53rd week of 2020 patent applcation highlights part 79 |
Patent application number | Title | Published |
20200412641 | TECHNIQUES FOR INTERACTION BETWEEN NETWORK PROTOCOLS - A multipath device for processing multipath data traffic, the multipath device comprising: a multipath network access interface for receiving multipath data traffic; and a host processor configured to process a plurality of multi-connectivity network protocols. A specific multi-connectivity network protocol of the plurality of multi-connectivity network protocols is configured to utilize protocol-specific resources of the multipath device for processing a portion of the multipath data traffic that is related to the specific multi-connectivity network protocol. The specific multi-connectivity network protocol is configured to share the network protocol-specific resources with other multi-connectivity network protocols which are configured to process portions of the multipath data traffic that are related to the other multi-connectivity network protocols by distributing payload data transport onto multiple sub-flows of a multipath connection. | 2020-12-31 |
20200412642 | PATH CHECK INSIGHT - Embodiments of the present disclosure relate to systems, methods, and user interfaces for monitoring and maintaining redundant network and storage paths. Initially, path check information is received at a path check server via one or more management nodes. Each of the one or more management nodes comprises one or more physical nodes corresponding to network and hardware infrastructure. Failed nodes of the one or more physical nodes are identified, the failed nodes indicating physical nodes having path failures. Upon determining the node does not have an active incident in progress, an incident corresponding to the node is generated. In embodiments, a notification may be communicated to one or more team members. The notification may include the incident and a status of the incident. In embodiments, data visualization corresponding to the incident may be provided. | 2020-12-31 |
20200412643 | INTELLIGENT DELIVERY OF DATA PACKETS WITHIN A NETWORK TRANSMISSION PATH BASED ON TIME INTERVALS - Intelligent delivery/transmission of data within a secure transmission path of a distributed computing network. A plurality of logical switches are disposed throughout a secure transmission path between a source and target. A controller is configured to control a timing for delivery and/or routing of the data packets to the target apparatus by activating and deactivating the logical switches. In addition, activation of two or more switches provides for isolating data, such that, inline processing (e.g., security checks or the like) can be performed on the data. | 2020-12-31 |
20200412644 | CONTENT BASED ROUTING METHOD AND APPARATUS - Embodiments of the present disclosure provide a content based routing method and apparatus. The method may include: judging, in response to receiving a service request, whether the service request matches a preset shunt rule, the preset shunt rule including a request content and a request context; and forwarding, in response to judging that the service request matches the preset shunt rule, the service request to a service cluster corresponding to the preset shunt rule matching the preset service request. | 2020-12-31 |
20200412645 | ROUTE REFLECTOR OPTIMIZATIONS FOR INTERCONNECTING MPLS-BASED L3-VPN AND L3-EVPN NETWORKS - Methods and systems are described for providing route advertisements to provider edge devices on virtual private networks implemented using different protocols. An illustrative method includes receiving, from a first provider edge device on a first virtual private network (VPN), a route advertisement in a first format, wherein the first format corresponds to a first standard, determining whether the first format is translatable to a second format, wherein the second format corresponds to a second standard, in response to determining that the first format is translatable to the second format, identifying parameters for translating a route included in the route advertisement from the first format into the second format, generating a translated route advertisement by translating the route included in the route advertisement in accordance with the identified parameters, and transmitting, to a second provider edge device on a second VPN, the translated route advertisement including the translated route. | 2020-12-31 |
20200412646 | SYSTEM AND METHOD FOR ADDING ROUTING PATHS IN A NETWORK - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for generating a routing table. In one implementation, BGP route broadcasts are received by a control plane of a network. The BGP route broadcasts are aggregated into a table of address summarized routes based on IP addresses included in the BGP route broadcasts. A table of attribute summarized routes is generated from the table of address summarized routes based on similarities between attributes included in the address summarized routes. | 2020-12-31 |
20200412647 | INTELLIGENT WIDE AREA NETWORK (IWAN) - In one embodiment, an electronic device maintains one or more tunnel-based overlays for a communication network. The communication network includes two or more physical provider networks. The device maintains a mapping between a particular application and the one or more overlays for the communication network. The device adjusts the mapping between the particular application and the one or more overlays for the communication network. The device causes one or more routers in the communication network to route traffic for the particular application according to the adjusted mapping between the application and the one or more overlays for the communication network. | 2020-12-31 |
20200412648 | METHOD FOR DISTRIBUTING TRANSMISSION PATH INFORMATION AND ROUTING BRIDGES - A method for distributing transmission path information, including: distributing, by a first routing bridge which stores a MAC address of a host on a local link, transmission path information of the host on the local link to a remote routing bridge of a non-local link, the transmission path information including the MAC address of the host on the local link and identification information of a second routing bridge, so that the remote routing bridge learns the transmission path information from the first routing bridge. The present application further provides corresponding routing bridges. The present application may enable the remote routing bridge to timely learn the transmission path information of the host under the condition that a data packet sent by the host is not received, so as to send data to the host according to a new transmission path. | 2020-12-31 |
20200412649 | CRC UPDATE MECHANISM - A cyclic redundancy code (CRC) update device includes an input coupled to obtain an old CRC that corresponds to an old header of a communication packet, a CRC storage device to store CRC coefficients, a CRC calculator coupled to receive a modified old header of the communication packet and calculate a new CRC on the modified old header, and a polynomial multiplier coupled to the CRC storage device to receive the new CRC, obtain a corresponding coefficient from the CRC storage device, and generate an update for the CRC of the frame. | 2020-12-31 |
20200412650 | DYNAMIC SEGMENT ROUTING MAPPING SERVER FOR A MULTIPROTOCOL LABEL SWITCHING NETWORK - A dynamic SRMS (DSRMS) in a MPLS network generates unique segment identifiers for nodes of the network lacking segment identifiers (SIDs). The DSRMS receives network information from other nodes of the network that may include, for example, Internal Gateway Protocol (IGP) routing information, advertised prefix values for the nodes, and label values used in MPLS routing. The DSRMS analyzes the information and identifies nodes of the network that are not associated with a SID. For each identified node, the DSRMS generates a unique SID and then announces the SID to other nodes within the network. Generating the unique SID may include executing a hashing function using the IP address of the identified node as an input. | 2020-12-31 |
20200412651 | SECURING COMMUNICATIONS BETWEEN SERVICES IN A CLUSTER USING LOAD BALANCING SYSTEMS AND METHODS - Described embodiments provide systems and methods for securing communications between services in a cluster using load balancing. A first proxy of a first node of a cluster of nodes can receive a request for a service from at least one pod of the first node. The service can include a plurality of pods. The plurality of pods can execute in the cluster of nodes including the first node. The first proxy can select, responsive to a load balancing determination, a pod of a second node of the cluster of nodes to receive the request. An encrypted connection can be established with a second proxy of the second node. The request can be forwarded to the selected pod via the encrypted connection to the second proxy. The request can be decrypted at the second proxy and forwarded at the pod of the second node. | 2020-12-31 |
20200412652 | EVENT-BASED FLOW CONTROL IN SOFTWARE-DEFINED NETWORKS - A software-defined network controller (SDN controller) defines a first network flow to be selectively implemented by a networking device according to a first network operation profile. The SDN controller defines a second network flow to be selectively implemented by the networking device according to a second network operation profile. A memory device of the networking device may store at least first and second network operation profiles for selective implementation during defined event windows. The event window(s) may be defined by start event inputs and stop event inputs. The event inputs may include, without limitation, a combination of parameter-based inputs and/or temporal inputs. In one specific embodiment, the networking device detects a network event and modifies a network operation profile for a preset time period and/or until an interrupt or stop event is detected. | 2020-12-31 |
20200412653 | Intelligent RAN Flow Management and Distributed Policy Enforcement - A system is disclosed for providing configurable flow management, comprising: a first base station coupled to a user device and with an established control connection with the user device; and a coordinating node coupled to the first base station and coupled to a core network, thereby providing a gateway for the first base station and the user device to the core network, the core network further comprising a policy and charging rules function (PCRF) node with a database of policy rules, wherein the coordinating node is configured to retrieve policy rules from the PCRF node, to enable enforcement of retrieved policy rules on flows from the user device passing through the coordinating node, and to transmit policy rules to the first base station for enforcement at the first base station. | 2020-12-31 |
20200412654 | EDGE-NODE CONTROLLED RESOURCE DISTRIBUTION - This application describes apparatus and methods for using edge-computing to control resource distribution among access channels, such as a retail banking center. Edge-nodes may be configured to move a product display in response to detected or expected customer traffic flow in or near a retail location. Edge-nodes may be configured to redirect resources provided by a cloud computing environment to or away from the retail location. Based on customer traffic flow, edge-nodes may direct customers/resources to a retail location and ensure the retail location provides a predetermined quality of service. | 2020-12-31 |
