41st week of 2019 patent applcation highlights part 58 |
Patent application number | Title | Published |
20190312772 | TOPOLOGY-AWARE PROVISIONING OF HARDWARE ACCELERATOR RESOURCES IN A DISTRIBUTED ENVIRONMENT - Techniques are provided for topology-aware provisioning of computing resources in a distributed heterogeneous environment. For example, a method includes: receiving a service request from a client system to perform a data processing job in a server cluster; determining candidate accelerator devices that reside in server nodes of the server cluster, which can be utilized to perform the data processing job; determining a connection topology of each candidate accelerator device within the server nodes, and a performance ranking of each connection topology; utilizing the determined performance ranking of each connection topology to select a group of accelerator devices among the candidate accelerator devices, which can be provisioned to perform the data processing job, wherein the selected group of accelerator devices include candidate accelerator devices with connection topologies that have matching performance rankings; and scheduling and provisioning the selected group of accelerator devices to execute the data processing job. | 2019-10-10 |
20190312773 | SYSTEMS AND METHODS FOR MANAGED SERVICES PROVISIONING USING SERVICE-SPECIFIC PROVISIONING DATA INSTANCES - A technical solution for significantly improving the scalability of the capability of an electronic information exchange platform is disclosed. Services provided by the platform may be described in a uniform way via service-specific provisioning descriptors. To provision services for a client system, a managed services provisioning system provides a service configuration interface through which a service associated with a tuple of a particular sender, receiver, and document type can be selected for further configuration. A service provisioning interface is dynamically generated for obtaining service-specific provisioning information from a user for generating a service-specific provisioning data instance that can be deployed to a backend system. At runtime, the backend system utilizes the service-specific provisioning data instance to provide the provisioned service for a client system. In this way, a variety of services can be efficiently provisioned for a diverse set of clients in a scalable, streamlined, and cost-effective manner. | 2019-10-10 |
20190312774 | System and Method for Facilitating Installation and Configuration of Network Devices - A mobile application for facilitating configuration and installation of networking and extender devices in a local area network utilizes augmented reality to provide configuration guidance information and network information. For configuring the networking device, a camera of the mobile computing device captures an image depicting the networking device, which is displayed on a touchscreen display of the mobile computing device with graphical elements including icons and textual information overlaid on the image to indicate configuration guidance information. Similarly, for installing the extender device, the camera captures image data depicting areas of the premises where the device is being installed and graphical elements are overlaid on the image data indicating network information such as the position of a previously installed networking device as well as the signal strength of wireless signals from the networking device. | 2019-10-10 |
20190312775 | CLOUD MANAGEMENT CONNECTIVITY ASSURANCE - The disclosed technology relates a system is configured to generate a protected configuration for a network device based on network connectivity data for a plurality of devices in a managed network associated with a cloud management system. The system is further configured to receive a configuration change for the managed network, determine that the configuration change is incompatible with the protected configuration, and generate a notification that the configuration change is incompatible with the protected configuration. | 2019-10-10 |
20190312776 | CONFIGURING EVENT STREAM GENERATION IN CLOUD-BASED COMPUTING ENVIRONMENTS - The disclosed embodiments provide a method and system for facilitating the processing of network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network packets at the remote capture agent. Upon receiving an update to the configuration information from the configuration server, the system uses the update to reconfigure the generation of the event data by the remote capture agent during runtime of the remote capture agent. | 2019-10-10 |
20190312777 | COMMUNICATIONS NETWORK - The invention provides a communications network comprising at least two modules and a common switch connected firstly to the two modules and secondly to various different user terminals, the switch having as many configurations as there are user terminals and modules connected to the switch, each user terminal and each module being associated with a particular dedicated configuration. | 2019-10-10 |
20190312778 | GLOBAL DEVICE MANAGEMENT ARCHITECTURE FOR IoT DEVICES WITH REGIONAL AUTONOMY - A computer-implemented method and system for global device management architecture with regional autonomy for devices on a cellular network are disclosed. The computer implemented method for optimizing device management architecture for IoT devices includes providing device information to a server in a master node for registering a device with the master node; providing rules to assign the device to at least one node based on the device information; assigning the device to the at least one node in response to the rules; and automatically configuring the device to connect the device to the assigned node. | 2019-10-10 |
20190312779 | PLATFORM FOR VEHICLE COOPERATION AND COORDINATION OF SERVICES - A control platform generates commands for coordinating use of network resources between a plurality of vehicles within a geographic region. In an embodiment, game-theoretical modelling is employed to determine allocation of resources in a manner that provides an optimal solution for a given allocation strategy. This model may reward controllers of vehicles that comply with a coordination policy while penalizing controllers of vehicles that defect from compliance. | 2019-10-10 |
20190312780 | VALIDATION OF L3OUT CONFIGURATION FOR COMMUNICATIONS OUTSIDE A NETWORK - Disclosed are systems, methods, and computer-readable media for assuring tenant forwarding in a network environment. Network assurance can be determined in layer 1, layer 2 and layer 3 of the networked environment including, internal-internal (e.g., inter-fabric) forwarding and internal-external (e.g., outside the fabric) forwarding in the networked environment. The network assurance can be performed using logical configurations, software configurations and/or hardware configurations | 2019-10-10 |
20190312781 | Methods Systems Devices Circuits and Functionally Related Machine Executable Instructions for Transportation Management Network Cybersecurity - Disclosed is a secured transportation control network. A distributed set of transportation network management units are spread across different functional points of the transportation network. At least one network management unit agent functionally coupled to a respective network management unit is adapted to monitor communications of the respective management unit. A behavior monitoring server is adapted to generate a behavior profile for a network management unit based on information provided by an agent functionally coupled to the network management unit. A communication policy generator generates for at least one network management unit a communication policy based on behavior profiles of network management units with which the at least one network management unit communicates; wherein the communication policy is sent to an agent application functionally coupled to the at least one network management unit. | 2019-10-10 |
20190312782 | SYSTEM AND METHOD FOR PROGRAMMING AND/OR MANAGEMENT OF CORE NETWORK SLICES - There is provided, a network slice programming and management system for slicing a network to multiple groups of logical network slices composed of a collection of logical network functions, each dedicated to supporting a specific respective use for subscribers of the slice, comprising of a programming interface configured to receive commands for creation and/or configuration of network slice design comprising the constraints and requirements defining an architecture of logical network functions that when deployed form a network slice of a network, the commands include selection of at least one network function and a definition of an interaction of the selected at least one network function with other network functions. | 2019-10-10 |
20190312783 | INTELLIGENT STATE CHANGE NOTIFICATIONS IN COMPUTER NETWORKS - In a Fibre Channel network ( | 2019-10-10 |
20190312784 | CONTROLLER-ENABLED TOPOLOGY MANAGEMENT IN SELF BACKHAULING WIRELESS MESH AND RELAY NETWORKS - A special controller and a special node design for wireless communications are disclosed for generating a control messaging exchange on a wireless control channel between a controller and each mesh node: (a) to alter the wireless network topology, comprised of interconnected nodes, for load distribution, (b) to select better quality wireless links for control and data channel communications, and (c) to take away the burden of frequent route calculations from each node, making packet forwarding more efficient and optimal. | 2019-10-10 |
