06th week of 2022 patent applcation highlights part 67 |
Patent application number | Title | Published |
20220045917 | SYSTEM AND METHOD FOR OBTAINING HIGHER QUALITY OF EXPERIENCE AND DESIRED NETWORK SLICE BY UTILIZING FEEDBACK - An end user device connected to a network is comprises a memory unit, a processor operably coupled to the memory unit, and a client application stored in the memory unit. A sensing module processor senses inputs from one or more sources. The sources comprise points in the network, software applications running on the end user device, software integrated in an operating system of the end user device, and the processor of the end user device. A processing module processes the sensed inputs to determine changes in parameters of the network for enabling the network to provide either a particular quality of experience or a particular network slice. An acting module provides the determined changes as feedback to a server connected to the network. In response, the server effects the determined changes in the parameters of the network for providing either the particular quality of experience or the particular network slice. | 2022-02-10 |
20220045918 | PACKET CAPTURE DEVICE AND PACKET CAPTURE METHOD - A packet capture device includes: a capture unit which captures packets that flow in a communication network at 200 Gbps; a control unit which temporarily holds the packets captured; and an interface which stores the packets temporarily held into a secondary storage device. The control unit includes: a first NUMA node including a first processor and a first memory; and a second NUMA node including a second processor and a second memory. The capture unit includes: a first capture unit which captures packets and stores the packets into a first memory; and a second capture unit which captures packets and stores the packets into a second memory. | 2022-02-10 |
20220045919 | LOWER-TIER APPLICATION DEPLOYMENT FOR HIGHER-TIER SYSTEM - One or more lower-tier system monitoring components are installed and operated prior to installing a higher-tier system monitoring component. A lower-tier system may be an individual server, network device, or local area network. A higher-tier system may include an enterprise or organization wide network or service that includes at least a part of the lower-tier system. Once the higher-tier system monitoring component is installed, the higher-tier and lower-tier system monitoring components use an interface to operate with one another to form a single larger instance of an organization wide monitoring system. The combination of the higher-tier system monitoring component and the one or more lower-tier system operating components performs monitoring aspects of the overall information technology environment based at least in part on machine data produced and made searchable to provide monitoring results. | 2022-02-10 |
20220045920 | COORDINATED DATA SHARING IN VIRTUALIZED NETWORKING ENVIRONMENTS - A Metrics Parser Coordinator (MPC) coordinates data sharing between components of a network. A process performed by the MPC may include receiving data from a plurality of input interfaces, parsing the data, filtering the parsed data, storing the filtered data in a metric storage, mapping the filtered data according to the input interfaces, and providing the filtered data stored in the metric storage to the first registered application. Each interface may be defined differently from each other interface, and the filtered data including information requested by a first registered application. The interfaces may include 3 | 2022-02-10 |
20220045921 | METHOD AND APPARATUS FOR IMPROVING BROADBAND EXPERIENCE USING CLOUD BASED RECOMMENDATION ENGINE - Described is a method performed by a computing device for controlling home network system associated with a plurality of Wi-Fi communicating devices, the method comprising: analyzing operational data associated with the plurality of Wi-Fi communicating devices, the operational data collected from plurality of Wi-Fi communicating devices; providing (or generating) recommendations for improving performance of the home network system according to the analyzed operational data; correlating the recommendations into groups; and aggregating the recommendations from the groups to generate unified recommendations for improving the home network system. | 2022-02-10 |
20220045922 | SLAVE-TO-MASTER DATA AND OUT-OF-SEQUENCE ACKNOWLEDGEMENTS ON A DAISY-CHAINED BUS - A reporting device communicates with a master device by a first component and a daisy-chained second component. The reporting device receives a signal from the master device via the first component. The signal triggers the reporting device to transmit synchronously a telemetry data packet on the daisy-chained second component when a downstream device is coupled to the second component. The reporting device receives a first header packet having an address of the reporting device, transmits the telemetry data packet to the downstream device, and transmits a second header packet having an address of the downstream device. | 2022-02-10 |
20220045923 | HIGHLY-SCALABLE, SOFTWARE-DEFINED, IN-NETWORK MULTICASTING OF LOAD STATISTICS DATA - In an embodiment, a computer-implemented method for highly-scalable, in-network multicasting of statistics data is disclosed. In an embodiment, a method comprises: receiving, from an underlay controller, a match-and-action table that is indexed using one or more multicast (“MC”) group identifiers and includes one or more special MC headers; detecting a packet carrying statistics data; determining whether the packet includes an MC group identifier; in response to determining that the packet includes the MC group identifier: using the MC group identifier, retrieving a special MC header, of the one or more special MC headers, from the match-and-action table; generating an encapsulated packet by encapsulating the packet with the special MC header; and providing the encapsulated packet to an interface controller for transmitting the encapsulated packet to one or more physical switches. | 2022-02-10 |
20220045924 | SYSTEMS, METHODS, AND DEVICES FOR END-TO-END MEASUREMENTS AND PERFORMANCE DATA STREAMING - Systems, methods, and apparatuses provide for collecting end-to-end (e2e) one way latency measurements and solutions for performance data streaming. The e2e performance measurements and performance data streaming (real-time performance measurements) may be used for performance assurance of 5G networks including network slicing. | 2022-02-10 |
20220045925 | DETECTION OF UNAUTHORIZED CRYPTOMINING - A processing system of a device having at least one processor may determine that a temperature of the device exceeds a threshold temperature and obtain, in response to the determining, utilization information of the device comprising: processor utilization information, memory utilization information, and network utilization information. The processing system may then detect, from the utilization information of the device, a pattern comprising: a first network utilization burst, a processor utilization exceeding a processor utilization threshold and a memory utilization exceeding a memory utilization threshold over at least a designated period of time following the first network utilization burst, and a second network utilization burst after at least the designated period of time. When the pattern is detected, the processing system may generate an unauthorized cryptomining alert. | 2022-02-10 |
20220045926 | HIERARCHICAL MULTI-TIER THROUGHPUT ASSIGNMENT FOR A SHARED THROUGHPUT SATELLITE NETWORK - Various arrangements for monitoring and enforcing multi-tier throughput assignments in a network, such as satellite-based communication network, are presented. Throughput usage may be monitored on a beam-level, satellite-level, gateway-level, and system level. Throughput usage for individual satellite terminals may be aggregated and used to determine the throughput usage on an entity-by-entity basis. An entity can have one or more sub-entities to which throughput is allocated. Excessive throughput usage for higher-tier entities can result in throughput being restricted for satellite terminals associated with lower-tier entities. | 2022-02-10 |
20220045927 | Systems and Methods for Determining a Network Path Trace - In one embodiment, a method includes receiving, by a network orchestrator, trace parameters from a user device. The method also includes determining, by the network orchestrator, to initiate a network path trace for the application, generating, by the network orchestrator, a filter policy for the network path trace using the trace parameters, and allocating, by the network orchestrator, a trace identification to the network path trace. The method also includes initiating, by the network orchestrator, the network path trace within a network by communicating the filter policy and the trace identification to a first node of the network and receiving, by the network orchestrator, network path trace data from a plurality of nodes of the network. The method further includes generating, by the network orchestrator, a trace report for the application using the network path trace data. | 2022-02-10 |
20220045928 | INTER-AUTONOMOUS SYSTEM TRACE ROUTE MESSAGE - A network device may receive a message. The network device may determine that the message includes return information indicating a path to an initial device that generated the message. The network device may modify the message by adding an upstream device identifier, wherein the upstream device identifier identifies a device from which the message is received. The network device may modify the message by adding an indication of whether the initial device is reachable by the network device using a segment identifier. The network device may provide the modified message to a downstream device. | 2022-02-10 |
20220045929 | DYNAMIC QUALITY OF SERVICE IN EDGE CLOUD ARCHITECTURES - A device of a service coordinating entity includes communications circuitry to communicate with a plurality of access networks via a corresponding plurality of network function virtualization (NFV) instances, processing circuitry, and a memory device. The processing circuitry is to perform operations to monitor stored performance metrics for the plurality of NFV instances. Each of the NFV instances is instantiated by a corresponding scheduler of a plurality of schedulers on a virtualization infrastructure of the service coordinating entity. A plurality of stored threshold metrics is retrieved, indicating a desired level for each of the plurality of performance metrics. A threshold condition is detected for at least one of the performance metrics for an NF V instance of the plurality of NFV instances, based on the retrieved plurality of threshold metrics. A hardware resource used by the NFV instance to communicate with an access network is adjusted based on the detected threshold condition. | 2022-02-10 |