20200412655 | Dynamic Offline End-to-End Packet Processing based on Traffic Class - Methods and apparatus for dynamic offline end-to-end packet processing based on traffic class. An end-to-end connection is set up between an application on a client including a processor and host memory and an application on a remote server. An offline packet buffer is allocated in host memory. While the processor and/or a core on with the client application is executed is in a sleep state, the client is operated in an interrupt-less and polling-less mode as applied to a predetermined traffic class. Under the mode, a Network Interface Controller (NIC) at the client receives network traffic from the remote server and determines whether the network traffic is associated with the predetermined traffic class. When it is, the NIC writes packet data extracted from the network traffic to an offline packet buffer. Descriptors are generated and provided to the NIC to inform the NIC of the location and size of the offline packet buffer. | 2020-12-31 |
20200412656 | DATA RATE MANAGEMENT OF A MULTI-RAT USER EQUIPMENT - Aspects of the present disclosure relate to monitoring a set of operational conditions to establish a dynamic prioritization of a plurality of RATs. Data rates of the plurality of RATs are managed based in part upon the dynamic prioritization. In some designs, the dynamic prioritization is used to determine a data rate tolerance of each of the plurality of RATs, after which a RAT-specific data rate target for each of the plurality of RATs is determined based at least in part on the determined data rate tolerances and a monitored set of operational conditions, whereby the data rates of the plurality of RATs are managed based on the RAT-specific data rate targets. In some designs, the monitored operational conditions relate to a processing system of a vehicle, or an interior or exterior environment of the vehicle. | 2020-12-31 |
20200412657 | CONGESTION CONTROL FOR LOW LATENCY DATACENTER NETWORKS - Systems and methods for controlling congestion in a data network are provided. A base target round-trip time (RTT) for packets of a network flow including packets transmitted from a source network device to destination network device is obtained. A number of hops packets associated with the network flow traverse between the source network device and the destination network device is determined. A topology scaled target RTT for the network flow is determined based on the base target RTT and the determined number of hops. A congestion window size for the network flow is managed based on the topology scaled target RTT. | 2020-12-31 |
20200412658 | CONGESTION CONTROL FOR LOW LATENCY DATACENTER NETWORKS - Systems and methods for controlling congestion of a data network are provided. An engine round-trip time (RTT) and a fabric RTT for a network flow are determined. An engine-based congestion window size for the flow is determined based on the engine RTT and a target engine RTT. A fabric-based congestion window size for the flow is determined based on the fabric RTT and a target fabric RTT. The smaller of the engine-based congestion window size and the fabric-based window size is selected for use in transmitting a future packet associated with the flow. The target engine RTT is determined based in part on the current congestion window used to transmit packets for the flow and/or the target fabric RTT is determined based on a number of hops packets associated with the flow traverse from a source to a destination associated with the flow. | 2020-12-31 |
20200412659 | DYNAMIC VIRTUAL CUT-THROUGH AND DYNAMIC FABRIC BANDWIDTH ALLOCATION BETWEEN VIRTUAL CUT-THROUGH AND STORE-AND-FORWARD TRAFFIC - Examples describe an egress port manager that uses an adaptive jitter selector to apply a jitter threshold level for a buffer, wherein the jitter threshold level is to indicate when egress of a packet segment from the buffer is allowed, wherein a packet segment comprises a packet header and wherein the jitter threshold level is adaptive based on a switch fabric load. In some examples, the jitter threshold level is to indicate a number of segments for the buffer's head of line (HOL) packet that are to be in the buffer or indicate a timer that starts at a time of issuance of a first read request for a first segment of the packet in the buffer. In some examples, the jitter threshold level is not more than a maximum transmission unit (MTU) size associated with the buffer. In some examples, a fetch scheduler is used to adapt an amount of interface overspeed to reduce packet fetching latency while attempting to prevent fabric saturation based on a switch fabric load level, wherein the fetch scheduler is to control the jitter threshold level for the buffer by forcing a jitter threshold level based on switch fabric load level and latency profile of the switch fabric. | 2020-12-31 |
20200412660 | Congestion Control Method And Network Device - A network device adds a fixed value to a congestion threshold (CT) when a first period ends. Detects whether a difference obtained by subtracting average traffic load of a queue in the first period from average traffic load of the queue in a second period is greater than a target increase value, sets the CT based on a detection result when the second period ends, where the first period is previous to the second period; marks a received packet when a quantity of packets buffered in the queue is greater than the CT, enqueues the marked packet and sends the marked packet to a receiving device. | 2020-12-31 |
20200412661 | PACKET-FLOW MESSAGE-DISTRIBUTION SYSTEM - Switchless interconnect fabric message distribution includes end-to-end partitioning of message pathways or multiple priority levels with interrupt capability. A switchless interconnect fabric message distribution system includes a data distribution module and at least two host-bus adapters connected to the data distribution module. The data distribution module includes partition first in first out buffers. Each of the host-bus adapters includes an input manager connected to input priority first in first out buffers and an output manager connected to priority first in first out buffers. | 2020-12-31 |
20200412662 | METHOD AND SYSTEM FOR TO IMPLEMENT MESSAGING FOR CLUSTER ELECTIONS - Described is a system, method, and computer program product for performing elections in a database cluster, where cluster topology representations are distributed across the cluster nodes using a prioritized messaging protocol. The cluster topology representations may be implemented as connectivity bit-vector that provide information that identifies which nodes in the cluster are able to communicatively connect with other nodes. | 2020-12-31 |
20200412663 | PREDICTIVE SCALING OF COMPUTING RESOURCES - The described technology is generally directed towards predicting a need for provisioned (e.g., cloud computing) resources so that the provisioned resources are proactively provisioned and operational before their actual need. Historical data is used to predict upcoming resource demand so that resources begin to be scaled up to meet demand in advance, at a prediction time, given that there is a “spin-up” delay between requesting resources and their actual availability. The predictive resource provisioning is adaptable to override customary historical data with expected exceptions, and is flexible to handle variable spin-up times, constraints, and optimizations. | 2020-12-31 |
20200412664 | METHOD AND SYSTEM FOR TRIGGERING OF INTERNET OF THINGS (IOT) DEVICES - The present disclosure provides a method and a system for triggering of Internet of things (IoT) devices. The system comprising a processor causes the processor to receive a change in output of first IoT device from a plurality of IoT devices, wherein the plurality of IoT devices are connected to each other, determine one or more connectivity paths between the plurality of IoT devices including the first IoT device based on stored connectivity paths between the plurality of IoT devices in a database, select one of the determined one or more connectivity paths between the plurality of IoT devices, wherein the selecting is based on similarity of metadata of each of the plurality of IoT devices in each of the one or more connectivity paths and trigger one or more IoT devices of the plurality of IoT devices in the selected connectivity path. | 2020-12-31 |
20200412665 | ACCESS MANAGEMENT SYSTEM WITH A RESOURCE-OWNERSHIP POLICY MANAGER - Methods, systems, and computer storage media for providing access to computing environments are provided. Based on a resource-ownership policy manager (i.e., a self-service engine and a runtime policy evaluation engine) that provides resource-ownership policy operations executed to apply a resource owner's policies only on resource owned by the resource owner. In operation, at runtime, a first resource instance is identified and an entity is determined to be the resource owner of the first policy and first resource instance. The first policy is applied to the first resource instance because the entity owns both the first policy and the first resource instance. A second resource instance is identified and the entity is determined not to be the resource owner of the second resource instance. A second resource policy of the entity is not applied to the second resource instance because the entity is not the owner of the second resource instance. | 2020-12-31 |
20200412666 | SHARED MEMORY MESH FOR SWITCHING - Examples are described herein that relate to a mesh in a switch fabric. The mesh can include one or more buses that permit operations (e.g., read, write, or responses) to continue in the same direction, drop off to a memory, drop off a bus to permit another operation to use the bus, or receive operations that are changing direction. A latency estimate can be determined at least for operations that drop off from a bus to permit another operation to use the bus or receive and channel operations that are changing direction. An operation with a highest latency estimate (e.g., time of traversing a mesh) can be permitted to use the bus, even causing another operation, that is not to change direction, to drop off the bus and re-enter later. | 2020-12-31 |
20200412667 | OPERATING A SERVICE PROVIDER NETWORK NODE - Certain aspects of the present disclosure provide a method of operating a service provider network node in a service provider network, comprising: establishing an interface between a control plane processing part and a data plane processing part for routing of control packets at the data plane processing part; at the control plane processing part, generating a control packet for routing through the service provider network; and at the control plane processing part, sending the control packet to the data plane processing part via the interface, to cause the data plane processing part to route the control packet through the service provider network using the one or more routing tables maintained by the data plane processing part in response to receiving the control packet from the control plane processing part via the interface. | 2020-12-31 |