20190312785 | DEVICES AND METHOD FOR OPERATING A COMMUNICATION NETWORK - A network management entity for a communication network includes: a processor configured to operate a logic subnetwork in the communication network, wherein the logic subnetwork is configured to enable a first communication device to communicate via the logic subnetwork and to provide the first communication device with further resources of the logic subnetwork; and a communication interface configured to receive a position signal indicating a position of a second mobile communication device. The processor is further configured to incorporate the second mobile communication device in the logic subnetwork to provide the logic subnetwork with at least one resource of the second mobile communication device if the position of the second mobile communication device is within a defined position range. | 2019-10-10 |
20190312786 | Machine Sensor Network Management - There are disclosed corresponding methods, systems, controllers ( | 2019-10-10 |
20190312787 | MAPPING BETWEEN WIRELESS LINKS AND VIRTUAL LOCAL AREA NETWORKS - An example first device may include a processor to establish a plurality of links associating between the first network device and a second network device, the plurality of links corresponding to a plurality of virtual local area networks (VLANs) that a plurality of client devices associated with the first network device belong to; create a mapping between the plurality of links and the plurality of VLANs; and forward data received from a particular client device among the plurality of client devices in a particular VLAN of the plurality of VLANs to the second network device via a particular link corresponding to the particular VLAN based on the mapping. | 2019-10-10 |
20190312788 | RELAY DEVICE, PROGRAM, AND DISPLAY CONTROL METHOD - A relay device acquires network topology data representing a network topology that includes a connection relationship of each relay device and a connection relationship of a terminal device connected to each relay device in a local area network (LAN), and displays, on a display device, an image of a tree structure in which each relay device included in the LAN corresponds to a node, as an image of the network topology represented by the acquired network topology data. The relay device displays, on the display device, the image of the tree structure in which a node corresponding to a relay device designated in advance among the relay devices included in the LAN and nodes of up to directly below the designated node are set as a drawing target. | 2019-10-10 |
20190312789 | Performance Analytics Content Gallery - A system and method for configuring a performance analytics (PA) software application is disclosed. The system may be disposed within a computational instance of a remote network management platform that remotely manages a managed network. The system may include a database of content plugins for configuring respective key performance indicator (KPI) modules, each implementing PA applied to an associated KPI of the managed network. Configuring the KPI modules may specify respective graphical configurations of a dashboard for displaying graphical representations of the associated KPI in a graphical user interface (GUI) within the managed network. A gallery of icons each identifying a plugin may be displayed in, and selected from, the GUI. A selected plugin may then be installed via a common plugin interface, whereby an associated KPI module becomes configured and ready for execution. | 2019-10-10 |
20190312790 | POLICY DECLARATIONS FOR CLOUD MANAGEMENT SYSTEM - Methods, apparatus, systems and articles of manufacture are disclosed related to policy declarations for cloud management system. A computer readable storage device comprising instructions that, when executed, cause a processor to at least: identify a proposed change to a state of a network; in response to identifying the proposed change, determine whether the proposed change will cause the state of the network to violate a policy, the policy including a query plan describing characteristics to evaluate the proposed change; and when the proposed change will cause the state of the network to violate the policy, execute an application programming interface call to a cloud service provider to cause the cloud service provider to prevent violation of the policy by executing an action associated with the proposed change. | 2019-10-10 |
20190312791 | METHOD AND SYSTEM FOR AUTOMATING ASSESSMENT OF NETWORK QUALITY OF EXPERIENCE - A method of automating assessment of a network's QoE includes receiving a first number of quality of service, QoS, metrics, wherein the first number of QoS metrics pertains to a QoS of the network at a first moment in time; receiving, from a reference device subject to the QoE of the network, a first number of quality of experience, QoE, metrics, wherein the first number of QoE metrics pertains to the QoE of the network at a second moment in time, wherein a time difference between the first moment and the second moment is less than a time threshold; and based on the first number of QoS metrics and the first number of QoE metrics, determining a mapping relationship from at least a subset of the first number of QoS metrics to at least a subset of the first number of QoE metrics, using a machine learning technique. | 2019-10-10 |
20190312792 | State management across distributed services using cryptographically bound journals - Systems and methods for managing configurations of distributed computing services include responsive to an update to a configuration of a service, performing a write to a cryptographically bound journal; validating the write by a plurality of validators; responsive to validation of the write, permanently recording the write in the cryptographically bound journal in a block chain; and providing an update to the cryptographically bound journal to the distributed computing services. | 2019-10-10 |
20190312793 | TRANSFORMATION PLATFORM - A device may receive a request for a service management plan that is to be used to implement a fully-integrated enterprise resource planning (ERP) system for an organization. The device may receive organizational data associated with the organization. The device may determine, based on the organizational data, observations that serve as hypotheses for deficiencies associated with a current state of a system of the organization. The device may identify, based on the observations, priorities that define a target state for the fully-integrated ERP system that is to be generated. The device may select, based on a machine-learning-driven analysis of the observations and the priorities, a recommendation for a configuration of the fully-integrated ERP system. The device may generate, based on the recommendation, the service management plan for the organization. The device may perform a set of actions to cause the configuration to be implemented. | 2019-10-10 |
20190312794 | STATE TRANSITIONS FOR A SET OF SERVICES - Examples herein relate to developing an orchestration plan. Examples disclose the development of a representation of a set of services wherein each service relates to other services via different types of relationships. The examples apply a set of dependency rules for each type of relationship at each service within the set of services such that the application of the set of dependency rules creates inter-service dependencies between state transitions of the set of services. Based on the creation of the inter-service dependencies, the orchestration plan is developed which includes a sequenced order of the state transitions for the set of services. | 2019-10-10 |
20190312795 | ORCHESTRATION ENGINE FACILITATING MANAGEMENT OF DYNAMIC CONNECTION COMPONENTS - Systems, computer-implemented methods, and computer program products that facilitate orchestration engine components for a cloud computing environment are provided. According to an embodiment, a system can comprise a memory that stores computer executable components and a processor that executes the computer executable components stored in the memory. The computer executable components can comprise a ranking component that can rank respective connection components based on one or more attributes of the respective connection components. The computer executable components can further comprise a selection component that can select a connection component based on rank. The computer executable components can also comprise an orchestration engine component that can, based on the selected connection component, operatively couple a provisioning component to a computing resource component t of a cloud-based computing platform. | 2019-10-10 |
20190312796 | ENTERPRISE SERVER BEHAVIOR PROFILING - Generation of behavior profiling reports is provided for enterprise server devices in a network of enterprise server devices, as well as generation and association of severity scores for behavior profiling reports generated for enterprise server devices included in the network of enterprise server devices. A method can comprise receiving historical security event data representing historical security events of a first device and owner data representing an owner of the first device, and, as a function of the historical security event data and the owner data, an anomalous contact established between the first device and the second device can be identified. Further, in response to identifying the existence of the anomalous contact, the second device can be depicted on a connected graph of anomalous contacts established by the first device. | 2019-10-10 |
20190312797 | METHOD AND APPARATUS FOR SELECTIVE SEGMENT REPLACEMENT IN HAS VIDEO STREAMING ADAPTATION - Aspects of the subject disclosure may include, for example, upon receiving a request for media content, a first signal quality may be determined, a first quality level may be selected based on the first signal quality, and segments of the first quality level may be retrieved, stored in a buffer, and played from the buffer. When the buffer is sufficiently occupied first inferior segments stored in the buffer may be replaced by determining a second signal quality selecting a second quality level based on the second signal quality, identifying the first inferior segment based on the second quality level, and replacing the first inferior segment with a first replacement segment, the first replacement segment corresponding to the first inferior segment. These processes may be performed iteratively. Other embodiments are disclosed. | 2019-10-10 |
