14 |
20210320908 | COMPUTER RESOURCE PROVISIONING - A method, system, and computer program product for implementing computer resource provisioning is provided. The method includes receiving a first request for identification credentials associated with a user. In response, resource identification credentials for the user are generated and a second request for generating a first computer resource is received in response to analyzing the resource identification credentials. The resource identification credentials are validated with respect to a local ID cache structure and it is determined if the resource identification credentials are available for usage by the user. In response, a resource implementation process is executed. | 2021-10-14 |
20210320909 | COMMUNICATIONS SYSTEM, COMMUNICATIONS DEVICE USED IN SAME, MANAGEMENT DEVICE, AND INFORMATION TERMINAL - A communications system includes a device connected to information terminals to enable a plurality of information terminals, mutually exchange data via a global network and enable highly confidential mutual communications between the information terminals included. The communications device includes a unit storing user authentication information for performing user authentication via the connected information terminal and pre-storing a device authentication listing pieces of device information in authentication of each communications device with regard to all the communications devices in the same group, the device authentication list being pre-stored in a state where the device authentication list is inaccessible from the user. When exchange of data is performed between the information terminals via the global network, the communications device configured to carry out user authentication process with the information terminal using the user authentication information and device-to-device authentication process with another communications device by referring to the device authentication list. | 2021-10-14 |
20210320910 | ENCRYPTION AND DECRYPTION TECHNIQUES USING SHUFFLE FUNCTION - Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing. | 2021-10-14 |
20210320911 | SINGLE SIGN-ON FOR TOKEN-BASED AND WEB-BASED APPLICATIONS - A method of authenticating a user includes: logging into a first system that includes a token-based authentication system (TBAS); creating, at the TBAS, a cookie based on a token from the TBAS; requesting access, by the user, to a second system that includes at least one windows-hosted web application (WHWA); and decoding and validating the token, thereby granting the user access to the second system based only on the user logging into the first system. | 2021-10-14 |
20210320912 | SYSTEM AND METHOD FOR CLOUD-BASED ANALYTICS - A system and method in accordance with example embodiments may include systems and methods for a cloud-based analytics platform. The cloud-based analytics platform may allow the manual and automatic uploading to and/or downloading from a cloud server. The platform may include single sign-on (SSO) capabilities such that a user may have one set of credentials to access data from the cloud-based analytics and/or data stored locally. The platform may include data validation and processing in order to provide real-time feedback on uploads based on file type, file size, access rights, extracted data, and transformed data. | 2021-10-14 |
20210320913 | APPLYING A FUNCTION TO A PASSWORD TO DETERMINE AN EXPECTED RESPONSE - A system may perform operations including transmitting a service request to a service provider, wherein the service request includes a device identifier of the computer-based system or a device fingerprint of the computer-based system; receiving a seed one-time password (OTP) to the computer-based system from the service provider, wherein the seed OTP comprises a random number that is valid for a predetermined time period and is discarded after first use; calculating a one-time password (OTP) by applying a hash function to the seed OTP, wherein the hash function is based on the device identifier of the computer-based system or the device fingerprint of the computer-based system; transmitting a response OTP to the service provider for validation by the service provider, wherein the response OTP is different from the seed OTP; and receiving a validation result from the service provider. | 2021-10-14 |
20210320914 | System, Method, and Program Product Using Ephemeral Identity for Digital User Identification - A system and method including the steps of: generating an ephemeral ID (EID) with a client library, the EID comprises a temporary ID generated using a pseudorandom function that is configured to calculate the EID based on a linear congruential algorithm (LCG), wherein the EID changes or rotates for each loaded web page; transmitting the EID to a privacy mediation service; transmitting the EID to a programmatic advertising supply side platform where a buy side platform obtains the EID via real time bidding (RTB) calls, in which the privacy mediation service resolves the EID to a TID and return a behavioral profile or data encoded as audience segment to the buy side platform for bidding purposes. | 2021-10-14 |