20200412668 | Apparatus with Service Interface and Method for Servicing the Apparatus - An apparatus comprising a socket insert that is arranged in a receptacle of the apparatus. The socket insert is connected to an operating medium connector. In the receptacle a data interface is covered by the socket insert and inaccessible from outside. To obtain access to the apparatus software or data, the socket insert can be replaced by a service insert that covers the operating medium output but contacts the data plug. The service insert allows communication with the apparatus control to input or output data and/or programs. The arrangement of the service interface covered by socket inserts provides an effective means for access control to the service interface. It impedes or avoids non-authorized access to the interface and damages for persons and material that otherwise could occur due to the missing disruptive discharge proof potential separation between the service interface and particularly the power section of the apparatus control. | 2020-12-31 |
20200412669 | REAL-TIME MULTI-PROTOCOL HETEROGENEOUS PACKET-BASED TRANSPORT - Deadlocks in a multi-protocol heterogeneous packet-based transport system are avoided while maintaining real-time aspects. When receiving a plurality of packets from a root complex where contents of each packet from the plurality of packets organized in accordance with a first protocol, a sequence number is added to each packet and a packet type is identified. Every packet in the first plurality of packets is encapsulated into at least one packet organized in accordance with a second protocol to form a second plurality of packets organized in accordance with the second protocol. All the packets from the second plurality of packets are sent via a plurality of connections so that each connection from the plurality of connections only transports packets from the second plurality of packets that encapsulate packets from the first plurality that have a same packet type. | 2020-12-31 |
20200412670 | OUTPUT QUEUEING WITH SCALABILITY FOR SEGMENTED TRAFFIC IN A HIGH-RADIX SWITCH - Examples describe an egress subsystem that can be used to schedule fetching and transmission of packets from a switch fabric. Segments of a packet can be requested from a switch fabric and stored in a re-order buffer to re-order any segments that are received out of order from the switch fabric. A header segment re-order buffer can be used to re-order segments of a header. After a header of a packet is available in the header segment re-order buffer, the header can be processed before the entire associated body is received from the switch fabric. A jitter threshold scheme can gate egress of a body from a re-order buffer unless a time threshold or amount threshold is met. The egress subsystem can track a state of packet segments from request to transmission, A flow control message received at the egress subsystem can cause packets in certain states to be paused and not permitted to egress. | 2020-12-31 |
20200412671 | CHAT BOT OPERATION AND MANAGEMENT ARCHITECTURE - An improved chat bot operation enables multiple teams to leverage a common bot deployment, rather than requiring each team to build and deploy their own. A context-aware operation identifies a user's context and selects a context file, from among a plurality of context files, to tailor actions and responses. Each team thus has a reduced workload in generating a context file rather than an entire bot deployment. An exemplary method includes: receiving a first chat content from a first chat session; determining a first context for the first chat content; selecting, based at least on the first context, a first context file from a plurality of context files; determining, based at least on the first chat content and the first context file, a first action for the chat bot, wherein determining the first action for the chat bot comprises parsing the first context file; and executing the first action. | 2020-12-31 |
20200412672 | Processing System Performing Dynamic Training Response Output Generation Control - Aspects of the disclosure relate to enhanced dynamic training response output generation control systems with enhanced dynamic training response output determinations. A computing platform may receive, from the user device and in response to an initial dynamic training interface, a training request input. The computing platform may send, to an NLU engine, the training request input and commands directing the NLU engine to perform natural language understanding and processing on the training request input to determine a natural language result output. Using the natural language result output, the computing platform may determine third party data sources that correspond to the natural language result output, and may request source data from the third party data sources. Using the source data and the natural language result output, the computing platform may generate a dynamic training response output, and may direct the user device to cause display of the dynamic training response output. | 2020-12-31 |
20200412673 | PERSONALITY REPLY FOR DIGITAL CONTENT - A computer-implemented method is described. The method includes a computing system receiving an item of digital content from a user device. The computing system generates one or more labels that indicate attributes of the item of digital content. The computing system also generates one or more conversational replies to the item of digital content based on the one or more labels that indicate attributes of the item of digital content. The method also includes the computing system selecting a conversational reply from among the one or more conversational replies and providing the conversational reply for output to the user device. | 2020-12-31 |
20200412674 | ENHANCING A SOCIAL MEDIA POST WITH CONTENT THAT IS RELEVANT TO THE AUDIENCE OF THE POST - Systems and methods are described for enhancing a social media post with a content item. An illustrative method includes receiving a social media post; extracting, from the social media post, a first content item; identifying, in a frame of the first content item, a portion of the frame that is a non-focus portion; identifying a plurality of content items that fit within the non-focus portion; identifying a content preference of an audience of the social media post; determining an estimated length of time that the audience will view the social media post; selecting a second content item, from the plurality of content items, that matches the content preference of the audience and has a duration that does not exceed the estimated length of time; generating an enhanced social media post by overlaying the second content item onto the non-focus portion; and generating for display the enhanced social media post. | 2020-12-31 |
20200412675 | NETWORK BASED DATA TRAFFIC LATENCY REDUCTION - The present disclosure is directed to a technique for reduction of latency in network traffic data transmissions. The system parses an online document to determine a messaging identifier used to communicate over an asynchronous network-based communication channel with a content provider device. The system assembles a first instance of the online content item with the messaging identifier. An intermediary appliance located on the asynchronous network-based communication channel in between the first computing device and the content provider device intercepts data packets including the electronic message The system determines a quality of the asynchronous network-based communication channel. The system blocks insertion of the messaging identifier in a second instance of the online content item prior to transmission of the second instance of the online content item to a second computing device to reduce latency by preventing additional messages from being sent to the messaging identifier. | 2020-12-31 |
20200412676 | Content and Member Optimization for Downstream Collaboration - A method and system of adjusting a content of an electronic communication are provided. An electronic communication sent from a first entity to a second entity is received and its content determined. The electronic communication is assigned to a collaboration group based on the determined content. One or more downstream collaboration entities in the collaboration group are identified. For each identified collaboration entity, one or more electronic communication parameters are determined. The electronic communication is adjusted for compliance with the electronic communication parameters of the identified collaboration entities. | 2020-12-31 |
20200412677 | Creating and Sharing Customizable Chat Spaces - A system and method are disclosed for generating a customizable communication space, comprising one or more customized chat spaces, in which two or more communication devices participate. A computer coupled with a database and comprising a processor and memory generates a customizable communication space and transmits requests to join the customizable communication space to the two or more communication devices. The computer stores in memory identification information for each of the two or more communication devices. The computer configures, in response to instructions transmitted by one of the two or more communication devices, a customized chat space. The computer transmits the customized chat space to the two or more communication devices and stores in the computer memory communications transmitted by the communication devices within the customized chat space. | 2020-12-31 |
20200412678 | DEVICE AND METHOD FOR PROCESSING A MESSAGE - A message treatment process executed by a user's terminal when a message is being drafted is disclosed. The terminal has access to a corpus of messages containing at least one message sent by that user to at least one recipient user. In one aspect, at least one part of the message drafted by the user is retrieved. Concerning at least one message in the corpus, a semantic similarity score is calculated with a view to match at least part of the draft message with one message at least in the predetermined corpus of messages. At least one message is selected in the corpus of messages, based on the semantic similarity score calculated for a least one message in the corpus, then at least part of a previously received reply to at least one selected message is replicated. | 2020-12-31 |
20200412679 | GROUP CHAT INITIATING METHOD ON BASIS OF SHARED DOCUMENT, DEVICE AND APPARATUS THEREFOR, AND STORAGE MEDIUM - Disclosed in the embodiment of the present disclosure is a group chat initiating method on the basis of a shared document, comprising: when a first user account accesses a shared document, querying the shared document to obtain a group-specific name card inserted therein, and in the shared document, according to a joining state of the first user account in a chat group, displaying a group chat control corresponding to the joining state, and in response to an operation of the user performed on the chat control, sending a corresponding group chat request for joining the chat group or displaying an interface of the chat group. Also disclosed in the embodiment of the present disclosure are a device for initiating a group chat on the basis of a shared document, an electronic apparatus, and a computer-readable storage medium. | 2020-12-31 |