20190312798 | MEDIA CONNECTION CHANNEL QUALITY TESTING SYSTEM - A computing device for media connection channel quality testing is described, including communications hardware; non-volatile memory storing a test initiation program; and a processor configured to execute the test initiation program to: transmit, via the communications hardware, a plurality of comparative testing media streams to a test server, each of the comparative testing media streams sent over one of a plurality of media connection channels; receive, via the communications hardware, a plurality of objective quality scores from the test server, each objective quality score corresponding to one of the plurality of media connection channels and are determined by the test server using an objective scoring test comparing the comparative testing media stream to reference testing data associated with the one of the comparative testing media streams; and select a recommended operational media connection channel from the plurality of media connection channels based on the objective quality scores. | 2019-10-10 |
20190312799 | COMPUTER SYSTEM PRODUCTIVITY MONITORING - Embodiments of the inventive subject matter include a method for optimizing allocation of computers. The method can include gathering, via a plurality of sensors in a plurality of computers, information about devices of the computers. The method can include determining, via at least one of the processors, usage of the computers based on the information. The method can include determining, via at least one of the processors, performance of the computers based on the information. The method can include allocating, via at least one of the processors, certain ones of the computers for different uses based, at least in part, on the performance and usage of the computers. | 2019-10-10 |
20190312800 | METHOD, APPARATUS AND SYSTEM FOR REAL-TIME OPTIMIZATION OF COMPUTER-IMPLEMENTED APPLICATION OPERATIONS USING MACHINE LEARNING TECHNIQUES - Various aspects described or referenced herein are directed to different methods, systems, and computer program products for facilitating real-time optimization of computer-implemented application operations using machine learning techniques. | 2019-10-10 |
20190312801 | OPTIMIZED PERFORMANCE DATA COLLECTION AT CLIENT NODES - Techniques for optimized performance data collection at client nodes are disclosed. In one embodiment, a client node in a client-server environment may include at least one processing resource and a computer-readable storage medium having computer-readable program code embodied therewith. The computer-readable program code being configured to obtain resource utilization data associated with a plurality of processes running on the client node, determine a list of processes having resource utilization greater than a threshold based on the resource utilization data, organize the list of processes based on predetermined criteria and the resource utilization data, generate a report including a predefined number of processes from the organized list, and transmit the report to a management node for performance monitoring. | 2019-10-10 |
20190312802 | NETWORK-TRAFFIC PREDICTOR AND METHOD - A method for predicting network-traffic bursts includes identifying, in data received by a networking device, a plurality of network-traffic bursts, each of the plurality of network-traffic bursts occurring at a respective one of plurality of burst-times {t | 2019-10-10 |
20190312803 | DETECTING AND LOCATING PROCESS CONTROL COMMUNICATION LINE FAULTS FROM A HANDHELD MAINTENANCE TOOL - A handheld maintenance tool operates to detect the existence of a fault in a communication line or bus, including detecting short circuit or other low impedance faults, open circuit or other high impedance faults, etc. Additionally, the handheld maintenance tool may operate to detect an approximate location of a fault within the communication line with respect to the handheld device, to thereby enable an operator or maintenance person to more easily find and repair a detected fault. | 2019-10-10 |
20190312804 | PACKET PROCESSING METHOD AND NETWORK DEVICE - Embodiments provide a packet processing method. In accordance with this method, a first LSP packet can be received by a network device. The following determinations can be made: that the network device stores no LSP packet whose LSP ID and PDU type are the same as an LSP ID and PDU type of the first LSP packet; that the network device has stored a second LSP packet whose LSP ID is the same as an LSP ID of the first LSP packet and PDU type is the same as a PDU type of the first LSP packet, and that a sequence number of the second LSP packet is less than a sequence number of the first LSP packet. When one or more of these determination are made, a determination whether LSP packet digest information matching the first LSP packet exists can be made. When the LSP packet digest information matching the first LSP packet is determined to exist, the first LSP packet can be stored. | 2019-10-10 |
20190312805 | DYNAMIC FLOODING FOR LINK STATE PROTOCOLS - One or more embodiments of the invention may relate to a method, and/or non-transitory computer readable medium including instructions, for distributing link state information. In one or more embodiments of the invention, the method includes building a link state database on a plurality of network devices; electing a leader from among the plurality of network devices; computing, by the leader, a flooding topology; encoding, by the leader, the flooding topology to obtain an encoded flooding topology; distributing, by the leader, the encoded flooding topology to other network devices of the plurality of network devices. | 2019-10-10 |
20190312806 | ENFORCING STRICT SHORTEST PATH FORWARDING USING STRICT SEGMENT IDENTIFIERS - Various systems and methods for using strict path forwarding. For example, one method involves receiving an advertisement at a node. The advertisement includes a segment identifier (SID). In response to receiving the advertisement, the node determines whether the SID is a strict SID or not. If the SID is a strict SID, the node generates information, such as forwarding information that indicates how to forward packets along a strict shortest path corresponding to the strict SID. | 2019-10-10 |
20190312807 | Star topology fixed wireless access network with lower frequency failover - A fixed wireless access network provides for high-frequency data links between aggregation nodes and endpoint nodes. The system further provides for lower frequency wireless data links, which have carrier frequencies less than high-frequency wireless data links. These lower frequency links provide for auxiliary communications between the aggregation nodes and one or more endpoint nodes. During normal operation, the nodes exchange packet data via the high-frequency data links. However, when impairment of the high-frequency data links is detected, the nodes direct the packet data over the low-frequency data links instead until the high-frequency data links are no longer impaired. | 2019-10-10 |
20190312808 | CACHING FLOW OPERATION RESULTS IN SOFTWARE DEFINED NETWORKS - Described herein are systems, methods, and software to enhance flow operations on a host computing system. In one implementation, a virtual switch on a host identifies a packet from a virtual node. In response to identifying the packet, the virtual switch determines whether the packet corresponds to a cached result action based on traits of the packet. If the packet corresponds to a cached result action, then the virtual switch may process the packet in accordance with the cached result action. In contrast, if the packet does not correspond to a cached result action, then the virtual switch may process the packet in accordance with first flow operations to determine a result action, and cache the result action for use with future packets. | 2019-10-10 |
20190312809 | MECHANISM AND PROCEDURES FOR MULTI-DOMAIN ENTERPRISE FABRIC DOMAIN FEDERATIONS - In one embodiment, a method generally includes a first edge (E) node in a network receiving an encapsulated data packet, wherein the encapsulated data packet comprises an outer header and a data packet, wherein the outer header comprises a first router locator (RLOC) corresponding to the first E node, wherein the data packet comprises an internet protocol (IP) header, and wherein the IP header comprises a destination endpoint identification (EID) corresponding to a host H. The first E node determines whether the host H is attached to the first E node. And in response to the first E node determining the host is attached to the first E node, the first E node forwards the data packet to the host H. The first E node receives a message from another node after the host H detaches from the first E node and reattaches to another E node, wherein the message comprises the destination EID. | 2019-10-10 |
20190312810 | ADAPTIVE OVERLAY NETWORK ARCHITECTURE - The adaptive overlay network architecture of the present invention improves the performance of applications distributing digital content among nodes of an underlying network such as the Internet by establishing and reconfiguring overlay network topologies over which associated content items are distributed. The present invention addresses not only frequently changing network congestion, but also interdependencies among nodes and links of prospective overlay network topologies. The present invention provides a prediction engine that monitors metrics and predicts the relay capacity of individual nodes and links (as well as demand of destination nodes) over time to reflect the extent to which the relaying of content among the nodes of an overlay network will be impacted by (current or future) underlying network congestion. The present invention further provides a topology selector that addresses node and link interdependencies while redistributing excess capacity to determine an overlay network topology that satisfies application-specific performance criteria. | 2019-10-10 |
