43rd week of 2021 patent applcation highlights part 72 |
Patent application number | Title | Published |
20210336931 | DATA ROUTING OPTIONS FOR A VPN - One example method of operation may include receiving a data request from a client device to retrieve data from one or more servers, identifying from the data request one or more of a domain name and an IP address associated with the one or more servers, determining whether the data will be routed through a VPN server or through a non-VPN route among the one or more servers based on a comparison of one or more of the domain name and the IP address with one or more lists stored in a VPN client application memory associated with the VPN server, and routing the data through the VPN server or outside the VPN server based on results of the comparison. | 2021-10-28 |
20210336932 | Sub-clouds in a cloud-based system for private application access - Systems and methods include obtaining for a tenant a definition of a sub-cloud in a cloud-based system, wherein the cloud-based system includes a plurality of data centers geographically distributed, and wherein the sub-cloud includes a subset of the plurality of data centers; receiving a request, in a cloud system from a user device, to access an application for the tenant, wherein the application is constrained to the sub-cloud, and wherein the user device is remote over the Internet; determining if the user device is permitted to access the application; if the user device is not permitted to access the application, notifying the user device the application does not exist; and if the user device is permitted to access the application, stitching together connections between the sub-cloud, the application, and the user device to provide access to the application. | 2021-10-28 |
20210336933 | Connector selection through a cloud-based system for private application access - Systems and methods include obtaining criteria for selecting connectors for private application access in a cloud-based system; responsive to a request to access an application, by a user device, located in any of a public cloud, a private cloud, and an enterprise network, wherein the user device is remote over the Internet, determining a connector coupled to the application based on the criteria; and, responsive to a user of the user device being permitted to access the application, stitching together connections between the cloud-based system, the application, and the user device to provide access to the application. | 2021-10-28 |
20210336934 | Cloud-based web application and API protection - Systems and methods include, responsive to determining a user can access an application via a cloud-based system, wherein the application is in one of a public cloud, a private cloud, and an enterprise network, and wherein the user is remote over the Internet, obtaining a predetermined inspection profile for the user with the inspection profile including a plurality of rules evaluated in an order; performing inspection of the access using the plurality of rules in the order; and responsive to results of any of the plurality of rules, one or more of monitoring, allowing, blocking, and redirecting the access, via the cloud-based system. | 2021-10-28 |
20210336935 | SECURE DATA TRANSFER SYSTEM WITH INTEGRATED PROXY GATEWAY - A system for secure data transfer is provided. The system is configured to: generate a database of verified interaction providers comprising verified provider information; determine that a user device has accessed a data transfer location associated with an interaction provider; install a proxy server over the data transfer location, wherein data transfer traffic between the user device and the interaction provider is routed through and monitored by the proxy server; determine, via the proxy server, that the user device has requested an interaction at the data transfer location, the interaction comprising a data transfer; determine that the interaction provider associated with the data transfer location is in the database of verified interaction providers; and in response to determining that the interaction provider is in the database, complete the data transfer through the proxy server. | 2021-10-28 |
20210336936 | NETWORK CONTEXT MONITORING WITHIN SERVICE MESH CONTAINERIZATION ENVIRONMENT - A security monitor monitors network communications at a loopback interface of a pod in the container system. The pod includes a service mesh proxy and an application container. The application container includes computer-readable instructions and is initiated via a container service and is isolated using operating system-level virtualization. The application container communicates with the service mesh proxy using the loopback interface. The security monitor extracts network address and port information from packet data in the network communications at the loopback interface. The security monitor determines one or more connection contexts of the network communications at the loopback interface, each connection context used to identify a network session of the application container with a remote application container. | 2021-10-28 |
20210336937 | DOMAIN SPECIFIC BROWSER IDENTIFIERS AS REPLACEMENT OF BROWSER COOKIES - The present disclosure provides a secure, user-transparent, and highly efficient content provider-specific identifier (“CPSID”), sometimes referred to as a “read-only cookie” (“ROC”). These content provider-specific identifiers may be generated by the client device and encrypted with a public key of the content provider, preventing third parties from indirectly identifying matches, and obviating the need for provider-side cookie matching tables and resource-intensive tracking communications. The generation of content provider-specific identifiers may be controlled by user policies, such that identifiers are only created for content providers with compliant terms of service (ToS), e.g. retrievable from a predetermined address within the domain; content providers that are on a whitelist (e.g. for which the user has explicitly provided consent); and/or content providers that are not on a blacklist (e.g. for which the user has explicitly refused consent). | 2021-10-28 |
20210336938 | METHOD FOR ANONYMIZING NETWORK DATA USING DIFFERENTIAL PRIVACY - The invention described herein is directed to methods and systems for protecting network trace data. Network traces are used for network management, packet classification, traffic engineering, tracking user behavior, identifying user behavior, analyzing network hierarchy, maintaining network security, and classifying packet flows. In some embodiments, network trace data is protected by subjecting network trace data to data anonymization using an anonymization algorithm that simultaneously provides sufficient privacy to accommodate the organization need of the network trace data owner, provides acceptable data utility to accommodate management and/or network investigative needs, and provides efficient data analysis, at the same time. | 2021-10-28 |
20210336939 | INTERACTIVE SURGICAL SYSTEMS WITH ENCRYPTED COMMUNICATION CAPABILITIES - A surgical hub is configured to transmit generator data associated with a surgical procedure from a generator of the surgical hub to a cloud-based system. The surgical hub comprises a processor and a memory storing instructions executable by the processor to: receive generator data; encrypt the generator data; generate a message authentication code based on the generator data; generate a datagram comprising: the encrypted generator data, the generated message authentication code, a source identifier and a destination identifier; and transmit the datagram to the cloud-based system. The datagram allows for the cloud-based system to: decrypt the encrypted generator data; verify the integrity of the generator data based on the message authentication code; authenticate the surgical hub as the source of the datagram; and validate a transmission path followed by the datagram between the surgical hub and the cloud based system. | 2021-10-28 |
20210336940 | Dynamic Unauthorized Activity Detection and Control System - Systems for dynamically detecting and controlling unauthorized events are presented. In some examples, data may be received from one or more computing systems. In some examples, the computing systems may each be associated with an enterprise unit within an enterprise organization. The data may include, in some examples, processed unauthorized activity event data, such as account takeover event data. The data received may be aggregated and analyzed (e.g., using machine learning) to identify potential threats and threat outputs. In some examples, the threat output may include a user interface indicating the threat or potential threat, systems or applications potentially impacted, enterprise units impacted, and the like. Based on the threat output, one or more mitigation actions may be identified and executed. The mitigation actions may include modifying operation of one or more systems, modifying authentication requirements, and the like. | 2021-10-28 |
20210336941 | BROWSER EXTENSION FOR LIMITED-USE SECURE TOKEN PAYMENT - Methods and systems for a browser extension system are disclosed. In some embodiments, a browser extension server includes a communication device configured to communicate with a first computing device executing a browser extension application and a web browser application and a second computing device executing an authentication application. The browser extension server further includes a memory storing instructions, and a processor configured to execute the instructions to perform operations. The operations may include receiving from the first computing device an indication of a financial service account associated with the first computing device, detecting a payment field in a web page provided by the computing device through the web browser application and, in response, generating a secure token mapped to the financial service account, The operations may further include sending the second computing device an authentication request, receiving an authentication response, and populating the payment field with the secure token. | 2021-10-28 |
