45th week of 2021 patent applcation highlights part 66 |
Patent application number | Title | Published |
20210352048 | One-Armed Inline Decryption/Encryption Proxy Operating in Transparent Bridge Mode - A proxy device coupled to a network receives communications between a client and a server on the network. The proxy device operates transparently to the client and the server, while coupled to receive and process the communications from a node on the network via a network port in a one-armed configuration, The proxy device communicates packets of the communications with an external tool coupled to the proxy device via a tool port and operates transparently to the nod and the tool. In certain embodiments, the tool may be a network security device, such as a firewall. | 2021-11-11 |
20210352049 | Techniques For Securely Communicating Sensitive Data For Disparate Data Messages - Systems and methods are disclosed for securely communicating sensitive such as an identifier. A user device may receive a first message comprising a terminal type indicator. For certain values of the terminal type indicator, the user device may be configured to transmit a request message comprising a first identifier and an encrypted identifier. For other values of the terminal type indicator, the user device may be configured to generating an obfuscated identifier based at least in part on a first portion of a second identifier and a second portion of the encrypted identifier. The user device may then transmit a request message that includes the obfuscated identifier and the encrypted identifier. | 2021-11-11 |
20210352050 | PRIVACY FILTER FOR INTERNET-OF-THINGS (IOT) DEVICES - A privacy filter for internet of things (IOT) devices and can include a processor, a profile resource, a device interface, an external network interface, and a storage having instructions for filtering processes and encoding processes (e.g., appropriate processes of a software development kit (SDK)). The privacy filter can receive a payload comprising audio content from a connected device; obtain filter criteria for the connected device; identify portions of the payload satisfying the filter criteria; and affect audio of the audio content corresponding to the identified portions of the payload. after affecting the audio, the privacy filter can reassemble the payload according to an IOT provider SDK and can communicate the reassembled payload to an IOT provider service. | 2021-11-11 |
20210352051 | Method of Enabling a Secure Communication to a Target Device over a Network - A method for enabling a secure communication with a target device over a network includes: opening an unsecured OPC UA Endpoint by an OPC UA Server that runs on the target device; connecting to the OPC UA Server over the network by an OPC UA Client running on a first device, and requesting the initial device certificate; receiving the initial device certificate by unsecured communication over the network; validating, by the first device, the initial device certificate; establishing, by the first device, a device certificate; encrypting, by the first device, at least the device certificate; sending the encrypted data over the network; decrypting, by the target device, the encrypted data using an initial device private key associated with the initial device certificate to obtain at least the device certificate; storing the device certificate on the target device; and opening a secured OPC UA Endpoint by the OPC UA Server. | 2021-11-11 |
20210352052 | ENCRYPTION AND DECRYPTION METHOD AND SERVER OF DIGITAL CODING, AND STORAGE MEDIUM - The present disclosure describes techniques of encryption and decryption. The described techniques comprise obtaining a digital code to be encrypted; obtaining at least one predetermined rule; generating an encrypted digital code by rearranging and reorganizing bits comprised in the digital code to be encrypted based on the at least one predetermined rule; and delivering the encrypted digital code to a client computing device. | 2021-11-11 |
20210352053 | Private 5G Cellular Connectivity as a Service Through Full-Stack Wireless Steganography - A steganographic communication system and method are provided. A covert packet generator can embed a stream of covert data as covert data symbols within primary I/Q symbols of a primary data stream in a covert packet. The covert packet has a data structure having a header, a payload, and a payload error detecting code. The header includes information on how to demodulate the covert packet by a receiver. The covert packet generator can also determine if a number of primary I/Q symbols is large enough to generate the header and can generate displacements in the primary I/Q symbols in a constellation diagram randomly in a plurality of transmissions to mimic channel noise. A transmitter and receiver can provide mutual authentication for covert transmissions. | 2021-11-11 |
20210352054 | METHODS AND DEVICES FOR GENERATING A SYMMETRIC SESSION KEY FOR ENCRYPTED COMMUNICATION - According to one embodiment, a method performed by a first communication device for generating a symmetric session key for encrypted communication with a second communication device is described comprising generating a blinding value for each of a first and a second private key component, generating a blinded public key from the first private key component, the second private key component, and the blinding values using a public key generation function, transmitting the blinded public key to the second communication device for encryption of a shared secret, receiving the shared secret, generating a session key for encrypted communication with the second communication device from the shared secret, encrypting, using the session key, an information from which the blinding values are derivable and transmitting the encrypted information to the second communication device. | 2021-11-11 |
20210352055 | Using Keyboard App to Encrypt E-mail and Other Digital Data - A system uses a keyboard application to encrypt and decrypt e-mail, messages, and other digital data. By using quantum random number generators, the system has improved data security. Using a quantum random number, an agent (at a sender side) generates an encryption key which is used to automatically encrypt a message. The encryption key is stored at a key server. The encrypted message will be sent by an application using its standard transmission means such as SMTP, SMS, and others. The encrypted message can be automatically unencrypted by using an agent (at a recipient side) and retrieving the key from the key server. The system also provides an optional double encryption, where the message is encrypted with a user-generated password before being encrypted using the encryption key. | 2021-11-11 |
20210352056 | DECENTRALIZED AND DISTRIBUTED SECURE HOME SUBSCRIBER SERVER DEVICE - A decentralized and distributed secure home subscriber server is provided. First data can be sent representing a first nonce string to a mobile device; and in response to receiving second data representing the first nonce string and a second nonce string, a communication channel can be established with the mobile device as a function of the first nonce string. | 2021-11-11 |
20210352057 | SYSTEM AND METHOD FOR IMPLEMENTING SECURE COMMUNICATIONS FOR INTERNET OF THINGS (IOT) DEVICES - Novel tools and techniques might provide for implementing secure communications for IoT devices. In various embodiments, a gateway or computing device might provide connectivity between or amongst two or more Internet of Things (“IoT”) capable devices, by establishing an IoT protocol-based, autonomous machine-to-machine communication channel amongst the two or more IoT capable devices. For sensitive and/or private communications, the gateway or computing device might establish a secure off-the-record (“OTR”) communication session within the IoT protocol-based, autonomous machine-to-machine channel, thereby providing encrypted machine-to-machine communications amongst the two or more IoT capable devices, without any content of communications that are exchanged amongst the IoT capable devices over the secure OTR communication session being recorded or logged. In some cases, the secure OTR communication session utilizes cryptographic protocols including, without limitation, one or more of AES symmetric-key algorithm, Diffie-Hellman key exchange, SHA-1 hash function, forward secrecy, deniable authentication, malleable encryption, and/or the like. | 2021-11-11 |
20210352058 | CONNECTING AND RESETTING DEVICES - A computer implemented method for managing a connection between a device and a server resource, the method comprising: establishing the connection between the device and a first server of the server resource; registering a connection identifier relating to the connection between the device and the first server in a first database entry of a database arrangement; pre-computing, at the first server, an encrypted alert for the device, the alert being provided with a pre-defined future communication sequence number; and transmitting the alert from the first server to the database arrangement for storage in association with the first database entry of the database arrangement. | 2021-11-11 |
20210352059 | Message Display Method, Apparatus, and Device - A message display method includes receiving first input information, extracting key information in the first input information, matching the key information and a user name, determining a target user name, binding the first input information and the target user name, and sending, to a receiver terminal, the first input information and the target user name that are bound, so that the receiver terminal displays a reminder message according to the target user name. | 2021-11-11 |
20210352060 | Physically Decentralized and Logically Centralized Autonomous Command & Control including Cybersecurity - Various embodiments that pertain to network functions are described. A network can be an ad hoc network that function with peer-to-peer communications. The network can be physically decentralized, yet logically centralized. Various functions can be practiced within this network environment. In one example, a provider can provide an authorization to a robot by way of a peer-to-peer communication. The robot can validate the authorization and practice what is authorized in response to the authorization being validated. This authorization can be to perform a function autonomously for a defined length of time. | 2021-11-11 |