20190312811 | STATELESS DISTRIBUTED LOAD-BALANCING - Aspects of the subject technology provide state-less load-balancing using sequence numbers to identify traffic flows. In some implementations, a process of the technology can include steps for receiving, by a load-balancer, a first packet from a source device including a request to access the service provided by a server coupled to the load-balancer, determining a load for each of the servers, wherein each server is associated with a unique set of sequence numbers, and forwarding the request to a target server selected based on its corresponding load, and wherein the request is configured to cause the target server to issue a reply to the source device. Systems and machine-readable media are also provided. | 2019-10-10 |
20190312812 | ANYCAST EDGE SERVICE GATEWAYS - Some embodiments provide a method for managing traffic in a virtualized environment. The method, in some embodiments, configures multiple edge service gateways (ESGs) executing on multiple host machines (e.g., on a hypervisor) to use a same anycast inner internet protocol (IP) address and a same anycast inner media access control (MAC) address. In some embodiments, ESGs of a logical network facilitate communication between machines connected to the logical network and machines on external networks. In some embodiments, the method configures a set of virtual extensible local area network tunnel endpoints (VTEPs) connected to an ESG to use a same anycast VTEP IP address. The method, in some embodiments, configures a distributed logical router (DLR or DR) to send data packets with destinations outside the logical network from sources belonging to the logical network to the anycast VTEP IP address. | 2019-10-10 |
20190312813 | ANALYZING NETWORK TRAFFIC BY ENRICHING INBOUND NETWORK FLOWS WITH EXIT DATA - A network monitoring engine uses the routing and interface data of a monitored network to enrich received flow records with exit information. The routing data of the same network device at which the flow record is received is used to determine a next hop based upon the destination IP address of the flow record. In addition, interface data of the other devices is used to determine an egress device and interface of the network used to transmit traffic to the identified next hop. The flow record is enriched with exit information indicating an interface of the network the data packets of the flow record are expected to exit the network. By enriching the flow records as they are received, the exit information reflects how traffic is routed through the network at that time, even if the routing or interface information of the network later changes. | 2019-10-10 |
20190312814 | METHODS AND SYSTEMS FOR DYNAMIC POLICY BASED TRAFFIC STEERING OVER MULTIPLE ACCESS NETWORKS - Methods and systems for individual forward-link and return-link policies for network communication are disclosed. In some aspects, the individual forward-link and return-link policies define how data is routed over a plurality of access networks between a client-side enforcement unit and a provider-side enforcement unit. In some aspects, the individual policies may be based on metrics collected by the client-side and provider-side enforcement units, which may be positioned on each end of one or more access networks. | 2019-10-10 |
20190312815 | DEVICE, SYSTEM, AND METHOD OF DATA TRANSPORT WITH SELECTIVE UTILIZATION OF A SINGLE LINK OR MULTIPLE LINKS - Device, system, and method of data transport with selective utilization of a single link or multiple links. An apparatus includes, or is associated with, multiple transmitters. A link bonding management unit determines with regard to a data-flow that is intended for transmission to a remote recipient, whether to transmit the data-flow via a single communication link over a single transmitter of the apparatus, or conversely, to transmit the data-flow via two or more communication links serviced by two or more, respective, transmitters of the apparatus. Additionally or alternatively, the allocation of packets among transmitters that participate in a virtual bonded transmission, is modified based on one or more performance characteristics. | 2019-10-10 |
20190312816 | Flow Control Method and Switching Device - A flow control method includes: when congestion is detected, determining, by a first switching device, a key flow from a plurality of data flows; generating a back pressure message including a flow attribute value of the key flow; sending the back pressure message to an upstream device of the key flow; and pausing, by the upstream device of the key flow, sending of the key flow, where the back pressure message has no impact on sending of another data flow other than the key flow by the upstream device of the key flow. The present disclosure further provides a switching device that can implement the flow control method. | 2019-10-10 |
20190312817 | SYSTEMS AND METHODS FOR CONTROLLING NETWORK CONGESTION - A system and method for controlling network congestion are provided. The method may include one or more of the following operations. One or more alert signals corresponding to one or more alert events of one or more urgency levels may be obtained at a first time of interest. A network condition of the network at the first time of interest may be obtained. A congestion assessment (CGA) at the first time of interest may be performed based on the network condition. A first communication protocol for sending the one or more alert signals may be determined based on the CGA. A first batch of alert signals of the one or more alert signals may be caused, based on the first communication protocol and the urgency levels of the one or more alert signals, to be sent via the network. | 2019-10-10 |
20190312818 | LATENCY REDUCTION IN SERVICE FUNCTION PATHS - In some aspects, a method of the technology can include steps for sending a packet along a service function chain (SFC) to an egress node, the SFC comprising a plurality of service function forwarders (SFFs), wherein each SFF is associated with at least one service function (SF), and receiving the packet at a first SFF in the SFC, wherein the first SFF is associated with a first SF. In some aspects, the first SFF can also be configured to perform operations including: reading an option flag of the packet, and determining whether to forward the packet to the first based on the option flag. Systems and machine-readable media are also provided. | 2019-10-10 |
20190312819 | A METHOD, APPARATUS AND SYSTEM FOR HANDLING AN INTERNET PROTOCOL PACKET - A method performed in a network node for handling an Internet Protocol, IP, packet. The IP packet originates from a source node and addresses to a destination node in an IP communication network. Upon receipt of the IP packet, the network node decapsulates the IP packet to obtain, from a network layer header of the IP packet, an indication of a point in time to drop the IP packet. The point in time to drop the IP packet is based on a first maximum delay of the IP packet between the source node and the destination node. The first maximum delay was obtained from an application software running on the source node. The network node determines whether or not to drop the IP packet based on the indication, using a clock of the network node synchronized with a clock of the source node. | 2019-10-10 |
20190312820 | PATH MAXIMUM TRANSMISSION UNIT (PMTU) DISCOVERY IN SOFTWARE-DEFINED NETWORKING (SDN) ENVIRONMENTS - Example methods are provided for a network device to perform path maximum transmission unit discovery (PMTU) in a software-defined networking (SDN) environment. One example method may comprise detecting an egress packet that includes an inner header. The method may also comprise: in response to determination that a first maximum transmission unit (MTU) associated with a path between the first node and the second node is exceeded by a total size of the egress packet and an encapsulation overhead, generating an error packet that specifies a second MTU that is configured to be less than the first MTU based on the encapsulation overhead. The error packet may be sent to the first node to cause the first node to size a subsequent egress packet to the second inner address based on the second MTU. | 2019-10-10 |
20190312821 | Quality of Service Rule Management in 5G - A method of managing default QoS rules for PDU session is proposed. A PDU session defines the association between the UE and the data network that provides a PDU connectivity service. Each PDU session is identified by a PDU session ID, and may include multiple QoS flows and QoS rules. There can be more than one QoS rule associated with the same QoS flow. A default QoS rule is required to be sent to the UE for every PDU session establishment and it is associated with a QoS flow. Within a PDU session, there should be one and only one default QoS rule. In one novel aspect, UE behavior and error handling for proper QoS rule management is defined for PDU session establishment and modification procedures to enforce the one and only one default QoS rule policy. | 2019-10-10 |
20190312822 | Outbound Request Management - The present disclosure is related to devices, systems, and methods for routing requests for an external service, originating from a plurality of cluster nodes, through an outbound request manager. An example method can include receiving a first request for an external service originating from a first cluster node having a first network address, receiving a second request for the external service originating from a second cluster node having a second network address, transmitting the first request with a particular network address to an address associated with the external service, and transmitting the second request with the particular network address to the address associated with the external service. | 2019-10-10 |