20200412680 | PRIORITIZING MESSAGES WITHIN A MESSAGE NETWORK - A system and a method are disclosed for recommending electronic messages in a message sharing system. Users can post messages to the message sharing system. These messages from posting users are received by the system and sent to receiving users that have subscribed to the posting users. The receiving users interact with the messages in various ways, such as by sharing the messages with other users. Interaction information is received for each of the electronic messages. The interaction information includes an indication of the number of interactions with the electronic message by receiving users. A score is determined for each electronic message based on the interaction information. Electronic messages are selected for being recommended to a user or a group of users based on the scores. The recommendations are then sent to the users, enabling users to better focus their attention on messages that are likely to be interesting. | 2020-12-31 |
20200412681 | DIFFERENTIAL PRIVACY FOR MESSAGE TEXT CONTENT MINING - Systems and methods are disclosed for determining whether a message received by a client may be spam, in a computing environment that preserves privacy. The message may be encrypted. A client invokes the methods when a message is received from a sender that is not known to the client. A client can decrypt the message, break the message into chunks, and apply a differentially private algorithm to the set of chunks. The client transmits the differentially private message sketches to an aggregation server. The aggregation server receives a large collection of such message sketches for a large plurality of clients. The aggregation server returns aggregated message chunk (e.g. frequency) information to the client to assist the client in determining whether the message may be spam. The client can process the message based on the determination without disclosing the message content to the server. | 2020-12-31 |
20200412682 | FEEDBACK ENABLED NETWORK CURATION OF RELEVANT CONTENT THREAD - A computer-implemented method includes identifying, by a computer device, particular users of a digital publishing platform, the particular users being users that have commented on previous content published by a first user; identifying, by the computer device, correlated users, the correlated users being those particular users that have published a pertinent comment; assessing, by the computer device, a satisfaction level of the first user with each pertinent comment; identifying, by the computer device and based on the assessing, a set of users of the correlated users, each of the correlated users in the set of users having published a pertinent comment having a satisfaction level above a threshold; notifying, by the computer device, the set of users that the first user has published new content; detecting, by the computer device, new comments by the correlated users in the set of users, the new comments pertaining to the new content; assessing, by the computer device, a satisfaction level of the first user with each new comment; and updating, by the computer device, the set of users based on the satisfaction level of the first user with each new comment. | 2020-12-31 |
20200412683 | ELECTRONIC DEVICE, SERVER, AND CONTROL METHOD AND LOCATION INFORMATION PROVIDING METHOD FOR THE ELECTRONIC DEVICE - A first electronic device comprises at least one communication circuitry, at least one display, at least one memory configured to store instructions, and at least one processor operatively coupled with the at least one communication circuitry and the at least one display. The processor is configured to (1) access to a first server for a navigation service through an application linked with a first account for accessing to a second server, (2) receive, via the first server from a second electronic device of a second user that is authenticated through the application linked with a second account for accessing to the second server, a message, (3) display an object for inquiring whether to obtain a route from the second user, (4) receive information regarding a changed location of the second electronic device, and (5) display a relative positional relationship between the two electronic devices over an electronic map. | 2020-12-31 |
20200412684 | COMPOSING SOCIAL MEDIA MESSAGES REFERENCING MULTIPLE MESSAGES - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for providing content on a social messaging platform. One of the methods includes providing a plurality of messages of a social messaging platform to a user device, the plurality of messages being part of a conversation; receiving a request associated with one of the plurality of messages, the request including an indication to repost a collection of messages; providing a selection user interface, the selection user interface including the plurality of messages and a respective selection indicator for each message; receiving a user selection of two or more messages; responsive to the user selection, generating a message composition interface, the message composition interface including a representation of the selected messages; and in response to user input, posting the representation of the selected messages as part of a new message of the user on the platform. | 2020-12-31 |
20200412685 | COMMUNICATION ASSOCIATION MODEL - Example implementations relate to a communication association model. For example, a computing device may include a processor. The processor may access a first and a second communication, the second communication originating based on the first communication. The processor may analyze the first communication to obtain first data associated with the first communication and analyze the second communication to obtain the second data associated with the second communication, where the first data includes data associated with a first sender a first recipient of the first communication and the second data includes data associated with a second sender and a second recipient of the second communication. The processor may create an association between the first data and the second data and may generate a model specifying the associated based on the first data and the second data, where the model indicates an impact associated with the first communication and the second communication. | 2020-12-31 |
20200412686 | MAPPING INTERNET ROUTING WITH ANYCAST AND UTILIZING SUCH MAPS FOR DEPLOYING AND OPERATING ANYCAST POINTS OF PRESENCE (PoPs) - Generally, aspects of the invention involve creating a data structure (a map) that reflects routing of Internet traffic to Anycast prefixes. Assume, for example, that each Anycast prefix is associated with two or more deployments (Points of Presence or PoPs) that can provide a service such as DNS, content delivery (e.g., via proxy servers, as in a CDN), distributed network storage, compute, or otherwise. The map is built in such a way as to identify portions of the Internet (e.g., in IP address space) that are consistently routed with one another, i.e., always to the same PoP as one another, regardless of how the Anycast prefixes are deployed. Aspects of the invention also involve the use of this map, once created. The map can be applied in a variety of ways to assist and/or improve the operation of Anycast deployments and thus represents an improvement to computer networking technology. | 2020-12-31 |
20200412687 | GEOLOCATION USING REVERSE DOMAIN NAME SERVER INFORMATION - Generating an improved/more accurate geolocation database is provided. Given a dataset of reverse DNS hostnames for IP addresses, ground truth information, and a hierarchical geographical database, a machine learning classifier can be trained to extract and disambiguate location information from the reverse DNS hostnames of IP addresses and to apply machine learning algorithms to determine location candidates and to select a most probable candidate for a reverse DNS hostname based on a confidence score. The classifier can be used to generate an accurate geolocation database, or to provide accurate geolocation information as a service. | 2020-12-31 |
20200412688 | DISCOVERY-LESS VIRTUAL ADDRESSING IN SOFTWARE DEFINED NETWORKS - A virtual address of a destination of a packet is parsed into a set of virtual address components. A subset of the set of virtual address components is tokenized into a token. The token is converted into at least a portion of a hostname. A look-up of a real network address corresponding to the hostname is performed. The packet is caused to be transmitted to the real network address, wherein the real network address corresponds to a host machine on a physical network, the receiving virtual entity operating on the host machine. | 2020-12-31 |
20200412689 | SUBSCRIBER SESSION DIRECTOR - Determining a resolved DNS response based on one or more resolutions for a received APN DNS query is disclosed. A resolved DNS response can be based on real-time analysis of a first query and/or on historical resolution of a second query that is sufficiently similar to the first query. In an aspect, training queries can be employed to populate a data store with preferred DNS responses correlated to the training queries and associated network conditions. The data store can then be employed to evaluate a received query, and where sufficiently similar to a training query, corresponding resolution from the training query can be provided as a resolution for the received query. Moreover, as stored query information is determined to become stale, refreshment techniques are disclosed. Additionally, training queries can comprise anticipated queries and historical queries. | 2020-12-31 |
20200412690 | COMMUNICATION DEVICE, COMMUNICATION METHOD AND PROGRAM - A communication apparatus connected to a virtual apparatus having an address dispensing function via an access network is provided, wherein the communication apparatus includes a communication confirmation unit configured to perform a communication confirmation between the virtual apparatus and the communication apparatus; and an address dispensing unit configured to dispense an address to a user terminal under control of the communication apparatus when communication between the virtual apparatus and the communication apparatus is not able to be confirmed by the communication confirmation unit, and the address dispensing unit causes the user terminal to forcibly release the address when the communication between the virtual apparatus and the communication apparatus is able to be confirmed by the communication confirmation unit. | 2020-12-31 |