20210352061 | SECURE SYSTEMS AND METHODS FOR HOSTED AND EDGE SITE SERVICES - A system described herein may provide techniques for providing secure, configurable, network services via a dynamic gateway. Network services may be provided using virtual machines, pods, and/or containers. The dynamic gateway may provide hosted services and edge site services. The dynamic gateway may provide separate secure access to the hosted services and edge site services, utilizing different administrator credentials for the hosted services and edge site services. A host services orchestrator may receive usage information from the dynamic gateway. The host services orchestrator may generate a usage prediction based on the received information. The host services orchestrator may, based on the usage prediction, allocate provided services between edge site and hosted services and may further allocate hardware and/or software resources of the dynamic gateway. The dynamic gateway hardware resources may be managed by the hosted services and access may be provided to the edge site services via the hosted services. | 2021-11-11 |
20210352062 | SYSTEM AND METHOD FOR CERTIFICATE BASED AUTHENTICATION FOR TETHERING - A method includes enabling, by a tethering device that is tethered to a tethered device, a firewall to redirect network traffic from the tethered device to an authentication application executing on the tethering device. The method also includes receiving, by the tethering device from the tethered device, a user certificate of the tethered device during an authentication process. The method further includes verifying, by the tethering device, the user certificate of the tethered device using a certificate authority (CA) certificate of the tethered device that is installed on the tethering device. In addition, the method includes, in response to successful verification of the user certificate of the tethered device, disabling the firewall to allow the network traffic to and from the tethered device. | 2021-11-11 |
20210352063 | COMPUTER SYSTEM SECURITY SERVER SYSTEM AND METHOD - Some embodiments of the invention provide systems and methods for securing configuration information for cloud-based services. Some embodiments include a system comprising a data store and data sets including plant process information and configuration information. A memory device stores computer-executable instructions executable by a processor coupled to the cloud service. When executed, the instructions receive configuration information, store it in a data file, apply a generated certificate to the file, and deploy the resulting protected configuration data file to the cloud-based service. In addition, the protected configuration data file is made available by obtaining the file from the cloud-based service. | 2021-11-11 |
20210352064 | PROTECTIONS AGAINST SECURITY VULNERABILITIES ASSOCIATED WITH TEMPORARY ACCESS TOKENS - Disclosed embodiments relate to systems and methods for automatically detecting and addressing security risks in code segments. Techniques include identifying a request from a network identity for an action involving a target network resource, wherein the action requires a temporary access token. Techniques further include performing, based on a security policy, at least one of: storing the temporary access token separate from the network identity and providing the network identity with a customized replacement token having an attribute different from the temporary access token; or creating a customized replacement role for the network identity, the customized replacement role having associated permissions that are customized for the network identity based on the request. | 2021-11-11 |
20210352065 | TOKENIZED ONLINE APPLICATION SESSIONS - A method includes receiving, by a token provider server, a first request for a first token that is associated with first information from a first application. The first request for the first token is part of an application session between a plurality of applications that includes the first application. The token provider server provides the first token to the first application. The token provider server receives the first token from a second application of the plurality of applications. The token provider server provides first information associated with the first token to the second application. The first information enables an action to be performed by the second application based on the first information. | 2021-11-11 |
20210352066 | Range of Motion Tracking System - A method for range of motion (ROM) tracking, that determines with a ROM tracking system, an exercise identified by a caregiver to be performed by a subject by positioning a sensor of the ROM tracking system to allow the sensor to detect at least one movement by the subject during a performance of the exercise, and then detecting, through the sensor, at least one movement of the subject. The system further analyzes the movement by the subject to determine a range of motion of the at least one movement; recording through a user interface an indication by the subject of an experiential narrative; and finally, providing a report to the caregiver, where the report contains the results of at least one movement in conjunction with at least a portion of the experiential narrative. | 2021-11-11 |
20210352067 | METHOD AND SYSTEM FOR MANAGING CLOUD SERVICE CLUSTER - Method and system for managing a cloud service cluster are provided. A platform authentication server and a cluster authentication server respectively generate an authentication key according to a preset key generation manner; when receiving cluster management instruction for a target cluster, a cloud management platform sends an authentication information acquisition request to the platform authentication server to generate authentication information, and feeds back the authentication information to the cloud management platform to send a cluster management request carrying the authentication information to a target management server of the target cluster; the target management server extracts the authentication information from the cluster management request, and sends the authentication information to a target cluster authentication server of the target cluster to perform an authentication on the authentication information according to the authentication key; and if the authentication is successful, the target management server executes the cluster management request. | 2021-11-11 |
20210352068 | AUTHENTICATION, AUTHORIZATION AND ACCOUNTING FUNCTIONALITY WITHIN AN ACCESS NETWORK OF A TELECOMMUNICATIONS NETWORK AND/OR AN IMPROVED ACCESS NETWORK ARCHITECTURE - A method for an access network of a telecommunications network includes: in a first step, a first authentication, authorization and accounting (AAA)-related message is sent by an authentication server entity and received by an access orchestrator entity, the first AAA-related message comprising: at least one standardized message attribute according to an access protocol; and at least one vendor-specific message attribute; in a second step, subsequent to the first step, the access orchestrator entity sends a second AAA-related message to a service edge entity, the second AAA-related message solely comprising the at least one standardized message attribute according to the access protocol; and in a third step, subsequent to the first step and prior to, during or after the second step, the access orchestrator entity sends at least one third AAA-related message to the service edge entity, the at least one third AAA-related message corresponding to a message according to an application programming interface (API) or to a further access protocol. | 2021-11-11 |
20210352069 | LOCAL AUTHENTICATION VIRTUAL AUTHORIZATION - A computer system is provided. The computer system includes a memory, a network interface, and at least one processor coupled to the memory and the network interface. The processor is configured to intercept a request transmitted by an application hosted within a virtual computing session, the request being a request to be authorized to access a resource; pass the request to a virtualization agent hosted outside the virtual computing session; receive a response to the request, the response including a credential granting authorization to access the resource; and pass the response to the application to authorize the application to access the resource through use of the credential. | 2021-11-11 |
20210352070 | METHODS AND SYSTEMS FOR PROVIDING A CUSTOMIZED NETWORK - In some embodiments, a system is a reverse-proxying HTTP cache server that handles user session management and dynamically forwards requests to origin/backend servers based on the content being requested. It caches data from origin servers in order to reduce the stress placed on each origin server. It uses encrypted authorization tokens to handle session management and is able to modify origin data on-the-fly in order to inject per-client authorization information into the data stream. It can enforce maximum concurrent session limits, user bans, limit exemptions, and time-limited live content previews. | 2021-11-11 |
20210352071 | SYSTEMS AND METHODS FOR THIRD-PARTY INTEROPERABILITY IN SECURE NETWORK TRANSACTIONS USING TOKENIZED DATA - Embodiments include methods and systems for enabling third-party data service interoperability, comprising receiving, from an electronic data server, a request for a low-value token, the low-value token being associated with a subset of sensitive data associated with a user; providing the low-value token to the electronic data server; receiving a request for the subset of sensitive data, from a third-party data service server, the request comprising the low-value token; de-tokenizing the low-value token to obtain the subset of sensitive data; providing the subset of sensitive data to the third-party data service server; receiving, from an electronic data server, the low-value token and a transaction authorization request; determining, based on the low-value token and authorization request, an authorization response; and providing the authorization response to the electronic data server. | 2021-11-11 |
20210352072 | WEB ACCESS CONTROL METHOD - A method for web access control that comprises the following steps: creating a content item ( | 2021-11-11 |