20220045930 | AUTONOMOUS QUALITY REGULATION FOR DISTRIBUTED LEDGER NETWORKS - Methods, apparatus, and systems are provided for operating a distributed ledger network ( | 2022-02-10 |
20220045931 | INTERNET LAST-MILE OUTAGE DETECTION USING IP-ROUTE CLUSTERING - Techniques for internet last-mile outage detection are disclosed herein. The techniques include methods for monitoring, by a network appliance associated with a network, a plurality of network nodes, detecting, by the network appliance, that a network node of the plurality of network nodes in a last mile of the network has disconnected from the network, overlaying, by the network appliance, the network node over a network model for at least a portion of the network including the network node to generate a model overlay, and determining, by the network appliance, a last mile outage source associated with a disconnection of the network node by identifying a lowest common ancestor node of the network node from the model overlay. Systems and computer-readable media are also provided. | 2022-02-10 |
20220045932 | INTENT-BASED NETWORK VIRTUALIZATION DESIGN - Example methods and systems for intent-based network virtualization design are disclosed. One example may comprise: obtaining configuration information and traffic information associated with multiple virtualized computing instances, processing the configuration information and traffic information to identify network connectivity intents and mapping the network connectivity intents to a logical network topology template. Based on a switching intent, a first group may be assigned to a logical network domain and the logical network topology template modified to include a logical switching element. Based on a routing intent, the logical network topology template may be modified to include a logical routing element. A logical network may be configured based on the modified logical network topology template to satisfy the switching intent and routing intent. | 2022-02-10 |
20220045933 | TRANSPORT ENDPOINT SEGMENTS FOR INTER-DOMAIN SEGMENT ROUTING - Techniques are described for inter-domain segment routing using transport endpoint segments. A transport endpoint segment provisioned on a router within a domain represents any intra-domain tunnel originated at the router and having reachability to an indicated endpoint within the same domain. The provisioning router advertises a transport endpoint segment identifier (TESID) for the transport endpoint segment to other routers or a controller for use in segment routing. The TESID for the transport endpoint segment remains constant regardless of which intra-domain tunnel is bound to the transport endpoint segment. The provisioning router dynamically binds the transport endpoint segment to at least one intra-domain tunnel, and any changes to the bound intra-domain tunnel are updated locally at the provisioning router. In this way, an inter-domain segment routing tunnel may be constructed as a list TESIDs that are not affected by intra-domain tunnel changes. | 2022-02-10 |
20220045934 | METHOD AND APPARATUS OF AUTOMATIC ROUTE OPTIMIZATION IN A PRIVATE VIRTUAL NETWORK FOR CLIENT DEVICES OF A LOCAL NETWORK - A method and a VPN server for VPN route optimization are described. The VPN server establishes a first VPN connection with a first client device and a second VPN connection with a second client device. The VPN server determines that the first and second client devices are part of a same local network; and responsive to determining that the first and the second client devices are part of the same local network, transmits, to the first client device through the first VPN connection, a second public network address of the second client device, and to the second client device through the second VPN connection, a first public network address of the first client device. The transmission of the first and second public network addresses causes the first client device to determine an optimal route from the first client device to the second client device for the traffic in the VPN. | 2022-02-10 |
20220045935 | DATA TRANSMISSION METHOD AND RELATED PRODUCT - Disclosed are a data transmission method and a related product. The method includes: when it is detected that a data replication transmission function of a PDCP layer entity is activated, a terminal enabling a first RLC layer entity, a second RLC layer entity being in an enabled status; and invoking the PDCP layer entity to determine a first PDCP PDU associated with a first PDCP SDU, and sending the first PDCP PDU to the first RLC layer entity, wherein the first PDCP PDU is used for the first RLC layer entity and a MAC layer entity to process the first PDCP PDU into a MAC PDU and send same. | 2022-02-10 |
20220045936 | Weighted Bandwidth Allocation For Adaptive Routing - Systems and methods of routing are provided. In the system, one or more processors determine that a packet is to be transmitted to a destination. In one or more aspects of the system, the one or more processors select a next port to be used for transmitting the packet by selecting a set of ports among a plurality of ports based on a static weight configuration associated with each port. The next port may be selected from the set of ports based on a number of hops required to reach the destination from each port and based on an estimated latency from each port to the destination. The one or more processors may then route the packet through the selected next port. | 2022-02-10 |
20220045937 | MULTI-PATH MESSAGE DISTRIBUTION AND MESSAGE REASSEMBLY FOR LARGE DATA FLOW USING FORWARD ERROR CORRECTION WITH HIGH-PERFORMANCE COMPUTING (HPC) - A reliable high-throughput data transmission may be accomplished using a multi-path message distribution and a message reassembly with a forward error correction protection. An incoming flow of data from a source is received at an input parser. The incoming flow of data is divided into a plurality of packets by the input parser. The plurality of the packets is encoded with a FEC and transmitted over a network with a plurality of transmission links. The transmitted plurality of FEC encoded packets are decoded. The decoded plurality of packets is merged to an outgoing flow of data with an output multiplexor and the outgoing flow of data is sent to a destination. | 2022-02-10 |
20220045938 | COMMUNICATION DEVICE, MULTICAST TRANSFER SYSTEM, AND MULTICAST TRANSFER METHOD - There is provided route control with excellent flexibility even in a large-scale multicast transfer system. A multicast transfer system transfers a multicast packet arriving at a plurality of destinations between multicast communication devices | 2022-02-10 |
20220045939 | Network Node, Computer Program, Computer-Readable Medium and Method for Fail-Safe Data Transmission - A network node, computer program, computer-readable medium and method for fail-safe data transmission in a network, in which data packets are transmitted from a sender to a receiver via redundant paths, upon which resources for the transmission are reserved at participating network nodes utilizing an identifier associated with the relevant path, wherein, if a new path is to be found for at least one of the paths involved, then the previous reservations on all redundant paths are maintained, a new redundant path is determined for the at least one path involved and an attempt is made to reserve resources for the transmission on this new redundant path at the participating network nodes, wherein a new identifier associated with the new path is utilized, and if the new reservations on the at least one new path are successful, then previous reservations on the at least one previous path involved are removed. | 2022-02-10 |
20220045940 | FLOW TABLE PROGRAMMING USING FLOW MISS METADATA AND BURST ACTION ASSIST VIA CPU OFFLOAD - A network appliance can queue a first packet and a second packet of a network traffic flow in an input queue of a match-action pipeline. The match-action pipeline can be implemented via a packet processing circuit of the network appliance and can be configured to process a plurality of network traffic flows. Submitting the first packet to the match-action pipeline can cause a first flow miss. The second packet can be moved to a burst queue of the network appliance and a match-action configuration can be generated based on the first packet. The second packet can be moved from the burst queue to the input queue after the match-action pipeline is configured with the match-action configuration. The match-action pipeline can then process the second packet. | 2022-02-10 |
20220045941 | RESILIENCE TO SINGLE EVENT UPSETS IN SOFTWARE DEFINED NETWORKS - The present disclosure pertains to improving resilience to single event upsets (“SEUs”) in a software-defined network (“SDN”). In one embodiment, a system may include a communications interface to receive and transmit a data packet. A primary data flow repository may store a plurality of communication flows to be used to route the data packet. A secondary data flow repository may store a subset of communication flows to be used to route a data packet. A system may search the plurality of communication flows in the primary data flow repository based on a criteria associated with the data packet. If no communication flow satisfies the criteria, a secondary data flow repository may be searched. The data packet may be routed according to a communication flow in the secondary data flow repository. The communication flow from the secondary data flow repository may be duplicated in the primary data flow repository. | 2022-02-10 |
20220045942 | HYPERSCALAR PACKET PROCESSING - The disclosed systems and methods provide hyperscalar packet processing. A method includes receiving a plurality of network packets from a plurality of data paths. The method also includes arbitrating, based at least in part on an arbitration policy, the plurality of network packets to a plurality of packet processing blocks comprising one or more full processing blocks and one or more limited processing blocks. The method also includes processing, in parallel, the plurality of network packets via the plurality of packet processing blocks, wherein each of the one or more full processing blocks processes a first quantity of network packets during a clock cycle, and wherein each of the one or more limited processing blocks processes a second quantity of network packets during the clock cycle that is greater than the first quantity of network packets. The method also includes sending the processed network packets through data buses. | 2022-02-10 |