20200412691 | System and Method for Improving Content Fetching by Selecting Tunnel Devices - A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The tunnel device is selected based on an attribute, such as IP Geolocation. A tunnel bank server stores a list of available tunnels that may be used, associated with values of various attribute types. The tunnel devices initiate communication with the tunnel bank server, and stays connected to it, for allowing a communication session initiated by the tunnel bank server. Upon receiving a request from a client to a content and for specific attribute types and values, a tunnel is selected by the tunnel bank server, and is used as a tunnel for retrieving the required content from the web server, using standard protocol such as SOCKS, WebSocket or HTTP Proxy. The client only communicates with a super proxy server that manages the content fetching scheme. | 2020-12-31 |
20200412692 | CONTEXTUAL ENGAGEMENT AND DISENGAGEMENT OF FILE INSPECTION - Methods and apparatuses providing file type inspection in firewalls by moving the flow between deep inspection file and lightweight accelerated paths. The method includes obtaining, by a network security device, a packet flow of a file transfer session in which at least two files are transferred and determining, by the network security device, at least an offset parameter based on at least one attribute of at least a first packet in the packet flow. The offset parameter is for a first file being transferred of the at least two files and relates to an expected positon of a control data sequence within the packet flow. In this method, based on the offset parameter, directing, by the network security device, to an accelerated packet inspection path instead of to a deep packet inspection path, a portion of the packet flow including one or more packets that follow the first packet. | 2020-12-31 |
20200412693 | INFORMATION PROCESSING APPARATUS, METHOD AND PROGRAM - An information processing apparatus that executes inspection with regard to one or more security inspection items includes a plurality of containers which are container-type virtual terminals, where resources including a file system provided by an operating system (OS) of the information processing apparatus are isolated from each other, a data acquisition unit that acquires data flowing over a network before the data reaches a destination, and a data transmission unit that transmits the data to the destination. Part of the plurality of containers is an inspection container where an application for executing the inspection has been implemented. The inspection container includes an inspection unit that executes the inspection with regard to the data that has been acquired. | 2020-12-31 |
20200412694 | Method and System for Updating of an Application Layer for a Third-Party Telematics Provider - A method at a system including a firewall and at least one application, the method including obtaining, at the at least one application, a new address for a service provider for the at least one application; triggering a firewall update; obtaining a new firewall configuration; and updating the firewall, wherein the updating the firewall allows a connection from the at least one application to the new address for the service provider. | 2020-12-31 |
20200412695 | IOT COMPUTER SYSTEM AND ARRANGEMENT COMPRISING AN IOT COMPUTER SYSTEM AND AN EXTERNAL SYSTEM - An IoT computer system, in particular a so-called edge computer system includes a first virtual operating environment and a second virtual operating environment. The virtual operating environments are logically separated from one another. An arrangement includes such an IoT computer system and at least one external system or device to which the IoT computer system is connected. | 2020-12-31 |
20200412696 | INNOVATION PLATFORM - A system and a method of emulating a second cloud computing environment on a first cloud computing environment are disclosed herein. The first cloud computing environment includes an innovation platform having a private domain name system. The private domain name system is split between a customer subnet and a private subnet. The customer subnet is limited to communications with only the private subnet. The customer subnet executes an application thereon. The application is targeted for use on the second cloud computing environment. | 2020-12-31 |
20200412697 | FILE UPLOAD CONTROL FOR CLIENT-SIDE APPLICATIONS IN PROXY SOLUTIONS - A computer-implemented method includes receiving, by a proxy device, a document from a service provider in response to a request to the service provider from a client device. The proxy device injects into the document event monitoring code for monitoring user actions on the client device. The proxy device sends the document with the event monitoring code to the client device. The event monitoring code intercepts a user request for a file upload event using a client-side application on the client device. The proxy device receives a client request including file information regarding the file upload event from the event monitoring code. The proxy device determines whether the file upload event should be allowed or blocked based on the received file information and stored policy data. | 2020-12-31 |
20200412698 | TEMPLATE-BASED SESSION CONTROL IN PROXY SOLUTIONS - A computer-implemented method includes receiving, by a reverse proxy device, a session control template, and a client request directed to a service provider regarding an application. The method includes determining, by the reverse proxy device, whether the client request should be allowed or blocked based on the received session control template. If the reverse proxy device determines that the client request should be allowed, the client request is forwarded from the reverse proxy device to the service provider. If the reverse proxy device determines that the client request should be blocked, the client request is blocked from proceeding to the service provider. | 2020-12-31 |
20200412699 | SYSTEMS AND METHODS FOR ANONYMOUS AND CONSISTENT DATA ROUTING IN A CLIENT-SERVER ARCHITECTURE - Disclosed herein are systems and method for sending user data in a client-server architecture with data anonymity and consistency. In an exemplary aspect, a client device may identify, a structure to send to the server, wherein the structure comprises the user data. The client device may divide the structure into two or more substructures and for each respective substructure of the two or more substructures, the client device may (1) assign a degree of confidentiality to the respective substructure and (2) send the respective substructure to a respective node of a plurality of nodes based on the assigned degree of confidentiality and a degree of security of the respective node. The respective node may be configured to apply a respective transformation to the respective substructure and transmit the transformed respective substructure to the server. The server may be configured to combine received transformed substructures into a transformed structure. | 2020-12-31 |
20200412700 | UNIDIRECTIONAL COMMUNICATION SYSTEM AND METHOD - A unidirectional communication system to allow the sending of alerts and notification to remote operators while relieving the problem of the protection of a secured network against cyberattacks when the secured network has a need to communicate information from the secured network to a public network. In practice, the solution is based on the use of a data diode (also known under the name of network diode) to allow unidirectional transmission of information from the secured network to a public network, which makes a computer attack on the secured network from the public network impossible. Further, because of a commanded data diode, no sensitive information can leak from the secured network via the system according to the invention. The transmission of the message is only done after the message to be sent has been cleaned of sensitive information and then encrypted. | 2020-12-31 |
20200412701 | LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA - The following description is directed to a logic repository service. In one example, a method of a logic repository service can include receiving a first request to generate configuration data for configurable hardware using a specification for application logic of the configurable hardware. The method can include generating the configuration data for the configurable hardware. The configuration data can include data for implementing the application logic. The method can include encrypting the configuration data to generate encrypted configuration data. The method can include signing the encrypted configuration data using a private key. The method can include transmitting the signed encrypted configuration data in response to the request. | 2020-12-31 |
20200412702 | SYSTEM AND METHOD FOR SECURE TWO-PARTY EVALUATION OF UTILITY OF SHARING DATA - Embodiments described herein provide a system for improving a classifier by computing a statistic for the utility of sharing data with a second party. The system may encrypt a set of class labels based on a public key/private key pair to obtain a set of encrypted class labels. The system may send a public key and the set of encrypted class labels to a second computing device. The system may receive an encrypted value computed by the second computing device based on the public key. The system may decrypt the encrypted value based on a private key to obtain a decrypted value. The system may then send a pair of encrypted values computed based on the decrypted value to the second computing device. The system may subsequently receive an encrypted utility statistic from the second computing device, and decrypt the encrypted utility statistic to obtain a decrypted utility statistic. | 2020-12-31 |
20200412703 | AUTHENTICATING A USER ASSOCIATED WITH A PLURALITY OF USER DEVICES USING A PLURALITY OF TYPES OF AUTHENTICATION INFORMATION - A system for authenticating a user associated with a plurality of user devices using a plurality of types of authentication information. The system includes an electronic computing device including an electronic processor. The electronic processor is configured to receive, from a user device, a request to access sensitive information and send, to the user device, a request for a first accuracy measurement for a first type of authentication information. When first accuracy measurement is below a predetermined threshold, the electronic processor sends to the user device a request for a second accuracy measurement for a second type of authentication information. When the second accuracy measurement is above or equal to the predetermined threshold, the electronic processor authenticates the user and lowers the predetermined threshold for each user device associated with a user profile, records an anomaly associated with the first type of the authentication information, or both. | 2020-12-31 |
20200412704 | SYSTEMS AND METHODS FOR CONNECTING PRIVATE DEVICES TO PUBLIC DEVICES ACCORDING TO CONNECTION PARAMETERS - Systems and methods for connecting a private device to a public device based on various connection parameters. For example, a media guidance application may receive a communication requesting to use the public device from a private device that is implementing a private interface application (e.g., Netflix™ a streaming media application). In response, the media guidance application may generate an authorization key that is unique to the private device and comprises connection parameters. The media guidance application may transmit the authorization key to the private interface application to initiate a session between the public device and the private device. Whenever a command is received from the private device, the media guidance application may verify the authorization key and determine whether the connection parameters are satisfied. In response to verifying the authorization key and the connection parameters, the public device may execute the received command. | 2020-12-31 |
