53rd week of 2015 patent applcation highlights part 77 |
Patent application number | Title | Published |
20150381511 | CLIENT SELECTION IN A DISTRIBUTED STRICT QUEUE - Methods and systems for implementing client selection in a distributed strict queue are disclosed. A plurality of messages are distributed to a plurality of queue servers based on strict order parameters for the messages. Messages that share a value for the strict order parameter are distributed to the same queue server. The messages are enqueued at the queue servers. Messages that share a value for the strict order parameter are enqueued in a strict order based on the time of receipt at the queue server. One or more queue clients are selected to process the enqueued messages. The queue clients are selected based on their message processing capability along with the message processing throughput for values for the strict order parameter. | 2015-12-31 |
20150381512 | METHOD AND APPARATUS FOR DEFERRING TRANSMISSION - A transmission deferring method is provided by a device in a WLAN. The device receives a frame including duration information indicating transmission deferring duration and address information indicating an address of a target device for the transmission deferring duration, and defers a transmission to the target device during the transmission deferring duration. | 2015-12-31 |
20150381513 | APPARATUS AND METHOD FOR MANAGING OTN TRAFFIC IN PACKET-CIRCUIT INTEGRATED TRANSPORT SYSTEM BASED ON MULTILAYER-INTEGRATED FABRIC SWITCH - Provided is an OTN traffic management method of a traffic management apparatus included in an OTN line card that accepts OTN traffic and transmits the OTN traffic to a multilayer-integrated fabric switch; or accepts traffic, in units of cells, from the multilayer-integrated fabric switch and transmits, to a network, the OTN traffic that the OTN line card generates. The OTN traffic management method includes restoring a received Interlaken packet to an OTN frame; adding an ITMOH that contains information about an ODU payload size to the OTN frame; converting the OTN frame, to which the ITMOH has been added, into to fabric cell by further adding a fabric overhead; and transmitting the fabric cell to the multilayer-integrated fabric switch. | 2015-12-31 |
20150381514 | MULTI-TIERED PROCESSING USING A DISTRIBUTED STRICT QUEUE - Methods and systems for implementing multi-tiered processing in a distributed strict queue are disclosed. Original messages are dequeued from a first set of queues using a first layer of queue clients, each of which transforms a subset of the original messages into a transformed message and enqueues the transformed message into a second set of queues. The transformed messages are dequeued from the second set of queues using a second layer of queue clients, each of which summarizes a subset of the transformed messages into a summarized message and enqueues the summarized message into a third set of queues. The summarized messages are dequeued from the third set of queues using a third layer of queue clients, each of which aggregates a subset of the transformed messages into an aggregated message. A final result is generated based on the aggregated messages. | 2015-12-31 |
20150381515 | GRAPH DATABASE FOR SERVICES PLANNING AND CONFIGURATION IN NETWORK SERVICES DOMAIN - In general, techniques are described for representing services, network resources, and relationships between such services and resources in a graph database with which to validate, provision, and manage the services in near real-time. In one example, a controller device includes at least one processor; and at least one memory to store a graph database comprising a graph that represents network resources and relationships between network resources. The controller device receives, at an application programming interface, a data-interchange formatted message that indicates a service request to configure a network service; queries, at least a portion of the plurality of the graph, to determine whether a set of the plurality of network resources can satisfy the service request to provision the network service within the network; and configures the set of the plurality of network resources to provide the network service. | 2015-12-31 |
20150381516 | RESOURCE ACCESS DRIVEN DISTRIBUTED TRANSACTION COORDINATION SYSTEM - Resource access driven distributed transaction coordination system is described. A method may include receiving a request to perform a migration of user data from a first user account to a second user account and restricting access to a distributed resource as a result of receiving the request. When a distributed process requests access to a distributed resource, and that distributed process doesn't have any pending tasks, account migration may be performed. | 2015-12-31 |
20150381517 | SYSTEM AND METHOD FOR GENERATING RANDOM LINKED DATA ACCORDING TO AN RDF DATASET PROFILE - A method, computer program product, and computer system for gathering statistics, by a computing device, for a set of resources associated with a framework. A profile is generated based upon, at least in part, the gathered statistics. A data set is selected for generation of a new resource. The new resource is generated using the profile generated based upon the gathered statistics. | 2015-12-31 |
20150381518 | DATA TRANSMISSION RESERVATION METHOD AND APPARATUS, DATA RECEPTION METHOD AND APPARATUS, AND DATA TRANSMISSION AND RECEPTION SYSTEM IN RECEIVER-INITIATED ASYNCHRONOUS MEDIUM ACCESS CONTROL PROTOCOL - According to the present invention, there is disclosed a method for reserving data transmission from a transmitting node to a receiving node in a receiver-initiated asynchronous MAC (Medium Access Control) protocol. The method includes receiving a base beacon frame from the receiving node and when transmitting a data frame to the receiving node, transmitting the data frame, with a reserved field value set in a portion of a header of the data frame. | 2015-12-31 |
20150381519 | SERVER RESERVATION METHOD, RESERVATION CONTROL APPARATUS AND PROGRAM STORAGE MEDIUM - An information processing device including a communication interface that exchanges data with a first device and a second device; and a processor that performs authentication of the first device; receives content data from the first device via the communication interface; and controls the communication interface to send the content data in real time to the second device based on an access control setting, which indicates a restriction on sending the content data. | 2015-12-31 |
20150381520 | DATA SET MULTIPLICITY CHANGE DEVICE, SERVER, DATA SET MULTIPLICITY CHANGE METHOD AND COMPUTER REDABLE MEDIUM - A data set multiplicity change device of the invention, after a job is started, the number of data sets (multiplicity M) can be changed so that the access efficiency for accessing multiplicity management target data sets becomes as high as possible. The data set multiplicity change device includes priority degree calculation unit which calculates priority degree information representing an order of a plurality of nodes into which data sets are to be stored, on the basis of data set usage related information including information related to usage of the data sets referred to in a parallel processing executed by the plurality of nodes; and multiplicity management unit which performs multiplicity change processing to change a multiplicity of the data sets by changing the number of at least one or more data sets held in the plurality of nodes in a distributed manner on the basis of the priority degree information and data set arrangement information indicating a particular node holding the data sets in a storage area thereof. | 2015-12-31 |
20150381521 | On-Demand Compute Environment - An on-demand compute environment comprises a plurality of nodes within an on-demand compute environment available for provisioning and a slave management module operating on a dedicated node within the on-demand compute environment, wherein upon instructions from a master management module at a local compute environment, the slave management module modifies at least one node of the plurality of nodes. | 2015-12-31 |
20150381522 | Control Of Supplemental Content In A Data Flow - Systems and methods for the control of supplemental content in a data flow are provided such that supplemental content, such as advertising content, may be handled separately from other content in the data flow. One embodiment comprises a network element of a Packet-Switched (PS) network that serves mobile User Equipment (UE). The network element receives a data flow of packets for a download of content requested by the UE, identifies in the data flow supplemental content that was not requested by the UE, makes a determination concerning transmission of the supplemental content, and transmits at least a portion of the data flow based on the determination. For example, a repetition frequency limit, a temporal limitation, or a repetition frequency limit and corresponding temporal limitation can be utilized to control transmission of the supplemental content. The supplemental content also can be charged separately from other content of the data flow. | 2015-12-31 |
20150381523 | RELAY MANAGEMENT APPARATUS, RELAY MANAGEMENT METHOD, PROGRAM, AND RELAY MANAGEMENT SYSTEM - Provided is a relay management apparatus including: a session management unit configured to perform registration of session information for multicast transmission of a data stream that is performed between one or two or more transmission apparatuses and one or two or more reception apparatuses via relay links of a relay apparatus, separately for information on a transmission apparatus side and information on a reception apparatus side; and a band reservation unit configured to perform band reservation of a relay link on the transmission apparatus side or band reservation of a relay link on the reception apparatus side, based on the registration of the session information on the transmission apparatus side or the reception apparatus side performed by the session management unit. | 2015-12-31 |