20220045943 | DISTRIBUTED SPANNING TREE PROTOCOL - An electronic device that includes a stack of multiple computer network devices (such as switches) that implement a spanning tree using a distributed spanning tree protocol (STP) is described. A given computer network device may create a virtual internal stacking port. This virtual internal stacking port is included in the spanning tree and provides stacking interface logic that allows the given computer network device to connect to a virtual hub in the stack that is common to the multiple computer network devices. Moreover, the given computer network device may run an instance of the distributed STP that controls ports in the given computer network device, where the instance of the distributed STP run by the given computer network device uses a bridge identifier that is common to the multiple computer network devices. | 2022-02-10 |
20220045944 | Method for Forwarding Service Data, Network Device, and Network System - Provided is a method for forwarding service data, a network device, and a network system. The forwarding method may include the following operation. A forwarding path for service data is determined according to network resource configuration information of a designated network and a network slice of the service data, wherein the network resource configuration information indicates one or more network slices associated with one or more network resources of the designated network, and a network slice associated with a network resource of the determined forwarding path matches the network slice of the service data; and the service data is forwarded according to the forwarding path. | 2022-02-10 |
20220045945 | METHODS AND SYSTEMS FOR REMOVING EXPIRED FLOW TABLE ENTRIES USING AN EXTENDED PACKET PROCESSING PIPELINE - A network appliance can be configured for storing a plurality of flow table entries in a flow table of a match-action pipeline, wherein the match-action pipeline is implemented via a packet processing circuit configured to process a plurality of network traffic flows associated with the plurality of flow table entries. An extended packet processing pipeline of the network appliance can read a flow table entry of the flow table. The extended packet processing pipeline can be implemented via a pipeline circuit. The extended packet processing pipeline can determine that a network traffic flow associated with the flow table entry is expired or terminated. The network appliance can delete the flow table entry from the flow table by processing a traffic flow deletion operation after determining that the network traffic flow is expired or terminated. | 2022-02-10 |
20220045946 | Router and Method for Operating a Communication System Having Redundant Routers - Within a communication system having redundant routers, datagrams are forwarded from source communication devices to target communication devices via routers based on routing information stored in routing tables of the routers, wherein for each communication terminal, a virtual router is configured as a default gateway, to which virtual router a group of a plurality of routers is assigned, where routers from the same group assigned to a virtual router select from among themselves a router operated as the active default gateway, the routers not operated as the active default gateway are operated as reserve gateways, and where the active default gateway in question transmits, only upon a request for stored address assignments that is received from a reserve gateway, all stored address assignments to a requesting reserve gateway in bundled form. | 2022-02-10 |
20220045947 | Methods and Apparatuses in a Network Comprising a Plurality of Switch Devices - A method performed by a switch device including receiving, from a source host node, a frame including a MAC address of the source host node as a source MAC address; a MAC address of a destination host node as a destination MAC address, and information indicating a type of frame as a request frame; sending the frame towards the destination host node; generating a first reply frame including the MAC address of the source host node and information indicating a type of frame as a reply frame, the information indicating in a source MAC address field of the first reply frame including a switch ID, a sequence number equal to 0, a hop number equal to 1, and incoming port information that the switch device uses to forward at least one frame towards the source host node; and sending the generated first reply frame towards the source host node. | 2022-02-10 |
20220045948 | PATH CREATION METHOD AND DEVICE FOR NETWORK ON CHIP AND ELECTRONIC APPARATUS - Provided are a path creation method and device for a network on chip and electronic apparatus. The method includes: receiving, by a second network node, a first data packet sent by a first network node, the first data packet carrying first idle address identification information, a destination network node address and path creation identification information, the first idle address identification information indicating a first idle position in a first path routing table of the first network node, the path creation identification information indicating a creation of a path; storing, by the second network node, the first idle address identification information in a second idle position in its second path routing table, and determining second idle address identification information; determining, by the second network node, a second data packet according to the second idle address identification information; and sending, by the second network node, the second data packet. | 2022-02-10 |
20220045949 | SWAPPING HEADER INFORMATION FOR DATA TRANSMISSION - The present subject matter relates to a method comprising receiving at a first gateway a data packet from a first host in destination to a second host. A first portion of a header information of the data packet may be replaced by the first gateway by information comprising an identity information of at least one of the first host and the second host. The data packet may be transmitted by the first gateway in accordance with a second portion of the header information to a second gateway serving the second host. | 2022-02-10 |
20220045950 | SINGLE LOOKUP ENTRY FOR SYMMETRIC FLOWS - Disclosed is a mechanism for maintaining a single lookup table entry for symmetric/bidirectional flows. Multiple recipes are stored for each flow. A recipe is employed to select address information from an incoming packet header based on the packet's direction. The address information and an index are employed to generate a lookup key to find the single lookup table entry with the pertinent switching information. The recipe further indicates action pointers in the lookup table entry that are specific to direction. The action pointers point to an address in an action table that contains instructions for actions that are applied to the packet during switching based on the packet's direction. | 2022-02-10 |
20220045951 | SYSTEMS AND METHODS FOR POOLING MULTIPLE USER REQUESTS TO MITIGATE NETWORK CONGESTION - Computer-implemented systems and methods configured to generate a plurality of data packages based on a combination of data elements; add the plurality of data packages to a data package pool configured to store available data packages for assignment; receive an assignment request from a user device in communication with a management server; add the assignment request to a request pool configured to queue a plurality of assignment requests, wherein generating the plurality of data packages and receiving the assignment request occur asynchronously; retrieve a first group of one or more data packages from the data package pool; retrieve a second group of one or more assignment requests from the request pool; assign the one or more data packages of the first group to the one or more assignment requests of the second group; and transmit the one or more assignment requests to corresponding user devices with the assigned data packages. | 2022-02-10 |
20220045952 | ON-BOARD NETWORK SYSTEM AND PROGRAM - An on-board network system includes at least one processor. Plural relay devices that temporarily retain received data and relay the retained data in descending order of relay priority levels include a first relay device. For each set of data retained at the first relay device, the processor measures a retention duration for which the data is retained without being relayed. Data whose measured retention duration exceeds a predetermined threshold is congested data. A second relay device is a different relay device from the first relay device among the plurality of relay devices, and is capable of relaying the congested data. The processor requests the second relay device to raise the relay priority level of the congested data. | 2022-02-10 |
20220045953 | TRANSPORT CONGESTION CONTROL OPTIMIZATION BASED ON NETWORK CONTEXT - A network device transmits data to a user equipment (UE) via a first Radio Access Network (RAN) using first Transmission Control Protocol (TCP) congestion control parameters. The network device receives a notification message indicating that the UE has moved from the first RAN to a second RAN. The network device modifies, responsive to receipt of the notification, the first TCP congestion control parameters to create second TCP congestion control parameters, where the first TCP congestion control parameters include a first slow start threshold (ssthresh), and wherein the second TCP congestion control parameters include a second ssthresh that is different than the first ssthresh. The network device transmits data to the UE via the second RAN using the second TCP congestion control parameters. | 2022-02-10 |
