11th week of 2021 patent applcation highlights part 75 |
Patent application number | Title | Published |
20210083969 | SYSTEM, METHOD, AND DEVICE FOR COMMUNICATION BETWEEN NETWORK SEGMENTS - A method of providing a path between bridges of a first network segment. The first network segment is configured using a Spanning Tree Protocol (‘STP’). The method includes providing a second network segment interconnecting first and second bridges of said first network segment. The second network segment is operable to transmit frames adherent to a High-availability Seamless Redundancy (‘HSR’) network control protocol and to discard the STP control data frames. The method also includes modifying at a first Redundancy Box (‘RedBox’) STP control data frames to form modified data frames adherent to the HSR protocol. The method also includes modifying at a second RedBox, the modified data frames to re-form the STP control data frames. | 2021-03-18 |
20210083970 | Packet Processing Method and Apparatus - Embodiments of the present invention provide a packet processing method, which is applied to a first node. The method includes: obtaining N first packets, where N is an integer greater than or equal to 1, and each of the first packets includes a first label; and sending the N first packets in a sending period corresponding to the first label. | 2021-03-18 |
20210083971 | Cell Site Gateway - A cell site gateway comprises a first interface, a second interface, and a third interface. The first interface is configured to communicate with a cellular base station. The second interface is configured to communicate with a network gateway. The third interface is configured to receive, from a control server, control information for a forwarding layer and comprising a first label and a second label. The forwarding layer is configured to: remove the first label from first packets received from the network gateway via the second interface; attach the second label to second packets received from the cellular base station; and transmit the second packets to the network gateway via the second interface. | 2021-03-18 |
20210083972 | Service Routing Packet Processing Method and Apparatus, and Network System - A service routing packet processing method, apparatus and system. The method includes obtaining, by a first service router (SR), a first service routing packet, where the first service routing packet includes path identification information and identification information of a service node (SN), and sending, by the first SR, the first service routing packet to the SN. | 2021-03-18 |
20210083973 | MESSAGE FORWARDING METHOD AND APPARATUS, AND NODE - Disclosed are a message forwarding method and apparatus, and a node. The method comprises: receiving an Internet Protocol Version 6 (IPv6) message encapsulated by a Segment Routing Header (SRH), by a node with a IPv6 Segment Routing (SRv6) forwarding capacity, wherein the SRH includes a segment list; and determining, by the node, that it is a node corresponding to a penultimate segment in the segment list, and popping the SRH by the node before forwarding the IPv6 message. | 2021-03-18 |
20210083974 | Packet Processing Method and System, and Device - The application disclose a packet processing method that includes: receiving, by a service distribution node, service routing information sent by a controller, where the service routing information includes a flow identifier, a service identifier, and a next-hop address, the flow identifier is used to identify a packet flow, the service identifier is used to identify a sequence of a service node instance that processes the packet flow, and the next-hop address is used to identify the service node instance that processes the packet flow; receiving a first packet; acquiring a first flow identifier according to the first packet, and searching the service routing information according to the first flow identifier to acquire a matched service identifier and a matched next-hop address; and sending a second packet to a first service node instance that has the matched next-hop address, which implements service processing on a packet flow. | 2021-03-18 |
20210083975 | METHOD AND APPARATUS FOR PREFERRED PATH ROUTE INFORMATION DISTRIBUTION AND MAINTENANCE - A method implemented in a domain in a multi-domain network, comprising maintaining a link state database (LSDB) comprising information describing a topology of the domain, receiving, from a network element (NE) in an area of the domain, preferred path route (PPR) information describing a PPR from a source to a destination in the area, the PPR information comprising a PPR identifier (PPR-ID) and a plurality of PPR description elements (PPR-PDEs) each representing an element on the PPR, and constructing an end-to-end path between the source and the destination based on the PPR information. | 2021-03-18 |
20210083976 | METHOD FOR CONTENT CACHING IN INFORMATION-CENTRIC NETWORK VIRTUALIZATION - A method for content caching in information centric network virtualization includes receiving, by a first node, a first data packet; in response to a cache distance identifier hop of the first data packet being less than a preset maximum cache distance, setting hop=hop+1 and sending the first data packet to a next node by the first node; in response to the hop being not less than the preset maximum cache distance and there being available cache space in the first node, setting hop=0, storing the first data packet, and sending the first data packet to the next node by the first node. The node determines whether to cache a data packet based on the cache distance identifier of the data packet, which comprehensively considers the cache energy consumption caused by caching the data packet in the node and the transmission energy consumption caused by transmission of the data packet in the link, thereby effectively reducing the total energy consumption of the network. | 2021-03-18 |