20150381524 | PROVIDING A GUEST WITH ACCESS TO CONTENT OF A SOCIAL NETWORK - Providing a guest with access to content of a social network includes identifying a guest associated with content posted by a user on a social network, sending, via electronic mail (email), a notification to the guest's email address to notify the guest of the content on the social network, receiving, via an identity provider, an identity assertion associated with the guest's email address, and providing, based on the identity assertion, access to the content posted by the user on the social network to allow the guest to view the content, in which the identity provider is identified by a domain of the guest's email address. | 2015-12-31 |
20150381525 | APPLICATION AND INFORMATION MOVEMENT IN A CLOUD ENVIRONMENT - A computer implemented method, system and computer program product comprising observing a mobile device's interaction with a set of resources, and creating a usage profile for the set of resources based on the mobile devices interactions with the resources; wherein the resources are ranked by the type an frequency of interactions with the mobile device; wherein the usage profile dictates what resources of the set of resources are to be migrated to a new location when the mobile device moves to a new location. | 2015-12-31 |
20150381526 | SECURE METERING AND ACCOUNTING FOR CLOUD SERVICES - Managing a service is provided. Information is collected about use of a set of resources by the service. A request is received to verify information regarding a selected portion of a period of time during the use of the set of resources by the service. In response to receiving the request to verify the information regarding the selected portion of the period of time during the use of the set of resources by the service, a description of the use of the set of resources by the service during the selected portion of the period of time is generated using the collected information. A response to the request is created using the generated description of the use of the set of resources by the service during the selected portion of the period of time as proof of validity of the information. | 2015-12-31 |
20150381527 | SUPPORTING FLEXIBLE DEPLOYMENT AND MIGRATION OF VIRTUAL SERVERS VIA UNIQUE FUNCTION IDENTIFIERS - A management system and method that generally allocates a virtual function to a virtual function definition of a virtual server, where the virtual function definition of the virtual server is previously assigned with a unique function identifier, and assigns the unique function identifier to the virtual function in response to the allocating of the virtual function, where the unique function identifier causes a discovery of the virtual function by the virtual server. | 2015-12-31 |
20150381528 | PERFORMANCE AND POWER OPTIMIZED COMPUTER SYSTEM ARCHITECTURES AND METHODS LEVERAGING POWER OPTIMIZED TREE FABRIC INTERCONNECT - A performance and power optimized computer system architecture and method leveraging power optimized tree fabric interconnect are disclosed. One embodiment builds low power server clusters leveraging the fabric with tiled building blocks while another embodiment implements storage solutions or cooling solutions. Yet another embodiment uses the fabric to switch non-Ethernet packets, switch multiple protocols for network processors and other devices. | 2015-12-31 |
20150381529 | MAINTENANCE OF A FABRIC PRIORITY AMONG OPERATIONS WITHIN A FIBRE CHANNEL EXCHANGE - A first device that is coupled to a second device receives a first Fibre Channel frame, wherein the first Fibre Channel frame has a priority indicated by the second device. The first device responds to the second device with a second Fibre Channel frame that has an identical priority to the priority indicated by the second device. | 2015-12-31 |
20150381530 | MAINTENANCE OF A FABRIC PRIORITY AMONG OPERATIONS IN RELATED FIBRE CHANNEL EXCHANGES - Provided are a method, a system, and a computer program that use a Fibre Connection (FICON) protocol, in which a first device that is coupled to a second device receives an outbound exchange from the second device, wherein one or more Fibre Channel frames of the outbound exchange have a priority indicated by the second device. The first device responds to the second device with an inbound exchange, wherein one or more Fibre Channel frames of the inbound exchange have an identical priority to the priority indicated by the second device in the outbound exchange. In additional embodiments, priority is maintained across related exchange pairs. | 2015-12-31 |
20150381531 | PROTECTING CUSTOMER VIRTUAL LOCAL AREA NETWORK (VLAN) TAG IN CARRIER ETHERNET SERVICES - In the subject system, a customer virtual local network (VLAN) tag is protected using, for example, media access control security (MACSec). MACSec authentication is performed on a packet by including the VLAN tag in an integrity check value (ICV) computation. When a packet is received from an Ethernet Virtual Connection (EVC) at an ingress port of the subject system, a remote site is identified and an associated VLAN tag is determined based on the identified remote site and a VLAN tag associated with the packet. The subject system may perform VLAN tag mapping to account for changes in a VLAN tag across EVCs. An ICV is computed based on the determined VLAN tag and compared with an ICV stored in the received packet. The integrity check passes when the computed ICV matches the stored ICV and fails when the computed ICV does not match the stored ICV. | 2015-12-31 |
20150381532 | MANAGING UNAVAILABILITY NOTICES - A computer-implemented method, carried out by one or more processors, for managing unavailability notices. In an embodiment, the method comprises the steps of initializing an out of office notice, wherein the out of office notice is associated with a first user of an e-mail service; receiving inputs for the out of office notice, wherein the inputs include one or more of: a duration of time selection, alternative contact information, and message content; receiving a list of one or more user to whom to send an out of office alert notice with the received inputs; and sending to the one or more users from the list the out of office alert notice with the received inputs and a reminder function, wherein the reminder function allows for each of the one or more users to receive a reminder about unavailability at another time. | 2015-12-31 |
20150381533 | System and Method for Email Management Through Detection and Analysis of Dynamically Variable Behavior and Activity Patterns - Techniques for aiding an email recipient in the management of inbound email by detecting, and configurably responding to, dynamically variable patterns of activity and behavior are described. Characteristics are extracted from new email messages originated by senders and intended for a recipient. One or more patterns of sender activity, recipient message management behavior, and/or message response behavior, relating to treatment of messages from individual senders and/or plural senders in the aggregate, are identified. The patterns are identified by analyzing statistics collected by the extraction of characteristics from email messages previously received by the recipient. Before the recipient reads a new email, a determination is made as to whether any deviation from an identified pattern exists; and, if so, a pre-existing rule for treatment of the new message is enforced and/or a new rule specifying treatment of at least some messages from the sender of the email is proposed. | 2015-12-31 |
20150381534 | SYSTEMS AND METHODS FOR INDICATING EMOTIONS THROUGH ELECTRONIC SELF-PORTRAITS - Aspects of the present disclosure generally relate to systems and methods that allow a user of an electronic device, who is engaged in communicating with one or more other users, to convey an emotional context with that communication using an image created by the user. | 2015-12-31 |
20150381535 | Automated, user implemented, secure document and communication creation and management system and method - A secure document creation and distribution system, method and computer product for generating customized documents to be delivered to third parties either in printed or electronic format. The system provides the separation of a document presentation and its contents for reuse, variable data publishing and multiple presentations embedded within the same document for delivery over different channels. The system provides multiple templates, content management, business rules, dynamic merge and process control to permit information to be collected from the generating entity or Client-user and merged into multiple documents, campaigns and communications to third parties in multiple formats, according to the Client-user's specification and directions. | 2015-12-31 |
20150381536 | METHOD AND SYSTEM FOR PROMPT VIDEO-DATA MESSAGE TRANSFER TO PERSONAL DEVICES - Instant disclosure is directed to the processing and transmission of data, namely, to the fields of closed-circuit security television (CCTV), video surveillance, and video analytics. The invention ensures alarm notifications from the monitored facility to mobile devices. The invention can be used in safety and security, communications, transportation, retail, manufacture, sports, entertainment, housing and utility services and social infrastructure. More specifically, there is disclosed a method of transmitting a message from a first computer system to a second computer system, the method comprising: receiving at the first computer system an event and related data (video data and information on the video data), generating a message based on the event and the related data, which includes, at least, a link to the video data, sending the message from the first computer system to the second computer system, receiving the message on the second computer system, analyzing the message received, and, if the analysis of the message received shows the need to analyze the video data, downloading the video data using the link in the message. | 2015-12-31 |