20220045954 | Optimal Control of Network Traffic Visibility Resources and Distributed Traffic Processing Resource Control System - A method of optimizing network traffic visibility resources comprises receiving, by a controller associated with a network traffic visibility system, information indicative of operation of the network traffic visibility system. The method further comprises facilitating, by the controller, control of resources in the network traffic visibility system, according to a configured resource control policy. The facilitating can include providing, by the controller, control signaling to cause maximization of network traffic monitoring fidelity for a plurality of Quality of Service (QoS) classes of network traffic, based on a specified fixed amount of one or more network resources associated with the network traffic visibility system. Alternatively or additionally, the facilitating can include providing, by the controller, control signaling to cause minimization of use of the one or more network resources, based on a specified fixed level of traffic monitoring fidelity associated with the plurality of QoS classes. | 2022-02-10 |
20220045955 | LOCAL AND GLOBAL QUALITY OF SERVICE SHAPER ON INGRESS IN A DISTRIBUTED SYSTEM - A distributed computing system, such as may be used to implement an electronic trading system, controls inbound message flow rates. Limiting a per-client or per-connection inbound message rate also helps ensure fair provisioning of computing resources, so that a single client's excessive use of resources cannot overwhelm the system to such an extent that it prevents other clients from interacting with the distributed system. It is also desirable to have system-wide control of the overall inbound message rate across all client connections. Such system-wide control ensures that the distributed system as a whole can maintain the required levels of service, including offering a predictable level of access for all clients. | 2022-02-10 |
20220045956 | POLICY BASED ROUTING IN EXTRANET NETWORKS - Routing of a traffic in a fabric network may be provided. A first traffic may be received at a first node. It may be determined that the first traffic is coming from a provider virtual network. In response to determining that the first traffic is coming from the provider virtual network, it may be determined that a first subnet associated with the first traffic is associated with a subscriber virtual network. In response to determining that the first subnet associated with the first traffic is associated with the subscriber virtual network, a first virtual network associated with the first traffic may be changed to the subscriber virtual network. A lookup for the first traffic may be changed to a first virtual routing and forwarding of the subscriber virtual network. | 2022-02-10 |
20220045957 | SYSTEMS AND METHODS FOR ENHANCED AUTONEGOTIATION - An improved autonegotiation approach includes determining that a negotiated rate between a first network device and a second network device exceeds data transfer capacity over a network path downstream of the second network device. In response, a configuration message is generated and transmitted to the first network device. When received by the first network device, the configuration message causes the first network device to limit data transfer between the first network device and the second network device to no more than the downstream data transfer capacity. | 2022-02-10 |
20220045958 | QOS POLICY PROVISIONING ON RESOURCE CONSTRAINED NETWORK DEVICES - Embodiments herein describe techniques for prioritizing applications based on application usage data. The space in the TCAM in many network devices is limited. That is, there may be more applications (and corresponding QoS settings) than there is space in the TCAM. In the embodiments herein, a netflow collector monitors the traffic flows in the network devices. A application usage tracker can identify which applications generate traffic in which network devices. That is, the application usage tracker can identify, based on the information provided by the netflow collector, the application usage of each network device. The central management tool can prune the applications that are not used by the network device and generate QoS settings only for applications that are used by the network device. | 2022-02-10 |
20220045959 | QUALITY OF EXPERIENCE (QOE) OPTIMIZATION OF DEVICE AND NETWORK CONFIGURATION - This disclosure describes systems, devices, and computer-implemented methods that facilitate the modification of network configuration data within a client network to improve a Quality of Experience (QoE) metric associated with the execution of a user application on a client device. More specifically, a diagnostic controller may retrieve diagnostic data associated with the execution of a user application on a client device, determine a QoE metric associated with the execution of the user application, and generate network configuration data for delivery to the client device that improves the QoE metric, based on the diagnostic data and the QoE metric. | 2022-02-10 |
20220045960 | DATA PACKET MARKING METHOD AND DEVICE, AND DATA TRANSMISSION SYSTEM - This application discloses: collecting statistics about a target parameter of a first data flow, where a target queue of a switching device is used to buffer a data packet in at least one data flow, the first data flow is one of the at least one data flow, and the target parameter is used to reflect an amount of data in the first data flow; when a length of the target queue meets a first length condition, determining, based on at least one of the target parameter and an auxiliary parameter of the first data flow, a marking probability corresponding to the first data flow; and performing congestion marking on a data packet in the first data flow based on the marking probability corresponding to the first data flow. | 2022-02-10 |
20220045961 | ADAPTIVE RATE LIMITING OF FLOW PROBES - A technique for performing adaptive rate limiting of flow probes is described. The technique includes sending a plurality of flow probes from a first service engine to at least one other service engine. The flow probes are sent at a rate that does not exceed a rate limit. A flow probe of the plurality of flow probes is generated in response to the first service engine receiving a mid-flow packet for a flow that is not recognized by the first service engine. A recipient service engine of the flow probe responds with a success indicator if the recipient service engine recognizes the flow. The technique also includes determining a success rate associated with success indicators received from the at least one other service engine and comparing the success rate with a first threshold. The rate limit is adjusted in response to a comparison result. | 2022-02-10 |
20220045962 | COMMUNICATION SYSTEM WITH DE-JITTER BUFFER FOR REDUCING JITTER - A de-jitter function for holding-and-forwarding packets such that the packets are delivered with an agreed fixed latency. The de-jitter function can be placed at the edge of a virtual 5G TSN switch (e.g. the de-jitter function can be deployed as part of a UPF for uplink (UL) packets and/or it can be deployed as part of a user equipment (UE) for downlink (DL) packets). By using the de-jitter function, the TSN can consider the wireless network as having a consistent, deterministic latency with no jitter. | 2022-02-10 |
20220045963 | METHOD AND SYSTEM FOR DETERMINING A PATH MAXIMUM TRANSMISSION UNIT (MTU) BETWEEN ENDPOINTS OF A GENERIC ROUTING ENCAPSULATION (GRE) TUNNEL - A method of path MTU determination in Generic Routing Encapsulation (GRE) tunnel is presented. A source network device (ND) transmits, to a destination ND that is a second endpoint of the GRE tunnel, a first outer packet including a first inner packet, where the first inner packet includes a first inner header that is used to deliver the first inner packet to the source network device, a first inner GRE header, and a first payload. The source ND receives the first inner packet. The source ND transmits a second outer packet including a second inner packet that includes a second payload that has a size greater than a size of the first payload. The source ND determines that the second inner packet is not received and determines a path MTU between the source ND and the destination ND based on a size of the first and the second outer packets. | 2022-02-10 |
20220045964 | HIGHLY DETERMINISTIC LATENCY IN A DISTRIBUTED SYSTEM - A distributed computing system, such as may be used to implement an electronic trading system, supports a notion of fairness in latency. The system does not favor any particular client. Thus, being connected to a particular access point into the system (such as via a gateway) does not give any particular device an unfair advantage or disadvantage over another. That end is accomplished by precisely controlling latency, that is, the time between when request messages arrive at the system and a time at which corresponding response messages are permitted to leave. The precisely controlled, deterministic latency can be fixed over time, or it can vary according to some predetermined pattern, or vary randomly within a pre-determined range of values. | 2022-02-10 |
20220045965 | Simple Integration of an On-Demand Compute Environment - Disclosed are a system and method of integrating an on-demand compute environment into a local compute environment. The method includes receiving a request from an administrator to integrate an on-demand compute environment into a local compute environment and, in response to the request, automatically integrating local compute environment information with on-demand compute environment information to make available resources from the on-demand compute environment to requesters of resources in the local compute environment such that policies of the local environment are maintained for workload that consumes on-demand compute resources. | 2022-02-10 |
20220045966 | System and Method for Optimizing Resource Utilization in a Clustered or Cloud Environment - In one embodiment, a method includes empirically analyzing, by a computer cluster comprising a plurality of computers, a set of active reservations and a current set of consumable resources belonging to a class of consumable resources. Each active reservation is of a managed task type and comprises a group of one or more tasks task requiring access to a consumable resource of the class. The method further includes, based on the empirically analyzing, clocking the set of active reservations each clocking cycle. The method also includes, responsive to the clocking, sorting, by the computer cluster, a priority queue of the set of active reservations. | 2022-02-10 |
