45th week of 2020 patent applcation highlights part 63 |
Patent application number | Title | Published |
20200351163 | EXTERNAL DATA COLLECTION FOR REST API BASED PERFORMANCE ANALYTICS - A hosted client instance includes a performance analytics module to present an internal key performance indicator and an external key performance indicator on a performance analytics dashboard. A query is executed to a connection to an external data source over a network to obtain a result set of data associated with the external key performance indicator. REST APIs associated with the performance analytics module are executed to: store the result set of data in a performance analytics storage device on the hosted client instance, the performance analytics storage device storing both the data associated with external and internal key performance indicators; and render, via a UI rendering engine of the performance analytics module, one or more widgets on the performance analytics dashboard. The REST APIs interact with the data associated with the internal and external indicators in the storage device to render the one or more widgets. | 2020-11-05 |
20200351164 | MULTI-FABRIC DEPLOYMENT AND MANAGEMENT PLATFORM - The present technology provides a framework for user-guided end-to-end automation of network deployment and management, that enables a user to guide the automation process for any kind of network deployment from the ground up, as well as offering network management, visibility, and compliance verification. The disclosed technology accomplishes this by creating a stateful and interactive virtual representation of a fabric using a customizable underlay fabric template instantiated with user-provided parameter values and network topology data computed from one or more connected network devices. A set of expected configurations corresponding to the user-specified underlay and overly fabric policies is then generated for deployment onto the connected network devices. Network deviations from the intended fabric policies are addressed by the provision of one or more configuration lines to be deployed onto or removed from the connected network devices to bring the network state in agreement with the set of expected configuration. | 2020-11-05 |
20200351165 | DRIVER UPGRADE METHOD AND DEVICE - A driver upgrade method and a device are provided, to simplify a driver upgrade process and improve upgrade efficiency. The driver upgrade method includes: receiving, by MANO, first information from a VNF during an upgrade of the VNF, where the first information is used to indicate version information of the VNF after the upgrade; determining, by the MANO, that an NFVI is not upgraded; and sending, by the MANO, second information to the VNF, where the second information is used to indicate the VNF not to upgrade a VF driver installed in the VNF. | 2020-11-05 |
20200351166 | METHOD AND SYSTEM FOR VIRTUAL SERVER DORMANCY - A method for providing a dormant state for content management servers is provided. Client devices are allowed to conduct transactions with servers when the servers are active. However, in a dormant state, the servers are not allowed to accept new transactions. Thus, by utilizing the dormant state, software upgrades can be made to one server at a time. Alternatively, all servers can be taken down for major upgrades, with the servers still operated in a read-only mode based on a file image from a point in time just prior to the shutdown. When the upgrade is completed, the servers can be returned to the active state. | 2020-11-05 |
20200351167 | RUNTIME MONITORING IN INTENT-BASED NETWORKING - Example method includes: receiving a network topology and a plurality of network configurations in an intent-based network; determining a number of spots available for runtime monitoring of an intent-based network policy among a plurality of intent-based policy in the intent-based network; determining a plurality of runtime constraints comprising one or more of time, resource capacity, and bandwidth demand based on the network topology and the plurality of network configurations; based on the plurality of runtime constraints, generating a runtime monitoring schedule that comprises at least a flow, a spot assigned for runtime monitoring of the flow, and a runtime monitoring rule to be applied at the assigned spot; and monitoring the flow based on the runtime monitoring schedule at the assigned spot. | 2020-11-05 |
20200351168 | ANOMALY DETECTION DEVICE, ANOMALY DETECTION SYSTEM, AND CONTROL METHOD - An IDS ECU includes: an anomalous frame detector that detects an anomalous frame; a connector communicator that transmits an anomaly-related request frame to a connector that is a transmitter of the anomalous frame, to request a response from the connector, and receives, from the connector, an anomaly-related response frame generated by the connector based on the anomaly-related request frame and indicating the transmitter; a network anomaly determiner that calculates, from the anomaly-related response frame, the number of anomalous connectors indicating the number of connectors that transmitted the anomaly-related response frame, and determines that an in-vehicle network system is: in a first anomalous state when the number is 0; and in a second anomalous state when the number is not 0; and a network anomaly handler that handles the first or second anomalous state determined by the network anomaly determiner. | 2020-11-05 |
20200351169 | INFERRING RADIO TYPE FROM CLUSTERING ALGORITHMS - Described embodiments provide systems and methods for inferring a network type and network conditions. The system includes a packet capturing engine configured to capture a plurality of network packets from a plurality of TCP network connections. The system includes a packet analyzer configured to analyze the plurality of network packets to generate a plurality of metrics. The system includes a network classifier configured to infer network types of the plurality of TCP connections based on the plurality of metrics and at least one classification model. The system also includes a conditions ranking engine configured to estimate a level of network congestion for each TCP connection based on the plurality of metrics and the network types. | 2020-11-05 |
20200351170 | Method for Detecting and Determining a Failure Probability of a Radio Network and Central Computer - The present application relates to a method for detecting and determining a failure probability (pA) of a radio network. The method is characterized in that devices of the radio network cyclically transmit operating parameters to a central computer wherein each transmitted operating parameter comprises an operating value of the respective device and a detection time point (t) of the operating value. All transmitted parameters and values can be viewed at any time by accessing the central computer. The central computer cyclically stores the operating values of all operating parameters detected within a predefined time interval (T) as the respective operating constellation and checks the radio network for a failure (A). The central computer cyclically creates a model based on the stored operating constellations and failures (A), which assigns a failure probability (pA) to each possible operating constellation. | 2020-11-05 |
20200351171 | MACHINE-LEARNING BASED OPTIMIZATION OF DATA CENTERS USING SUPPLEMENTAL INDICATORS - In exemplary aspects of optimizing data centers, historical data corresponding to a data center is collected. The data center includes a plurality of systems. A data center representation is generated. The data center representation can be one or more of a schematic and a collection of data from among the historical data. The data center representation is encoded into a neural network model. The neural network model is trained using at least a portion of the historical data. The trained model is deployed using a first set of inputs, causing the model to generate one or more output values for managing or optimizing the data center using supplemental indicators. | 2020-11-05 |
20200351172 | PIGGYBACKING CONTROL & DATA PLANE TELEMETRY FOR MACHINE LEARNING-BASED TUNNEL FAILURE PREDICTION - In one embodiment, a device identifies one or more telemetry data variables for use to predict failure of a tunnel in a software-defined wide area network (SD-WAN). The device sends a Bidirectional Forwarding Detection (BFD)-based telemetry request towards a tail-end router of the tunnel that requests the one or more telemetry data variables. The device receives the requested one or more telemetry data variables. The device uses the received one or more telemetry data variables as input to a machine learning-based model, to predict a failure of the tunnel. | 2020-11-05 |
20200351173 | MACHINE LEARNING DRIVEN DATA COLLECTION OF HIGH-FREQUENCY NETWORK TELEMETRY FOR FAILURE PREDICTION - In one embodiment, a supervisory service for one or more networks receives telemetry data samples from a plurality of networking devices in the one or more networks. The service trains a failure prediction model to predict failures in the one or more networks, using a training dataset comprising the received telemetry data samples. The service assesses performance of the failure prediction model. The service trains, based on the assessed performance of the failure prediction model, a machine learning-based classification model to determine whether a networking device should send a particular telemetry data sample to the service. The service sends the machine learning-based classifier to one or more of the plurality of networking devices, to control which telemetry data samples the one or more networking devices send to the supervisory service. | 2020-11-05 |