20200412705 | CO-EXISTENCE OF MANAGEMENT APPLICATIONS AND MULTIPLE USER DEVICE MANAGEMENT - Various examples for managing a client device having multiple enrolled user accounts thereon are described. A computing device is directed to store a mapping of a client device to a plurality of user accounts active. The computing device communicates remotely with a management application on the client device to identify an active one of the user accounts from an operating system of the client device. In response to receipt of information associated with a first one of the user accounts active on the client device, the computing device enrolls the first one of the user accounts with a management service in association with the client device. In response to receipt of information associated with a second one of the user accounts active on the client device, the computing device enrolls the second one of the user accounts with the management service in association with the client device. | 2020-12-31 |
20200412706 | CONNECTING IMSI-LESS DEVICES TO THE EPC - Capillary network devices (i.e., IMSI-less devices) may connect to an EPC through a home WLAN. A WLAN can be configured by the homeowner to accept responsibility for the traffic or a WLAN can indicate to a network that it will allow the traffic if the traffic is sponsored by an application server or if it is compensated for the traffic by the network operator. Where an IMSI-less device has a business relationship with a network operator, a WLAN can allow the device to authenticate with the network and obtain a device identifier from the network. Where an IMSI-less device has a business relationship with a SCS that has a business relationship with the network operator, the WLAN can allow the device to authenticate with the network. | 2020-12-31 |
20200412707 | FACILITATING SERVICE CONNECTIONS IN SERVERLESS CODE EXECUTIONS - Systems and methods are described for facilitating service connections by user-defined code executing on an on-demand code execution system. Rather than hard code state information used by network services into the code, the code can be provided with an interface that augments requests for network services with state information. When the user-defined code is executed by the on-demand code execution system, additional code can also be executed that provides the interface. The user-defined code may access the target network service through the interface, as if the target network service existed locally to an environment of the code. The interface can then augment requests to the target network service with state information. Because state information is maintained outside the user-defined code, portability of the user-defined code can be increased. | 2020-12-31 |
20200412708 | LINK PROTOCOL AGENTS FOR INTER-APPLICATION COMMUNICATIONS - Methods, media, and systems for facilitating inter-application communications between a web platform and a remote application computing device are disclosed such that a link protocol agent associated with the web platform processes an authentication request based on which a temporary connection resource locator is provided. A connection is then established at the resource locator and maintained for a period of time. Payloads and acknowledgements are exchanged in the established connection. The connection is capable of being established across a firewall. | 2020-12-31 |
20200412709 | SYNCING DATA WAREHOUSE PERMISSIONS USING SINGLE SIGN-ON AUTHENTICATION - Syncing data warehouse permissions using single sign-on authentication including establishing a link between a first cloud-based data warehouse and a second cloud-based data warehouse, wherein the link facilitates access to data stored in the second cloud-based data warehouse via the first cloud-based data warehouse; receiving, by the first cloud-based data warehouse, a first query referencing first data stored in the second cloud-based data warehouse; accessing, by the first cloud-based data warehouse, from the second cloud-based data warehouse, the first data; and sending a response to the first query based on the accessed first data. | 2020-12-31 |
20200412710 | SINGLE SIGN-ON FROM DESKTOP TO NETWORK - Methods, systems, computer-readable media, and apparatuses method for performing single sign on for a user device to the Internet. User sign-in credentials including an identity token of the user are received by a hosted desktop from the user device, including an indication that the user is attempting to access a website. The website is authorized as a trusted website by a network authorization node, and the website is issued a one-time-use token. A web browser of the hosted desktop receives an application provided by the website to cause the web browser to call the hosted desktop to initiate single sign on. Authenticity of the one-time-use token is requested by a daemon process, and the website's public key is obtained. Upon verifying authenticity of the web site, the identity token of the user is passed to the website, to enable the website to establish single sign on with the user. | 2020-12-31 |
20200412711 | SYSTEM AND METHOD FOR AUTHENTICATING SERVER IDENTITY DURING CONNECTION ESTABLISHMENT WITH CLIENT MACHINE - Disclosed is a system for notifying hacking to a user thereby ensuring verified connection of a client machine with a server intended to be connected is disclosed. The system acquires a server certificate comprising data structure. The data structure may be acquired upon receipt of a response to a request initiated by the client machine. In one aspect, the data structure may be referred to as a tree site to verifier pertaining to the request. The system further receives a validation acknowledgement indicating validity of the server certificate. The system further performs a reverse certificate look up verification process upon receipt of the acknowledgment. | 2020-12-31 |
20200412712 | DISPLAY SYSTEM, DISPLAY METHOD, AND RECORDING MEDIUM - In a display system according to the present disclosure, a server device includes an authentication processor that authenticates a user for use of a file, based on authentication information of the user input at a user terminal and an access information generator that generates first access information for accessing the file if the user is authenticated by the authentication processor for use of the file, and a display device includes a file acquirer that acquires the file from the server device, based on the first access information generated by the access information generator, and a display processor that displays the file acquired by the file acquirer, on the display. | 2020-12-31 |
20200412713 | AUTHENTICATION AND AUTHORIZATION INTEGRATION SYSTEM IN HETEROGENEOUS CLOUD PLATFORM - An authentication and authorization integration system with the heterogeneous cloud platforms is proposed herein. The system packs various authentication and authorization information to issue a general token to carry the session. During the statutory period of the general token, the heterogeneous cloud platforms authenticate the user through the token instead of the session authentication of platform to avoid the complexity caused by repeating authentication to integrate these heterogeneous platforms into an architecture of micro service and stateless session. | 2020-12-31 |
20200412714 | DEVICE AUTHENTICATION - Systems and methods of biometrically authenticating a user of a device. A biometric sample of a user can be analyzed to generate a user-specific biometric signature that is substantially unique to the specific user. To authenticate a user, a biometric sample can be obtained and analyzed to determine if the biometric signature is present in the sample. If so, the user can be biometrically authenticated to use the device. The device can provide a network with an indication of the authentication of the user to authenticate the device to the network. In response to the authentication, the network can provide the device access to the network, its resources, or portion(s) thereof. | 2020-12-31 |
20200412715 | BIOMETRIC DATA CONTEXTUAL PROCESSING - A method is disclosed. The method includes obtaining a biometric match score from a device that is used to conduct an interaction at a location and then receiving additional data associated with the device or the location. The method also includes determining, by the computer, an expected match score function based upon at least the additional data, and comparing the biometric match score to the expected match score function. The method also includes determining if the interaction is to proceed based on at least the comparing. | 2020-12-31 |
20200412716 | LOCATION-AWARE SERVICE REQUEST HANDLING - Example methods and systems are provided for location-aware service request handling. The method may comprise: generating and sending location information associated with virtualized computing instance to a service node or a management entity for transmission to the service node. The location information may identify logical element(s) to which the virtualized computing instance is connected. The method may further comprise: in response to detecting, from the virtualized computing instance, a service request for a service from the service node, generating a modified service request by modifying the service request to include the location information associated with the virtualized computing instance; and sending the modified service request towards the service node. | 2020-12-31 |
20200412717 | SYSTEMS AND METHODS FOR REAL-TIME DETECTION OF COMPROMISED AUTHENTICATION CREDENTIALS - Methods, systems, and computer program products are provided for real-time compromise detection based on behavioral analytics. The detection runs in real-time, during user authentication, for example, with respect to a resource. The probability that the authentication is coming from a compromised account is assessed. The features of the current authentication are compared with the features from past authentications of the user. After comparison, a match score is generated. The match score is indicative of the similarity of the authentication to the user's history of authentication. This score is then discretized into risk levels based on the empirical probability of compromise based on known past compromised user authentications. The risk levels may be used to detect whether user authentication is occurring via compromised credentials. | 2020-12-31 |
