03rd week of 2022 patent applcation highlights part 64 |
Patent application number | Title | Published |
20220021591 | PROVIDING FAST TRIGGER MATCHING TO SUPPORT BUSINESS RULES THAT MODIFY CUSTOMER-SUPPORT TICKETS - The disclosed embodiments provide a system that automatically updates a customer-support ticket in an online customer-support system. When the customer-support ticket is created or updated, the system applies a set of triggers, which modify the ticket based on business rules, wherein each trigger performs actions that modify the ticket when conditions for parameters associated with the ticket are satisfied. When applying a trigger to the ticket, the system evaluates the conditions for the trigger by evaluating an associated condition graph, which is a directed graph comprised of condition nodes, wherein each condition node specifies conditions on parameters associated with the ticket. During this evaluation, if a valid path through the condition graph is discovered, which comprises a sequence of satisfied condition nodes from the root node to a null node, the system fires the trigger, which involves performing actions associated with the trigger to update the ticket. | 2022-01-20 |
20220021592 | INCORPORATION OF A TRACE VISUALIZATION WITH A TRAFFIC GRAPH VISUALIZATION IN A SERVICE MESH - Incorporation of a trace visualization with a traffic graph visualization in a service mesh is disclosed. Traffic graph information that identifies a plurality of nodes and a plurality of edges is accessed. Each node corresponds to a particular service of a plurality of interrelated services, each service being configured to receive and/or send a message to at least one other service, each edge representing a path that at least one message has taken between two services. First trace information that identifies a first set of services that were invoked during a same first transaction is accessed. Each service in the first set of services is correlated with a corresponding node of the plurality of nodes. A traffic graph visualization and a first transaction trace visualization are presented concurrently on a display device. | 2022-01-20 |
20220021593 | METHOD FOR COMPUTING ENVIRONMENT SPECIFIC BASELINES FOR METRICS OF USER EXPERIENCE - Described embodiments provide systems, methods, and computer readable media for generating environment descriptors. A device having at least one process may identify a plurality of feature vectors. Each vector may describe a corresponding access to an application hosted on a server in one of a plurality of network environments and having a corresponding performance metric. The device may provide a performance model using the plurality of feature vectors and the corresponding performance metrics. The performance model may be used to determine expected performance metrics for at least a first network environment. A first environment descriptor of the expected performance metrics may be generated for at least the first network environment. The first environment descriptor of the expected performance metrics may be used to assess a measured performance metric or a second environment descriptor of a second network environment. | 2022-01-20 |
20220021594 | VISUAL IDENTIFICATION OF A PORT AND A CABLE IN A NETWORK - Provided is a computer-implemented method, system, and apparatus for a visual identification of a port and a previously connected cable of a link in a network environment including a network switch or a network device. The apparatus having an LED arrangement at a port assembly configured for illumination at the port and configured to provide illumination via the cable to a remote end of the link. An identifier providing component controls the LED arrangement based on a unique attribute of the link including: detecting a status change of a link; obtaining the unique attribute related to the link from a layer of a protocol received on both ends of the link; selecting an identifier based on the unique attribute related to the link; and instructing the LED arrangement to be configured to provide a light output of the selected identifier. | 2022-01-20 |
20220021595 | DYNAMIC PREDICTION AND MANAGEMENT OF APPLICATION SERVICE LEVEL AGREEMENTS - In general, the disclosure describes techniques for adaptively determining one or more parameters of a service level agreement of an application. For instance, a network device may monitor round-trip times of a plurality of packets of a data flow of an application being transmitted over a link between an application server and a client device. The network device may determine an amount of retransmission of packets occurring during transmission of the plurality of packets of the data flow. The network device may predict, based at least in part on the round-trip times of the plurality of packets of the data flow and the amount of retransmission of packets occurring during transmission of the plurality of packets of the data flow, a round-trip time parameter for a service level agreement associated with the application. | 2022-01-20 |
20220021596 | Latency Obtaining Method And Apparatus, And Latency Optimization Method And Apparatus - Method for latency data obtaining and latency optimization in a data transmission process is provided. The method includes a first device sending a request message to a second device, where the request message is used to obtain latency data of a transmission subpath between the second device and a third device, and a transmission path can be directly established between the third device and the second device; the first device receives a response message sent by the second device, where the response message includes the latency data of the transmission subpath between the second device and the third device; and the first device stores a correspondence between the transmission subpath and the latency data, where the transmission subpath is represented based on a device identifier group including an identifier of the second device and an identifier of the third device. Latency data between devices that can directly establish transmission paths to each other is separately obtained, so that the latency data can be obtained by segment. | 2022-01-20 |
20220021597 | ADAPTIVE RESOURCE ALLOCATION TO FACILITATE DEVICE MOBILITY AND MANAGEMENT OF UNCERTAINTY IN COMMUNICATIONS - Communications services are provided to a device. For instance, where a communications resource is being used by a device via a first communications service provider (CSP) component associated with a first CSP, based on a probabilistic analysis of loading parameters received from a device at the first CSP component. A likelihood that the device will move can be predicted, comprising determining the likelihood is not less than a threshold likelihood. If likely to move, and based on the loading parameters, a loading profile associated with a user of the device is updated resulting in updated likelihoods of usages of the communication resource by the device via respective other CSP components other than the first CSP component. Further, based on the updated likelihoods of usages of the communication resource, at least part of the communications resource can be allocated to the respective other CSP components to facilitate communications with the device. | 2022-01-20 |
20220021598 | SYNTHESIZING PROBE PARAMETERS BASED ON HISTORICAL DATA - An example network device includes a memory configured to store a plurality of counts of packets of a data flow. The network device also includes one or more processors in communication with the memory. The one or more processors are configured to determine the plurality of counts of packets of the data flow, wherein each count of the plurality of counts includes a number of packets occurring in a predetermined time period. The one or more processors are configured to assign a corresponding range to each count of the plurality of counts, so as to assign a plurality of corresponding ranges. The one or more processors are also configured to determine a pattern in the plurality of corresponding ranges and send a number of active probe packets based on the determined pattern. | 2022-01-20 |
20220021599 | SYSTEM AND METHOD FOR CARRYING AND OPTIMIZING INTERNET TRAFFIC OVER A SOURCE-SELECTED PATH ROUTING NETWORK - The present application generally relates to a system and method for interfacing a source-selected path routing network with existing legacy IP networks. This interfacing may be achieved by installing specific router devices at the borders of the source-selected path routing network. Said router devices are able to exchange routing information in the form of IP prefix announcements and withdrawals between legacy IP networks and the source-selected path routing network according to an appropriate exterior gateway protocol. Hereby, the source-selected path routing network that in reality comprises a plurality of autonomous systems is conceptually regarded as a single autonomous system. Hence, a legacy IP network that is a direct neighbor of a source-selected path routing network may ensure that traffic destined to it traverses the source-selected path routing network by announcing its routing information only to the source-selected path routing network via an appropriate exterior gateway protocol. | 2022-01-20 |
20220021600 | METRIC-BASED MULTI-HOP PATH SELECTION - Techniques are described for a router providing metric-based multi-hop path selection. For example, a first router of a plurality of routers receives a plurality of network performance metrics for a plurality of links interconnecting the plurality of routers. The plurality of links form a plurality of multi-hop paths through the plurality of routers to a service instance. The router determines, based on the plurality of network performance metrics for the plurality of links, an end-to-end performance of each of the plurality of multi-hop paths. The router selects a multi-hop path over which to forward traffic associated with the session based on the end-to-end performance of each of the plurality of multi-hop paths and one or more performance requirements for a service associated between a session between a client device and the service instance. The router forwards the traffic to the service instance along the selected multi-hop path. | 2022-01-20 |
20220021601 | ROUTE COMPUTATION METHOD AND RELATED DEVICE - The embodiments of this application provide a routing domain, including a computing container and a network router. The network router is a routing node that supports route computation. The computing container is connected to the network router through a virtual link. The computing container is configured to: run a routing protocol, where the routing protocol is used to carry a computing capability of the computing container or the computing capability of the computing container and an identifier of a service or function running in the computing container; send the computing capability of the computing container or the computing capability of the computing container and the identifier of the service. The network router is configured to: obtain the computing capability and obtain a network capability of the routing domain; and compute a route based on the computing capability, or compute a route based on the computing capability and the network capability. | 2022-01-20 |