20200351174 | Providing Mobile Device Management Functionalities - Methods, systems, computer-readable media, and apparatuses for providing mobile device management (MDM) functionalities are presented. In some embodiments, a pseudo device representative of a physical end user device may be established within a cloud computing environment. The pseudo device may be provisioned for use with MDM service providers and configured to receive commands from the MDM service providers on behalf of the physical end user device. In some embodiments, multiple pseudo devices each representative of a physical end user device may be established within a cloud computing environment. A first pseudo device may be provisioned for use with a first MDM service provider and configured to receive commands from the first MDM service provider on behalf of the physical end user device. A second pseudo device may be provisioned for use with a second MDM service provider and configured to receive commands from the second MDM service provider. | 2020-11-05 |
20200351175 | DECLARATIVE AND REACTIVE DATA LAYER FOR COMPONENT-BASED USER INTERFACES - A wire web component graph may be constructed based on a request to provide a graphical user interface (GUI) at a client machine. The wire web component graph may include a plurality of nodes. Each of the nodes may correspond to a wire web component included in the GUI, a data value, or an application procedure interface (API). One or more API messages may be transmitted to retrieve the data values from the respective APIs based on the designated wire web component graph. A GUI including one or more of the retrieved data values may be displayed on a display device at the client machine. | 2020-11-05 |
20200351176 | DECLARATIVE AND REACTIVE DATA LAYER FOR COMPONENT-BASED USER INTERFACES - A wire web component graph that includes a plurality of nodes may be accessed to identify one or more application procedure interfaces (APIs) through which to update one or more data values included in a designated wire web component in a graphical user interface (GUI) being presented on a display device. Each of the data values may correspond to a respective data field represented in the wire web component graph, and each data field may be associated with a respective API in the wire web component graph. The graphical user interface may be updated based on one or more updated data values determined by communicating with the identified APIs over a network and via a communications interface. | 2020-11-05 |
20200351177 | CONTROL APPARATUS FOR CONTROLLING AN OPERATION OF AT LEAST ONE ELECTRONIC DEVICE - According to the present invention, a device for controlling an operation of at least one electric device including a user interface unit having a conversation display window in which a conversation with the at least one electric device is displayed, a conversation input window configured to receive a character for controlling the operation of the at least one electric device, an icon selection window in which an icon corresponding to the at least one electric device is displayed, and a chatting screen on which a send button for transmitting the character received by the conversation input window is arranged, and a control unit configured to collectively control the operation of the at least one electric device based on a batch control instruction received by the conversation input window. | 2020-11-05 |
20200351178 | DETECTION AND NOTIFICATION OF ANOMALIES IN SHARED COMPUTER NETWORKS - A computational instance of a remote network management platform may be dedicated to a managed network. The computational instance may include persistent storage that contains: (i) mappings between end-user networks, services available to the end-user networks, and allocation identifiers, (ii) mappings between end-user networks, computing resources allocated to the end-user networks, and resource identifiers, and (iii) mappings between the respective allocation identifiers and the respective resource identifiers. Using the mappings, the computational instance may able to (i) determine that a particular computing resource is exhibiting an anomaly, (ii) determine a resource identifier associated with the particular computing resource, (iii) determine a allocation identifier based on the resource identifier, (iv) determine a particular end-user network associated with the allocation identifier; and (v) provide, to the managed network, an indication that the particular end-user network is potentially impacted by the anomaly. | 2020-11-05 |
20200351179 | Methods, Network Function Entities and Computer Readable Media for Providing IoT Services - The present disclosure provides methods for providing an Internet of Things (IoT) service from a cloud node to an IoT network device in a cloud computing environment comprising a plurality of sub-cloud nodes. The method comprises receiving a first service request to invoke at least one service; selecting one of the plurality of cloud nodes as a serving node for the at least one service based on the first service request; determining one or more IoT network device to receive the at least one service based on the first service request; and transmitting data of the at least one service from the serving node to the determined IoT network device. The present disclosure further discloses a corresponding method which comprises receiving data of the IoT service from a cloud node, and transmitting the data to the terminal device to which it is connected. The present disclosure further provides corresponding NF entities and computer readable medium. | 2020-11-05 |
20200351180 | ABR CONTROL - There is provided a method for adaptive bitrate (ABR) adjustments in an IP network before making upshift of ABR level of media streams like video for live Over the Top (OTT) distribution. The invention is based on before upshifting of a current ABR level to a higher ABR level for one or more client devices, probing the network system with a higher bitrate of the data stream provided by e.g. replicating data in the data stream, and monitoring network conditions during probing. Based on the probing it is determined if the available resources in the network are sufficient to sustain an upshift of ABR-level for the client device. | 2020-11-05 |
20200351181 | DETECTING AND HANDLING LARGE FLOWS - Some embodiments provide a forwarding element that detects and handles elephant flows. In detecting, the forwarding element of some embodiments monitors statistics or measurements relating to a data flow. In handling, the forwarding element marks each packet associated with a detected elephant flow in some manner to differentiate it from a packet associated with a mouse flow. Alternatively, the forwarding element of break elephant flows into a number mouse flow by facilitating in sending packets associated with the detected elephant flow along different paths. | 2020-11-05 |
20200351182 | DYNAMIC DEVICE ANCHORING TO SD-WAN CLUSTER - An example network orchestrator of a SD-WAN is configured to classify, based on operating health information, each branch gateway of a cluster in an operating health class of a set of operating health classes. A bucketmap is generated based on the classifications of each branch gateway of the cluster. The bucket map may be transmitted to a leader branch gateway of the cluster. Each branch gateway may be reclassified in an operating health class. An updated bucketmap may be transmitted to a leader branch gateway. | 2020-11-05 |
20200351183 | SYSTEMS AND METHODS FOR PRESENTING WORKSPACE EXPERIENCE INDICATOR ON USER INTERFACE - Described embodiments provide systems and methods for indicating virtual workspace performance on a graphical user interface of a computer system. In one such method, the computer system identifies one or more components of a virtual workspace executed on behalf of a user of the computer system, and analyzes a plurality of performance measurements of the identified one or more components of the virtual workspace. For each of the identified one or more components, the computer system determines an aggregated performance measurement for the component based on the plurality of performance measurements of the component, compares the aggregated performance measurement to a threshold, and selects a graphical indicator from a plurality of predetermined graphical indicators responsive to the comparison. The computer system renders, within a graphical user interface of the computer system, an identifier of the component and the selected graphical indicator. | 2020-11-05 |
20200351184 | HIERARCHICHAL SHARDING OF FLOWS FROM SENSORS TO COLLECTORS - Systems, methods, and computer-readable media for hierarchichal sharding of flows from sensors to collectors. A first collector can receive a first portion of a network flow from a first capturing agent and determine that a second portion of the network flow was not received from the first capturing agent. The first collector can then send the first portion of the network flow to a second collector. A third collector can receive the second portion of the network flow from a second capturing agent and determine that the third collector did not receive the first portion of the network flow. The third collector can then send the second portion of the network flow to the second collector. The second collector can then aggregate the first portion and second portion of the network flow to yield the entire portion of the network flow. | 2020-11-05 |
20200351185 | FASTER FAULT-DETECTION MECHANISM, FOR EXAMPLE USING BIDIRECTIONAL FORWARDING DETECTION (BFD), ON NETWORK NODES AND/OR HOSTS MULTIHOMED USING A LINK AGGREGATION GROUP (LAG) - For use in a system including a first data forwarding device, a second data forwarding device, a third data forwarding device, a first communications link between the first data forwarding device and the second data forwarding device, and a second communications link between the first data forwarding device and the third data forwarding device, the first and second communications links belonging to a link aggregation group (LAG), a method includes (1) generating a message (i) for testing a first path between the first data forwarding device and the second data forwarding device, and a second path between the first data forwarding device and the third data forwarding device, and (ii) including an Internet protocol (IP) datagram including a multicast IP destination address and a payload containing path testing information; and (2) sending, over the LAG, the message from the first data forwarding device to both the second data forwarding device and the third data forwarding device. Responsive to receiving an instance of the message by either of the second or third data forwarding device, such device(s) (1) determine whether or not the received instance of the message is a fault detection on a multihomed link aggregation group message, and (2) processing the received instance of the message based on the determination of whether or not it is a fault detection on a multihomed link aggregation group message. | 2020-11-05 |