20150381537 | OUTBOUND IP ADDRESS REPUTATION CONTROL AND REPAIR - Embodiments provide IP address partitioning features that can be used to source outbound email communications, but the embodiments are not so limited. In an embodiment, a computer-based method operates to remove blocked or potentially misused IP addresses from a partition and/or move good or reputable IP addresses from other partitions to account for volumetric shortfalls. A method of one embodiment operates to repair removed IP address reputations as part of recycling and reusing IP addresses. A system of an embodiment is configured in part to remove misused IP addresses from one or more partitions, source reputable IP addresses from other partitions, and/or repair and reuse IP addresses as needed. Other embodiments are included. | 2015-12-31 |
20150381538 | NETWORK, HEAD SUBSCRIBER AND DATA TRANSMISSION METHOD - In a network, a control node is connected to a plurality of network subscribers via a closed ring-shaped data path, wherein the network subscribers form a chain, starting from the control node, with a head subscriber as a termination for the chain. The ring-shaped data path transits through the network subscribers on an outbound route and an inbound route, wherein the network subscribers are designed to perform data interchange both on the outbound route and on the inbound route with data messages circulating on the ring-shaped data path. The control node is additionally designed such that it outputs data messages with an identifier on the data path, wherein the head subscriber has a filter function to use a prescribed identifier to block the further transport of data messages with the corresponding identifier on the inbound route following transit of data messages through the head subscriber on the outbound route. | 2015-12-31 |
20150381539 | Systems and Methods for Spam Detection Using Frequency Spectra of Character Strings - Described spam detection techniques including string identification, pre-filtering, and frequency spectrum and timestamp comparison steps facilitate accurate, computationally-efficient detection of rapidly-changing spam arriving in short-lasting waves. In some embodiments, a computer system extracts a target character string from an electronic communication such as a blog comment, transmits it to an anti-spam server, and receives an indicator of whether the respective electronic communication is spam or non-spam from the anti-spam server. The anti-spam server determines whether the electronic communication is spam or non-spam according to features of the frequency spectrum of the target string. Some embodiments also perform an unsupervised clustering of incoming target strings into clusters, wherein all members of a cluster have similar spectra. | 2015-12-31 |
20150381540 | SYSTEMS AND METHODS FOR CREATING AND UPDATING REPUTATION RECORDS - According to one aspect of the present disclosure, a computer-implemented method is provided for generating a reputation record and filtering electronic messages, each reputation record including a reputation score and a reputation key. The method includes receiving at least one incoming event notification, including a reputation key; determining, based on the reputation key, whether a corresponding reputation record exists; creating a new reputation record if the corresponding reputation record does not exist; determining a trust determination function based on the incoming event notification; calculating a reputation score based on the determined trust determination function, the incoming event notification, and an attribute associated with the reputation key; storing the calculated reputation score along with the reputation key in either the new reputation record or the corresponding reputation record; and filtering one or more electronic messages based on the calculated reputation score. | 2015-12-31 |
20150381541 | Group Messaging Method, and Device - A group messaging method and a device, which relate to the field of communications is described. The group messaging method is applied to a group-send management device and includes: acquiring an information parameter of an information scheduling device, generating a group-send policy according to the information parameter, and sending the group-send policy to a terminal device served by the information scheduling device. The terminal device performs group messaging according to the group-send policy. The group messaging method and the device provided in the embodiments of the present invention are used for group messaging. | 2015-12-31 |
20150381542 | SYSTEMS AND METHODS FOR SCHEDULED DELIVERY OF CONTENT - Systems and methods for asynchronously delivering content to a recipient include receiving a recipient identifier and an item of content from a sender device, generating a unique redemption code associated with the recipient identifier, and storing the content, identifier, and redemption code in a data storage medium. The unique redemption code can be output to the sending device. At a later time, the unique redemption code can be received from a recipient device, delivery information can be requested from the recipient device, and the delivery information can be received and stored. The delivery information can be used to provide the content to the recipient device in the scheduled manner determined by the sender. | 2015-12-31 |
20150381543 | LOCATION INFORMATION-BASED INFORMATION SHARING METHOD AND APPARATUS - The present disclosure relates to a sensor network, Machine Type Communication (MTC), Machine-to-Machine (M2M) communication, and technology for Internet of Things (IoT). The present disclosure may be applied to intelligent services based on the above technologies, such as smart home, smart building, smart city, smart car, connected car, health care, digital education, smart retail, security and safety services. | 2015-12-31 |
20150381544 | EMAIL MESSAGE GROUPING - An email client includes a network interface, a hardware processor, a user interface, an identification module, a content email management module and one or both of a grouping module and bypass email handling module. The network interface communicates with at least one service provider email server. The identification module identifies content emails by analyzing email traffic in an email account established on the service provider's email server. Content email senders are classified as content providers. The content email management module obtains content emails. The grouping module groups content emails from each content provider for display as respective single content item. Optionally, a bypass email handling module implants content emails received over said bypass channel into an email account or accounts. | 2015-12-31 |
20150381545 | PROVIDING A GUEST WITH ACCESS TO CONTENT OF A SOCIAL NETWORK - Providing a guest with access to content of a social network includes identifying a guest associated with content posted by a user on a social network, sending, via electronic mail (email), a notification to the guest's email address to notify the guest of the content on the social network, receiving, via an identity provider, an identity assertion associated with the guest's email address, and providing, based on the identity assertion, access to the content posted by the user on the social network to allow the guest to view the content, in which the identity provider is identified by a domain of the guest's email address. | 2015-12-31 |
20150381546 | SYSTEM AND METHOD FOR MANAGING DEVICES OVER A CONTENT CENTRIC NETWORK - A device can process commands from a remote device that manages the local device over a content centric network. During operation, the device can receive an Interest for managing a device resource, such that the Interest's name includes a name or a name prefix associated with the device resource, and includes a command for managing the resource. If the device determines that the name prefix corresponds to the local device, the device analyzes the Interest's command to determine a device resource and performs the resource-managing operation on the device resource. If the name prefix does not correspond to the local device, the device performs a longest-prefix-matching lookup using the Interest's name prefix to determine a destination for the Interest. If the Interest's destination corresponds to a component of the local device, the device forwards the Interest to the component or a local agent for the component. | 2015-12-31 |
20150381547 | CONTEXT BASED MULTI-MODEL COMMUNICATION IN CUSTOMER SERVICE - Context based multi-model communication in customer service is disclosed. In one innovative aspect, an architecture is provided. The architecture includes an application configured to perform a plurality of sets of functions addressable through a function identifier. Included is a wrapper around the application operable to receive notifications from a plurality of remote locations to address one or more sets of functions via the function identifier. The wrapper is arranged to send to a remote server an application identifier associated with the application and device information, upon first execution of the application by the processor. The device information includes at least a device identifier in the network it is operating with. The wrapper executes the application following receipt of a first notification including the application identifier and the device identifier and executes a function of the application following receipt of a second notification including the application identifier and the function identifier. | 2015-12-31 |
20150381548 | Time-Based Computer Control - A computer system includes a calendar containing appointments. The system also includes one or more logic modules. Each logic module specifies a condition and a corresponding action. The profile may be applied to context data, such as data representing the current time, to perform the actions specified by the logic modules in response to detecting that the context data satisfies the conditions specified by the logic modules. In particular, the actions specified by the logic modules may be performed in response to detecting that the current time falls within the time period of an appointment on the calendar. | 2015-12-31 |
