16th week of 2016 patent applcation highlights part 64 |
Patent application number | Title | Published |
20160112331 | PROGRAMMING METHOD AND APPARATUS FOR CORE ROUTING AND SWITCHING SYSTEM - A programming method and a programming apparatus for a core routing and switching system are provided. The method includes: obtaining a number of routing nodes and a number of resource types in each routing node in the core routing and switching system; judging whether a first requirement for resources in the routing nodes is changed to a second requirement; judging whether resources in a first routing node group corresponding to the first requirement meet the second requirement if the first requirement is changed; searching for a plurality of second routing node groups with resources meeting the second requirement if the resources in the first routing node group do not meet the second requirement; calculating a plurality of migration overheads corresponding to the plurality of second routing node groups; selecting a second routing node group corresponding to a smallest migration overhead from the plurality of second routing node groups. | 2016-04-21 |
20160112332 | DISTRIBUTED PARALLEL COMPUTATION WITH ACCELERATION DEVICES - A method for distributed computing between a host computer and at least one accelerator device interconnected through a network includes profiling a data transfer rate and a computation rate for a range of data sizes to find an optimal chunk size for the data transfer through the network; splitting or aggregating a size of the data stored in a memory in the host computer for encapsulating the data into a chunk with the optimal chunk size; dispatching the encapsulated data to the accelerator device; and instructing pipeline computation to the accelerator device with respect to the encapsulated data received. | 2016-04-21 |
20160112333 | CONTENT REPRODUCTION SYSTEM, CONTENT REPRODUCTION APPARATUS, PROGRAM, CONTENT REPRODUCTION METHOD, AND PROVIDING CONTENT SERVER - A method, apparatus, encoder, and decoder for receiving, transmitting, encoding and decoding content is provided. The method includes receiving a first segment of the content, the first segment having a first format, receiving, from a transmitting apparatus, a second segment of the content, the second segment having a second format, monitoring a network status between the receiving apparatus and the transmitting apparatus, and selecting the first segment or the second segment based on the monitored network status. | 2016-04-21 |
20160112334 | CONTENT REPRODUCTION SYSTEM, CONTENT REPRODUCTION APPARATUS, PROGRAM, CONTENT REPRODUCTION METHOD, AND PROVIDING CONTENT SERVER - A method, apparatus, encoder, and decoder for receiving, transmitting, encoding and decoding content is provided. The method includes receiving a first segment of the content, the first segment having a first format, receiving, from a transmitting apparatus, a second segment of the content, the second segment having a second format, monitoring a network status between the receiving apparatus and the transmitting apparatus, and selecting the first segment or the second segment based on the monitored network status. | 2016-04-21 |
20160112335 | System and Method for Transmission Management in Software Defined Networks - A communications controller is provided. The communications controller includes a flow manager that classifies a packet flow serviced by more than one transmission points (TPs) as one of a plurality of slices in accordance with at least one of a nature of the packet flow, a load status of each of the plurality of slices, and feedback information provided by the more than one TPs, and alters a classification of the packet flow in accordance with the load status of each of the plurality of slices, and feedback information provided by the TPs served by the communications controller. The communications controller also includes a memory coupled to the flow manager, the memory stores a packet of the packet flow in one of a plurality of packet queues in accordance with the classification of the packet flow. | 2016-04-21 |
20160112336 | METHOD OF CONTROLLING PACKET TRANSMISSION INTERVAL - According to an aspect of present invention provides method of controlling a packet transmission interval, method comprising, comparing a preset delay ratio with number of packets transmitted, transmitting packets until number of packets transmitted becomes equal to or greater than delay ratio, calculating a delay request time when number of packets transmitted becomes equal to or greater than delay ratio, generating a signal for suspending packet transmission during calculated delay request time, suspending packet transmission according to generated signal and calculating a gap time based on a difference between a time when suspension of packet transmission was terminated and packet transmission was started and updating the delay ratio using the calculated gap time and initializing the number of packets transmitted. | 2016-04-21 |
20160112337 | Dynamically Offloading Flows from a Service Chain - Dynamically by-passing a service function instance on a service chain after the service function instance has processed the first few packets of a traffic flow may improve the overall processing efficiency of the service chain. When using a control plane mechanism, a service function instance communicates a by-pass indication to a control plane entity to prompt the control plane entity to re-route remaining portions of the traffic flow around the service function instance. When using a data plane mechanism, a service function instance includes a by-pass indication in a service chain header (SCH) of a packet in a traffic flow, and forwards the packet to a data plane entity. The by-pass indication will prompt the data plane entity to re-route remaining portions of the traffic flow around the service function instance. | 2016-04-21 |
20160112338 | SYSTEMS AND METHODS OF MODIFYING DATA PACKETS USED IN IP TELEPHONY COMMUNICATIONS - Systems and methods performed by an IP telephony device or an element of an IP telephony system mask the data contained in data packets bearing the media of an IP telephony communication to prevent an Internet service provider from identifying the data packets as carrying the media of an IP telephony communication. The systems and methods can also modify the size of data packets and/or modify the data transfer rate of a stream of data packets bearing the media of an IP telephony communication to prevent an Internet service provider from identifying the stream of data packets as bearing the media of an IP telephony communication. | 2016-04-21 |
20160112339 | Network Resources Management by a Cloud Consumer - A cloud service provider hypervisor server, which supports a cloud service provider hypervisor, receives a cloud consumer's management information base (MIB) from a cloud consumer. The cloud consumer's MIB is a portable MIB that is capable of being loaded into multiple cloud service provider hypervisors. A trap receiver in the cloud service provider hypervisor server receives a Simple Network Management Protocol (SNMP) trap from a resource described by the cloud consumer's MIB. The SNMP trap is an SNMP message, from the resource, that describes an event in the resource. The SNMP trap bypasses the cloud service provider hypervisor, such that the cloud service provider hypervisor server transfers the SNMP trap to the cloud consumer without any interpretation of the SNMP trap by the cloud service provider hypervisor. | 2016-04-21 |
20160112340 | METHOD AND SYSTEM FOR RESOURCE SHARING - A resource sharing method is provided. The method includes obtaining a user identifier that logs in a current device through a resource sharing operation. The method also includes extracting corresponding binding device information from a server based on the user identifier and displaying the binding device information. Further, the method includes obtaining a device identifier selected from the displayed binding device information and sending the selected device identifier and resource to be shared with a device corresponding to the selected device identifier to the server, such that the server delivers the resource to be shared to the corresponding device based on the selected device identifier. | 2016-04-21 |
20160112341 | METHOD, SYSTEM AND PROGRAM PRODUCT FOR ALLOCATION AND/OR PRIORITIZATION OF ELECTRONIC RESOURCES - A method, system and program product, the method comprising determining a first rule set comprising a plurality of patterns of run-time data; obtaining a second rule set comprising a respective priority assigned to respective of the application context IDs and/or user IDs and/or business priorities or combinations of two or more thereof; receiving run-time data for a first plurality of the user IDs; determining application context IDs running on desktops; generating allocation data and/or prioritization data for allocation of electronic resources for user IDs, based at least in part on the second rule set; and sending signals, based on the allocation data and/or the prioritization data. | 2016-04-21 |
20160112342 | MACHINE PROVIDING METHOD, MACHINE PROVIDING SYSTEM AND COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREIN MACHINE PROVIDING PROGRAM - A method for providing one or more machines to a user in a unit of the machine includes: deciding, when a first machine allocated to a user is to be released from allocation to the user, whether or not firmware that controls operation of the first machine has been changed after the allocation; storing, when the firmware has been changed, information relating to a changed firmware into a storage unit in an associated relationship with the user; deciding, when the first or a second machine is allocated to the user, whether or not the information corresponding to the user is stored in the storage unit; setting, in a case where the information is stored, the changed firmware to the first or second machine, and setting, in a case where the information is not stored, default firmware to the first or second machine. | 2016-04-21 |
20160112343 | METHODS AND SYSTEMS FOR STORAGE ACCESS MANAGEMENT - Systems and methods for identifying and correcting storage system inefficiencies are disclosed. The method includes discovering Logical Unit Number (LUN) information from a network storage system node, the LUN information associated with a first LUN and including an initiator group (IGroup) associated with the first LUN; discovering node information, the node information including logical interface (LIF) status information; determining whether LUN access information also comprises a port set associated with the IGroup; combining the LIF status information and the initiator access list of the IGroup to test accessibility of the first LUN, when a port set is not associated with the at least one IGroup; and combining the LIF status information, the initiator access list of the IGroup, and the LIF access list of the port set to test the accessibility of the first LUN, when there is a port set associated with the IGroup. | 2016-04-21 |
