12th week of 2016 patent applcation highlights part 67 |
Patent application number | Title | Published |
20160087865 | METHOD AND APPARATUS FOR SPECTRUM MONITORING - A receiver is configured to be coupled to a television and data service provider headend via a hybrid fiber coaxial (HFC) network. The receiver comprises front-end circuitry operable to receive a signal that carries a plurality of television and/or data channels, and digitize the received signal to generate a digitized signal. The receiver comprises channelizer circuitry operable to select a first portion of the digitized signal, and select a second portion of the digitized signal. The receiver comprises processing circuitry operable to process the selected second portion of the digitized signal to recover information carried in the plurality of channels. The receiver comprises monitoring circuitry operable to analyze the selected first portion of the digitized signal to measure a characteristic of the received signal; and control the transmission of network management messages back to the headend based on the measured characteristic of the received signal. | 2016-03-24 |
20160087866 | ADAPTIVE MANAGEMENT OF A MEDIA BUFFER - Embodiments disclosed herein provide systems, methods, and computer readable media that perform adaptive management of a media buffer. In a particular embodiment, a method provides receiving packets representing a media stream into the adaptive media buffer, wherein the media stream comprises a sequence of media segments structured into segment layers, and detecting loss of one or more of the packets representing one of the media segments. The method further provides estimating a round trip delay for packets between the adaptive media buffer and a sender of the media stream and determining a current depth of the media segments within the adaptive media buffer. In response to detecting the packet loss, the method provides discarding media segments within the adaptive media buffer based on the round trip delay, the current depth, and a layer of the segment layers into which each of the one or more media segments is included. | 2016-03-24 |
20160087867 | SWITCH MONITORING STATISTICS GATHERING AT SERVERS AND GATEWAYS FOR OVERLAY NETWORKS - In one embodiment, a system includes a hardware processor and logic integrated with and/or executable by the hardware processor. The logic is configured to create statistics about overlay-encapsulated packets which are received by or sent by the hardware processor across an overlay network. The logic is also configured to record the statistics with a virtual network identifier and a tunnel identifier associated with at least one overlay-encapsulated packet for which the statistics are created. Moreover, the logic is configured to maintain a table indexed for the virtual network identifier and the tunnel identifier. The table includes the virtual network identifier, the tunnel identifier, and statistic bucket identifiers pointing to locations where statistics associated with the virtual network identifier and the tunnel identifier are stored. Other systems, methods, and computer program products are disclosed according to more embodiments. | 2016-03-24 |
20160087868 | Injecting Custom Classes In Application Code To Facilitate Network Traffic Monitoring - Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, one or more default classes associated with an application on a device are replaced with one or more custom monitoring classes designed to facilitate monitoring data packets being communicated to or from the application. The custom monitoring classes can then be utilized to facilitate monitoring a plurality of data packets communicated to or from the application. | 2016-03-24 |
20160087869 | Systems and Methods for Probing Wired Communication - Various systems and methods for probing a communication channel. These systems and methods transmit an error vector probe packet from a first transmitter while a second transmitter is active and transmitting. A network device may receive the error vector probe packet and measure an error vector magnitude based on the received error vector probe packet. Using the error vector magnitude, the network device estimates channel characteristics such as signal-to-noise ratio, data capacity, etc. The transmission can occur when more than one transmitter is active and transmitting. At least some of the other transmitters are active and transmit an analog zero signal, e.g., all digital zeros on the input to the digital-to-analog converter of a network device when an error vector probe packet is transmitted. | 2016-03-24 |
20160087870 | PATH SETTING VERIFICATION DEVICE, CONTROL METHOD AND PROGRAM - A path setting verification device verifies a validity of a path setting in the network system including a host, a switch, and a control device. A topology information acquisition unit acquires information on topology. A path setting information acquisition unit acquires path setting information which is used in updating the path setting by the control device. A test header generation unit generates a test header which is given to a test packet, using the path setting information. A test data generation unit generates a packet sequence which is simulated using the test header. A switch simulation unit simulates an operation of the switch, and a control device simulation unit simulates an operation of the control device. A path setting verification unit verifies a validity of the simulated path setting. | 2016-03-24 |
20160087871 | APPLICATION TOPOLOGY BASED ON NETWORK TRAFFIC - Methods and apparatuses for generating an application topology are provided. A processor determines a first application profile based, at least in part, on a first network packet. A processor determines a second application profile based, at least in part, on a second network packet. A processor determines a link between a first application and a second application based, at least in part, on address information of the first network packet. A processor generates a topology comprising the first and second application profiles based, at least in part, on the link, the first application profile and the second application profile. A processor updates the first and second application profiles based, at least in part, on matching the first application profile and second application profile with an application deployment template. | 2016-03-24 |
20160087872 | DIVIDED HIERARCHICAL NETWORK SYSTEM BASED ON SOFTWARE-DEFINED NETWORKS - A divided hierarchical network system based on software-defined networks, the divided hierarchical network system including: an edge controller configured to: generate forwarding information in response to a flow forwarding inquiry from a lower level and respond to the request with the forwarding information; generate mapping information such that each of a plurality of edge ports of each of a plurality of switches that form the lower level corresponds to each of a plurality of virtual ports of one virtual switch; if it is not possible to generate forwarding information in response to a request received from a lower level for forwarding a flow that comprises edge ports, query forwarding information to an upper level regarding a flow in which the edge port is converted into a corresponding virtual port based on the mapping information. | 2016-03-24 |
20160087873 | Network Topology Discovery Method and System - A network topology discovery method and system are disclosed, which relates to the field of software defined network architecture, and solves a problem that greater pressure is easily put on a control channel in a case that a great many switches and ports exist. The method includes: a controller receiving a message sent by a network device, wherein the message carries a device ID of a network device where a link far-end port of the network device is located and a port number of the link far-end port; and the controller performing topology discovery on a network according to the message. The technical scheme provided in the present document is applicable to a software defined network, which achieves that related parameters are carried to the controller via an OpenFlow protocol. | 2016-03-24 |
20160087874 | System and Method for Computing Point-to-Point Label Switched Path Crossing Multiple Domains - An apparatus including a plurality of path computation elements (PCEs) associated with a plurality of inter-coupled domains and configured to communicate with a path computation client (PCC) associated with one of the domains and to implement a Forward Search Path Computation (FSPC) for a preferred path crossing the domains from a source node in a source domain of the plurality of inter-coupled domains to a destination node in a destination domain of the plurality of inter-coupled domains, wherein the preferred path is computed without using a determined order of the domains from the source domain to the destination domain. | 2016-03-24 |
20160087875 | PARALLEL TOP-K SIMPLE SHORTEST PATHS DISCOVERY - A method for searching the top-K simple shortest paths between a specified source node and a specified target node in a graph, with graph data partitioned and distributed across a plurality of computing servers, the method including a parallel path search initialized from either one or both of the source and target nodes and traversing the graph by building likely path sequences for a match. Each computing server determines and forwards a path sequence as discovery progresses until the top-K paths are discovered. | 2016-03-24 |
20160087876 | METHOD, EQUIPMENT AND SYSTEM FOR FORWARDING PACKETS IN INFORMATION CENTRIC NETWORK (ICN) - Disclosed are a method, equipment and system for forwarding packets in an Information Centric Network (ICN). The method includes: content request packets sent by a first route node in a Virtual Private Network (VPN) are received by a first route node in a public network; the content request packets carry the content name of the request content and the private identification for identifying the request content as the private content; the container identification of the first container for storing the request content is obtained; the content request packets are forwarded according to the container identification of the first container so as to forward the content request packets to a second route node in the VPN, and the content response packets carrying the request content are returned according to the content name of the request content. | 2016-03-24 |