20150381549 | MESSAGE BATCHING IN A DISTRIBUTED STRICT QUEUE - Methods and systems for implementing message batching in a distributed strict queue are disclosed. A plurality of messages are distributed to a plurality of queue servers based on strict order parameters for the messages. Messages that share a value for the strict order parameter are distributed to the same queue server. The messages are enqueued at the queue servers. Messages that share a value for the strict order parameter are enqueued in a strict order based on the time of receipt at the queue server. A batch comprising individual messages is sent to a queue client. The messages that share a value for the strict order parameter are batched in the strict order. | 2015-12-31 |
20150381550 | CLOUD COMPUTING ABSTRACTION LAYER FOR INTEGRATING MOBILE PLATFORMS - A system for managing a virtualized computing system is disclosed. The system enables a user of a mobile device to efficiently track and manage computing resources via a management application that includes a graphical user interface that is designed to be operated using a conventional terminal (e.g., via a mouse and keyboard). The system may receive commands from the user of the mobile device in a first format and translate the commands into a second format that can be executed by a management application. Embodiments of the present disclosure further enable a management application to verify and securely communicate with users via existing communications services (e.g., social networking services) without expending additional resources to develop custom, secure interfaces for multiple mobile software and hardware platforms. | 2015-12-31 |
20150381551 | APPLICATION FOR VEHICLE-TO-VEHICLE COMMUNICATION - Described herein is a framework for vehicle-to-vehicle communication. In accordance with one aspect, a send message to a receiving driver of a receiving vehicle is generated from a sending end-user device in response to a user event from a sending driver. The send message may be generated to include an image of the receiving vehicle of the receiving driver, and a voice message created by the sending driver. The send message may be sent to a server using the sending end-user device. The send message may further be processed by the server, in which the processing may include identifying the receiving vehicle, searching to find information of a receiving end-user device, and sending the send message to the receiving end-user device if information of the receiving end-user device is found. | 2015-12-31 |
20150381552 | PERSONALIZED DELIVERY TIME OPTIMIZATION - Techniques for optimizing a delivery time for the delivery of messages are described. According to various embodiments, a system determines, for each of a plurality of time intervals, a likelihood of a particular member of an online social network service performing a particular member user action on a particular message content item during the corresponding time interval. The plurality of time intervals are then ranked, based on the determined likelihoods corresponding to the plurality of time intervals. Thereafter, a particular time interval is identified from among the plurality of time intervals that is associated with a highest ranking. The particular time interval is then classified as an optimum personalized message delivery time for the particular member. | 2015-12-31 |
20150381553 | Social Processing Member Offering Fixed and Intelligent Services - A social networking system offers a variety of fixed and intelligent services and social device resources participating as members in a social network (SNET) group. Such members may include, for example, social billing and payment services, digital assistants and artificial intelligence functions, robotic control and training services, media content storage and playback services, data backup services, services that support distributed processes such as distributed research projects, networking elements such as network attached storage (NAS), firewalls, proxies, etc. In various embodiments, such services and resources may become available upon being selectively docked or otherwise associated (e.g., through docking of a supporting device) with a SNET group by a human member or third party via a docked user device. Selection of available services may be supported through a visual menu provided by a member device or support service. | 2015-12-31 |
20150381554 | Social Context for Applications - In one embodiment, a method includes identifying one or more first users of the social-networking system that are connected to a second user within the social-networking system; inferring one or more applications of interest to the second user based at least in part on information associated with one or more applications installed on one or more client systems of the first users; generating one or more recommendations corresponding to one or more of the applications of interest to the second user; ranking the recommendations based on social-graph information of the second user relative to the one or more first users; and sending one or more of the ranked recommendations to one or more client devices of the second user. | 2015-12-31 |
20150381555 | SELECTION AND RANKING OF COMMENTS FOR PRESENTATION TO SOCIAL NETWORKING SYSTEM USERS - When a social networking system receives a request from a requesting user for a content item associated with one or more comments, the social networking system determines an interest score for each comment. The interest score for a comment indicates a measure of the user's likelihood of being interested in the comment. Based on the calculated interest scores, the social networking system selects one or more comments for presentation to the viewing user along with the content item. The social networking system may specify an order in which the selected comments are presented based on the interest scores of the selected comments. | 2015-12-31 |
20150381556 | FACILITATING INTERACTION AMONG USERS OF A SOCIAL NETWORK - In one embodiment, a computing device receives an indication of a first user action by a first user. The computing device determines a topic of the first user action based on analyzing content associated with the first user action, and determines whether the first user has a preference to exclude posts associated with the topic or a category associated with the topic. If the first user has not indicated any preference to exclude posts associated with the topic or the category, then the computing device identifies a second user action by a second user and related to the topic, and determines whether the first user has indicated a preference to exclude posts associated with the second user. If the first user has not indicated any preference to exclude posts associated with the second user, a reference associated with the second user action is sent to the first user. | 2015-12-31 |
20150381557 | CONTAINER NAME SERVER AND METHOD FOR CONTAINER NAME RESOLUTION - Embodiments of the present invention provide a container name server and a method for container name resolution. The container name server includes: a network interface configured to receive a resolution request packet sent by a network node, where the resolution request packet includes a container identification of a container to be resolved; and an execution engine configured to acquire a container identification of an access container of the container to be resolved according to the container identification of the container to be resolved. In embodiments of the present invention, possibilities for solving problems such as scalability and mobility support caused by routing based completely on a content name are provided by introducing a container name server and taking the container name server as a name resolution system in an ICN network. | 2015-12-31 |
20150381558 | NSEC3 PERFORMANCE IN DNSSEC - A method includes receiving, at a server, a request from a DNS client. The request identifies a domain name to be resolved that is not able to be resolved by the server. The method includes identifying a hash of the domain name as being part of a set of hashes. The hash of the domain name identified at the server was computed using a first cryptographic technique. However, the hash can be computed by an external system using a second cryptographic technique. The first cryptographic technique is able to compute the hash in substantially fewer or substantially less complex operations than the operations required to compute the hash using the second cryptographic technique. The method further includes returning a result indicating that the domain name cannot be resolved, including returning an indicator identifying the set of hashes. | 2015-12-31 |
20150381559 | MANAGE ENCRYPTED NETWORK TRAFFIC USING DNS RESPONSES - This present disclosure generally relates to managing encrypted network traffic using Domain Name System (DNS) responses. One example method includes requesting an address associated with the a domain name from a resolution server, the domain name included in a predetermined set of domain names for which secure requests are to be identified domain name from a resolution server; receiving a response from the resolution server including one or more addresses associated with the domain name; associating with the domain name a particular address selected from the received one or more addresses; receiving a request to resolve the domain name; sending a response to the request to resolve the domain name, the sent response including the particular address associated with the domain name; receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; and determining that the secure request is directed to the domain name based on the association between the particular address and the domain name. | 2015-12-31 |
20150381560 | LOGICAL INTERFACE ENCODING - A networking system, and more particularly an interface management subsystem, offers logical interface abstraction for networking system software. The networking system generally transmits data via a hardware interface. All software components in the control and forwarding plane use a Logical Interface (LIF) that is a logical representation of the hardware interface. A mapping occurs between the LIF and hardware interface used to transmit the data. Each LIF is represented by an LIF identifier used to store and retrieve logical interface records to and from shared memory accessible to all protocols and applications in the control and forwarding plane. The efficient storage and retrieval of such logical interface records allows for a global unique view of network interfaces, avoidance of data replication in each networking system software application's memory space, etc. | 2015-12-31 |