20200412718 | MONITORING AND CONTROL SYSTEM - A monitoring and control system includes a slave station, a master station, and a monitoring and control device. The master station includes a transmission unit that transmits second control data including authentication data and second data to the slave station. The transmission unit transmits, to the slave station, the second control data including the authentication data stored in an area in a payload defined to store the second data. An authentication unit of the slave station determines whether data included in the area in the payload of the second control data matches authentication data stored in a memory unit. A transmission unit of the slave station transmits the second data included in the second control data to the device(s) if the authentication unit determines that the data included in the area in the payload matches the authentication data stored in the memory unit. | 2020-12-31 |
20200412719 | Embedded Authentication in a Service Provider Network - A computing device may request service from a service provider, and authorization to receive the service may be based, at least in part, on a network access device that is providing the computing device with network access. The service provider may request a value from the computing device, and the value may be based on address information of the computing device and the network access device. | 2020-12-31 |
20200412720 | AUTHENTICATION TO NETWORK-SERVICES USING HOSTED AUTHENTICATION INFORMATION - Systems and methods are described for facilitating authentication of hosted network services to other services. A target service, such as a database, may require specific authentication information, such as a username and password, to access the target service. While this information could be manually specified in the hosted network service, de-centralized storage of authentication information is generally discouraged by security best practices. This disclosure provides an authentication proxy system that reduces or eliminates a need for hosted network services to store authentication information for target services. Rather, the authentication proxy system can obtain authentication information for the hosted network service that is provided by a hosting system, and authenticate the hosted network service using that authentication information. If authenticated, the proxy system can retrieve authentication information for the target service, and pass operations from the hosted network service to the target service using the authentication information for the target service. | 2020-12-31 |
20200412721 | PRESENTATION INTERRUPT FOR A DID ATTESTATION - Embodiments disclosed herein are related to computing systems and methods for providing a presentation interrupt for a DID attestation. A DID attestation is accessed that is issued by a first entity of a decentralized network. The DID attestation defines information that has been generated by the first entity about a DID owner who is the subject of the DID attestation. The DID attestation includes interrupt metadata that directs that the first entity be contacted prior to the DID owner being able to present the DID attestation to a second entity of the decentralized network. In response to the DID owner attempting to present the DID attestation to the second entity, the first entity is contacted as directed by the interrupt metadata. Authorization information is received from the first entity. The authorization information indicates if the DID owner is able to present the DID attestation to the second entity. | 2020-12-31 |
20200412722 | UNI-DIRECTIONAL AND BI-DIRECTIONAL CROSS-DOMAIN (SECURE EXCHANGE GATEWAY) DESIGN - A system for enabling secure bidirectional communications on a network is provided, wherein a first server having a first security rating is connected to a second server having a second security rating by a first data channel configured to establish one-way communication from the first server to the second server. A second data channel incorporating a third server is configured to establish one-way communication from the second server back to the first server. The third server has a power switch that controls third server on and off states. The second data channel is enabled when the power switch is turned on. The third server arbitrates the flow of message traffic from the second server back to the first server by applying an on-board security module's encoded set of rules to determine whether the message is permitted to proceed to the first server. | 2020-12-31 |
20200412723 | ACCESS MANAGEMENT SYSTEM WITH AN ESCORT-ADMIN SESSION ENGINE - Methods, systems, and computer storage media for providing escorted-access management based on an escort-admin session engine are provided. The escort-admin session engine approves an external administrator's access to a resource instance based on a service team policy, while approving an escort operator to escort the external administrator in an escort-admin session that provides access to the resource. In operation, an external administrator's request for access to a resource is evaluated based on the service team policy that is managed by a service team. The request is approved with access rights to the resource identified in the policy. An escort operator is identified for the external administrator. The escort operator is approved to escort the external administrator for access to the resource during an escort-admin session. The escort-admin session includes an escort operator context referring to the escort operator having access rights based on the access rights approved using the policy. | 2020-12-31 |
20200412724 | SYSTEMS AND METHODS USING MODULAR USER INTERFACES FOR MANAGING NETWORK PERMISSIONS - The present disclosure is directed to systems and methods for providing improved tools (e.g., user interfaces) that can be used for managing access permissions to cloud or other network resources. In general, the systems and methods include providing a user interface that can function in at least two modes which together can provide an improved user experience for intuitively and effectively developing code. As an example, the two interface modes can include a builder mode in which the user interface includes one or more interactive elements that enable a user to modularly build a set of computer-readable code that controls access permissions to one or more computing resources and an editor mode in which the user interface allows the user to directly edit the set of computer-readable code. | 2020-12-31 |
20200412725 | CLOUD-BASED SHARED SECURITY CACHE - There is disclosed in one example a computing apparatus, including: a processor and a memory; a network interface; and a security agent including instructions encoded within the memory to instruct the processor to: identify an unknown software object; query, via the network interface, a global reputation store for a global reputation for the unknown software object; receive a response from the global reputation store and determine that the unknown software object does not have a reliable global reputation; compute a local reputation for the unknown software object; and share the local reputation for the unknown software object with the global security cache. | 2020-12-31 |
20200412726 | SECURITY MONITORING PLATFORM FOR MANAGING ACCESS RIGHTS ASSOCIATED WITH CLOUD APPLICATIONS - A security monitoring platform may use an unsupervised machine learning technique to cluster historical data related to user access rights associated with multiple cloud applications based on various features that relate to user permissions and attributes within the multiple cloud applications. The security monitoring platform may use a supervised machine learning technique to train an access rights data model based on the clustered historical data and perform one or more actions that relate to current access rights assigned to at least one user within one or more of the multiple cloud applications based on a score representing a probability that an access level assigned to the at least one user within the one or more of the multiple cloud applications is correct. The security monitoring platform may apply a reinforcement learning technique to update the access rights data model based on feedback related to the one or more actions. | 2020-12-31 |
20200412727 | UNIFIED ACCESSIBILITY SETTINGS FOR INTELLIGENT WORKSPACE PLATFORMS - Described embodiments provide systems and methods for providing cross-application adaptive services. A computing system may receive, from a first client device, an identification of an user access requirement. The computing system may retrieve, from a requirement-adaptive service database, a system configuration corresponding to the user access requirement. The computing system may configure a hosted application according to the retrieved system configuration. The computing system may provide, to the first client device for rendering by an application of the first client device, the configured hosted application. | 2020-12-31 |
20200412728 | AUTOMATIC DEVICE SELECTION FOR PRIVATE NETWORK SECURITY - A method of selecting devices on a private network for security protection via a network security device comprises classifying devices on the private network into devices that are sometimes protected and devices that are always either protected or not protected. Threats are monitored, the threats comprising at least one of a macro security event and a local security event, the macro security event detected by one or more external systems and the local security event detected by one or more devices local to the private network. When a threat is detected, it is determined whether the detected threat is a threat to one or more devices on the private network classified as devices that are sometimes protected, and if the detected threat is determined to be a threat to the one or more devices that are sometimes protected the one or more devices are protected. | 2020-12-31 |
20200412729 | ENTITLEMENT-DRIVEN COMMUNICATION OF FUNCTIONALITY PRIVILEGES BETWEEN NETWORK-BASED SERVICES - In an embodiment, the disclosed technologies include storing, in one or more searchable digital data structures, a set of digital entitlements; where an entitlement of the set of digital entitlements identifies a distinct computer functionality and a downstream service that can perform the distinct computer functionality using digital data; storing, in the one or more searchable digital data structures, a digital data entity; where the digital data entity includes a subset of the set of digital entitlements; storing, in the one or more searchable digital data structures, a digital mapping that associates digital data entities with entitlements of the set of digital entitlements; exposing the set of digital entitlements for use by the downstream service; exposing the digital data entity for use by an upstream service; in response to a creation of or an update of an instance of digital data via the upstream service, using the digital mapping to determine to perform the distinct computer functionality using the instance of digital data or to determine not to perform the distinct computer functionality using the instance of the digital data. | 2020-12-31 |