20160112344 | Method for Controlling Service Data Flow and Network Device - A method for controlling a service data flow and a network device are provided. The method includes receiving, by a network device, a service data flow, and acquiring a control label that is carried, based on the Label Control Protocol, in the service data flow, and performing, by the network device, network access control on the service data flow according to the control label by using admission control configuration information and application control configuration information that are delivered by a controller and are based on security group information, where the network access control includes at least one of admission control and application control. According to the embodiments of the present disclosure, admission control and/or application control may be performed on the service data flow, so as to effectively improve efficiency of processing the service data flow by the network device. | 2016-04-21 |
20160112345 | METHOD AND APPARATUS FOR PROVIDING MULTICAST SERVICE AND METHOD AND APPARATUS FOR ALLOCATING MULTICAST SERVICE RESOURCE IN TERMINAL-TO-TERMINAL DIRECT COMMUNICATION - A method of providing a multicast service is provided by a terminal in a terminal-to-terminal direct communication. The terminal transmits a service start request message requesting a start of a multicast service to a multicast server, and receives a service start response message including a result of permitting a start request from the multicast server. The terminal receives, via a base station, resource information of a resource which a multicast coordinator allocates to the multicast service in accordance with a request of the multicast server, and transmits multicast service data based on the resource information. | 2016-04-21 |
20160112346 | NONSTOP COMPUTING FABRIC ARRANGEMENTS - Systems and methods for non-stop computing in a virtualization fabric are disclosed. One system includes a computing fabric comprising a plurality of host platforms, the plurality of host platforms including at least a first host platform and a second host platform communicatively connected to the first host platform. The system also includes an interconnect service partitions residing on the first host platform. The system includes a plurality of guest partitions distributed across the plurality of host platforms. The system further includes a DNS server instance managed by at least one of the plurality of interconnect service partitions and defining at least one zone, the at least one zone including one or more partitions from among the plurality of guest partitions distributed across the plurality of host platforms. | 2016-04-21 |
20160112347 | Increased Fabric Scalability by Designating Switch Types - The scale of the fabric being decoupled from the scale capabilities of each switch. Only the directly attached node devices are included in the name server database of a particular switch. Only needed connections, such as those from hosts to disks, i.e., initiators to targets, are generally maintained in the routing database. When a switch is connected to the network it is configured as either a server, storage or core switch, defining the routing entries that are necessary. This configuration addresses the various change notifications that must be provided from the switch. In host to host communications, disk to tape device communications in a backup, or disk to disk communications in a data migration, there must be transfers between like type devices, i.e. between two communications devices connected to server switches or connected to storage switches. These cases are preferably developed based on the zoning information. | 2016-04-21 |
20160112348 | INTEROPERATION OF SWITCH LINE CARD AND PROGRAMMABLE LINE CARD - When needing to forward a packet from a switch line card to a programmable line card, the switch line card may encapsulate a pseudo-Layer 2 header for the packet based on uplink forwarding process of the switch line card. The pseudo-Layer 2 header may carry an adjacency table index and an egress interface table index which is used by the programmable line card. Correspondingly, the programmable line card may obtain the adjacency table index and the egress interface table index from the pseudo-Layer 2 header of the packet, and then may re-encapsulate a real Layer 2 header for the packet based on downlink forwarding process of the programmable line card, and transmit the packet through a corresponding egress interface. | 2016-04-21 |
20160112349 | METHOD FOR PROVIDING PROTECTION SWITCHING SERVICE IN VIRTUAL TENANT NETWORK AND CONTROLLER THEREFOR - A method for providing a protection switching service in a virtual tenant network (VTN) and a controller are provided. The method enables a real-time protection switching setup on a VTN path in order to provide reliability of a VTN service. | 2016-04-21 |
20160112350 | SYSTEMS AND METHODS FOR SERVER AND SWITCH FAILOVER IN A BLACK CORE NETWORK - A black core network system and method, wherein the system includes a ciphertext network, a server having a bonding module and a plurality of network interfaces, a plurality of encryptor devices and one or more routers, wherein each router is connected through one or more of the server network interfaces to the server and through one or more encryptor devices to the ciphertext network. The server establishes, in the bonding module, a server gateway for each server network interface, selects a first network interface as primary link and a second server network interface as backup link, and sends routing metric information out through the primary link and the backup link, wherein sending includes sending metric information indicating that the cost of routing through the primary link is less than the cost of routing through the backup link. When the server receives, from one of the one or more routers, an indication that there is a link failure on the primary link, the server manipulates the server gateway for the second server network interface to direct traffic for the primary link out the second server network interface, wherein the second link becomes the new primary link and the server sends routing metric information out through the new primary link to the second router. | 2016-04-21 |
20160112351 | Apparatus and Method for Quickly Sending Messages - A communication apparatus is configured to provide for quickly sending a message to a recipient. For instance, embodiments can be configured so that text, an image, or other content can be copied from a received message and sent via use of a copy and send command to actuate the formation of a message for sending. After selecting such a command, a message may be formed in a format of a preselecting messaging protocol (e.g. instant messaging, text messaging, etc.) that includes the copied content. In some embodiments, the sending of the message having the copied content may occur automatically in a predefined messaging format to a predefined addressee or group of predefined addressees after selecting a copy and send command so that no further input from a user is needed to effect the generation and sending of a message to the addressee(s). | 2016-04-21 |
20160112352 | Method and Device for Real-Time Conversations of Participants and Comments with Each Other - A method for real-time conversations and comment with each other in a mobile device comprises the following steps. In the step (a), it activates a communication module of real-time conversations and comment with each other of a first mobile device. In the step (b), it performs a matching process for a user of the first mobile by a server. In the step (c), it provides a topic of chat for the user of the first mobile device for conversations by using the communication module of real-time conversations and comment with each other or by using the server. In the step (d), the user of the first mobile device transmits a first message to the successfully matched user of a second mobile device and makes comments for a second message from the user of the second mobile device. | 2016-04-21 |
20160112353 | METHOD AND APPARATUS FOR JOINING ELECTRONIC CONFERENCE - According to the present invention, even while a chat opening process is in progress, users can join chats by means of a simple procedure from a video game machine. Once a chat has been opened, an invitation signal can further be transmitted to other chat guests. A video game machine of an expected guest receiving the invitation signal displays a screen prompting the guest to enter the chat room, and the expected guest can join the chat by transmitting an enter room signal to a database. At this time, a chat answer signal indicating that the expected guest accepts the invitation from a chairman is transmitted from the expected guest to the chairman. | 2016-04-21 |
20160112354 | CHAT ROOM VIEWING - A system and method allows a user to view communications exchanged between other participants within an online chat room without the user becoming a participant within the online chat room. The online chat room enables ongoing exchanges of electronic communications between two or more participants whose participation within the chat room are mutually revealed to each other. A user is enabled to perceive the existence of the online chat room without the user becoming a participant within the online chat room. Selection of the online chat room by the user is received. Responsive to user selection of the online chat room and without the user becoming a participant within the online chat room, at least some of the communications exchanged between the participants within the online chat room are made perceivable to the user as the communications are exchanged. | 2016-04-21 |
20160112355 | SYSTEMS AND METHODS FOR MONITORING MESSAGING APPLICATIONS FOR COMPLIANCE WITH A POLICY - The present inventions relate systems and methods for monitoring and managing electronic messages in one or more computer networks. More particularly, the systems and methods of the present invention provide a substantially global or unified approach to messaging management within one or more computer networks that allows network administrators or other authorized users to define and identify electronic messages of interest within the network and store selected messages such that they can be retrieved and examined in connection with an audit or other inquiry. | 2016-04-21 |