20150381561 | SYSTEM AND METHODS FOR MULTIPLE EMAIL SERVICES HAVING A COMMON DOMAIN - Systems and methods provide an ability to split multiple email addresses having the same email domain across a plurality of email service providers. A first email server receives a forwarded email message from a second email server, the forwarded email message including an original domain and an intermediary domain, the intermediary domain added by the second email server. The first email server removes the intermediary domain from the recipient address and delivers the email message to a corresponding email account that is serviced by the first email server. | 2015-12-31 |
20150381562 | METHOD AND SYSTEM FOR DETECTING A CHANGE IN CONTACT INFORMATION - Methods and systems for detecting a change in contact information are provided herein. In some embodiments, a method for detecting a change in contact information may include sending a request including a communication identifier stored in an address book associated with a first user, receiving, responsive to the request, a first identifier associated with the communication identifier, and comparing the first identifier received with a second identifier stored in association with the communication identifier. | 2015-12-31 |
20150381563 | RELAY SYSTEM FOR TRANSMITTING IP ADDRESS OF CLIENT TO SERVER AND METHOD THEREFOR - A relay system and method for transmitting an Internet protocol (IP) address of a client to a server. The relay system for transmitting the IP address of a client to a server includes a first proxy for receiving and modulating an original packet with a header containing the IP address of the client; and at least one second proxy or bridge router for demodulating the modulated data packet received from the first proxy to transmit the IP address of the client to a server. Because the client and the server exchange an original form of a packet with each other, a host server may provide services using information of a header of the packet, such as an IP address of a terminal. In addition, since it appears that packets are exchanged between the client and the server in a client/server direction communication environment without using a proxy, a user does not know the existence of the proxy. Moreover, tunneling communication is established between two terminals without additionally changing information regarding the terminals and the host server and installing programs in the terminals and the host server. | 2015-12-31 |
20150381564 | NETWORK ADDRESS IDENTIFICATION - In a method for determining network information, in response to a computing device connecting to a computing system, the computing device identifying network information that corresponds to the computing system, wherein the computing system is configured to pass network information to the computing device while the computing system is powered on, but not logged in. The method further includes the computing device determining at least one network address for the computing system utilizing the identified network information that corresponds to the computing system. The method further includes the computing device displaying the determined at least one network address for the computing system. | 2015-12-31 |
20150381565 | DYNAMIC LOCAL MEDIA ACCESS CONTROL (MAC) ADDRESS ASSIGNMENT - A device implementing a dynamic local media access control (MAC) address assignment system may include at least one processor circuit. The at least one processor circuit may be configured to transmit an address request packet including a proposed MAC address and a device identifier to devices on a network. The at least one processor circuit may be further configured to determine whether any reply packets are received that indicate that another device has claimed the MAC address prior to expiration of a probe timer. The at least one processor circuit may be further configured to transmit an address claim packet including the MAC address when the probe timer expires before any reply packets are received from other devices. The at least one processor circuit may be further configured to communicate over the network using the proposed MAC address after transmitting the address claim packet. | 2015-12-31 |
20150381566 | Peer-to-peer connection establishment using TURN - A relay service enables two peers attempting to communicate with one another to each connect to a publicly-accessible relay server, which servers are associated with an overlay network and are selected by a directory service. After end-to-end connectivity is established, preferably the hosts communicate with each other by relaying data packets via the overlay network relay servers. Communications (both connection control messages and data being relayed) between a host and a relay server occurs at an application layer using a modified version of the TURN protocol. | 2015-12-31 |
20150381567 | CLEARTEXT GATEWAY FOR SECURE ENTERPRISE COMMUNICATIONS - A gateway computing system includes a memory storing cleartext gateway software and a programmable circuit communicatively connected to the memory. The programmable circuit is configured to execute computer-executable instructions including the cleartext gateway software. Execution of the cleartext gateway software by the programmable circuit causes the gateway computing system to instantiate at the gateway computing system a virtual device router including a cleartext interface configured to send and receive data packets from a cleartext endpoint and a secured interface configured to exchange data packets with one or more secured endpoints within a secured enterprise network, and load the virtual device router with community of interest material from an authentication server, the community of interest material associated with one or more communities of interest configured to allow access to the cleartext endpoint. | 2015-12-31 |
20150381568 | SECURE INTEGRATION OF HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of managing secure integration of a cloud-based computing resource with a private domain are disclosed. One system includes a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least a first virtual machine within the private domain and a second virtual machine within a public cloud. The system also includes a virtual data relay within the private domain and associated with the second virtual machine. The virtual data relay includes a private domain interface used to establish a secure communication link according to a first security protocol with each virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community of interest key used by the private domain interface and defining the community of interest of which the second virtual machine is a member. The virtual data relay also includes a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface using a second security protocol different from the first security protocol. | 2015-12-31 |
20150381569 | Local Internet with Quality of Service (QoS) Egress Queuing - Local internet functionality may allow host devices positioned in branch office locations to securely communicate outgoing internet traffic directly over the internet. Local internet functionality may also allow said host devices to securely receive incoming internet traffic through the creation and tracking of local internet sessions. Local internet functionality is achieved by forwarding egress internet traffic over a local internet virtual pathway extending to a WAN interface/port of a local host device. The WAN interface/port is configured to communicate traffic received over the local internet virtual pathway directly over the internet, while communicating all other egress traffic over secure tunnels of the virtual edge router. The WAN interface/port is further configured to monitor outgoing local internet traffic to create and track local internet sessions. | 2015-12-31 |
20150381570 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - A HTTP request addressed to a first resource on a second device outside the network is received from a first device within the network. The HTTP request is redirected to a third device within the network. A first encrypted connection is established between the first device and the third device, and a second encrypted connection between the third device and the second device. The third device retrieves the first resource from the second device. The first resource is modified to change pointers within the first resource to point to location in a domain associated with the third device within the network. The third device serves, to the first device, the second resource. | 2015-12-31 |
20150381571 | SYSTEM AND METHOD FOR SECURELY MANAGING MEDICAL INTERACTIONS - Disclosed are peer-to-peer mobile applications that manage secure and intelligent communication between medical providers, patients, and/or physicians. The mobile application can be configured to provide an encrypted mixed media messaging system between registered users that provide, for example, a HIPAA compliant messaging platform. A secure messaging system can controls delivery of the mobile application and provide functionality to enable providers to control the messaging environment. The secure messaging system can be architected to provide geographically located servers. The geographically located servers can be configured to manage secure communication and implement geographically based communication requirements. In various embodiments, a plurality of communication management servers can be located in multiple jurisdictions, each managing respective communication requirements and/or restrictions. | 2015-12-31 |
20150381572 | AUGMENTED REALITY BASED PRIVACY AND DECRYPTION - A method, non-transitory computer readable medium and apparatus for decrypting a document are disclosed. For example, the method captures a tag on an encrypted document, transmits the tag to an application server of a communication network to request a per-document decryption key, receives the per-document decryption key if the tag is authenticated, and decrypts a portion of the encrypted document using a temporary decryption key contained in the tag, the tag decrypted with the per-document decryption key. | 2015-12-31 |
