01st week of 2019 patent applcation highlights part 74 |
Patent application number | Title | Published |
20190007326 | AGGREGATING FLOWS BY ENDPOINT CATEGORY - A computer-implemented method of preventing communications based on endpoint category is provided that comprises: accessing, by one or more processors of a router, a data packet that indicates a source identifier that identifies a source endpoint and a destination identifier that identifies a destination endpoint; determining, by the one or more processors of the router, a source category based on the source identifier; determining, by the one or more processors of the router, a destination category based on the destination identifier; and based on the source category and the destination category, refraining from sending the data packet to the destination endpoint. | 2019-01-03 |
20190007327 | AUTOMATIC RULE GENERATION FOR FLOW MANAGEMENT IN SOFTWARE DEFINED NETWORKING NETWORKS - In an example embodiment, a Software Defined Networking (SDN) application identifies a domain based on a destination address of a packet that is associated with a primary service. The domain corresponds to the primary service, and the primary service is configured to trigger one or more support flows from one or more ancillary services. The SDN application identifies the one or more support flows based on the domain, and generates one or more rules for distribution to one or more network elements that handle packets of the one or more support flows from the one or more ancillary services. | 2019-01-03 |
20190007328 | METHOD FOR CONTROLLING TRANSMISSION OF DATA - Methods, nodes, a wireless communication device and computer programs to be usable in association with controlling transmission of at least one data unit via a first link between a first access node and a wireless communication device and via a second link between the first access node and the wireless communication device via the second access node are described. In one embodiment, the method may be performed by the first access node and may comprise receiving first transmission delay information indicative of a transmission delay of the first link and/or second transmission delay information indicative of the second link, and controlling the transmission of said data unit based on the first and/or second transmission delay information. | 2019-01-03 |
20190007329 | METHOD FOR ENFORCEMENT OF NON-IP DATA POLICING OVER THE SERVICE EXPOSURE FUNCTION - The invention describes a solution for configuration of policy and other QoS parameters for the non-IP data transmission path over SCEF. Policy enforcement in UL and DL are proposed to avoid the excessive data transmission to/from IoT or M2M devices. | 2019-01-03 |
20190007330 | TECHNOLOGIES FOR SCALABLE NETWORK PACKET PROCESSING WITH LOCK-FREE RINGS - Technologies for network packet processing include a computing device that receives incoming network packets. The computing device adds the incoming network packets to an input lockless shared ring, and then classifies the network packets. After classification, the computing device adds the network packets to multiple lockless shared traffic class rings, with each ring associated with a traffic class and output port. The computing device may allocate bandwidth between network packets active during a scheduling quantum in the traffic class rings associated with an output port, schedule the network packets in the traffic class rings for transmission, and then transmit the network packets in response to scheduling. The computing device may perform traffic class separation in parallel with bandwidth allocation and traffic scheduling. In some embodiments, the computing device may perform bandwidth allocation and/or traffic scheduling on each traffic class ring in parallel. Other embodiments are described and claimed. | 2019-01-03 |
20190007331 | Openflow Match and Action Pipeline Structure - An embodiment of the invention includes a packet processing pipeline. The packet processing pipeline includes match and action stages. Each match and action stage in incurs a match delay when match processing occurs and each match and action stage incurs an action delay when action processing occurs. A transport delay occurs between successive match and action stages when data is transferred from a first match and action stage to a second match and action stage. | 2019-01-03 |
20190007332 | PROCESSORS AND METHODS WITH CONFIGURABLE NETWORK-BASED DATAFLOW OPERATOR CIRCUITS - Systems, methods, and apparatuses relating to configurable network-based dataflow operator circuits are described. In one embodiment, a processor includes a spatial array of processing elements, and a packet switched communications network to route data within the spatial array between processing elements according to a dataflow graph to perform a first dataflow operation of the dataflow graph, wherein the packet switched communications network further comprises a plurality of network dataflow endpoint circuits to perform a second dataflow operation of the dataflow graph. | 2019-01-03 |
20190007333 | PACKET SERVICING PRIORITY BASED ON COMMUNICATION INITIALIZATION - Techniques directed to servicing communications based on when communication sessions are initialized for nodes are described. For example, a routing device may prioritize packets in a buffer according to when nodes have initiated communication sessions with a service provider or another node. The routing device may give priority to nodes that have first initiated communication sessions. This may avoid communication sessions ending prematurely due to time-out periods and/or avoid delays in completing communication sessions. | 2019-01-03 |
20190007334 | Remote Hardware Acceleration - A host fabric interface (HFI) apparatus, including: an HFI to communicatively couple to a fabric; and a remote hardware acceleration (RHA) engine to: query an orchestrator via the fabric to identify a remote resource having an accelerator; and send a remote accelerator request to the remote resource via the fabric. | 2019-01-03 |
20190007335 | PROVIDING STREAMING MEDIA DATA - A system for servicing streaming media requests. The system includes stream director nodes and intelligent stream engine nodes, such as permanent storage devices with network interfaces. The stream director node receives a streaming media request and enqueues the request until all resources on a path from the stream engine node having the media object being requested to the user/client system have been reserved. Once reserved, the enqueued request is then serviced by requesting the stream object from the stream engine node, which then transfers the requested stream object between the stream engine node and the user/client system over the prepared path without involving the stream director node. Upon completion, the prepared path is torn down. In one embodiment the prepared path is a Label Switched Path. A provision is made for balancing the load among the stream engine nodes by duplicating stream objects on other stream engine nodes. | 2019-01-03 |
20190007336 | HIERARCHICAL FAIRSHARE OF MULTI-DIMENSIONAL RESOURCES - Implementing a fair share of resources among one or more scheduling peers. Resource allocations are received for a plurality of scheduling peers. For each scheduling peer, a usage percentage difference is determined between their respective usage percentage and configured share ratio. For a first competing peer that is served more than a second competing peer, resource allocation is adjusted such that resources from the first competing peer are allocated to the second competing peer based, at least in part, on a time decay factor function that gives less weight to the usage percentage difference as an age of the usage percentage difference increases. | 2019-01-03 |
20190007337 | DEVICE AND METHOD FOR MANAGING END-TO-END CONNECTIONS OF A NETWORK WITHIN A CENTRAL NETWORK MANAGEMENT ENTITY - Managing end-to-end connections of a network includes estimating a load of network resources, and providing a quality of service status of the network. Quality of service parameters within the network are pre-calculated based on the load of the network resources and the quality of service status of the network, and the network resources are pre-allocated based on the pre-calculated quality of service parameters. Data packets are routed based on the pre-allocated network resources. | 2019-01-03 |
20190007338 | CONTROLLING FAIR BANDWIDTH ALLOCATION EFFICIENTLY - Micro-schedulers control bandwidth allocation for clients, each client subscribing to a respective predefined portion of bandwidth of an outgoing communication link. A macro-scheduler controls the micro-schedulers, by allocating the respective subscribed portion of bandwidth associated with each respective client that is active, by a predefined first deadline, with residual bandwidth that is unused by the respective clients being shared proportionately among respective active clients by a predefined second deadline, while minimizing coordination among micro-schedulers by the macro-scheduler periodically adjusting respective bandwidth allocations to each micro-scheduler. | 2019-01-03 |
20190007339 | METHOD AND DEVICE FOR MANAGING STATEFUL APPLICATION ON SERVER - Embodiments of the present disclosure relate to a method and a device for managing a stateful application on a server. The method includes, in response to receiving a first request from a client for initializing the stateful application, allocating a storage resource to the stateful application. The method further includes, in response to receiving a second request from the client for processing data, storing the data in the storage resource. The method also includes enabling the stateful application to process the stored data. | 2019-01-03 |