20210336942 | MANAGED DOMAINS FOR REMOTE CONTENT AND CONFIGURATION CONTROL ON MOBILE INFORMATION DEVICES - A technique is disclosed for remotely managing isolated domains on mobile devices. A request is received from the mobile device to instantiate a managed domain. A managed domain configuration is determined and comprises a security policy controlling access to content of the managed domain of the subscribing mobile device, a content specification identifying the content to be downloaded by the subscribing mobile device into the managed domain, and a content configuration identifying a configuration of the content on the subscribing mobile device. The managed domain configuration is sent to the subscribing mobile device to instantiate a secure, managed domain whose policy, content and content configuration is remotely controlled. The technique is useful for advertising and brand promotion on mobile devices as it simultaneously enables detailed control over the presentation of content by a curator while ensuring privacy and security protection of the other apps, accounts and data on the mobile device. | 2021-10-28 |
20210336943 | SHARING CREDENTIALS - A system for providing an application includes an interface and a processor. The interface is configured to receive an indication to provide an application to a device. The processor is configured to provide the application to the device. The application is configured to receive a request for credentialed information associated with a user from a requesting server; determine whether a stored credential satisfies the request for the credentialed information; and in response to a determination that the stored credential satisfies the request for the credentialed information: determine a response credential for responding to the request; determine that the user approves sharing the credentialed information indicated by the response credential; and provide the response credential to the requesting server. | 2021-10-28 |
20210336944 | PASSWORD-LESS WIRELESS AUTHENTICATION - First, a plurality of access tokens may be received from a respective plurality of identity provider services. Each of the plurality of access tokens may be associated with a user. Then, the plurality of access tokens may be stored in a profile associated with the user. Next, user polices associated with the use of the plurality of access tokens may be assigned. A device token may then be provided to a user device associated with the user. The device token may be associated with the profile. The device token and network policies may be received and then it may be determined that the user polices and the network policies are congruent. In response to determining that the user polices and the network policies are congruent, authentication to at least one of the plurality identity provider services may be made. | 2021-10-28 |
20210336945 | TRUSTED LOGIN OF USER ACCOUNTS - Technologies related to trusted user account login are disclosed. In one implementation, a temporary trusted login token request for accessing a service page from an originating application is received. A temporary trusted login token based on the temporary trusted login token request is generated. The temporary trusted login token is sent to the originating application. A service page access request is received for accessing the service page generated based on the temporary trusted login token. The temporary trusted login token including the service authorization from the service page access request is identified. Whether the service page is included in the one or more service pages that are identified by the service authorization is determined, and trusted login to the service page from the originating application is allowed if the service page is included in the one or more service pages. | 2021-10-28 |
20210336946 | Single Sign-On Access to Cloud Applications - The technology disclosed relates to non-intrusively enforcing security during federated single sign-on (SSO) authentication without modifying a trust relationship between a service provider (SP) and an identity provider (IDP). In particular, it relates to an assertion proxy receiving a verified assertion from an IDP obtained from an assertion that is generated when a user logs into a service provider (SP) and is verified in dependence upon the IDP's public key. It also relates to evaluating the verified assertion against one or more security policies. It further relates to forwarding the verified assertion evaluated to the SP and causing establishment of a single sign-on (SSO) authenticated session without modifying the assertion. | 2021-10-28 |
20210336947 | ROGUE CERTIFICATE DETECTION - Unauthorized use of user credentials in a network implementing an authentication protocol is detected. Authentication certificates that are observed in the network are uniquely identified and monitored. A baseline profile of the authentication certificates is generated. For a new request to access a resource in the network, a unique identifier for the submitted authentication certificate is generated. If the identifier is new: the submitted authentication certificate is compared to the baseline profile and an alert is generated when the difference from the baseline profile exceeds a threshold. If the unique identifier for the submitted authentication certificate has previously been identified and is not included in the baseline profile, an alert is generated when the source computer associated with the unique identifier is not found in a chain of connection to the original source. | 2021-10-28 |
20210336948 | Vehicle Integration Platform (VIP) Security Integration - Systems and methods are directed to improvements for secure communications between client systems and a vehicle integration platform associated with a service provider entity. In one example, a communication infrastructure is provided which includes a vehicle integration platform that includes a plurality of application programming interfaces configured to facilitate communication among clients. The communication infrastructure includes a security integration system which is configured to receive and validate a client certificate forwarded to the vehicle integration platform from a client and determine an identity of the client and an origin of a request associated with the client certificate. The security integration system is configured to generate a certificate signing request associated with the client certificate based in part on the identity of the client and obtain an operational certificate for the client based in part on the certificate signing request to establish ability for client authentication within the vehicle integration platform. | 2021-10-28 |
20210336949 | ELECTRONIC SYSTEM FOR INTEGRATION OF COMMUNICATION CHANNELS AND ACTIVE CROSS-CHANNEL COMMUNICATION TRANSMISSION - Embodiments of the invention are directed to system structured for integration of communication channels and active cross-channel communication transmission, such that the user can utilize disparate electronic communication channels via a central user application. The system is configured to configured to construct a secure dynamic integrated interface in real-time structured for performing electronic activities associated with electronic communications. The system is also structured for dynamically transform electronic communications in response to the type of invoking communication channel and the authentication credential level of the communication channel. The system is also structured for, in response to determining a first user activity, in real-time, dynamically modifying the one or more graphical UI elements presented at the central user interface. | 2021-10-28 |
20210336950 | SERVICE PROVIDING SYSTEM, LOGIN SETTING METHOD, AND INFORMATION PROCESSING SYSTEM - A service providing system, a login setting method, and an information processing system. The service providing system includes an information processing system that stores a set value indicating whether a login is valid for each of the authentication methods, and transmits the set value for each of the authentication methods to the electronic device in response to a request from the electronic device, and the electronic device receives the set value for each of the authentication methods from the information processing system and changes a set value stored in the electronic device according to the set value of at least one of the authentication methods received from the information processing system. | 2021-10-28 |
20210336951 | FUSION TEMPLATE FOR USER AUTHENTICATION AND VAULT FOR STORING AND USING THE SAME - Methods and systems are provided that allow a user to store, provision, and control a plurality of biometric and non-biometric modalities associated with the user. An IntelliVault allows the user to securely store and utilize biometric information and provides sovereign data management to the user for access authentication. | 2021-10-28 |
20210336952 | MACHINE LEARNING TECHNIQUES FOR PERFORMING AUTHENTICATION BASED ON A USER'S INTERACTION WITH A CLIENT DEVICE - Techniques are disclosed relating to machine learning techniques for performing user authentication based on the manner in which a user interacts with a client device, including the use of Siamese networks to detect unauthorized use of a device and/or account. In some embodiments, a server system may receive a request to authorize a transaction associated with a user account. The request may include transaction details and, separate from those transaction details, interaction data indicative of a manner in which a requesting user interacts with a client device during a user session. The server system may apply a machine learning model to the interaction data to create an encoding value that is based on the manner in when the requesting user interacts with the client device during the user session. The server system may then compare the encoding value to a reference encoding value and, based on the comparison, determine whether to authorize the transaction. | 2021-10-28 |
20210336953 | Secure Online ID Validation and Review System - A method of detecting fraudulent activity during authenticating users and user identifications includes initiating a user's device to capture a sequence of images of the user to be authenticated commencing when the camera is operational and prior to receiving from the user a selection of the control that triggers capture of images and continuing until detecting that the user has selected the control to trigger capture of images, thereby enabling capture of activity performed by the user prior to and contemporaneous with selecting the control, including any attempted fraudulent activity of the user to be authenticated. Video, still images and audio of the user seeking authentication can be captured. | 2021-10-28 |