20190312823 | SYSTEMS AND METHODS FOR ALLOCATING END DEVICE RESOURCES TO A NETWORK SLICE - An SDN client on an end device receives slice placement instructions relating to services to be placed on a selected slice from an SDN controller. The SDN client also receives policy input regarding allocation of resources on the end device and user preference input regarding priority of the services. A network slice is selected on which the resource will be allocated based on the slice placement instructions, the policy input, and user preference input. | 2019-10-10 |
20190312824 | HARD ZONING OF VIRTUAL LOCAL AREA NETWORKS IN A FIBRE CHANNEL FABRIC - A network where FC and Ethernet storage traffic share the underlying network. The network extends FC SAN storage specific attributes to Ethernet storage devices. The network is preferably formed of FC switches, so each edge switch acts as an FCoE FCF, with internal communications done using FC. IP packets are encapsulated in FC packets for transport. Preferably, either each outward facing switch port can be configured as an Ethernet or EC port, so devices can be connected as desired. FCoE devices connected to the network are in particular virtual LANs (VLANs). The name server database is extended to include VLAN information for the device and the zoning database has automatic FCOE_VLAN zones added to provide a mechanism for enhanced soft and hard zoning. Zoning is performed with the conventional zoning restrictions enhanced by including the factor that any FCoE devices must be in the same ULAN. | 2019-10-10 |
20190312825 | STORE AND FORWARD LOGGING IN A CONTENT DELIVERY NETWORK - A computer-implemented method on a device in a content delivery (CD) network. The device has hardware including storage with at least one first class of storage and at least one second class of storage, the first class of storage being faster than the second class of storage. A first portion of the first class of storage is allocated for log data, and a second portion of the second class of storage is allocated for log data. The method includes obtaining log event data from at least one component or service on the device that is to be delivered to a component or service on a distinct device. Each log event data item has a priority. If a connection to an external location is lost, at least some of the log event data items are selectively stored in the storage, wherein the storing is based on priority of the log event data items. Otherwise, if the connection is not lost, at least some of the log event data items are sent to the at least one external location. | 2019-10-10 |
20190312826 | USER-SPECIFIC CANDIDATE RANKING FOR OUTBOUND MESSAGES - A device implementing a system for user-specific candidate responses includes a processor configured to determine candidate responses for a received message based at least in part on a determined category of the received message. The processor is further configured to rank the candidate responses based at least in part on input modalities utilized to input messages previously transmitted via the device, at least one of the previously transmitted messages comprising a respective at least one of the candidate responses. The processor is further configured to provide one or more of the ranked candidate responses for selection by a user. | 2019-10-10 |
20190312827 | PASSING EMOTIONAL CHATBOT SESSIONS TO THE BEST SUITED AGENT - Embodiments of the present invention disclose a method for an automated chat bot conversation session and an agent transfer system for the conversation session. The computer receives a user input from a user in an automated chat bot conversation session. The computer analyzes the user input for at least one sentiment, wherein an at least one analysis result is a value assigned to the at least one sentiment contained within the user input. The computer compares the at least one analysis result to a threshold value to determine if the user should be transferred from the automated chat bot conversation session to a conversation session with a suitable agent. The computer then transfers the user to the conversation session with the suitable agent. | 2019-10-10 |
20190312828 | System and Method for Processing Messages with Organization and Personal Interaction Controls - A system and method of managing electronic messaging accounts for a user is provided. The user has a first account for a first message space for a first entity and a second account for a second message space. The method comprises: providing a first message service that facilitates creating a first message for the first account for processing by the first message space providing private electronic conversations; providing a second message service that facilitates creating a second message for the second account for processing by the second message space providing regulated electronic conversations; and receiving an access request to the second message service and if the access request is a first access to the second message service, federating the second account to the first account and recording the federation in an account link. Entitlements to use the second message service may be established and controlled by an organization defining that second message service. | 2019-10-10 |
20190312829 | DETERMINATION OF AN ONLINE COLLABORATION STATUS OF A USER BASED UPON BIOMETRIC AND USER ACTIVITY DATA - Methods, systems, and computer readable media are provided for determining a collaboration status of a user of an electronic messaging system based on user data, including: (i) health data representative of a physiological parameter or mental engagement of the user and (ii) collaboration activity data representative of social collaboration activity of the user, to determine the collaboration status. Historical health data and collaboration activity data may be included in the determination of the collaboration status. In some aspects, the collaboration status may reflect a real-time collaboration status of the user. | 2019-10-10 |
20190312830 | METHODS AND APPARATUSES FOR ANIMATED MESSAGING BETWEEN MESSAGING PARTICIPANTS REPRESENTED BY AVATAR - A messaging system communicates animated messages. The system generates personalized avatars of messaging participants. These avatars can be made to represent visible attributes of the participants in different art styles. For example, a tall, thin, bespectacled, brunette might be represented as a tall, thin, bespectacled, brunette avatar rendered in the style of a favorite cartoon. Messaging participants can then send messages in which the avatars of the sender and the recipient or recipients interact. For example, a message sender might convey a message “hug” that is displayed on a message recipient's device as an animation in which the sender's avatar embraces the recipient's avatar. | 2019-10-10 |
20190312831 | BLOCKMAIL TRANSFER PROTOCOL - An example operation may include one or more of receiving an electronic message from a sender that is intended for a recipient, breaking-up the electronic message into a plurality of message components and storing each message component in a respective block from among a plurality of blocks, linking the plurality of blocks of the broken-up electronic message together in a chain such that each successive block in the chain includes a hash of content included in a previous block of the chain, and transmitting the hash-linked chain of blocks of the broken-up electronic message via a network to the recipient. | 2019-10-10 |
20190312832 | Forwarding Notification Information - A computer-implemented technique is described herein by which a first user can forward notification information to one or more other users, including a second user. The first user can interact with the notification information via a first computing device, while the second user can interact with the notification information using a second computing device. In some implementations, both the first computing device and the second computing device have access to an application which has generated the notification information or to which the notification information otherwise pertains. In other implementations, the second computing device may lack access to the application. In some implementations, the first user receives the notification information and then explicitly and manually controls the forwarding of the notification information (or a version of the notification information) to the second user. In other implementations, decision logic automatically controls the forwarding of the notification information to the second user. | 2019-10-10 |
20190312833 | MANAGING DATA ON COMPUTER AND TELECOMMUNICATIONS NETWORKS - Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed. | 2019-10-10 |
20190312834 | DYNAMIC HASHTAG ORDERING BASED ON PROJECTED INTEREST - A method, computer program product, and system includes a processor(s) obtaining a hashtag and analyzing the hashtag to identify components comprising the hashtag. The processor(s) generate sub-hashtags, where each of the sub-hashtags includes at least one component. The processor(s) obtain, over an Internet connection, via a user interface of a social media platform displayed on a first computing resource, an entry by a user comprising text and the hashtag. The processor(s) obtains from a second computing resource, a request from a second user to access the entry that includes parameters of the second user on the platform. The processor(s) determine that a sub-hashtag is most relevant to the second user. The processor(s) configure instructions to display a customized entry, where the customized entry includes the text and the relevant sub-hashtag for the second user. The processor(s) instruct the second computing resource to display the customized entry in its user interface. | 2019-10-10 |