20190007340 | SYSTEM AND METHOD FOR MONITORING TOOLING ACTIVITIES - An apparatus or system and method or process for displaying tool or die data or other tool or processing information on a display window of a webpage. A method for displaying tool data from a reciprocating tool includes positioning a monitor with respect to the reciprocating tool and the monitor recording data from the reciprocating tool. The data is communicated and then stored in a remote data storage location as stored tool data. The stored tool data is processed and then displayed, for example in the window of the webpage. | 2019-01-03 |
20190007341 | LARGE SCALE FABRIC ATTACHED ARCHITECTURE - A plurality of fabric controllers distributed throughout a fabric attached architecture and each associated with at least one resource node. The plurality of fabric controllers configured to control each associated resource node. Resources of the resource nodes are utilized in virtual environments responsive to respective fabric controllers issuing instructions received from the fabric attached architecture to respective resource nodes. | 2019-01-03 |
20190007342 | REPLACEMENT OF LOGICAL NETWORK ADDRESSES WITH PHYSICAL NETWORK ADDRESSES - Some embodiments provide a method, that receives a packet having a first logical network address as a source address and a second logical network address as a destination network address. The method replaces the first and second logical network addresses with corresponding first and second physical network addresses. The method transmits the packet having the first and second physical network addresses as source and destination network addresses without encapsulation to a physical network for delivery to the second logical network address. | 2019-01-03 |
20190007343 | Method and Apparatus to Optimize Multi-Destination Traffic Over Etherchannel in Stackwise Virtual Topology - Methods and systems are disclosed. The method comprises: designating a first plurality of links from a first stack segment to a second stack segment as a first etherchannel link; designating a second plurality of links from the first stack segment to a third stack segment as a second etherchannel link, where the second stack segment and the third stack segment are in communication with a fourth stack segment; designating the first etherchannel link and the second etherchannel link as members of a hierarchical etherchannel link; and sending a packet from the first stack segment to the fourth stack segment using the hierarchical etherchannel link. | 2019-01-03 |
20190007344 | MULTIPLEXING METHOD FOR SCHEDULED FRAMES IN AN ETHERNET SWITCH - The method comprises the steps of: a) providing a plurality of memory buffers, associated to respective indexes of priority, each buffer comprising one queue of frames having a same index of priority, b) sorting the received frames in a chosen buffer according to their index of priority, c) in each buffer, sorting the frames according to their respective timestamps, for ordering the queue of frames in each buffer from the earliest received frame on top of the queue to the latest received frame at the bottom of the queue, and d) feeding the transmitting ports with each frame or block of frame to transmit, in an order determined according to the index of priority of the frame, as well as an order of the frame or of the block of frame in the queue associated to the index of priority of the frame. | 2019-01-03 |
20190007345 | SYSTEM AND METHOD TO USE QUEUE PAIR 1 FOR RECEIVING MULTICAST BASED ANNOUNCEMENTS IN MULTIPLE PARTITIONS IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT - Systems and methods for using queue pair 1 (QP1) for receiving multicast based announcements in multiple partitions in a high performance computing. In accordance with an embodiment, by extending the scope of QP1 to also include receiving and sending multicast packets in any partition defined for the port, it is possible to implement generic MC based announcement and discovery without requiring the complexity of unique QPs for individual partitions, nor any update of QP configuration as a consequence of change of partition membership. | 2019-01-03 |
20190007346 | SYSTEM AND METHOD TO USE ALL INCOMING MULTICAST PACKETS AS A BASIS FOR GUID TO LID CACHE CONTENTS IN A HIGH PERFORMANCE COMPUTING ENVIRONMENT - Systems and methods to use all incoming multicast (MC) packets as a basis for global unique identifier (GUID) to local identifier (LID) cache contents in a high performance computing environment, in accordance with an embodiment. Since all multicast packets have a Global Route Header (GRH), there is always both a source GID and a source LID defined for an incoming multicast packet. This implies that it is, in general, possible for an HCA implementation to gather information about GID and GUID to LID mappings for any sender node based on all incoming MC packets. | 2019-01-03 |
20190007347 | TECHNOLOGIES FOR EXTRACTING EXTRINSIC ENTROPY FOR WORKLOAD DISTRIBUTION - Technologies for distributing network packet workload are disclosed. A compute device may receive a network packet and determine network packet extrinsic entropy information that is based on information that is not part of the contents of the network packet, such as an arrival time of the network packet. The compute device may use the extrinsic entropy information to assign the network packet to one of several packet processing queues. Since the assignment of network packets to the packet processing queues depend at least in part on extrinsic entropy information, similar or even identical packets will not necessarily be assigned to the same packet processing queue. | 2019-01-03 |
20190007348 | METHOD FOR TRANSFERRING TRANSMISSION DATA FROM A TRANSMITTER TO A RECEIVER FOR PROCESSING THE TRANSMISSION DATA AND MEANS FOR CARRYING OUT THE METHOD - A method involves transferring a transmittal data block from a transmitting device via an Ethernet connection to a receiving device which has a storage for storing a transferred transmittal data block, and a processor for at least partially processing the transferred transmittal data block stored in the storage. The transmitting device forms from the data of the transmittal data block a sequence of Ethernet packets, comprising respectively management data and a transmittal data sub-block. The receiving device receives the Ethernet packets of the respective sequence and, while employing at least a part of the management data, writes the transmittal data sub-blocks of the received Ethernet packets of the sequence of Ethernet packets for the transmittal data block to the storage, wherein not upon or after the writing each of the transmittal data sub-blocks an interrupt is sent to the processor. | 2019-01-03 |
20190007349 | TECHNOLOGIES FOR DYNAMIC BATCH SIZE MANAGEMENT - Technologies for dynamically managing a batch size of packets include a network device. The network device is to receive, into a queue, packets from a remote node to be processed by the network device, determine a throughput provided by the network device while the packets are processed, determine whether the determined throughput satisfies a predefined condition, and adjust a batch size of packets in response to a determination that the determined throughput satisfies a predefined condition. The batch size is indicative of a threshold number of queued packets required to be present in the queue before the queued packets in the queue can be processed by the network device. | 2019-01-03 |
20190007350 | RESPONSE RETRIEVAL USING COMMUNICATION SESSION VECTORS - Systems and methods are disclosed for response retrieval using communication session vectors. In one implementation, a first communication session is received. The first communication session includes a first communication. The first communication session is encoded as a first vector. A second vector is identified within a defined proximity of the first vector. The second vector represents a second communication session that includes a second communication. The second communication is provided within the first communication session in response to the first communication. | 2019-01-03 |
20190007351 | REAL-TIME NOTIFICATIONS OF CONCURRENT EMAIL THREAD REPLIES - In an embodiment of the present invention, a first message is determined. The first message is associated with two or more users. The two or more users include a sender of the first message and one or more recipients of the first message. In response to determining that a first user of the two or more users is currently generating a second message, which is a response to the first message, it is determined whether a second user of the two or more users of the first message is currently generating a third message, which is a response to the first message. In response to determining that the second user is currently generating the third message, the first user is notified that the second user is currently generating the third message, and the second user is notified that the first user is currently generating the second message. | 2019-01-03 |
20190007352 | USER TERMINAL AND SEARCH SERVER PROVIDING A SEARCH SERVICE USING EMOTICONS AND OPERATING METHOD THEREOF - A method of proving a search service using an emoticon according to an embodiment of the present invention includes: displaying one search emoticon selected by a user from search emoticons displayed in a chat window; transmitting a search request by receiving a user input for the search emoticon displayed in a chat area; and displaying a result emoticon including a search result according to the search request of the chat area. Accordingly, a search service may be provided without exiting a chat application, and a convenient search environment providing a direct search service without executing an additional web browser for the search service may be provided to the user. | 2019-01-03 |