20210320915 | METHODS AND SYSTEMS FOR VERIFYING AN IDENTITY OF A USER THROUGH CONTEXTUAL KNOWLEDGE-BASED AUTHENTICATION - Methods and systems are described for verifying an identity of a user through contextual knowledge-based authentication. The system described uses contextual knowledge-based authentication. By verifying an identity of a user through contextual knowledge-based authentication, the verification is both more secure and more intuitive to the user. For example, by relying on confidential and/or proprietary information, the system may generate verification questions, the answers to which are known only by the user. | 2021-10-14 |
20210320916 | AUTHORITY MANAGEMENT METHOD AND COMPUTING DEVICE UTILIZING METHOD - In an authority management method for providing interoperability across different locations and networks, an identity information database and an authority information database are established. Biological image information is obtained from users and registered in the database or an associated database. Biometric image information and an access request of a user are obtained. If there is certain identity information matching the biometric image information of the user in the identity information database, information as to authority and extent of authority are certain identity information queried from the authority information database. The access request is determined to be allowed or not allowed according to the certain authority information. If the access request is to be granted, and allowed in respect of a desired activity, an operation instruction is generated accordingly. A system for administering such method and device applying method are also disclosed. | 2021-10-14 |
20210320917 | Graphical User Interface and Operator Console Management System for Distributed Terminal Network - A graphical user interface (GUI) and operator console management system for a distributed terminal network is described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations. | 2021-10-14 |
20210320918 | AUTHORIZED REMOTE CONTROL DEVICE GESTURE CONTROL METHODS AND APPARATUS - A method for controlling a remote control device includes capturing with a biometric device biometric data associated with a user, determining with processor whether the user is authorized to interact with the smart device, in response to the biometric data, determining with the processor user data, in response to the user being authorized to interact with the smart device, receiving with a short-range transceiver an authentication request from a reader device associated with a remote control device, outputting with the short-range transceiver a session token in response to the authentication request and to the user data, thereafter determining with a physical sensor physical perturbations in response to physical actions of the user, determining with the processor a requested action for the remote control device, in response to the user data and the physical perturbations, and outputting with the short-range transceiver the requested action to the reader device. | 2021-10-14 |
20210320919 | BIOMETRIC INTERACTION MANAGER - A method and system for processing a transaction based on biometric data and access data is disclosed. Different accounts and providers may be used to process transactions, using different message formats, based on user-configured mappings. In one example, the method includes receiving, by a message processing system, an authorization request message from an access device, the authorization request message comprising a biometric template and access data. An interaction entity record identifier, associated with an interaction entity from among a plurality of different interaction entities that process messages in different message formats, may be retrieved. The authorization request message may be converted from a first format to a second format, the second format being compatible with message processing by the interaction entity. The converted authorization request message may be transmitted to the interaction entity for determining whether to authorize the transaction. | 2021-10-14 |
20210320920 | REQUESTING AND TRANSMITTING DATA FOR RELATED ACCOUNTS - Systems and methods for efficiently and securely requesting and receiving, from a remote service, data for multiple accounts associated with the same device or application. In one example, a client device is configured to request application data for all accounts associated with the device or application installation using a single remote procedure call, rather than requiring separate calls for each account, and to do so by providing a single identifier rather than including identifiers specific to each associated account. The remote service is further configured to return the requested information in a manner that obfuscates the account identifiers and thus limits their potential use if the communication is intercepted, such that the application data can be efficiently transmitted together even where security or other concerns would otherwise dictate that separate transmissions should be made for each account. | 2021-10-14 |