20150381573 | Systems, Methods, and Computer-Readable Media for Secure Digital Communications and Networks - Provided are system, methods, and computer-readable media for systems, methods, and computer-readable media for secure digital communications and networks. The system provides for secure communication between nodes through the use of a subscription between two nodes based on unique identifiers that are unique to each node, and communication between nodes without a subscription may be blocked. Additionally, secure communications between a node and a remote node are dynamically encrypted using asymmetric and symmetric encryption. The encryption algorithms and key lengths may be changed at each subsequent negotiation between a node and a remote node. | 2015-12-31 |
20150381574 | AUTHORIZATION OF JOINING OF TRANSFORMATION CHAIN INSTANCES - The authorizing of transformation chain instances of different transformation chain classes to join so as to act as a compound transformation chain instance. Class-level authorized dependencies are identified between transformation chain classes. Then, instance-level authorization is performed in accordance with one or more joining criteria, presuming that the instances are of appropriate classes that may be joined. The joining allows the instances to act as a single compound transformation chain whereby data is permitted to flow across the boundaries of the constituent transformation chain instances. New transformation chain instances may be joined to the compound transformation chain instances, and transformation chain instances may be removed from the compound transformation chain instance, thereby dynamically changing the compound application. | 2015-12-31 |
20150381575 | Face Based Secure Messaging - In an embodiment, a system includes at least one core and a trusted execution environment (TEE) to conduct an identity authentication that includes a comparison of streamed video data with previously recorded image data. Responsive to establishment of a match of the streamed video data to the previously recorded image data via the comparison, the TEE is to generate an identity attestation that indicates the match. Other embodiments are described and claimed. | 2015-12-31 |
20150381576 | Multi-tenant secure separation of data in a cloud-based application - Multi-tenant and single-tenant methodologies are blended into a single solution to provide cost savings of multi-tenancy along with data security and privacy of a single-tenant environment. The cloud infrastructure is partitioned to include a first set of servers, and a second set of servers. The first set of servers are dedicated to a first operation, such as data presentation, while the second set of servers are dedicated to a second operation, such as data processing. The first set is operated in a multi-tenant operating mode, while the second set is operated in a single-tenant operating mode. Thus, the first set is available for general use, presenting data from any of the server(s) in the second set. The second set, in contrast, is dedicated to individual tenants. Preferably, each tenant has dedicated server(s) in the second set, which functions like a traditional, single-tenant environment providing inherent security and privacy guarantees. | 2015-12-31 |
20150381577 | SYSTEM FOR, AND METHOD OF, AUTHENTICATING A SUPPLICANT, AND DISTRIBUTING GROUP KEYS TO GROUP MEMBERS, IN A MULTI-HOP WIRELESS COMMUNICATIONS NETWORK WITH ENHANCED SECURITY - An authenticator receives an authentication request from a supplicant requesting access to a wireless multi-hop network, and forwards the authentication request to one or more relays operative for relaying the authentication request to an authentication server. The server generates an authenticator key known to the authenticator, generates a supplicant key known to the supplicant, encrypts the supplicant key with the authenticator key, and transmits an authentication success message with the encrypted supplicant key to the authenticator to enable the supplicant to be added to the network without any relay having knowledge of the supplicant key. Encrypted group access keys are also distributed to authenticated members of a network group. | 2015-12-31 |
20150381578 | Method and Apparatus for Differently Encrypting Data Messages for Different Logical Networks - For a host that executes one or more guest virtual machines (GVMs), some embodiments provide a novel encryption method for encrypting the data messages sent by the GVMs. The method initially receives a data message to send for a GVM executing on the host. The method then determines whether it should encrypt the data message based on a set of one or more encryption rules. When the process determines that it should encrypt the received data message, it encrypts the data message and forwards the encrypted data message to its destination; otherwise, the method just forwards the received data message unencrypted to its destination. In some embodiments, the host encrypts differently the data messages for different GVMs that execute on the host. When two different GVMs are part of two different logical overlay networks that are implemented on common network fabric, the method in some embodiments encrypts the data messages exchanged between the GVMs of one logical network differently than the data messages exchanged between the GVMs of another logical network. In some embodiments, the method can also encrypt different types of data messages from the same GVM differently. Also, in some embodiments, the method can dynamically enforce encryption rules in response to dynamically detected events, such as malware infections. | 2015-12-31 |
20150381579 | METHOD AND SERVER FOR HANDLING OF PERSONAL INFORMATION - The present disclosure relates to a method for facilitating handling of personal information. In particular, the present disclosure relates to a computer implemented method for segmenting personal information into encrypted personal data an unencrypted non-personal data. The disclosure also relates to a method for profile aggregation as well as a corresponding server for profile aggregation. | 2015-12-31 |
20150381580 | SYSTEM AND METHOD TO USE A CLOUD-BASED PLATFORM SUPPORTED BY AN API TO AUTHENTICATE REMOTE USERS AND TO PROVIDE PKI- AND PMI- BASED DISTRIBUTED LOCKING OF CONTENT AND DISTRIBUTED UNLOCKING OF PROTECTED CONTENT - A security system for authenticating users and protecting content that provides an application program interface (API) with a Cloud Platform integration (Platform) for use by enterprise businesses, government entities, systems integrators, independent software vendors, small business, individuals and others (“Entities”) to extend the security capabilities of PKI- and PMI-systems to authenticated external users and protected content. | 2015-12-31 |
20150381581 | CUSTOMER CONTROLLED DATA PRIVACY PROTECTION IN PUBLIC CLOUD - Techniques to protect selected data in a cloud computing environment are disclosed. In various embodiments, an indication is received that a data value to be submitted, using a browser, to a remote node is to be protected. The data value is selectively encrypted. The encrypted data is provided value to the browser to be submitted to the remote node. | 2015-12-31 |
20150381582 | SECURE DATA PARSER METHOD AND SYSTEM - A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data that may be communicated using multiple communications paths. | 2015-12-31 |
20150381583 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for selectively performing man in the middle decryption. One of the methods includes receiving a first request to access a first resource hosted by a server outside the network, determining whether requests from the client device to access the first resource outside the network should be redirected to a second resource hosted by a proxy within the network, providing a redirect response to the client device, the redirect response including the second universal resource identifier, establishing a first encrypted connected between the client device and the proxy hosting the second resource, and a second encrypted connection between the proxy hosting the second domain and the server hosting the first resource, and decrypting and inspecting the encrypted communication traffic passing between the client device and the server hosting the first resource. | 2015-12-31 |
20150381584 | SELECTIVELY PERFORMING MAN IN THE MIDDLE DECRYPTION - An agent on a device within a network receives a request to access a resource outside the network. A first encrypted connection is established between the device and the agent, and a second encrypted connection is established between the agent and the resource, to facilitate encrypted communication traffic between the device and the resource. The agent sends a policy request to a network appliance within the network, the request specifying the resource. The agent receives a policy response indicating that the resource is associated with one or more security policies of the network. Traffic passing between the device and the resource is selectively decrypted and inspected depending on the security policies. | 2015-12-31 |
20150381585 | CRYPTOGRAPHIC WEB SERVICE - A system that supports cryptographic web services is provided. A program running on program computing equipment may call a local cryptographic function. A web services interface such as a simple object access protocol interface on the program computing equipment makes a corresponding remote cryptographic function call to a web services interface such as a simple object access protocol interface at a cryptographic web service over a communications network such as the internet. At the cryptographic web service, a cryptographic engine implements cryptographic operations such as encryption and decryption operations. After successful authentication of the calling program, the cryptographic engine produces results for the remotely cryptographic function and returns the results to the program over the communications network. | 2015-12-31 |