20210352073 | Systems And Methods For Enhanced Authorization Messages - Techniques for authorizing a transaction or interaction of a user that is modified by authentication information for the same user are described herein. In embodiments, an authorization request message for a transaction and a session identifier may be received from a transport computer or a resource provider computer. A portion of pre-analyzed data about the user and the one or more interactions may be obtained, from a database, based on the session identifier. A risk analysis for the transaction using the portion of the pre-analyzed data may be performed to generate a value. The authorization request message may be modified to include the portion of the pre-analyzed data and the value. The modified authorization request message may be transmitted to an authorizing computer. | 2021-11-11 |
20210352074 | METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR MANAGING ACCESS PERMISSIONS FOR A SEARCHABLE ENTERPRISE PLATFORM - Embodiments of the present invention provide methods, systems, apparatuses, and computer program products for managing access permissions for a searchable enterprise platform. In one embodiment, an apparatus is configured to retrieve a user global permissions profile associated with a user profile, the user global permissions profile comprising application access permissions assigned to the user profile for the plurality of software applications; retrieve a global content permissions profile, the global content permissions profile comprising content access permissions assigned to digital content items that are retrievable by one or more of the plurality of software applications; apply permissions conflict rules to resolve permissions conflicts between the user global permissions profile and the global content permissions profile to produce a resolved permissions profile; store the resolved permissions profile to a storage for future use. | 2021-11-11 |
20210352075 | GROUP IDENTIFICATION USING MACHINE LEARNING - The subject disclosure provides a machine learning engine trained to recommend, from contacts on a user's device, potential group members to be included in a group with the user. The potential group members can be identified in a privacy preserving manner in which the identification is performed locally at the user's device, using data that is locally stored at the user device. In one or more implementations, a remote server may provide an initial indication to the user's device that potential group members may exist, thereby triggering the local identification of the potential group members for suggestion to the user. | 2021-11-11 |
20210352076 | ENFORCING GRANULAR ACCESS CONTROL POLICY - An example method of enforcing granular access policy for embedded artifacts comprises: detecting an association of an embedded artifact with a resource container; associating the embedded artifact with at least a subset of an access control policy associated with the resource container; and responsive to receiving an access request to access the embedded artifact, applying the access control policy associated with the resource container for determining whether the access request is grantable. | 2021-11-11 |
20210352077 | LOW TRUST PRIVILEGED ACCESS MANAGEMENT - An access management process orchestration method, an access management governance orchestrator, and a computer program product. One embodiment may comprise receiving a request for accessing a managed resource of an information system, querying an authorization for accessing the resource from an access manager, and in response to the querying of the authorization, requesting an access control policy update to grant the access to the managed resource. Receiving the request, querying the authorization, and requesting the access control policy update may comprise generating a transaction record, and adding the transaction record to a distributed ledger, wherein the distributed ledger simultaneously maintains the transaction record at multiple nodes throughout a network. | 2021-11-11 |
20210352078 | RESTRICTING ACCESS TO COGNITIVE INSIGHTS - Techniques for ensuring the security of cognitive insights are disclosed. A request to generate a cognitive insight is received from a requestor. The requestor is associated with a requestor data security level. The cognitive insight is generated using a first machine learning model and a plurality of data sources, each data source associated with a respective data security level. An insight data security level for the generated cognitive insight is identified based on the insight and the plurality of data sources. A first data security level associated with a data source of the plurality of data sources is modified, based on the identified insight data security level. It is determined, based on the requestor data security level and the insight data security level, that the requestor is authorized to access the generated insight. In response the generated insight is provided to the requestor. | 2021-11-11 |
20210352079 | METHOD AND CONSOLE SERVER FOR CREATING AND MANAGING DISPATCH ROLE LISTS - A method and console are provided to create and manage dispatch unit identities on multiple independent communications systems. A console server receives a first dispatch unit list from a first radio system. The first dispatch unit list includes a first plurality of dispatch unit IDs from the first radio system. The console server receives a second dispatch unit list from a second radio system. The second dispatch unit list includes a second plurality of dispatch unit IDs from the second radio system. The console server creates a first role that includes at most one dispatch unit ID from each radio system. Multiple roles can be created by the console server. Upon authenticating a dispatcher at the console server, the console server presents a menu of roles available to the dispatcher. The menu of roles can include all roles on the console server or only the roles that the dispatcher is allowed to choose and that are currently available. Upon receiving a valid selection from the dispatcher, the console server associates the selected role with the dispatcher and makes the selected role unavailable to other dispatchers until released by the dispatcher that selected it. While associated with a dispatcher, the dispatch console uses the relationship of dispatch unit ID and associated communication system defined in the role to enable the single dispatcher to be identified correctly on the associated communications systems being used. | 2021-11-11 |
20210352080 | Blockchain-Based Commercial Inventory Systems And Methods - Systems, methods, and software are disclosed herein to generate a customized view of a blockchain transaction. A blockchain of block entries requested by a plurality of users from user devices is maintained in a distributed network of nodes. The block entries each comprise a plurality of data portions that are each associated with an access level. A request to view one or more data portions of a block entry is received which includes an access code associated with at least one access level. The access code in the request is evaluated with the blockchain of block entries to identify one or more data portions associated with the access level. A customized view of the block entry is generated which includes the one or more data portions associated with the access level. Enhanced operational efficiency and customer convenience is thereby provided in industries including parking, hotels, and autonomous vehicle fleets. | 2021-11-11 |
20210352081 | PERSONALIZED SERVICES BASED ON CONFIRMED PROXIMITY OF USER - A first computing device that provides a first service is configured to securely provide personalized services to a user of a second computing device. The first computing device obtains an authentication token and confirms the proximity of the user associated with the second computing device. The first computing device confirms the proximity of the user by detecting a connection of a physical cable between the first computing device and the second computing device. The first computing device provides the authentication token to the second computing device via the physical cable. The first computing device also authenticates the user of the second computing device and determines a second service available to the user of the second computing device. The first computing device combines the first service with the second service to provide a personalized service to the user at the first computing device. | 2021-11-11 |
20210352082 | DATA INTEGRITY PROTECTION METHOD AND APPARATUS - A data integrity protection method and apparatus in a network environment are described. A terminal device obtains an integrity protection algorithm and a key corresponding to a session or a flow, and a DRB corresponding to the session. The terminal device performs, by using the integrity protection algorithm and the key corresponding to the session, integrity protection on data of the DRB corresponding to the session or the flow, where one session includes a plurality of flows. Different integrity protection algorithms and keys can be used for different sessions, and different integrity protection algorithms and keys can also be used for different flows. In this way, integrity protection is more flexible and meets security requirements of a same user for different services. | 2021-11-11 |
20210352083 | SYSTEMS AND METHODS FOR MANAGING DIGITAL IDENTITIES - Systems and methods for managing digital identities. In some embodiments, a method is provided, comprising acts of: receiving a request to validate at least one statement about a user; identifying, from the request, a reference to a distributed ledger, the reference comprising an identifier for the distributed ledger and an identifier for a transaction recorded on the distributed ledger; identifying, based at least in part on the identifier for the distributed ledger, at least one node of a network of nodes managing the distributed ledger; and communicating with the at least one node to validate the at least one statement about the user | 2021-11-11 |
20210352084 | METHOD AND SYSTEM FOR IMPROVED MALWARE DETECTION - Systems and methods are provided for detecting malware. The method includes receiving a request for a web page; determining expected attributes of the web page; generating a modified web page by combining the web page with code for detecting malware; transmitting the modified web page to a client device; receiving data collected from the executed version of the modified web page; determining attributes of the executed version of the modified web page; comparing the expected attributes with the attributes of the executed version of the modified web page; and determining whether the malware is present on the client device based on the comparison. | 2021-11-11 |