20160112356 | Network Device and Method for Processing Email Request - A network device and a method for processing an email request are disclosed. The network device includes a communications interface and a processor. The communications interface is configured to communicate with a client device and an email server. The processor is configured to receive a first request from the client device for fetching a portion of an email message. The processor generates a second request for fetching the email message in its entirety according to the first request. After receiving the email message that is in an encoded form and that is returned according to the second request by the email server, the processor decodes the email message to obtain the portion in a decoded form. Then the processor forwards the portion of the email message to the client device. | 2016-04-21 |
20160112357 | METHOD AND APPARATUS FOR PROVIDING A USER DEVICE WITH FUNCTIONALITY ENABLING NEWS FEED FILTERING - Methods, apparatuses, and computer program products are described herein that are configured to provide a user device with functionality enabling news feed filtering. One example embodiment may include a method for receiving post information having associated filterable subject matter attributes, providing selectable subject matter filter values, each of the one or more selectable subject matter filter values configured to enable the first user to identify a subject matter by which to filter the non-filtered scene information, receiving a subject matter filter value, providing, to the user device, via the communication interface, filtered scene information, the filtered scene information comprised of one or more instances of filtered post information, each instance of the filtered post information having one or more associated filterable attributes matching the subject matter filter value. | 2016-04-21 |
20160112358 | APPARATUS AND METHOD FOR INTELLIGENT SUPPRESSION OF INCOMING MULTI-FORMAT MULTI-PROTOCOL COMMUNICATIONS - This disclosure relates generally to apparatuses, methods, and computer readable media for integrating communications for computing devices across multiple formats and multiple protocols. More particularly, this disclosure relates to apparatuses, methods, and computer readable media to permit computing devices, e.g., smartphones, tablets, lappets, wearable devices, and the like, to present users with a multi-protocol, person-centric, multi-format in box feed system for integrating multi-format communications. Use of a person-centric, e.g., sender-specific, in box feed allows users to view/preview all their messages in a single feed. Grouping messages by sender also conveniently allows the user to stay on the same user interface screen while reviewing messages and allows for quick visual filtering of messages. “Intelligently Snoozing” messages, e.g., by sender or group of senders, may further allow the user to receive communications at times, locations, on devices, and in ways of the user's choosing. | 2016-04-21 |
20160112359 | GROUP MESSAGE CONTEXTUAL DELIVERY - A message context and delivery manager (MCDM) receives a group message designated for delivery to a plurality of recipient devices. The MCDM determines a message context of the group message, determines a sending device context of the sending device, and determines a recipient device context for each of the plurality of recipient devices. The MCDM further determines the relevance between the message context and each of the recipient device contexts and delivers the group message to the recipient devices if the message context is relevant to the recipient device contexts. | 2016-04-21 |
20160112360 | UNDERSTANDING OF THE RELATIONSHIP BETWEEN THE COMMENTS BEING MADE TO THE CONTAINERS AND THE COMMENTS BEING MADE TO THE ELEMENTS OF THE CONTAINERS - A method, system and computer program product for improving understanding of comments on collections of data. A social media stream is monitored for comments to a container (e.g., photo album) and elements within the container (e.g., photographs). These comments are stored in a data structure along with an identification of the container or element of the container upon which the comments are directed. In response to a user selecting to view comments to an element within the container or the container itself, the data structure is searched for the comments to the selected element or container. Images of the container are then displayed in a fliptych manner, where the selected element or container is displayed in the center section of the fliptych. A list of comments is displayed in a comments section below the fliptych, where the list of comments includes highlighted comments directed to the selected element or container. | 2016-04-21 |
20160112361 | SUPPORTING MESSAGE SHARING - A method and system for processing an email. A mail hub device receives the email from a first mail server, a Mail Thread ID (MTID) from a Mail Thread Board (MTB) server, and additional data from the MTB server. The mail hub device transmits, to a second mail client, the email with the added MTID and the added additional data and in response, receives, from the second email client, a selection of a message from messages contained in the additional data. The mail hub device transmits, to the MTB server, a request to generate an update of the additional data based on the selection of the message. The mail hub device receives, from the MTB server, the updated additional data based on the selection of the message. The mail hub device transmits, to the first mail server, the updated additional data based on the selection of the message. | 2016-04-21 |
20160112362 | CONTEXTUAL MESSAGING SYSTEMS AND METHODS - Contextual messaging systems and message implemented through a mobile device associated with a sender of a message include composing a message to a recipient via a messaging application; selecting one or more unique characters or pictures to trigger one or more of functionality, an application, or a service on a mobile device associated with the recipient; selecting one or more additional details subsequent to selecting the one or more unique characters or pictures, wherein the one or more additional details are used in the functionality, application or service; and sending the message to a mobile device associated with the recipient with the one or more unique characters or pictures and the one or more additional details. The mobile device is configured to receive the message and automatically perform one or more actions based on the one or more unique characters or pictures and the one or more additional details. | 2016-04-21 |
20160112363 | SYSTEM AND METHOD FOR AUTOMATED REMINDERS FOR A DATING SERVICE - A system and method for generating and outputting automated reminder messages for a computer-based dating service is disclosed. An indication from a user computing device associated with a user can be received, where the indication can be indicative of interest of a user in connecting with another user. Temporary contact addresses for each user can be generated and output. Each temporary contact address can be active for an activated period of time. Any electronic communication received during the activated period can be forwarded to the appropriate user. A reminder message can be output to a particular user when: (i) the particular user has not responded to an electronic message from the other user for a response period of time, and/or (ii) the particular user has not sent an electronic message to the other user and there is less than a threshold of remaining time in the activated period. | 2016-04-21 |
20160112364 | Systems and Methods for Mobile Matchmaking Requiring Users to Chat before Successively Revealing Identities - A mobile matchmaking system including a chat server; and a user device including a network interface, a user interface, and a controller configured to: request, from the chat server, a match between the user and a matched user; initiate a first round of a chat mode including the steps of: initiating a chat conversation between the user and the matched user; receiving, from the chat server, access to a set of pictures, wherein the set of pictures includes a picture of the matched user and one or more decoy pictures; displaying, via the user interface, the set of pictures; and upon reaching an endpoint of the round, removing at least one of the one or more decoy pictures from the set of pictures; initiate further rounds of the chat mode until only pictures of the matched user remains in the set of pictures; and identifying the matched user. | 2016-04-21 |
20160112365 | TECHNIQUES FOR ASCRIBING SOCIAL ATTRIBUTES TO CONTENT - Techniques for ascribing social attributes to content items and for selecting content to display in a content feed are described. According to various embodiments, accessing one or more content items accessible via a network are accessed, each of the content items having received one or more social activity signals. Thereafter, members of an online social network service that submitted the social activity signals may be identified. Member profile data identifying member profile attributes of the members cemented the social activity signals may then be accessed. Thereafter, social attribute information may be generated and associated with each of the content items, the social attribute information identifying the member profile attributes of the members that submitted the social activity signals associated with each of the content items. | 2016-04-21 |
20160112366 | METHOD AND SYSTEM FOR INTER-SOCIAL NETWORK COMMUNICATIONS - Methods and systems for social media cooperation, via allowing inter-social network communications between users of different networks is provided. The inter-social network communications may be facilitated by sending inter-social network communications in a format determined by a protocol that is used by the social networks agreeing to allow inter-social network communications. | 2016-04-21 |
20160112367 | DUPLICATE ADDRESS DETECTION BASED ON DISTRIBUTED BLOOM FILTER - In one embodiment, a method comprises: generating, by a first network device in a network, a Bloom filter bit vector representing device addresses of devices having attached to at least one of the first network device or a second network device in the network; and determining whether a new device address is not a duplicate of any of the device addresses in the network based on the Bloom filter bit vector. | 2016-04-21 |