20150381586 | Splicing into an active TLS session without a certificate or private key - An origin server selectively enables an intermediary (e.g., an edge server) to shunt into and out of an active TLS session that is on-going between a client and the origin server. The technique allows for selective pieces of a data stream to be delegated from an origin to the edge server for the transmission (by the edge server) of authentic cached content, but without the edge server having the ability to obtain control of the entire stream or to decrypt arbitrary data after that point. The technique enables an origin to authorize the edge server to inject cached data at certain points in a TLS session, as well as to mathematically and cryptographically revoke any further access to the stream until the origin deems appropriate. | 2015-12-31 |
20150381587 | UPLOAD AND DOWNLOAD STREAMING ENCRYPTION TO/FROM A CLOUD-BASED PLATFORM - Embodiments of the present disclosure include systems and methods for upload and/or download streaming encryption to/from an online service, or cloud-based platform or environment. The encryption process includes the following parts: Upload encryption, download decryption, and a central piece of infrastructure called the Interval Key Server (IKS). During both upload and download, the encryption and decryption processes are performed while the files are being uploaded/downloaded, (e.g., the files are being encrypted/decrypted as they are being streamed). | 2015-12-31 |
20150381588 | File Sharing Method and Apparatus - A file sharing method and apparatus. The method includes uploading, by a first terminal, each encrypted file to a server for saving, and receiving a uniform resource locator (URL) that is returned by the server and corresponds to a location for saving each encrypted file, generating a key package that includes a shared key and a URL that correspond to a file to be shared, and providing the key package for a second terminal, so that the second terminal acquires a corresponding encrypted file by using the URL in the key package, and decrypts the acquired encrypted file by using the shared key in the key package. | 2015-12-31 |
20150381589 | ASYNCHRONOUS ENCRYPTION AND DECRYPTION OF VIRTUAL MACHINE MEMORY FOR LIVE MIGRATION - Examples perform asynchronous encrypted live migration of virtual machines (VM) from a source host to a destination host. The encryption of the memory blocks of the VM is performed optionally before a request for live migration is received or after said request. The more resource intensive decryption of the memory blocks of the VM is performed by the destination host in a resource efficient manner, reducing the downtime apparent to users. Some examples contemplate decrypting memory blocks of the transmitted VM on-demand and opportunistically, according to a pre-determined rate, or in accordance with parameters established by a user. | 2015-12-31 |
20150381590 | Multi-tenant secure separation of data in a cloud-based application - Multi-tenant and single-tenant methodologies are blended into a single solution to provide cost savings of multi-tenancy along with data security and privacy of a single-tenant environment. The cloud infrastructure is partitioned to include a first set of servers, and a second set of servers. The first set of servers are dedicated to a first operation, such as data presentation, while the second set of servers are dedicated to a second operation, such as data processing. The first set is operated in a multi-tenant operating mode, while the second set is operated in a single-tenant operating mode. Thus, the first set is available for general use, presenting data from any of the server(s) in the second set. The second set, in contrast, is dedicated to individual tenants. Preferably, each tenant has dedicated server(s) in the second set, which functions like a traditional, single-tenant environment providing inherent security and privacy guarantees. | 2015-12-31 |
20150381591 | Secure Transmission Over Satellite Phone Network - A reach back secure communications terminal includes a modem to satellite interconnect board that captures DTMF tones, demodulates encrypted modem information, and converts both into an ASCII string for presentation to a data port of a satellite phone, allowing out-of-band control of a non-secure satellite system (e.g., AT command control of a data port) by a user on a secure side of an encryption device, by including the ability to interpret control signals and control the satellite system appropriately. A false dial tone is presented to the encryption device, and the data stream coming from the encryption device is monitored for the presence of dual-tone, multi-frequency (DTMF) tones representing control signals, the DTMF tones are converted to ASCII characters, which are in turn received as control signals by the satellite phone, allowing control of the functions of the satellite system directly from the secure side of the encryption device. | 2015-12-31 |
20150381592 | CRYPTOGRAPHY AND KEY MANAGEMENT DEVICE AND ARCHITECTURE - A method for operating a secure device having a plurality of mutually exclusive circuit zones, including a first circuit zone having a first level of security and a second circuit zone having a second level of security less than the first level of security, the method including unpacking a key exchange package including receiving a key exchange package in the second circuit zone, the key exchange package including encrypted key data and processing the encrypted key data using a content key in the first circuit zone to generate decrypted key data and storing the decrypted key data in the first circuit zone without disclosing the decrypted key data into the second circuit zone. | 2015-12-31 |
20150381593 | PRIVILEGED ACCESS GATEWAY FOR ACCESSING SYSTEMS AND/OR APPLICATIONS - Access to secured access systems and/or applications is provided to an authorized user through an access manager. The access manager manages access credentials for the authorized user such that the user is only authenticated by the access manager. The access manager communicates with the secured access applications and/or systems on behalf of the authorized user. Additional security features provide for the access manager to control the flow of information, from the secured access areas to the authorized user, according to the user's specified level of authorization. | 2015-12-31 |
20150381594 | Providing Secure Seamless Access To Enterprise Devices - In an embodiment, a system includes at least one processor having at least one core including a reservation control logic to receive a request from a user device for access at a future time to an enterprise device. The reservation control logic may grant a reservation to the user device to enable the access and schedule delivery of an authentication message to the user device including a credential to enable the user device to set up an ad hoc wireless connection with the enterprise device at the future time, without involvement of a user of the user device. Other embodiments are described and claimed. | 2015-12-31 |
20150381595 | SYSTEM AND METHOD FOR MANAGING MULTIPLE DEVICES - A system and method for integrating a client application across multiple client devices is disclosed. A device management server receives a session request from a first client device, the session request indicating a second client device for a communication session. Upon receipt of the session request, the device management server transmits a security key to the first client device, and subsequently, receives the security key from the second client device. Upon receipt of the security key, the device management server establishes the communication session, and integrates the client application across the first and second client devices. | 2015-12-31 |
20150381596 | REMOTE CREDENTIAL MANAGEMENT FOR HYBRID CLOUDS WITH ENTERPRISE NETWORKS - A system and method of initializing a virtual machine within a secure hybrid cloud is disclosed. One method includes transmitting service mode credentials to a cloud broker from a cloud-based virtual machine, receiving a service mode community of interest key from a credentialing service based on the service mode credentials, and establishing a secure service mode connection based on the service mode community of interest key. The method also includes receiving role VPN credentials at the cloud-based virtual machine and establishing a secure role connection to the cloud broker using the role VPN credentials, thereby providing, in response to the role VPN credentials, a role VPN community of interest key to a virtual data relay dedicated to the cloud-based virtual machine. The method further includes receiving role cloud credentials at the cloud-based virtual machine and establishing secure communications at the cloud-based virtual machine based on the role cloud credentials, including receiving a role cloud community of interest key at the cloud-based virtual machine used for secure communication among the cloud-based virtual machine and other cloud-based virtual machines within a common community of interest with the cloud-based virtual machine. | 2015-12-31 |
20150381597 | ENTERPRISE MANAGEMENT FOR SECURE NETWORK COMMUNICATIONS OVER IPSEC - Methods and systems for managing a secure enterprise are disclosed. One method includes initiating a management service at a server within the secure enterprise, the management service including a web interface providing administrative access to configuration settings associated with the secure enterprise, the management service initializing a secure communications protocol and managing access to a credential store, the credential store including a plurality of credentials defining communities of interest within the secure enterprise, each of the communities of interest defining a collection of authenticated endpoints having common access and usage rights. The method includes initiating an object management service at the server defining an interface to a configuration database, and accessing the configuration database to obtain data defining a configuration of the enterprise according to a configuration profile. The method includes applying configuration settings to the secure enterprise based on the data defining the configuration of the secure enterprise. | 2015-12-31 |