20220045967 | Remote Bandwidth Allocation - A system and method remotely allocate bandwidth among content consumers on a computing network based on optimizing an aggregate objective pertaining to a plurality of flows of content. The system and method create a profile for each flow of the plurality of flows from a content provider to a content consumer on the computing network. Information is stored in each profile based on at least a metric associated with the corresponding flow. A target bandwidth for each profile is computed remotely, based on optimizing an aggregate objective pertaining to the plurality of flows of content. The optimizing is also based on the information stored in their respective profiles. The system and method distribute the bandwidth to each flow of the plurality of flows based on the target bandwidth remotely computed for each profile. | 2022-02-10 |
20220045968 | NONINTRUSIVE DYNAMICALLY-SCALABLE NETWORK LOAD GENERATION - A method for nonintrusive network load generation may include determining available resources in a distributed computing system, where the distributed computing system includes a plurality of computing devices and a target deployment. Based on an amount of available resources between the target deployment and a plurality of source computing devices, the plurality of source computing devices may be selected to generate a network load directed from the plurality of source computing devices to the target deployment. The plurality of source computing devices may be a subset of the plurality of computing devices in the distributed computing system. A network-traffic generator service may be provided to the plurality of source computing devices in order to generate the network load directed from the plurality of source computing devices to the target deployment. The performance of the distributed computing system in response to the generated network load may be monitored. | 2022-02-10 |
20220045969 | MAPPING NVME-OVER-FABRIC PACKETS USING VIRTUAL OUTPUT QUEUES - A network infrastructure device (e.g., network switch), that integrates solid-state drive (SSD) storage, using Non-volatile Memory Express (NVMe) data transfer protocol, for use by remote application hosts is provided. High availability configurations of network switches using direct rate control (RC) feedback for a plurality of submission queues mapped to SSD storage is provided. NVMe over fabric (NVMe-oF) is an implementation of NVMe protocol over a network fabric. Access to SSDs over network fabrics may be controlled using a direct RC feedback signal between an egress queue congestion accounting (associated with a single egress output) and a source node receiving input/output commands from remote hosts for the integrated SSD devices. In some implementations, direct RC feedback signals use hardware based signals. In some implementations, direct RC feedback signals are implemented in the hardware logic (silicon chip logic) within an internal switch fabric of the network switch. | 2022-02-10 |
20220045970 | NETWORK SWITCH, NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM, AND CONTROL METHOD - A network switch includes a field programmable gate array (FPGA) and a processor. The FPGA is configured to transfer a processing target packet to a transfer destination, based on transfer definition information, and to transfer a copy of the processing target packet to the processor. The processor is configured to delete an entry of the transfer definition information based on a transfer record information, and to update the transfer record information based on the copy of the processing target packet. | 2022-02-10 |
20220045971 | Adaptive Networking Policy with User Defined Fields - The present disclosure is directed to adaptive networking policy with user defined fields and includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors and comprising instructions that, when executed by the one or more processors, cause one or more components to perform operations including generating a user defined attribute (UDA) value corresponding to a set of attributes; receiving, at a network device, a packet having one or more packet conditions; determining that the one or more packet conditions of the packet match the set of attributes of the UDA value; assigning a UDA tag to the packet, wherein the UDA tag corresponds to the UDA value and is configured for chaining with one or more other UDA tags; and taking an action on the packet based on the UDA tag. | 2022-02-10 |
20220045972 | Flow-based management of shared buffer resources - An apparatus for controlling a Shared Buffer (SB), the apparatus including an interface and a SB controller. The interface is configured to access flow-based data counts and admission states. The SB controller is configured to perform flow-based accounting of packets received by a network device coupled to a communication network, for producing flow-based data counts, each flow-based data count associated with one or more respective flows, and to generate admission states based at least on the flow-based data counts, each admission state being generated from one or more respective flow-based data counts. | 2022-02-10 |
20220045973 | PACKET PROCESSING OF STREAMING CONTENT IN A COMMUNICATIONS NETWORK - Aspects of present disclosure include devices within a transmission path of streamed content forwarding received data packets of the stream to the next device or “hop” in the path prior to buffering the data packet at the device. In this method, typical buffering of the data stream may therefore occur at the destination device for presentation at a consuming device, while the devices along the transmission path may transmit a received packet before buffering. Further, devices along the path may also buffer the content stream after forwarding to fill subsequent requests for dropped data packets of the content stream. Also, in response to receiving the request for the content stream, a device may first transmit a portion of the contents of the gateway buffer to the requesting device to fill a respective buffer at the receiving device. | 2022-02-10 |
20220045974 | PERSONALIZED CHATBOTS FOR INMATES - A communication system for providing a positive communication to an inmate is provided. The communication system includes memory that stores data, and an application server that that analyzes that data to determine topics that are important to the inmate. The application server includes a topic rating system to rate the topics based on importance to the inmate and based on an emotional tone used by the inmate during a communication. When the application server receives a question from the inmate, the application server searches the data and the Internet and responds based on the answer and the data stored in memory. The application server also provides support to the inmate by suggesting counseling services according to the needs of the inmate. Further, the communication system provides a positive influence to the inmate to encourage educational progression. | 2022-02-10 |
20220045975 | COMMUNICATION CONTENT TAILORING - A method for personalizing a message between a sender and a receiver is provided. The method comprises semantically analyzing a communication history to form a knowledge graph, deriving formality level values using a first trained ML model, analyzing parameter values of replies to determine receiver impact score, and training a second ML system to generate a model to predict the receiver impact score value. The method also comprises selecting a linguistic expression in a message being drafted, determining an expression intent, modifying the linguistic expression based on the formality level and the expression intent to generate a modified linguistic expression, and testing whether the modified linguistic expression has an increased likelihood of a higher receiver impact score. The method also comprises repeating selecting the linguistic expression, determining the expression intent, modifying the linguistic expression, and testing until a stop criterion is met. | 2022-02-10 |
20220045976 | COMMUNICATION FACILITATED PARTNER MATCHING PLATFORM - The present disclosure relates to a communication facilitated user matching platform comprising: an account creation module comprising: an account creation interface, wherein the account creation interface is configured to receive a plurality of user inputs, and a confirmation display; a user login module, wherein the user login module is configured to receive a plurality of identification criteria; a user interface module comprising: a profile data module, and a match interface module configured to enable a first matched user and at least one second matched user to communicate, wherein the first matched user is prompted to answer at least one facilitating line provided by the second matched user; a notification module configured to notify a first matched user of at least one second matched user, the notification module comprising: a plurality of notification types, and a plurality of alerts; a security module; a matching rules module; and a computing device. | 2022-02-10 |
20220045977 | SYSTEMS AND METHODS FOR INCLUDING ENRICHED CALLING INFORMATION IN RICH COMMUNICATIONS SERVICES (RCS) MESSAGING - A messaging platform may send, based on a query, information identifying one or more virtual assistants to a user device. The messaging platform may receive, from the user device, a response identifying a particular virtual assistant, of the one or more virtual assistants, wherein the virtual assistant is associated with an organization. The monitoring platform may send, to the user device, information related to the particular virtual assistant and may communicate, via the particular virtual assistant, with the user device via a rich communications services (RCS) communication session. The messaging platform may receive, from another device associated with the organization, a request to communicate with the user device and may convert the request into an RCS message. The messaging platform may send, via a server device, the RCS message to the user device to allow the user device to perform one or more actions. | 2022-02-10 |
20220045978 | Prioritizing Communications On A Communication Device - Embodiments include methods, devices, systems, and non-transitory process-readable storage media for prioritizing communications. Some embodiments may include receiving, by a communication device, a plurality of messages from a server. The communication device may apply a first level ordering to each of the plurality of messages to determine a set of role-based categories, a second level ordering to each of the plurality of messages to assign each of the plurality of messages to one of the role-based categories, and a third level ordering to each of the plurality of messages to rank the plurality of messages within the assigned role-based category based on an assigned priority, a message type, and a timestamp of each of the plurality of messages. The communication device may generate an ordered presentation of the plurality of messages based on the determined rank of the plurality of messages within the assigned role-based category. | 2022-02-10 |