20210352085 | DEVICE CONNECTIVITY POWER CONTROL - A method, system, and program product for controlling power associated with connectivity between devices is provided. The method includes scheduling a copy function associated with copying data from a production hardware device to a secure hardware device at a specified time period. A first hardware connection between the production hardware device and a production network associated with the production hardware device is disabled during the specified time period and a second hardware connection between the production hardware device and the secure hardware device is enabled. A subsequent copy function is enabled for copying the data from the production hardware device to the secure hardware device. The second hardware connection between the production hardware device and the secure hardware device is disabled after the copy function has completed. In response, the first hardware connection between the production hardware device and the production network is enabled. | 2021-11-11 |
20210352086 | SYSTEM AND METHOD FOR MONITORING A SECURE COMMUNICATION - Evaluation of security of a communication system. The security of the communication system is continuously monitored and the result of this assessment is indicated. In particular, characteristic security information provided by a communication partner may be continuously received and evaluated for determining the security status. In this way, a change of the security status can be immediately recognized. Thus, a transmission of sensible or confidential data over an insecure communication network can be avoided. | 2021-11-11 |
20210352087 | QUANTUM COMPUTING MACHINE LEARNING FOR SECURITY THREATS - Embodiments are disclosed for a method for a security model. The method includes generating a Bloch sphere based on a system information and event management (SIEM) of a security domain and a structured threat information expression trusted automated exchange of indicator information. The method also includes generating a quantum state probabilities matrix based on the Bloch sphere. Further, the method includes training a security threat model to perform security threat classifications based on the quantum state probabilities matrix. Additionally, the method includes performing a machine learning classification of the security domain based on the quantum state probabilities matrix. | 2021-11-11 |
20210352088 | CENTRALIZED THREAT INTELLIGENCE - Systems and techniques for centralized threat intelligence are described herein. A connection may be established to a plurality of threat data sources. An anonymized set of threat data may be obtained by application of a set of privacy rules to the threat data from the plurality of threat data. A threat database may be populated with the anonymized set of threat data. A registration request may be received for a user of a device. A unique user identifier may be assigned for the user and a unique device identifier may be assigned for the device. A threat model may be generated based on a set of the characteristics from the threat database. A set of data access attributes may be received for a data access request. The data access request may be blocked based on an evaluation of the data access attributes using the threat model. | 2021-11-11 |
20210352089 | METHODS AND APPARATUS FOR NETWORK DETECTION OF MALICIOUS DATA STREAMS INSIDE BINARY FILES - Methods, apparatus, systems and articles of manufacture are disclosed to detect an attack in an input file. An example apparatus includes a detection controller to identify a section of a number of bytes of data in a buffer including a first or second byte of data indicative of a value within a preconfigured range, the preconfigured range corresponding to a range of values indicative of memory addresses, update a merged list with a chunk of data that includes the section having the first or second byte of data indicative of the value within the preconfigured range, and a reoccurrence detector to concatenate the chunk of data in the merged list into a string to identify a number of occurrences the string matches remaining data in the buffer, and in response to a detection of the number of occurrences exceeding an occurrence threshold, determine that the data includes a malicious data stream. | 2021-11-11 |
20210352090 | NETWORK SECURITY MONITORING METHOD, NETWORK SECURITY MONITORING DEVICE, AND SYSTEM - Disclosed is a network security monitoring device, which is included in a network comprising a first entity, a second entity, a switching device provided between the first entity and the second entity, and the network security monitoring device connected to the switching device. The device comprises the port for obtaining at least one mirrored packet for at least one packet transmitted and received between the first entity and the second entity on the basis of mirroring from the switching device, and a processor for determining whether a security problem has occurred for a network associated with the first entity and the second entity on the basis of at least some of information included in the at least one mirrored packet. | 2021-11-11 |
20210352091 | ATTACK DETECTION DEVICE AND COMPUTER READABLE MEDIUM - An execution control unit ( | 2021-11-11 |
20210352092 | ATTACK SIGNATURE GENERATION - Methods and systems for detecting malicious activity on a network. The methods described herein involve gathering data regarding a first state of a computing environment, executing an attack tool to simulate malicious activity in the computing environment, and then gathering data regarding a second state of the computing environment. The methods described herein may then involve generating a signature based on changes between the first and second states, and then using the generated signature to detect malicious activity in a target network. | 2021-11-11 |
20210352093 | RESPONSIVE PRIVACY-PRESERVING SYSTEM FOR DETECTING EMAIL THREATS - Embodiments of the present disclosure provide centralized and coordinate learning techniques for identifying malicious e-mails while maintaining privacy of the analyzed e-mails of different organizations. One or more models may be generated and configured to construct feature sets that may be used to characterize e-mails as malicious or safe. Feedback associated with one or more models trained by a first organization (and other organizations) may be shared with a modelling device to modify parameters of the one or more models, where the modified parameters are configured to improve identification of malicious e-mail threats. The feedback provided by the first organization may not include e-mails received by the first organization, thereby enabling the privacy of the e-mails received by the first organization to be maintained in an confidential manner even though the updated parameters may be shared with a second organization. | 2021-11-11 |
20210352094 | Rule-Based Network-Threat Detection For Encrypted Communications - A packet-filtering system configured to filter packets in accordance with packet-filtering rules may receive data indicating network-threat indicators and may configure the packet-filtering rules to cause the packet-filtering system to identify packets comprising unencrypted data, and packets comprising encrypted data. A portion of the unencrypted data may correspond to one or more of the network-threat indicators, and the packet-filtering rules may be configured to cause the packet-filtering system to determine, based on the portion of the unencrypted data, that the packets comprising encrypted data correspond to the one or more network-threat indicators. | 2021-11-11 |
20210352095 | CYBERSECURITY RESILIENCE BY INTEGRATING ADVERSARY AND DEFENDER ACTIONS, DEEP LEARNING, AND GRAPH THINKING - A technique for providing cyber resilience by integrating autonomous adversary and defender agents, deep learning, and graph thinking. An automated competitive environment of autonomous adversary and defender agents is provided such that the adversary agent can emulate the adversary activities, patterns, and intentions using all available cybersecurity measurements and observations, and, the defender agent can generate and suggest the best possible appropriate actions to mitigate or prevent adversary activities while recovering or protecting assets. An automated cyber resilience system with autonomous agents is provided using machine learning and security analytics to first predict the current and future adversary activities and then provide an automated critical asset protection and recovery by enabling agents to take appropriate reactive and pro-active actions at each time step to prevent, recover, or mitigate adversary activities over enterprise and tactical networks. | 2021-11-11 |
20210352096 | AUTOMATICALLY DETECTING VULNERABILITY REMEDIATIONS AND REGRESSIONS - A mechanism is described herein for automatically detecting vulnerability remediations and regressions. A system may receive data indicating that a security alert exists for a specific vulnerability. The system retrieves parameters from the alert and generates (or retrieves) a script or a set of scripts for detecting the vulnerability based on those parameters. The script is executed to determine whether the vulnerability has been remediated or has regressed post remediation. If the system determined that the vulnerability has been remediated, it transmits a request to resolve the security alert. The script is then continually or periodically executed. If the system, through executing the script, determines that the vulnerability has been reintroduced into the environment (e.g., via a code upgrade or a parameter update), it reopens the existing alert indicating that the vulnerability has been reintroduced into the environment. | 2021-11-11 |
20210352097 | THIRD-PARTY APPLICATION RISK ASSESSMENT IN AN AUTHORIZATION SERVICE - Technologies are shown for application risk assessment in an authentication service where an authorization request is received from a third party application calling an Application Programming Interface (API). Risk assessment policies that pertain to behavioral characteristics, such as API usage patterns or past delegation of permissions, are applied to the authorization request to obtain a risk assessment score. If the risk assessment score does not exceed a risk threshold, then an authorization message is sent in response to the authorization request. If the risk assessment score exceeds the risk threshold, then remedial action, such as suspending the application, limiting the available actions, or sending a notification to a trusted security application, is executed for an account associated with the third party application. Machine learning can be applied to historical behavioral data to generate the risk assessment policies. | 2021-11-11 |