20210336954 | MONITORING SECURITY CONFIGURATIONS OF CLOUD-BASED SERVICES - A cloud-based service monitoring device includes a criteria database and an exceptions database. The criteria database includes predefined configuration criteria corresponding to approved operating parameters of each cloud-based service being monitored. The exceptions database includes predefined configuration exceptions such that, for a given instance, each configuration exception corresponds to a different instance-specific criteria than the associated configuration criteria for the cloud-based service. The monitoring device extracts configuration settings from instances of the cloud-based service and compares the settings to the configuration criteria of the cloud-based service. If a suspect setting is identified that does not satisfy the configuration criteria at the service level, the monitoring device compares the suspect setting to instance-specific criteria. If the setting does not satisfy both the configuration criteria and the instance-specific criteria, an alert message may be transmitted to an administrator's device. | 2021-10-28 |
20210336955 | Universal Digital Identity Authentication Service - The present disclosure involves systems and methods for identity authentication across multiple institutions using a trusted mobile device as a proxy for a user login. In one example, the operations include identifying a request to trust a particular user associated with a first entity in a digital ID network. A set of personally identifiable information (PII) associated with the user is obtained via the first entity and an identity verification (IDV)/fraud risk analysis is performed. In response to satisfying the analysis, instructions are transmitted to the user to verify the identity via a mobile trust application on an associated mobile device. Upon verification, the mobile device is bound to the user within the digital ID network along with a digital ID associated with the particular user. The digital ID can be used by other entities registered within the digital ID network to authenticate the user. | 2021-10-28 |
20210336956 | Electronic Health Data Access Control - According to an example aspect of the present invention, there is provided a method, comprising: receiving a request for personal health data of a user, obtaining rules for authorizing access to the personal health data on the basis of a smart contract in a distributed network, requesting authorization for accessing the personal health data from one or more authorizers specified by the smart contract, providing received at least one authorization to the distributed network for verifying compliance to the smart contract rules and validating a smart contract transaction authorizing provision of the personal health data. | 2021-10-28 |
20210336957 | Two-Way Information Exchange System and Method of Using the System - A two-way information exchange system, which allows a requesting client employing an intelligent communication device to conduct information exchange with a target client, includes a communication module, a memory module, an authentication module, a selection module, a central processing module, an evaluation module, and an authorization module. The central processing module can search for one online client meeting the exchange condition provided from the requesting client to be served as a primary target client, and search the memory module for one or more clients meeting the exchange condition to be served as false target clients. The central processing module can send the identity data of the target clients to the intelligent communication device, and receive/send exchange information between the clients. The evaluation module can evaluate a communication level between the clients and issue a privileged instruction to the authorization module, which informs the requesting client of obtaining a delete privilege. | 2021-10-28 |
20210336958 | SYSTEM FOR AUTOMATED ELECTRONIC DATA EXFILTRATION PATH IDENTIFICATION, PRIORITIZATION, AND REMEDIATION - A system for identifying and remediating data exfiltration paths is provided. In particular, the system may generate a map of the network environment which identifies all of the possible pathways and the steps of such pathways through which sensitive data may be exfiltrated. The system may then evaluate the potential impact associated with each exfiltration pathway and generate a prioritization scheme which may sort the pathways by their potential impacts. Based on the prioritization scheme, the system may, via a machine learning engine, provide one or more remediation processes that may be executed to reduce the chance of data exfiltration through certain potentially high-impact pathways. | 2021-10-28 |
20210336959 | Client forwarding policies for zero trust access for applications - Systems and methods include providing a user interface to an administrator associated with a tenant of a cloud-based system, wherein the tenant has a plurality of users each having an associated user device; receiving a plurality of client forwarding policies for the plurality of users, wherein each client forwarding policy of the client forwarding policies define rules related to how application requests from the plurality of users are forwarded for zero trust access; and providing the rules to corresponding user devices of the plurality of users. | 2021-10-28 |
20210336960 | A System and a Method for Monitoring Traffic Flows in a Communications Network - A network element and a method are configured to monitor a plurality of traffic flows conveyed in a communications network, wherein the network element comprises: at least one packet processor configured to support ACL functionality, and at least one CPU configured to track traffic flows and to export statistical data. | 2021-10-28 |
20210336961 | SECURE RESOURCE ACCESS BY AMALGAMATED IDENTITIES AND DISTRIBUTED LEDGER - A server receives encrypted data from a protected-resource-requesting device that includes an encrypted combination of the device and user identification. The first server requests a most recent copy of data of a distributed ledger from a randomly selected logged-in workstation. The first server searches for a match of the encrypted data from the first device in the distributed ledger data received from the randomly selected workstation. In response to determining a match, the first server updates a table of a second server with a one-time-password (OTP) and a copy of the encrypted data received from the device. The first server sends the OTP and an instruction to the device to send the OTP and the encrypted data to the second server, which determines whether a match exists. In response to a confirmed match, the first server grants access to the device. | 2021-10-28 |
20210336962 | AUTOMATED VERIFICATION OF AUTHENTICATED USERS ACCESSING A PHYSICAL RESOURCE - Disclosed are examples of a system for automated verification of the identity of a user accessing a physical resource using a client device. The client device can broadcast data to a security device. If the data includes a user credential, the security device can provide the user credential to a verification server to obtain profile information. If the data does not include a user credential, the security device can provide a verification request to the client device. If the user accepts the verification request, the client device can provide a user credential and an identity token to the security device. The security device can provide the user credential to a verification server to obtain profile information. The security device can validate the identity token using the profile information. If the user declines the verification request, the client device can instruct the user to proceed to a verification terminal. | 2021-10-28 |
20210336963 | CONNECTED DEVICE RIGHTS MANAGEMENT ADMINISTRATION - Various aspects and embodiments of dwelling automation administration are described. Among other aspects or features of the embodiments, a dwelling automation system in a computing device authenticates a user. A management interface in the dwelling automation system generates a user interface for administering a plurality of automation devices at different dwellings based on access and control rights of the user. The user interface can grant the user access to at least one automation device associated with a hub associated with at least one dwelling. | 2021-10-28 |
20210336964 | METHOD FOR IDENTIFYING USER, STORAGE MEDIUM, AND ELECTRONIC DEVICE - A method for identifying a user includes: controlling an electronic device to connect to a first communication network; obtaining target behavior data of a user to be identified from a data pool corresponding to the first communication network, in which, the data pool stores at least one type of candidate behavior data of a candidate user, the candidate behavior data is obtained from a data source corresponding to a second communication network, and a security level of the first communication network is higher than a security level of the second communication network; and obtaining a category of the user to be identified by analyzing the target behavior data based on the first communication network. | 2021-10-28 |
20210336965 | DETERMINING ELIGIBILITY FOR MULTIPLE CLIENT MEDIA STREAMING - Methods, systems and devices to authorize access to a simultaneous media streams are described. After a first media stream is initiated with a first client device, an authorization service receives a request to establish the simultaneous second media stream with a second client device. The service determines whether the second client device is at a geographic location where simultaneous streaming is allowed, and grants or denies access to the second simultaneous stream accordingly. | 2021-10-28 |
20210336966 | AUTHENTICATING ACCESS TO COMPUTING RESOURCES - Described embodiments provide systems, methods, computer readable media for accessing services via identity providers. A computing device may transmit, responsive to a request from a client to access a service, a value to the client. The client may be configured to access the service using an access token. The computing device may receive, from the client, a signature, the signature generated using the value, a device identifier, and a first encryption key. The computing device may determine, using the value and a second encryption key, the device identifier from the signature. The computing device may identify a status of the client according to the device identifier. The computing device may provide, responsive to the status, a new access token to permit access to the access and a refresh token to obtain subsequent access tokens. | 2021-10-28 |