20190312835 | MESSAGE SERVER AND MESSAGE PROCESSING APPARATUS INCLUDING THE SAME - A message server and a message processing apparatus including the same are provided. According to the embodiments of the present disclosure, when the device management module is not available to be used, a message is directly delivered to the application client through the third party message server so that the reliability of the message forwarded between a sender side and a receiver side can be ensured. | 2019-10-10 |
20190312836 | NETWORK ANTI-TAMPERING SYSTEM - A system and method detects or prevents tampering of computer networks by transmitting address messages indicating that unused network addresses are in use. The systems and method handles requests for network resources, such as Address Resolution Protocol (ARP) messages, and provides fabricated information to a potential attacker to disrupt an attack on an information system. | 2019-10-10 |
20190312837 | ELECTRONIC MESSAGE IDENTIFIER ALIASING - A method may include receiving an outbound communication directed to one or more recipient addresses from a communications infrastructure hosting the true address for the user. A server or similar intermediary may generate an alias address for each recipient address in an outbound communication so that each recipient may communicate with the true address using a unique reply channel. A discrete security state may be assigned as a security attribute to each such alias address. The discrete security state, which can be controlled by the user and stored, e.g., at the intermediate server, establishes rules for controlling communications from one of the recipient addresses through the communications infrastructure to the true address via one of the alias addresses. Once an alias and a security state are assigned in this manner to facilitate handling of responsive communications, the outbound communication may be forwarded to recipient addresses through the communication network. | 2019-10-10 |
20190312838 | NETWORK DEVICE WITH TRANSPARENT HEARTBEAT PROCESSING - Network devices within an enterprise are configured to pass out-of-band security information such as heartbeats, notifications of compromise, device identification information, and so forth between logical or physical network partitions such as subnets, routing domains, access points, and so forth. This technique can advantageously facilitate integrated management of endpoints across network boundaries that might otherwise interfere with the identification and management of specific devices. | 2019-10-10 |
20190312839 | DEVICE MANAGEMENT BASED ON GROUPS OF NETWORK ADAPTERS - Secure management of an enterprise network is improved by creating a network adapter fingerprint for an endpoint that identifies all of the network adapters for that endpoint. With this information, the location and connectivity of the endpoint can be tracked and managed independent of the manner in which the endpoint is connecting to the enterprise network. | 2019-10-10 |
20190312840 | AUTOMATIC TUNNELER IN A COMMUNICATION NETWORK OF AN INDUSTRIAL PROCESS FACILITY - A method of controlling tunneling in a communication network of an industrial process facility including a client computer and server computer running different communication protocols coupled by the communication network. The method includes providing the client and server computer with a processor connected to a memory. The processor implements a tunneling reliability program including a training model including labeled groups representing reliability data and security data determined from data sources received across the communication network and a learning classifying algorithm for classifying the reliability data and security data as being reliable or not reliable. The processor determines if the communication network is reliable based on the classified reliability data and security data. In response to determining that the communication network is not reliable or secure a notification is generated for a user that the communication network is not reliable and the notification is transmitted to the user. | 2019-10-10 |
20190312841 | METHODS AND DEVICES FOR SERVICE-DISCOVERING REVERSE-TUNNEL PROXY AND TUNNEL SERVICE CENTER - Methods, non-transitory computer readable media, network traffic management apparatuses, and network traffic management systems that utilize a reverse tunnel proxy in a cloud environment. The reverse tunnel proxy in a cloud environment automatically discovers its environment and creates an appropriate tunnel without using a public IP. The reverse tunnel proxy in a cloud environment utilizes an outgoing connection along with an initialization and channelization to connect to the cloud and accepts an incoming connection in response. In embodiments, a cloud initiates a connection and a tunnel is created without need for additional IP addresses. In embodiments, the reverse tunnel proxy in a cloud environment connects to a client as a server and a private key is stored at a server side without pushing private keys into a public environment. | 2019-10-10 |
20190312842 | TELECOMMUNICATION SYSTEM AND METHOD FOR TRAVERSING AN APPLICATION LAYER GATEWAY FIREWALL DURING THE ESTABLISHMENT OF AN RTC COMMUNICATION CONNECTION BETWEEN AN RTC CLIENT AND AN RTC SERVER - A telecommunications assembly and a method for traversing an application layer gateway firewall during the establishment of an RTC communication connection between an RTC client and an RTC server using a proprietary RTC signalling protocol, wherein the firewall has no specific knowledge of the proprietary RTC signalling protocol. The RTC client and the RTC server can negotiate during the establishment of the RTC communication connection which of the ports of the firewall are required for the data packets to be exchanged via the RTC communication connection, wherein they use at least one standardised message element as a component of the proprietary RTC signalling protocol, with which information relating to the ports to be used can be found by the firewall. | 2019-10-10 |
20190312843 | NETWORK DEVICE FOR SECURING ENDPOINTS IN A HETEROGENEOUS ENTERPRISE NETWORK - A network address translation device or similarly situated network device can cooperate with endpoints on a subnet of an enterprise network to secure endpoints within the subnet. For example, the network address translation device may be configured, either alone or in cooperation with other network devices, to block traffic from a compromised endpoint to destinations outside the subnet, and to direct other endpoints within the subnet to stop network communications with the compromised endpoint. | 2019-10-10 |
20190312844 | COMMUNICATION SYSTEM, PLATFORM SERVER, AND PROGRAM - A communication system includes: a plurality of devices that are provided inside a firewall; at least one gateway that is provided inside the firewall, and relays communication between the plurality of devices and at least one cloud server provided outside the firewall; and a platform server that is provided outside the firewall, receives at least one access request with respect to at least one communication target device in the plurality of devices, and transmits a message to a gateway corresponding to the at least one communication target device designated in the at least one access request, through a communication route for message transmission selected from a plurality of types of communication routes, wherein each of the plurality of types of communication routes is a route passing through the firewall, and the platform server selects the communication route for message transmission relevant to the at least one communication target device. | 2019-10-10 |
20190312845 | Filtering Network Data Transfers - Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets. | 2019-10-10 |
20190312846 | DYNAMIC WHITELIST MANAGEMENT - In one example embodiment, a proxy for a network obtains a traffic flow. The proxy determines whether a security policy in a whitelist for the traffic flow is active. If it is determined that the security policy for the traffic flow is active, the proxy selectively decrypts the traffic flow to produce one or more traffic flow attributes and, based on the one or more traffic flow attributes, determines whether the traffic flow is potentially malicious. | 2019-10-10 |
20190312847 | ENVELOPING FOR MULTILINK COMMUNICATIONS - A communications system between a source and a destination includes a transmitter at the source and a communication connectivity. The transmitter comprises a preprocessor and a candidate envelope folder to provide M known a priori digital envelopes, M≥1. The preprocessor has N input ports and N output ports, N>M, performs at least one wavefront multiplexing (WFM) transform on N inputs received at the N input ports to generate N outputs at the N output ports. The preprocessor performs the at least one WFM transform by calculating, for each of the N outputs, a linear combination of the N inputs using one of the M digital envelopes such that a digital format of one of the N outputs appears to human sensors as having features substantially identical to a digital format of the one of the M digital envelopes. | 2019-10-10 |
20190312848 | DISTRIBUTED ENCRYPTION OF MAINFRAME DATA - A mainframe network may store a plurality of records. The mainframe network may generate a file comprising the data elements in the records. The mainframe network may transmit the file to a distributed network. The distributed network may encrypt the data elements. The distributed network may transmit a file comprising the encrypted data elements to the mainframe network. The mainframe network may store the encrypted data elements. | 2019-10-10 |