20210352098 | System for automatically discovering, enriching and remediating entities interacting in a computer network - An entity tracking system and method for a computer network employs proactive data collection and enrichment driven by configurable rules and workflows responsive to the discovery of new entities, changes to existing entities, and specifics about the entities' attributes. The data collection is used in conjunction with graph technologies to map interactions and relationships between various entities interacting in the computer environment and deduce interactions and relationships between the entities. Machine learning techniques further identify, group or categorize entities and identify patterns which are indicative of anomalies that might be due to nefarious actions or compromised security. | 2021-11-11 |
20210352099 | System for automatically discovering, enriching and remediating entities interacting in a computer network - An entity tracking system and method for a computer network employs proactive data collection and enrichment driven by configurable rules and workflows responsive to the discovery of new entities, changes to existing entities, and specifics about the entities' attributes. The data collection is used in conjunction with graph technologies to map interactions and relationships between various entities interacting in the computer environment and deduce interactions and relationships between the entities. Machine learning techniques further identify, group or categorize entities and identify patterns which are indicative of anomalies that might be due to nefarious actions or compromised security. | 2021-11-11 |
20210352100 | SYSTEM AND METHOD TO PERFORM AUTOMATED RED TEAMING IN AN ORGANIZATIONAL NETWORK - The present invention discloses system and method to perform automated red teaming in organizational network replacing conventional orchestration and playbooks. The method includes obtaining input data and exit criterion for an organization from data sources. Further, the method includes determining attack surface associated with the organization based on the obtained input data and the exit criterion. The method includes identifying attack frontiers for the attack surfaces. Further, the method includes prioritizing the attack frontiers. Additionally, the method includes simulating the attack frontiers at the attack surfaces based on the prioritization. Moreover, the method includes determining attack paths associated with the attack surface based on results of simulation. Also, the method includes learning attack patterns associated with the attack paths based on the results of execution. Further, the method includes generating an artificial intelligence-based security model representing vulnerability of the attack surfaces. | 2021-11-11 |
20210352101 | ALGORITHMIC PACKET-BASED DEFENSE AGAINST DISTRIBUTED DENIAL OF SERVICE - A middlebox includes at least one processor and a memory storing one or more executable instructions that, when executed by the least one processor, cause the at least one processor to receive, from a server, a middlebox key that includes an indication of a lifetime of the middlebox key, receive, from a client device, one or more data packets including encrypted header data and a client device identifier, and determine whether to permit a transmission of the one or more data packets to the server or prevent a transmission of the one or more data packets to the server based on the middlebox key, the encrypted header data, and the client device identifier. | 2021-11-11 |
20210352102 | SYSTEMS AND METHODS FOR PERFORMING SIMULATED PHISHING ATTACKS USING SOCIAL ENGINEERING INDICATORS - Systems and methods are provided for performing simulated phishing attacks using social engineering indicators. One or more failure indicators can be configured in a phishing email template, and each failure indicator can be assigned a description about that failure indicator through use of a markup tag. The phishing email template containing the markup tags corresponding to the failure indicators can be stored and can be used to generate a simulated phishing email in which the one or more markup tags are removed. | 2021-11-11 |
20210352103 | DYNAMIC MAZE HONEYPOT RESPONSE SYSTEM - In several aspects of the present invention, a processor receives, from a rule-based intrusion detection system, an intercepted request sent by a hacker. A processor analyzes the intercepted request to determine, in part, a type of service and a type of hacker. A processor builds a first layer of a honeypot maze based on the analyzed intercepted request. A processor simulates the first layer of the honeypot maze to the hacker. A processor iteratively builds additional layers of the honeypot maze based on additional intercepted requests from the hacker. | 2021-11-11 |
20210352104 | DETECTING MALICIOUS ACTIVITY IN A CLUSTER - Access is provided to a plurality of virtual logical hosts and a decoy resource. Each virtual logical host comprises comprising one or more virtualized containers. A communication sent to the decoy resource is detected. Network communication data with respect to the decoy resource is collected based at least in part on detecting the communication sent to the decoy resource. The network communication data includes metadata used to provide said access via network communications to the decoy resource. | 2021-11-11 |
20210352105 | DECEPTION USING SCREEN CAPTURE - Multiple deception techniques utilized to mislead malicious entities that attempt to gather information associated with a computing device are implemented by changing a single result. In one aspect, requests for screen captures are intercepted and it is determined whether the requests are triggered due to user interaction (e.g., pressing a button and/or key) and/or received from an authorized application/device. If determined that the requests are not triggered due to user interaction and/or are received from an unauthorized application/device, a response comprising one of several pre-prepared or dynamically generated screen captures that are embedded (and/or appended) with misleading information (e.g., fake credentials, fake documents marked as important/hidden, etc.) is generated. Applications that attempt to utilize the misleading information can be flagged as malware. | 2021-11-11 |
20210352106 | ASYMMETRIC-MAN-IN-THE-MIDDLE CAPTURE BASED APPLICATION SHARING PROTOCOL TRAFFIC RECORDATION - In some examples, with respect to asymmetric-man-in-the-middle capture based application sharing protocol traffic recordation, a dynamic-link library that alters application programming interface calls with respect to communication between an application sharing protocol client and an application sharing protocol server may be injected into the application sharing protocol client. Based on the injected dynamic-link library, data from the communication between the application sharing protocol client and the application sharing protocol server may be ascertained. Further, based on the ascertained data, a test script may be generated to test operation of an application associated with the communication between the application sharing protocol client and the application sharing protocol server. | 2021-11-11 |
20210352107 | MULP: A MULTI-LAYER APPROACH TO ACL PRUNING - Disclosed embodiments are a computing system and a computer-implemented method related to minimizing the number of rules/policies needed to be stored to enforce those rules/policies. The minimizing comprising generating adjacency data structures mapping as adjacent pairs of network nodes, which are allowed to communicate with one another according to the plurality rules, and applying them for pruning the rule dataset. This allows an original set of rules/policies to be reduced into a smaller set, which conserves computational resources. | 2021-11-11 |
20210352108 | CLOUD ROUTER PLATFORM FOR SDN NETWORKS - A system is described whereby a cloud router may allow routing as a service in a cloud-like manner. In an example, an apparatus may include a processor and a memory coupled with the processor that effectuates operations. The operations may include receiving first routing information associated with a first customer edge device; adding the first routing information to network routing information of the apparatus, wherein the network routing information comprises a network routing table with routes for a plurality of networks; and propagating the network routing information to a software defined network (SDN) controller, wherein, based on the network routing information, the SDN controller sends a forwarding information base (FIB) to a provider edge device connected with the first customer edge device. | 2021-11-11 |
20210352109 | METHOD DEVICE AND SYSTEM FOR POLICY BASED PACKET PROCESSING - Provided are methods, apparatus, and system for policy based wide area network. A network of network appliances is configured with a policy configuration. Each network appliance is configured to validate each wide area network packet against the policy configuration. The validation can include verifying that the packets meet the SD-WAN network segment requirements and security rules including verifying that the source and destination address of the packet meet the firewall zone requirements. Each wide area network packet contains a policy header that is checked by the sending and receiving network appliance against the policy configuration. | 2021-11-11 |
20210352110 | AUTOMATIC ENDPOINT SECURITY POLICY ASSIGNMENT BY ZERO-TOUCH ENROLLMENT - A model-based industrial security policy configuration system implements a plant-wide industrial asset security policy in accordance with security policy definitions provided by a user. The configuration system models the collection of industrial assets for which diverse security policies are to be implemented. An interface allows the user to define zone-specific security configuration and event management policies for a plant environment at a high-level based on a security model that groups the industrial assets into security zones. When new industrial devices are subsequently installed on the plant floor, the system determines whether a security policy defined by the model is applicable to the new device and commissions the new device to comply with any relevant security policies. This mitigates the necessity for a system administrator to manually configure individual devices to comply with plant-wide security policies. | 2021-11-11 |