20160087877 | BASE STATION INITIATED CONTROL MECHANISM FOR SUPPORTING SUPPLEMENTAL LINK - Methods, systems, and apparatuses are described for a base station initiated control mechanism for supporting supplemental a link. In some aspects, control information associated with a directional, first radio access technology (RAT) for a user equipment (UE) may be identified at a first base station, the first base station configured to communicate with the UE using the directional, first RAT, and the control information associated with the directional, first RAT may be transmitted to a second base station to forward to the UE using a second RAT. | 2016-03-24 |
20160087878 | Adaptive Network Function Chaining - Disclosed herein are system, method, and computer program product embodiments for dynamically applying network functions to traffic flows based on heuristics, policy conditions and client-specified conditions. A network monitors a network traffic flow to determine whether the network traffic flow meets a first criterion of a first rule. The criterion specifies that when the first criterion is met a network function be used to analyze or process the network traffic flow. When the network traffic flow is determined to meet the first criterion, the network determines a first route through the network to a network function provider that provides the network function and configures one or more routers along the first route to forward the network traffic flow to the network function provider for analysis or processing. | 2016-03-24 |
20160087879 | COMMUNICATION SYSTEM, NODE DEVICE, NODE PROGRAM, AND COMMUNICATION PROGRAM - A communication system constituted by a plurality of nodes connected to each other via a network includes: a first node that receives a publish message for requesting for transmission of an object, from a publisher terminal; and a second node. Each of the nodes from the first node to the second node: has a storage unit in which first routing information is recorded; performs a first routing; and records, in the storage unit, an object ID of the publish message and second routing information. The communication system also includes a third node that receives a subscribe message for requesting for receipt of the object, from a subscriber terminal. Each of the nodes from the third node to the first node: performs a second routing; and records, in the storage unit, an object ID of the subscribe message, and third routing information. | 2016-03-24 |
20160087880 | ROUTING NETWORK TRAFFIC BASED ON SOCIAL INFORMATION - A technology for routing traffic from similar users to a same server cluster to improve data center efficiency is disclosed. When a traffic routing server receives a request from a user, the traffic routing server determines an identifier of a partition to which the user is assigned. The user and many other users with whom the user shares a social attribute are co-located in the same partition. The traffic routing server then computes a hash of the identifier using a hash function and locates a server cluster on a consistent hash ring using the computed hash. The traffic routing server then sends the request from the user to that server cluster. By consistently sending requests from users assigned to the same partition to the same server cluster, the technology improves cache hit rates and reduces data duplication across the server clusters, which in turn improves datacenter efficiency. | 2016-03-24 |
20160087881 | METHOD, APPARATUS, AND SYSTEM FOR ROUTING AND FORWARDING - Embodiments of the present invention provide a method for routing and forwarding. The method includes: receiving, by a network controller, a routing request message sent by a requesting routing node, where the routing request message carries a content name of requested content; determining, by the network controller according to a network topology diagram and registration information of the requested content, a proper forwarding path; and delivering, by the network controller, routing information to each routing node on the forwarding path. In the embodiments of the present invention, a network controller is introduced, and registration information and a network topology diagram are stored in the network controller, so that the network controller may be used to determine a forwarding path of a content request packet, which reduces blindness of routing and forwarding of the content request packet in an ICN network and improves efficiency of routing and forwarding. | 2016-03-24 |
20160087882 | HEADER SPACE ANALYSIS EXTENSION SYSTEMS AND METHODS FOR TRANSPORT NETWORKS - A method for validation of a packet transport network includes performing a header space analysis, with input headers to obtain output headers from the header space analysis, between one or more ingress points and a particular egress point; determining disjointness of the output headers; and determining validity of a point-to-point connection property of the packet transport network based on the disjointness of the output headers. The header space analysis allows near-real-time validation that packet transport flows in an Multiprotocol Label Switching-Transport Profile (MPLS-TP) network have been correctly programmed on the switches by a Software Defined Networking (SDN) controller or other technique such that the correct label mappings have been made to carry a flow from a source to a destination, and all flows from any source to a destination are isolated from one another. | 2016-03-24 |
20160087883 | ENHANCED PATH SELECTION SCHEME FOR EQUAL COST PATHS IN COMMUNICATION NETWORKS - In one embodiment, a node in a communication network receives a label switched path (LSP) request and in response, the node determines at least two equal cost paths, each path having one or more path-nodes. The node may then further determine a total bandwidth-based transition value for each path of the at least two equal cost paths and selects the path having a lower total transition value. Once selected, the node may establish the requested LSP over the selected path. | 2016-03-24 |
20160087884 | Packet Processing Method and Router - This application discloses a packet processing method and an LSR. The method includes: receiving, by an Ingress LSR of a first MPLS tunnel, a first notification packet that is based on an IGP, where the first notification packet includes an ELC flag, which is used to indicate that the first Egress LSR has ELC; after learning from the first notification packet that the first Egress LSR has ELC, inserting a label into a first packet, to generate a second packet, where the label forms an MPLS label stack, which includes, from bottom to top, a first EL, a first ELI, and a first TL; and sending the second packet to the first Egress LSR through the first MPLS tunnel. According to the solutions of this invention, a Transit LSR of the first MPLS tunnel may perform load balancing when forwarding the second packet. | 2016-03-24 |
20160087885 | CONNECTING FABRICS VIA SWITCH-TO-SWITCH TUNNELING TRANSPARENT TO NETWORK SERVERS - A network switch includes ports, memory, and a processor. The switch is operable to switch packets of a layer 2 network, and the memory is for storing a tunneling engine computer program. The processor executes the tunneling engine, where the processor identifies a second switch operable to switch layer-2 network packets. The identification includes detecting that the second switch is connected to the network switch over a layer 3 connection, and the tunneling engine creates a tunnel over the layer 3 connection between the switches to exchange layer-2 packets. The tunnels encapsulates and decapsulates the packets that are exchanged between the switches. When the processor determines that a packet from a first node to a second node that is connected to the second switch, the processor creates an encapsulation flow on the network switch to encapsulate packets from the first node to the second node over the tunnel. | 2016-03-24 |
20160087886 | FIBRE CHANNEL OVER ETHERNET SWITCH SYSTEM - An FCoE switch system includes a switch IHS that is directly connected to a first endpoint IHS through a first edge port and to a second endpoint IHS through a second edge port. The switch IHS is receives an FCoE communication through the first edge port from the first endpoint IHS that includes an FC header, a source MAC address, and a destination MAC address. The switch IHS then creates a derived MAC address using information included in the FC header, and replaces the destination MAC address in the FCoE communication with the derived MAC address. In response to determining that the second endpoint is directly connected to the second edge port, the switch IHS replaces the source MAC address in the FCoE communication with a local FCF-MAC address. The switch IHS then forwards the first FCoE communication to the second endpoint IHS through the second edge port. | 2016-03-24 |
20160087887 | ROUTING FABRIC - A system and method of using a switch fabric of commodity Ethernet switches to produce a scalable router is disclosed. A special-format Media Access Control (MAC) address is assigned to each switch. The assigned MAC address of a switch comprises some bits that can identify the topological location of the switch. The switch fabric intercepts and responds to address resolution requests from hosts with assigned MAC addresses of switches. A packet received from a host is forwarded according to those bits in the destination MAC address of the packet. It further uses some bits in the MAC address to achieve network virtualization. | 2016-03-24 |
20160087888 | METHOD AND SYSTEM FOR SERVICE SWITCHING USING SERVICE TAGS - The disclosure herein describes a system, which provides service switching in a datacenter environment. The system can include a service switching gateway, which can identify a service tag associated with a received packet. During operation, the service switching gateway determines a source client, a requested service, or both for the packet based on the service tag, identifies a corresponding service portal based on the service tag, and forwards the packet toward the service portal. The service switching gateway can optionally maintain a mapping between the service tag and one or more of: a source client, a required service, the service portal, and a tunnel encapsulation. The service switching gateway can encapsulate the packet based on an encapsulation mechanism supported by the service portal and forward the packet based on the mapping. | 2016-03-24 |
20160087889 | SUPPORTING MULTIPLE IEC-101/IEC-104 MASTERS ON AN IEC-101/IEC-104 TRANSLATION GATEWAY - In one embodiment, a network device, such as a router, receives a frame containing a message from a first terminal unit. The network device modifies the received frame by replacing an original value of an originator identifier field in the frame with a new value that is locally unique on a particular data link. The network device than forwards the modified frame to a selected second terminal unit selected from a plurality of terminal units. | 2016-03-24 |