20190312849 | SECURE ACCESS TO INDIVIDUAL INFORMATION - A facility stores a person's personal information (“PI”) on a portable storage device (“PSD”) of the person. In some cases, the PSD bears a fax number mapping uniquely to the person; when a fax containing the person's PI is sent to this fax number, the facility stores an encrypted version of the PI on a relay server (“RS”). When the PSD connects with an access device, the encrypted version of the PI is retrieved from the RS and stored on the PSD. In some cases, the PSD bears a non-textual visual symbol; when its images is captured by a device such as a smartphone, an identifier encoded in the symbol is used to transmit encrypted PI to the RS. In some cases, each access device reports aggregates of personal data to an analysis server. In some cases, the facility statistically obfuscates these aggregates for transmission to/storage on the analysis server. | 2019-10-10 |
20190312850 | SYSTEM FOR PROVIDING END-TO-END PROTECTION AGAINST NETWORK-BASED ATTACKS - A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. For example, a single node can receive and store user data via a data flow that passes through various components of the node. The node can be designed such that communications internal to the node, such as the transmission of encryption keys, are partitioned or walled off from the components of the node that handle the publicly accessible data flow. The node also includes a key management subsystem to facilitate the use of encryption keys to encrypt user data. | 2019-10-10 |
20190312851 | PROVISIONING NETWORK KEYS TO DEVICES TO ALLOW THEM TO PROVIDE THEIR IDENTITY - A device is provisioned and authorized for use on a network. The device may generate a cryptographic key and provide a digital certificate the cryptographic key, a hardware identifier, and attribute information and provide such information to an authorization host as part of the provisioning process. The authorization host may use attribute information to determine whether to authorize the device for use on the network, and whether the generated cryptographic key should be trusted for use on the network. | 2019-10-10 |
20190312852 | DATABASE-CENTERED COMPUTER NETWORK SYSTEMS AND COMPUTER-IMPLEMENTED METHODS FOR CRYPTOGRAPHICALLY-SECURED DISTRIBUTED DATA MANAGEMENT BASED ON ENTROPY AND HAVING A SUPERVISORY NODE - In some embodiments, the present invention provides for an exemplary computer system which includes at least the following components: a network of externally owned presence (EOP) member nodes, including a supervisory EOP member node is configured to generate at least one personalized cryptographic private key for each peer EOP member node; a distributed database, storing a plurality of persistent data objects; and a plurality of self-contained self-executing software containers (SESCs); where each SESC includes an independently executable software code which is at least configured to: apply entropy to generate a state hash representative of a current state of a persistent data object, perform a data action with the persistent data object; and determine that a particular EOP member node has a permission to cause the SESC to perform the data action with the persistent data object based. | 2019-10-10 |
20190312853 | KEYSTREAM GENERATION USING MEDIA DATA - Systems, methods, and computer-readable media for generating a keystream using media data and using the keystream to encrypt and decrypt messages are described herein. The keystream may be generated independently and at least partially in parallel by both a sender and a receiver of a message. The sender may use its independently generated keystream to encrypt a message and a receiver may use its independently generated keystream to decrypt the message. Both the sender and receiver may utilize the same algorithm for generating their respective keystreams, thereby ensuring that the same keystream is generated by both sender and receiver. The sender may share a session key with a receiver using an asymmetric encryption technique. The session key may contain a collection of subkeys. Both the sender and the receiver may independently determine media database indices that match the subkeys and aggregate the corresponding media data streams to obtain the keystream. | 2019-10-10 |
20190312854 | Dynamically Hiding Information in Noise - A process of hiding a key or data inside of random noise is introduced, whose purpose is to protect the privacy of the key or data. In some embodiments, the random noise is produced by quantum randomness, using photonic emission with a light emitting diode. When the data or key generation and random noise have the same probability distributions, and the key size is fixed, the security of the hiding can be made arbitrarily close to perfect secrecy, by increasing the noise size. The hiding process is practical in terms of infrastructure and cost, utilizing the existing TCP/IP infrastructure as a transmission medium, and using light emitting diode(s) and a photodetector in the random noise generator. In some embodiments, symmetric cryptography encrypts the data before the encrypted data is hidden in random noise, which substantially amplifies the computational complexity. | 2019-10-10 |
20190312855 | SECURE COMPLIANCE PROTOCOLS - In some examples, a secure compliance protocol may include a virtual computing instance (VCI) deployed on a hypervisor and may be provisioned with hardware computing resources. In some examples the VCI may also include a cryptoprocessor to provide cryptoprocessing to securely communicate with a plurality of nodes, and a plurality of agents to generate a plurality of compliance proofs; the VCI may communicate with a server corresponding to a node of the plurality of nodes; and receive a time stamp corresponding to at least one compliance proof based on a metric of a connected device. | 2019-10-10 |
20190312856 | SECURE BOOTSTRAPPING OF CLIENT DEVICE WITH TRUSTED SERVER PROVIDED BY UNTRUSTED CLOUD SERVICE - A trusted server receives a request for an activation code, which includes an identifier associated with the trusted server and a one-time password, for a client device. The trusted server obtains the identifier from a public server, generates the one-time password, and combines the one-time password with the identifier to create the activation code. The trusted server provides the activation code to a provisioning client, which presents the activation code to the client device. The trusted server and client device secure a communication session using the one-time password as a shared secret. The trusted server downloads trusted cryptographic information to the client device over the secure communication session. | 2019-10-10 |
20190312857 | Local Write for a Multi-Tenant Identity Cloud Service - Embodiments perform write operations in a multi-tenant cloud system that includes a first data center adapted to authenticate a first plurality of registered clients and located in a first geographic area, and a second data center adapted to authenticate a second plurality of registered clients and located in a second geographic area that is different from the first geographic area. Embodiments receive a request from a first client to perform a first write for a resource at the second data center. Embodiments generate a call to the first data center including a second write for the resource at the first data center. Embodiments retrieve data corresponding to the first write and send the retrieved data to the first data center. Embodiments write on the data based on the first write, the writing on the data including changing the data to generate changed data. | 2019-10-10 |
20190312858 | TWO FACTOR AUTHENTICATION WITH AUTHENTICATION OBJECTS - Representations of authentication objects are provided for selection via an interface. An authentication object may be generated to include information obtained from one or more sensors of a device. A selected authentication object may contain information sufficient for authentication with a corresponding system. The interface may provide multiple representations of authentication objects that are usable with different service providers. The interface, executed by a first device, may be configured to authenticate a second device. | 2019-10-10 |
20190312859 | AUTHENTICATED BYPASS OF DEFAULT SECURITY COUNTERMEASURES - Techniques for authenticated bypass of default security countermeasures are described. A request for an electronic resource, generated at a client computing device, is received. A security token generated at the client computing device, generated using a shared secret comprising a token recipe, is received. The security token received from the client computing device is validated. Validating the security token includes verifying an identity of the client computing device. Based on validating the security token, a level of trust for the client computing device is determined. Based on the level of trust for the client computing device, a modified set of security countermeasures is selected based on a default set of one or more security countermeasures that interfere with an ability of malware to interact with the electronic resource on the client computing device. The modified set of countermeasures is applied to the request for the electronic resource. | 2019-10-10 |
20190312860 | NETWORK SECURITY DYNAMIC ACCESS CONTROL AND POLICY ENFORCEMENT - A network security system and method implements dynamic access control for a protected resource using run-time contextual information. In some embodiments, the network security system and method implements a dynamic access ticket scheme for access control where the access ticket is based on run-time application context. In other embodiments, the network security system and method implements policy enforcement actions in response to detected violations using application programming interface (API) to effectively block detected policy violations without negatively impacting the operation of the application or the user of the application. In some embodiments, the network security system uses enterprise social collaboration tools to interact with the end-user or with the system administrator in the event of detected security incidents. | 2019-10-10 |