20210336967 | RELAY METHOD, RELAY SYSTEM, AND RELAY PROGRAM - A connection management apparatus of a relay system specifies, when terminal identification information for identifying a target terminal is acquired from a client terminal, a first relay apparatus that relays communication, and specifies connecting information for the client terminal to connect to the first relay apparatus. The connection management apparatus stores the specified connecting information and the terminal identification information in a storage in association with each other, and notifies the client terminal of the specified connecting information. When the specified first relay apparatus receives access based on the connecting information from the client terminal, the specified first relay apparatus relays the communication between the client terminal and the target terminal on the basis of the terminal identification information associated with the connecting information. | 2021-10-28 |
20210336968 | AUTOMATIC RANSOMWARE DETECTION AND MITIGATION - A method, computer program product, and system for detecting and mitigating ransomware using snapshot-based backups applied to a block-oriented storage device, by performing the following operations: (i) performing, in predetermined time-intervals, snapshot backups of data in a block-oriented storage device; (ii) determining at least one interval malware index value between a last snapshot backup and a next planned snapshot backup, wherein the interval malware index value is indicative of a changed block rate in stored data of storage blocks of the block-oriented storage device; and (iii) in response to determining that the interval malware index value is larger than a predefined interval malware index threshold value, triggering an emergency snapshot. | 2021-10-28 |
20210336969 | Computerized System for Complying with Certain Critical Infrastructure Protection Requirements - A computerized system for complying with critical infrastructure protection (“CIP”) standards concerning system configuration changes. The system can be used to automatically identify and track changes to computers on the network, improving system security and CIP compliance reporting. In certain embodiments, the system collects system information on servers and workstations using built-in commands. The configuration profiles of these computers/devices can be archived for audit purposes. | 2021-10-28 |
20210336970 | SYSTEM AND METHOD FOR ANTI-RANSOMWARE OR ANTI-PHISHING APPLICATION - A server for blocking a ransomware attack includes a backup storage device which has a purpose for backing up the stored data in a server as a separate storage device which is physically independent from the server and includes a communication interface to enable a communication access to the server; and a service agent which is installed in the server to mediate the communication with the backup storage device. | 2021-10-28 |
20210336971 | SYSTEM AND METHOD FOR CONTINUOUS COLLECTION, ANALYSIS AND REPORTING OF ATTACK PATHS IN A DIRECTORY SERVICES ENVIRONMENT - A system and method for analyzing directory service environment attack paths for an enterprise may continuously collect data about the attack paths and provide alerts. The system and method may also analyze the nested object relationships within Directory Services alongside objects at risk for Credential Theft to calculate all possible attack paths within the environment. | 2021-10-28 |
20210336972 | METHOD FOR DETECTING LOST ACCOUNT BASED ON MULTIPLE DIMENSIONS - The present invention discloses a method for detecting a lost account based on multiple dimensions. The method includes the steps of obtaining security event information of an account via a security device such as an Intrusion Prevention System (IPS)/an Intrusion Detection System (IDS)/a firewall/an anti-virus wall/or the like; obtaining uplink and downlink traffic information of the account via analysis on a traffic log; identifying a covert communication signal of the account via the analysis on the traffic log; identifying abnormal login information of the account according to the traffic log; identifying data leakage information of the account according to the traffic log; obtaining functional use information of the account in a service system according to the traffic log; obtaining service process security information according to the traffic log; and determining a risk score and a loss probability of the account to the abnormal information of the account. | 2021-10-28 |
20210336973 | METHOD AND SYSTEM FOR DETECTING MALICIOUS OR SUSPICIOUS ACTIVITY BY BASELINING HOST BEHAVIOR - The disclosed subject matter includes a system, which when installed in a specific host, such as an end point, or end point computer, will model its behavior over time, score new activities in real time and calculate outliers, by creating and analyzing vectors. The vectors are formed of feature values, extracted from executable processes, and the analysis includes the determining and evaluating the distance between a current vector and a cluster of vectors. | 2021-10-28 |
20210336974 | Computer Security and Methods of Use Thereof - Described herein are various methods of securing a computer system. One or more methods include starting a security process after basic functionality on a computer is initiated at startup. The security process performs one or more reviews, such as audits, of the computer to verify that there have not been unauthorized changes to the computer, such as to any settings or executable files. | 2021-10-28 |
20210336975 | Method and System of deducing state logic data within a distributed network - A method and system for securing an operating domain that spans one or more distributed information technology networks is disclosed. In the present invention, a state machine reference monitor, comprising a monitor port operatively connected to one or more network traffic capture devices positioned across a distributed network of an operating domain, with each traffic capture interception network device in communication with a central server. Each interception network device along with the central server having a processor and a memory comprising instructions, which when executed by each device processor perform the method of extracting logic state data and deducting ancillary logic state data across the distributed operating domain. | 2021-10-28 |
20210336976 | TECHNIQUES FOR SECURING VIRTUAL MACHINES - A system and method for securing virtual cloud assets in a cloud computing environment against cyber threats. The method includes: determining a location of a snapshot of at least one virtual disk of a protected virtual cloud asset, wherein the virtual cloud asset is instantiated in the cloud computing environment; accessing the snapshot of the virtual disk based on the determined location; analyzing the snapshot of the protected virtual cloud asset to detect potential cyber threats risking the protected virtual cloud asset; and alerting detected potential cyber threats based on a determined priority. | 2021-10-28 |
20210336977 | DEEP PACKET ANALYSIS - A computer-implemented method for protecting a processing environment from malicious incoming network traffic may be provided. The method comprises: in response to receiving incoming network traffic comprising a data packet, performing a packet and traffic analysis of the data packet to determine whether said data packet is non-malicious and malicious, and processing of the data packet in a sandbox environment. Furthermore, the method comprises: in response to detecting that the data packet is non-malicious based on the packet and traffic analysis, releasing the processed data packet from the sandbox environment for further processing in the processing environment, and in response to detecting that the data packet is malicious based on the packet and traffic analysis discarding the data packet. | 2021-10-28 |
20210336978 | METHOD FOR IMPLEMENTING HETEROGENEOUS DATABASE SYNCHRONIZATION IN SECURITY ISOLATION GAP BASED ON DATA STREAM ANALYSIS - The present invention discloses a method for implementing heterogeneous database synchronization in a security isolation gap based on data stream analysis. The method includes the steps of connecting a non-secret-related external network database via an Open Database Connectivity (ODBC) database driver, monitoring a port of a source database server for packet capture and analysis, extracting data, converting the data into a self-defined format, sending the data to a target database via an internal private protocol of an isolated card of the gap, then converting the data into a target database format when the data is synchronized to a target database, and sending analyzed data to an outer end of the uni-directional gap, thus completing data synchronization between the source database and the target database. | 2021-10-28 |
20210336979 | Partial Bayesian network with feedback - Typical implementations of anomaly detection algorithms as means to detect failure of elements of the network are based on excessive processing due to AI and machine learning techniques adopted for big data analysis. Contrary to such approach, careful study of a network, particularly sensor and actuator rich network, allow for an efficient implementation—lower processing requirements and achieving better ratio of Probability-of-Detection (PD) to False-Alarm-Rate (FAR)—by segmentation of the data layers (grouping) and implement processing on smaller groups of data, eliminating unnecessary data values that add to the “noise”. Two different anomaly detection algorithm are employed: one detects anomaly of system and the other identifies defected programs, particularly by malware. | 2021-10-28 |
20210336980 | Feature-Agnostic Behavior Profile Based Anomaly Detection - Techniques for user behavior anomaly detection. At least one low-variance characteristic is compared to an expected result for the corresponding low-variance characteristics to determine if the low-variance characteristic(s) is/are within a pre-selected range of the expected results. A security response action is taken in response to the low-variance characteristic not being within the first pre-selected range of the expected results. At least one high-variance characteristic is compared to an expected result for the corresponding high-variance characteristics to determine if the high-variance characteristic(s) is/are within a pre-selected range of the expected results. A security response action is taken in response to the high-variance characteristic not being within the first pre-selected range of the expected results. Access is provided if the low-variance and the high-variance characteristics are within the respective expected ranges. | 2021-10-28 |