20220021602 | ACHIEVING HIGHLY AVAILABLE AUTONOMOUS SYSTEMS (AS) IN A SOURCE-SELECTED PATH ROUTING NETWORK - The present application refers to a method and a system for reliably forwarding data packets in a source-selected path routing network including a plurality of autonomous systems. For this purpose, a data plane of each of the plurality of autonomous systems that comprises one or more border routers and a control plane of each of the plurality of autonomous systems that comprises a control service are split into two or more shards. Each of said shards contains exactly one control service and at least one border router and is responsible for processing, storing and propagating path information only for a subset of existing links between an autonomous system and a neighboring autonomous system within the source-selected path routing network. Hence, in the source-selected path routing network, each individual shard is not critical and thus can fail without compromising the availability of the entire system. | 2022-01-20 |
20220021603 | ACTIVE ETHERNET CABLE WITH BROADCASTING AND MULTIPLEXING FOR DATA PATH REDUNDANCY - Active Ethernet cables that provide data path redundancy. One illustrative cable embodiment includes a first connector connected to each of a second and third connectors, the first connector including a multiplexer that couples a data stream from a selectable one of the second and third connectors to an output of the first connector. One illustrative method embodiment includes: producing from an output of a first connector a data stream from a currently selected one of multiple redundant connectors; monitoring the data stream for a fault associated with the currently selected one of multiple redundant connectors; and responsive to detecting said fault, producing from the output of the first connector a data stream from a different selected one of the multiple redundant connectors. | 2022-01-20 |
20220021604 | INFORMATION PROCESSING SYSTEM, EDGE DEVICE, AND INFORMATION PROCESSING DEVICE - An information processing system includes a plurality of edge devices including a first edge device and a second edge device and a plurality of information processing devices. The first edge device configure to transmit first data to a first information processing device, transmits second data to a second information processing device, and when detecting a failure of the first information processing device, transmit the first data to the second information processing device instead of the first information processing device. The second edge device configured to transmit a first amount of data to the second information processing device, transmit a second amount of data to a third information processing device, and when detecting that a total amount of the data transmitted to the second information processing device increases due to the failure, decrease the first amount and increase the second amount. | 2022-01-20 |
20220021605 | SYSTEMS AND METHODS FOR USER PLANE FUNCTION ("UPF") OFFLOAD AT CONFIGURABLE ROUTING FABRIC - A system described herein may provide for the separation of functions associated with a User Plane Function (“UPF”) in a wireless network (e.g., a Fifth Generation (“5G”) network), such that routing devices associated with the wireless network may perform functionality that would otherwise be performed by virtualized hosts or other configurable resources. For example, routing components which form a backhaul or other portion of the network may process traffic according to a suitable set of policies (e.g., Quality of Service (“QoS”) policies, content filtering policies, queueing policies, and/or other policies) instead of transmitting such traffic to a UPF associated with the network core for processing. | 2022-01-20 |
20220021606 | SERVICE AND TOPOLOGY EXCHANGE PROTOCOL - A routing system for implementing a service and topology exchange protocol (STEP) includes a primary STEP server configured to maintain a STEP repository and a plurality of routers, with each router including a STEP client in communication with the primary STEP server. The STEP client of each router is configured to transmit, using STEP, STEP documents containing service and topology state information for at least one route or service available through the router to the primary STEP server for storage in the STEP repository. The primary STEP server is configured to transmit to the STEP client of each router, using STEP, service and topology state information from the STEP repository for at least one other router based on configured relationships between routers. Each router is configured to make routing decisions based at least in part on the service and topology state information from the at least one other router. | 2022-01-20 |
20220021607 | User-Plane Path Selection for the Edge Service - Techniques for a selection or reselection a user-plane path in a mobile network are disclosed herein. A user-plane gateway (GW-U) can be configured to decode a packet received from a control pane gateway (GW-C) is a packet data network gateway (PGW) to determine a forwarding policy. Additionally, the GW-U can decode, from an evolved node B (eNB), an internet protocol (IP) packet having a header field. Furthermore, the GW-U can determine a user-plane path for the IP packet based on a comparison of the header field and the forwarding policy. Based on the determined user-plane path, the GW-U can forward the IP packet to a local application server (AS), encapsulate and forward the IP packet to the PGW, or discard the IP packet. Moreover, the GW-U can encode the IP packet for transmission based on the determined user-plane selection. | 2022-01-20 |
20220021608 | SOFTWARE DEFINED NETWORKING WITH EN-ROUTE COMPUTING - Various aspects of methods, systems, and use cases include en-route computing coordination. A method may include receiving a packet including a compute task and context information, identifying a destination node for the packet, and determining a route for the packet to the destination node. The route may include an intermediary node determined based on the context information and available resources at the intermediary node to execute the compute task of the packet at the intermediary node. The method may include forwarding the packet to a next device along the route. | 2022-01-20 |
20220021609 | HIGH-LEVEL DEFINITION LANGUAGE FOR CONFIGURING INTERNAL FORWARDING PATHS OF NETWORK DEVICES - In general, the disclosure describes techniques for configuring a forwarding path of a network device. For example, a network device system includes a compiler. The compiler is configured to receive text comprising syntax elements in an arrangement that indicates a topology for a plurality of nodes. Additionally, the compiler is configured to generate, based on the text, code for instantiating the plurality of and compile the code to generate a software image. The network device system includes a network device comprising a forwarding manager configured to execute the software image to configure a forwarding path to include the corresponding forwarding path elements for each of the plurality of nodes. Additionally, the network device system includes at least one packet processor operably coupled to a memory, wherein the at least one packet processor is configured to process packets received by the forwarding unit by executing the forwarding path elements. | 2022-01-20 |
20220021610 | SYSTEMS AND METHODS FOR A VLAN SWITCHING AND ROUTING SERVICE - Systems and methods for a VLAN switching and routing service (VSRS) are disclosed herein. A method can include generating a table for an instance of a VSRS, which VSRS couples a first virtual layer 2 network (VLAN) with a second network. The table can contain information identifying IP addresses, MAC addresses, and virtual interface identifiers for instances within the virtual layer 2 network. The method can include receiving with the VSRS a packet from a first instance designated for delivery to a second instance within the virtual layer 2 network, identifying with the VSRS the second instance within the virtual layer 2 network for delivery of the packet based on information received with the packet and information contained within the table, and delivering the packet to the identified second instance. | 2022-01-20 |
20220021611 | NETWORK CONTROLLER SUBCLUSTERS FOR DISTRIBUTED COMPUTE DEPLOYMENTS - The disclosure describes examples where a first data center includes a first gateway router, a first set of computing devices, and a second set of computing devices. The first set of computing devices is configured to execute a software defined networking (SDN) controller cluster to facilitate operation of one or more virtual networks within the first data center. The second set of computing devices is configured to execute one or more control nodes to exchange route information, between the first gateway router and a second gateway router of a second data center different than the first data center, for a virtual network between computing devices within the second data center, and to communicate control information for the second data center to the second set of computing devices, wherein the one or more control nodes form a subcluster of the SDN controller cluster. | 2022-01-20 |
20220021612 | DATA STREAM TRANSMISSION METHOD AND DEVICE - Embodiments of this application provide a data stream transmission method. The method includes a sending device that dynamically determines a packet-loss-concealment policy based on first path status information of a path used to send a data stream. The sending device generates a packet-loss-concealment packet for the data stream according to the packet-loss-concealment policy. The sending device sends the data stream on the path. The data stream includes an original packet and the packet-loss-concealment packet. Therefore, when receiving the data stream, a receiving device decodes the data stream according to the packet-loss-concealment policy received from the sending device, and recovers, by using the packet-loss-concealment packet, an original packet lost in a transmission process. This effectively improves a packet loss recovery effect, and improves user experience. | 2022-01-20 |