20160087890 | AUTOMATED DETERMINATION OF TREE ATTRIBUTES AND ASSIGNMENT OF RECEIVER IDENTIFIERS BY DISTRIBUTED ELECTION IN MULTICAST ARCHITECTURES RELYING ON PACKETS IDENTIFYING INTENDED RECEIVERS - Exemplary methods include a first network device participating in an election process to determine a designated bit forwarding router (D-BFR). The methods include in response to determining the first network device is elected to be the D-BFR, performing D-BFR operations comprising determining an elected bitmask (BM) length of a BM based on maximum local BM lengths advertised by other BFRs in the network, wherein each bit of the BM will correspond to a bit forwarding egress router (BFER), and advertising the determined elected BM length to other BFRs. The methods may further include one or more of determining an elected tree type based on supported tree types advertised by other BFRs in the network, assigning one or more BM positions (BMPs) to one or more BFERs, and advertising the elected determined tree type and/or the assigned one or more BMPs. | 2016-03-24 |
20160087891 | PATH COMPUTATION ELEMENT AND METHOD FOR SETTING PATH OF USER NETWORK INTERFACE - Provided herein is a path computation element based on Transport Network Assigned (TNA) address and a method for path computation based on User Network Interface (UNI). The path computation element and UNI based path computation method of the present disclosure minimize overhead caused by abstract Traffic Engineering (TE) link, and minimize manual environment set up, and routing information exchange and advertisements in a local domain or between domains. | 2016-03-24 |
20160087892 | NETWORK RESOURCE SHARING FOR ROUTING AND FORWARDING INFORMATION - A system, computer-readable media, and methods for network resource sharing of routing and forwarding information are disclosed. The method may include receiving a first address for a device connected to a network and receiving one or more second addresses for the device. The method may also include identifying a first switch through which the device connects to the network and identifying a second switch for storing the first address and the one or more second addresses. Further, the method may include storing the first address in the first switch and storing the first address and the one or more second addresses in the second switch. | 2016-03-24 |
20160087893 | Local Packet Switching at a Satellite Device - A data packet is received, at a parent switching device, from a first host device via a remote switching device. The data packet has a first source media access control (MAC) address corresponding to the first host device and information indicative that the data packet passed through the remote switching device via a first port. An entry is added to a parent switching table in the parent switching device, the parent switching table associating the first MAC address and the first port of the remote switching device with one another. A switching table entry update message is sent to the remote switching device indicating that the first MAC address and the first port are associated with one another so as to enable a subsequent data packet destined for the first host device and received at the remote switching device to be switched directly to the first host. | 2016-03-24 |
20160087894 | METHOD AND SYSTEM FOR CHANGING PATH AND CONTROLLER THEREOF - A method for changing a transmission path of packets transmitted from a first node to a second node in a software-defined network is provided. The method includes removing a flow entry corresponding to a first transmission path on a flow table of the first node after a plurality of first data packets intended to be transmitted to the second node are transmitted from the first node via relay nodes of the first transmission path. The method also includes transmitting a flush packet to the first node and setting the flush packet to be transmitted to the second node according to the first transmission path; and when the second node receives the flush packet and transmits a packet inquiry message corresponding to the flush packet to the controller, setting a flow entry corresponding to a second transmission path on a flow table of the second node. | 2016-03-24 |
20160087895 | TERMINAL, CONTROL DEVICE, COMMUNICATION METHOD, COMMUNICATION SYSTEM, COMMUNICATION MODULE, PROGRAM, AND INFORMATION PROCESSING DEVICE - A terminal communicating with a network including a forwarding device for forwarding a packet and a control device for controlling the forwarding device in accordance with a request from the forwarding device, includes a communication unit that receives a processing rule indicating that a packet for communicating with a first destination is changed so as to communicate with a second destination, from the control device, a storage unit that stores the received processing rule, and a processing unit that in a case of communicating with the network, changes a destination of a packet in accordance with a processing rule that corresponds to the packet by referring to the processing rule stored in the storage unit. | 2016-03-24 |
20160087896 | Interface Switching Method and Device - Disclosed is an interface switching method and device, which relates to the field of communications and solves the problem of affecting the data transmission efficiency due to an undue interface selection. The method includes: an abstraction layer selecting or switching an interface or interface group used for transmitting data based on a forwarding rule matching the data. The technical solution provided by the embodiments of the present document is applicable to a home network, achieving a mechanism in which the abstraction layer of a multi-media home network device intelligently selects or switches the interface for data transmission according to information such as the link quality. | 2016-03-24 |
20160087897 | Using Wireless Client for Proxy Channel Scan - Methods, systems, and computer readable media can be operable to facilitate the use of a station as a proxy for scanning one or more wireless channels. Upon a determination that a currently utilized wireless channel has become impaired, an access point may identify one or more idle wireless stations and may request that the one or more idle wireless stations perform a scan of one or more other wireless channels. The identified wireless station(s) may perform a scan of one or more other wireless channels and may provide an indication of the current level of congestion on each respective wireless channel to the access point. Based on the indication of the current congestion levels of each wireless channel, the access point may determine whether a more advantageous channel is available. If a more advantageous channel is available, the access point may tune to the more advantageous channel. | 2016-03-24 |
20160087898 | CONGESTION MANAGEMENT FOR DATACENTER NETWORK - Technologies are generally described to provide a congestion management system for a datacenter network. According to some examples, the congestion management system may detach management of congestion at the datacenter network from switches of the datacenter network. The congestion management system may also incorporate a distributed detection mechanism that is configured to detect a potential congestion culprit. Furthermore, detachment of the management of the congestion may allow the datacenter network to incorporate switches with limited traffic management capabilities. The switches may monitor a local congestion status and forward the congestion status to a centralized congestion controller that manages the congestion. The congestion management system may also be deployed for a cross-layer congestion management scheme. | 2016-03-24 |
20160087899 | Dynamic Max-Min Fair Rate Regulation Apparatuses, Methods, and Systems - A processor-implemented method for regulating the flow rate of data packets in a network, including defining a global constant representing a regularly repeating time period common among flow sources in the network; transmitting current flow rate information from each of the flow sources, and for each flow, to the links traversed by each flow, exactly once during a current period; categorizing each of the flows passing through the links on the network into a category for the current period for each link by comparing the current flow rate information to a previously determined fair-share flow rate for the link; counting, in each link, the flows per category for the current period; determining a current fair-share flow rate for the current period in each link using the results of the categorizing and counting; and providing control instructions to each of the flow sources to regulate the rate of each flow. | 2016-03-24 |
20160087900 | A COMMUNICATION NODE FOR A PACKET-SWITCHED DATA NETWORK AND A METHOD FOR OPERATION THEREOF - A communication node for a packet-switched data network is proposed, which comprises an integrated circuit having a system of electronic components for sending and/or receiving audio and/or video data, particularly of an audio and/or video data stream. A media access control component for implementing a media access control and a physical interface with transmitting and receiving means, by way of which the communication node is connectable to a communication line of the data network, are provided as components of the system. The media access control component is connected via an internal first interface to the physical interface for exchanging data. The system comprises a real-time clock synchronization unit for synchronizing time information with other communication nodes of the data network as well as a queue management unit. The real time clock synchronization unit and the queue management unit are fully arranged in the physical interface. | 2016-03-24 |
20160087901 | TRANSMISSION APPARATUS AND TRANSMISSION METHOD - A transmission apparatus includes: a memory; one or more processors coupled to the memory and the one or more processors execute: a first management process that manages a remaining amount of tokens in a token bucket; a second management process that manages an amount of data of a frame transmitted in a predetermined period of time; and a transmission control process that controls transmission of a frame to be transmitted, based on whether the remaining amount of tokens is larger than or equal to an amount of data of the frame to be transmitted and whether the amount of data of the frame transmitted in the predetermined period of time is smaller than a predetermined amount. | 2016-03-24 |