20190007353 | Form Based User Interactions Via Messaging Channels - A channel independent metadata representation of forms is stored by an online system that interacts with client devices via a plurality of messaging channels. The online system allows use of forms by various messaging channels. The online system receives a request identifying a form and a messaging channel. The online system retrieves a channel independent metadata representation of the selected form. The online system generates a channel specific representation of the selected form for the identified messaging channel from the metadata representation. The generated form representation is sent by the online system to the client device via the messaging channel. The client device may render a user interface comprising the form. | 2019-01-03 |
20190007354 | PROXIMITY TRIGGERED SAMPLING - In one embodiment, a computer-implemented method comprising receiving data corresponding to an interaction with a user; based on the received data, predicting a moment in time when a state of the user is likely to change; and causing a change in one or a combination of message function characteristics or data collection function characteristics at the moment in time. | 2019-01-03 |
20190007355 | COMMUNICATING WITH CLIENT DEVICES USING OVER-THE-TOP COMMUNICATION CHANNELS - An online system allows client devices to communicate via over-the-top (OTT) messaging channels. The client devices may not be coupled via a particular OTT messaging channel. The online system also allows a client device to communicate via an OTT channel with another client device that uses a non-OTT channel. The online system receives a request from a first client device via an OTT channel and establishes a connection with the client device via the OTT messaging channel. The online system allows the client device to communicate with another client device by establishing a connection with the other client device. The connection with the second client device may be established via a different OTT messaging channel or via a non-OTT messaging channel. The online system may be a multi-tenant system that allows client devices of users to connect with client devices of enterprises that are tenants of the multi-tenant system. | 2019-01-03 |
20190007356 | INCOMING COMMUNICATION FILTERING SYSTEM - One embodiment provides an apparatus. The apparatus includes a user profile; and a content filter logic. The content filter logic is to determine whether a content of a received message directed to a target recipient is compatible with the user profile and a current emotional state of the target recipient and to select at least one action based, at least in part, on one or more of the content, the user profile and/or the current emotional state of the target recipient. The at least one action is selected from the group comprising place the received message on hold, provide the received message to the target recipient, modify the received message, delete the received message, store the received message to an original message log, provide an alert to the target recipient, forward the message to another recipient and/or ascertain, from a sender, an urgency of the received message. | 2019-01-03 |
20190007357 | DATA CENTRIC MESSAGING - An avionics system including a first node and a second node wherein the first node is arranged to transmit a data message having: a data identifier, dynamic metadata associated with the data identifier and data content to the second node; wherein the second node is arranged to receive the data message from the first node and to: locate and read the data identifier within the data message; locate and read the dynamic metadata associated with the read data identifier; and retrieve data content from the determined position in the data message, wherein the data message contains multiple data identifiers, each with associated dynamic metadata and associated data content, and the second node is arranged only to locate and read the data identifier and dynamic metadata and retrieve data content in relation to a subset of the plurality of data identifiers. | 2019-01-03 |
20190007358 | METHODS AND SYSTEMS FOR PERFORMING STRUCTURE-PRESERVING OBFUSCATION ON EMAILS - A method of obfuscating at least a portion of content of an email message may include identifying an email message that has been sent to one or more recipients and that pertains to one or more end user processes of a print environment, identifying a content section of the email message, and identifying one or more delimiters associated with the identified content section. The method involves determining whether the identified content section includes the delimiters, and if so, generating an obfuscated content section by obfuscating all content of the identified content section except the one or more identified delimiters. The method includes analyzing the obfuscated content section to ascertain information relevant to the one or more end user processes, and associating the ascertained information with one or more of the one or more end user processes. | 2019-01-03 |
20190007359 | MAIL INFORMATION MANAGEMENT METHOD AND ASSOCIATED APPARATUS - A mail information management method and associated apparatus are provided. The mail information management method may include: running a set of program modules on a host server system, the set of program modules being configured to provide a shared mailbox; receiving a request and creating the shared mailbox for predetermined members of the shared mailbox in response to the request, wherein the predetermined members includes at least one portion of a plurality of users of the host server system; and regarding replying to a previous mail in the shared mailbox, copying each sent mail, if any, of each member of the predetermined members into the shared mailbox, to share the each sent mail with all of the predetermined members. | 2019-01-03 |
20190007360 | ELECTRONIC MAIL MESSAGING SYSTEM - The present invention comprises a method and apparatus for receiving, modifying and transmitting electronic communications. In one or more embodiments, the invention comprises a method performed by a server computer system that receives communications addressed to e-mail addresses created by the server computer system for recipients from senders having existing e-mail addresses. The server system creates modified e-mail messages by removing the sender's existing e-mail address and inserting an e-mail address created by the server computer system for that sender, wherein the created e-mail address identifies a name of the sender. The server computer system then transmits the modified e-mail message to an existing e-mail address of the recipient. | 2019-01-03 |
20190007361 | MANAGING DATA ON COMPUTER AND TELECOMMUNICATIONS NETWORKS - Protecting personal information by generating entity-specific aliases for use in communication with third parties is disclosed. | 2019-01-03 |
20190007362 | SYSTEMS AND METHODS FOR CONVERTING EMAILS TO CHAT CONVERSATIONS - The present disclosure relates to systems and methods for automatically converting one or more emails to one or more chat conversations and for automatically converting a chat conversation to an email thread. | 2019-01-03 |
20190007363 | SYSTEMS AND METHODS FOR INITIATING, MAINTAINING, AND ANALYZING OF CONCURRENT STATEFUL MULTI-WAY CONVERSATIONS - Systems and methods discussed herein are associated with initiating and maintaining multi-way stateful conversations with mobile communication devices with varying capabilities and network support that may be located in different nations worldwide. These stateful conversations may involve one or more messages to mobile devices which may be sent based upon previous responses or response histories of the mobile devices. The system's users may also be able to query the system to better support the requesting party and to work with and among other users of the system. | 2019-01-03 |
20190007364 | ASSIGNMENT OF UNIQUE PHYSICAL NETWORK ADDRESSES FOR LOGICAL NETWORK ADDRESSES - Some embodiments provide a method for a network controller that manages multiple logical networks implemented by multiple managed forwarding elements (MFEs) operating on multiple host machines. The method receives a notification from a particular MFE that an interface corresponding to a logical port of a logical forwarding element has connected to the particular MFE and has a particular logical network address. The method assigns a unique physical network address to the interface. Each of multiple interfaces connected to the particular MFE is assigned a different physical network address. The method provides the assigned unique physical network address to the particular MFE for the particular MFE to convert data messages sent from the particular logical network address to have the unique physical network address. | 2019-01-03 |
20190007365 | GEOLOCATION USING REVERSE DOMAIN NAME SERVER INFORMATION - Generating an improved/more accurate geolocation database is provided. Given a dataset of reverse DNS hostnames for IP addresses, ground truth information, and a hierarchical geographical database, a machine learning classifier can be trained to extract and disambiguate location information from the reverse DNS hostnames of IP addresses and to apply machine learning algorithms to determine location candidates and to select a most probable candidate for a reverse DNS hostname based on a confidence score. The classifier can be used to generate an accurate geolocation database, or to provide accurate geolocation information as a service. | 2019-01-03 |