20220021613 | GENERATING ROUTE DISTINGUISHERS FOR VIRTUAL PRIVATE NETWORK ADDRESSES BASED ON PHYSICAL HARDWARE ADDRESSES - This disclosure describes techniques for improving route advertisements. In one example, a method includes generating, by a network device, a virtual private network address comprising a route distinguisher value and a network address associated with a compute node, the route distinguisher value based on a layer two physical hardware address of the compute node, and outputting, by the network device, a virtual private network route that includes the virtual private network address. | 2022-01-20 |
20220021614 | ROUTER, METHOD FOR ROUTER, COMPUTER-READABLE MEDIUM AND APPARATUS - A router including a memory having instructions stored thereon; and a processor configured to execute the instructions stored on the memory to cause the router to perform at least the following: acquiring a private network data packet from a private network, and attaching identification information to the private network data packet, the identification information indicating via which port of a plurality of ports of the router the private network data packet is acquired; determining whether a bridge mode is set for the port indicated by the identification information of the private network data packet; in response to the determining that the bridge mode is set for the port indicated by the identification information of a first private network data packet acquired, assigning a public network IP address to the first private network data packet; and transmitting the first private network data packet by using the public network IP address. | 2022-01-20 |
20220021615 | HOST COMPUTER CONFIGURED TO FACILITATE DISTRIBUTED SNAT SERVICE - Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device. | 2022-01-20 |
20220021616 | DYNAMIC INTERNET PROTOCOL TRANSLATION USING PORT-CONTROL-PROTOCOL COMMUNICATION - A network device may receive, from a source device, an option request that includes a source address of the source device and a destination address of a destination device, wherein the network device is associated with an Internet protocol version 6 (IPv6) network. The network device may identify a map code that is associated with an address translation for traffic associated with the destination device and may determine, based on identifying the map code, a source prefix code and a destination prefix code for the address translation. The network device may determine a source IPv6 prefix and a destination IPv6 prefix for the address translation based on the source prefix code and the destination prefix code and may provide, to the source device, an option response to the option request to permit the source device to use the source IPv6 prefix and the destination IPv6 prefix for the traffic. | 2022-01-20 |
20220021617 | COMMUNICATION SYSTEM, COMMUNICATION APPARATUS AND BANDWIDTH ALLOCATION METHOD - A communication system includes a subscriber network unit and a communication device provided in an accommodating station. The subscriber network unit includes an acquisition unit that acquires uplink data from one or more lower-layer devices. The communication device includes: a data processing unit that acquires the uplink data from the subscriber network unit using a band of uplink communication and executes data processing on the acquired uplink data; a policy determination unit that determines a policy of band allocation of the uplink communication on the basis of the result of the data processing; and an allocation control unit that allocates the band of the uplink communication to the subscriber network unit on the basis of the policy. | 2022-01-20 |
20220021618 | METHOD FOR REGULATING TRAFFIC OF TCP FLOW - A method for regulating traffic of a Transmission Control Protocol (TCP) flow includes: deciding, based on a ratio of current bucket level to bucket size, a value of an Explicit Congestion Notification (ECN) bit of a packet; setting a field of a meter tag of the packet based on a packet length of the packet, the value of the ECN bit, and a current bucket level; updating the current bucket level based on the field of the meter tag; calculating an actual transmission rate; and determining an adjustment value based on a difference between the actual transmission rate and a target rate, and adjusting a rate of change of bucket level based on the adjustment value. | 2022-01-20 |
20220021619 | PACKET SWITCH AND PACKET PERIOD DETERMINATION METHOD - A packet switch that determines a time slot for closing transmission of low-priority packets based on a determination result of periods of high-priority packets having periodicity, the packet switch includes: a memory; and a processor coupled to the memory and configured to: determine, for respective input ports, the periods of the input high-priority packets; and determine a setting period of a gate control list in which the time slot for closing is set, based on the determined periods of the high-priority packets. | 2022-01-20 |
20220021620 | MANAGEMENT OF BACKGROUND DATA TRAFFIC - In various aspects, a system that comprises detecting a congestion event in a network that transmits a first group of data packets and a second group of data packets, wherein the detecting the congestion event comprises detecting the congestion event has initiated in response to a data packet throughput value of the network having been determined to have decreased below a threshold value; in response to the detecting of the congestion event, determine a transmission rate of the second group of data packets based on a transmission priority of the second group of data packets; determining a data packet dropping rate for the second group of data packets based on the transmission rate of the second group of data packets and a size of the first group of data packets and transmitting the second group of data packets utilizing the transmission rate and the data packet dropping rate. | 2022-01-20 |
20220021621 | REAL-TIME PROCESSING IN WIRELESS COMMUNICATIONS SYSTEMS - A method, an apparatus, and a computer program product for real-time processing in wireless communications systems. An interruption of processing of one or more first symbol packets at one or more wireless communication components is detected. A predetermined period of time for a delay in processing of one or more second symbol packets is determined. Processing of one or more second symbol packets is delayed until expiration of the predetermined period of time. Processing of one or more second symbol packets is then performed. | 2022-01-20 |
20220021622 | Determining Quality Information for a Route - Methods and systems for determining traffic information for devices along one or more routes are described. A content server may send a message to a plurality of devices along a route. The message may comprise an indication requesting each of the devices to send, to the content server, status information regarding the respective device. Intermediary devices may receive the message, respond with the requested information, and forward the message through the route. The message may comprise a stateless messaging protocol message such as an ICMP or UDP packet. | 2022-01-20 |
20220021623 | SERVICE PROCESSING METHOD, DEVICE, CHIP, AND COMPUTER PROGRAM - The present application discloses a service processing method, a device, a chip and a computer program, where the method includes: acquiring, by a first device, ingress window information of a service data packet; acquiring, by the first device, transmission delay information of the service data packet; and determining, by the first device, egress window information of the service data packet according to the ingress window information and the transmission delay information, which are acquired. By applying the solution of the present application, the egress window information and the like can be determined effectively. | 2022-01-20 |
20220021624 | OUTPUT PACING IN A CELLULAR COMMUNICATIONS SYSTEM SERVING AS A TIME-SENSITIVE NETWORKING (TSN) NODE - Systems and methods are disclosed herein for output pacing in a cellular communications system that serves as a virtual Time-Sensitive Networking (TSN) node in a TSN network. In some embodiments, a method of operation of a boundary node associated with a cellular communications system that operates as a virtual TSN node in a TSN network comprises receiving user plane traffic from a node in the cellular communications system. The user plane traffic is user plane traffic received by the cellular communications system from a previous hop TSN node. The method further comprises performing output pacing for the user plane traffic when outputting the user plane traffic to a next hop TSN node such that the user plane traffic is output to the next hop TSN node at a rate that matches a desired rate at the next hop TSN node. Corresponding embodiments of a boundary node are also disclosed. | 2022-01-20 |
20220021625 | SWITCH DEVICE, CONTROL DEVICE AND CORRESPONDING METHODS FOR ENHANCED SCHEDULABILITY AND THROUGHPUT ON A TSN NETWORK - A device and method for a switch to operate as an intermediate node in a Time Sensitive Network (TSN) are provided. The switch transmits a frame at a time if it is the right frame to be transmitted at the time according to a configuration stored by the switch. The switch does not transmit the frame at the time if it is not the right frame to be sent at the time according to the configuration. Further, a device and method for scheduling transmission of a data packet from a talker node to a listener node are provided, including sending a configuration to each switch of a subset of switches in the network comprising information on the flow and a timing when it is to be output from the switch. | 2022-01-20 |
20220021626 | INCORPORATING WEB APPLICATIONS INTO WEB PAGES AT THE NETWORK LEVEL - A proxy server automatically includes web applications in web pages at the network level. The proxy server receives, from a client device, a request for a network resource at a domain and is hosted at an origin server. The proxy server retrieves the requested network resource. The retrieved network resource does not include the web applications. The proxy server determines that the web applications are to be installed within the network resource. The proxy server automatically modifies the retrieved network resource to include the web applications. The proxy server transmits a response to the client device that includes the modified network resource. The network resource may remain unchanged at the origin server. | 2022-01-20 |
20220021627 | ON-DEMAND RESOURCE PROVISIONING - Methods, systems, and computer-readable media for on-demand resource provisioning for service instances. An on-demand service broker provisions IaaS resources at service instance creating time. The service broker provides a catalog listing one or more service plans, each service plan corresponds to a set of available resources. A user device selects a respective service plan that matches specific needs of an application that consumes the resources. The service broker generates a deployment manifest based on the selected service plan. The service broker then submits the deployment manifest to a deployment system. The deployment system provisions the resources to the service instance according to the manifest generated by the service broker. | 2022-01-20 |