20160112368 | SYSTEMS AND METHODS OF CONTROLLED RECIPROCATING COMMUNICATION - Systems and method for controlled pre-interaction are disclosed. The method of performing controlled pre-interaction includes: providing at least one private interaction address, defining at least one manageable public interaction address, forming a record of manageable public interaction address associated with the private interaction address. The method of performing controlled pre-interaction further includes: generating a reverse list, wherein an interaction address of a participant is associated at least with the manageable public interaction address, and performing at least one pre-interaction act. A pre-interaction act includes: accessing the reverse list, identifying the interaction address of the participant in the reverse list, and determining that the manageable public interaction address is associated, at the reverse list, with the interaction address of the participant. | 2016-04-21 |
20160112369 | System and Method for Validating a Customer Phone Number - The invention relates to a system for validating a pair of phone number and person's name, which comprises: (a) a logical unit at a provider's server which is configured to receive said pair, and to determine based on a number of full matches or partial matches of said pair within as many as possible individual contact lists of respective mobile devices whether the pair is valid or not; and (b) a module within each provider's application which are in turn installed within each of said mobile devices, said module is configured to communicate with the respective contact list stored in the mobile, and to (a) either communicate said full contact list to said provider's server, or (b) to determine whether a full or partial match exists with said pair, and to communicate the determined result to said provider's server. | 2016-04-21 |
20160112370 | METHOD AND SYSTEM FOR CAUSING CLIENT TO RENEW DYNAMIC HOST CONFIGURATION PROTOCOL INTERNET PROTOCOL ADDRESS BASED ON LINK LOCAL ADDRESSES - The present disclosure discloses a method and a network device for causing client devices to renew DHCP IP addresses based on link local addresses. Specifically, the network device provides for detecting that a wireless client device has been self-assigned with an automatic IP address, and for de-authenticating the wireless client device such that the wireless client device restarts the authentication process and the DHCP process subsequently without excessive delay. In particular, the network device may receive a packet from a wireless client device. The network device then determines that a source or destination IP address of a received packet corresponding to the wireless client device is a link local IP address. Responsive to determining that the source IP address is a link local IP address, the network device transmits at least one message that causes the wireless client device to request a new IP address. | 2016-04-21 |
20160112371 | IP ADDRESS ALLOCATION SYSTEM AND METHOD - Embodiments of the present invention provide an IP address allocation system and method, which implement, if a control plane is separated from a forwarding plane, a function that enables user equipment to acquire an internet protocol (IP) address in a dynamic host configuration protocol (DHCP) manner. The method includes: receiving, by a forwarder, an address request sent by an external network element, where the address request includes a DHCP request of user equipment UE and user characteristic information of the UE; acquiring, from a DHCP service network element according to the DHCP request, an IP address allocated to the UE; and acquiring first instruction information that is delivered by a control device according to the user characteristic information of the UE and the IP address allocated to the UE, and sending the IP address to the UE according to the user characteristic information. | 2016-04-21 |
20160112372 | DYNAMIC TUNNEL FOR REAL TIME DATA COMMUNICATION - A tunneled session management (“TSM”) server manages a dynamic datagram tunnel (“DDT”) for a real time communication (“RTC”) with a TSM client. The TSM server establishes a stream based tunnel with the TSM client and then establishes the RTC via the stream based tunnel, where the RTC includes communicating a first channel for signaling traffic and a second channel for media traffic. Then, it is determined whether to establish the DDT for communicating the media traffic, and if so, the DDT is established and the second channel is communicated via the DDT while the first channel is maintained on the stream based tunnel. | 2016-04-21 |
20160112373 | CELL UPDATE MESSAGE MANAGEMENT - Techniques for managing cell update messages are described here. An information element (IE) that indicates the security status of a user equipment (UE) may be included in the cell update message when a cell update procedure is triggered during an ongoing security mode procedure. To ensure the size of the cell update message is equal to or smaller than the transport format size, other IEs may be omitted from the cell update message if the security mode procedure is in progress. Alternatively, if the security mode procedure is not in progress, there may not be a need to update the security status of the UE and, thus, the IE that indicates the security status may be omitted from the cell update message to reduce the size of the cell update message. | 2016-04-21 |
20160112374 | METHOD AND SYSTEM FOR SECURING AND PROTECTING SMART DEVICES WITHIN THE INTERNET OF THINGS ECOSYSTEM - A gateway device including a network interface having wired and/or wireless connections to smart devices and a network access point. The gateway device also includes a processor and a memory device having a local database. The processor is configured to execute a network controller for connecting and communicating with the smart devices and the network access point, a firewall engine for enforcing firewall rules stored in the local database for filtering communication between the smart devices and the network access point, and a management interface. The management interface generates internal firewall rules based on device profile information received from a remote database. | 2016-04-21 |
20160112375 | METHOD AND SYSTEM FOR PROTECTING CLOUD-BASED APPLICATIONS EXECUTED IN A CLOUD COMPUTING PLATFORM - A method and system for protecting cloud-based applications executed in a cloud computing platform are presented. The method includes intercepting traffic flows from a plurality of client devices to the cloud computing platform, wherein each of the plurality of client devices is associated with a user attempting to access a cloud-based application; extracting at least one parameter from the intercepted traffic related to at least each client device and a respective user attempting to access the cloud-based application; determining based on, the at least one parameter and at least a set of parameters combining cloud-based application risk factors for a provider of the cloud computing platform, a risk indicator for the user attempting to access the cloud-based application; and performing an action to mitigate a potential risk to the cloud computing platform based on the determined risk indicator. | 2016-04-21 |
20160112376 | SECURE MOBILE DATA SHARING - Implementations of the present disclosure include methods, systems, and computer-readable storage mediums for providing secure mobile data sharing. Actions can include: receiving, by the one or more processors, a request for secure mobile data sharing, the request being received from a mobile device and comprising a security definition; obtaining, by the one or more processors, based at least in part on the security definition of the request: a decryption key, a recipient identifier, and a security policy; receiving, by the one or more processors, a decryption request from a third-party device, the decryption request comprising an identifier distinguishing the third-party device as a recipient of an encrypted message corresponding to the decryption key; and providing the decryption key to the third-party device in response to validating the decryption request. | 2016-04-21 |
20160112377 | METHOD OF SECURELY TRANSFERRING DATA OVER A SERVER - A method of securely transferring data over a server is provided. The method may be executed by a software program on a computer. The present invention includes using an agreed upon virtual location as a password and an encryption key for the transfer of data between individuals or groups. For example, a first user may enter the virtual location on a computer. The user may then select a second user to send data to. The computer may encrypt the data using a encryption key linked to the virtual location. The data may be sent to the second user over the server. The second user may be prompted to enter a matching virtual location. Once the second user enters the matching virtual location, the data is decrypted on the second user's computer. The second user may now have access to the data. | 2016-04-21 |
20160112378 | SYSTEM AND METHOD FOR GRID BASED CYBER SECURITY - A method and system for providing a secure communication network using an electrical distribution grid is disclosed. A device connected to the electrical distribution grid initiates a request for a secured key token by signaling an intelligent communicating device residing at or near an edge of the grid. The intelligent communicating device forwards the request to a receiver at a distribution substation on the electrical grid. This receiver enhances the properties of the request such that a grid location for the request can be inferred. The enhanced request is forwarded to a server at the distribution substation, which compares the request grid location to a Grid Map and Policies of known secure grid locations. Any inconsistencies between the grid location inferred from the enhanced request and the Grid Map and Policies locations are considered evidence of tampering, and the server rejects the request. | 2016-04-21 |
20160112379 | APPARATUS FOR AND METHOD OF PLAYING BACK CONTENT - A method of playing back streaming content includes decoding the content based on a first decryption circuit configured based on a first key and outputting the content; requesting a second key from a server; receiving the second key and configuring a second decryption circuit based on the second key; and decoding the content based on a second decryption circuit and outputting the content, wherein the decoding of the content based on the first decryption circuit and outputting the content is performed until the second decryption circuit is configured. | 2016-04-21 |
20160112380 | TECHNIQUE FOR DISTRIBUTING A PIECE OF CONTENT IN A CONTENT DISTRIBUTION NETWORK - A method for distributing a piece of content in a content distribution network, provided by a source entity of which the integrity is ensured by means of a private key, said method comprising the following steps implemented by a content distribution entity:—receiving a request to access said piece of content from a user device;—sending, to a proxy entity, a request to have at least one piece of data signed by means of the private key;—receiving said at least one piece of signed data, said at least one piece of signed data certifying the integrity of said distribution entity for the user device;—sending a public key associated with the private key to the user device;—sending said at least one piece of signed data to the user device and distributing the content to the user device. | 2016-04-21 |