20160087902 | FLOW TO PORT AFFINITY MANAGEMENT FOR LINK AGGREGATION IN A FABRIC SWITCH - Implementations of the present disclosure involve an apparatus, device, component, and/or method for a hardware efficient flow to port affinity management table for link aggregation for a network fabric switch with Ethernet Gateway functionality. Rather than maintaining a state per traffic flow list, the present disclosure utilizes a handle or hash value derived from the traffic flow and associates an output port state to the hash value. The output port state for the hash value is further associated with a portlist that is based on at least a traffic flow policy of the server or group of servers associated with the traffic flow. In addition, the management table may be adjusted based on state changes to one or more of the output ports such that, if a port becomes unavailable, the management table may be adjusted to account for the unavailability of the port. | 2016-03-24 |
20160087903 | SYSTEMS AND METHODS TO SELECT PEERED BORDER ELEMENTS FOR AN IP MULTIMEDIA SESSION BASED ON QUALITY-OF-SERVICE - Systems and methods to select peered border elements for a communication session based on Quality-of-Service (QoS) are disclosed. An example method includes selecting a peered border element to handle a communication session based on a list of peered border elements (PBEs) and a composite QoS parameter of the communication session, the list of PBEs being prioritized based on respective statuses of PBEs in the list, the first composite QoS parameter being based on weighted QoS parameters of the communication session including a grade of service (GoS) parameter of the communication session and a preferred mode of communication for a VoIP device of a called party in the communication session, the GoS parameter including an attempted performance range and an expected performance range of the communication session; and controlling a second server to generate a QoS authorization token to reserve network resources associated with the selected PBE. | 2016-03-24 |
20160087904 | METHOD AND APPARATUS FOR PROVIDING MULTIMEDIA BROADCAST AND MULTICAST SERVICE (MBMS) IN WIRELESS COMMUNICATION SYSTEM - A method for receiving a multimedia broadcast multicast service (MBMS) by a user equipment (UE) in a wireless communication system; the UE therefore; a method for transmitting an MBMS by a base station (BS) in a wireless communication system; and the BS therefore are discussed. The method for receiving an MBMS by a UE according to one embodiment includes transmitting one or more system information blocks (SIBs); receiving a first MBMS interest indication message indicating whether MBMS reception is prioritized above unicast reception, when a predetermined SIB related to MBMS service continuity is included in the one or more SIBs; and receiving a second MBMS interest indication message according to a change of priority between the MBMS reception and the unicast reception. | 2016-03-24 |
20160087905 | FLOW FORWARDING METHOD, DEVICE, AND SYSTEM - The present application discloses a flow forwarding method, device, and system. The method includes: receiving, by an edge node, an intelligent routing service request packet, and the packet includes a constraint condition required for establishing the intelligent routing service; if the edge node does not find, in a flow table, a corresponding matching flow table entry of characteristic information, sending, by the edge node, a first message to a controller, where the first message includes identification information of the edge node and the characteristic information and the edge node is an ingress edge-node or an egress edge-node that receives the packet; receiving, a first flow table entry sent by the controller, where the first flow table entry is generated according to the first message and meets the constraint condition; and processing, according to the first flow table entry, a packet sent by the user side device. | 2016-03-24 |
20160087906 | INFORMATION PROCESSING SYSTEM, INFORMATION MANAGEMENT APPARATUS, AND DATA TRANSFER CONTROL METHOD - An information processing system includes: a management apparatus coupled to nodes to execute data transfer, wherein the management apparatus preforms operations to: acquire data transfer information in which a priority level of data transfer and an identifier of a node that executes the data transfer are associated with an identifier of the data transfer; identify, when receiving an execution instruction of first data transfer, one or more first nodes that execute second data transfer having a lower priority level than a priority level included in information of the first data transfer based on the data transfer information; and transmit, to each of the one or more first nodes, a stop request to stop the second data transfer, and a transfer request including the information of the first data transfer and information of a portion to be executed by the first node of the first data transfer by the first node. | 2016-03-24 |
20160087907 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD - According to one embodiment, a communication device includes: a communicator, a first circuitry and a second circuitry. The communicator establishes a communication connection with a destination communication device over a communication network and to communicate a packet relating to first information using the communication connection. The first circuitry determines a transmission interval of a packet relating to second information that is different from the first information, based on characteristic information on the communication network. The second circuitry performs control to transmit the packet relating to the second information to the destination communication device using the communication connection in accordance with the transmission interval determined by the first circuitry during at least a time period when the communication connection is established and communication of the packet relating to the first information is not performed. | 2016-03-24 |
20160087908 | SERVICE INTERFACE FOR QOS-DRIVEN HPNA NETWORKS - An in-band signaling model media control (MC) terminal for an HPNA network includes a frame classification entity (FCE) and a frame scheduling entity (FSE) and provides end-to-end Quality of Service (QoS) by passing the QoS requirements from higher layers to the lower layers of the HPNA network. The FCE is located at an LLC sublayer of the MC terminal, and receives a data frame from a higher layer of the MC terminal that is part of a QoS stream. The FCE classifies the received data frame for a MAC sublayer of the MC terminal based on QoS information contained in the received data frame, and associates the classified data frame with a QoS stream queue corresponding to a classification of the data frame. The FSE is located at the MAC sublayer of the MC terminal, and schedules transmission of the data frame to a destination for the data frame based on a QoS requirement associated with the QoS stream. | 2016-03-24 |
20160087909 | SCHEDULING COST EFFICIENT DATACENTER LOAD DISTRIBUTION - A method for scheduling cost efficient data center load distribution is described. The method includes receiving a task to be performed by computing resources within a set of data centers. The method further includes determining, all available data centers to perform the task. The method further includes determining lowest computing cost task schedule from available data centers. The method further includes scheduling the task to be completed at an available data center with the lowest cost computing. | 2016-03-24 |
20160087910 | COMPUTING MIGRATION SPHERE OF WORKLOADS IN A NETWORK ENVIRONMENT - An example method for computing migration sphere of workloads in a network environment is provided and includes receiving, at a virtual appliance in a network, network information from a plurality of remote networks, analyzing a service profile associated with a workload to be deployed in one of the remote networks and indicating compute requirements and storage requirements associated with the workload, and generating a migration sphere comprising compute resources in the plurality of networks that meet at least the compute requirements and storage requirements associated with the workload, the workload being successfully deployable on any one of the compute resources in the migration sphere. | 2016-03-24 |
20160087911 | NAS CLIENT ACCESS PRIORITIZATION - Client access prioritization is provided. A plurality of network addresses is assigned to a node of a network-attached storage cluster. A request to access a resource stored by the network-attached storage cluster and accessible to the node is received, wherein the request identifies a network address of the plurality of network addresses. A priority of the request is determined based, at least in part, on the network address identified by the request and further based, at least on part, on a protocol of the request. The request is processed based, at least in part, on the priority of the request. | 2016-03-24 |
20160087912 | DYNAMIC STORAGE BANDWIDTH ALLOCATION - A computer system, method, and program product for dynamically allocating storage bandwidth in an exchange is provided. The method provided creates, by an exchange server, a total inventory of resources for auction, whereby the total inventory of resources for auction includes resources from at least one provider. The total inventory of resources for auction is broadcast to at least one bidder. The amount of a resource is awarded to the at least one bidder at an end of a bidding interval, based on a bid provided by the at least one bidder during the bidding interval, where the amount of the resource is a portion of the total inventory of resources for auction. | 2016-03-24 |
20160087913 | TECHNIQUES FOR PACKET-SWITCHED VIDEO TELEPHONY SETUP WITH QOS PRECONDITIONS - Techniques for setting up a packet-switched video telephony (PSVT) call are described. A mobile originated (MO) device may transmit an invitation for the PSVT call to a mobile terminated (MT) device. The invitation may initiate a process to reserve and identify video and audio resources to establish the PSVT call. The MO device may determine whether the video resources are available. If the video resources are not available but audio resources are available, the MO device may instead establish the PSVT call with only an audio stream call between the MO device and the MT device. If audio resources become available ahead of video resources, the PSVT call may be established with an audio stream first and a video stream is automatically added to the call when video resources are reserved later, or the PSVT call is downgraded to a VoIP call if the video resources cannot be reserved. | 2016-03-24 |