20220021628 | COMMUNICATION CONTROL METHOD - In a smartphone or a personal computer, when there is an application which performs communication which a user is unconscious of, a communication volume increases unintentionally, and there arise problems in that a maximum communication volume is exceed, a network bandwidth of a base station is compressed, or communication being intentionally performed is disturbed. In order to solve the above problems, provided is a communication control method used in a communication control device capable of performing communication using an application via a communication line, and includes an application control step of switching a plurality of applications between a foreground state and a background state and a communication control step of changing an allocation amount of a network bandwidth of an application in accordance with whether the switched application is in the foreground state or the background state. | 2022-01-20 |
20220021629 | Coalescing packets based on hints generated by network adapter - A network node includes a network adapter and a host. The network adapter is coupled to a communication network. The host includes a processor running a client process and a communication stack, and is configured to receive packets from the communication network, and classify the received packets into respective flows that are associated with respective chunks in a receive buffer, to distribute payloads of the received packets among the chunks so that payloads of packets classified to a given flow are stored in a given chunk assigned to the given flow, and to notify the communication stack of the payloads in the given chunk, for transferring the payloads in the given chunk to the client process. | 2022-01-20 |
20220021630 | PRIMARY CHAT BOT SERVICE AND SECONDARY CHAT BOT SERVICE INTEGRATION - A chat message from a user to a primary chat bot service is received. A secondary chat bot service is automatically evaluated and selected to handle the chat message, wherein the secondary chat bot service is selected from a plurality of candidate secondary chat bot services that includes at least one chat bot service provided by a third-party entity external to an entity providing the primary chat bot service. The chat message is forwarded to the selected secondary chat bot service. | 2022-01-20 |
20220021631 | PROVIDING MESSAGE RESPONSE SUGGESTIONS - Systems and processes for providing response suggestions are provided. In one example process, a textual representation of a message is received. Based on the textual representation of the message, one or more response categories and a predetermined number of suggested inputs corresponding to each of the one of more response categories are obtained. Based on the predetermined number of suggested inputs corresponding to each of the one of more response categories, one or more suggested inputs for each of the one or more response categories are determined. The one or more suggested inputs are provided as response suggestions to the message. | 2022-01-20 |
20220021632 | COMPUTERIZED SYSTEM AND METHOD FOR OPTIMIZING DELIVERY OF DIGITAL MESSAGES - Disclosed are systems and methods for improving interactions with and between computers in content providing, searching and/or hosting systems supported by or configured with devices, servers and/or platforms. The disclosed systems and methods provide a framework for delivering electronic messages to a recipient in an optimized manner based on current real-world and digital activities associated with the recipient. Once a message sent by a sender is received by the message platform, the message and information related to a user's activity is analyzed, and a delivery condition is determined by the messaging platform. The platform then sends the message according to that delivery condition, such that it is delivered to the user only upon the platform relaying the message thereon when the condition is satisfied or occurs. | 2022-01-20 |
20220021633 | METHOD AND SYSTEM FOR PROVIDING INTEROPERABILITY FOR RICH COMMUNICATION SUITE (RCS) MESSAGING WITH LOCAL AND REMOTE APPLICATIONS - A method and system for providing interoperability for Rich Communications Suite/Systems (RCS) messaging with local and remote applications. If a target network device cannot directly receive RCS messages, electronic messages are modified on an RCS message application to include different types of electronic links to remote or local RCS interoperability applications. The local or remote RCS interoperability applications independently provides seamless, rich multi-media RCS functionality to the target network device when the electronic link is activated in the modified electronic message. The local or remote RCS interoperability applications provide two-way RCS message communications between target network devices without RCS functionality and target network devices with RCS functionality. | 2022-01-20 |
20220021634 | INFORMATION LINKAGE DEVICE, INFORMATION LINKAGE SYSTEM, INFORMATION LINKAGE METHOD, AND PROGRAM - Provided is an information linkage device for causing information in a chat server that manages chat information to be reflected in an information management system that manages action item information. The information linkage device includes a control unit for analyzing information handled in a chat transmitted/received to and from the chat server via a network and acquiring action item information, and transmitting the action item information to the information management system. | 2022-01-20 |
20220021635 | COMPUTERIZED SYSTEM AND METHOD FOR CONTROLLING ELECTRONIC MESSAGES AND THEIR RESPONSES AFTER DELIVERY - Disclosed are systems and methods for improving interactions with and between computers in content searching, hosting and/or providing systems supported by or configured with devices, servers and/or platforms. The disclosed systems and methods for efficiently monitoring and following up on delivered messages for which a user expects and/or requires a reply. The disclosed functionality provides a fully automated, personalized, easy and efficient way to identify and manage outgoing mail messages that require reply by marking outbound messages as RSVP messages, which are those messages determined to require a reply. Such functionality is based on the ability of the disclosed framework to distinguish between a “satisfactory response” (i.e., a response that includes the required information) and a response that is not. | 2022-01-20 |
20220021636 | System and Method for Alerts for Missing Coverage of Chatbot Conversation Messages - A method, system, and computer-usable medium are disclosed for identifying areas to improve an interactive conversational system, such as a chatbot. A stream of stream of conversational interactions C (C | 2022-01-20 |
20220021637 | PRIVATE DATA SHARING SYSTEM - A novel architecture for a data sharing system (DSS) is disclosed and seeks to ensure the privacy and security of users' personal information. In this type of network, a user's personally identifiable information is stored and transmitted in an encrypted form, with few exceptions. The only key with which that encrypted data can be decrypted, and thus viewed, remains in the sole possession of the user and the user's friends/contacts within the system. This arrangement ensures that a user's personally identifiable information cannot be examined by anyone other than the user or his friends/contacts. This arrangement also makes it more difficult for the web site or service hosting the DSS to exploit its users' personally identifiable information. Such a system facilitates the encryption, storage, exchange and decryption of personal, confidential and/or proprietary data. | 2022-01-20 |
20220021638 | EFFICIENTLY MAPPING A DISTRIBUTED RESOURCE TO A VIRTUAL NETWORK - A distributed resource may be mapped into a virtual network, where the resource is distributed across a large number of nodes that are uniquely addressable within the distributed resource service's address space. The resource can be represented using a relatively small number of private VIP addresses within the virtual network, while still enabling access to all of the nodes that are uniquely addressable within the address space of the distributed resource service. A resource map may be created that relates the distributed resource service's address space to the virtual network's address space. The resource map may be used by a gateway that facilitates access to a distributed resource by clients. The resource map may also be used to translate packets that are sent from clients within a virtual network into the distributed resource service's address space. | 2022-01-20 |
20220021639 | SYSTEM AND METHOD FOR GENERATING CONCURRENTLY LIVE AND TEST VERSIONS OF DNS DATA - A system for concurrently facilitating publishing a current version of a plurality of Domain Name System (DNS) records for a domain name and storing a next version of the plurality of DNS records for the domain name, the system comprising a record selection module for obtaining selected data of registry data associated with the domain name stored in a registry database; a DNS Security (DNSSEC) signing system having at least one signing module for digitally signing the selected data of the registry data; a distribution system for coordinating concurrent generation of the current version and the next version; and the distribution system and signing system cooperating to, in part, generate the current version according to a first set of generation instructions and transmit the current version to one or more authoritative servers of the DNS in a first transmission path that bypasses storing the current version in the registry database. | 2022-01-20 |
20220021640 | METHODS AND SYSTEMS FOR IMPLEMENTING VERY LARGE DNS ZONES - Systems, methods and devices are provided for registering DNS hostnames of Internet host devices for very large domain zones (VLZ) stored on a DNS server on a network, including setting a pseudo-zone as the VLZ, intercepting DNS updates to the pseudo-zone, mapping the entries in the pseudo-zone into a hierarchy of real parent zones and sub-zones using a mapping formula, and translating DNS updates to the pseudo-zone from an original fully qualified domain name (FQDN) into a at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server. | 2022-01-20 |