20200351186 | SYSTEMS AND METHODS FOR DETERMINING NETWORK COMPONENT SCORES USING BANDWIDTH CAPACITY - In one embodiment, a method includes receiving, by a first router, data from a network component. The method also includes determining, by the first router, a first link bandwidth capacity between the first router and a host device and determining, by the first router, a first score for the first router based on the first link bandwidth capacity. The method also includes determining, by the first router, a second link bandwidth capacity between a second router and the host device and determining, by the first router, a second score for the second router based on the second link bandwidth capacity. The method further includes comparing, by the first router, at least the first score and the second score to determine a highest score and assigning, by the first router, an edge router associated with the highest score to communicate the data to the host device. | 2020-11-05 |
20200351187 | SYSTEMS AND METHODS OF MONITORING NETWORK DEVICES - Implementations of the disclosed subject matter provide systems and methods of assigning, at a server, a unique identifier to each of a plurality of devices communicatively coupled to one another and the server via a communications network. Each unique identifier may be converted to a device hash key by applying a hash function. A range of device hash keys of the plurality of devices may be split into N approximately equal sectors, where N is a prime number and each sector includes 1/N of the device hash keys of the plurality of the devices. K monitoring workers provided by the server may monitor the plurality of devices in an order based on the respective device hash key, where K is an integer. | 2020-11-05 |
20200351188 | PATH MONITORING SYSTEM (PMS) CONTROLLER OR INGRESS NODE BASED MULTIPROTOCAL LABEL SWITCHING (MPLS) PING AND TRACEROUTE IN INTER-AUTONOMOUS SYSTEM (AS) SEGMENT ROUTING (SR) NETWORKS - Echo or traceroute functionality is supported in a path spanning multiple autonomous systems (ASes) having segment routing (SR) enabled, the path including an ingress node and an egress node, by: (a) obtaining a return label stack to reach the ingress node from either (A) the egress node, or (B) a transit node in the path; (b) obtaining a label stack to reach, from the ingress node, either (A) the egress node, or (B) the transit node; (c) generating a request message including the return label stack; and (d) sending the request message towards either (A) the egress node, or (B) the transit node using the label stack. The example method may further include: (e) receiving, by either (A) the egress node, or (B) the transit node, the request message, wherein the request message includes information for performing a validity check; (f) performing a validity check using the information included in the request message to generate validity information; (g) generating a reply message including the validity information and information from the return label stack; and (h) sending the reply message towards the ingress node using information from the return label stack included in the request message. | 2020-11-05 |
20200351189 | Method, System, and Computer Program Product for Producing Accurate IEEE 1588 PTP Timestamps in a System with Variable PHY Latency - Provided is a method for calculating a timestamp associated with a data packet before transcoding of the data packet. The method may include sampling a time of day (TOD) signal to provide a sampled TOD. A previously sampled TOD estimate may be retrieved. An internal TOD estimate may be determined based on the sampled TOD and the previously sampled TOD estimate. A timestamp may be determined based on the internal TOD estimate. A system and computer program product are also disclosed. | 2020-11-05 |
20200351190 | Virtual Probes - Concepts and technologies are disclosed herein for virtual probes. A processor can execute a probe orchestrator service. The processor can obtain traffic monitoring data that describes traffic associated with a logical node. The logical node can include two or more devices that can exchange information as internal traffic. The processor can analyze the traffic monitoring data to determine one of the two or more devices hosts external traffic that involves an external device that resides outside of the logical node. In response to a determination that the one of the two or more devices hosts the external traffic, the processor can trigger instantiation of a virtual probe at the device of the plurality of devices. | 2020-11-05 |
20200351191 | AUTOMATIC PROTOCOL TEST METHOD BY REVERSE ENGINEERING FROM PACKET TRACES TO EXTENDED FINITE STATE MACHINE - An automatic protocol test method by reverse engineering from packet traces to extended finite state machine is disclosed. The method includes following steps: parsing the plurality of packets to extract a plurality of sessions; conducting a keyword analysis and a clustering algorithm to obtain protocol messages; initializing the protocol messages and merging equivalent states to obtain a finite state machine; extracting fields and values of the protocol messages to obtain a plurality of sub-datasets and adding a data guard and set of memories on the finite state machine to obtain the extended finite state machine. | 2020-11-05 |
20200351192 | LARGE-SCALE NODE CONFIGURATION MANAGEMENT FOR MAAS PLATFORM - A system for node configuration management for a MaaS platform is provided. The system includes a central node device and a group of node devices associated with a publish-subscribe pattern. The group of node devices includes a first node device that updates routing information associated with the first node device locally. The routing information includes routing rules for propagation of transaction requests to or from the first node device. The central node device receives the updated routing information from the first node device and records the updated routing information in a central routing configuration repository of the central node device. Based on the record, the central node device transmits the updated routing information to the set of second node devices, each of which receives the updated routing information, validates the updated routing information, and records the updated routing information locally based on the validation. | 2020-11-05 |
20200351193 | PACKET FORWARDING PATH DETERMINING METHOD, DEVICE, AND SYSTEM - Various embodiments provide an example method in which a first measurement packet can be generated. The first measurement packet includes link resource indication information, and the link resource indication information in the first measurement packet is configured to indicate each node on a forwarding path of the first measurement packet to perform local link resource measurement. In those embodiment, the first measurement packet can be sent to a next device on the forwarding path, where the first measurement packet includes local link resource information measured by the first device. Still in those embodiments, until the first measurement packet is forwarded to a third device by each node on the forwarding path of the first measurement packet, the third device receives the first measurement packets sent on different forwarding paths, and determines a path meeting the link resource indication information. | 2020-11-05 |
20200351194 | EVALUATING, WEIGHTING, AND SCHEDULING THE USE OF NETWORK LINKS - The described technology is generally directed towards evaluating, weighting, and scheduling the use of network links. According to an embodiment, a system can comprise a memory that can store computer executable components, and a processor that can execute the computer executable components stored in the memory. The components can comprise a link mapper that can identify at least two network links between a first device and a second device, resulting in identified network links. The system can further comprise a link weighting component that can assign weights to respective ones of the identified network links resulting in weighted network links, based on a criterion and characteristics of the identified network links, the first device and the second device. The system can further comprise a link scheduler that can schedule the weighted network links based on the weights assigned to the respective ones of the weighted network links. | 2020-11-05 |
20200351195 | EMBEDDED NETWORK PACKET DATA FOR USE OF ALTERNATIVE PATHS WITHIN A GROUP OF NETWORK DEVICES - This disclosure describes techniques for addressing and/or accounting for path failures (e.g., congestion, link failures, disconnections, or other types of failures) within a network environment. In one example, this disclosure describes a method that includes receiving, by a node connected to a plurality of interconnected nodes, a network packet to be forwarded to a destination node; identifying, by a forwarding plane within the node, a first link along a path to the destination node; determining, by the forwarding plane, that the first link is inoperable; storing, by the node and within the network packet, data identifying the node as having been visited; identifying, by the forwarding plane and from among the plurality of egress links from the node, a second link that is operable and is along an alternative path to the destination node; and transmitting the network packet over the second link. | 2020-11-05 |
20200351196 | FAILOVER SYSTEM - A communications router ( | 2020-11-05 |