20220045979 | APPARATUS, SYSTEM, AND METHOD OF ELASTICALLY PROCESSING MESSAGE INFORMATION FROM MULTIPLE SOURCES - Elastic message tracking apparatus and methods are provided that opportunistically improve on the latency of a message processing system and increase the accuracy of a consolidated message stream generated from message streams received from multiple message sources. The elastic message tracking apparatus and methods reduce that latency in situations where the actual latency of all the message streams is lower than a predetermined latency value. | 2022-02-10 |
20220045980 | EMAIL BASED TASK MANAGEMENT SYSTEM - An electronic information system which enables email based transactions comprises an information database storing information regarding a plurality of individuals in a group and selections available to individuals in the group. A first email message with a mailto hyperlink having a plurality of fields including actionable parameter is generated and sent. A reply email message is received in response to selection of the mailto hyperlink. The received email message includes the plurality of fields and the actionable parameter that indicates that a specific selection has been made. A processor performs the action indicated by the actionable parameter in response to the received email message, including updating the information database to indicate the specific selection that has been made. | 2022-02-10 |
20220045981 | METHOD AND APPARATUS FOR PUBLISHING POST, AND STORAGE MEDIUM - Disclosed is a method for publishing a post. The method includes: in response to receiving a first publish request from a first terminal, first determining, based on location information of the first terminal, whether the first terminal is positioned in a delimited area; and publishing, based on a topic, a post carried in the first publish request only when the first terminal is positioned in the delimited area. Apparatuses for publishing posts and storage mediums are also provided. | 2022-02-10 |
20220045982 | SYSTEMS, METHODS, AND COMPUTER PROGRAM PRODUCTS FOR INTER-MODAL PROCESSING AND MESSAGING COMMUNICATION RESPONSIVE TO ELECTRONIC MAIL - Inter-modal messaging communication is described. In one embodiment, a method of communication includes receiving an electronic mail message to be distributed and determining whether the electronic mail message is a multi-modal distribution message. Respective portions of the message may be separated for each mode of distribution. The separated portions may represent portions to be delivered by SMS messaging and facsimile, for example. The method further includes the steps of transmitting a short message comprising the short message portion of the mail message and establishing a conversation comprising conversation attributes. The conversation attributes are referenced, in certain aspects, to maintain a conversation between an originator of the received electronic mail message and a distribution address of short message portion of the mail message. For example, upon receipt of a short message in reply, the short message may be forwarded to an originator of the conversation. | 2022-02-10 |
20220045983 | METHOD AND SYSTEM FOR MAP-T BORDER RELAY DATA PLANE VERIFICATION - Methods and systems for performing a Mapping of Address and Port using translation (MAP-T) data plane verification. A method for performing a MAP-T data plane verification includes initiating, by a diagnostic server provisioned with at least MAP-T diagnostic rules, a MAP-T diagnostic on a border relay provisioned with MAP-T rules, generating, by the diagnostic server, a diagnostic packet per the MAP-T diagnostic rules, sending, by the diagnostic server, the diagnostic packet to the border relay, performing, by the border relay, a translation on the diagnostic packet per the provisioned MAP-T rules, analyzing, by the diagnostic server to generate a report, at least a translation accuracy of a received translated diagnostic packet, and configuring at least one device based on a received report. | 2022-02-10 |
20220045984 | IMPLEMENTING A MULTI-REGIONAL CLOUD BASED NETWORK USING NETWORK ADDRESS TRANSLATION - Provided herein are systems, devices and methods for applying address translation to network traffic originating from client devices having dynamic Internet Protocol (IP) addresses to support IP based security measures using a gateway configured to connect a plurality of client devices used by a plurality of users to a plurality of cloud based networks. The gateway may receive, from a client device assigned a dynamic IP address, credentials of a user using the respective client device, access a translation record mapping the user, identified by his credentials, to a respective unique static IP address, adjust a source address of each packet received from the client device to include the static IP address, and forward each adjusted packet to a security engine configured to apply security policy(s) to each adjusted packet before transmitting it to the cloud based network(s). The security policy(s) is applied according to the static IP address. | 2022-02-10 |
20220045985 | SCALABLE AND ON-DEMAND MULTI-TENANT AND MULTI REGION SECURE NETWORK - Provided herein are systems and methods for configuring a segmented cloud based network based on separate Internet Protocol (IP) segments, comprising receiving instructions to create one or more additional private virtual networks as respective additional segments in a multi-tenant multi-regional cloud based network segmented to a plurality of segments each mapped by a respective IP address range, calculating one or more non-conflicting new IP address range based on analysis of the IP address range of each of the segments, allocating a respective new IP address range to each additional segment, and deploying automatically one or more gateways. The gateways are configured to connect one or more client devices to the additional segments) by assigning each client device an IP address in the respective new IP address range and routing network packets between the client devices and the respective additional segment according to mapping of the respective new IP address range. | 2022-02-10 |
20220045986 | MAC MOBILITY FOR 802.1x ADDRESSES FOR VIRTUAL MACHINES - A system and method for provisionally authenticating a host moving from one router to another router in a network using border gateway protocol (BGP) is disclosed. A host is initially authenticated at a first BGP router, this discovery is advertised to a second BGP router pursuant to BGP with a new extended community indicating successful authentication (or pre-authentication) of the host at the first BGP router. An indication for re-authentication of the host at the second BGP router is then received, which blocks network traffic from the host to the second BGP router. Due to the notification of a previous authentication of the host, the second BGP router begins a provisional authentication session. In response to a successful completion of the provisional authentication session, the host is authorized to transmit network traffic on the second BGP router and subsequently blocked from doing the same at the first BGP router. | 2022-02-10 |
20220045987 | LOCALIZATION AT SCALE FOR A CLOUD-BASED SECURITY SERVICE - Techniques for providing localization at scale for a cloud-based security service are disclosed. In some embodiments, a system/method/computer program product for providing localization at scale for a cloud-based security service includes receiving a connection request at a network gateway of a cloud-based security service; performing a source Network Address Translation (NAT) from a registered set of public IP addresses associated with a tenant; and providing secure access to a Software as a Service (SaaS) using the cloud-based security service. | 2022-02-10 |
20220045988 | MAC MOBILITY FOR 802.1x ADDRESSES FOR PHYSICAL MACHINES - A system and method for provisionally authenticating a host moving from a source port of a switch device to a destination port of the switch device is disclosed. The host is initially authenticated at the source port and blocked from forwarding network traffic at the destination port. During a provisional authentication session, an authentication agent executing on the switch intercepts one or more authentication packets sourced by the host and headed for the destination port of the switch device and redirects the authentication packets to an authentication server for validating the host at the destination port of the switch device. The switch device removes the block at the destination port in response to receiving an acknowledgment of successful authentication at the destination port from the authentication server. | 2022-02-10 |
20220045989 | BROADBAND ACCESS FOR VIRTUAL PRIVATE NETWORKS - An apparatus receives an upper layer packet that includes data from a source device, a virtual private network (VPN) identification, a destination address, and a destination option type. The apparatus authenticates the upper layer packet by comparing the VPN identification of the received upper layer packet to a customer VPN identification. The apparatus determines whether the apparatus recognizes the destination option type of the upper layer packet. The apparatus discards the upper layer packet on a condition that the apparatus does not recognize the destination option type. The apparatus decapsulates the upper layer packet into a lower layer packet and transmits the decapsulated packet to a destination on a condition that the apparatus recognizes the destination option type. | 2022-02-10 |
20220045990 | METHODS AND SYSTEMS FOR API DECEPTION ENVIRONMENT AND API TRAFFIC CONTROL AND SECURITY - The present invention relates to the field of networking and API/application security. In particular, the invention is directed towards methods, systems and computer program products for Application Programming Interface (API) based flow control and API based security at the application layer of the networking protocol stack. The invention additionally provides an API deception environment to protect a server backend from threats, attacks and unauthorized access. | 2022-02-10 |