20210352111 | PASS BRIDGE SYSTEM (PROCESS AUTHORIZATION SAFETY/SECURITY) - A Process Authorization Safety/Security Bridge System (PASS) is an interface system or an equipment or a machine or a method of interface consisting of three essential components (1) Hardware Device (2) Wireless Device (3) Software Interface. PASS Bridge System is an interface or equipment or machine or method of interface. It has the ability to interface with process(s) or mission critical process(s) or equipment or machines or process controllers and enable the underlying process(s) to leverage multi factor authentication (MFA) capability of PASS Bridge System and establish process(s) access accountability and safety tracking/tracing. The PASS Bridge System can be used as a bridge or interface method or interface system to provide “TRUSTED ACCESS” process safety policy to any mission critical process(s) or any industrial process(s) or any process(s). | 2021-11-11 |
20210352112 | AUTOMATED COMPLIANCE FOR SECURITY BENCHMARK ASSURANCE - A method for migrating security benchmark compliance content from a source platform to a target platform includes filtering a set of configuration parameters in a source platform to a subset of configuration parameters, each of the parameters corresponding to a respectively different entry in a security checklist of a security benchmark. Then, a listing is presented in a user interface of each of the configuration parameters and for each configuration parameter, a corresponding entry in the security checklist regulating the configuration parameter according to a range of values. Finally, the configuration parameters in the subset are applied to a target platform excepting for at least one of the configuration parameters. Instead, alternative value within the range is received as input in the user interface and is applied to the target platform in lieu of the at least one of the configuration parameters. | 2021-11-11 |
20210352113 | METHODS FOR DISCOVERY OF MEDIA CAPABILITIES OF 5G EDGE - A method of managing capabilities of a media streaming network using at least one processor, including receiving a capability request for media streaming capabilities of an edge data network (EDN); determining the media streaming capabilities of the EDN; transmitting a capability response based on the determined media streaming capabilities; receiving a media processing workflow request based on the capability response; establishing a media streaming session according to the media processing workflow request; and streaming media content based on the media streaming session. | 2021-11-11 |
20210352114 | APPARATUSES, METHODS, COMPUTER PROGRAMS, AND COMPUTER PROGRAM PRODUCTS FOR FLUS REMOTE CONTROL CHANNELS - A method, performed by a source control entity, for controlling delivery of a media source to a media sink, is provided. The method includes: the source control entity sending an indication of availability for streaming; the source control entity establishing connections with one or more controller nodes; the source control entity receiving a first command from one of the one or more controller nodes; and the source control entity relaying the first command to the media source. | 2021-11-11 |
20210352115 | DIGITAL ASSISTANT HARDWARE ABSTRACTION - This relates to intelligent automated assistants and, more specifically, to intelligent context sharing and task performance among a collection of devices with intelligent automated assistant capabilities. An example method includes, at a first electronic device participating in a context-sharing group associated with a first location: receiving a user voice input; receiving, from a context collector, an aggregate context of the context-sharing group; providing at least a portion of the aggregate context and data corresponding to the user voice input to a remote device; receiving, from the remote device, a command to perform one or more tasks and a device identifier corresponding to a second electronic device; and transmitting the command to the second electronic device based on the device identifier, wherein the command causes the second electronic device to perform the one or more tasks. | 2021-11-11 |
20210352116 | SYSTEM, METHOD, AND ACTIVATION DEVICES FOR TRIGGERING PHONE CALLS TO MOBILE PHONES - An activation device includes a wireless communication interface, an activation circuitry, and a trigger device. The wireless communication interface is configured to communicate with a mobile phone in a personal area network. The activation circuitry is configured to generate a signal for activating the mobile phone. The trigger device is configured to receive an input from a user. When the trigger device receives the input from the user, the activation circuitry is caused to generate the signal, and the wireless communication interface is configured to send the signal to the mobile phone, causing the mobile phone to pass the call request to a call service, which is in turn caused to generate a call, calling the mobile phone. | 2021-11-11 |
20210352117 | System and Method for Determining Trust for SIP Messages - A method for performing initial registration is provided. The method includes receiving a server timeout message, the server timeout message including at least a field set to a value equal to a value received during a first registration. The method further includes initiating restoration procedures by performing an initial registration. | 2021-11-11 |
20210352118 | METHOD, SYSTEM, AND NON-TRANSITORY COMPUTER-READABLE RECORD MEDIUM FOR DISPLAYING REACTION DURING VOIP-BASED CALL - Disclosed is a reaction display method performed by a computer apparatus including processing circuitry, the reaction display method including displaying, by the processing circuitry, a content sharing screen with a voice over Internet protocol (VoIP) call screen during a VoIP call, the content sharing screen including shared media content, and a user of the computer apparatus participating in the VoIP call, receiving, by the processing circuitry, a position at which a reaction is input from the user during the VoIP call, sending reaction information and the position to at least one other user participating in the VoIP call, the reaction information corresponding to the reaction, and displaying an indication of the reaction on the VoIP call screen or the content sharing screen based on the position. | 2021-11-11 |
20210352119 | DIGITAL PROCESSING SYSTEMS AND METHODS FOR MULI-BOARD MIRRORING OF CONSOLIDATED INFORMATION IN COLLABORATIVE WORK SYSTEMS - Systems, methods, and computer-readable media for generating high level summary tablature based on lower level tablature are disclosed. The systems and methods may involve at least one processor configured to electronically access first data associated with a first board; electronically access second data associated with a second board and to perform electronic semantic analysis to identify a portion of the first data associated with the first board and a portion of the second data associated with the second board that share a similarity; consolidate in a third board reflecting a similarity consolidation, the identified first portion and the identified second portion; summarize the first portion and the second portion, and to aggregate the summarized first portion and the summarized second portion to form an aggregated summary; and present on the third board the aggregated summary in a manner associating the aggregated summary with the similarity consolidation. | 2021-11-11 |
20210352120 | METHOD, APPARATUS, AND COMPUTER READABLE MEDIUM FOR VIRTUAL CONFERENCING WITH EMBEDDED COLLABORATION TOOLS - A method, client computing device, and computer-readable medium for virtual conferencing with embedded collaboration tools, including receiving data corresponding to a virtual conference room hosted on a collaboration server and accessible to a plurality of participants on a plurality of client computing devices, the virtual conference room including a communication wall comprising an embedded audiovisual conference window, a collaboration wall comprising an embedded collaborative whiteboard, and an application wall comprising a plurality of embedded application widgets and rendering a three-dimensional representation of at least a portion of the virtual conference room that is customized for a user of the client computing device based at least in part on one or more user parameters associated with the client computing device. | 2021-11-11 |
20210352121 | METHOD AND SYSTEM FOR MANAGING USER ACCESS TO MULTIMEDIA CONTENT FOR ONLINE CONFERENCES USING METADATA - A method and system for managing user access to a multimedia content for an online conference using metadata is disclosed. In some embodiments, the method includes identifying a plurality of contexts for each of a plurality of conference data streams extracted from the multimedia content. The method further includes generating a plurality of metadata types based on the plurality of contexts associated with each of the plurality of conference data streams, providing a plurality of options corresponding to the plurality of metadata types to a user for accessing a section of interest in the plurality of conference data streams, receiving at least one selected option from the plurality of options by the user and validating the user access to one or more of the plurality of conference data streams based on the at least one selected option and access rights associated with the user. | 2021-11-11 |
20210352122 | SYSTEMS AND METHODS FOR JOINING A SHARED LISTENING SESSION - A server system receives from a first electronic device, an indication that the first electronic device has shared a first listening session playing back on a second electronic device. The server system receives, from a third electronic device, a first request for one or more shared listening sessions playing back on the second electronic device. The request includes an identifier of the second electronic device. In response to the first request, the server system transmits, to the third electronic device, a session identifier for the first listening session. The server system receives, form the third electronic device, a second request to join the first listening session using the session identifier for the first listening session. The server system then provides, to the third electronic device, access to the first listening session playing back on the second electronic device. The server system provides to the first and third electronic devices, a common set of controls for controlling media-playback of the first listening session at the second electronic device. | 2021-11-11 |