20220021641 | HELPING MDNS DISCOVERY BETWEEN RESOURCE-SEEKING AND RESOURCE-PROVIDING DEVICES BY MODIFYING MDNS RESPONSE TO LOWER ONE OR MORE TTL VALUES - An apparatus for helping with multicast domain name service (MDNS) discovery includes one or more processors configured to receive a first MDNS query from the resource-seeking device, receive a first MDNS response from the resource-providing device, and generate a second MDNS response according to the first MDNS response. The second MDNS response is generated at least by including a resource record from the first MDNS response and setting a time-to-live (TTL) value of the resource record in the second MDNS response to be lower than an original TTL value as specified for the resource record in the first MDNS response. The second MDNS response is sent to the resource-seeking device in response to the first MDNS query. A hospitality establishment may thereby soft assign a media device to a user device while retaining the ability to change the media device assigned to the user device. | 2022-01-20 |
20220021642 | METHOD FOR OBTAINING INTERNET PROTOCOL IP ADDRESS OF TERMINAL DEVICE, DEVICE, AND SYSTEM - A method for obtaining an IP address of a terminal device comprising: an application function network element sends a first event registration request to a capability exposure network element, where the first event registration request is used to request to obtain, from the capability exposure network element, an IP address of a terminal device in a group, the application function network element receives a first event notification message from the capability exposure network element, where the first event notification message includes an IP address of a first terminal device in the group. | 2022-01-20 |
20220021643 | POSITION PARAMETERIZED RECURSIVE NETWORK ARCHITECTURE WITH TOPOLOGICAL ADDRESSING - A digital data communications network that supports efficient, scalable routing of data and use of network resources by combining a recursive division of the network into hierarchical sub-networks with repeating parameterized general purpose link communication protocols and an addressing methodology that reflects the physical structure of the underlying network hardware. The sub-division of the network enhances security by reducing the amount of the network visible to an attack and by insulating the network hardware itself from attack. The fixed bandwidth range at each sub-network level allows quality of service to be assured and controlled. The routing of data is aided by a topological addressing scheme that allows data packets to be forwarded towards their destination based on only local knowledge of the network structure, with automatic support for mobility and multicasting. The repeating structures in the network greatly simplify network management and reduce the effort to engineer new network capabilities. | 2022-01-20 |
20220021644 | NETWORK CONTAINERS - The systems and methods that maintain an IP address of a container when the container is moved from a first node to a second node in a data center are provided. Each node includes a local controller which is communicatively coupled to the central controller. The local controller generates an IP address for a container that executes on the first node. A label unique to the container is also generated on the first node. The local controller then synchronizes the IP address and the label of the container with the central controller. The central controller then passes the IP address and the label to the second node when the container is moved from the first node to the second node, and ensures that the IP address of the container remains the same before and after the move. | 2022-01-20 |
20220021645 | FACILITATING DISTRIBUTED SNAT SERVICE - Some embodiments of the invention provide novel methods for facilitating a distributed SNAT (dSNAT) middlebox service operation for a first network at a host computer in the first network on which the dSNAT middlebox service operation is performed and a gateway device between the first network and a second network. The novel methods enable dSNAT that provides stateful SNAT at multiple host computers, thus avoiding the bottleneck problem associated with providing stateful SNAT at gateways and also significantly reduces the need to redirect packets received at the wrong host by using a capacity of off-the-shelf gateway devices to perform IPv6 encapsulation for IPv4 packets and assigning locally unique IPv6 addresses to each host executing a dSNAT middlebox service instance that are used by the gateway device. | 2022-01-20 |
20220021646 | EFFICIENT NETWORK ADDRESS TRANSLATION (NAT) IN CLOUD NETWORKS - A method is implemented by a network device for enabling destination network address translation in a cloud network. The method includes determining that packets having a first public address as a source address and a second public address as a destination address are to be forwarded to a first host that is assigned a first private address and sending a first advertisement message to a gateway indicating that packets having the first public address as a source address and the second public address as a destination address are to be forwarded to a first switch connected to the first host, where the first switch is configured to translate the destination address of those packets from the second public address to the first private address assigned to the first host. | 2022-01-20 |
20220021647 | Methods, Routers, Media and Apparatus for Implementing Enhanced UPnP Subscriptions - The disclosure relates to methods, routers, media and apparatus for implementing enhanced UPnP subscriptions. According to an embodiment of the disclosure, there is provided a method for implementing an enhanced UPnP subscription, comprising, by a UPnP-enabled router: receiving a subscription message for a subscription, wherein the subscription message specifies a delivery uniform resource locator (URL), the delivery URL is a location where an event message targeted by the subscription is to be sent; checking, based on a whitelist, whether an IP address or a domain name in the delivery URL is contained in the whitelist; and determining whether to reject the subscription message based on the checking result. Through embodiments of the disclosure, both flexible subscription and high security can be achieved. | 2022-01-20 |
20220021648 | DISTRIBUTED IDENTITY-BASED FIREWALL POLICY EVALUATION - Methods and systems for identity-based firewall policy evaluation and for encoding entity identifiers for use in identity-based firewall policy evaluation. A method includes intercepting a packet from a sender entity to a recipient entity; determining whether the sender entity is permitted to communicate with the recipient entity according to a firewall policy, wherein the firewall policy indicates a plurality of entity identifiers, wherein each entity identifier is unique among the plurality of entity identifiers, wherein the rules for communications among the plurality of entities include a list of pairs of entities which are permitted to communicate with each other; forwarding the packet to the recipient entity when it is determined that the sender entity is permitted to communicate with the recipient entity; and performing at least one mitigation action when it is determined that the recipient entity is not permitted to communicate with the sender entity. | 2022-01-20 |
20220021649 | POLICY BASED MECHANISM TO EFFICIENTLY INTERPRET AND BLOCK INSECURE NETWORK COMMUNICATION - The disclosure provides an approach for network security. Embodiments include receiving, by a kernel of a first machine, via a hook in a protocol stack of the first machine, one or more packets of a connection between the first machine and a second machine Embodiments include generating a metadata object for the connection based on at least a subset of the one or more packets. Embodiments include adding the one or more packets to a queue accessible by a security component of the first machine. Embodiments include determining, based on the metadata object, whether to continue capturing additional packets of the connection. Embodiments include receiving, from the security component, a security determination regarding the connection based on the one or more packets. Embodiments include performing an action with respect to the connection based on the security determination. | 2022-01-20 |
20220021650 | METHODS AND SYSTEMS FOR EFFICIENT ENCRYPTED SNI FILTERING FOR CYBERSECURITY APPLICATIONS - A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets. | 2022-01-20 |
20220021651 | Methods and Systems for Efficient Encrypted SNI filtering for Cybersecurity Applications - A packet-filtering system described herein may be configured to filter packets with encrypted hostnames in accordance with one or packet-filtering rules. The packet-filtering system may resolve a plaintext hostname from ciphertext comprising an encrypted Server Name Indication (eSNI) value. The packet-filtering system may resolve the plaintext hostname using a plurality of techniques. Once the plaintext hostname is resolved, the packet-filtering system may then use the plaintext hostname to determine whether the packets are associated with one or more threat indicators. If the packet-filtering system determines that the packets are associated with one or more threat indicators, the packet-filtering system may apply a packet filtering operation associated with the packet-filtering rules to the packets. | 2022-01-20 |
20220021652 | Cloud data lake platform and SaaS orchestration - A method for rapid deployment by a service provider of a data lake in association with a cloud computing service. In response to a request to provision the data lake, a new cloud account is created. Within the new cloud account, a service provider access role and associated permissions are created. The new cloud account is then associated, by cross-trust, with an account in the cloud computing service that is one of: a service provider deployment account, and a customer account. A private data cloud is then associated with the service provider deployment account or the customer account, as the case may be. The private data cloud is uniquely associated with the new cloud account and the data lake. A firewall service enabling secure access between the data data lake and an external enterprise network is provisioned. The data lake is then provisioned in the private data cloud to complete the rapid deployment. | 2022-01-20 |
20220021653 | NETWORK SECURITY DEVICE - An out-of-the-box security device is described for a local network to extend security features offered by a communications network to the local network. Communications of the security device to the network may include a secure, layer 2 or layer 3 communication tunnel established with a security platform of the network. Aspects of the security device, such as a security profile and other security information, may be configured or provided by the security platform via the secure tunnel such that installation costs of the device are reduced. Further, the security features of the network may be extended to the local network via the security device for local networks that connect to the network through one or more other networks. Such security features may be provided by the security device at the local network or may be provided by the network based on a flag bit asserted by the security device. | 2022-01-20 |