20200351197 | METHOD AND DEVICE FOR CREATING BI-DIRECTIONAL SEGMENT ROUTING TUNNEL AND STORAGE MEDIUM - The present disclosure discloses a method, device and storage medium for creating a bi-directional segment routing (SR) tunnel, the method includes: carrying out capability negotiation for whether to support creation of a bi-directional SR tunnel by messaging during a process in which a first network element establishes a session with a second network element; and if support, sending, by the first network element, an SR tunnel create message carrying a bi-directional flag bit to the second network element so that the second network element is capable of determining, in accordance with the bi-directional flag bit, whether a bi-directional tunnel or a unidirectional tunnel is to be created. | 2020-11-05 |
20200351198 | INTEGRATED ACCESS BACKHAUL NETWORK METRIC EXCHANGE FOR 5G OR OTHER NEXT GENERATION NETWORK - In a 5G network, an adaptation layer of a child integrated access backhaul (IAB) node can send a quality metric to its parent IAB node. The quality metric can indicate to the parent IAB node, information that may not be readily available to the parent IAB node. Such a quality metric can be transmitted by the child IAB node to the parent IAB node via a header field of an adaptation layer packet data unit (PDU) on an uplink channel of an IAB link. Thus, the parent IAB node can make a more efficient routing decision based on data, to which otherwise, the parent IAB node may not ordinarily be privy. | 2020-11-05 |
20200351199 | SRv6 with Micro Segment Identifiers - In one embodiment, a method includes receiving a packet comprising a destination address in a destination address field of the packet, where the destination address including at least a first global identifier and a second global identifier, determining that the first global identifier corresponds to the first network apparatus, determining that a local identifier in the destination address is associated with the first global identifier, identifying one or more instructions associated with the local identifier, performing one or more functions instructed by the one or more instructions, updating the destination address in the destination field of the packet to an updated destination address, determining a forwarding rule associated with the packet, and forwarding the packet with the updated destination address based on the forwarding rule. | 2020-11-05 |
20200351200 | SINGLE STAGE LOOK UP TABLE BASED MATCH ACTION PROCESSOR FOR DATA PACKETS - A packet sub-engine coupled to a packet buffer determines which of multiple look up tables (LUTs) is to be searched for a matching entry that matches a received data packet. Each LUT corresponds to a different type of packet handling action and includes multiple entries, each with a match field and a corresponding collection of one or more actions for handling packets that match the match field. The packet sub-engine searches the determined LUT for a matching entry, processes the received data packet according to the action(s) in the matching entry, and determines whether a further LUT is to be searched for a further matching entry. The processed data packet is provided as an output if no further LUT is to be searched, or otherwise the packet sub-engine searches the further LUT and further processes the processed packet according to the action(s) in the further matching entry. | 2020-11-05 |
20200351201 | DETECTING COMMUNICATION NETWORK INSIGHTS OF ALERTS - In one embodiment, the system identifies one or more geographic areas covered by a communication network. The system determines, for each identified geographic area, a congestion metric for the identified geographic area based at least on a difference between a first and second reference point on a network speed curve, wherein the network speed curve represents download speeds for a volume of traffic in the identified geographic area. The system identifies one or more network traffic congestions in one or more of the identified geographic areas based on a comparison of the respective congestion metrics of the identified geographic areas to a threshold congestion metric. The system sends, to one or more operators of the communication network, one or more alerts about the identified network traffic congestions. | 2020-11-05 |
20200351202 | ADAPTIVE ENCODING NETWORK - Systems and methods of improving the functioning of a computer system by implementing an adaptive encoding network are disclosed. In some example embodiments, a computer system transmits a new encoding assignment representing an encoding of a value with a new code to a consensus server, receives an approval of the new encoding assignment from the consensus server, and, based on the receiving of the approval of the new encoding assignment from the consensus server, applies the new encoding assignment to the value in subsequent messages to one or more machines, with the applying of the new encoding assignment comprising including the new code of the new encoding assignment in the subsequent messages in association with the value. | 2020-11-05 |
20200351203 | Method and System for Triggering Augmented Data Collection on a Network Based on Traffic Patterns - A method and system for increasing the collection of network traffic data in a network based on the occurrence of predetermined criteria. A network appliance manages network traffic in the network and passes data traffic on the network. Network traffic data is collected based on the data traffic passing through the network appliance at a normal level. It is determined whether the network traffic data indicates an abnormal condition. The collection of network traffic data is increased through the network traffic appliance when an abnormal condition is detected. The network traffic data from the increased collection is stored in a memory device. | 2020-11-05 |
20200351204 | METHOD, APPARATUS, AND SYSTEM FOR LOAD BALANCING OF SERVICE CHAIN - A method, an apparatus, and a system are provided for load balancing of a service chain. The method includes: receiving, by a flow classifier, a service chain selection and control policy sent by a policy and charging rules function (PCRF) unit; hashing, by the flow classifier according to a hash quantity, a service flow corresponding to a service chain identifier, to obtain multiple subflows, and adding the service chain identifier and hashing factors to packets of the subflows, where different subflows correspond to different hashing factors; and sending, by the flow classifier, the packets of the subflows after the service chain identifier and the hashing factors are added, to a forwarding device. | 2020-11-05 |
20200351205 | WIRELESS NETWORK OPTIMIZATION - Methods and apparatuses are provided for optimizing a wireless network. A description of a traffic incident is received. An impact area is generated from the description. A geographic polygon is generated based on the impact area. The network usage of the geographic polygon is determined. A message including the network usage for the geographic polygon may be transmitted to a mobile network operator. | 2020-11-05 |
20200351206 | METHOD AND APPARATUS FOR FLEXIBLE AND EFFICIENT ANALYTICS IN A NETWORK SWITCH - Embodiments of the present invention relate to a centralized network analytic device, the centralized network analytic device efficiently uses on-chip memory to flexibly perform counting, traffic rate monitoring and flow sampling. The device includes a pool of memory that is shared by all cores and packet processing stages of each core. The counting, the monitoring and the sampling are all defined through software allowing for greater flexibility and efficient analytics in the device. In some embodiments, the device is a network switch. | 2020-11-05 |
20200351207 | METHOD AND SYSTEM OF LIMITING TRAFFIC - The present disclosure provides a method and system of limiting traffic. The method includes: sending, by a distributed node, a service volume in a current preset time period to a central node according to a fixed period; determining, by the central node, a decision quota of the distributed node based on the received service volume, and sending the decision quota to the distributed node; receiving, by the distributed node, the decision quota sent by the central node; and determining, by the distributed node based on the latest received decision quota after receiving an access request, whether traffic limitation needs to be performed for the access request. The traffic limitation decision of the present application is made by the distributed node autonomously, the decision path is short, and fast and accurate decision making is achieved. | 2020-11-05 |
20200351208 | METHOD, DEVICE, AND SYSTEM FOR CONTROLLING QOS OF APPLICATION - A method of controlling Quality of Service (QoS) of an application includes: determining a main type of traffic of the application; determining a QoS control policy to be applied to each of a plurality of flows generated by execution of the application according to the determined main type of traffic; obtaining performance information about traffic of the application using traffic transmitted and received through the plurality of flows; and changing a QoS control policy to be applied to at least one of the plurality of flows, based on the obtained performance information about the traffic. | 2020-11-05 |
20200351209 | MaxMesh: Mesh Backhaul Routing - A system is disclosed, comprising: a centralized routing node configured to: identify a set of congested links based on the link utilization statistics, each congested link having at least one traffic flow that may be active, each traffic flow having at least one traffic source and a path set comprising a set of nodes and links that may be used by the traffic flow as packets travel from the at least one traffic source to one or more destinations; identify a set of non-congested links based on the link utilization statistics, each non-congested link sharing at least one traffic source with a traffic flow of a congested link in the set of congested links; identify a path fork in a path set between a source and a destination of a particular traffic flow associated with a particular congested link in the set of congested links; and compute a new utilization level for the particular congested link that would result from moving the particular traffic flow from the particular congested link to a particular non-congested link in the set of non-congested links. | 2020-11-05 |