20210352123 | APPARATUS AND METHODS FOR PACKETIZED CONTENT ROUTING AND DELIVERY - Apparatus and methods for managing content delivery in a packetized network. In one embodiment, the network provide content to a plurality of clients via a plurality of nodes and origin points, and resources are discreetly represented (e.g., with IP addresses, such as those afforded under the IPv6 protocol) to allows for direct advertisement of resources. Exemplary solutions described herein further advantageously leverage extant architectures and protocols (such as BGP), and make use of a common control plane, which can be utilized for example by different content delivery network (CDN) operators and different delivery components to advertise resources. Internally within a given CDN, increased granularity of resource addressing and advertisement may provide benefits including: (i) resource affinity; (ii) resource-level balancing; (iii) dynamic resource scoping; and (iv) “zero-touch” provisioning and resource relocation. | 2021-11-11 |
20210352124 | CUSTOM GENERATED REAL-TIME MEDIA ON DEMAND - A method of generating custom real-time media on demand includes receiving a request for custom media to be generated at or near a service location from a media requestor, determining available media providers located at or near the service location, providing the media requestor information corresponding to the available media providers at or near the service location, receiving the media requestor's selection of a media provider from the available media providers, and facilitating provision of the custom media from the selected media provider to the media requestor. | 2021-11-11 |
20210352125 | DEVICES, SYSTEMS, AND METHODS FOR CONVERTING OR TRANSLATING DYNAMIC ADAPTIVE STREAMING OVER HTTP (DASH) TO HTTP LIVE STREAMING (HLS) - Provided herein are systems and methods that allow for converting or translating Dynamic Adaptive Streaming over HTTP (DASH) to HTTP Live Streaming (HLS) and vice versa. | 2021-11-11 |
20210352126 | VISUALIZATION AND INTERACTION OF 3D MODELS VIA REMOTELY RENDERED VIDEO STREAM SYSTEM AND METHOD - The disclosure is directed to systems and methods for local rendering of 3D models which are then accessed by remote computers. The advantage of the system is that extensive hardware needed for rendering complex 3D models is centralized and can be accessed by smaller remote computers without and special hardware or software installation. The system also provides enhanced security as model data can be restricted to a limited number of servers instead of stored on individual computers. | 2021-11-11 |
20210352127 | METHOD OF PLAYING AUDIO AND VIDEO, COMPUTING DEVICE, AND COMPUTER PROGRAM PRODUCT - A method of playing audio and video is provided. The method includes: obtaining a streaming media content to be encapsulated, and parsing the streaming media content to obtain audio parameter information and/or video parameter information; forming a Media Presentation Description (MPD) file in JavaScript Object Notation (JSON) format according to the audio parameter information and/or the video parameter information, wherein the MPD file in JSON format includes multiple streaming media content segments, each streaming media content segment includes a video segment and/or an audio segment, each of the video segment and the audio segment includes multiple arrays, and each array includes the audio parameter information or the video parameter information; sending the MPD file in JSON format to a client. | 2021-11-11 |
20210352128 | SYSTEM AND METHOD FOR DYNAMICALLY EXPANDING CONFERENCING CAPABILITIES AND FACILITATING ON DEMAND TRANSACTIONS WITHIN SOCIAL NETWORK ENVIRONMENTS - A web-based, online session system is provided in which a host server manages a multi-participant session. A plurality of participating devices may join the online session using a web-based interface and receive session content (e.g., video, audio, text, graphics, etc.) via the web-based interface. A user of a participating device may dynamically expand its resources/capabilities during an ongoing online session by adding accessory/supporting devices under its own participant account to the session. The added devices may communicate directly with the host server via a separate stream than the participating device. Additionally, the participating device may also transfer its complete participation in the online session to another device via the web-based interface. | 2021-11-11 |
20210352129 | METHODS OF HANDLING AN OVERLOAD SITUATION OF A SESSION INITIATION PROTOCOL, SIP NODE IN A TELECOMMUNICATION NETWORK, AS WELL AS RELATED SIP NODES - A method of handling an overload situation of a Session Initiation Protocol, SIP, node in a telecommunication network, wherein the method includes the steps of receiving, by a proxy SIP node in the telecommunication network, an SIP request for requesting a service in the telecommunication network, forwarding, by the proxy SIP node, the SIP request to a service SIP node in the telecommunication network, receiving, by the proxy SIP node, from the service SIP node, a Server Failure Response message, wherein the Server Failure Response message includes an indication that the service node cannot fulfil the SIP request due to an overload situation at the service SIP node, and restricting, by the proxy SIP node, future SIP traffic to the service SIP node based on the received Server Failure Response message. | 2021-11-11 |
20210352130 | EDITING AN UNHOSTED THIRD PARTY APPLICATION - A document editing system using a third party application having an embedded document editing module is disclosed. The system includes a client-side document editing engine that accepts requests to edit a document from and displays at least a portion of the document to a user of the client-side system. The system includes a first server-side application engine that processes the requests to edit the document. The system can include a second server-side data storage engine that stores the document in a remote storage location. | 2021-11-11 |
20210352131 | Location-Based Content Sharing Via Tethering - A method for sharing digital content includes determining whether a first computing device is physically located within a defined geographical area, if the first computing device is physically located within the defined geographical area, providing access of shareable digital content to the first computing device, instantiating a tethering object associated with the shareable digital content, the tethering object including at least a first endpoint at the first computing device and a second endpoint at a second computing device remote from the first computing device, and providing access of at least a portion of the shareable digital content, via the tethering object, to the second endpoint at the second computing device remote from the first computing device. Other example methods and computer systems for implementing content sharing methods are also disclosed. | 2021-11-11 |
20210352132 | Storage Memory Unit with a Shared Nonvolatile Memory Interface for a Radio - A storage radio unit (SRU) for a device can include a radio, embedded universal integrated circuit card (eUICC), a processor, an antenna, and nonvolatile memory. The SRU can support standards for removable storage form factors and record a file system for a device. The device can be associated with a service provider and the SRU can be associated with a network provider. The radio can support Narrowband Internet of Things (NB-IoT) standards. The SRU can operate a file system interface (FSI) for the radio, where the device records application data in a file of the FSI. The SRU can attach to a wireless NB-IoT network using credentials recorded in the eUICC. The SRU can read the file of the FSI, and compress, encrypt, and transmit the application data to a network provider via the radio. The network provider can transmit the application data via TLS to the service provider. | 2021-11-11 |
20210352133 | FAST FILE SERVER METHODS AND SYSTEMS - The invention provides, in one aspect, an improved system for data access comprising a file server that is coupled to a client device or application executing thereon via one or more networks. The server comprises static storage that is organized in one or more directories, each containing, zero, one or more files. The server also comprises a file system operable, in cooperation with a file system on the client device, to provide authorized applications executing on the client device access to those directories and/or files. Fast file server (FFS) software or other functionality executing on or in connection with the server responds to requests received from the client by transferring requested data to the client device over multiple network pathways. That data can comprise, for example, directory trees, files (or portions thereof), and so forth. | 2021-11-11 |
20210352134 | CONTEXTUAL INTELLIGENCE OF EVERY-THING COMMUNICATION PLATFORM INTEGRATING EDGE COMPUTATION, AUGMENTED INTELLIGENCE AND DISTRIBUTED LEDGER DATA STORAGE NODES AND TOKENS FOR REAL WORLD DATA INTERACTIONS ACROSS INTERNET OF THINGS WITH PAYMENT INTEGRATION - The use of sensor data, data interactions between connected devices, data from physical world sensors and users of these where the data gathered is stored across central computation and storage servers, across multiple data nodes in secure and encrypted distributed ledgers, and the data is interacting with on-device computation and storage capabilities to create data interactive, electronic networks that enables multi-level control, variable access, payment and re-numeration capable, multi-user communications of real-time contextually relevant data, process and workflow data and information among network-connected devices, connected displays, sensors and the actions based on those communications, with the collected data gathered from the interactions stored on cloud based augmented intelligence computation servers and or select data stored in distributed ledger blockchain nodes with smart contract per data node delivering content, information, access and instructions based on past behavior and actions, instructions or computed commands with this data combined with the data of the outcome of these interactions stored on decentralized network of data nodes for immediate benefit, rewards, reoccurring remunerations, disclosure of information and benefits to authorized and approved users as the network-connected devices move from one location to another and/or the data/information flow among those devices change over time. | 2021-11-11 |