20160087914 | CIRCUITS AND SYSTEMS FOR MULTIPLEXED ISOLATOR COMMUNICATION - An embodiment of a communication circuit for communicating data across an isolation barrier may include an input circuit to receive a plurality of input data channels, a framing circuit to frame an input data packet from the plurality of input data channels, an encoding circuit to select a characteristic of a data symbol to represent a plurality of bits of the framed input data packet, and a driver circuit to drive one or more data symbols representing the framed input data packet onto an isolator configured to communicate data across the isolation barrier. The encoding circuit may select an amplitude, frequency or phase of the data symbol from a plurality of predetermined amplitudes, frequencies or phases, to encode the plurality of bits as the selected amplitude, frequency or phase. The communication circuit also may include a receive circuit to receive one or more second data symbols from the isolator, a decoding circuit to decode a plurality of bits of an output data packet as a function of a characteristic of the second data symbol, and a deframing circuit to deframe the output data packet into output data of a plurality of output data channels. | 2016-03-24 |
20160087915 | CLUSTERED DISPERSION OF RESOURCE USE IN SHARED COMPUTING ENVIRONMENTS - Host machines and other devices performing synchronized operations can be dispersed across multiple racks in a data center to provide additional buffer capacity and to reduce the likelihood of congestion. The level of dispersion can depend on factors such as the level of oversubscription, as it can be undesirable in a highly connected network to push excessive host traffic into the aggregation fabric. As oversubscription levels increase, the amount of dispersion can he reduced and two or more host machines can be clustered on a given rack, or otherwise connected through the same edge switch. By clustering a portion of the machines, some of the host traffic can he redirected by the respective edge switch without entering the aggregation fabric. When provisioning hosts for a customer, application, or synchronized operation, for example, the levels of clustering and dispersion can be balanced to minimize the likelihood for congestion throughout the network. | 2016-03-24 |
20160087916 | EVENT-BASED PACKET MIRRORING - Embodiments of the present invention include systems and methods for minoring data packets upon triggering of events in a network device. In the network device, a usage event is specified, where occurrence of the usage event is indeterminable, at least partially, from the information contained in the data packets. When the network device receives a data packet via an input port, it processes the data packet as the data packet flows along a pipeline in the network device. If a specified usage event is triggered while being processed, the data packet is mirrored via an output port of the network device so that the mirrored data packet may be analyzed by an analysis engine. | 2016-03-24 |
20160087917 | ETHERNET INTERFACE MODULE - An Ethernet interface module comprises a first full duplex port, a second duplex port, a first path coupling the first duplex port and the second full duplex port, a second path coupling the second full duplex port and the first full duplex port, a first queue disposed in the first path, a second queue disposed in the second path, a third path comprising at least a portion of the first queue coupling the receive and transmit portions of the first port, a fourth path comprising at least a portion of the second queue coupling the receive and transmit portions of the second port, execution apparatus operable responsive to a command to alter the state of said Ethernet interface module, or the contents of said received frame to produce a return frame comprising fields of a received frame that are modified, or both. | 2016-03-24 |
20160087918 | Converged Adaptive Compensation Scheme - Described is an apparatus which comprises: logic to convert output of at least one sensor to a digital sensing signal; a router coupled to the sensor, the router to receive the digital sensing signal and to map into circuit data; and one or more communication interfaces, coupled to the router, to forward circuit data to a circuit endpoint. Described is a method which comprises: providing one or more digital sensing signals from a plurality of sensors; receiving the one or more digital sensing signals; generating packets of data using the one or more digital sensing signals; and providing the packets of data to one or more destinations. | 2016-03-24 |
20160087919 | AUTOMATED MESSAGING SYSTEM SURVIVOR - An automated messaging system for distributing personalized messages of a deceased user to particular recipients on particular dates. | 2016-03-24 |
20160087920 | MANAGING INSTANT MESSAGING SESSIONS ON MULTIPLE DEVICES - Transferring instant messaging sessions includes receiving a selection, from a user within a user interface, of at least one instant messaging session from among multiple instant messaging sessions to transfer from a first instant messaging controller on a first device to at 5 least a second instant messaging controller on a second device, where the user is signed on concurrently to the first instant messaging controller on the first device and the second instant messaging controller on the second device. At least a portion of the selected instant messaging session is transferred from the first instant messaging controller on the first device to the second instant messaging controller on the second device and the transferred portion of 10 the instant messaging session is made perceivable on the second instant messaging controller on the second device. | 2016-03-24 |
20160087921 | METHOD FOR TRACKING AND ROUTING FINANCIAL MESSAGES FOR MOBILE DEVICES - The present disclosure provides a financial messaging apparatus configured to encapsulate and transmit a financial message along with actions to a mobile device. The actions relate to rules that are associated with characteristics of the financial message. | 2016-03-24 |
20160087922 | SELECTIVE MESSAGE REPUBLISHING TO SUBSCRIBER SUBSETS IN A PUBLISH-SUBSCRIBE MODEL - According to one exemplary embodiment, a method for selectively resending a first message in a publish-subscribe message distribution model is provided. The method may include receiving the first message having a first message ID associated with the first message. The method may include sending the first message to a plurality of subscribers. The method may include receiving a rolled back first message. The method may include determining if the first message ID matches a second message ID associated with a second message. The method may include creating a first subscriber list associated with the first message. The method may include storing the first message in a data structure. The method may include appending a second subscriber list associated with the second message with a subscriber. The method may include sending the second message to the first subscriber or the first message to the first subscriber. | 2016-03-24 |
20160087923 | SELECTIVE MESSAGE REPUBLISHING TO SUBSCRIBER SUBSETS IN A PUBLISH-SUBSCRIBE MODEL - According to one exemplary embodiment, a method for selectively resending a first message in a publish-subscribe message distribution model is provided. The method may include receiving the first message having a first message ID associated with the first message. The method may include sending the first message to a plurality of subscribers. The method may include receiving a rolled back first message. The method may include determining if the first message ID matches a second message ID associated with a second message. The method may include creating a first subscriber list associated with the first message. The method may include storing the first message in a data structure. The method may include appending a second subscriber list associated with the second message with a subscriber. The method may include sending the second message to the first subscriber or the first message to the first subscriber. | 2016-03-24 |
20160087924 | SYSTEM AND METHOD FOR EMAIL MESSAGE FOLLOWING FROM A USER'S INBOX - Disclosed is a system and method for email management. The disclosed systems and methods enable a user to follow messages and message conversations based on, but not limited to, a context of the received messages, content included in the messages, the sender of the messages, intended recipients of the message, and the like. Therefore, the present disclosure describes systems and methods for enabling a recipient user to follow messages, topics or other users from the recipient user's inbox. Accordingly, followed topics or messages from followed users can be grouped into message conversations within the recipient user's inbox. Whenever there is an update in a followed conversation, the recipient user will be notified. By determining which messages a user desires to follow, the disclosed systems and methods can identify the interests of users by leveraging information from the followed messages for advertising purposes. | 2016-03-24 |
20160087925 | SYSTEM AND METHOD FOR AUTO-FORMATTING MESSAGES BASED ON LEARNED MESSAGE TEMPLATES - The present disclosure describes systems and methods for email management that leverages information derived from a sender's message activity with particular recipients in order to automatically format subsequent messages to those recipients according to the derived information. The present disclosure describes determining message templates associated with messages sent to repetitive recipients, and applying those determined templates upon composition of subsequent messages to the same recipients. Message templates comprise information associated with a message's settings, layout, message content, content type(s), a message type and the like. The determination of message templates and template information for application to messages being composed can be based on learned expressions and/or patterns from a sender's message activity or behavior. Additionally, the message templates can be utilized for monetization purposes in order to serve targeted advertisements when communicating with repetitive recipient users. | 2016-03-24 |
20160087926 | DATA STORAGE METHOD AND MAIL RELAY METHOD OF STORAGE SYSTEM IN MAIL SYSTEM - In a mail system, the present invention implements a mail gateway that prevents data from being lost when a server fails and provides high delivery capability. In a mail system, the mail delivery performance of the mail gateway is increased by the communication method and data storage method used between the mail gateway and storage systems. More specifically, the mail gateway and storage system maintain a mail, which should be maintained by the mail gateway, in the volatile memory of the mail gateway and storage system. The mail that may be lost by a failure and important data such as accounting information are written in the nonvolatile memory of the storage system. In addition, the storage system processes multiple accesses to the nonvolatile memory at a time to speedily write data into the nonvolatile memory. | 2016-03-24 |