20200351210 | MULTI-DIMENSIONAL EVENT ENGINE FOR USE WITH HIGHLY AVAILABLE NETWORK TOPOLOGY - A system including one or more processors and one or more non-transitory computer-readable media storing computing instructions configured to run on the one or more processors and perform initiating a cluster of controller instances for executing a multi-dimensional event engine; configuring the cluster of controller instances in a topology, wherein the topology applies a distributed lock to designate an active controller instance selected from the cluster of controller instances to be utilized as the multi-dimensional event engine; and after configuring the cluster of controller instances, executing the multi-dimensional event engine. Other embodiments are disclosed. | 2020-11-05 |
20200351211 | Technique for Packet Buffering - A technique for buffering packets in a Software Defined Networking (SDN) infrastructure is disclosed. A method implementation of the technique is performed by an SDN network device and comprises receiving (S | 2020-11-05 |
20200351212 | IMPROVED SUPPORT OF QUALITY OF SERVICE FOR V2X TRANSMISSIONS - The present disclosure relates to a transmitting device for transmitting vehicular data via a sidelink interface to one or more receiving devices. The transmitting device performs autonomous radio resource allocation for transmitting the vehicular data via the sidelink interface. An application layer generates the vehicular data and forwards the vehicular data together with a priority indication and one or more quality of service parameters to a transmission layer responsible for transmission of the vehicular data via the sidelink interface. The transmission layer performs autonomous radio resource allocation based on the received priority indication and the one or more quality of service parameters. The transmission layer transmits the vehicular data via the sidelink interface to the one or more receiving devices according to the performed autonomous radio resource allocation. | 2020-11-05 |
20200351213 | METHOD AND APPARATUS FOR TRANSMITTING AND RECEIVING PACKET IN COMMUNICATION SYSTEM - The present invention relates to a method for transmitting a packet in a communication system, the method comprising: generating drop information indicating at least one source packet to be dropped among source packets to be transmitted and whether or not to drop each of the other source packets except the at least one source packet; performing forward error correction (FEC) encoding on the drop information and the other source packets except the at least one source packet; generating a repair packet comprising repair data for restoring the drop information and a repair symbol for restoring the other source packets except the at least one source packet; and transmitting the other source packets except the at least one source packet and the repair packet. | 2020-11-05 |
20200351214 | METHOD AND APPARATUS FOR REPORTING PROCESSING DELAY RELATED INFORMATION IN WIRELESS COMMUNICATION SYSTEM - The present disclosure relates to method and apparatus for reporting processing delay related information in wireless communications. According to an embodiment of the present disclosure, a method performed by a wireless device in a wireless communication system comprises: receiving a configuration on measurements and reporting of reordering statistics; measuring a reordering delay (RD); calculating the reordering statistics; and sending a radio resource control (RRC) message including the reordering statistics based on a pre-defined condition. | 2020-11-05 |
20200351215 | Data Stream Sending Method and System, and Device - This application provides a data stream sending method, and the method includes: sending, by a first device, a request packet to a second device; sending, by the first device, a data stream to the second device after the first device sends the request packet and before the first device receives the response packet sent by the second device; and receiving, by the first device, the response packet that is sent by the second device and that is in response to the request packet. | 2020-11-05 |
20200351216 | METHODS AND APPARATUSES FOR TRANSPARENT EMBEDDING OF PHOTONIC SWITCHING INTO ELECTRONIC CHASSIS FOR SCALING DATA CENTER CLOUD SYSTEM - There is provided methods and apparatuses for transferring photonic cells or frames between a photonic switch and an electronic switch enabling a scalable data center cloud system with photonic functions transparently embedded into an electronic chassis. In various embodiments, photonic interface functions may be transparently embedded into existing switch chips (or switch cards) without changes in the line cards. The embedded photonic interface functions may provide the switch cards with the ability to interface with both existing line cards and photonic switches. In order to embed photonic interface functions without changes on the existing line cards, embodiments use two-tier buffering with a pause signalling or pause messaging scheme for managing the two-tier buffer memories. | 2020-11-05 |
20200351217 | RESOURCE PATH MONITORING - Systems and techniques are provided for a resource distribution system. Selected resource paths in a resource transfer network may be monitored. A quantity of an intermediate resource type to transfer into resource pools in the resource transfer network may be determined. Each of the resource pools may be associated with a leg that can be part of a route with two legs for one or more of the selected resource paths. Instructions decrementing a register in a repository resource pool by the determined quantities of the intermediate resource type to be transferred into the resource pools in the resource transfer network and incrementing a register in each of the resource pools in the resource transfer network by the determined quantity of the intermediate resource type to be transferred into that resource pool when the determined quantity is greater than zero may be generated and caused to be executed. | 2020-11-05 |
20200351218 | System and Method for Optimal Resource Allocation - The present disclosure relates generally to an improvement in computer processing to achieve a new outcome in real time with lower processing requirements and more particularly to a system and method for optimal resource allocation implemented in real time with lower processing requirements to increase responsiveness. When an electronically formatted resource response is received by a central server processing subsystem, the electronically formatted resource response is analysed first for a unique offer identifier at entry to the central server processing subsystem to identify the offer and then for an accept or decline marker. | 2020-11-05 |
20200351219 | NON-BLOCKING SWITCH MATRIX FOR MULTI-BEAM ANTENNA - A crossbar switch is disclosed having a first port, a second port, a third port, and a fourth port, the crossbar switch comprising: a first switching element coupled between the first port and the third port; a second switching element coupled between the first port and the fourth port; a third switching element coupled between the second port and the third port; and a fourth switching element coupled between the second port and the fourth port, wherein the first switching element, the second switching element, the third switching element, and the fourth switching element are configured to couple only one of the first port and the second port to the third port, at any given time. | 2020-11-05 |
20200351220 | LINEAR NETWORK CODING WITH PRE-DETERMINED COEFFICIENT GENERATION THROUGH PARAMETER INITIALIZATION AND REUSE - A network node having a receiver for receiving input packets, a local node memory where one or more parameters for coding are stored, an encoder for creating coded packets from the input packets using linear network coding, and a transmitter to transmit the coded packets. Each coefficient of the linear network coding is a parameter of the one or more parameters or a pre-determined function of the one or more parameters. A related method and a network are also presented. | 2020-11-05 |
20200351221 | EFFICIENT DISTRIBUTION OF PEER ZONE DATABASE IN FIBRE CHANNEL FABRIC - Provided are techniques for the efficient distribution of peer zone databases in a FC Fabric. In an example, a switch instantiates a peer zone definition defining a peer zone in which two or more initiator host devices are each permitted to communicate with one or more target storage devices via the switched FC fabric and the two or more initiator host devices are prevented from communicating with each other. The switch stores the peer zone definition in a peer zone database at the FC switch, and distributes the peer zone definition to other FC switches of the switched FC fabric without performing a Fabric lock operation. | 2020-11-05 |
20200351222 | Method and Device for Improving Bandwidth Utilization in a Communication Network - A communication system comprising at least one smart network interface card (“NIC”) provided with a logic/programmable processor and a local memory, and a computing element, wherein a communication bus is used to connect said smart NIC and said computing element to enable forwarding data there-between, wherein the system is characterized in that said smart NIC is configured to receive data packets, to extract data therefrom and to forward less than all data comprised in the received data packets, to said computing element along said communication bus, and wherein the forwarded data comprises data which is preferably required for making networking decisions that relate to that respective data packet. | 2020-11-05 |
20200351223 | ASSISTING PARTICIPATION IN A SOCIAL NETWORK - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for assisting participation in a social network. In one aspect, a method is performed by a system of one or more data processing devices. The method includes receiving, at the system, a historical record of message exchange between an individual and members in a member network, the system determining, for each of the members, whether the individual is likely to want to be related to the respective member, each determination considering the number and transactional characteristics of the message exchange between the individual and the respective member in the historical record, and the system outputting the determinations that the individual is likely to want to be related to at least two of the respective members. | 2020-11-05 |