20210320921 | COMMUNICATION SYSTEM, CRYPTOGRAPHIC KEY DISTRIBUTION METHOD, MANAGEMENT COMMUNICATION APPARATUS, AND COMMUNICATION APPARATUS - The communication system is a communication system including a management communication apparatus, a first communication apparatus, and a second communication apparatus. The first communication apparatus is capable of communicating using a plurality of Internet Protocol (IP) addresses in different versions from each other, and includes a first communication unit configured to notify the management communication apparatus of a first IP address among the plurality of IP addresses in a first authentication process for entering the communication system, and to notify the management communication apparatus of a second IP address among the plurality of IP addresses after the first authentication process, the first authentication process being performed between the first communication apparatus and the management communication apparatus. | 2021-10-14 |
20210320922 | METHOD AND SYSTEM FOR TOKEN PROVISIONING AND PROCESSING - A method and system for provisioning credentials is disclosed. The method includes receiving, by a token provider computer, a token request message from a token requestor computer that comprises an initial access identifier. The token provider computer transmits the initial access identifier to a first authorization computer, and then the token provider computer receives an intermediate access identifier. The token provider computer then transmits a token activation request message to a second authorization computer based at least in part on the intermediate access identifier. The token provider computer then receives a token activation response message from the second authorization computer. The token provider computer then provides the token to the token requestor computer. | 2021-10-14 |
20210320923 | METHOD AND APPARATUS FOR REVOKING AUTHORIZATION OF API INVOKER - A method for revoking authorization for an API invoker in a first apparatus. The method comprises sending to a second apparatus a request for revoking authorization of an Application Program Interface (API) for the API invoker with an API invoker ID, an API Exposing Function (AEF) identifier and at least one API identifier; and receiving a response to the request from the second apparatus wherein the API identified by the at least one API identifier is part of all the APIs authorized for the API invoker. | 2021-10-14 |
20210320924 | AUTHORIZATION SYSTEM AND AUTHORIZATION METHOD - [Problem] Provided is an authorization system capable of reducing a load on a host regarding an invitation procedure in a case where there is a large number of guests or guests are frequently invited, and preventing identity theft or invitation of an unwanted third party. | 2021-10-14 |
20210320925 | PROVIDING ACCESS TO CONTENT WITHIN A COMPUTING ENVIRONMENT - A technique provides access to content within a computing environment. The technique involves identifying a network address to a resource which is currently blocked from being accessed via the network address due to operation of a content filter. The technique further involves, based on previously accessed content, modifying the operation of the content filter to unblock access to the resource via the network address. The technique further involves, after the operation of the content filter is modified to unblock access to the resource via the network address, permitting access to the resource via the network address. | 2021-10-14 |
20210320926 | RESOURCE MANAGEMENT SYSTEM, RESOURCE MANAGEMENT METHOD, RESOURCE TRANSACTION MANAGEMENT DEVICE, RESOURCE MANAGEMENT DEVICE, AND PROGRAM - [Problem] It is possible to enable the centralized management of resource usage right and improve the reliability and tamper resistance of information related to the resource usage right. | 2021-10-14 |
20210320927 | SYSTEM MODE OVERRIDE DURING FLOW EXECUTION - Disclosed are some implementations of systems, apparatus, methods and computer program products for executing process flows. A request to initiate execution of a flow is processed, where the request is received from a first user. The flow includes a plurality of flow elements, where each of the flow elements represents a corresponding set of computer-readable instructions. Execution of the flow is initiated and an operation mode assigned to one of the flow elements is determined. A set of computer-readable instructions corresponding to the flow element is executed according to the operation mode such that an identity of the first user is recorded in association with an operation on a database record, wherein permissions allocated in a user profile to the first user do not provide the first user permission to cause the operation on the database record. Output indicating a result of executing the set of computer-readable instructions according to the operation mode is provided for presentation via a graphical user interface (GUI). | 2021-10-14 |
20210320928 | Method and system for on-board cyber (information) security appliance and applications to detect, manage and optionally mitigate cyber security events and /or anomalies on aircraft networks - A system, method and computer readable and executable media for detecting, alerting, managing and optionally mitigating cyber security events on an aircraft's networks using an on-board cyber security appliance and applications that monitors and detects cyber security events in real time. A software selectable cyber security agent within the cyber security appliance mitigates (if enabled) the effects of a cyber security events and/or anomalies on the aircrafts networks while the aircraft is in-flight and/or on the ground. | 2021-10-14 |