20210336981 | Assessing Computer Network Risk - Systems and methods for risk assessment of a computer network are described. In one embodiment a first static risk score corresponding to a first computing device is computed. A connectivity map corresponding to the first computing device is determined. Communication performed by the first computing device via the connectivity map is analyzed, and a first dynamic risk score corresponding to the first computing device is computed. The first static risk score and the first dynamic risk score are combined to generate a first total risk score for the first computing device. A second total risk score for a second computing device is determined. The first total risk score and the second total risk score are aggregated into an aggregate risk score. A risk assessment of the computer network is determined based on the aggregate risk score. | 2021-10-28 |
20210336982 | Assessing Computer Network Risk - Systems and methods to determine an aggregate risk score are described. In one embodiment, a first dynamic risk factor and a second dynamic risk factor are generated associated with a first incident and a second incident respectively at a site. One or more static risk factors are retrieved from a database. The static risk factors and the dynamic risk factors are mapped to a first threat. A first threat risk score associated with the first threat is computed. A second risk score associated with a second threat is computed. A first total risk score associated with a first computing device included in a computer network associated with the site is computed. A second risk score associated with a second computing device included in the computer network is computed. The first total risk score and the second total risk score are aggregated to compute an aggregate risk score. | 2021-10-28 |
20210336983 | DETECTION AND PREVENTION OF EXTERNAL FRAUD - Introduced here are computer programs and computer-implemented techniques for detecting instances of external fraud by monitoring digital activities that are performed with accounts associated with an enterprise. A threat detection platform may determine the likelihood that an incoming email is indicative of external fraud based on the context and content of the incoming email. For example, to understand the risk posed by an incoming email, the threat detection platform may seek to determine not only whether the sender normally communicates with the recipient, but also whether the topic is one normally discussed by the sender and recipient. In this way, the threat detection platform can establish whether the incoming email deviates from past emails exchanged between the sender and recipient. | 2021-10-28 |
20210336984 | RISK-BASED VULNERABILITY REMEDIATION TIMEFRAME RECOMMENDATIONS - Systems and methods for computing times to remediate for asset vulnerabilities are described herein. In an embodiment, a server computer receives first vulnerability data for a plurality of entities identifying asset vulnerabilities and timing data corresponding to the vulnerability data indicating an amount of time between identification of an asset vulnerability and a result of the asset vulnerability. The server computer identifies a strict subset of the first vulnerability data that belongs to a particular category of a first plurality of categories. The server computer receives second vulnerability data for a particular entity identifying asset vulnerabilities. The server computer identifies a strict subset of the second vulnerability data the belongs to the particular category. Based, at least in part, on the strict subset of the first vulnerability data, the server computer computes a time to remediate the asset vulnerabilities in the strict subset of the second vulnerability data. | 2021-10-28 |
20210336985 | ALERTS FOR AND REMEDIATION OF VIRUS OUTBREAKS IN A DATA NETWORK SECURITY FABRIC - A network gateway interrogates a plurality of network devices to collect security state data and operational state data on a periodic basis. A vulnerability resolution module to automatically uploads a security report and downloads actions (e.g., updates to operating system, configurations or policies) from a cloud vulnerability server corresponding to resolution of the vulnerabilities. A security remediation module can remediate on the network device for protection against at least the specific vulnerability of the at least one the peripheral. | 2021-10-28 |
20210336986 | METHOD, DEVICE AND ETHERNET SWITCH FOR AUTOMATICALLY SENSING ATTACK BEHAVIORS - A method for automatically sensing attack behaviors, the method including: distributing a service request from a network switch to a response module, where the response module includes a main controller configured for data interaction processing and an auxiliary controller configured for interactive data processing; generating, by the main controller and the auxiliary controller in the response module, respective response data according to the service request, respectively; and comparing the respective response data of the main controller with the respective response data of the auxiliary controller; if a result of comparison is inconsistent, indicating the network switch is abnormal, an administrator is informed, and the response data generated by the auxiliary controller is fed back to the network switch; and, if the result of comparison is consistent, the response data generated by the main controller is fed back to the network switch. | 2021-10-28 |
20210336987 | Method for Detecting Structured Query Language (SQL) Injection Based on Big Data Algorithm - The present invention discloses a method for detecting Structured Query Language (SQL) injection based on a big data algorithm. According to the method, by simulating an attack, extracting a great number of SQL injection statements, performing a series of word segmentation and URL character conversion, and performing cross verification and learning, a training set of a naive Bayes algorithm is constructed; network audit data is processed by characteristic engineering and then substituted into the algorithm, so that a result for detecting the SQL injection is obtained; and furthermore, a business expert may make a further confirmation on the result to store the statement, which is confirmed as the SQL injection, to the training set again, so that the training set is increasingly rich, the identification accuracy is gradually increased, and the false alarm rate and the alarm leakage rate are gradually decreased. | 2021-10-28 |
20210336988 | INFORMATION PROCESSING APPARATUS AND NON-TRANSITORY COMPUTER READABLE MEDIUM - An information processing apparatus includes a processor configured to input a new domain name, a new Internet protocol (IP) address, and information indicating a name server managing the new domain name to a learner to determine presence or absence of a threat of a new destination host indicated by the new domain name and the new IP address, wherein, by using learning data including a domain name and an IP address indicating a destination host, information indicating a name server managing the domain name, and information on presence or absence of a threat of the destination host, the learner has learned to output the information on the presence or the absence of the threat of the destination host indicated by the domain name and the IP address in response to an input of the domain name, the IP address, and the information indicating the name server managing the domain name. | 2021-10-28 |
20210336989 | CLOAKING AUTHORITY SYSTEM - Disclosed herein are systems, methods and devices system for identifying a misbehaving computerized device. In some implementations, the system includes a processor to perform operations including receiving, by the system, a report about a computerized device, wherein the report comprises a pseudonym certificate from the computerized device, and wherein the pseudonym certificate comprises a linkage value. The operations also include transmitting, by the system and to a cloaking authority device, a request for a cloak index, wherein the request for the cloak index comprises the linkage value from the pseudonym certificate from the computerized device. The operations also include receiving, by the system, the cloak index from the cloaking authority device, and determining, by the system and using the cloak index, that the computerized device is the misbehaving computerized device. | 2021-10-28 |
20210336990 | NETWORKED DEVICE IDENTIFICATION AND CLASSIFICATION - A method of identifying network devices such as a router includes accessing an HTTP server on at least one network device, and evaluating a web page served by the device's HTTP server. The web page is evaluated to determine whether it is similar to a page group from a plurality of page groups, where each of the plurality of page groups comprises a group of web pages similar to other pages in the page group. If the evaluated web page is determined similar to a page group, the page group most similar to the evaluated web page is identified as corresponding to the identity of the network device. | 2021-10-28 |
20210336991 | SECURITY THREAT MANAGEMENT FRAMEWORK - A method, apparatus and computer program product for managing security threats to a distributed network. A set of events are aggregated from a plurality of event sources in the network for each of a set of security threats to the network. A magnitude of a characteristic of each of the set of security threats is determined. Each of the set of security threats is represented as a three dimensional graphical object in a three dimensional (3D) representation of the network according to the respective magnitude of the characteristic. A security action is taken based on the determined magnitude of one of the set of security threats. | 2021-10-28 |
20210336992 | INFORMATION TECHNOLOGY STACK SECURITY CONTROL CONFIGURATION - In some examples, a system receives input information relating to a security level for an information technology (IT) stack comprising a plurality of layers including a hardware layer and a software layer, where the input information is technology and product agnostic. The system discovers components of the plurality of layers of the IT stack, accesses a knowledge base that maps the security level and the discovered components to configuration instructions relating to security controls, and configures the IT stack with the security controls using the configuration instructions. | 2021-10-28 |