20200351224 | MULTISTATE PRESENCE AND RESPONSIVENESS TRACKING AND INDICATION - Systems and methods are described, and one method includes receiving, from a network, data indicative of an object person's current presence status and current responsiveness status, and based at least in part on the data, displaying an indicator image that includes a first region and a second region according to a mutual spatial structure, and concurrently displaying the first region with a first state appearance and the second region with a second state appearance, the first state appearance indicative of the current presence status, and the second state appearance indicative of the current responsiveness status. | 2020-11-05 |
20200351225 | ENABLING ATTENTION BY LEVERAGING A USER-EFFECTIVE COMMUNICATION CHANNEL - An exemplary apparatus includes a memory embodying computer executable instructions and at least one processor, coupled to the memory, and operative by the computer executable instructions to facilitate a method. The method includes tracking a topic and a context of an electronic conversation in a first communication channel by using a machine learning method to process the electronic conversation; identifying confusion in a participant of the electronic conversation regarding a change in the topic or the context; identifying a user-effective communication channel for alerting the participant to the change in the topic or the context; and alerting the participant of the change in the topic or the context via the user-effective communication channel. | 2020-11-05 |
20200351226 | METHOD FOR CREATING AN ALBUM BY AUTO POPULATING IN REAL TIME BY AN APPLICATION - The present application discloses a method for automatically creating an album by an application, comprising selecting the album and titling in the application; capturing at least one media, photo and or video via the application; texting for the at least one media in a journal bar while reviewing the at least one media at same time; and automatically, self-populating, in real time, directly into the album. All entries will have date, time and location stamped under each entry to ensure the accuracy. In addition, the present application allows the user to invite one or more additional contributor to the selected album. All contributor entries will self-populate in real time and chronologically alongside all entries made to the selected album. When the album is finalized, the album may automatically date, on the cover and spine of the album, alongside the title with the date of the first and last entry. | 2020-11-05 |
20200351227 | SYSTEMS AND METHODS FOR NAVIGATING NODES IN CHANNEL BASED CHATBOTS USING NATURAL LANGUAGE UNDERSTANDING - The disclosed systems and methods join a user to a primary communication channel that is associated with an automated human interface module. The automated human interface module includes a plurality of nodes. A message including a text communication is posted by the user and sent to a decision module associated with a plurality of classifiers. The decision module is configured to identify a node that best matches the text communication in accordance with the plurality of classifiers. Each respective classifier produces a respective classifier result thereby producing a plurality of classifier results. Each respective classifier result identifies a respective node of the plurality of nodes best matching the text communication. The plurality of classifier results is collectively considered, and the node best matching the text communication is identified and the text communication is sent to the identified node. | 2020-11-05 |
20200351228 | MESSAGING SYSTEM WITH AVATAR GENERATION - A system comprises one or more processors of a machine and a memory storing instructions that, when executed by the one or more processors, cause the machine to perform operations. The operations comprise: receiving an image; generating an avatar with a trained neural network based on the image, the trained neural network predicting multiple trait values for the avatar; and sending a message with the generated avatar. | 2020-11-05 |
20200351229 | IMAGE MATCHING SERVER NETWORK IMPLEMENTING A SCORE BASED ON A FUNCTION OF LATENCY BETWEEN A SERVER AND AN IMAGE STORE - Technology is disclosed for feeding source images from image stores of client systems into an image processing system using image feeding servers (“the technology”). The technology includes multiple image feeding servers that can feed a source image to the image processing system, using which the image processing system can generate processed images to be served to end users. The image feeding servers can be installed at various locations, e.g., geographically spread, and more proximate to where the source images are stored. An image feeding server obtains the source image from the image store in original size, downsizes the source image, and transmits the downsized source image to the image processing system. The technology selects an image feeding server based on a score of the image feeding server. The score can be determined as a function of one or more image feeding server parameters, e.g., latency, workload, or computing resource. | 2020-11-05 |
20200351230 | SYSTEMS AND METHODS FOR CONTROLLING USER CONTACTS - Systems and methods for controlling contacts with a client's users make use of segment-based contact limits. A contact limit sets a maximum number of contacts that a client can have with a user within a predetermined time window. A segment-based contact limit only applies the contact limit to a subset of all the client's users. The type of contact being limited could include messages that are sent to the user or advertising or sales campaigns that are conducted for the user. A segment is a subset of all of the client's users, and a segment may be defined based on one or more filters. | 2020-11-05 |
20200351231 | RNA TARGETING METHODS AND COMPOSITIONS - Provided herein are CRISPR/Cas methods and compositions for targeting RNA molecules, which can be used to detect, edit, or modify a target RNA. | 2020-11-05 |
20200351232 | RNA TARGETING METHODS AND COMPOSITIONS - Provided herein are CRISPR/Cas methods and compositions for targeting RNA molecules, which can be used to detect, edit, or modify a target RNA. | 2020-11-05 |
20200351233 | HAPTIC MESSAGE DELIVERY - In one embodiment, a method includes determining if notifications to be sent to user would benefit from being delivered by haptic stimulation under a current context. This determination may be made by accessing historical notification data of how the user previously responded to notifications in a similar context, and ranking conversion scores for each of one or more haptic-enabled delivery channels, wherein a conversion score indicates a probability of the user interacting with the notification. The most appropriate haptic message-delivery channel is selected based on the scores and historical data, and the notification is sent accordingly. | 2020-11-05 |
20200351234 | SYSTEMS AND METHODS FOR USER MATCHING - Systems and methods are provided herein for matching between a plurality of users. A computer-implemented method for matching between a plurality of users may be provided. The method may include receiving input data from a plurality of devices associated with the plurality of users, analyzing the input data to determine, for each user and life event, which step(s) on a timeline of the life event that each user (a) has experienced, (b) is currently experiencing, or (c) likely to experience in the future; and matching the plurality of users with one another. | 2020-11-05 |
20200351235 | NETWORK COMMUNICATION METHOD AND SYSTEM, DEVICE, AND STORAGE MEDIUM - This application discloses a network communication method applied to a network communication system including a first network device in a first private network, a second network device in a second private network and a gateway device coupling the first private network to the second private network. The first network device receives a first data packet transmitted from a terminal to a target blockchain node, and acquires an actual network address of the target blockchain node; and generates a second data packet according to the first data packet and the actual network address, and transmits the second data packet to a virtual network address of the second network device in the second private network, so that the operation overheads generated when the gateway device generates virtual network addresses for blockchain nodes can be reduced, thereby saving a storage space of the gateway device. | 2020-11-05 |
20200351236 | DISCOVERING A HOST IN A STORAGE NETWORK - In embodiments, there is disclosed, systems, methods, and computer program products for discovering a physical host or a virtual host in a storage network comprising: querying a name server database; obtaining from the name server database a port name and a port worldwide number for a port connected to a switch, wherein the switch is part of the storage network; determining using the name server database if the port is, an initiator port or a target port; and for an initiator port, determining using the name server database a host name corresponding to the physical host or virtual host, wherein the physical host or the virtual host is connected to the initiator port. | 2020-11-05 |
20200351237 | COMMUNITY DETECTION BASED ON DNS QUERYING PATTERNS - Techniques for community detection based on DNS querying patterns are disclosed. For example, techniques for community detection based on DNS querying patterns for anomaly detection and monitoring efficiencies are disclosed. In some embodiments, a system, process, and/or computer program product for community detection based on DNS querying patterns includes receiving DNS log files, wherein the DNS log files include a DNS query and a DNS response for resolution of the DNS query; generating a graph based on the DNS log files; identifying a plurality of communities using the graph based on DNS querying patterns; and detecting an anomaly in DNS activity associated with one or more of the communities based on a DNS querying rule. | 2020-11-05 |