20220045991 | OPTIMIZATION OF NETWORK FUNCTION PROFILE ADMINISTRATION AND REGISTRATION - There are provided measures for optimization of network function profile administration and registration. Such measures exemplarily comprise, at a network repository function entity, receiving, from a control entity, network entity profile template information, storing said network entity profile template information, wherein said network entity profile template information comprises a network entity profile template including an identifier of said network entity profile template and a profile content of said network entity profile template, said profile content including at least one profile attribute, receiving, from a network entity, a network entity registration request comprising said identifier of said network entity profile template, and generating a network entity profile for said network entity based on said at least one profile attribute. | 2022-02-10 |
20220045992 | CONCEALING INTERNAL APPLICATIONS THAT ARE ACCESSED OVER A NETWORK - Examples herein describe systems and methods for concealing internal applications that are accessed over the internet. A user device can select a remote internal application to access using a client. The user device can send an access request to an open listening port of an access server. The access server can be a gateway and proxy to the internal application, which can reside elsewhere. The access server can open a different randomized access port for establishing the connection by proxy to the internal application. The port number for the access port can be identified in the access request at the listening port. The access server can open the access port for a short time interval. The connection can be made through the access port during that time interval. A firewall can then close the access port but maintain an established connection between the user device and the internal application. | 2022-02-10 |
20220045993 | DATA MANAGEMENT DEVICE, DATA MANAGEMENT SYSTEM, DATA MANAGEMENT METHOD, AND PROGRAM - A data management device ( | 2022-02-10 |
20220045994 | FAST OBLIVIOUS TRANSFERS - Systems, methods, and computing device readable media for implementing fast oblivious transfer between two computing devices may improve data security and computational efficiency. The various aspects may use random oracles with or without key agreements to improve the security of oblivious transfer key exchanges. Some techniques may include public/private key strategies for oblivious transfer, while other techniques may use key agreements to achieve simultaneous and efficient cryptographic key exchange. | 2022-02-10 |
20220045995 | System and Method for Encryption, Storage and Transmission of Digital Information - A computerized system for encryption and transmission of digital information comprising: a set of non-transitory computer readable instructions that, when executed by a processor, preform the steps of: receiving a data set from an instance of a sender browser running on a sender computer device, verifying that a recipient is a subscriber and if the recipient is a subscriber, generating a sender key, encrypting a portion of the data set with the sender key, generating a key pair having a first key and a second key, encrypting the sender key with the first key, encrypting the second key with a master key, and, generating a hyperlink to the portion of the data set that is encrypted. | 2022-02-10 |
20220045996 | ENCRYPTION SCHEMES WITH ADDRESSABLE ELEMENTS - The present disclosure relates to implementations of physically unclonable functions (PUFs) for cryptographic and authentication purposes. Specifically, the disclosure describes implementations of systems using PUFs that may replace existing public key infrastructures (PKIs). | 2022-02-10 |
20220045997 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR NETWORK BOUND PROXY RE-ENCRYPTION AND PIN TRANSLATION - A method, system, and computer program product generate, with a payment network, a first value (a) and a second value (ga), the second value (ga) generated based on the first value (a) and a generator value (g); generate, with the payment network, a plurality of random merchant numbers (mi) for a respective plurality of merchant banks; determine, with the payment network, a merchant product (M) based on a product of the plurality of random merchant numbers (mi); generate, with the payment network, a public key (pki) based on the second value (ga), the merchant product (M), and the random merchant number (mi) and a random key (rki) based on the merchant product (M) and the random merchant number (mi) for each respective merchant bank; and communicate, with the payment network, the public key (pki) and the random key (rki) to at least one respective merchant bank. | 2022-02-10 |
20220045998 | METHODS AND SYSTEMS FOR SECURE DIGITAL CREDENTIALS - Methods and systems for resetting a digital credential within a digital credential based authentication system. The method includes logging a first administrative user into the digital credential system, receiving, from the first administrative user, a first portion of authentication credentials for a first customer, validating, by the first administrative user using the digital credential system, the first portion, logging a second administrative user into the digital credential system, receiving, from the second administrative user, a second portion of authentication credentials for the first customer, receiving the second portion by the second administrative user, validating, by the second administrative user using the digital credential system, the second portion; and resetting the authentication credentials based on the validation of the first portion and second portion. | 2022-02-10 |
20220045999 | MULTI-DEVICE VERIFICATION VIA NON-AUDIBLE SOUND - A non-transitory computer-readable storage medium storing computer-readable program code executable by a processor to receive a transaction request from a user interface, and receive a user-identifier from the user interface, and the user-identifier associated with a user. The program code may be executable to send a first non-audible sound signal to initiate a multifactor authentication process during a first interval, and send a second non-audible sound signal during a second interval, where the second non-audible sound signal comprises a predetermined frequency pattern, associated with the user. The program code may also be executable to receive a third non-audible sound signal, where the third non-audible sound signal, at least in part, is utilized to determine whether to complete the transaction request or not. The first non-audible sound signal, the second non-audible sound signal, and the third non-audible sound signal may comprise a frequency greater than 15 kHz. | 2022-02-10 |
20220046000 | METHODS FOR AUTHENTICATING PHOTOGRAPHIC IMAGE DATA - Systems and methods are provided for authenticating image files when network connections should not or cannot be used to transfer image files. A user device application may capture an image at a user device, generate an image file, and generate a hash file based on the image file. Instead of sending the image file to an authentication server for authentication, the application may send the hash file. If desired, the application may transfer the image file when a desirable network connection is available. Any alteration to the image file in the meantime will result in a different hash file for the altered image file, thus allowing detection of altered image files. This approach offers decreases the amount of data that is required to be transmitted in low or undesirable signal conditions, while maintaining an ability to detect alterations to image files that may have been made in the meantime. | 2022-02-10 |
20220046001 | SECURITY KEY DEVICE, SECURITY AUTHENTICATION SYSTEM, AND SECURITY AUTHENTICATION METHOD - A security key device, a security authentication system, and a security authentication method are provided. The security key device includes a communication module, a security processing unit, and a processing unit. The security processing unit executes an authentication module, a bridge module, and a management module. The authentication module is configured to operate according to a Fast IDentity Online protocol. The management module is configured to operate according to a Public Key Infrastructure protocol. The authentication module receives through the communication module an input command provided based on the Fast IDentity Online protocol by a web authentication module of a browser executed by an electronic device. According to a header of the input command, the authentication module determines that the input command is used to be executed by the authentication module or used to access the management module through the bridge module. | 2022-02-10 |
20220046002 | SYSTEM AND METHOD FOR AUTHENTICATION AS A SERVICE - A computing system includes a server. The server is communicatively coupled to a data repository and is configured to store a data in the data repository. The server is further configured to receive a first authentication information, the first authentication information comprising a login and a password for an entity, and to receive a second authentication information, the second authentication information comprising at least one identifying information generated by a hardware authentication device. The server is further configured to execute a hardware-based authentication as a service process, the authentication as a service process configured to use the first and the second authentication information as input to authenticate the entity, and to provide computing resources to the entity if the entity is successfully authenticated. | 2022-02-10 |
20220046003 | PARAMETER SENDING METHOD AND APPARATUS - Example parameter sending and receiving methods and apparatus are described. One example method includes receiving, by a terminal device in an authentication process, a random number and a first sequence number from a core network device. After determining that a difference between the first sequence number and a locally prestored second sequence number is greater than a threshold, the terminal device concatenates a message authentication code after an exclusive OR value of an authentication key and the second sequence number to generate a synchronization failure parameter, where the authentication key is generated based on the random number, a locally prestored key K, and the message authentication code. A synchronization failure message carrying the synchronization failure parameter is sent to the core network device. The core network device generates the authentication key in a same manner, and obtains the second sequence number from the synchronization failure parameter. | 2022-02-10 |