20210336993 | SELECTIVE SECURITY REGULATION FOR NETWORK COMMUNICATION - Embodiments of the present invention provide a system for providing selective security regulations associated with network communications to users. The system is configured for extracting user data associated with a user, identifying one or more characteristics based on the extracted user data, generating a custom security package for the user based on the one or more characteristics, displaying one or more options associated with the custom security package on a user device of the user, prompting the user to select at least one option from the one or more options, receiving the at least one option from the user, and deploying a functionality associated with the at least one option from the custom security package. | 2021-10-28 |
20210336994 | ATTESTATION SUPPORT FOR ELASTIC CLOUD COMPUTING ENVIRONMENTS - Attestation support in cloud computing environments is described. An example of an apparatus includes one or more processors to process data, including data related to hosting of workloads for one or more tenants; an orchestration element to receive a request for support of a workload of a tenant according to a selected membership policy, the orchestration element to select a set of one or more compute nodes to provide computation for the workload; and a security manager to receive the membership policy and to receive attestations from the selected compute nodes and, upon determining that the attestations meet the requirements of the membership policy, to add the one or more compute nodes to a group of compute nodes to provide computation for the workload. | 2021-10-28 |
20210336995 | METHODS AND APPARATUS TO PROVIDE RESOURCE SECURITY - Methods, apparatus, systems and articles of manufacture to provide resource security are disclosed. Example methods and apparatus manage a benchmark specific to a resource, the benchmark created during development of the resource and including a collection of rules to constrain behavior of the resource, enable a rule of the benchmark that corresponds with a type of the resource, disable a rule of the benchmark that does not correspond with the type of the resource, test the enabled rule of the benchmark against the resource, identify an insufficiency of the resource based on the enabled rule of the benchmark, and remediate the insufficiency of the resource to comply with the enabled rule of the benchmark. | 2021-10-28 |
20210336996 | DATA PROCESSING SYSTEMS FOR DATA-TRANSFER RISK IDENTIFICATION, CROSS-BORDER VISUALIZATION GENERATION, AND RELATED METHODS - The disclosed systems facilitate collection and management of personal data management documentation requirements and associated data. A master questionnaire is used to solicit information regarding documentation requirements for several contexts in a single interaction and responsive data can be mapped to questionnaires and/or datasets for particular contexts, such as jurisdictions and business sectors. The system can generate graphical user interfaces for presenting the documentation requirement data for a particular context by generating an interface with navigational elements for various contexts, detecting browser state data indicating user manipulation of one or more such elements, and generating a subsequent graphical user interface based on the browser context data. The system configures the subsequent interface to present the requested information in display elements and instructs the browser presenting the subsequent interface to retrieve the requested information using an ontology mapping the requested information to a master dataset. | 2021-10-28 |
20210336997 | METHOD AND SYSTEM FOR VIRTUAL MACHINE AWARE POLICY MANAGEMENT - A method and system for maintaining persistent network policies for a virtual machine (VM) that includes determining a name of the VM executing on a first host connected to a first network device; binding the name of the VM to a network policy for the VM on the first network device; acquiring from VM management software, using the name of the VM, a universally unique identifier (UUID) of the VM; associating the UUID to the network policy on the first network device; applying the network policy for the VM on the first network device; subscribing to receive notifications from the VM management software of changes to the configuration of the VM corresponding to the UUID; receiving notification from the VM management software of a configuration change made to the VM corresponding to the UUID; and updating the network policy of the VM to reflect the configuration change of the VM. | 2021-10-28 |
20210336998 | METHOD, SYSTEM, AND NON-TRANSITORY COMPUTER-READABLE RECORD MEDIUM FOR SHARING CONTENT DURING VOIP-BASED CALL - A content sharing method performed by a computer apparatus including processing circuitry, the method including providing, by the processing circuitry, an interface in response to a user input during a voice over Internet protocol (VoIP) call, a user of the computer apparatus participating in the VoIP call, generating, by the processing circuitry, metadata of a VoIP call packet in response to a share request for content specified through the interface, the metadata including data corresponding to the share request, sending, by the processing circuitry, the metadata to another user participating in the VoIP call, and displaying, by the processing circuitry, a playback screen of the content with a call screen of the VoIP call, the content being shared during the VoIP call between the computer apparatus and another computer apparatus of the other user using the metadata. | 2021-10-28 |
20210336999 | SYSTEM AND METHOD FOR WORKSPACE SHARING - A system and method of communicating between computing devices including pairing a first computing device with a second computing device. The first computing device and the computing second device are configured to communicate with an application workspace system. The first computing device provides token and application information to a second computing device. The second computing device is authenticated with the application workspace system using the token and launches an application corresponding to the application information. | 2021-10-28 |
20210337000 | CLOUD-BASED COMMUNICATION SYSTEM FOR AUTONOMOUSLY PROVIDING COLLABORATIVE COMMUNICATION EVENTS - A cloud-based method and system for autonomously providing collaborative communication events to one or more users of client devices. The method and system are configured to analyze an active user communication for the purposes of determining, predicting, presenting, and/or triggering collaboration opportunities (e.g., later communication sessions or events) automatically or for manual selection by the active user. The analysis is performed in the context of a specific user communication and is completed with support from cloud-based communication services, data, and workflows. | 2021-10-28 |
20210337001 | Media Stream Sending Method, Apparatus, System, and Device - A media stream sending method, apparatus, and system for providing a live media stream for a client that enters a live broadcast room includes a proxy server that receives a first live broadcast room request message and a second live broadcast room request message that are sent by a same proxy client; the proxy server receives a first live media stream that is sent by a media server to a first client and a second live media stream that is sent by the media server to a second client; and when determining that a role of the first client is a master user, and that a role of the second client is a slave user, the proxy server sends only the first live media stream to the proxy client such that the proxy client sends the first live media stream to the first client and the second client. | 2021-10-28 |
20210337002 | RESPONDING TO AMBIGUOUS PLAY REQUESTS - A request to play a media content item is received. It is determined whether the play request is ambiguous. Responsive to determining that the play request is ambiguous, then it is determined whether to play a suspended media content item or an alternate media content item. The determination can be made based on a length of time that the suspended media content item has been suspended, a media content item type, or a state, among other factors. Responsive to the determination, playback of the suspended or alternate media content item is initiated. | 2021-10-28 |
20210337003 | Stream-based data deduplication with cache synchronization - Stream-based data deduplication is provided in a multi-tenant shared infrastructure but without requiring “paired” endpoints having synchronized data dictionaries. Data objects processed by the dedupe functionality are treated as objects that can be fetched as needed. As such, a decoding peer does not need to maintain a symmetric library for the origin. Rather, if the peer does not have the chunks in cache that it needs, it follows a conventional content delivery network procedure to retrieve them. In this way, if dictionaries between pairs of sending and receiving peers are out-of-sync, relevant sections are then re-synchronized on-demand. The approach does not require that libraries maintained at a particular pair of sender and receiving peers are the same. Rather, the technique enables a peer, in effect, to “backfill” its dictionary on-the-fly. On-the-wire compression techniques are provided to reduce the amount of data transmitted between the peers. | 2021-10-28 |
20210337004 | Multimedia Conferencing Platform And Method - A multi-media video conferencing platform and method which includes a user database configured to store usernames and details; a processor configured route multiple media streams to a user location; and a compiler configured to present a multimedia template at a client workstation, the template having a plurality of tiles, where each tile corresponds to a different media type, and the compiler is configured to identify a media type of an incoming media stream or media presentation. The processor routes the incoming media to a tile having a matching media type so that the media stream or presentation displays in the tile corresponding to its media type. The template presented by the compiler has tiles corresponding to at least incoming streaming video, incoming still media, and two-way interactive video. | 2021-10-28 |