20160112381 | Computer Implemented System and Method for Secure Session Establishment and Encrypted Exchange of Data - A system(s) and method(s) for secure session establishment and secure encrypted exchange of data is disclosed. The system satisfies authentication requirement of general networking/communication systems. It provides an easy integration with systems already using schemes like DTLS-PSK. The system follows a cross layer approach in which session establishment is performed in a lightweight higher layer like the application layer. The system then passes resultant parameters of such session establishment including the session keys to a lower layer. The lower layer like the transport layer is then used by the system to perform channel encryption to allow exchange of encrypted data based on a cross layer approach, over a secure session. As the exchange of data becomes the responsibility of the lower layer like the transport layer, the data is protected from replay attacks since the transport layer record encryption mechanism provides that kind of protection. | 2016-04-21 |
20160112382 | Systems and Methods for Playing Back Alternative Streams of Protected Content Protected Using Common Cryptographic Information - Systems and methods for performing adaptive bitrate streaming using alternative streams of protected content in accordance with embodiments of the invention are described. One embodiment of the invention includes a processor, and memory containing a client application. In addition, the client application configures the processor to: request a top level index file identifying a plurality of alternative streams of protected content, where each of the alternative streams of protected content are encrypted using common cryptographic information; obtain the common cryptographic information; request portions of content from at least the plurality of alternative streams of protected content; access the protected content using the common cryptographic information; and playback the content. | 2016-04-21 |
20160112383 | TRUSTED COMMUNICATIONS BETWEEN UNTRUSTING PARTIES - A system and method is disclosed for assuring that networked communications between parties playing a game on a network (e.g., the Internet) are not tampered with by either of the parties for illicitly gaining an advantage over the other party. An initial sequence of tokens (e.g., card representations) for playing the game are doubly encrypted using an encryption key from each of the parties. Accordingly, during play of the game neither party can modify the initial sequence of game tokens during the game. At termination of the game, at least one of the parties can fully decrypt the initial sequence of tokens, and thereby, if desired, compare the played token sequence with the corresponding the initial token sequence. | 2016-04-21 |
20160112384 | SECURE REMOTE DESKTOP - A method for communication includes receiving in a secure installation via a network from a remote user terminal an input comprising a stream of symbols that has been encrypted using a preselected encryption key. The encrypted stream of symbols is decoded in the secure installation using a decryption key corresponding to the preselected encryption key, to produce a clear stream of symbols. A computer program running on a processor in the secure installation is used in processing the symbols in the clear stream and generating a graphical output in a predefined display format in response to processing the symbols. The graphical output is outputted from the secure installation to the network in an unencrypted format for display on the remote user terminal. | 2016-04-21 |
20160112385 | LOCATION-SPECIFIC OR RANGE-BASED LICENSING SYSTEM - A system and method are provided for providing content to a user terminal based on the location of the user terminal within a specific range. If the user is proximate the boundary of the range, the user is prompted to make a decision concerning purchase or authorized use of the content. User options can be, before leaving the range, to purchase the content, to end the current session or leave the range with less than full functionality of the content, and to return to operating the user terminal within the range. | 2016-04-21 |
20160112386 | Device and Method for Secure Connection - An electronic device is provided. The electronic device includes a first short-range communication module configured to execute short-range communication with a second electronic device, a security module configured to store security information, and a processor configured to receive, from the second electronic device, a pairing key that registers the electronic device as being linked to the second electronic device, transmit session key generation information to the second electronic device when authentication with the second electronic device is completed based on the pairing key, generate a session key based on the session key generation information, encrypt the security information based on the session key, and transmit the encrypted information to the second electronic device. | 2016-04-21 |
20160112387 | SECURE DATA DESTRUCTION IN A DISTRIBUTED ENVIRONMENT USING KEY PROTECTION MECHANISMS - Organizations maintain and generate large amounts of sensitive information using computer hardware resources and services of a service provider. Furthermore, there is a need to be able to delete large amounts of data securely and quickly by encrypting the data with a key and destroying the key. To ensure that information stored remotely is secured and capable of secure deletion, cryptographic keys used by the organization should be prevented from being persistently stored during serialization operations. If the keys used to encrypt the data have not been exposed during serialization operation, they may be deleted or destroyed enabling the destruction of data encrypted with the keys. | 2016-04-21 |
20160112388 | GENERATION OF SHORT KEY FOR COMMUNICATIONS - Systems and methods for generation and use of short keys are disclosed. The systems and methods include the generation of a short kev based on the location of a first device that requests the generation of the key. The short key is sent to the first device, which in turn communicates the short key to a second device, through a display, print receipt, direct communication, or other means. The short key is entered into the second device, which in turn communicates the entered short key to a server along with location information corresponding to the second device. The server authorizes communication between the first and second devices after it determines that the short key sent by the second device matches one of the keys active in a region corresponding to the location of the second device. | 2016-04-21 |
20160112389 | SECURE TRANSFER OF USER AUTHENTICATION CREDENTIALS BETWEEN DEVICES - An embodiment for the secure transfer of authentication credentials between devices is disclosed. An embodiment for the restoration of authentication credentials is also disclosed. | 2016-04-21 |
20160112390 | Method, Apparatus, and System for Establishing a Virtual Tether between a Mobile Device and a Semiconductor Processing Tool - A method for establishing a virtual tether between a mobile device and a semiconductor processing tool, the method including: obtaining, by a mobile device, a unique key associated with the semiconductor processing tool; establishing a unique pairing between the mobile device and the semiconductor processing tool based on the unique key that is obtained by the mobile device; in response to successfully establishing the unique pairing, authenticating a user of the mobile device for access to the semiconductor processing tool; in response to successfully authenticating the user, performing resource arbitration on the semiconductor processing tool which includes reserving one or more resources associated with the semiconductor processing tool based on a level of access granted to the user; monitoring an activity level of the mobile device over a period of time; and comparing the activity level to a predetermined activity level threshold. | 2016-04-21 |
20160112391 | Collection and Storage of a Personalized, Searchable, Unstructured Corpora - An approach is provided for utilizing unstructured corpora in a Question and Answer (QA) system. A question is received at the QA system. A private corpora is generated with the private corpora being associated with the user. The private corpora is generated from private data stores associated with the user as well as private data stores associated with other users. Access to the other user's private data sources is provided to the user by the other users. The system retrieves data responsive to the question from the private corpora. The responsive data is ranked based on its relevance to the question. Likely answers are identified based on the ranked responsive data and the likely answers are provided back to the user. | 2016-04-21 |
20160112392 | METHOD AND APPARATUS FOR SHARING OF CONTENT - A device comprising: a display; a communication interface; and at least one processor configured to: receive from an external device, via the communication interface, authentication information associated with a user of the external device; transmit the authentication information to a server; transmit a request for content to the server when the device is successfully authenticated by the server based on the authentication information; receive the content from the server; and control the display to display the content. | 2016-04-21 |
20160112393 | CAPTCHA SYSTEMS AND METHODS - Systems and methods for verifying human users through cognitive processes that computers cannot imitate are described herein. Human cognitive language processing techniques may be used to verify human users. Visual patterns and tests may be used to distinguish between humans and computers because computer-based visual recognition is fundamentally different from human visual processing. Persistent plugins and tests may be used to continuously verify human users. | 2016-04-21 |