20220046004 | METHOD FOR PROVISION OF ACCESS GRANT - A method for validating an access request with respect to an application is provided. The method includes: receiving an access request from a user with respect to an application; retrieving, from a memory, group identification information that relates to at least one group to which the user belongs; retrieving, from the memory, scope information that indicates qualifications and/or characteristics of a relationship between the user and the at least one group; and generating a token that notifies the application of the group identification information and the scope information, and is usable by the application for validating the access request. The method may be implemented in an Active Directory Federation Services (AD FS) environment. | 2022-02-10 |
20220046005 | WORKFLOW SERVICE BACK END INTEGRATION - Disclosed are various approaches for workflow service back end integration. In some examples, a hosting location is identified for a connector that handles communications with a network service. Authentication information that is selected based on the hosting location of the connector is appended to a service request. The authentication information includes a service credential that the connector uses to authenticate with the network service, if the connector is hosted locally to the workflow service. The authentication information includes instructions for the connector to retrieve the service credential from an enterprise-hosted data store, if the connector is hosted external to the workflow service. The service request is then transmitted with the selected authentication information. | 2022-02-10 |
20220046006 | MULTI-DEVICE SINGLE SIGN-ON - Disclosed are various approaches for extending a single sign-on (SSO) session to multiple devices. If a device is enrolled as a managed device with a management service, a SSO session can be extended to the device if the user has previously authenticated with an identity provider from another device. The user is authenticated on the second device using a user-and-device token issued by the management service with which the device is enrolled as a managed device. | 2022-02-10 |
20220046007 | SYSTEM AND METHOD FOR CAPTURING INFORMATION - Embodiments of the present disclosure relate to systems and methods for capturing information. In addition, embodiments of the present disclosure relate to solutions for capturing information using a web browser extension. Embodiments of the present disclosure further relate to securely transmitting captured information to a server for association with an application or form being completed by an individual. | 2022-02-10 |
20220046008 | Preventing Unauthorized Access to Secured Information Systems Using Authentication Tokens and Multi-Device Authentication Prompts - Aspects of the disclosure relate to preventing unauthorized access to secured information systems. A computing platform may receive, from an end user desktop computing device, a request to login to a user account associated with a user account portal. In response to receiving the request, the computing platform may generate an authentication token in an authentication database and may send a notification to at least one registered device linked to the user account. After sending the notification, the computing platform may receive, from the at least one registered device, an authentication response message. If the authentication response message indicates that valid authentication input was received, the computing platform may update the authentication token to indicate that the request to login to the user account has been approved. After updating the authentication token, the computing platform may provide, to the end user desktop computing device, access to a portal interface. | 2022-02-10 |
20220046009 | MULTI-PERSON AUTHENTICATION - A system includes a multi-person authentication server which receives an authentication request corresponding to a request to provide a first user access to a secure server. In response to the authentication request, a challenge-response message is provided to the first user device. A push notification is also provided to a second user device. A response to the challenge-response message is received from the first user device. If the received response indicates the first user is authenticated, the first user is allowed to access the secure server. If the received response indicates the first user is not authenticated, the first user is prevented from accessing the secure server. | 2022-02-10 |
20220046010 | APPLICATION FOR REQUESTING MULTI-PERSON AUTHENTICATION - A first user device includes a camera. The first user device receives a challenge-response message following a request for access to a secure server. The first user device captures a first image of the first user. The first image includes an image of at least a portion of a face of the first user. An authentication result from facial recognition scan of the second user is received. Facial recognition is used to determine that the face of the first user is a face of an authorized user of the secure server. The first user device generates and sends a response to the challenge-response message based on results of facial recognition and the received authentication results. | 2022-02-10 |
20220046011 | APPLICATION FOR CONFIRMING MULTI-PERSON AUTHENTICATION - A secure server is configured to host one or more secure applications. A first user device includes a camera operable to capture a first image of a first user of the first user device. The first user device receives a notification that indicates confirmation of authentication of a second user of a second user device is needed after the second user requests access to the secure server. Following receipt of the notification, the first user device captures a first image of the first user. The first image includes at least a portion of a face of the first user. Facial recognition is performed, and results of facial recognition are provided to the second user device where it is used for multi-person authentication. | 2022-02-10 |
20220046012 | Method and System for Verifying the Identity of a User - A system, method, and computer program product are used to verify the identity of a user implemented on a computer system. This achieved by receiving data in the form of facial images and non-facial identifying data from a user that is evaluated and verified to determine that the user is authentic and the submitted data is verified by a verification entity. The user data is also compared to preexisting data of other users so that only a single account for a user can be created. | 2022-02-10 |
20220046013 | Field Forensic Method to Acquire Adaptable Format Biometric Evidentiary Proof of Having Complied With the Special Counsel Provisions of Countries' Data Protection Regulations - A computer implemented system and method for acquisition of advance consent for each instance of PII use includes the steps of receiving reference specimens for a user, electronically storing the reference specimens on a distributed block chain. When PII of the user is to be used, a consent session is electronically requested for the user. Consent-session specimens are electronically received from the user in response to the electronic request for the consent-session after completion of the consent session. The consent-session specimens include a video of the user making an affirmative consent statement, a photograph of fingerprints of the user, and a photograph of identification (ID) credentials of the user. A degree to which each of the consent-session specimens from the user match the reference specimens for the user is electronically determined and the transaction information is electronically stored on the distributed block chain. | 2022-02-10 |
20220046014 | TECHNIQUES FOR DEVICE TO DEVICE AUTHENTICATION - This disclosure describes techniques for device to device authentication. For instance, a first device may detect a second device, such as when a user physically attaches the second device to the first device or when the second device wireless communicates with the first device. A component of the first device and/or an authentication entity may then determine to authenticate the second device. In some instances, the component determines to authenticate the second device using information associated with an environment of the second device. To authenticate the second device, the authentication entity may send a request to a user, receive a response from the user, and then verify the response. After the authentication, the first device may determine that the second device includes a trusted device and establish a connection with the second device. | 2022-02-10 |
20220046015 | CERTIFIED TRANSACTION AUTHENTICATION SYSTEM FOR UNILATERALLY-ISSUED RECORDS - Apparatus and associated methods relate to generating persistent transaction records (PTR), each containing fields/parameters determined by a template that gets stored on a centralized blockchain to identify a certified transaction associated with a particular Certified Body and Certified Subject pair, the persistent transaction records being unilaterally issued by the Certified Body. In an illustrative example, the Certified Body may be authenticated by a trusted Certifying Transaction Authority System (CTAS) configured to authenticate parametric data from one or more Certified Bodies and cause the authenticated parameters to be stored on the blockchain in association with the Certified Subject as a PTR. The PTR may be accessible in the decentralized blockchain by, for example, the Certified Body, the Certified Subject, and an authorized 3rd Party. The CTAS may advantageously provide an automated infrastructure for unilateral issuance of trustworthy and immutable records of diverse information (e.g., credentials, experience, rights) relating to Certified Subjects. | 2022-02-10 |
20220046016 | ACCESS TO PHYSICAL RESOURCES BASED THROUGH IDENTITY PROVIDER - Disclosed are various approaches for providing a virtual badge credential to a user's device that is enrolled with a management service as a managed device. Upon authentication of a user's identity via an identity provider, a virtual badge credential can be provided to an application on the client device. The virtual badge credential can be presented by the client device to access control readers to gain access to physical resources, such as doors and buildings, that are secured by the access control readers. | 2022-02-10 |