20210337005 | AUDIO SYNCHRONIZATION IN WIRELESS SYSTEMS - A method is provided for synchronizing a source device with a sink device. The source device transmits a stream of packets to the sink device. The source device receives feedback from the sink device indicating packet arrival times of the packets at the sink device. Based on the feedback, in some aspects, the source device determines an average time shift in the packet arrival times at the sink device, wherein the average time shift is relative to expected packet arrival times of the packets at the sink device. In some such aspects, the source device detects that the average time shift exceeds a threshold, and in response to the detecting, adjusts a streaming time of the stream of packets to synchronize, within a predefined tolerance, the source device with the sink device. | 2021-10-28 |
20210337006 | VIDEO DATA PROCESSING METHOD AND APPARATUS - Example video data processing methods and apparatus are disclosed. One example method includes receiving a first stream from a client, where the first bitstream is obtained by encoding image data in a specified spatial object. The specified spatial object is part of panoramic space, and a size of the specified spatial object is larger than a size of a spatial object of the panoramic space corresponding to viewport information. The spatial object corresponding to the viewport information is located in the specified spatial object. The client receives a second stream, where the second bitstream is obtained by encoding image data of a panoramic image of the panoramic space with a lower resolution than a resolution of the image data included in the specified spatial object. The client plays the second bitstream and first bitstream. | 2021-10-28 |
20210337007 | METHOD AND SERVER FOR HTTP PROTOCOL-BASED DATA REQUEST - A method for HTTP protocol-based data request includes: receiving an HTTP request from a downstream connection, associating the HTTP request with an upstream connection, converting the HTTP request into a data frame, transmitting the data frame through the associated upstream connection, collecting response data from the upstream connection, mapping the response data to the associated HTTP request, and returning the response data to the downstream connection where the HTTP request is located. | 2021-10-28 |
20210337008 | MANAGING NETWORK ISOLATED SERVICES FROM A PUBLICLY HOSTED WEB APPLICATION VIA CORS - A technique implements an administrative user interface of a backend service used to manage and administer on-premises resources, such as storage nodes of a cluster, within a private customer network. The backend service includes a browser configured to issue cross-origin resource sharing (CORS) requests among target storage nodes and a publicly-hosted web application on remote computing systems accessed via a public computer network (i.e., internet) that can be loaded on the browser within the customer network to manage and administer the on-prem resources on the private network. The technique involves the use of CORS over HyperText Transfer Protocol to access an origin that is not reachable via the public internet from a predetermined location of the browser, e.g., within the same customer network as the target storage nodes, particularly to facilitate management of the nodes. | 2021-10-28 |
20210337009 | FORCED IDENTIFICATION WITH AUTOMATED POST RESUBMISSION - A method by a web application layer proxy communicatively coupled between a client and an origin server for performing automated POST resubmission. The method includes intercepting a request by the client for a resource provided by the origin server, obtaining an interstitial page in response to receiving an indication from a bot detector component that the client needs to be identified, where the interstitial page includes challenge code for interrogating the client and code for automatically submitting a form included in the interstitial page if the client successfully acquires a token, encrypting a payload of the request, adding the encrypted payload to a hidden input field of the form included in the interstitial page, and sending the interstitial page with the encrypted payload added to the hidden input field of the form to the client as a response to the request. | 2021-10-28 |
20210337010 | COMPUTERIZED SYSTEM AND METHOD FOR AUTOMATICALLY PROVIDING NETWORKED DEVICES NON-NATIVE FUNCTIONALITY - Disclosed are systems and methods for improving interactions with and between computers in content searching, generating, hosting and/or providing systems supported by or configured with personal computing devices, servers and/or platforms. The systems interact to identify and retrieve data within or across platforms, which can be used to improve the quality of data used in processing interactions between or among processors in such systems. Computer-based systems leverage information shared within an electronic computing environment in order to provide a novel framework for detecting device capabilities from broadcasted information shared by such devices, which creates more computing opportunities for direct integration of the physical world into computer-based systems, thereby improving efficiency, accuracy and cost-effectiveness in the manner media content, application program and/or computing services are provided. | 2021-10-28 |
20210337011 | METHOD, APPARATUS, AND DEVICE FOR TRANSMITTING FILE BASED ON BMC, AND MEDIUM - A method, an apparatus, and a device for transmitting a file based on a BMC, and a medium are provided. The method includes: receiving, by a second BMC, a preset command sent by a first BMC, where the preset command indicates that transmission of a file is to be initiated; parsing the preset command, and stopping an IPMI process running based on a UART interface in response to the preset command; and receiving, by using a communication function of the UART interface, a data file transmitted by the first BMC. With the method, when the data file is transmitted between the BMCs, the data file is not intercepted and verified by the preset command processing function of the IPMI process running based on the UART interface, and the IPMI process is prevented from being blocked and crashing, thereby implementing transmission of data files between BMCs. | 2021-10-28 |
20210337012 | FILE DOWNLOAD MANAGER - A download module accesses a download queue including at least two file download requests from an application running on a client device of a server. The application and each of the file download requests is associated with a context that comprises a set of context components that each indicates a part of the application. The file download request context components indicate parts of the application that use the requested file and the application context components indicate parts of the application that are active. The download module ranks each of the file download requests based on a comparison of the respective file download request context components of each file download request to the application context components of the application. The download module then selects two or more file download requests in the download queue for concurrent execution based on the respective rankings of the file download requests in the download queue. | 2021-10-28 |
20210337013 | SYSTEM AND METHOD FOR LARGE SCALE SCREEN CAPTURE ACROSS GLOBAL DATA CENTER DEPLOYMENTS - An embodiment of the present invention may be directed to performing monitoring and recording activities, reporting and auditing the activities and further implementing an autonomous (agentless) deployment model. | 2021-10-28 |
20210337014 | Service Correlation across Hybrid Cloud Architecture to Support Container Hybridization - Concepts and technologies disclosed herein are directed to service correlation across hybrid cloud architecture to support container hybridization. According to one aspect of the concepts and technologies disclosed herein, an overlay network can instantiate a message bus between a first cloud network and a second cloud network. The overlay network can receive, via the message bus, a request from the second cloud network for a container image stored in a containerized application asset repository of the first cloud network. The overlay network can retrieve, via the message bus, the container image from the containerized application asset repository. The overlay network can provide, via the message bus, the container image to the second cloud network for creating a container based upon the container image. | 2021-10-28 |
20210337015 | METHOD AND SYSTEM OF APPLICATION DEVELOPMENT FOR MULTIPLE DEVICE CLIENT PLATFORMS - A client server environment having a server with a Web service in communication with a local client application which is tightly integrated with its local operating environment residing on a platform remote from the server; the local client application tightly integrated by way of integrating data structures requested and received from the server; the integrating data structures defining the attributes and parameters needed by the local client application to define an interface between the local client application and the Web service. The integrating data structures enable tight/close integration between the hosted application and the devices and the operating system features of the platform upon which the local client application resides. Also disclosed is an abstracted environment which can run on any one of the supported platform's devices as a native application, all based on the passing of the same page commands and receipt of corresponding client data objects. | 2021-10-28 |
20210337016 | PERIPHERAL DEVICE ENABLING VIRTUALIZED COMPUTING SERVICE EXTENSIONS - A peripheral device includes one or more processors and a memory storing program instructions that when executed implement an extension manager of a virtualized computing service. The extension manager establishes a secure network channel for communications between the peripheral device, which is located at a premise external to a provider network, and a data center of the provider network. The extension manager assigns a network address of the substrate network of the service to a hardware server at the external premise. The substrate address is also assigned to an extension traffic intermediary at the data center. In response to a command directed to the virtualized computing service, one or more compute instance configuration operations are performed at the hardware server. | 2021-10-28 |