20220021654 | MULTI-NETWORK SYSTEM ARCHITECTURE WITH ELECTRONIC SEGMENTATION - Systems and methods for establishing a secure communication network at a first location are provided. For example, a risk mitigation computing device may deploy, at the first location, a pre-configuration routine to access a risk assessment computer system that is remote from the first location. Based on the pre-configuration routine, the risk mitigation computing device may automatically generate a virtual private network (VPN) with the risk assessment computer system. The risk mitigation computing device may initiate an authentication process to confirm an identity of a user operating the risk mitigation computing device. Upon receiving an authentication approval associated with the authentication process, the risk mitigation computing device may establish a segmented home network that includes the secure communication network via VPN to access the risk assessment computer system and a second communication network that does not access the secure communication network. | 2022-01-20 |
20220021655 | OPTIMIZATION OF REDUNDANT USAGE PATTERNS BASED ON HISTORICAL DATA AND SECURITY CONSTRAINTS - Typically, a business desires to track and monitor all applications run on its servers. Nonetheless, one or more unauthorized applications may be running on the business's servers, exposing the business to potential regulatory liability and security breaches. Apparatus and methods are provided for isolating and disabling one or more unauthorized applications running on a server. The apparatus may comprise a system including a content-filtering web proxy server configured to filter outgoing requests and data associated with the requests. The system may also include a remediation framework configured to monitor request data in a proxy log stored by the proxy server. The remediation framework may be triggered to perform remedial action when the remediation framework determines that a request and associated data, as stored in the proxy log, meets predetermined conditions. The remediation framework, when triggered, may execute steps to truncate functionality of the unauthorized applications. | 2022-01-20 |
20220021656 | SCALABLE PROXY CLUSTERS - The invention enables high-availability, high-scale, high security and disaster recovery for API computing, including in terms of capture of data traffic passing through proxies, routing communications between clients and servers, and load balancing and/or forwarding functions. The invention inter alia provides (i) a scalable cluster of proxies configured to route communications between clients and servers, without any single point of failure, (ii) proxy nodes configured for implementing the scalable cluster (iii) efficient methods of configuring the proxy cluster, (iv) natural resiliency of clusters and/or proxy nodes within a cluster, (v) methods for scaling of clusters, (vi) configurability of clusters to span multiple servers, multiple racks and multiple datacenters, thereby ensuring high availability and disaster recovery (vii) switching between proxies or between servers without loss of session. | 2022-01-20 |
20220021657 | END USER CREATION OF TRUSTED INTEGRATION PATHWAYS BETWEEN DIFFERENT ENTERPRISE SYSTEMS - Methods and systems are used for end user creation of trusted integration pathways between different enterprise systems. As an example, a set of identity information associated with an end user is determined. A set of systems and a set of configurable trusted integration pathways that the end user is authorized to create a trusted integration pathway between two systems is determined. A selection of a source system and a destination system from the set of systems is received. A set of information from the source system that is allowed to be shared with the destination system based on pre-defined metadata is identified. A trusted integration pathway between the source system and the destination system is generated, based on a selection of at least a portion of the set of information and the pre-defined metadata. | 2022-01-20 |
20220021658 | PROCESS FOR DECLARING THE NON-USABILITY OF EXCHANGED DATA - A method of making secure a communication between a first and at least one second terminal is disclosed. Each terminal being configured to interact with a user via a corresponding human-machine interface, the method comprising selecting, on the first terminal, a usability index for signals in a stream; transmitting the stream from the first terminal to at least one node of a network; connecting a third-party device to the node according to the usability index; and receiving, on the at least one second terminal, the stream from the node. | 2022-01-20 |
20220021659 | PROVIDING ANONYMOUS NETWORK DATA TO AN ARTIFICIAL INTELLIGENCE MODEL FOR PROCESSING IN NEAR-REAL TIME - A device may receive, from a network device in near-real time, a packet of data associated with network traffic of a network, wherein the packet includes privacy-related data and network-related data. The device may read the privacy-related data from the packet. The device may generate anonymous data based on the privacy-related data, wherein the anonymous data obscures the privacy-related data. The device may generate a mapping between the anonymous data and the privacy-related data. The device may combine the anonymous data and the network-related data to generate a masked packet. The device may provide the masked packet to a server device. The device may receive, from the server device, data identifying a recommendation that is generated by processing the masked packet with an artificial intelligence model. The device may perform one or more actions based on the recommendation. | 2022-01-20 |
20220021660 | DATA PRIVACY SYSTEM - A backend computer and methods of using the backend computer are described. The method may comprise: receiving, at a first backend computer, sensor data associated with a vehicle; determining a labeling of the sensor data, comprising: determining personal data and determining non-personal data that is separated from the personal data, wherein each of the personal and non-personal data comprise labeled data, wherein the personal data comprises information relating to at least one identified or identifiable natural person; and performing via the personal data and the non-personal data that is separated from the personal data, at the first backend computer, data processing associated with collecting sensor data associated with the vehicle. | 2022-01-20 |
20220021661 | INITIALIZATION ENCRYPTION FOR STREAMING CONTENT - Methods are disclosed for creating a virtual encryption session prior to video streaming content being requested to reduce or eliminate delay in initialization of the encryption session and content delivery to the customer. A virtual session has control word(s) (CW) and virtual entitlement control message(s) (ECM) that are devoid of content specific information. One or more virtual sessions may be stored at an edge device and may be used to encrypt the first portion of a content stream while a content-specific encryption session is being initiated. | 2022-01-20 |
20220021662 | OPERATING SYSTEM FOR BLOCKCHAIN IOT DEVICES - The invention provides a generic operating system for coordinating, controlling and/or influencing the activities of a device. The invention is implemented using a blockchain platform with which the operating system is arranged to interact. The blockchain may be the Bitcoin blockchain. In a preferred embodiment, the device is an Internet of Things (TOT) device. The invention provides a computer-implemented control system and corresponding method for controlling a device, the system comprising a device configured for wireless communication with a network and having an IP address and a public-private key cryptographic key pair associated with the device; a software-implemented control component arranged to monitor the state of a blockchain network and/or transmit blockchain Transactions to the blockchain network; and a set of instructions arranged for execution by the control component to control the functionality of the device. The control component is arranged to access the set of instructions from a stored location, which is separate to the device. The instructions may be stored in a Distributed Hash Table (DHT) and accessed for download and installation by the control component from the DHT as and when needed. The location of the DHT and/or instructions may be indicated or provided using metadata provided within a blockchain transaction. The set of instructions may be accessed by the control component using a look-up key, which is related to a cryptographic key pair. The control component is provided on or in the device, or in other embodiments can be provided in an off-device location and arranged for wireless communication with the device. | 2022-01-20 |
20220021663 | COMMUNICATION MODULE - Various aspects of the present disclosure are directed to a communication module for data transmission between at least one hardware component which is integrated into an internal network of a technical system and a back-end computer system which is connected to a packet-switched data network. In one example embodiment, a communication module is disclosed including a point-to-point connection, a device-proximal gateway is configured and arranged to provide a data transmission interface between the point-to-point connection and the internal network, and a network-proximal gateway connected to the device-proximal gateway via the point-to-point connection without intermediate stations, the network-proximal gateway configured and arranged to provide a data transmission interface between the packet-switched data network and the point-to-point connection. | 2022-01-20 |
20220021664 | Device Identification Scoring - Device identification scoring systems and methods may be provided that can increase the reliability and security of communications between devices and service providers. Users may select and configure additional identification factors that are unique and convenient for them. These factors, along with additional environmental variables, feed into a trust score computation that weights the trustworthiness of the device context requesting communication with a service provider. Service providers rely on the trust score rather than enforce a specific identification routine themselves. A combination of identification factors selected by the user can be aggregated together to produce a trust score high enough to gain access to a given online service provider. A threshold of identification risk may be required to access a service or account provided by the online service provider. | 2022-01-20 |