20160112394 | SYSTEMS AND METHODS FOR IMPLEMENTING A PERSONALIZED PROVIDER RECOMMENDATION ENGINE - Techniques for making personalized provider recommendations in related categories include identifying a first entity category from a plurality of entity categories based on context information. A first category relationship is identified from a plurality of category relationships based on the first entity category. The first category relationship indicates that the first entity category and a second entity category are related. A first provider specific profile is identified from a plurality of provider specific profiles based on user profile data associated with a user account. The first provider specific profile is associated with the first entity category. A second provider specific profile associated with the second entity category is identified from the plurality of provider specific profiles based on the user profile data. A plurality of providers including a first provider associated with the first provider specific profile and a second provider associated with the second provider specific profile is displayed. | 2016-04-21 |
20160112395 | INFORMATION PROCESSING DEVICE, INFORMATION MANAGEMENT METHOD, AND INFORMATION PROCESSING SYSTEM - An information processing device that is connected to another information processing device includes a memory storing a program, a first authentication information for each user to access the information processing device and a second authentication information in association with the first authentication information for the each user to access the another information processing device; and a processor that performs the program so as to execute a method including the steps of receiving an acquisition request that is sent from a client device according to the first authentication information, transmitting a list including files that are accessible according to the second authentication information in association with the first authentication information of the received acquisition request, receiving an execution request to execute at least one of the files and the folders that are included in the list, and executing a process according to the execution request by using the second authentication information. | 2016-04-21 |
20160112396 | Password Manipulation for Secure Account Creation and Verification Through Third-Party Servers - A method and system for deterring attacks at potential breach points between servers and an account and login server for creating and subsequent verification of accounts. Various cryptographic primitives are used to manipulate passwords to generate verifiers. The verifiers are used with external hardware security modules (HSMs) to eliminate HSMs and intermediate steps between the HSM and login servers as potential breach points. | 2016-04-21 |
20160112397 | ANOMALY DETECTION FOR ACCESS CONTROL EVENTS - Methods for managing access to protected resources within a computing environment and detecting anomalies related to access control events are described. An access control system may acquire a request for access to a protected resource, identify a username associated with the request, acquire contextual information associated with the request for access (e.g., a time of day associated with a location of a device making the request), acquire a baseline set of rules for the username, detect a deviation from the baseline set of rules based on the contextual information, acquire additional authentication information in response to detecting the deviation, authorize access to the protected resource based on the additional authentication information, generate a record of the request for access including the contextual information, and update the baseline set of rules if an intrusion to the access control system has not been detected within a threshold period of time. | 2016-04-21 |
20160112398 | ALLOWING A USER TO EASILY COLLABORATE WITH USERS FROM OUTSIDE ORGANIZATIONS WHERE THE USER HAS VISITOR STATUS BY SELECTING AN OBJECT ASSOCIATED WITH THE OUTSIDE ORGANIZATION THAT IS DISPLAYED ON THE USER INTERFACE OF THE USER'S COMPUTING DEVICE - A method, system and computer program product for allowing a user to easily collaborate with users from different organizations. In response to authenticating the user to access the environment of the user's home organization, a list of outside organizations where the user has visitor status is obtained. Outside organization(s) in the list of outside organizations that have content to be viewed by the user are identified. An object associated with the user's home organization, objects associated with the outside organizations where the user has visitor status as well as indications (e.g., star) associated with those outside organizations that have content to be shared with the user are displayed on the user interface of the user's computing device. In this manner, the user will be able to collaborate with an outside organization that has content to be shared in response to selecting the object associated with the outside organization. | 2016-04-21 |
20160112399 | INFORMATION PROCESSING DEVICE - A login controller has a function of allowing a user to log in to an information processing apparatus. A sign-in controller has a function of allowing the user to sign in to a network service provided by a server. At login time, a login information receiving unit receives a pass code input by the user for login authentication. A login processing unit performs login authentication using the received pass code. If it is determined that the pass code received by the login processing unit is incorrect, a sign-in processing unit causes the user to sign out of the network service. When the user again signs in to the network service, a screen generating unit receives the pass code for login authentication. A registration processing section then registers the received pass code in a registered user information holding section as a new pass code. | 2016-04-21 |
20160112400 | SIMPLIFIED CONFIGURATION OF A NETWORK DEVICE - Methods, systems, and computer readable media can be operable to pair a client device with a CPE device. The methods, systems and computer readable media described in this disclosure can enable the pairing of a client device with a CPE device upon a connection of the client device to a whole-network associated with the CPE device. Further, methods, systems and computer readable media can enable the secure pairing of a client device with a CPE device with little to no user-input. | 2016-04-21 |
20160112401 | SYSTEMS AND METHODS FOR DETERMINING A STRENGTH OF A CREATED CREDENTIAL - Devices, systems, and methods for determining a strength of a created credential are provided. The device includes one or more processors configured to decompose a created credential into credential components, parse the credential components using a limited dictionary, determine a probability of the credential components using a limited ruleset, and calculate a score of the created credential based on the determined probability. The device also includes a memory, the memory storing the limited dictionary and the limited ruleset, and a network interface component coupled to a network, the network interface component configured to transmit the created credential to a remote server over the network for a secondary credential strength determination if the calculated score is above a threshold. | 2016-04-21 |
20160112402 | Single Sign-on via Application or Browser - Single sign-on techniques via an application or browser are described. In one or more implementations, a single instance of entry of authentication information is received that is entered via interaction with an application or browser of a computing device. Responsive to this receipt, the single instance of the entry of authentication information is used by the computing device automatically and without user intervention to cause authentication to obtain access to one or more network services that are accessible via a network by the application and the browser. | 2016-04-21 |
20160112403 | METHOD AND APPARATUS FOR BULK AUTHENTICATION AND LOAD BALANCING OF NETWORKED APPLIANCES - A new approach is proposed that contemplates systems and methods to support bulk authentication of an appliance associated with a user to all cloud-based services the appliance intends to access in one transaction instead of authenticating the appliance against each of the services individually. First, the appliance generates and transmits to an authentication service cluster an authentication request that includes its identification and authentication credentials in order to access to a plurality of services. Upon receiving the authentication request, the authentication service cluster authenticates the appliance for all of the services to be accessed based on the information in the authentication request. Once the appliance is authenticated, the authentication service cluster then retrieves entitlement information of the services to be accessed by the appliance, and identifies the service clusters/nodes that the appliance will connect to for the services with the fastest response time. | 2016-04-21 |
20160112404 | Systems and Methods for Synchronized Sign-on Methods for Non-programmatic Integration systems - Systems and methods for automatically signing a user on to an integration application when a user signs on to another application and signing a user off when the user signs off of the other application. The integration application automatically non-programmatically collects data from a mapped location of a mapped source reference of the other application. The collected data includes a user identifier value. The integration continuously monitors the collected user identifier value for a difference in the collected user identifier value. If the collected user identifier value is recognized by the integration application, the user is signed into the integration application using the collected user identifier value, and if a difference in the collected user identifier value is detected, the user is signed off of the integration application. | 2016-04-21 |
20160112405 | System, Network Terminal, Browser And Method For Displaying The Relevant Information Of Accessed Website - A method, browser, network device and system for presenting relevant information of accessed website are disclosed in the present disclosure. The method comprises the following steps: receiving the website address of the accessed website at the browser; requesting a security detecting device to detect the website address; receiving the detecting result returned from the security detecting device; when the website address is indicated to be a malicious website address by the detecting result, displaying a prompt message that the accessed website is a malicious website at the browser; and when the website address is indicated to be an un-malicious website address by the detecting result, obtaining the website certification information of the accessed website from a first server, and displaying the obtained website certification information at the browser. The technical solution of the present disclosure can solve the problem that, if a remote server had not been updated in time, the website would be displayed as a safe website even if the accessed website has a virus. A beneficial effect of higher veracity in security detecting of the accessed website is achieved. | 2016-04-21 |