20190007366 | VIRTUAL PRIVATE NETWORK SERVICE ENDPOINTS - A customer may request a service endpoint for a service in their virtual network on a provider network. In response, a service endpoint is generated in the customer's virtual network, a local IP address in the IP address range of the customer's virtual network is assigned to the service endpoint, and a DNS name is assigned to the service endpoint. Resources on the customer's virtual network resolve the DNS name of the service endpoint to obtain the local IP address of the service endpoint and send service requests for the service to the local IP address of the service endpoint. The service endpoint adds routing information to the service requests and sends the service requests over the network substrate to be routed to the service. | 2019-01-03 |
20190007367 | DEVICE IDENTIFIER SELECTION - A method includes receiving an enumeration message via a host interface of a device that is operatively coupled to a host device and to one or more other devices. The method includes identifying the enumeration message as a command originated by the host device or as a response message from one of the other devices. In response to identifying the enumeration message as a command, an enumeration response message is sent to the host device. The enumeration response message indicates a distinctive device identifier value. The method also includes, in response to identifying the enumeration message as a response message from one of the other devices, reading from the response message an identifier value used by such other device and at least temporarily storing this identifier value at the device to enable the device to select the distinctive device identifier value. | 2019-01-03 |
20190007368 | DHCP in Layer-3 Overlay with Anycast Address Support and Network Address Transparency - Address support and network address transparency may be provided. First, a border device may receive a processed network configuration parameter request having an address of a subnet to which a client device is associated and information data in an information field of the network configuration parameter request. The information data may comprise an address of a network device and an identifier of the subnet to which the client device is associated. Next, the border device may encapsulate the processed network configuration parameter request with the information data extracted from the processed network configuration parameter request. The border device may then forward the encapsulated network configuration parameter response to the network device. | 2019-01-03 |
20190007369 | ASSIGNING IP ADDRESSES AND CONFIGURATION PARAMETERS IN HYPER-CONVERGED INFRASTRUCTURE - Disclosed are various examples for improving the performance of an imaging service that can assign an IP address. The imaging service can implement the DHCP protocol and assign other configuration parameters using the DHCP protocol. An IP address cache can also be employed to speed a subsequent IP address assignment by the imaging service. | 2019-01-03 |
20190007370 | Information processing apparatus including a dhcp server function, control method for information processing apparatus, and storage medium - An information processing apparatus which can reduce the trouble of operation since a user does not have to irregularly operate a reconnection operation. | 2019-01-03 |
20190007371 | MAPPING IPv4 KNOWLEDGE TO IPv6 - Knowledge associated with an address of a first IP type may be mapped to an address of a second IP type. In response to receiving, at a first IP endpoint type, a request from a client associated with a first and second IP address type, a first address of the first IP type associated with the client is recorded. A unique identification of the request is generated. The unique identifier and instructions to make a second request to a second IP endpoint type are sent to the client. The second request, that includes the unique identifier and corresponds to the second IP address type associated with the client, is received at the second endpoint. Both the first address and the second address are determined as corresponding to the client by determining that the unique identifier was used in both requests. The first address is mapped to the second address. | 2019-01-03 |
20190007372 | CONFLICT RESOLUTION IN SEGMENT ROUTING - In general, techniques are described for conflict resolution in source packet routing in networking. For example, a first router receives a first advertisement originated in a first Interior Gateway Protocol (IGP) level. The first advertisement specifies a first prefix and a segment identifier (SID). The first router also receives a second advertisement originated in a second IGP level of the network. The second advertisement specifies a second prefix and the SID. Based on the first advertisement and the second advertisement specifying the same SID and based on the first IGP level having less visibility than the second IGP level, the first router selects the SID to be associated with a route to the first prefix. | 2019-01-03 |
20190007373 | WEB APPLICATION SECURITY WITH SERVICE WORKER - Various examples are directed to systems and methods of executing a web application. A web browser application may receive web application code for executing the web application and service worker code for executing a service worker. The web browser may execute a first portion of the web application code to register the service worker and may execute the service worker. The web application may send a first communication request describing a first recipient computing device. The service worker may determine that the first communication request complies with set of filter rules and send the first communication request to the first recipient computing device. | 2019-01-03 |
20190007374 | REDUCTION AND ACCELERATION OF A DETERMINISTIC FINITE AUTOMATON - Techniques for reduction and acceleration of a deterministic finite automaton (DFA) are disclosed. In some embodiments, a system, process, and/or computer program product for reduction and acceleration of a DFA includes receiving an input value; performing a reduced deterministic finite automaton lookup using a lookup key, wherein the lookup key comprises a current state and the input value; and determining a next state based on the lookup key. | 2019-01-03 |
20190007375 | DNS-BASED CAPTIVE PORTAL WITH INTEGRATED TRANSPARENT PROXY TO PROTECT AGAINST USER DEVICE CACHING INCORRECT IP ADDRESS - A captive portal system includes a login database, a web server, and a name server. The name server receives a DNS request from a user device, queries the login database to determine whether the user device is logged in, and responds to the DNS request with the IP address of the web server as a resolved IP address of the specified domain name when the user device is not logged in. The web server accepts a connection request from the user device to the IP address of the web server, receives an HTTP request specifying a non-local target URL from the user device, queries the login database to determine whether the user device is logged in according to the source address of the user device, and acts as a transparent proxy between the user device and the non-local target URL when the user device is logged in. | 2019-01-03 |
20190007376 | Methods, network nodes, mobile entity, computer programs and computer program products for protecting privacy of a mobile entity - A method for a first network node may protect confidentiality of a first identifier associated by the first network node with a subscription used by a mobile entity. The communications network comprises a home network of the mobile entity and a serving network serving the mobile entity. The first network node, which is part of the home network may: receive, from a second network node which is part of the serving network, a first request for authentication information for the mobile entity, the first request comprising the first identifier; generate a first pseudonym associated with the first identifier; create a link between the first pseudonym and the first identifier; and send, to the second network node, the first pseudonym in response to the first request for authentication information for use as an identifier for the mobile entity in the serving network. A method for a second network node is also provided. | 2019-01-03 |
20190007377 | METHOD AND APPLICATION FOR COMMUNICATING SENSITIVE INFORMATION - Method and application for communicating sensitive information, incident reporting, and for acceleration of urgent situation responses and supervision allowing for school administrators, teachers, professors, users, submitters, or receivers, to instantly report credible threats, or dangerous situations. In at least one current embodiment, a Smart Button is a digital situation button for use by any submitter to instantly report their GPS map location, name, title, contact information, picture and/or workplace. Submitters can receive and/or send 1-way or at least 2-way communications. At least one embodiment of the invention relates to a method for sending, receiving, reporting or responding to mood related, time-sensitive, live situation, or secretive messages, through a one-step anonymous, or with a specific degree of anonymity, or non-anonymous submit and targeted authorized receipt process, generating, assigning, and utilizing unique identifiers with a corresponding administrative report generating process. Submitters' information and messages can be encrypted, in whole or in part. | 2019-01-03 |