20150381598 | QUEUE MANAGEMENT AND LOAD SHEDDING FOR COMPLEX AUTHENTICATION SCHEMES - Using a stochastic queuing model to determine adjustments to be made to authentication system operation. In light of operational parameter values and the stochastic queuing model, a determination is made that adjusting the value of a particular parameter for handling authentication requests is likely to improve some aspect of system performance, and the request handling parameter is adjusted accordingly. | 2015-12-31 |
20150381599 | COMPUTERIZED METHOD AND SYSTEM FOR MANAGING A COMMUNITY FACILITY IN A NETWORKED SECURE COLLABORATIVE EXCHANGE ENVIRONMENT - In embodiments of the present invention improved capabilities are described for managing a community facility in a networked secure collaborative computer data exchange environment, including providing an exchange community facility where each of a plurality of users operating a plurality of client computing devices is enabled to establish a corresponding informational profile that is made accessible to other users operating the plurality of client computing devices and is enabled to find and interact with the other users based on the informational profile. | 2015-12-31 |
20150381600 | AUTHENTICATING A DATA ACCESS REQUEST TO A DISPERSED STORAGE NETWORK - A method includes sending, by a user device, a plurality of data access requests to storage units. The method further includes sending, by one the storage units, an authentication request to an authenticating module. The method further includes forwarding, by the one of the storage units, a verification request to the user device. The method further includes forwarding, by the one of the storage units, a verification response to the authenticating module. The method further includes executing, by at least some of the storage units, corresponding ones of the plurality of data access requests when an authentication response of the authenticating module is favorable. | 2015-12-31 |
20150381601 | SYSTEMS AND METHODS FOR AUTHORIZING SERVICES IN A TELECOMMUNICATIONS NETWORK - A computer-implemented method for authorizing access by a user device to at least one service offered over an Internet Protocol (IP) network is provided. A server receives a message from the user device. The message indicates that the user device is configured to support the at least one service. The server then retrieves from a database policy data associated with the user device. The server validates based on the policy data that the user device is authorized to advertise the at least one service and the at least one service is available for access by the user device. If the at least one service is unauthorized or unavailable for access by the user device, the server modifies the message to indicate one or more authorized and available services for the user device without including the at least one service. | 2015-12-31 |
20150381602 | AUTOMATED AUTHORIZATION RESPONSE TECHNIQUES - Techniques are disclosed relating to automating permission requests, e.g., in the context of multi-factor authentication. In some embodiments a mobile device receives permission requests that specify sets of one or more automation criteria. In some embodiments, the mobile device prompts a user for a response to permission requests when the criteria are not met and automatically responds to permission requests (e.g., without requiring user input) when the criteria are met. Disclosed techniques may increase authorization security while reducing user interaction for multi-factor authentication, in some embodiments. | 2015-12-31 |
20150381603 | CLOUD AUTHENTICATION - A cloud authentication system is disclosed. A request for an authentication setup for a first user of a first service provider is received. Additional information, such as authentication criteria, can further be received, such as from the first service provider. A set of stimuli to associate with a first user profile of the first user of the first service provider is stored. | 2015-12-31 |
20150381604 | METHOD AND SYSTEM FOR PROTECTION AGAINST INFORMATION STEALING SOFTWARE - A system and method for identifying infection of unwanted software on an electronic device is disclosed. A software agent configured to generate a bait and is installed on the electronic device. The bait can simulate a situation in which the user performs a login session and submits personal information or it may just contain artificial sensitive information. Parameters may be inserted into the bait such as the identity of the electronic device that the bait is installed upon. The output of the electronic device is monitored and analyzed for attempts of transmitting the bait. The output is analyzed by correlating the output with the bait and can be done by comparing information about the bait with the traffic over a computer network in order to decide about the existence and the location of unwanted software. Furthermore, it is possible to store information about the bait in a database and then compare information about a user with the information in the database in order to determine if the electronic device that transmitted the bait contains unwanted software. | 2015-12-31 |
20150381605 | METHOD, SYSTEM AND APPARATUS FOR AUTHENTICATION USING APPLICATION - The present invention relates to a method, system and apparatus for authentication using an application. Particularly, this invention can use an integrated ID by acquiring a reliable relationship between applications installed in a single terminal, or can perform the authentication of other applications by sharing authentication information through a representative application among applications. According to this invention, the account registration is performed by referring to the representative application, and thus the SSO authentication scheme may be implemented even in a mobile environment. | 2015-12-31 |
20150381606 | Sharing Between CPE and Companion Device - In one embodiment, a method and system for a companion device to share an application context and authorization context with a consumer premises equipment (CPE) device is described. The method and system includes transmitting a search request by a search request transmitter using a service discovery protocol, receiving a response to the search request from the CPE device, creating an authorization context at an authorization context creating processor, the authorization context including metadata that grants access to a resource, transmitting, by an authorization context transmitter, the authorization context to an application resident on the CPE device, establishing a trusted session between the application resident on the CPE and a device application, the establishing a session by the device application including requesting a digital certificate from the CPE, receiving the digital certificate from the CPE, and validating the digital certificate, creating, at an application context data creating processor, application context data, and transmitting the application context data created to the CPE device, wherein the application context data enables the CPE device to request access to an authorized resource from a resource provider. Related methods, systems, and apparatus are also described. | 2015-12-31 |
20150381607 | SYSTEMS AND METHODS FOR MANAGING SECURE SHARING OF ONLINE ADVERTISING DATA - Systems and methods are disclosed for managing online advertising data secure sharing. One method includes receiving, at a server, a request for proprietary data from a data consumer, the request including a data consumer identifier; retrieving, from a database of proprietary data, proprietary data based on the request; determining, by the server, whether the retrieved proprietary data is at least one of: designated to be processed and designated to have privileges set; processing, by the server, the proprietary data when the server determines the proprietary data is designated to be processed; setting one or more privileges to the proprietary data using the certificate associated with the data consumer identifier when the server determines the proprietary data is designated to have privileges set; encrypting the proprietary data using the certificate associated with the data consumer identifier; and transmitting the encrypted proprietary data to the data consumer. | 2015-12-31 |
20150381608 | EFFICIENT ENCRYPTION, ESCROW AND DIGITAL SIGNATURES - A network server is operated so as to facilitate legal eavesdropping by receiving, from the first user via a network, a session key (SK) encrypted with a second user's public key, k | 2015-12-31 |
20150381609 | WEARABLE ELECTRONIC DEVICES - Wearable electronic device technology is disclosed. In an example, a wearable electronic device can include a handling portion that facilitates donning the wearable electronic device on a user. The wearable electronic device can also include a user authentication sensor associated with the handling portion and configured to sense a biometric characteristic of the user while the user is donning the wearable electronic device. In addition, the wearable electronic device can include a security module to determine whether the sensed biometric characteristic indicates an authorized user of the wearable electronic device. | 2015-12-31 |
20150381610 | LOCATION-BASED DATA SECURITY - In an example, a system and method are disclosed for location-based security for devices such as portable devices. A portable device may be provided with a short-range transceiver (such as RIFD) that is detectable when a user enters or exits an area. The device may also include an encrypted storage divided into a plurality of discrete units. Upon entering an area, the devices identity and location are provided to a policy server. In response, the policy server may wirelessly provide security tokens to the portable device that enable decryption of specific storage units authorized for access in that area. When a user passes back through a portal to the area, the security tokens are revoked, so that access to secured units of the storage is restricted. | 2015-12-31 |