20160112406 | AUTHENTICATION AND AUTHORIZATION IN AN INDUSTRIAL CONTROL SYSTEM USING A SINGLE DIGITAL CERTIFICATE - Systems and methods for performing access control in an industrial control system are described. A first component of an industrial control system may be connected to a second component of the industrial control system. A digital certificate may be generated for the first component that includes both authentication information and authorization information associated with the first component. The first component may transmit the digital certificate to the second component, and the second component may extract the authorization information from the digital certificate. The second component may identify a set of access rights based on the authorization information extracted and authorize the first component to access the second component based on the set of access rights identified. | 2016-04-21 |
20160112407 | USING AN ENHANCED DATA AGENT TO RESTORE BACKED UP DATA ACROSS AUTONOMOUS STORAGE MANAGEMENT SYSTEMS - An exemplary system preserves the autonomy of two or more distinct storage management systems all the while enabling backed up data to be restored from a first storage management system (the “local system”) to a specially-configured client in a second storage management system (the “remote system”). For example, backed up data in the local system (e.g., a secondary copy of production data) may be transferred, in a restore operation, from secondary storage in the local storage management system, which originated the data, to a client of the remote storage management system (the “remote client”). As a specially-configured “restore-only client,” the remote client is limited to receiving backed up data from the local storage management system, via restore operation(s) managed by the local storage manager. The remote client remains a full-fledged client in its home system, the remote storage management system. | 2016-04-21 |
20160112408 | SCALABLE GROUPS OF AUTHENTICATED ENTITIES - Example embodiments provide various techniques for securing communications within a group of entities. In one example method, a request from an entity to join the group is received and a signed, digital certificate associated with the entity is accessed. Here, the signed, digital certificate is signed with a group private key that is associated with a certification authority for the group. The signed, digital certificate is added to a group roster, and this addition is to admit the entity into the group. The group roster with the signed, digital certificate is itself signed with the group private key and distributed to the group, which includes the entity that transmitted the request. Communication to the entity is then encrypted using the signed, digital certificate included in the group roster. | 2016-04-21 |
20160112409 | SPATIAL AND TEMPORAL VERIFICATION OF USERS AND/OR USER DEVICES - Approaches for facilitating spatial and temporal verification of users and/or user devices are disclosed. In some implementations, a user device may be detected within a short wireless communication range. A wireless communication session with the user device may be initiated based on the detection. Information identifying a first integrity-based certificate may be received from the user device during the wireless communication session during a first time period. Information identifying a second integrity-based certificate associated with a second time period may be provided responsive to determining that the first integrity-based certificate is a valid integrity-based certificate associated with the first time period. The second integrity-based certificate may be configured to allow network access for the user device during the second time period. | 2016-04-21 |
20160112410 | SECURE OVER-THE-AIR PROVISIONING SOLUTION FOR HANDHELD AND DESKTOP DEVICES AND SERVICES - In one embodiment, a device and a services provisioning system establish an over-the-air connection with each other, and perform device posture validation to obtain a unique identification (ID) of the device at the provisioning system. The device and provisioning system then participate in device and user authentication in response to a confirmed unique ID by a backend access control system, where the device generates a secure key pair after successful user authentication. In response to the device being approved for services (e.g., checked by the provisioning system via a registration system), the provisioning system provides a root certificate to the device, and the device sends a certificate enrollment request back to the provisioning system. In response to a certificate authority signing the certificate request, the provisioning system returns a valid certificate to the device, and the valid certificate is installed on the device. | 2016-04-21 |
20160112411 | ONE TIME CREDENTIALS FOR SECURE AUTOMATED BLUETOOTH PAIRING - Various communication devices may benefit from one time credentials applied in secure automated pairing to improve the security of pairing. For example, certain unattended communication devices capable of implementing mechanisms used for Bluetooth pairing to authenticate with each other may benefit from one time credentials applied in secure automated Bluetooth pairing. A method may include initiating Bluetooth pairing from a first device to a second device. The method may also include querying the second device for a sequence value before pairing is initiated. The method may further include computing a personal identification number/passkey of the first device for the pairing with an arbitrary algorithm. The method may also include pairing, with the personal identification number/passkey, the first device with the second device. The personal identification number/passkey can be determined based on at least one arbitrary shared secret between the first device and the second device, and the sequence value. | 2016-04-21 |
20160112412 | TOKEN BASED ONE-TIME PASSWORD SECURITY - A one-time password (OTP) based security scheme is described, where a provider pre-generates a number of verification codes (e.g., OTP codes) which will be valid for a predetermined interval. The provider then encodes the verification codes (e.g., by hashing each code with a time value), and stores the verification codes into a data structure. The data structure can be provided to a verification system that can use the set of pre-generated OTP codes to authenticate requests received from users having personal security tokens. | 2016-04-21 |
20160112413 | Method for controlling security of cloud storage - A method for controlling security of cloud storage is developed to solve the problem in the prior art that the private key has a low security since the provider of the cloud storage service needs to control the private key in the case of sharing storage. The method comprises: encrypting a private key assigned to a user with two different encryption modes to obtain a first key and a second key and storing the first key and the second key; receiving an answer to a security question inputted by the user when decrypting the first key with a user password fails, and decrypting the second key with the answer to the security question to obtain the private key; and resetting the user password, encrypting the private key obtained by decryption with the answer to the security question to obtain a new first key. | 2016-04-21 |
20160112414 | NETWORK AUTHENTICATION METHOD AND SYSTEM BASED ON EYE TRACKING PROCEDURE - A network authentication method and a system based on an eye tracking procedure are provided. An image capturing unit of a user terminal captures a face image sequence of a user, and transmits the face image sequence to a server terminal such that the server terminal executes an authentication procedure to return an authentication result. The user terminal executes an eye tracking procedure based an eye movement of the user. The user terminal transmits an emergency signal to the server terminal if the user terminal determines that an emergency mode is triggered during the eye tracking procedure. | 2016-04-21 |
20160112415 | METHOD OF PROVIDING INFORMATION SECURITY AND ELECTRONIC DEVICE THEREOF - A method of operating an electronic device and an electronic device are provided. The method includes generating biometric information using at least one sensor of the electronic device, and storing the generated biometric information in a memory of the electronic device, generating access right information relating to the biometric information, determining whether an external electronic device is connected to the electronic device, and when the external electronic device is connected to the electronic device, transmitting the generated access right information to the external electronic device. | 2016-04-21 |
20160112416 | VERIFYING A USER BASED ON DIGITAL FINGERPRINT SIGNALS DERIVED FROM OUT-OF-BAND DATA - In general, embodiments of the present invention provide systems, methods and computer readable media for providing a user verification service based on analyzing digital fingerprint signals derived from out-of-band data (i.e., data not directly supplied by the user). In some embodiments, a digital fingerprint engine embedded in an app hosted on a client device being accessed by a user reads various device or user data and then creates a set of encoded user verification data representing out-of-band data stored locally on that device. In some embodiments, the user verification data are encoded as hashes generated by a hash function. In some embodiments, the app is configured to contact a business server via the cloud, and the set of digital fingerprints are included in an authorization request transmitted from the client device to the business server. In some embodiments, a digital fingerprint verification service verifies the set of digital fingerprints by determining whether they match any of a stored set of digital fingerprints representing a group of previously verified users. | 2016-04-21 |
20160112417 | TERMINAL FOR STRONG AUTHENTICATION OF A USER - A method for negotiating reciprocal access to secured data in a computing terminal comprising authenticating, by an application in the computing terminal, the first party by means of transmitting authentication data read on the computing terminal to an application server of the computing terminal configured to store data in the computing terminal, authenticating, by the application, the second party, accepting, by the second party, a negotiation request, defining and sending, by the second party, proposed conditions of access to the secured data, negotiating and accepting, by the first party and the second party, the conditions for access to the secured data, and creating, by the application server, a negotiated digital certificate for the first party and a negotiated digital certificate for the second party, wherein each of the negotiated digital certificates is encrypted with a public key, wherein the public key is configured to control access to the secured data. | 2016-04-21 |