20210320929 | Packet Detection Method and First Network Device - A packet detection method includes obtaining, by a first network device, a Bit Index Explicit Replication (BIER) packet, where the BIER packet includes trap information, and the trap information indicates whether the BIER packet is a valid BIER packet, determining, by the first network device, whether the trap information is valid, and determining, by the first network device, that the BIER packet is an invalid BIER packet when the first network device determines that the trap information is valid. | 2021-10-14 |
20210320930 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING PROGRAM - An information processing device | 2021-10-14 |
20210320931 | DYNAMIC MONITORING AND SECURING OF FACTORY PROCESSES, EQUIPMENT AND AUTOMATED SYSTEMS - A system including a deep learning processor obtains response data of at least two data types from a set of process stations performing operations as part of a manufacturing process. The system analyzes factory operation and control data to generate expected behavioral pattern data. Further, the system uses the response data to generate actual behavior pattern data for the process stations. Based on an analysis of the actual behavior pattern data in relation to the expected behavioral pattern data, the system determines whether anomalous activity has occurred as a result of the manufacturing process. If it is determined that anomalous activity has occurred, the system provides an indication of this anomalous activity. | 2021-10-14 |
20210320932 | ELECTRONIC CONTROL UNIT, ELECTRONIC CONTROL SYSTEM, AND RECORDING MEDIUM - An electronic control unit that is capable of more accurately determining an event that has occurred in a network installed in a mobile body such as a vehicle, the electronic control unit including: a transmitter-receiver that receives first messages transmitted from a first ECU included in an in-vehicle network; and an attack determiner that, when a first message among the first messages received by the transmitter-receiver is determined to have an anomaly, determines whether a cause of the anomaly is an attack on the in-vehicle network. | 2021-10-14 |
20210320933 | POST-GATEWAY BUS-OFF ATTACK MITIGATION - Systems, apparatuses, and methods to identify bus-off and masquerade attacks against ECUs transmitting on a communication bus from behind a gateway coupled to the communication bus. The disclosure further describes systems, apparatuses, and methods to mitigate against bus-off attacks made against an ECU coupled to a communication bus through a gateway. | 2021-10-14 |
20210320934 | METHODS, SYSTEMS, ARTICLES OF MANUFACTURE AND APPARATUS FOR PRODUCING GENERIC IP REPUTATION THROUGH CROSS PROTOCOL ANALYSIS - Methods, apparatus, systems and articles of manufacture for producing generic Internet Protocol (IP) reputation through cross-protocol analysis are disclosed. An example apparatus includes a data collector to gather a first data set representing IP telemetry data for a first protocol, the data collector to gather a second data set representing IP telemetry data for a second protocol different from the first protocol. A label generator is to generate a training data set based on records in the first data set and the second data set having matching IP addresses, the training data set to include combined label indicating whether each of the respective matching IP addresses is malicious. A model trainer is to train a machine learning model using the training data set. A model executor is to, responsive to a request from a client device, execute the machine learning model to determine whether a requested IP address is malicious. | 2021-10-14 |
20210320935 | METHOD AND APPARATUS FOR RESISTING DOWNGRADE ATTACK FOR PRIVATE LIMITED CONNECTION - The disclosure provides a method for resisting downgrade attack for private limited connection, comprising: performing a 4-way handshake between an initiating entity and a responding entity to establish a PMKSA; receiving, by the initiating entity, a frame from the responding entity during the 4-way handshake, wherein the frame comprises an indication of usage of private limited connection for all responding entities in a network identified by a SSID of the responding entity; and establishing, by the initiating entity, a private limited connection in the network identified by the SSID of the responding entity. | 2021-10-14 |
20210320936 | PROCESS HEALTH INFORMATION TO DETERMINE WHETHER AN ANOMALY OCCURRED - Examples disclosed herein relate to processing health information of a computing device according to a deep learning model to determine whether an anomaly has occurred. Multiple computing devices can be part of a system. One of the computing devices includes a host processing element, a management controller separate from the host processing element, and a deep learning model that includes parameters that are trained to identify anomalistic behavior for the computing device. The management controller can receive health information from multiple components of the computing device and process the health information according to the deep learning model to determine whether an anomaly occurred. | 2021-10-14 |