20200351238 | CONTIGUOUS SUBNET IP ADDRESS ALLOCATION - A method for contiguous allocation of Internet Protocol (IP) addresses includes receiving, by a gateway from a network device, a request for an IP address of a plurality of IP addresses, determining, by the gateway, whether the network device is an access point, in response to determining that the network device is an access point, assigning by the gateway, the IP address to the network device from a first contiguous range of the plurality of IP addresses, in response to determining that the network device is not an access point, assigning, by the gateway, the IP address to the network device from a second contiguous range of the plurality of IP addresses, wherein the first contiguous block and the second contiguous block are separate, after assigning and by the gateway, enforcing a policy for the network device based on the IP address of the network device. | 2020-11-05 |
20200351239 | CROSS PROTOCOL ASSOCIATION FOR INTERNET ADDRESSES FOR METADATA ASSOCIATION SYSTEMS AND METHODS - Described embodiments provide systems and methods for cross protocol association using internet addresses for metadata association. An association between IPv4 addresses and IPv6 addresses can determined and used to bridge metadata from collection context in a first protocol into usage for a second protocol. A server can monitor a plurality of handshake exchanges to generate the association between IPv4 addresses and IPv6 addresses for a device or group of devices. The handshake exchange can include an IPv4 address, an IPv6 address, or both an IPv4 address and an IPv6 address for a respective device. The handshake exchanges can include a unique identifier corresponding to the respective device. The server can use the association to generate a mapping linking a range of IPv4 addresses to a range of IPv6 addresses corresponding to the same device. The mapping can be used to associate metadata to devices within the same ranges. | 2020-11-05 |
20200351240 | SYSTEMS AND METHODS FOR SECURE AUTHORIZATION OF REGISTRY FUNCTIONS - Systems, methods, and computer-readable storage media for enabling secure transfer of Internet domains between registrars. An example method can include receiving, at a registry, a request from a first registrar for information associated with an object recorded in the registry and registered by the first registrar, then generating, at the registry, an authorization code, the authorization code having an expiration. The registry can then transmit, to the first registrar, the authorization code, which in turn can be given to the registrant. The registrant can forward the authorization code to the second registrar, and the registry can receive, from a second registrar before the expiration has been reached: the authorization code and a transfer request for the object, the transfer request identifying a transfer of the object from the first registrar to the second registrar. At that point the registry can verify the authorization code authorize the transfer request of the object from the first registrar to the second registrar. | 2020-11-05 |
20200351241 | DATA-DRIVEN ONLINE DOMAIN NAME GENERATOR - Systems and methods of the present invention provide for one or more server computers communicatively coupled to a network and configured to: identify a business name within an aggregation of business names; tokenize the business name; match a resulting token to an industry related keyword; generate a template with placeholders replacing a prefix or a suffix appended to the token from a recognized pattern; identify a request to generate a name candidate, select a personalized data associated with the requesting user and an associated industry; and generate a list of name candidates, with the personalized data inserted into the placeholder; then determines the availability and ranks each name candidate in the list. | 2020-11-05 |
20200351242 | SYSTEM AND METHOD FOR DETECTING GENERATED DOMAIN - A computer-implemented method for domain analysis comprises: obtaining, by a computing device, a domain; and inputting, by the computing device, the obtained domain to a trained detection model to determine if the obtained domain was generated by one or more domain generation algorithms. The detection model comprises a neural network model, a n-gram-based machine learning model, and an ensemble layer. Inputting the obtained domain to the detection model comprises inputting the obtained domain to each of the neural network model and the n-gram-based machine learning model. The neural network model and the n-gram-based machine learning model both output to the ensemble layer. The ensemble layer outputs a probability that the obtained domain was generated by the domain generation algorithms. | 2020-11-05 |
20200351243 | METHOD AND APPARATUS FOR TRANSMITTING APPLICATION PROGRAMMING INTERFACE API REQUEST - A method for transmitting an application programming interface API request includes receiving, by a first API gateway, a first API request; obtaining, by the first API gateway, a first forwarding label corresponding to the first API request, where the first forwarding label includes a first target security domain identifier, and a security domain identifier of the first API gateway is different from the first target security domain identifier. The method also includes determining an address of a second API gateway according to a mapping relationship between the first target security domain identifier and the address of the second API gateway. The method additionally includes sending the first API request to the second API gateway based on the address which is a next-hop API gateway of the first API gateway that sends the first API request to an API gateway corresponding to the first target security domain identifier. | 2020-11-05 |
20200351244 | METHODS AND SYSTEMS FOR PREVENTION OF ATTACKS ASSOCIATED WITH THE DOMAIN NAME SYSTEM - The attack vectors for some denial-of-service cyber attacks on the Internet's Domain Name System (DNS) are bad, bogus, or unregistered domain name DNS requests to resolve domain names that are not registered in the DNS. Some other cyber attacks steal sensitive data by encoding the data in bogus domain names, or domain names otherwise not registered in the DNS, that are transferred across networks in bogus DNS requests. A DNS gatekeeper may filter in-transit packets containing DNS requests and may efficiently determine if a request's domain name is registered in the DNS. When the domain name is not registered in the DNS, the DNS gatekeeper may take one of a plurality of protective actions. The DNS gatekeeper drops requests determined not to be legitimate, which may prevent an attack. | 2020-11-05 |
20200351245 | METHODS AND SYSTEMS FOR EFFICIENT PACKET FILTERING - A packet gateway may protect TCP/IP networks by enforcing security policies on in-transit packets that are crossing network boundaries. The policies may include packet filtering rules derived from cyber threat intelligence (CTI). The rapid growth in the volume of CTI and in the size of associated CTI-derived policies, coupled with ever-increasing network link speeds and network traffic volume, may cause the costs of sufficient computational resources to be prohibitive. To efficiently process packets, a packet gateway may be provided with at least one probabilistic data structure, such as a Bloom filter, for testing packets to determine if packet data may match a packet filtering rule. Packet filtering rules may be grouped into subsets of rules, and a data structure may be provided for determining a matching subset of rules associated with a particular packet. | 2020-11-05 |
20200351246 | SYSTEMS AND METHODS FOR HIERARCHICAL ACCESS CONTROL IN A NETWORK ENVIRONMENT - Access control systems and methods herein successfully overcome ACL group width limitations of existing designs by splitting an ACL group across different units, e.g., to create two ACL groups that each has a relatively smaller width. In embodiments, availability of ACL space is increased by hierarchically splitting an ACL table to fit into different two coupled devices and modifying certain fields carrying metadata in packets that are exchanged between the devices, such that one chipset may carry information about the lookup of another. In embodiments, an ACL group for a port extender is created by selectively creating a sub-group with qualifiers that fit within an available group width, and moving the remaining qualifiers to a controlling bridge to achieve the desired functionality. | 2020-11-05 |
20200351247 | Method and Apparatus for Trusted Service Management - Method and apparatus for trusted service management are disclosed. The method includes obtaining an identification identifier and address information of a computing unit; obtaining a mapping table for the identification identifier and the address information of the computing unit; initiating a trusted service request message to a server that provides trusted service management using the identification identifier of the computing unit; and receiving a corresponding trusted service response message, and transmitting the trusted service response message to the computing unit according to the mapping table. This thereby solves the problem that some terminals cannot carry all services logics for communications between a TSM Agent and a TSM Server. | 2020-11-05 |
20200351248 | INTERMEDIARY HANDLING OF IDENTITY SERVICES TO GUARD AGAINST CLIENT SIDE ATTACK VECTORS - This document describes, among other things, security hardening techniques that guard against certain client-side attack vectors. These techniques generally involve the use of an intermediary that detects and handles identity service transactions on behalf of a client. In one embodiment, the intermediary establishes a resource domain session with the client in order to provide the client with desired resource domain content or services from a resource domain host. The intermediary detects when the resource domain host invokes a federated identity service as a condition of client access. The intermediary handles the identity transaction in the identity domain on behalf of the client within the client's resource domain session. Upon successful authentication and/or authorization with an IdP, the intermediary connects the results of the identity services domain transaction to the resource domain. | 2020-11-05 |