20200412730 | Security Policy Exchange and Enforcement for Question Delegation Environments - Techniques are provided for question delegation and security enforcement. One exemplary method comprises providing a third party with a question obtained from a user and a corresponding user security policy; providing a security policy response from the third party to the user indicating an acceptance of the corresponding user security policy or any proposed modifications to the corresponding user security policy for the question; performing the following steps once there is an agreement between the user and the third party regarding an accepted security policy for the question: monitoring responses to the question; enforcing directives within the accepted security policy for the question, wherein the directives comprise one or more triggers mapped to a security control and/or a compliance control for the question, and wherein each trigger has a corresponding predefined enforcement action; and performing the corresponding predefined enforcement action when a given trigger is detected. | 2020-12-31 |
20200412731 | CORE NETWORK ACCESS PROVIDER - A computer-implemented method of providing nodes, such as data structures and devices, with access to a network is disclosed, and a corresponding network architecture. At least one core network access provider controls real time access to the network across the layers of a protocol stack for the network, and sequentially assigns a network communication address to the or each access-requesting node. The assigned network address is encoded with a unique parameter of the node and a unique parameter of the node user, in a sequential identifier ledger which is distributed in real time to all of the network-connected nodes. Each node processes the ledger to verify its sequential integrity and, upon determining a sequential integrity loss, the ledger record causing the loss is identified and an alert comprising the identified record is broadcast to the nodes across the network. The core network access provider cancels network access for the node to which the network communication address corresponding to the identified ledger record was assigned, upon either identifying the ledger record at the verifying step or receiving an alert. | 2020-12-31 |
20200412732 | EXTENDED DOMAIN PLATFORM FOR NONMEMBER USER ACCOUNT MANAGEMENT - A device including a processor and a memory, in which the memory includes executable instructions for detecting that a first user has invited a second user to a communication session, wherein the first user is associated with a first user account registered to a first domain platform and the second user is not associated with any of user accounts registered to the first domain platform, the first domain platform defining a first user privilege granted to the user accounts registered to the first domain platform; causing a second user account associated with the second user to be created and registered to a second domain platform, the second domain platform being different from the first domain platform and defining a second user privilege granted to user accounts registered to the second domain platform; and granting the second user account the second user privilege. | 2020-12-31 |
20200412733 | SYSTEM FOR PROCESSING DATA COLLECTED BY IOT DEVICES - A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. The nodes can also execute applications locally at the request of a user device such that a user operating the user device can use the applications executed locally on the nodes as if the applications were executing locally on the user device. To protect user data, the nodes may not transmit any user data to the user device. Rather, a node can generate a graphical representation of the environment in which the applications are executed, and transmit the graphical representation to the user device. As the user performs actions that result in a change of a graphical view of the environment in which the applications are executed, the node can generate and transmit new graphical representations of the environment to the user device. | 2020-12-31 |
20200412734 | AUTHORIZED-LOGIN IMPLEMENTATION METHOD AND DEVICE, APPARATUS, SYSTEM, PLATFORM, AND STORAGE MEDIUM - Provided are an authorized-login implementation method and device, an apparatus, a system, a platform and a storage medium. The method includes: receiving, by a first authorization plug-in bound to a first application client, an authorized-login request from a second authorization plug-in bound to a second application client, where the authorized-login request is used for a second application to request login by using a first application account; requesting, by the first authorization plug-in, to acquire an authorized-login code from an authorization service platform through authorization information about the first application account; and feeding back, by the first authorization plug-in, the authorized-login code to the second authorization plug-in, so as to instruct the second authorization plug-in to request to acquire a second application account from the authorization service platform according to the authorized-login code, where the second application account is used for accessing a user resource of the first application account. | 2020-12-31 |
20200412735 | MANAGING ADMIN CONTROLLED ACCESS OF EXTERNAL RESOURCES TO GROUP-BASED COMMUNICATION INTERFACES VIA A GROUP-BASED COMMUNICATION SYSTEM - Embodiments of the present disclosure relate to managing admin-controlled access of external resources to group-based communication interfaces associated with an organization, via a group-based communication system including APIs for improved external resource permissioning, provisioning, and access handling. Embodiments include methods, computer program products, apparatuses, and systems configured to receive an external resource access request, determine an organization identifier, obtain an admin response indication, set an external resource permission status for the external resource based on the admin response indication, and cause rendering of the requested group-based communication interface based on the admin response indication. Embodiments further relate to provisioning and handling requests for services associated with an external resource by managing one or more single-interface access tokens linked to a multi-interface access token. | 2020-12-31 |
20200412736 | DYNAMIC SECURITY POLICY CONSOLIDATION - Various embodiments provide for the consolidation of policies across multiple identities that are respectively associated with multiple active directory (AD) groups to which a user belongs. Present embodiments provide for dynamically generating a new identity in the resource provider environment that includes permissions to all of the resources that may otherwise be distributed across multiple identities. Specifically, in accordance with various embodiments, when a user login is detected, the active directory is queried to determine the AD groups to which the user belongs. As mentioned, the user's AD groups are mapped to respective identities in the resource provider environment, in which each identity includes policy defining access to one or more resources. The policies of all the respective identities are consolidated and assigned to a new identity. The user may assume the new identity and access all the resources in tandem. | 2020-12-31 |
20200412737 | SYSTEMS AND METHODS FOR ROLE-BASED PERMISSION INTEGRATION - A content server can extend enterprise content management to a leading system in an efficient, automated, and seamless manner by leveraging the permission information provided by the leading system. The content server can sync the permission information with the leading system, evaluate user-manager relations, role-based rule definitions, and user-group associations defined in the leading system, and determine and/or update role memberships for workspaces created in the content server for users in the leading systems. In this way, even though the content server and the leading system have very different types of roles and permission models, the content server can evaluate complex relationships and role-based rules and intelligently, correctly, and quickly assign the right people to the right roles in the right workspaces in the content server. | 2020-12-31 |
20200412738 | SERVICE SYSTEM AND INFORMATION REGISTRATION METHOD - A service system includes a server that provides a service as a cloud service, and a device that receives the service, wherein a terminal device that is operated by a contract administrator sends identification information of the contract administrator and information related to a contract of the service, to the server, and wherein the server includes a user information storage unit that specifies a role associated with the identification information of the contract administrator, a communication unit that receives the identification information of the contract administrator and the information related to the contract, and an information registration unit that registers the identification information of the contract administrator, contract identification information generated based on the contract, and an operation privilege related to the contract based on the role specified in the user information storage unit, in association with each other, in a contract operation privilege information storage. | 2020-12-31 |
20200412739 | Managing Application Constraints across Platforms - A computer-implemented technique is described herein for defining and applying constraints that regulate a supervisee's interaction with applications. In one implementation, the technique provides a user interface presentation to a supervisor that lists a set of applications that run on plural application execution platforms. The user interface presentation also allows the supervisor to set platform-agnostic constraint information for any identified application. The platform-agnostic constraint information, once set for an application, constrains interaction by a supervisee with all versions of that same application. That is, the constraint information is said to be agnostic with respect to platform in the sense that it applies to a variety of application execution platforms that run the application. In one example, the platform-agnostic constraint information specifies a permitted amount of an activity that the supervisee is permitted to perform across all versions of an application. | 2020-12-31 |
20200412740 | METHODS, DEVICES AND SYSTEMS FOR THE DETECTION OF OBFUSCATED CODE IN APPLICATION SOFTWARE FILES - A computer-implemented method of detecting obfuscated code in an electronic message's attachment may comprise receiving, over a computer network, an electronic message comprising an attachment; determining the file type of the attachment; extracting one or more scripts from the attachment, computing a distance measure between selected one or more features of the extracted one or more scripts and corresponding one or more selected features of scripts of a model corpus of non-obfuscated script files and comparing the computed distance measure with a threshold. When the computed distance measure is at least as great as the threshold, it may be determined that the extracted one or more scripts comprise obfuscated code and a defensive action with respect to at least the attachment may be taken. When the computed distance measure is less than the threshold, it may be determined that the extracted one or more scripts does not comprise obfuscated code. | 2020-12-31 |