20160087927 | EVENT NOTIFICATION - In an approach to event notification, one or more computer processors determine a baseline for a volume of activity on a social media website in a geographic location. One or more computer processors determine whether a deviation from the baseline for the volume of activity occurs. Responsive to determining a deviation from the baseline occurs, one or more computer processors identify an event that caused the deviation. One or more computer processors calculate an estimate of population for the geographic location. One or more computer processors identify based, at least in part, on the identified event and the estimated population, a relevant party to be notified of the event. One or more computer processors generate a recommendation based, at least in part, upon one or more of the identified event, the estimate of population, and the identified relevant party. | 2016-03-24 |
20160087928 | COLLABORATIVE AND INTERACTIVE QUEUING AND PLAYBACK OF CONTENT USING ELECTRONIC MESSAGING - An application (APP) executing in a processor of a host device, may receive an electronic message (EM) that may include a handle for an address associated with the host device or a user of the host device, and a data payload that identifies content to be played back on a media device in communication (e.g., wirelessly) with the host device. An electronic messaging service may receive EM's addressed to the handle and may broadcast (e.g., wirelessly) the EM's. EM's received by the host device may be parsed by the APP to extract the handle and data payload. Data in the data payload may be used to search a content source for content to be communicated (e.g., wirelessly) for playback on the media device. Content specified in data payloads of EM's from one or more client devices (e.g., smartphones, tablets, pads) may be queued for playback on the media device. | 2016-03-24 |
20160087929 | METHODS AND APPARATUS FOR DOCUMENT CREATION VIA EMAIL - A system and method for creating a document in a messaging environment is described. A communication including a document specification including zero or more formatting commands and content is received from a sender and processed. The system and method determine whether the document specification is in a done condition, and iterates until done. A formatted document is also created and returned to the sender and recipients. | 2016-03-24 |
20160087930 | EMAIL INTERFACE FOR APPLICATION CREATION AND MANAGEMENT - A system and method for creating, managing, and using an application in a messaging environment is described. A communication including an application specification comprising zero or more commands is received from a sender and processed. The system and method determine whether the application specification is in a done condition, and iterates until done. A confirming specification, including revisions made while iterating, is also created and returned to the sender and recipients. | 2016-03-24 |
20160087931 | METHOD AND APPARATUS FOR CALCULATING DISTANCE IN CONTENTS DELIVERY NETWORK - Disclosed are a method and an apparatus for calculating a distance in a contents delivery network. According to one preferred embodiment of the present invention, when a domain name resolution request is received from an LDNS, an identifier is added to a domain name requested to be resolved so as to create a CNAMEd domain name response, the CNAMEd domain name response is transmitted to a probe server, the CNAMEd domain name response transmitted to the probe server is transmitted to the LDNS after a source IP address thereof has changed into an address of a name server in the probe server, the name server receives a resolution request to the CNAMEd domain name response from the LDNS, and the name server determines, as a distance between the LDNS and a point of presence (POP), a value obtained by subtracting a distance between the name server and the LDNS and a distance between the name server and the probe server from an interval between a time for transmitting the CNAMEd domain name response from the name server to the probe server and a time for receiving, by the name server, the resolution request to the CNAMEd domain name response from the LDNS. According to the present invention, even when the probe server cannot calculate a distance to the LDNS, a distance between the LDNS and the POP can be calculated, and thus it is possible to improve and stabilize the quality of a contents delivery network service. | 2016-03-24 |
20160087932 | METHODS, APPARATUS AND SYSTEMS FOR TRAFFIC IDENTIFICATION - Embodiments for enabling traffic content identification by a wireless transmit/receive unit are provided. The WTRU may store interface binding entries in a database associating links in a web page to various traffic content types, such as video, audio, and text. Upon a request to access one of the links, a socket may be created based on a data mobility policy associated with the traffic content type. Alternately, the database may associate the links directly to interface types based on the data mobility policies. The Access Network Discovery and Selection Function (ANDSF) may provide the data mobility policies to the WTRU. | 2016-03-24 |
20160087933 | TECHNIQUES FOR THE DEPLOYMENT AND MANAGEMENT OF NETWORK CONNECTED DEVICES - A method, system, and computer program product for Internet of Things (IoT) network-connected devices. Embodiments include methods and systems for registering one or more listener devices (e.g., mobile phones or tablets, etc.) to receive messages from one or more notification devices (e.g., web cameras, etc.). A notification server is selected from among multiple notification servers to receive notification messages from the notification devices and then to forward (e.g., through a push service, etc.) portions of or variations of the notification messages to the listener devices. In some embodiments, the selection of the notification server is based on load balancing between the multiple notification servers and/or push servers. In some embodiments, the selection of a notification server and/or push server is based on a provisioning file. | 2016-03-24 |
20160087934 | COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND TRANSMISSION APPARATUS - A communication system includes: a communication apparatus; and a transmission apparatus configured to transmit a packet to be transmitted from the communication apparatus to a transmission destination, wherein the communication apparatus transmits, to the transmission apparatus, a first request signal for requesting a start of a communication with the transmission destination and a second request signal for requesting the start of the communication with the transmission destination with passing through the transmission apparatus, and wherein, when a request of the first request signal is permitted, the transmission apparatus notifies the communication apparatus of that a request of the second request signal is not permitted, and transmits the first request signal to the transmission destination, and the communication apparatus receives a response to the first request signal from the transmission destination and starts communication with the transmission destination without passing through the transmission apparatus. | 2016-03-24 |
20160087935 | PRIVATE MULTIMEDIA CONTENTS BROADCASTING EQUIPMENT WHICH USES ISM RADIO FREQUENCY BAND OR U-NII 5GHZ RADIO FREQUENCY BAND, PRIVATE MULTIMEDIA CONTENTS BROADCASTING SYSTEM AND METHOD THEREOF - An individual multimedia contents broadcasting equipment is disclosed, which includes an individual broadcast process unit which provides a private IP through a DHCP (Dynamic Host Configuration Protocol) to a receiving terminal, which requests a connection, and makes a connection of the receiving terminal through a radio network, and transmits a broadcast content to the connected receiving terminal; and a radio communication unit which forms a radio network and communicates data with the connected receiving terminal through the radio network. | 2016-03-24 |
20160087936 | ADDRESS GENERATION FOR NETWORKS - A network includes at least two nodes that employ a routing protocol to communicate across a network. One of the nodes is a parent node and another of the nodes is a child node of the parent node. An address generator assigns a unique network address to the child node by appending an address value of a number of bits to a parent address of the parent node to create the unique network address for the child node. | 2016-03-24 |
20160087937 | VALIDATING CONTROL OF DOMAIN ZONE - A requestor requests a domain zone control validation from a validating entity. The validating entity generates a pass string. The requestor enters the pass string into a domain zone. The validating entity determines if the pass string was entered in the domain zone. If the pass string is present in the domain zone, the domain zone control was successfully validated. | 2016-03-24 |
20160087938 | LOAD BALANCING IN A NETWORK WITH SESSION INFORMATION - Methods and systems for balancing load among firewall security devices (FSDs) are provided. According to one embodiment, session data, including session entries representing previously established traffic sessions from a particular source to a particular destination and forming an association between the previously established session and a particular FSD, is maintained for each port of a session-aware switching device. When a TCP SYN packet is received, the switching device: (i) reduces its vulnerability to a DoS attack by foregoing installation of a forward session entry for the forward traffic session within the session data until a processed TCP SYN/ACK packet associated with the corresponding reverse traffic session is received; (ii) selects an FSD to associate with the forward traffic session and a corresponding reverse traffic session by performing a load balancing function on the TCP SYN packet; and (iii) causes the TCP SYN packet to be processed by the selected FSD. | 2016-03-24 |