20190007378 | SHIELDED NETWORKS FOR VIRTUAL MACHINES - Embodiments relate to a host encrypting network communications of virtual machines (VMs) in ways that minimize exposure of the network communications in cleartext form. The host captures and registers a measure of a secure state of the host. The measure is registered with a guardian service communicable via a network. The guardian service also securely stores keys of the VMs. Each VM's key is associated with authorization information indicating which machines are authorized to obtain the corresponding VM's key. The host obtains access to a VM's key based on a confirmation that its state matches the registered measured state and based on the authorization information of the VM indicating that the host is authorized to access the key. The VM's key is then used to transparently encrypt/decrypt network communications of the VM as they pass through a virtualization layer on the host that executes the VMs. | 2019-01-03 |
20190007379 | SYSTEM AND ASSOCIATED METHODS FOR REMOTE CONTROL OF VESSELS - A machine and process for remotely controlling a vessel. The system may include a land-based computing system configured to communicate control signals via a communications system that communicates the control signals to the vessel and a controller network on the vessel configured to control at least certain functions of the vessel. The controller network may further be configured to receive the control signals from the land-based computing system. The controller may include a switch including an input port and multiple output ports. A remote control computing device may be configured to control the vessel via at least one other computing device. A one-way Ethernet cable may be communicatively coupled between one of the output ports of the switch and the remote control computing device. The control signals may be received by the switch being communicated to the remote control computing device via the one-way Ethernet cable. | 2019-01-03 |
20190007380 | DE-DUPLICATION OF DATA STREAMS - A data segment is encrypted to produce an encrypted data segment, and a data tag associated with the data segment is generated. The encrypted data segment is encoded to generate a set of encoded data slices. At least a read-threshold number of encoded data slices are required to reconstruct the encrypted data segment. A set of write slice requests, which includes the set of encoded data slices and the data tag, is transmitted to a DSN memory. A determination is made, based on the data tag, whether a first encoded data slice of the set of encoded data slices is a duplicate of a second encoded data slice already stored within the DSN memory. If it is a duplicate, rather of storing the first encoded data slice, a reference to a location of the second encoded data slice is stored. | 2019-01-03 |
20190007381 | SYSTEM AND METHOD FOR PROVIDING A SEARCH ENTITY-BASED PAYMENT PROCESS - Disclosed is a method including presenting an input field on a user interface of a generalized search entity, wherein the generalized search entity processes data using a generalized search engine that indexes and searches both merchant sites and non-merchant sites, receiving user input in the input field and determining whether the user input corresponds to a product in a product database to yield a determination. When the determination indicates that the user input does correspond to the product in the product database, the method includes presenting a purchase-related search result, wherein the purchase-related search result is configured such that when a user interacts with the purchase-related search result and confirms a purchase associated with the purchase-related search result, the generalized search entity initiates a purchasing process for the product. | 2019-01-03 |
20190007382 | SSH KEY VALIDATION IN A HYPER-CONVERGED COMPUTING ENVIRONMENT - Disclosed are various examples for validating a public SSH host key. The examples can be implemented in a hyper-converged computing environment to detect potential man-in-the-middle attacks in which an attacker intercepts or spoofs an internet protocol (IP) address of a target virtual machine (VM) that is being addressed by a management service and with which a secure shell (SSH) session is being established. | 2019-01-03 |
20190007383 | METHOD OF RECEIVING DATA WITHIN AN ELECTRONIC ENTITY AND ASSOCIATED ELECTRONIC ENTITY - A method for receiving data (DATASEND) within an electronic entity ( | 2019-01-03 |
20190007384 | TERMINAL AUTHENTICATION - Methods, systems, and computer program products for authenticating a terminal with a server based on multiple environmental factors. Each of the multiple environmental factors relates to a configurable hardware-independent characteristic of the terminal. Each of the multiple environmental factors is defined at least by an identifier and a value. The identifier identifies a respective environmental factor and the value indicates a state of the respective configurable hardware-independent characteristic. The multiple environmental factors constitute an environmental authentication information for authenticating the terminal with the server. | 2019-01-03 |
20190007385 | SENDING VERIFICATION PASSWORD RESPONSIVE TO MOBILE DEVICE PROXIMITY - A method includes detecting proximity between a mobile device and a remote device associated with a transaction reserved by a user of the mobile device. A verification password is sent to the remote device responsive to detecting the proximity. A device includes a module to detect proximity between the device and a remote device associated with a transaction reserved by a user of the device and a processor coupled to the module. The processor is to send a verification password to the remote device responsive to detecting the proximity. | 2019-01-03 |
20190007386 | DISPLAYING VERIFICATION PASSWORD PROXIMATE EXPECTED SERVICE TIME - A method includes detecting a service reservation in a mobile device. The service reservation has an associated expected service time and a verification password. The verification password associated with the service is displayed on a display of the mobile device responsive to determining that a current time in the mobile device is proximate the expected service time. A device includes a display and a processor coupled to the display. The processor is to extract an expected service time and a verification password associated with a service reservation from a document in the device and display the verification password associated with the service reservation on the display responsive to determining that a current time in the device is proximate the expected service time. | 2019-01-03 |
20190007387 | SECURE DETECTION AND MANAGEMENT OF COMPROMISED CREDENTIALS - Techniques are provided for secure detection and management of compromised credentials. A first candidate credential is received, comprising a first username and a first password, wherein the first candidate credential was sent in a first request from a first client computer to log in to a first server computer. A first salt associated with the first username in a salt database is obtained. A first hashed credential is generated based on the first password and the first salt. The first hashed credential is transmitted to a set model server computer, wherein the set model server computer is configured to maintain a set model that represents a set of spilled credentials, determine whether the first hashed credential is represented in the set model, and in response to determining that the first hashed credential is represented in the set model, performing additional processing on the first hashed credential. | 2019-01-03 |
20190007388 | APPARATUS AND METHOD FOR SECURE AUTHENTICATION OF A COMMUNICATION DEVICE - A system that incorporates the subject disclosure may perform, for example, receiving a baseline credential and an external credential, mapping the external credential to the baseline credential in a secure element memory, receiving a request for an authentication from a secure device processor of the communication device where the request for the authentication includes a user credential inputted into the communication device, comparing the user credential with the baseline credential to verify the authentication, and providing the authentication and the external credential to the secure device processor without providing the baseline credential to enable the secure device processor to provide the external credential to an external entity device that is remote from the communication device. Other embodiments are disclosed. | 2019-01-03 |
20190007389 | GENERATING CODE FOR A MULTIMEDIA ITEM - A system, method, and computer-readable medium for challenge-response authentication are provided. A plurality of codes is received over a communication network based on input provided by way of a user interface displaying a plurality of images. An alphanumeric string is generated based on the received plurality of codes and based on a table that associates each one of the plurality of codes with a respective one of the plurality of images and with a respective one of a plurality of alphanumeric characters. A determination is made as to whether to grant authorization based on whether the generated alphanumeric string matches an alphanumeric user identifier stored in a memory device in association with a user. | 2019-01-03 |
20190007390 | ENCRYPTION AND DECRYPTION TECHNIQUES USING SHUFFLE FUNCTION - Encryption and decryption techniques based on one or more transposition vectors. A secret key is used to generate vectors that describe permutation (or repositioning) of characters within a segment length equal to a length of the transposition vector. The transposition vector is then inherited by the encryption process, which shifts characters and encrypts those characters using a variety of encryption processes, all completely reversible. In one embodiment, one or more auxiliary keys, transmitted as clear text header values, are used as initial values to vary the transposition vectors generated from the secret key, e.g., from encryption-to-encryption. Any number of rounds of encryption can be applied, each having associated headers used to “detokenize” encryption data and perform rounds to decryption to recover the original data (or parent token information). Format preserving encryption (FPE) techniques are also provided with application to, e.g., payment processing. | 2019-01-03 |