20220021665 | ZERO TRUST FOR EDGE DEVICES - In one embodiment, a networking device at an edge of a network enrolls with a controller that supervises operation of the networking device. The networking device sends a publication request to a cloud-based messaging service. The networking device provides, to the cloud-based messaging service, identification information that indicates the controller that supervises operation of the networking device. The networking device receives, from the cloud-based messaging service, authorization to publish messages to the cloud-based messaging service. The cloud-based messaging service uses the identification information to confirm an identity of the networking device with the controller that supervises operation of the networking device. The networking device sends, after receiving authorization to publish messages to the cloud-based messaging service, a message for publication to the cloud-based messaging service. The message comprises data sourced from an endpoint in the network. | 2022-01-20 |
20220021666 | Contactless Authentication and Event Processing - Systems for contactless authentication and event processing are provided. In some examples, a user may request processing of an event. The user may provide user identifying or event identifying information that may be transmitted to contactless processing computing platform. Based on the user identifying information, additional user data may be retrieved. An interactive authentication request may be generated and transmitted to the user computing device. The interactive authentication request may include a request for one or more types of authentication data. The user may input authentication response data into the user computing device, which may then be transmitted to the contactless processing computing platform for evaluation. The authentication response data may be evaluated to determine whether it includes a trigger, whether it matches pre-stored authentication data, and the like. In response, one or more authentication outputs may be generated and/or the requested event may be processed or denied. | 2022-01-20 |
20220021667 | BUILDING MANAGEMENT SYSTEM ARCHITECTURE - A building control device includes a controller for controlling one or more building control components, the controller configured to generate building control information and/or consume building control information. The building control device includes an MQTT component that is operatively coupled to the controller, the MQTT component for publishing outgoing building control information generated by the controller and/or subscribing to incoming building control information for consumption by the controller over an IP network. A MUD component is for use in advertising one or more specifications for the building control device on the IP network. | 2022-01-20 |
20220021668 | USER AUTHENTICATION BASED ON CONFIDENCE LEVELS FOR IDENTITY PREDICTIONS - A computing device determines availability of device features based on confidence levels associated with predicted identities of an individual within a recognition range of the device. The computing device determines the one or more confidence levels based on captured recognition information including biometric data describing the individual. The computing device determines whether a given action associated with a device feature is available to an individual based on whether the confidence level satisfies authorization criteria corresponding to the action. | 2022-01-20 |
20220021669 | BIOMETRIC AUTHENTICATION SYSTEM AND LIVING BODY INFORMATION DETECTION DEVICE - A biometric authentication system is a biometric authentication system having a detection device and an authentication device performing personal authentication. The detection device has a plurality of sensor elements, a plurality of gate lines and a plurality of signal lines provided in correspondence with the sensor elements, and gate line drive circuit scanning the gate lines. | 2022-01-20 |
20220021670 | NETWORK DEVICE IDENTIFICATION - There is provided a method comprising: maintaining a database of one or more computer devices registered at a computer network, detecting a connection request from a new computer device, determining a physical location of the new computer device and comparing the physical location of the new computer device with the physical location data stored in the database. In response to detecting a previously registered computer device of the one or more computer devices having at least an approximately same physical location as the new computer device based on the comparison, the method further comprises determining that a change has occurred in network-based identification data of the previously registered computer device and taking further action to protect the computer devices from a security threat caused by the change of the network-based identification data. | 2022-01-20 |
20220021671 | SCALABLE ONBOARDING FOR INTERNET-CONNECTED DEVICES - Examples described herein include systems and methods for onboarding a device into a management system. An example method can include loading a management agent onto the device and receiving inventory information for the device. The example method can further include receiving a request to whitelist the device. In some examples, the request originates from a different device, such as a device used by a technician installing the connected device. The management server can authorize the device and add it to the whitelist. After authorizing the device, the management server can onboard the device by sending management information to the management agent on the device. The management server can then exercise management control of the device through the management agent installed on the device. | 2022-01-20 |
20220021672 | Multi-Factor Message Authentication - Systems, methods, and apparatuses are described for authenticating a user device and/or user application. A user device may receive, based on a first authentication request, a plurality of messages sent over a plurality of channels of communication (e.g., a message to a URL address associated with the user device and a binary Short Message Service (SMS) message). Based on information from the messages, the user device may transmit a second authentication request. | 2022-01-20 |
20220021673 | DATABASE SYSTEM INTEGRATIONS WITH EXTERNAL STORAGE LOCATIONS - A command to load or unload data at a storage location is received. In response to the command, a storage integration object associated with the storage location is identified. The storage integration object identifies a cloud identity object that corresponds to a cloud identity that is associated with a proxy identity object corresponding to a proxy identity granted permission to access the storage location. The data is loaded or unloaded at the storage location by assuming the proxy identity. | 2022-01-20 |
20220021674 | AUTHORISING OPERATIONS FOR DEVICES IN A NETWORK - The disclosure related to methods and associated devices and/or systems for authorising at least one operation associated with a device, the device operating in a communication network, such as a user network, that comprises a plurality of devices communicatively coupled to a server computer, such as a control server. The disclosed method comprises generating a data model based on a plurality of patterns of actions for one or more devices among the plurality of devices. The data model is configured to detect and/or store at least one regular pattern of actions for each device among the one or more devices, each action corresponding to an operating state of the device. The disclosed method comprises receiving a request for an operation associated with a first device among the plurality of devices and determining if the received request satisfies a first criterion, the first criterion being based on or associated with the data model. Then, based on a determination that the first criterion is not satisfied, the disclosed method comprises generating at least one query based on a regular pattern of actions of at least one device among the one or more devices and sending the at least one query to a user interface. The disclosed method comprises determining if a response to the at least one query received from the user interface satisfies a second criterion. The second criterion is based on a comparison of the response received with the regular pattern of actions associated with the query in the data model. Then, based on a determination that the second condition is satisfied, the disclosed method comprises authorising the received request for the operation and providing a setting for the first device and/or control server based on the authorisation. | 2022-01-20 |
20220021675 | METHOD OF USING DHCP HOST NAME TO IDENTIFY A UNIQUE DEVICE IN ABSENSE OF UNIQUE MAC ADDRESS IN ORDER TO APPLY NETWORK FIREWALL OR ACCESS CONTROL RULES - Various embodiments provide an approach to application of access rules for Internet access based on DHCP host names in absence of a unique MAC address. The access rules can be modified by giving due consideration to various parameters associated with the users of the system. The system can be configured and managed by using mobile apps and web interfaces. | 2022-01-20 |
20220021676 | DATA MANAGEMENT SYSTEM - A system for sharing data between tenants served by a software instance. In the system, a first tenant can ensure that data is transferred to a trusted connection by virtue of a trusted established between the first tenant and a second tenant, and a trusted connection between the second tenant and a third tenant. The system allows the identity of the third tenant to be kept secret from the first tenant, thus maintaining the privacy of the third tenants. In addition, the system allows for the first tenant to force control over the tenants with which the second tenant is allowed to share the first portion of the data, and the second tenant can provide an additional layer of this control. | 2022-01-20 |
20220021677 | SYSTEM AND METHOD FOR FEDERATED IDENTITY FUNCTIONALITY FOR API DEVELOPMENT - A system and method for federated identity functionality for API integration can include creating an identity token associated with an application service; in association with the application service, configuring a linked service token of an external service; storing the linked service token in association with the identity token; invoking the application service which includes validating the identity token and performing an application programming interface (API) interaction with the external service using the linked service token. | 2022-01-20 |