20160087939 | HIERARCHICAL RULE DEVELOPMENT AND BINDING FOR WEB APPLICATION SERVER FIREWALL - At least one of an HTTP request message and an HTTP response message is intercepted. A corresponding HTTP message model includes a plurality of message model sections. A representation of the at least one of an HTTP request message and an HTTP response message is parsed into message sections in accordance with the message model sections of the HTTP message model. A plurality of security rules are bounds to the message model sections. The plurality of security rules each specify at least one action to be taken in response to a given condition, which is based, at least in part, on a corresponding given one of the message sections. The at least one of an HTTP request message and an HTTP response message is processed in accordance with the plurality of security rules. Techniques for developing rules for a web application server firewall are also provided. | 2016-03-24 |
20160087940 | PRIVATE ALIAS ENDPOINTS FOR ISOLATED VIRTUAL NETWORKS - In accordance with a designation of a private alias endpoint as a routing target for traffic directed to a service from within an isolated virtual network of a provider network, a tunneling intermediary receives a baseline packet generated at a compute instance. The baseline packet indicates a public IP (Internet Protocol) address of the service as the destination, and a private IP address of the compute instance as the source. In accordance with a tunneling protocol, the tunneling intermediary generates an encapsulation packet comprising at least a portion of the baseline packet and a header indicating the isolated virtual network. The encapsulation packet is transmitted to a node of the service. | 2016-03-24 |
20160087941 | TECHNIQUES FOR PROVIDING SERVICES TO MULTIPLE TENANTS VIA A SHARED END-POINT - A service is provided that supports a plurality of tenants. Server(s) of the service are communicatively coupled with a plurality of gateways of the service. Each gateway is configured to support at least one tenant. The server(s) of the service include a network interface, a tenant mapper, and a gateway interface. The network interface is configured to receive connection strings from client devices. Each received connection string includes a service portion that maps to the same public IP address of the service, and also includes a corresponding tenant portion that identifies a tenant. The tenant mapper maps the tenant portions of the connection strings to corresponding gateways. The gateway interface is configured to enable the gateways to establish tunnels between the corresponding client devices and identified tenants. Accordingly, clients are enabled to access multiple tenants of the service via a same public IP address. | 2016-03-24 |
20160087942 | VPN ACCESS CONTROL SYSTEM, OPERATING METHOD THEREOF, PROGRAM, VPN ROUTER, AND SERVER - To provide a VPN access control system, an operating method thereof, a non-transitory computer-readable recording medium having a program recorded thereon, a VPN router, and a server capable of reducing the effort of work of an administrator and quickly permitting remote access. A VPN access control system includes a VPN router and an image server. The VPN router executes a router authentication process based on router authentication information, and the image server executes a server authentication process based on server authentication information. The image server receives an access right granting request from a portable terminal of a registered user to which the access right has been granted and executes a first user registration process. The VPN router executes a second user registration process based on a command from the image server, and transmits an authentication information notification to a user who is an access right granting target. | 2016-03-24 |
20160087943 | METHOD AND APPARATUS FOR OPTIMIZING HYPERTEXT TRANSFER PROTOCOL ("HTTP") UNIFORM RESOURCE LOCATOR ("URL") FILTERING SERVICE - A method for handling hyper-text transfer protocol (“HTTP”) requests from client devices is disclosed. The method comprises receiving an HTTP request from a client device to connect to a destination server. It further comprises extracting a plurality of HTTP headers from the HTTP request using a gateway device in accordance with a user defined configuration to create a subset of the request. Next, it comprises forwarding the subset to an external security device from the gateway device to perform URL policy processing using the request. Finally, it comprises based on a received result of the URL policy processing, transmitting the client request to the destination server. | 2016-03-24 |
20160087944 | KEY MANAGEMENT FOR MIXED ENCRYPTED-UNENCRYPTED CONTENT - Based on a request for media content from a media client, a device identifies one or more: segments of encrypted media content; encryption keys for decrypting the segments of encrypted media content; and segments of unencrypted media content. The device determines an order for sending the one or more segments of encrypted and unencrypted media content. The device sends, to the media client, a segment of encrypted media content, according to the order for sending, along with an encryption key for decrypting the segment of encrypted media content being sent. The device sends, to the media client, a segment of unencrypted media content, according to the order for sending, along with a subsequent encryption key for decrypting a subsequent segment of encrypted media content to be sent after the segment of unencrypted content. The subsequent encryption key permits the media client to decrypt the subsequent segment of encrypted media content. | 2016-03-24 |
20160087945 | METHOD FOR ENCRYPTING DIGITAL FILE - Disclosed is a method for encrypting a digital file, comprising the following steps: generating, when a user requests to download a specified digital file, a key, according to inherent information of the user, inherent information of a client terminal used by the user, and inherent information of the specified digital file; encrypting the specified digital file according to the key that has been generated; and performing decryption according to the key and a corresponding decryption procedure, after an encrypted digital file is downloaded at the client terminal used by the user. The technical solution allows dynamic generation of one key each time the digital file is downloaded, thereby truly realizing “one user, one machine, and one copy of the digital file.” | 2016-03-24 |
20160087946 | FILE SECURITY METHOD AND APPARATUS FOR SAME - Disclosed is a file security method for reinforcing file security, which includes: by a first communication device, detecting an access to a file stored in a virtual drive; by the first communication device, requesting a decryption key of the file to a second communication device and receiving the decryption key; and by the first communication device, decrypting the access-detected file by using the decryption key. | 2016-03-24 |
20160087947 | Systems and Methods for Data Gathering Without Internet - Systems and methods are provided in which external key devices are used for sealing and unsealing data-gathering devices without Internet, wherein the data-gathering devices invalidate the external key devices upon completing data collection in order to seal removable storage. Further, a sealed removable storage is transported to same location of a key server, where the key server uses a multi-factor sealing routine to unlock the sealed removable storage. The routine seals and unseals uses multiple factors including a location of the key server, hardware attributes of the removable storage, hardware attributes of the external key devices, and a private key of the key server. The data-gathering device may be used to support workers collecting data in disconnected parts in the world that are without Internet. The workers may collect data by using mobile devices to transfer data to a shared data-gathering device. | 2016-03-24 |
20160087948 | Secure Radio Information Transfer Over Mobile Radio Bearer - Providing secure radio information transfer over a mobile radio bearer by generating one or more secret keys, applying symmetric encryption to unencrypted radio information to generate encrypted radio information, applying a keyed hash operation to the unencrypted radio information using the generated one or more secret keys to generate a message digest, and transmitting both the encrypted radio information and the message digest over a network. | 2016-03-24 |
20160087949 | ESTABLISHING SECURE DIGITAL RELATIONSHIP USING SYMBOLOGY - An embodiment includes an apparatus comprising: a display module; at least one memory coupled to the display module; at least one processor, coupled to the at least one memory, to perform operations comprising: (a) encoding first content, which is based on a first value, in a first bar code, (b) displaying the first bar code with the display module; (c) receiving a second bar code, which includes second content based on a second value, from a second computing node; (d) encoding third content, which is based on a third value, in a third bar code, (e) displaying the third bar code with the display module; (f) determining an encryption key based on the first and second values; and (g) exchanging a message, encrypted based on the encryption key, with the second computing node. Other embodiments are described herein. | 2016-03-24 |
20160087950 | METHOD OF SECURING MOBILE APPLICATIONS USING DISTRIBUTED KEYS - Aspects of the present disclosure are directed to methods and systems for securing mobile computing applications with distributed keys. In one aspect, a computer implemented method or computer readable media include steps electronically receiving, at a computer processor of a computing device, a first security key fragment based on a user input to the computing device; electronically receiving, at the computer processor, a second security key fragment from a network connected storage entity; and electronically concatenating, at the computer processor, the first security key fragment and the second security key fragment to generate a third security key. | 2016-03-24 |
20160087951 | SYSTEMS AND METHODS FOR INHIBITING ATTACKS WITH A NETWORK - Systems and methods for inhibiting attacks with a network are provided. In some embodiments, methods for inhibiting attacks by forwarding packets through a plurality of intermediate nodes when being transmitted from a source node to a destination node are provided, the methods comprising: receiving a packet at one of the plurality of intermediate nodes; determining at the selected intermediate node whether the packet has been sent to the correct one of the plurality of intermediate nodes based on a pseudo random function; and forwarding the packet to the destination node, based on the determining. In some embodiments an intermediate node is selected based on a pseudo random function. In some embodiments, systems and methods for establishing access to a multi-path network are provided. | 2016-03-24 |