20210337017 | HYBRID CLOUD COMPUTING NETWORK MANAGEMENT - Techniques for delivering a distributed network security service providing isolation of customer data are described. One example method includes configuring a first node to participate in a node cluster, wherein the first node is hosted by a first cloud service provider, and wherein participating in the node cluster includes performing one or more processing actions specific to the node cluster on data received by the node; configuring a second node to participate in the node cluster, the second node hosted by a second cloud service provider; receiving a status indication from the first node over a network; determining a synchronization mechanism for the first node based on a network configuration of the first node, wherein the determined synchronization mechanism is configured to allow the first node to acquire synchronization data from other nodes in the node cluster; and transmitting the synchronization mechanism to the first node over the network. | 2021-10-28 |
20210337019 | A METHOD FOR PROCESSING A SUPER-HOT FILE, LOAD BALANCING DEVICE AND DOWNLOAD SERVER - A method for processing a super-hot file includes: receiving a download request for a target file sent by a user client, and adding, into the download request, a cache parameter for indicating whether the target file is a super-hot file; matching an identifier of the target file against a super-hot file identifier library, and determining, according to a matching result, whether the target file is a super-hot file; if the target file is a super-hot file, generating a random identification code, and updating the cache parameter to a cache parameter indicating that the target file is a super-hot file; and determining a download server to which the random identification code is mapped, and forwarding the download request including the updated cache parameter to the download server. | 2021-10-28 |
20210337020 | CONTROLLING A SERVER RESPONSE LATENCY - Controlling a server latency response is presented. One example comprises monitoring, at a server, a number of requests from a client that cause a failure response. The method then comprises, responsive to the number of requests meeting a predetermined requirement, delaying processing of the requests from the client by a predetermined delay time. | 2021-10-28 |
20210337021 | ORCHESTRATION OF DATA SERVICES IN MULTIPLE CLOUD INFRASTRUCTURES - Orchestration of data services in multiple cloud infrastructures using the same user interface. In an embodiment, a customer provisions a first data service on a first cloud infrastructure and then a second data service on a second cloud infrastructure, while using the same user interface. An orchestration server may receive a respective count of nodes (“universe”) desired for each data service and issue commands to the corresponding cloud infrastructure to cause the desired data service to be provisioned. Another aspect facilitates creation/provisioning of a data service spanning multiple cloud infrastructures. In an embodiment, an orchestration server receives as inputs, the set of cloud infrastructures and count of nodes (“universe”) desired for the data service, and thereafter issues commands to provisioning systems of the respective cloud infrastructures to cause the desired data service to be created/provisioned. | 2021-10-28 |
20210337022 | DETERMINING NON-TDP ZONES IN A STORAGE AREA NETWORK - Examples include determination of non-TDP zones in a storage area network. Some examples use a member zone list request to request identification of each zone of which a target port of a target device is a member, identify each TDP zone among identified zones of which a target port is a member and determine whether the identified zones include one or more non-TDP zones. | 2021-10-28 |
20210337023 | SYSTEMS AND METHODS OF PROVIDING LEDGER AS A SERVICE - Described herein are systems and methods for a providing Ledger as a Service (LaaS). Blockchain technology helps bring potential solutions to the distributed ledger problem, with a linear record structure to record transaction history. However, there are different types of blockchain techniques (e.g., Hyperledger, Ethereum, Quorum), and users/developers need to know the explicit features of each technique and align with the required APIs. Ledger as a Service can allow users to an develop applications more efficiently, and can allow users to easily migrate applications among different blockchain techniques and platforms (e.g., between Hyperledger and Ethereum). LaaS can also allow for simplified transactions with a blockchain, and can additionally provide simplified communication between blockchains of different types. | 2021-10-28 |
20210337024 | HOST INITIATED LINK RESET IN A STORAGE AREA NETWORK - Embodiments include performing a host-initiated link reset in a storage area network (SAN). Aspects include identifying, by a host in communication with the SAN, each link in the SAN, wherein each link is defined by a pair of ports. Aspects also include obtaining, by the host, a buffer credit balance for each port in the SAN and calculating, by the host, a buffer credit imbalance for each link in the SAN. Aspects further include causing a reset of the link based on a determination that the buffer credit imbalance for a link exceeds a threshold value. | 2021-10-28 |
20210337025 | BRIDGING CLOUDS - Technology is disclosed for bridging clouds of computing devices for compute and data storage. The technology can receive a virtual routing table (VRT), wherein the VRT indicates an association with a virtual local area network (VLAN) and defines neighbors for each route wherein at least one neighbor is defined for each of the two different cloud service providers, wherein the route definition creates a private transitive network between the neighbors; receive from a first node a first message destined for a second node; determine that the first message employs the route specified by the VRT; forward the first message to the second node; receive from a third node a second message destined for the second node; determine that the second message does not employ the route specified by the VRT; and fail to forward the second message to the second node. | 2021-10-28 |
20210337026 | Acquiring Security Information in a Vast Storage Network - A storage network operates by: receiving a plurality of identifiers associated with a user including a user identifier and a group identifier; generating a plurality of key pairs associated with the plurality of user identifiers, the plurality of key pairs including a first key pair and a second key pair, the first key pair including a first public key and a first private key, and the second key pair including a second public key and a second private key; storing the plurality of key pairs; generating at least one request for a certificate; receiving at least one signed certificate in response to the at least one request; and accessing the storage network using the at least one signed certificate. | 2021-10-28 |
20210337027 | Proximity Routing Policy Enforcement for Trans-Border Internet of Things Data Governance Compliance - The concepts and technologies disclosed herein are directed to proximity routing policy enforcement for trans-border Internet of Things (“IoT”) data governance compliance. A network gateway can receive, from a data source device, a device registration message comprising a device registration header. The network gateway can determine, based upon the device registration header and a data governance policy, whether the data source device is permitted to access a data governance zone. In response to determining that the data source device is permitted to access the data governance zone, the network gateway can determine, based upon a further data governance policy, at least one gateway of a plurality of gateways operating in the data governance zone to which the device registration message is to be forwarded. The network gateway can forward the registration message to the at least one gateway so that the at least one gateway is enabled for device operation. | 2021-10-28 |
20210337028 | Network Topology Based on a Useful Wired Connection - A computing device may broadcast a first message via a wireless interface while operating according to a first network topology. After broadcasting the first message, the computing device may receive the first message via a wired interface. Based on receiving the first message via the wired interface, the computing device may broadcast a second message indicating a second network topology via the wireless interface. Based on receiving the first message via the wired interface, the computing device may operate according to the second network topology. | 2021-10-28 |
20210337029 | COMMUNICATING PARAMETERS BASED ON A CHANGE - A client device may identify a first parameter that is to be updated periodically and a second parameter that is to be updated based on a state change. The client may transmit, via a negotiation session, a request to the server device. The request indicates that the server device is to periodically provide information indicating a current value of the first parameter and is to provide information indicating an updated value of the second parameter when a state of the second parameter changes. The client device may periodically receive, from the server device and via a second communication protocol, a first datagram including the current value of the first parameter and may receive a second datagram including the updated value of the second parameter based on the server device determining that the current state of the second parameter has changed. | 2021-10-28 |
20210337030 | ACQUISITION METHOD, APPARATUS, DEVICE AND STORAGE MEDIUM FOR APPLET DATA - The embodiments of the present application disclose an acquisition method, apparatus, device and storage medium for applet data, relating to the technical field of the IoT, which are specifically implemented by: establishing a network connection with a data server according to an interface address of the data server corresponding to the applet when a trigger operation for starting the applet is detected; sending a data request message to the data server directly through the pre-established network connection after the applet is started, and receiving, from the data server, a data response message that contains requested data. Therefore, excessive time consumption caused by failing to pre-establish network connection before the first data request is sent can be avoided, and the acquisition efficiency of applet data can be improved. | 2021-10-28 |
20210337031 | DYNAMIC AND OPTIMAL SELECTION OF AZURE INTERNET OF THINGS (IoT) HUBS IN CELLULAR NETWORKS - An architecture for dynamically selecting and routing traffic from Internet of things (IoT) devices and sensors to the nearest or most proximate IoT hub device. A method can comprise receiving a connection request from a user device; retrieving address data representing a network device of a group of network devices; and sending the address data to the user device. | 2021-10-28 |