20190007391 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM - An information processing apparatus includes a synchronization unit performing a process of time-of-day synchronization with a time-of-day synchronization server, and an authentication unit performing authentication by a first authentication method. In a case where the authentication by the first authentication method fails and the process of time-of-day synchronization is not performed within a set period of time, the authentication unit performs the authentication by a second authentication method. Thus, it is possible to improve convenience of the information processing apparatus. | 2019-01-03 |
20190007392 | SINGLE SIGN-ON MECHANISM ON A RICH CLIENT - Methods and systems are provided that enable single sign-on (SSO) mechanisms on rich clients running hosting applications that include documents with one or more embedded web assets. An embedded web asset may be any resource (e.g., document, image, data, etc.) that is accessed via a browser from within a hosting application. In aspects, authentication of a user identity is required to access an embedded web asset. In particular, an identity management module is provided on a rich client. The identity management module is configured to maintain multiple credentials for multiple user identities that are associated with multiple applications, whether the applications are embedded applications or hosting applications. In this way, a user may access multiple applications, including embedded web assets, associated with each user identity—without signing into each application. That is, a user is able to login a single time for each user identity. | 2019-01-03 |
20190007393 | VERIFIABLE RECORD STORAGE SERVICE - A record storage system maintains an interdependent series of hash values for records submitted to the record storage service by one or more clients. The record storage service generates a hash value for each record based at least in part on the content of the record and a hash value of one or more previous records. In some examples, the generated hash values are saved in an audit database by the clients. Clients may retain some, all, or none of the hash values based on the amount of auditing desired and the amount of storage space available in the audit database. The clients are able to verify the integrity of records submitted to the record storage system by retrieving the records from the system, recalculating the hash values of the records, and comparing the recalculated hash values to the hash values retained by the client. | 2019-01-03 |
20190007394 | CLOUD APPLICATION FINGERPRINT - In one example, a security application that interfaces one or more cloud application clients in an enterprise network and one or more cloud applications detects a request made by one of the one or more cloud application clients to access a cloud application. The security application sends one or more prompts to the cloud application for one or more responses reflecting current empirical data obtained from the cloud application. The security application receives, from the cloud application, the one or more responses, and generates an application fingerprint that includes the one or more responses. | 2019-01-03 |
20190007395 | ONE TIME PASSCODE - A one-time passcode authentication system includes an application server, an authentication server, and an access device, wherein the access includes an authentication engine configured to receive an authentication request from the authentication server and automatically, or in response to a single user input, initiate an access request to the application server, wherein the access request includes a token extracted from the authentication request, and the application server is configured to receive the access request, query the authentication server to authenticate the token, and enable access to an application if the token is authenticated. | 2019-01-03 |
20190007396 | METHOD AND ARRANGEMENT FOR AUTHORISING AN ACTION ON A SELF-SERVICE SYSTEM - A method for authorizing an action on a self-service system, in which a user is authorized, by using an authorization server, to carry out an action on a self-service system is provided. The user is equipped with a token for his/her identification. | 2019-01-03 |
20190007397 | PRESSURE-BASED AUTHENTICATION - In an approach to securing data using alternative value identification schemes, one or more computer processors receive user registration data, wherein the user registration data includes one or more authentication parameters, wherein the one or more authentication parameters includes one or more physical pressure-based inputs by a user. The one or more computer processors receive an access request requiring an authentication from the user, wherein the access request includes the one or more physical pressure-based inputs by the user associated with the one or more authentication parameters. The one or more computer processors determine whether the one or more authentication parameters match the user registration data. Responsive to determining that the authentication data matches the registration data, The one or more computer processors authenticate access for the user. | 2019-01-03 |
20190007398 | SYSTEM AND METHOD FOR IMPLEMENTING HACKER TRAFFIC BARRIERS - Aspects of the present disclosure involve a system and method for implementing hacker traffic barriers. The current disclosure presents a system and method that provides securely associates a primary trusted device with a user, authorizes web browser authentication, and provides both intrinsic and explicit checks for authorizing access to an account. | 2019-01-03 |
20190007399 | SYSTEM AND METHOD OF INTER-ACCOUNT RESOURCE ACCESS MANAGEMENT - An improved method and system of enabling the owner of an account associated with a resource to allow a second user to gain access to the resource or a particular aspect of the resource is disclosed. Solutions and implementations disclosed provide an easily manageable mechanism for allowing access to a resource, without the need for a complex administrator-based access control system. Instead, a negotiated account to account resource access arrangement is established between the first user's account and the second user's account to share some or all of the actions available to the first user for the resource. | 2019-01-03 |
20190007400 | METHOD FOR AUTHENTICATION VIA A COMBINATION OF BIOMETRIC PARAMETERS - The invention relates to a method for verifying the identity of a user who is carrying out a transaction, based on a combination of biometric parameters, in particular fingerprint detection, defined as a biometric PIN, comprising the provision of a biometric device that permits the reading of the digital fingerprint, and a sequential combination of fingerprints previously registered in a registration process, wherein the user can use said combination of fingers or digital fingerprints on the device for authentication, by means of the following steps: accessing an application previously installed on the device, wherein the biometric reader is activated; placing each finger or fingerprint previously selected in the registration process on the device in a selected sequential combination, wherein each finger should have a positive correspondence or match to continue with the next finger; once the fingers forming the PIN have been placed in the correct order and with a positive match for each finger, the identity verification data (date and time, unique serial number and GPS position) of the user is encrypted, if the identification is positive; and authorizing the transaction or action. | 2019-01-03 |
20190007401 | SYSTEMS AND METHODS FOR PROVIDING BLOCK CHAIN-BASED MULTlFACTOR PERSONAL IDENTITY VERIFICATION - Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys. | 2019-01-03 |
20190007402 | SYSTEMS AND METHODS FOR PROVIDING BLOCK CHAIN-BASED MULTlFACTOR PERSONAL IDENTITY VERIFICATION - Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys. | 2019-01-03 |
20190007403 | PPPOE PACKETS TRANSMITTING METHOD AND PPPOE SERVER THEREOF - The present disclosure provides a PPPoE packets transmitting method and a PPPoE server. The method comprises: registering, by a PPPoE server, a PPPoE protocol packet sniffer with a Linux kernel and an Internet Protocol Version 4 (IPV4) protocol packet sniffer with a Netfilter framework, and adding a user's IP address and MAC address to authenticated user information, receiving, by the PPPoE server, a packet, and calling, by the PPPoE server, the PPPoE protocol packet sniffer or the IPV4 protocol packet sniffer to process and transmit the packet according to the authenticated user information. In the present disclosure, during a user's dial-up logon or logoff, the creation and deletion of a network interface are not required, which can improve the logon and logoff speeds. | 2019-01-03 |