20210320937 | LOG OUTPUT DEVICE, LOG OUTPUT METHOD AND LOG OUTPUT SYSTEM - A log output device includes a generation unit that generates a log indicating history information of execution of processing, a memory that stores a first list including first static information indicating that the processing is abnormal; a second list including second static information indicating that the processing is normal; and a third list including dynamic information to be used for determining the necessity of output of the log according to the log, and a selection unit that determines to output the generated log when the log has the first static information, and decides not to output the generated log when the log has the second static information. The selection unit determines the necessity of output of the generated log on the basis of the log and the third list. | 2021-10-14 |
20210320938 | NETWORK SECURITY ENFORCEMENT DEVICE - A software defined security (SDS) solution provides a centralized approach to security deployment across an entire enterprise infrastructure. Modern virtualization approaches serve to separate the physical machine, or server, from the operating system and applications that run on it. A robust security approach implements a security container deployable on various computing entities, whether defined by a hypervisor, container or dedicated operating system. Protected applications launch in an execution environment that may be virtualized, yet is protected by the container deployed on the computing entity on which it resides. The security containers identify, for each computing entity, available security resources, and apply these resources to throughput data of the computing entity. Each of the security containers is responsive to a resource manager, which implements a network policy through the security containers. The network policy defines logic that scrutinizes the ingress and egress traffic for compliance, and disallows and/or reports deviations. | 2021-10-14 |
20210320939 | UNSUPERVISED METHOD FOR BASELINING AND ANOMALY DETECTION IN TIME-SERIES DATA FOR ENTERPRISE SYSTEMS - Systems and methods for performing unsupervised baselining and anomaly detection using time-series data are described. In one or more embodiments, a baselining and anomaly detection system receives a set of time-series data. Based on the set of time-series, the system generates a first interval that represents a first distribution of sample values associated with the first seasonal pattern and a second interval that represents a second distribution of sample values associated with the second seasonal pattern. The system then monitors a time-series signals using the first interval during a first time period and the second interval during a second time period. In response to detecting an anomaly in the first seasonal pattern or the second seasonal pattern, the system performs a responsive action, such as generating an alert. | 2021-10-14 |
20210320940 | SSL PROXY WHITELISTING - A network device may receive a first data packet. The network device may determine that a level of available computing resources satisfies a threshold level. The network device may perform a secure socket layer (SSL) proxy function based on the level of available computing resources satisfying the threshold level. The network device may receive a second data packet. The network device may determine that the level of available computing resources fails to satisfy the threshold level. The network device may determine a security characteristic associated with the second data packet. The network device may determine a security rating associated with the second data packet based on the security characteristic. The network device may selectively perform the SSL proxy function based on the security rating. | 2021-10-14 |
20210320941 | METHOD FOR EMULATING A KNOWN ATTACK ON A TARGET COMPUTER NETWORK - One variation of a method for emulating a known attack on a computer network includes: generating a set of data packets by recombining packet fragments within a packet capture file representing packet fragments transmitted between machines during a prior malicious attack on a second network; defining transmission triggers for transmission of the set of data packets between pairs of agents connected to a target network based on timestamps of packet fragments in the packet capture file; initiating transmission of the set of data packets between the pairs agents according to the set of transmission triggers to simulate the malicious attack on the target network; and, in response to absence of a security event related to the simulation in a log of a security technology deployed on the target network, generating a prompt to reconfigure the security technology to respond to the malicious attack. | 2021-10-14 |
20210320942 | ESTIMATION METHOD, ESTIMATION DEVICE, AND ESTIMATION PROGRAM - An estimation device ( | 2021-10-14 |