20200351249 | SECURING SUBSTATION COMMUNICATIONS USING SECURITY GROUPS BASED ON SUBSTATION CONFIGURATIONS - In one embodiment, a network policy engine obtains a substation configuration description for a substation, indicative of intelligent electronic devices (IEDs), associated network communication devices, and related communication configuration information. The network policy engine then creates a mapping of the IEDs and the associated network communication devices based on the substation configuration description, associating each of the IEDs to a corresponding network port of the associated network communication devices. The network policy engine may then further create network control parameters based on the substation configuration description, which comprise defined communication flows for the IEDs and associated security group tags (SGTs) for the defined communication flows. The techniques herein may then cause the SGTs to be imposed at mapped network ports of the network communication devices for the IEDs according to security group access (SGA)-based network control to thereby establish secure network communication for the IEDs within the particular substation. | 2020-11-05 |
20200351250 | Providing Load Balanced Secure Media Content and Data Delivery in a Distributed Computing Environment - A system and method for providing load balanced secure media content and data delivery in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center. Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes. Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers. Requests are received from clients for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback. | 2020-11-05 |
20200351251 | METHOD TO TRACK SSL SESSION STATES FOR SSL OPTIMIZATION OF SAAS BASED APPLICATIONS - Described embodiments provide systems and methods for initiating establishment of a connection. The system may include a device intermediary between a client and a server. The device may determine at least one server name indicator (SNI) for an application executing on the client and having a secure session established with the server. The device may determine, for each domain name corresponding to the at least one SNI, a session timeout value for the corresponding domain name. The device may send a message to the client according to each session timeout value, to cause the client to initiate establishment of a connection for the corresponding domain name using the secure session. | 2020-11-05 |
20200351252 | INTERFACES TO MANAGE DIRECT NETWORK PEERINGS - Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. | 2020-11-05 |
20200351253 | CRYPTOGRAPHIC DATASHARE CONTROL FOR BLOCKCHAIN - A system includes circuitry for cryptographic data share controls for distributed ledger technology based data constructs. The system may support placement of compute data on to a distributed ledger technology based data construct. The compute data may have multiple layers of encryption to support permissions and coordination of processing operations for application to the compute data. The multiple layers of encryption may include a homomorphic layer to allow sharing of the compute data for processing by a compute party without divulging the content of the compute data with the compute party. While in the homomorphically encrypted form, the homomorphic compute data supports the application of processing operations while maintaining the secrecy of the underlying data. | 2020-11-05 |
20200351254 | DISTRIBUTED IPSEC GATEWAY - The present disclosure provides technical solutions related to distributed IPSec gateway. A control plane and a data plane of the IPSec gateway are divided, a plurality of gateway processing nodes may be run in the data plane to process data packets of incoming ESP/AH traffic and/or data packets of outgoing IP traffic. IKE information interaction may be handled in the control plane and the traffic may be steered on each gateway processing node in the data plane. | 2020-11-05 |
20200351255 | METHOD AND APPARATUS FOR COMMUNICATIONS USING SECRET KEY IN COMMUNICATION SYSTEM - An operation method of a first communication node in a communication system may comprise estimating a channel state between the first communication node and a second communication node based on a pilot signal received from the second communication node; generating a first channel codebook based on the estimated channel state; transmitting information of the first channel codebook to the second communication node; receiving a response indicating whether the first channel codebook is to be used from the second communication node; when the response is an ACK indicating that the first channel codebook is to be used, generating a first secret key by using the first channel codebook; and transmitting data encrypted using the first secret key to the second communication node. | 2020-11-05 |
20200351256 | ACCESS STRATUM SECURITY FOR EFFICIENT PACKET PROCESSING - Certain aspects of the present disclosure provide techniques for managing security keys for enciphering and deciphering packets transmitted in a wireless communications system. According to certain aspects, a method of wireless communication by a user equipment (UE) is provided. The method generally includes obtaining an indication of a key area identifier (ID) of a first cell node, wherein the key area ID identifies a set of cell nodes that are associated with a network node that uses a first key for enciphering or deciphering messages and communicating a first set of messages with the first cell node using the first key for enciphering or deciphering the first set of messages. | 2020-11-05 |
20200351257 | INFORMATION PROCESSING METHOD, INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING SYSTEM - An information processing method implemented by a computer, the method includes the steps of transmitting authentication information to a destination specified by a first user, receiving, from a terminal used by a second user corresponding to the destination, the authentication information and a second identification information for identifying the terminal, authenticating the terminal if the authentication information from the terminal is received, and storing the second identification information received from the terminal in association with a first identification information for identifying the first user, if the terminal has been authenticated. | 2020-11-05 |
20200351258 | Blockchain Operating System - Systems, methods, and software are disclosed herein to execute functionalities of a blockchain operating system. A transactional request for an operating system instruction is received from a user device in a distributed network of nodes. The transactional request is authenticated in the distributed network of nodes based on data associated with the transactional request. A blockchain is then evaluated for one or more scripts associated with the transactional request. In response, the operating system instruction is generated based on the one or more scripts. The operating system instruction is then transferred to the user device in the distributed network or nodes. | 2020-11-05 |
20200351259 | RUNTIME CREDENTIAL REQUIREMENT IDENTIFICATION FOR INCIDENT RESPONSE - Described herein are systems, methods, and software to enhance incident response in an information technology (IT) environment. In one example, an incident service identifies a course of action to respond to an incident in the IT environment. The incident service further identifies a particular step in the course of action associated with a credential requirement based on traits associated with the particular step, and generates a credential request to obtain credentials to support the credential requirement. | 2020-11-05 |
20200351260 | METHOD AND SYSTEM FOR APPLICATION AUTHENTICITY ATTESTATION - A method at a network element for attestation of applications, the method including sending a challenge to an application at an electronic device; receiving a response from the electronic device; processing the response; and upon determining that the response is invalid based on the processing, taking an enforcement action against the application. | 2020-11-05 |
20200351261 | ONBOARDING AN UNAUTHENTICATED CLIENT DEVICE WITHIN A SECURE TUNNEL - Example method includes: establishing a secure tunnel with an unauthenticated client device associated with a user of a restricted network; receiving user credentials associated with the user and transmitted from the unauthenticated client device within the secure tunnel; validating the received user credentials; and transmitting at least a client certificate and device configuration information to the unauthenticated client device within the secure tunnel such that the unauthenticated client device is able to access the restricted network after installing the client certificate and applying the device configurations based on the received device configuration information. | 2020-11-05 |
20200351262 | SYSTEM FOR SECONDARY AUTHENTICATION VIA CONTACTLESS DISTRIBUTION OF DYNAMIC RESOURCES - Embodiments of the present invention provide a system for secondary authentication via contactless distribution of dynamic resources. When an event request associated with a user is received, a prompt for event information is transmitted to a computing device. Based on the event information that is received, a determination is made that the event request requires a secondary authentication in the form of a near field communication (“NFC”) interaction between an NFC chip associated with the user and a secondary authentication device. The NFC chip associated with the user may additionally be associated with a dynamic resource value element. Once the NFC interaction is detected, a dynamic resource value is extracted and compared to an expected dynamic resource value. If the values match, then the user is authenticated for the requested event at the secondary authentication level. | 2020-11-05 |