20190007404 | INFORMATION PROCESSING APPARATUS, MANAGEMENT SERVER, SERVICE PROVISION SERVER, IMAGE PROCESSING APPARATUS, AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes: an instruction unit configured to instruct an image processing apparatus to request a management server to issue identification information; an identification information obtaining unit configured to obtain, from the image processing apparatus, the identification information issued to the image processing apparatus by the management server; an identification information transmission unit configured to transmit the obtained identification information to a service provision server; a request reception unit configured to receive a request to transmit user information necessary for using a predetermined service from the service provision server as a response to the transmission of the identification information; and a user information transmission unit configured to transmit the user information to the service provision server in response to the received transmission request. | 2019-01-03 |
20190007405 | ELECTRONIC DEVICE IDENTIFICATION - A tool for generating an identifier for an electronic device. The tool identifies a target memory segment. The tool accesses the target memory segment utilizing an access procedure. The tool corrupts the target memory segment, wherein corrupting includes exposing the target memory segment to one or more degrading programming cycles with a heightened frequency to degrade and corrupt the target memory segment on the electronic device to cause degradation and corruption of the electronic device, identifying one or more memory locations in the plurality of memory locations that are unused, and marking the one or more memory locations as corruptible. The tool monitors one or more execution behavioral properties, the one or more execution behavioral properties being associated with execution of the access procedure. The tool generates a device identifier based, at least in part, on the one or more execution behavioral properties. | 2019-01-03 |
20190007406 | Characteristics Of Security Associations - Authentication of a user or a wireless transmit/receive unit may be based on an obtained measure of authentication strength, which may referred to as an assurance level. For example, a user, via a WTRU, may request access to a service controlled by an access control entity (ACE). The user may be authenticated with a user authenticator and assertion function (UAAF), producing a result. A user assertion may be provided that includes the user authentication result, a user assurance level, and/or a user freshness level. The WTRU may be authenticated with a device authenticator and assertion function (DAAF), producing an associated result. A device assertion may be provided that may include the device authentication result, a device assurance level, and/or a device freshness level. The assertions may be bound together to receive access to a service or resource. | 2019-01-03 |
20190007407 | DEVICE AND METHOD FOR CONNECTING A PRODUCTION DEVICE TO A NETWORK - An apparatus for connecting a data-processing and/or data-generating production apparatus with a network includes a first network interface to be connected with the network, a second network interface to be connected with the production apparatus, and a program code stored in the memory for execution by the at least one processor. The program code comprises program code upon whose execution data packets received at the second network interface via a second protocol are forwarded to the first network interface, and/or upon whose execution data packets received at the first network interface via a first protocol are forwarded to the second network interface and there are sent via a second protocol to the production apparatus. The program code comprises program code upon whose execution the at least one processor applies a packet filter to the data packets on the way between the network interfaces. | 2019-01-03 |
20190007408 | SECURE PROVISIONING OF DEVICES FOR MANUFACTURING AND MAINTENANCE - Described herein are methods, apparatuses, and systems for secure provisioning of devices for manufacturing and maintenance. A method includes provisioning a sensor device by storing identification data for the sensor device and information used to authenticate the identification data in the sensor device. A method includes storing subassembly data for the sensor device and information used to authenticate the subassembly data in the sensor device in response to the sensor device being received and installed in a subassembly unit. The sensor device is installed in response to validating authenticity of the identification data. A method includes connecting the sensor device to a wireless sensor network in response to validating authenticity of one or more of the identification data and the subassembly data. The sensor device is integrated into a larger unit comprising the wireless sensor network. | 2019-01-03 |
20190007409 | HYBRID AUTHENTICATION SYSTEMS AND METHODS - Disclosed are hybrid authentication systems and methods that enable users to seamlessly sign-on between cloud-based services and on-premises systems. A cloud-based authentication service receives login credentials from a user and delegates authentication to an on-premises authentication service proxy. The login credentials can be passed by the cloud-based authentication service to the on-premises authentication service proxy, for instance, as an access token in an authentication header. The access token can be a JavaScript Object Notation (JSON) Web Token (JWT) token that is digitally signed using JSON Web Signature. Some embodiments utilize a tunnel connection through which the cloud-based authentication service communicates with the on-premises authentication service proxy. Some embodiments leverage an on-premises identity management system for user management and authentication. In this way, there is no need for a cloud-based system to separately maintain and manage a user identity management system and/or having to sync with an on-premises identity management system. | 2019-01-03 |
20190007410 | QUASI-AGENTLESS CLOUD RESOURCE MANAGEMENT - A system, computer readable medium, and method are provided for a resource management in a cloud architecture. The method includes the steps of collecting a first time stamped data (TSD), and a second TSD, and generating a prediction model based on the first TSD and the second TSD. The method further includes collecting a third TSD, and predicting a fourth TSD based on the prediction model and the third TSD. With more data are obtained via the prediction, the resource management is more efficient and accurate. | 2019-01-03 |
20190007411 | CONTROLLING ACCESS TO ENTERPRISE SOFTWARE - A system for controlling access to enterprise software on a premised-based server or running as a cloud service for a plurality of end users that includes a first tier Administrator, a second-tier Administrator, a user interface, a database, and a per seat license. The first-tier Administrator identifies a community that can access the cloud service and an upper limit of end users that can belong to the community. The second-tier Administrator is selected by the first-tier Administrator. The second-tier Administrator can create at least one Organizational Unit that is a subset of the end users within the community. The user interface includes all the Organizational Units, and each Organizational Unit corresponds to a particular cloud service. The database is controlled by the first-tier Administrator, and it controls the end users that can access the cloud service. | 2019-01-03 |
20190007412 | CUSTOMIZED DEVICE IDENTIFICATION - Techniques are disclosed relating to an identification computer system using script-based identification techniques to identify a remote computer system. The identification computer system receives initial information from the remote computer system and, based on the received information, customizes a device identification procedure for the remote computer system to perform. The device identification procedure includes one or more scripts executable by the remote computer system to generate results that the remote computer system sends to the identification computer system. Based on the results, the identification computer system attempts to identify the remote computer system. | 2019-01-03 |
20190007413 | ACCESS PERMISSIONS MANAGEMENT SYSTEM AND METHOD - An access permissions management system including a hierarchical access permissions repository including access permissions relating to data elements arranged in a data element hierarchy, wherein some of the data elements have only access permissions which are inherited from ancestral data elements, some of the multiplicity of data elements are prevented from having inherited access permissions and thus have only unique access permissions which are not inherited and some of the data elements are not prevented from having inherited access permissions and have not only inherited access permissions but also unique access permissions which are not inherited, some of which unique access permissions possibly being redundant with inherited access permissions, and an access permissions redundancy prevention engine operative to ascertain which of the unique access permissions are redundant with inherited access permissions and not to store the unique access permissions which are redundant with inherited access permissions in the repository. | 2019-01-03 |
20190007414 | Method of Discovering and Modeling Actor and Asset Relationships Across a Cloud Ecosystem - It can be difficult to manage assets, particularly when determining ownership of assets. Systems and methods for facilitating identification of ownership of an asset include identifying an asset (e.g., an item capable of being owned), identifying one or more actors (e.g., an entity capable of owning an asset), and identifying interactions between the asset and each actor. The systems and methods additionally apply a decay factor to the identified interactions to cause a reduction in the significance of the identified interactions between the asset and each actor and produce an asset ownership score for each actor based on the decay-modified interactions. The resulting asset ownership score for each actor is provided to an entity in a fashion that allows the entity to identify a comparative likelihood that each actor is a potential owner of the asset. | 2019-01-03 |