20160112418 | SYSTEMS AND METHODS FOR INTERACTION AMONG TERMINAL DEVICES AND SERVERS - System and method are disclosed for providing authentication of a terminal device. One embodiment includes a method implemented by a first terminal device. The method may include receiving first location information and receiving a first predetermined signal. The method may also include transmitting status information and the first location information to a server upon receiving the first predetermined signal to allow the server to compare the first location information with second location information received from a second terminal device and to allow the server to transmit the status information to the second terminal device. The status information may indicate that the first terminal device is authenticated and the first location information may indicate a current location of the first terminal device. | 2016-04-21 |
20160112419 | Account Login Method, Device, and System - An account login method detects whether an account login request carries an indicator for keeping a logged-in state to determine whether a user decides to keep a logged-in state, and authentication information allocated by an integrated data services platform is stored when it is determined that a logged-in state on a third-party application or website needs to be kept; therefore, in a subsequent login process, the third-party application or website may use the authentication information to automatically perform authentication login to the integrated data services platform. | 2016-04-21 |
20160112420 | RUNTIME API FRAMEWORK FOR CLIENT-SERVER COMMUNICATION - In particular embodiments, a method includes receiving, by a computing device including an import/export framework, encoded client data. The client data may be encoded by a generic transcoding service. The method includes performing load-balancing based at least in part on the client data, authorizing the client's access of a remote application, and exporting the encoded client data to the remote application. | 2016-04-21 |
20160112421 | METHOD AND APPARATUS FOR SELECTIVE ACTIVATION OF UNIVERSAL SERIAL BUS (USB) PORTS - A method, non-transitory computer readable medium, and apparatus for selectively activating a universal serial bus (USB) port are disclosed. For example, the method receives a predefined list of services that are acceptable to work with the USB port, configures the USB port based on the predefined list of services, receives an indication that a service is requested via the USB port and provides the service via the USB port when the USB port is configured to provide the service based on the predefined list of services. | 2016-04-21 |
20160112422 | INFORMATION PROCESSING SYSTEM AND DEVICE CONTROL METHOD - An information processing system includes a terminal device connected to a first network; and an information processing device connected to a second network that is different from the first network. The terminal device includes an information retrieval unit for retrieving, from an electronic device, identification information of the information processing device and first authentication information; an access data retrieval unit for retrieving access data from the information processing device; and a processing request unit for transmitting a request for processing to the electronic device. The information processing device includes an information providing unit for providing, to the electronic device, the identification information of the information processing device and the first authentication information; an access data providing unit for providing, to the terminal device, the access data; and a processing request transmission determining unit for transmitting the request for processing from the terminal device to the electronic device. | 2016-04-21 |
20160112423 | SYSTEMS, METHODS AND APPARATUSES FOR BROKERING DATA BETWEEN WIRELESS DEVICES, SERVERS AND DATA RENDERING DEVICES - Provided are methods, systems, and apparatuses for data brokering between hand held wireless devices (WDs) and data rendering devices (DRDs). DRDs in the form of multimedia devices used for rendering data by printing (e.g., to a networked printer) or displaying video data (e.g., televisions, video monitors, and projectors) are provided with data for rendering at the DRD at the request of WDs. DRDs are capable of receiving data data from a network at the request of a WD and/or directly from a WD as the host and then rendering or displaying the data on devices capable of receiving and processing the data. DRD (e.g., printers and multimedia video devices) can also be controlled by the WD during display of the data and to control display of the data. | 2016-04-21 |
20160112424 | COMMUNICATIONS SYSTEM FOR RESIDENTS OF SECURE FACILITY - A system and a method are provide for two-way communications, automated request handling, and push notifications, via SMS, MMS, IM, email, and other electronic messaging systems, between (1) residents confined to a secure facility, such as a jail or a prison, and (2) persons located outside the secure facility who have friendly or family relationships with the confined residents. | 2016-04-21 |
20160112425 | SYSTEMS AND METHODS FOR PROVIDING DYNAMICALLY SELECTED MEDIA CONTENT ITEMS - Systems, methods, and non-transitory computer-readable media can identify a set of media content items associated with a first user of a social networking system. It can be determined that a second user of the social networking system is attempting to access at least a portion of the set of media content items associated with the first user. A first subset of media content items can be dynamically selected out of the set of media content items. In some cases, each media content item in the first subset can satisfy specified selection criteria. The second user can be provided with access to a representation of the first subset of media content items. In some instances, the representation of the first subset can be provided in a media access interface associated with the first user. | 2016-04-21 |
20160112426 | PRE-AUTHORIZING A CLIENT APPLICATION TO ACCESS A USER ACCOUNT ON A CONTENT MANAGEMENT SYSTEM - A content management system can tag a client installer with an information tag linking the client installer to a user account. The client installer can be configured to install the client-side application on the client device and pass the identification tag to the installed client-side application. The client-side application can transmit the identification tag to the content management system, which can use the identification tag to identify the linked user account and log the client-side application into the user account. The content management system can implement several verification measures such as limiting the number of times and when an identification tag can be used, as well as IP addresses that can use the identification tag. The content management system can also use data cached by the web-browser application to determine if the web-browser application was used to access the user account in the past. | 2016-04-21 |
20160112427 | COMMUNICATION MODEL BASED ON USER ROLE - A non-transitory computer readable medium includes instructions which, when executed by one or more hardware processors, causes performance of operations. The operations include receiving, by a network device from a first user device, a first message addressed to a second user device and identifying a first user role associated with the first user device and a second user role associated with the second user device. The operations further include determining whether a set of predefined user role relationships authorizes a communication between user devices having the first user role and user devices having the second user role. In response to determining that the set of predefined user role relationships do not authorize the communication between user devices having the first user role and user devices having the second user role, the operations refrain forwarding the first message from the first user device to the second user device. | 2016-04-21 |
20160112428 | CONTENT ACCESS CONTROL IN A SOCIAL NETWORK - Disclosed are systems and methods associated with a social network application. A plurality of posts associated with a client system user is displayed. First and second posts in the plurality of posts are respectively associated with first and second recipient groups. While the posts are displayed, a content item area is displayed. An input, comprising a content item, is received from the user in the content item area. An affordance is presented that enables the user to designate access control information corresponding distribution entities. The content item and the access control information are transmitted to a system whereupon access to the content item is restricted in accordance with the access control information. | 2016-04-21 |
20160112429 | ROLE BASED ACCESS CONTROL FOR CONNECTED CONSUMER DEVICES - A processing device authenticates a computing device of a user to a user account. The processing device determines a role associated with the user account, and additionally determines access permissions to one or more resources based on the role. The processing device then grants to the computing device access to the one or more resources to be protected in an internet of things (IoT) solution. | 2016-04-21 |
20160112430 | Enhanced Security for Electronic Communications - Techniques are described for providing enhanced security for electronic communications, such as by including in a message sent between two services a digital signature that is generated by using secret information known to the services, so that the recipient receives assurance regarding the sender's identity if the recipient can replicate the received digital signature using the secret information known to the recipient. In some situations, the enhanced security is used in communications to and/or from an access manager system that provides single sign-on functionality and other functionality to other services for use with those services' users, such as to prevent malicious phishers from inappropriately gaining access to user information. Various services may use the enhanced security techniques when interacting with the access manager system at various times, such as to initiate sign-on for a user and/or to take subsequent action on behalf of a signed-on user. | 2016-04-21 |