20190312861 | SYSTEM AND METHOD FOR GRID-BASED ONE-TIME PASSWORD - A method by an authentication server includes storing authentication information comprising at least one sub-grid position associated with a grid pattern and at least one character position associated with a sub-grid pattern. The authentication server generates an authentication grid that includes sub-grids. Each of the sub-grids is disposed at a sub-grid position associated with the grid pattern and includes a plurality of randomly selected characters that are disposed at respective character positions associated with the sub-grid pattern. The authentication server transmits the authentication grid to the user and receives first user input including at least one character. Authentication server determines a one-time password (OTP) based on the authentication grid and the authentication information. The user is authenticated based on a comparison of the OTP to the user input. | 2019-10-10 |
20190312862 | SYSTEM AND METHOD FOR IMPLEMENTING HACKER TRAFFIC BARRIERS - Aspects of the present disclosure involve a system and method for implementing hacker traffic barriers. The current disclosure presents a system and method that provides securely associates a primary trusted device with a user, authorizes web browser authentication, and provides both intrinsic and explicit checks for authorizing access to an account. | 2019-10-10 |
20190312863 | DYNAMIC BIOMETRIC AUTHENTICATION BASED ON DISTRIBUTED LEDGER DATA - The disclosed exemplary embodiments include computer-implemented devices, apparatuses, and processes that, among other things, perform dynamic biometric authentication based on distributed ledger data. For example, a device may compute a first hash value based on first biometric data captured by a sensor unit, and may transmit a request to, and receive a response from, a computing system across a communications network via the communications unit. The request may cause the computing system to execute instructions maintained within the distributed ledger data, and to extract second biometric data maintained within an element of the distributed ledger data. The second biometric data may include a second hash, which the computing system may incorporate into the response. The device may authenticate an identity associated with the device when the first hash value corresponds to the second hash value incorporated within the response. | 2019-10-10 |
20190312864 | METHOD AND APPARATUS FOR ESTABLISHING ASSOCIATION BETWEEN DEVICES - A method and an apparatus for establishing association between devices are provided. The method includes: obtaining identity information of a current user, and in response to the identity information satisfying a pre-configured condition, establishing an association with a mobile terminal associated with the identity information. The identity information includes biological unique information. | 2019-10-10 |
20190312865 | PASSIVE SECURITY ENFORCEMENT - Technology is described for enabling passive enforcement of security at computing systems. A component of a computing system can passively authenticate or authorize a user based on observations of the user's interactions with the computing system. The technology may increase or decrease an authentication or authorization level based on the observations. The level can indicate what level of access the user should be granted. When the user or a component of the computing device initiates a request, an application or service can determine whether the level is sufficient to satisfy the request. If the level is insufficient, the application or service can prompt the user for credentials so that the user is actively authenticated. The technology may enable computing systems to “trust” authentication so that two proximate devices can share authentication levels. | 2019-10-10 |
20190312866 | NETWORK APPARATUS AND CONTROL METHOD THEREOF - Disclosed is a network apparatus and a control method thereof. The network apparatus includes: a memory and a processor, which creates a first account based on a request for creating a new account from a first user device, associates first authentication information with the first account and store the first authentication information in association with the first account in the memory, the first authentication information being information received from the first user device for authentication with a first service provider server, allows a second user device connected to the network apparatus using the first account to access the first authentication information associated with the first account in the memory, and facilitates the second user device to perform authentication with the first service provider server based on the first authentication information. | 2019-10-10 |
20190312867 | REMOTE CONTROL SYSTEM, SERVER DEVICE, TERMINAL DEVICE, ELECTRICAL APPARATUS REGISTRATION METHOD, AND PROGRAM - A remote control system includes an electrical apparatus, a terminal device, and a server device. The terminal device receives a first encrypted apparatus ID in which an apparatus ID is encrypted from the electrical apparatus. The terminal device transmits the first encrypted apparatus ID to the electrical apparatus. The electrical apparatus transmits the apparatus ID and the first encrypted apparatus ID to the server device. The terminal device transmits the first encrypted apparatus ID to the server device. The server device determines whether there is a match in the first encrypted apparatus ID received from the electrical apparatus or the terminal device. When there is a match, the server device registers the apparatus ID in a first security state. | 2019-10-10 |
20190312868 | AUTHENTICATION FAILURE HANDLING FOR ACCESS TO SERVICES THROUGH UNTRUSTED WIRELESS NETWORKS - Apparatus and methods to support authentication failure handling by network elements and by a wireless communication device when attempting access to services through non-cellular wireless networks by the wireless communication device are disclosed. Error messages received from evolved packet core (EPC) network elements, such as an authentication, authorization, and accounting (AAA) server, are mapped to failure messages provided to wireless communication devices by internetworking equipment, such as an evolved packet data gateway (ePDG). The wireless communication device determines a failures cause based on the failure messages and disallows retry attempts until select criteria are satisfied. | 2019-10-10 |
20190312869 | DATA SECURITY AND PROTECTION SYSTEM USING DISTRIBUTED LEDGERS TO STORE VALIDATED DATA IN A KNOWLEDGE GRAPH - A system for providing data security and protection using distributed ledgers to store validated data in a global knowledge graph for fraud detection is disclosed. The system may comprise a data access interface, a processor, and an output interface. The data access interface may receive data associated with an individual from a data source. The processor may convert the data into knowledge graph data by: extracting entities from the data; extracting relations from the data; and translating the data into knowledge graph triples to generate the knowledge graph data. The processor may validate the knowledge graph data using a cryptographic validation, such as blockchain or distributed ledgers, on the knowledge graph data to provide secured contents to update a global knowledge graph. The processor may then determine a fraudulent activity level associated with the individual based on the updated global knowledge graph. The output interface may transmit to a report associated with the fraudulent activity level to a report requestor at a computing device. | 2019-10-10 |
20190312870 | CONSOLIDATED IDENTITY MANAGEMENT SYSTEM PROVISIONING TO MANAGE ACCESS ACROSS LANDSCAPES - In a process of consolidated identity management system provisioning to manage access across landscapes, a request is received to provision an entity in one or more heterogeneous landscapes. The request includes one or more sub-requests. Upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-request is connected to a central IDM system, the entity in the one or more heterogeneous landscapes is provisioned via the central IDM system. The status of the one or more sub-requests is determined using a push pull mechanism at the central IDM system. Upon determining that the one or more heterogeneous landscapes corresponding to the one or more sub-requests is not connected to the central IDM system, the entity is directly provisioned in the one or more heterogeneous landscapes. The request is closed after receiving the status update from the individual one or more sub-requests. | 2019-10-10 |
20190312871 | ENVIRONMENT-DIFFERENTIATED NAMED CREDENTIAL INSTANCES FOR DEVELOPMENT AND DEPLOYMENT - Controlling access to sensitive data can be difficult during an application development effort. A developer may not be authorized to see the data that is to be used by the application. Credentials used in a development environment to access development data can require modification when the application is migrated to a deployed environment. Changing the code in the deployed environment increases risks of change induced incidents. The technology disclosed allows for the creation of a named credential object, where the credentials for different environments are stored, and where the named credential object is called by metadata. This allows the promotion of code from a development environment to a deployed environment without changes to code, and without giving access to sensitive data to the developer. | 2019-10-10 |