20210352135 | SYSTEM AND METHOD FOR PROVIDING DATA AND APPLICATION CONTINUITY IN A COMPUTER SYSTEM - A system and method for providing or maintaining data and application continuity in a computer system. According to an embodiment, the system comprises a communication interface for a client system, a network layer for receiving data from the client system, a hardware infrastructure for creating instances of the client system for replicating data, and an applications module for executing one or more applications on the replicated data. According to a further aspect, the system includes a portal interface configured for providing a remote user with control, audit, and other functions associated with the user's system configuration. | 2021-11-11 |
20210352136 | SYSTEM AND METHOD FOR CLOUD SECURITY MONITORING - The invention relates to a computer-implemented system for security monitoring of Member accounts in a cloud environment. The Member accounts are provided as instances of cloud services in one or more monitored clouds by one or more cloud service providers. The system is programmed to automatically deploy software agents to the Member accounts. The software agents are configured to monitor activities in the Member accounts and to push security and operations data to a SIEM platform. The security and operations data may comprise alerts and activity logs for the Member accounts, public internet protocol (IP) addresses used by the Member accounts, and identifying information for individuals and information technology (IT) assets associated with the Member accounts. The system includes a user interface to define customized alerts based on the security and operations data, and the system generates and sends the customized alerts to a system administrator or security analyst. | 2021-11-11 |
20210352137 | IMPLEMENTING CLOUD SERVICES IN USER ACCOUNT ENVIRONMENT - Techniques for implementing cloud services of a cloud service provider in a dedicated user account environment in a distributed computing system are disclosed. In some example embodiments, a computer-implemented method comprises: receiving, by a management system of a cloud service provider, a user request for creation of an instance of an application platform of the cloud service provider in a user environment within a distributed computing system, the user environment being dedicated to a user account hosted by the distributed computing system, the user request comprising credential data configured to provide the management system with limited permission for accessing the user environment, the limited permission restricting the management system from full administrative privileges in accessing the user environment; and deploying, by the management system, the instance of the application platform to a workload cluster in the user environment using the credential data to access the user environment. | 2021-11-11 |
20210352138 | SOFTWARE DEFINED WIDE AREA NETWORK UPLINK SELECTION FOR A CLOUD SERVICE - Software defined wide area network uplink selection for a cloud service can include a network controller to periodically update a list of cloud servers that provide a cloud service. The network controller can select a preferred cloud server from the updated list of cloud servers. Upon receiving a client device request to use the cloud service, the network controller can send identifying information of the selected preferred cloud server to the client device. | 2021-11-11 |
20210352139 | SERVICE MESHES AND SMART CONTRACTS FOR ZERO-TRUST SYSTEMS - A blockchain-enabled network and application service mesh network architecture including a network service mesh network including network service domains configured to communicate with each other, each including network service endpoints and a network service manager to broadcast the availability of the network service endpoints. The architecture further includes an application service mesh network that includes applications configured to communicate with each other and a network service domain. Smart contracts including network slicing information from the network service mesh network and the application service mesh network are recorded to a blockchain network. | 2021-11-11 |
20210352140 | SYSTEM AND METHOD FOR IMPROVED AND EFFECTIVE GENERATION AND REPRESENTATION OF A COMMUNICATION TRUST TREE - A system and method for generating and representing a communication trust tree of network nodes in a network are provided. The method includes receiving an address of a starting node in a communication tree; collecting, for each node of the communication tree extending from the starting node, a response from at least another node of the communication tree; grouping nodes based on their at least a response, wherein nodes having a same response are grouped into a group, wherein each node communication tree is associated with at least one group; and generating a communication trust tree that comprises a hierarchical tree of the generated groups. | 2021-11-11 |
20210352141 | Method And Device For Reaching Consensus In Parachain, And Storage Medium - A method for reaching consensus in parachain includes the steps of: packaging a plurality of information of first blocks requiring consensus in a first parachain to generate first block information; transmitting he first block information to a corresponding node in a main chain for storing and recording the first block information in the main chain, and verifying the first block information stored and recorded in the main chain whether a number of first block information is not less than a first threshold number with the same information, to generate a consensus result; and synchronizing the consensus result, and writing the first block to the first parachain when the first block passes the verification. | 2021-11-11 |
20210352142 | RECONCILIATION OF DATA STORED ON PERMISSIONED DATABASE STORAGE ACROSS INDEPENDENT COMPUTING NODES - Reconciliation and subscription-model permissions of data stored across independent ledger instances of a database. A system includes a resource manager coupled to a plurality of client accounts. The system includes an execution platform and a shared permissioned ledger comprising independent processing and storage nodes for executing data operations for the plurality of client accounts. The resource manager defines a settlement group comprising one or more client accounts and authenticates an observer node associated with the settlement group. The resource manager assigns ingested data an encryption level on a key hierarchy based on content of the ingested data. | 2021-11-11 |
20210352143 | TECHNIQUE FOR GENERATING GROUP PERFORMANCES BY MULTIPLE, REMOTELY LOCATED PERFORMERS - In some embodiments, a distributed computer network has a server node, a leader node, and a plurality of participant nodes that communicate via a communications network. During a first phase, the leader node generates a leader performance, each participant node receives and renders the leader performance and generates a corresponding participant performance, and the server node receives the leader performance and the participant performances and generates one or more group performances, each including multiple, synchronized performances. During a second phase, the server node transmits the one or more group performances to the participant nodes, and each participant node receives and renders a group performance, thereby allowing a corresponding participant at each participant node to perform along with the rendering of the corresponding group performance. In some implementations, the server node generates different partial group performances, where each participant node receives a partial group performance that excludes the corresponding participant performance. | 2021-11-11 |
20210352144 | TAG OPERATING SYSTEM - In embodiments of the present disclosure improved capabilities are described for a tag operating system for managing information collected and stored on or with respect to large fleets of asset, such as used in connection with the Internet of Things, with capabilities for providing improved intelligence and security in the local environment of an asset, in the network and in remote locations, such as in the cloud. | 2021-11-11 |
20210352145 | REMOTE SERVER MANAGEMENT USING A POWER LINE NETWORK - Systems and method of remote server management replace the traditional server network port associated network cabling with power line networking by using a server's power cables are used to carry both power and Ethernet traffic between the remote server and a network management switch. In this manner, the amount of network cabling in a server rack is reduced, and the need for a management port on a server is eliminated, freeing up ports on a top of rack switch that, otherwise, would have been used for management purposes only. | 2021-11-11 |
20210352146 | EFFICIENT REAL TIME VEHICULAR TRAFFIC REPORTING AND SHARING - In one aspect, an exemplary method for sharing traffic data among a plurality of vehicles includes: a first vehicle receiving current traffic data from at least a second vehicle over a first network protocol; the first vehicle transmitting current traffic data from the first vehicle and the current traffic data received from at least the second vehicle to a roadside unit over a second network protocol; the first vehicle receiving processed traffic data from the roadside unit over the second network protocol, the processed traffic data being based on the current traffic data received from the first vehicle and from at least the second vehicle; and the first vehicle transmitting the processed traffic data received from the roadside unit to at least the second vehicle over the first network protocol. | 2021-11-11 |
20210352147 | APPARATUS, SYSTEM, AND METHOD FOR WIRELESSLY ACCESSING MANAGEMENT INTERFACES OF ROUTERS - A disclosed apparatus may include (1) a wireless receiver that facilitates communicatively coupling to a wireless transmitter of an access point connected to a network switch of a service provider, and (2) at least one processing device of a router communicatively coupled to the wireless receiver, wherein the processing device of the router (A) activates a wireless mode that (I) causes the router to establish a wireless connection with the access point via the wireless transmitter and the wireless receiver and (II) facilitates remote configuration of the router by a remote user who has gained access to the router via the wireless connection, (B) receives, via the wireless connection, at least one command from the remote user, and (C) applies, to an out-of-band management interface of the router, the command received from the remote user via the wireless connection. Various other apparatuses, systems, and methods are also disclosed. | 2021-11-11 |