20160087952 | SCALABLE AUTHENTICATION PROCESS SELECTION BASED UPON SENSOR INPUTS - Disclosed is a mobile device that selects an authentication process based upon sensor inputs and mobile device capabilities. The mobile device may include: a plurality of sensors; and a processor. The processor may be configured to: determine multiple authentication processes based upon sensor inputs and mobile device capabilities for authentication with at least one of an application or a service provider; select an authentication process from the multiple authentication processes that satisfies a security requirement; and execute the authentication process. | 2016-03-24 |
20160087953 | METHOD TO MODIFY ANDROID APPLICATION LIFE CYCLE TO CONTROL ITS EXECUTION IN A CONTAINERIZED WORKSPACE ENVIRONMENT - Methods, devices, and systems are described to modify the life cycle of a Google Android® application, in its application manifest file and byte code, such that the execution of the application can be controlled via policies and security governed by a workspace application installed on an Android-based device. Dummy wrapper classes are inserted into the byte code for network and I/O system calls that call security code before calling the original classes. | 2016-03-24 |
20160087954 | CACHE-BASED WIRELESS CLIENT AUTHENTICATION - Methods and systems for caching of remote server MAC authentication to enable fast roaming are provided. According to one embodiment, MAC addresses of wireless client devices contained within authentication requests associated with the wireless client devices and corresponding authentication status information provided by an authentication server associated with a wireless local area network (WLAN) responsive to the authentication requests are cached by a wireless network controller of the WLAN. A MAC-based authentication request is received by the wireless network controller from a wireless access point (AP) managed by the wireless network controller on behalf of a roaming wireless client device. It is determined whether cached authentication status information exists for the MAC address of the roaming wireless client device and if so, then the roaming wireless client device is permitted or denied access to the WLAN via the AP based on the cached authentication status information. | 2016-03-24 |
20160087955 | GENERIC SERVER FRAMEWORK FOR DEVICE AUTHENTICATION AND MANAGEMENT AND A GENERIC FRAMEWORK FOR ENDPOINT COMMAND DISPATCH - Methods, devices, and systems are described for enrolling a user's bring-your-own-device for secure connection to a company's enterprise computer network. From her mobile device, user clicks on a uniform resource locator (URL) to connect with the login web page on the enterprise network. After authentication, checks are performed to verify that the user has authorization to enroll the type of electronic device, and the profile is installed on the device. A notification is sent to the device by a server on the enterprise network, and a secure workspace application is pushed to the device along with configuration data that automatically links the workspace with the parent device enrollment. Once the user launches the secure workspace application the workspace access configuration data and initializes enrollment with the enterprise network, resulting in a linking of the secure workspace application with its parent device enrollment. The workspace is registered as a child of the parent device, and the lifecycle of the workspace is thus linked to that of the parent. | 2016-03-24 |
20160087956 | UNIFIED PROVISIONING OF APPLICATIONS ON DEVICES IN AN ENTERPRISE SYSTEM - The present disclosure relates generally to managing access to an enterprise system using remote devices. Techniques are disclosed for provisioning applications on remote devices to access resources in an enterprise system. Specifically, applications may be automatically configured with access information (e.g., account information) and connection information to access a resource in an enterprise system using a remote device. Configuring an application may include determining an account for accessing a resource using the application. An account may be provisioned if one has not been established. Upon configuring an application, the device access management system may provide a configured application to the remote device(s) for which the application is configured. Once the configured application is received, the application may be automatically installed on the remote device, after which the application may be executed to access a resource. | 2016-03-24 |
20160087957 | MULTI-FACTOR AUTHENTICATION TO ACHIEVE REQUIRED AUTHENTICATION ASSURANCE LEVEL - As users gain access to different services, the grade of the services may vary, for example, from low value services to high value services. A low value may indicate that a low strength of authentication is required, while a high value may indicate that a high strength of authentication is required to access the service. There is disclosed a method for authenticating a device comprising the determination ( | 2016-03-24 |
20160087958 | INDUSTRIAL SECURITY AGENT PLATFORM - Systems, methods, and apparatus, including computer programs encoded on computer storage media, for facilitating secure communication. A system for facilitating secure communication includes an enterprise network, one or more operational technology networks, and a management server. Each of the operational technology networks can include one or more controller devices operable to control one or more operational devices, and can include a respective site security server and a respective security relay server. The security relay server can be operable to facilitate secure communication between controller devices of the operational technology network and its corresponding site security server. The management server can be a node on the enterprise network and can be operable to communicate with each site security server. | 2016-03-24 |
20160087959 | ELECTRONIC DEVICE AND METHOD FOR PROCESSING DATA IN ELECTRONIC DEVICE - Provided are an electronic device and a method for processing data in the electronic device. The electronic device may receive server registration time-related information—that is, information related to a time when at least one beacon device becomes registered in a server, and decrypt at least one beacon signal received from the at least one beacon device based on the received server registration time-related information. | 2016-03-24 |
20160087960 | SHARED IDENTITY MANAGEMENT (IDM) INTEGRATION IN A MULTI-TENANT COMPUTING ENVIRONMENT - Techniques are disclosed for enabling tenant hierarchy information to be migrated directly between different multi-tenant system (e.g., from a shared IDM system to a Nimbula system, or vice versa). A corresponding new tenant is created in a Nimbula system based on a combination of the tenant information and the service information from the shared IDM system. The Nimbula system extracts the tenant name and the service name from a request and asks the shared IDM system to verify that the user actually is a member of the tenant identified by the extracted tenant name. Upon successful authentication of the user, the Nimbula system requests the IDM system for roles that are associated with both the user and the extracted service name. The Nimbula system enable access to the service upon determining whether the requested operation can be performed relative to the specified service based on the roles. | 2016-03-24 |
20160087961 | Techniques for Authenticating a Device for Wireless Docking - Examples are disclosed for a first device to wirelessly dock to a second device. In some examples, a first device may receive identification from the second device for wirelessly docking. The first device may determine whether the second device is allowed to wirelessly dock and if allowed an authentication process may be implemented. The first device may then wirelessly dock to the second device based on a successful authentication. Other examples are described and claimed. | 2016-03-24 |
20160087962 | METHOD AND SYSTEM FOR AUTHENTICATING USER IDENTITY - Embodiments of the present application relate to a method for authenticating user identity, a system for authenticating user identity, and a computer program product for authenticating user identity. A method for authenticating user identity is provided. The method includes generating a first verification code by a server, displaying the first verification code to a user in an application scenario of a service requiring user identity authentication, receiving a second verification code sent by the user via another application that is other than the application scenario, comparing the second verification code sent by the user and the first verification code generated by the server, and determining whether the user has passed identity authentication based on a result of the comparison. | 2016-03-24 |
20160087963 | ESTABLISHING SECURE COMPUTING DEVICES FOR VIRTUALIZATION AND ADMINISTRATION - Embodiments are directed to establishing a secure connection between computing systems and to providing computer system virtualization on a secure computing device. In one scenario, a computer system receives a request that at least one specified function be initiated. The request includes user credentials and a device claim that identifies the computing device. The computer system authenticates the user using the received user credentials and determines, based on the device claim, that the computing device is an approved computing device that has been approved to initiate performance of the specified function. Then, upon determining that the user has been authenticated and that the computing device is approved to initiate performance the specified function, the computer system initiates performance of the specified function. | 2016-03-24 |
20160087964 | CREDENTIAL MANAGEMENT - A credential management system is described that provides a way to disable and/or rotate credentials, such as when a credential is suspected to have been compromised, while minimizing potential impact to various systems that may depend on such credentials. The credentials may be disabled temporarily at first and the availability of various resources is monitored for changes. If no significant drop of availability in the resources has occurred, the credential may be disabled for a longer period of time. In this manner, the credentials may be disabled and re-enabled for increasingly longer time intervals until it is determined with sufficient confidence/certainty that disabling the credential will not adversely impact critical systems, at which point the credential can be rotated and/or permanently disabled. This process also enables the system to determine which systems are affected by a credential in cases where such information is not known. | 2016-03-24 |