20210083977 | Packet Transmission Method, and Communications Apparatus and System - Embodiments of this application provide a packet transmission method, and a communications apparatus and system. The method includes: generating a packet based on address information of forwarding nodes on a packet forwarding path, where the packet includes a first indication field, the first indication field is used to indicate a compressed first element and a compressed second element, the first element and the second element are address information of different forwarding nodes, and different address compression manners are used for the first element and the second element; and sending the packet. | 2021-03-18 |
20210083978 | ELASTIC MODIFICATION OF APPLICATION INSTANCES IN A NETWORK VISIBILITY INFRASTRUCTURE - Introduced here are network visibility platforms having total processing capacity that can be dynamically varied in response to determining how much network traffic is currently under consideration. A visibility platform can include one or more network appliances, each of which includes at least one instance of an application configured to process data packets. Rather than forward all traffic to a single application instance for processing, the traffic can instead be distributed amongst a pool of application instances to collectively ensure that no data packets are dropped due to over-congestion. Moreover, the visibility platform can be designed such that application instances are elastically added/removed, as necessary, based on the volume of traffic currently under consideration. | 2021-03-18 |
20210083979 | SYSTEM AND METHOD FOR DETERMINING CAPACITY OF A TELECOMMUNICATIONS NETWORK - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for determining an estimated capacity for providing data from a telecommunications network to a plurality of end users. In one implementation, the estimated capacity for delivering the data to the end users is per transmission path or per access network connected to the telecommunications network. This information may be aggregated into a traffic flow table that illustrates the traffic flow and available capacity to one or more end user networks. Through analysis of the traffic flow table, the system determines an estimated available capacity to provide the data to the end users. The traffic flow table thus provides a more accurate estimate of the capacity of the telecommunications network to provide the data to the end users over previous capacity estimates. | 2021-03-18 |
20210083980 | Network Traffic Throughput Forecasting - A throughput forecaster ( | 2021-03-18 |
20210083981 | CONGESTION NOTIFICATION PACKET INDICATING SPECIFIC PACKET FLOW EXPERIENCING CONGESTION TO FACILITATE INDIVIDUAL PACKET FLOW BASED TRANSMISSION RATE CONTROL - A system includes first, second, and third processors. The first processor is configured to detect congestion in a packet flow formed of a plurality of packets of a same type received from a first device in a network via a first network connection. The packets in the packet flow being destined for a second device in the network. The second processor is configured to send, when congestion notification packet generation is enabled for the packet flow, a congestion notification packet to the first device via the first network connection. The congestion notification packet identifies the packet flow for which congestion is detected. The third processor is configured to forward the plurality of packets in the packet flow to the second device via a second the network connection. | 2021-03-18 |
20210083982 | TRANSFER DEVICE AND TRANSFER METHOD - A transfer device for coupling a priority signal and a standard signal includes a reception unit configured to receive a plurality of signals transmitted from a device connected to a path different from a forwarding path, a separation unit configured to separate the signals into the priority signal and the standard signal, an identifier reference unit configured to reference an identifier added to the standard signal, an identifier sort unit configured to sort the standard signal by the identifier, a signal coupling unit configured to couple the plurality of standard signals, a multiplexing unit configured to multiplex the priority signal and the standard signal, a priority control unit configured to determine a transfer order of the signals, a transmission unit configured to transmit the signals to a device connected to the forwarding path, an interrupt transfer processing unit configured to perform interrupt processing in a case where the priority signal arrives during transfer of the standard signal, a signal division unit configured to divide the standard signal, an identifier addition unit configured to add the identifier to the standard signal divided, and a transmission suspending unit configured to suspend transfer of the standard signal until transfer of the priority signal is completed. | 2021-03-18 |
20210083983 | ACCELERATING SATELLITE ACCESS WITH LOW LATENCY DIVERSITY TRANSPORT - An accelerator and system to provide a combined transport Wide-Area Network (WAN) transports. The accelerator includes a tunnel manager to maintain tunnels traversing each of the WAN transports; an inspector to perform packet and IP flow classification to set a respective classification metric for a downstream packet to be sent over the combined transport; a transport selector to select a preferred tunnel from the tunnels based on the respective classification metric of the downstream packet; and a sender to send the downstream packet over the preferred tunnel. In the accelerator, the WAN transports include a high latency satellite transport and a low latency transport, and a respective tunnel connects the accelerator to a peer accelerator via one of the WAN transports. The accelerator includes a receiver to receive upstream packets arriving over the combined transport and to forward the upstream packets to a user equipment. | 2021-03-18 |
20210083984 | DATA TRAFFIC MANAGEMENT METHOD AND APPARATUS - This application discloses a data traffic management method and apparatus. The method includes: obtaining traffic control information of a first application and a data traffic value used by the first application, where the traffic control information includes at least an upper traffic threshold; and disconnecting a data connection of the first application when the data traffic value used by the first application is greater than or equal to the upper traffic threshold included in the traffic control information of the first application. In the foregoing solution, real-time traffic management on a single application is implemented, so that a user instantly modifies traffic control information according to a requirement, to manage data traffic in real time. | 2021-03-18 |