20190007415 | ACCESS CONTROL MANAGER - An access configuration for an access control manager is generated. Access data including users, resources, and actions the users performed on the resources is received into a matrix. Clusters of the matrix are formed to produce ranges of the users and ranges of the resources having selected permission levels based on the actions. Administrator-modifiable security groups are created based on the ranges of users and administrator-modifiable resources groups based on the ranges of resources. | 2019-01-03 |
20190007416 | MANAGING A FLEET OF DEVICES - Methods of managing a fleet of devices are provided, as are methods for configuring a standby device for a job in a workflow environment, and methods for performing a job in a workflow environment. Device information is analyzed, such as information pertaining to verification systems. Device instructions are sent to various locations on a device network in response to a deviation from a parameter value having been detected. The deviation from the parameter value may correspond to printed media and/or indicia produced by one or more devices. A workflow device and a standby device are provided, and the workflow device sends configuration data to the standby device. The standby device installs configuration data and is introduced into the workflow environment. | 2019-01-03 |
20190007417 | Method and System for Controlling Access for a User Equipment to a Local Device - The invention relates to a method for controlling access for a user equipment to at least one local device via an intermediary system that is configured to connect to a local network and to a public network. The user equipment is connected to the public network and the at least one local device is connected to the local network. The method comprises a number of steps in the intermediary system. One of these steps is storing one or more location conditions for access for the user equipment to the at least one local device. Another step is receiving first location information of the user equipment over the public network, the first location information indicating a location of the user equipment. Yet another step is controlling access for the user equipment to the at least one local device by verifying whether the first location information satisfies the one or more location conditions. The invention further relates to the intermediary system used in the method. | 2019-01-03 |
20190007418 | SECURITY POLICY MONITORING SERVICE - Requests of a computing system may be monitored. A request associated with the application of a policy may be identified and a policy verification routine may be invoked. The policy verification routine may detect whether the policy of the request is more permissive than a reference policy and perform a mitigation routine in response to determining that the policy of the request is more permissive than the reference policy. Propositional logics may be utilized in the evaluation of policies. | 2019-01-03 |
20190007419 | EXTENDED OAUTH ARCHITECTURE SUPPORT IN A SCALABLE ENVIRONMENT - An approach is provided for sharing valid token(s) across application instances. If refresh token rotation is used, (i) a token request is received which includes a number of tokens required, (ii) access and refresh token pairs are generated and shared so that a total number of the pairs equals the number of tokens, and (iii) the access and refresh token pairs are sent to a client so that in response to token requests, the application instances obtain respective access and refresh token pairs. If refresh token rotation is not used, (iv) a request for a refresh token is received, (v) an existing access token is validated, where the access token is bound to the refresh token, and (vi) if the existing access token is expired, a new access token is generated and sent to the client; otherwise, the existing access token is sent to the client. | 2019-01-03 |
20190007420 | CREDENTIAL CHANGE MANAGEMENT SYSTEM - A credential change management platform may, from a time period T1 to T2: deny access by remote client devices that submit credentials other than the prior or new credentials and, as a result of the denial, increment a lock-out counter, and allow access by devices that submit either the prior or new credential. From T2 to T3, the platform may: deny access by devices that submit credentials other than the prior or new credential and, as a result of the denial, increment the lock-out counter, deny access by devices that submit the prior credential without incrementing the lock-out counter, and allow access by devices that submit the new credential. After T3, the platform may: deny access by devices that submit credentials other than the new credential and, as a result of the denial, increment the lock-out counter, and allow access by devices that submit the new credential. | 2019-01-03 |
20190007421 | EXTENDED OAUTH ARCHITECTURE SUPPORT IN A SCALABLE ENVIRONMENT - An approach is provided for sharing valid token(s) across application instances. If refresh token rotation is used, (i) a token request is received which includes a number of tokens required, (ii) access and refresh token pairs are generated and shared so that a total number of the pairs equals the number of tokens, and (iii) the access and refresh token pairs are sent to a client so that in response to token requests, the application instances obtain respective access and refresh token pairs. If refresh token rotation is not used, (iv) a request for a refresh token is received, (v) an existing access token is validated, where the access token is bound to the refresh token, and (vi) if the existing access token is expired, a new access token is generated and sent to the client; otherwise, the existing access token is sent to the client. | 2019-01-03 |
20190007422 | ACCOUNT SHARING PREVENTION AND DETECTION IN ONLINE EDUCATION - An application delivers educational, entertainment or work-related content including videos and documents to any computing device of a user via an account, each account being uniquely identified. Upon each login, the application checks whether the user is already logged in on another computing device and issues a warning or logs out the new device. The application also checks all user accounts periodically to determine whether one account is logged into more than one computing device. Each video or document is associated with a course and has a corresponding course code. An institution database lists courses that a student is currently enrolled in. Another database records videos watched or documents viewed via a student account. Each student account is allowed a maximum number of courses or is limited by the courses in which they are actually enrolled. The application checks whether the videos watched correspond to more than the courses allowed and if so, then access by the student account is blocked. | 2019-01-03 |
20190007423 | AUTOMATIC ELECTRONIC MAIL (EMAIL) ENCRYPTION BY EMAIL SERVERS - Systems and methods for automated email encryption between email servers are provided. According to one embodiment, an email, originated by a sender using a client device coupled with a private network and directed to a recipient, is received by an email server associated with the private network. A key server is queried for public keys of the recipient and the sender. When the recipient's public key is returned by the key server, it is used to encrypt the email message; otherwise, no encryption is performed. When the sender's public key does not exist on the key server, the email server automatically generates a temporary key pair for the sender on the fly and without requiring intervention on the part of the sender. Finally, both the email message and the public key of the sender are transmitted by the email server to the recipient. | 2019-01-03 |
20190007424 | User Behavior Profile in a Blockchain - A method, system and computer-usable medium are disclosed for generating a cyber behavior profile, comprising: monitoring user interactions between a user and an information handling system; converting the user interactions and the information about the user into electronic information representing the user interactions; generating a unique cyber behavior profile based upon the electronic information representing the user interactions and the information about the user; and, storing information relating to the unique cyber behavior profile in a behavior blockchain. | 2019-01-03 |
20190007425 | THREAT INTELLIGENCE SYSTEM - Systems and methods for providing a threat intelligence system include a system provider device that downloads, through communication over a network and from one or more targeted websites, a plurality of images of a first environment. Based on an OCR process, the system provider device may extract a set of textual data corresponding to a subset of images of the plurality of images, where the subset of images depict text. The system provider device stores the set of textual data in an indexed and searchable database. The system provider device assigns a threat assessment score to each image based on the set of textual data, and the threat assessment score may be updated based on comparison of the set of textual data with other sets of textual data. Based on the threat assessment score being greater than a threshold value, the system provider device may generate a security alert. | 2019-01-03 |