20210320943 | DETECTING OVER-MITIGATION OF NETWORK TRAFFIC BY A NETWORK SECURITY ELEMENT - A computer method and system for detecting and preventing over-mitigation of network attacks (e.g., Denial of Service (DoS) attacks) upon a protected computer network by a network security element. A determination is made as to whether captured data packets transmitting to a protected network are associated with legitimate network traffic (e.g., non-attack traffic). A matching pattern of the captured data packets determined legitimate network traffic is generated and test traffic packets utilizing the matching pattern of the captured data packets are then generated. The generated test traffic packets are then injected into the network security element/filter. A determination is then made as to whether if the injected test traffic packets are treated as a malicious traffic (e.g., a DoS attack), or as legitimate traffic, by the network security filter. If treated as malicious traffic (e.g., the network security filter is treating legitimate traffic as malicious), indication is provided to cause changes to the network security filter to prevent legitimate traffic from being treated as malicious (e.g., attack/DoS traffic). | 2021-10-14 |
20210320944 | SECURITY TECHNIQUES FOR 5G AND NEXT GENERATION RADIO ACCESS NETWORKS - Malicious attacks by certain devices against a radio access network (RAN) can be detected and mitigated, while allowing communication of priority messages. A security management component (SMC) can determine whether a malicious attack against the RAN is occurring based on a defined baseline that indicates whether a malicious attack is occurring. The defined baseline is determined based on respective characteristics associated with respective devices that are determined based on analysis of information relating to the devices. In response to determining there is a malicious attack, SMC determines whether to block connections of devices to the RAN based on respective priority levels associated with respective messages being communicated by the devices. SMC blocks connections of devices communicating messages associated with priority levels that do not satisfy a defined threshold priority level, while managing communication connections to allow messages satisfying the defined threshold priority level to be communicated via the RAN. | 2021-10-14 |
20210320945 | METHOD FOR VERIFYING CONFIGURATIONS OF SECURITY TECHNOLOGIES DEPLOYED ON A COMPUTER NETWORK - One variation of a method for verifying configurations of security technologies deployed on a computer network includes: deploying a phase—within an attack validation scenario analogous to a network security threat and associated with a target response type—for execution by an asset on the computer network during a phase window; during the polling window following the phase window, polling a log of a security technology deployed on the network for a sequence of events associated with the target asset; correlation events, in the sequence of events, with the phase based on proximities of event timestamps to the phase window; and, in response to a difference between an event type of a first event correlated with the phase and the target response type, generating a prompt to reconfigure the security technology to respond to behaviors analogous to the phase, on the computer network, according to the target response type. | 2021-10-14 |
20210320946 | PHISHING DOMAIN DETECTION SYSTEMS AND METHODS - The main objective of Certificate Transparency (CT) is to detect mis-issued certificates or rouge certificate authorities. It has been observed that phishing sites have been increasingly acquiring certificates to look more legitimate and reach more victims, thus providing an opportunity to predict phishing domains early. The present disclosure provides systems and methods for early detection of phishing and benign domain traces in CT logs. The provided system may predict phishing domains early even before content is available via time-, issuer-, and certificate-based characteristics that are used to identify sets of CT-based inexpensive and novel features. The CT-features are augmented with other features including passive DNS (pDNS) and domain-based lexical features. | 2021-10-14 |
20210320947 | SYSTEMS AND METHODS FOR DATA PRIVACY AND SECURITY - Methods and systems are disclosed. At a respective computing system, a request to run a program on first data stored within the respective computing system may be received. In some examples, the first data may be stored in association with a data access policy that defines access restrictions for the first data. In response to receiving the request, whether the request to run the program on the first data satisfies the access restrictions defined by the data access policy may be determined. In response to determining whether the request to run the program satisfies the access restrictions, in accordance with a determination that the access restrictions are satisfied, the program may be run, including performing one or more operations on the first data in an environment within the respective computing system, where a contents of the environment cannot be accessed from outside of the environment. | 2021-10-14 |
20210320948 | Dynamic Application Security Posture Change Based On Physical Vulnerability - A system is provided for protecting services, such as cloud services, running on one or more server computers in a server rack. The system includes one or more rack processors. The one or more rack processors may receive sensor signals from one or more sensors of the server rack, the sensor signals capturing a physical environment of the server rack in a datacenter. The one or more rack processors may determine, based on the sensor signals, a security status of the server rack. The one or more rack processors may send the security status to the services on the one or more server computers within the server rack. | 2021-10-14 |