20220021678 | INTERFACE-BASED ACLS IN A LAYER-2 NETWORK - Systems and methods of interface-based ACLs in a virtual Layer-2 network. The method can include sending a packet from source compute instance in a virtual network to a destination compute instance via a destination virtual network interface card (destination VNIC) within a first virtual layer 2 network and evaluating an access control list (ACL) for the packet with a source virtual network interface card (source VNIC). ACL information relevant to the packet can be embedded in the packet. The VSRS can receive the packet and can identify the destination VNIC within the first virtual layer 2 network for delivery of the packet based on information received with the packet and mapping information contained within a mapping table. The VSRS can access ACL information from the packet and can apply the ACL information to the packet. | 2022-01-20 |
20220021679 | METHOD AND SYSTEM FOR PACKET PROCESSING ACCORDING TO ACCESS CONTROL LIST TABLE - The present invention provides a method for packet processing according to a access control list table, comprising: receiving a packet, wherein the packet includes a packet information and match items for matching; providing an access control list (ACL) codeword table; providing a mask table, wherein the ACL codeword table corresponds to the mask table; obtaining a hash key by performing a multiplexing logic operation, wherein the hash key is made by combining a multiplex result of the packet information and the mask table; obtaining a hash value by performing a hash function based on the hash key, wherein the hash value is composed of X+Y, wherein X is a signature table (hash table) index and Y is a key digest; performing a hash table indexing, based on the signature table index, wherein the signature table index is the index to an address of signature table; performing a fast pattern match, wherein the signature table contains signature fields, and if any second signature field in the signature table is matched with the digest key, the action table index of the same signature field is then assigned to an address index to an action table; and applying an action to the packet, wherein the action is listed in the action table. | 2022-01-20 |
20220021680 | VIDEO SIGNALING FOR USER VALIDATION IN ONLINE JOIN SCENARIOS - An online meeting service is configured to determine whether a prospective meeting participant is among a known group of trusted users (e.g., logged in to a trusted domain). If the prospective meeting participant is validated as a trusted user, they may join a meeting without additional steps. If the prospective meeting participant is not validated as a trusted user, they may consent to have the meeting organizer view them through their camera in order to confirm that they may have meeting access. If the organizer recognizes the prospective participant through the camera image (still or video), the organizer may admit them to the meeting. | 2022-01-20 |
20220021681 | METHOD AND SYSTEM FOR INITIATING A TRANSFER OF RESOURCES - A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources is less than the first threshold, and in response to determining that the sum of the first quantity of resources and the second quantity of resources is less than the first threshold, initiate the transfer of the first quantity of resources. | 2022-01-20 |
20220021682 | METHODS AND SYSTEMS FOR ESTABLISHING COMMUNICATION WITH USERS BASED ON BIOMETRIC DATA - Methods and systems are disclosed herein for establishing communication with users based on biometric data. For example, in response to determining that a user has a particular biometric state, the media guidance application may present an option to contact another user that is associated with that biometric state. | 2022-01-20 |
20220021683 | METHOD AND SYSTEM FOR PROVIDING FRACTIONALIZED ACCESS TO CYBERSECURITY INTELLIGENCE CONTENT OR CYBERSECURITY SERVICE - A computing system and a method performed by the computing system are presented. The system may provide a cybersecurity analysis platform, and the method may include outputting a plurality of content access options for selection by a user or group of users of the platform, wherein the content access options are associated with different amounts of content access to a cybersecurity intelligence content source. The method may further involve receiving a selection of one of the content access options, and updating, based on the selection, a profile that indicates an amount of content access allocated to the user or group of users. The method may involve receiving a content request from the user or group of users for cybersecurity intelligence content, and responding to the content requested based on whether the allocated amount of content access has been completely depleted. | 2022-01-20 |
20220021684 | GUEST ACCESS TO CONTROL DEVICES - A method for granting guest access to a control device includes detecting, by a monitoring control unit, a new connection of a guest device to a network, transmitting, by the monitoring control unit and to an authorized device, a request to grant access to the guest device to control a monitoring system, in response to the request, receiving, by the monitoring control unit, approval to grant access to the guest device to control the monitoring system, and in response to the approval, transmitting, by the monitoring control unit and to the guest device, (i) data that allows the guest device to access a web service and (ii) a temporary authentication token. | 2022-01-20 |
20220021685 | Enhancement to the IS-IS protocol for eliminating unwanted network traffic - Systems and methods for enhancing a routing protocol of a telecommunications network are provided. In one embodiment, a method for enhancing the Intermediate System to Intermediate System (IS-IS) routing protocol is provided. The method includes receiving a packet from a first peer device on a network; determining whether a mismatch exists in an authentication of the packet from the first peer device; and responsive to an authentication mismatch, sending a flush instruction to a plurality of peer devices on the network to remove any link state packets from the first peer device. The plurality of peer devices are configured to remove all link state packets from the first peer device regardless of a type of authentication and a type of mismatch. | 2022-01-20 |
20220021686 | SECURITY THREAT DETECTION BASED ON PROCESS INFORMATION - Example methods and systems for a computer system to perform security threat detection are described. In one example, a computer system may intercept an egress packet from a virtualized computing instance to pause forwarding of the egress packet towards a destination and obtain process information associated a process from which the egress packet originates. The computer system may initiate security analysis based on the process information. In response to determination that the process is a potential security threat based on the security analysis, the egress packet may be dropped, and a remediation action performed. Otherwise, the egress packet may be forwarded towards the destination. | 2022-01-20 |
20220021687 | DYNAMIC REKEYING OF IPSEC SECURITY ASSOCIATIONS - Certain embodiments described herein are relate to a method for dynamically rekeying a security association. The method includes establishing, by a destination tunnel endpoint (TEP), an in-bound security association with a source TEP, with a first security parameter index (SPI) value, for encrypting data packets communicated between the source TEP and the destination TEP. The method further includes rekeying, by the destination TEP, the in-bound security association, the rekeying including generating a second SPI value for replacing the first SPI value based on a trigger event relating to at least one of a real-time security score of the in-bound security association, a number of security associations assigned to a compute resource that the in-bound security resource is assigned to, an amount of load managed by the compute resource that the in-bound security resource is assigned to, and an indication received from an administrator. | 2022-01-20 |
20220021688 | SELF-CONTAINED ROBOTIC UNITS FOR PROVIDING MOBILE NETWORK SERVICES AND INTELLIGENT PERIMETER - Disclosed are systems and methods for a robotic mobile perimeter and telecommunication network. One or more stationary ground units are associated with a perimeter protected entity and comprise a broadband cellular network core for providing a private telecommunication network, and secondary transceivers for providing a second telecommunication network. Mobile robotic units comprise a broadband cellular network node for extending the private telecommunication network, secondary transceivers, a plurality of sensors, a locomotion device, and a controller. The mobile robotic units simultaneously create a dynamically responsive perimeter around the perimeter protected entity and a movable extension of the private telecommunication network, wherein the controllers generate locomotion control signals to cause least a portion of the plurality of mobile robotic units to reposition themselves within the surrounding environment and provide continuous coverage from the private telecommunication network to the perimeter protected entity as one or more locations of the perimeter protected entity change. | 2022-01-20 |
20220021689 | NETWORK PACKET ANALYZER AND COMPUTER PROGRAM PRODUCT. - A network packet analyzer according an embodiment includes a memory and one or more hardware processors. The memory stores a plurality of sets of training data in which semantics of one protocol field and one or more patterns indicating characteristics of variations of the parameters of the one protocol field are associated with each other. The hardware processors: captures a network packets and extracts a variable field whose parameter varies in time series; generates, based on the parameter varying in the time series in the variable field, one or more patterns indicating a characteristic of a variation of the parameter; and compares each of the one or more patterns with each of the one or more patterns of the training data and estimate the semantics of the variable field. | 2022-01-20 |
20220021690 | METHOD AND APPARATUS FOR ATTESTING PHYSICAL ATTACKS - Methods and apparatus are disclosed for attesting physical attacks. A method may comprise: receiving a heartbeat message from a neighbor device at a periodic interval, wherein the heartbeat message is encrypted with a session key of the neighbor device for a current interval, and comprises a key material for updating the session key of the neighbor device for a next interval; and decrypting the received first heartbeat message based at least part on a session key of the first device for the current interval; and el determining whether the neighbor device is physically compromised at least based on the heartbeat message. The periodic interval is set to be smaller than a minimum time of a physical attack on the neighbor device. | 2022-01-20 |