20210083985 | SYSTEM AND METHOD FOR DETERMINING A NETWORK PERFORMANCE PROPERTY IN AT LEAST ONE NETWORK - Systems and methods of determining a network performance property in at least one computer network, including: sampling traffic in active communication with the at least one computer network, analyzing the sampled traffic to group communication packets to flows, and predicting at least one network property of the at least one network based on the grouped communication packets and based on at least one traffic parameter in the at least one network, where the at least one traffic parameter is selected from the group consisting of: union of packet streams, intersection of packet streams, and differences of packet streams, and where the predicted at least one network property is selected from the group consisting of: total number of flows, number of flows with a predefined characteristic, number of packets, and volume of packets. | 2021-03-18 |
20210083986 | SYSTEMS AND METHODS FOR PREDICTIVE SCHEDULING AND RATE LIMITING - Systems and methods are disclosed for enhancing network performance by using modified traffic control (e.g., rate limiting and/or scheduling) techniques to control a rate of packet (e.g., data packet) traffic to a queue scheduled by a Quality of Service (QoS) engine for reading and transmission. In particular, the QoS engine schedules packets using estimated packet sizes before an actual packet size is known by a direct memory access (DMA) engine coupled to the QoS engine. The QoS engine subsequently compensates for discrepancies between the estimated packet sizes and actual packet sizes (e.g., when the DMA engine has received an actual packet size of the scheduled packet). Using these modified traffic control techniques that leverage estimating packet sizes may reduce and/or eliminate latency introduced due to determining actual packet sizes. | 2021-03-18 |
20210083987 | MANAGING COMMITTED REQUEST RATES FOR SHARED RESOURCES - Commitments against various resources can be dynamically adjusted for customers in a shared-resource environment. A customer can provision a data volume with a committed rate of Input/Output Operations Per Second (IOPS) and pay only for that commitment (plus any overage), for example, as well as the amount of storage requested. The customer can subsequently adjust the committed rate of IOPS by submitting an appropriate request, or the rate can be adjusted automatically based on any of a number of criteria. Data volumes for the customer can be migrated, split, or combined in order to provide the adjusted rate. The interaction of the customer with the data volume does not need to change, independent of adjustments in rate or changes in the data volume, other than the rate at which requests are processed. | 2021-03-18 |
20210083988 | CONTENT SOURCE ALLOCATION BETWEEN COMPUTING DEVICES - Systems and methods of the present disclosure relate generally to allocation of content resources in a voice activated packet-based computer network. A request for a digital component, by a client computing device, can be fulfilled by multiple content sources. Fulfillment by the different content sources can consume different amounts of computational and network resources. The selection of the best content provider can improve the efficiency and effectiveness of data packet transmission over one or more computer networks. | 2021-03-18 |
20210083989 | SYSTEMS AND METHODS FOR INTELLIGENT APPLICATION GROUPING - A method is described that comprises collecting communication data travelling among a plurality of computing nodes in a networked environment. The method includes using the communication data to create a plurality of connectivity records, wherein each connectivity record comprises a communication between a source computing node and a destination computing node of the plurality of computing nodes. The method includes associating the communication with an application context and protocol. The method includes processing the plurality of connectivity records to eliminate connectivity records that meet at least one criteria, wherein the plurality of connectivity records includes associated application contexts and protocols, wherein a first portion of the plurality of connectivity records comprises the eliminated connectivity records, wherein a second portion of the plurality of connectivity records comprises the remainder of the connectivity records. The method includes building a graph using the second portion of the connectivity records. | 2021-03-18 |
20210083990 | THIN DATA WARNING AND REMEDIATION SYSTEM - The present disclosure describes a patent management system and method for remediating insufficiency of input data for a machine learning system. A plurality of data vectors using data are extracted from a plurality of data sources. A user input with respect to an input data context is received, the input data context correspond to a subset of the plurality of data elements. An input vector based on the user input is generated and a set of matching data vectors are determined from the plurality of data vectors based on the input vector. An insufficiency of the input data is determined based on a comparison of a number of matching data vectors with a first pre-determined threshold, and/or a variance with a second pre-determined threshold. Further, the set of matching data vectors are expanded by modifying the input vector when the input data is determined to be insufficient. | 2021-03-18 |
20210083991 | DEVICE, SYSTEM AND METHOD FOR ALLOCATING RESOURCES FOR VIDEO STREAMING - A device, system and method for allocating resources for video streaming is provided. A device determines, respective differences between reserved and actual allocated resources for videos provided to a streaming system by client devices, and selects, at the streaming system, from a plurality of discrete selectable allocated resources available at the streaming system, first reserved aggregate allocated resources based on the actual allocated resources for the videos, the first reserved aggregate allocated resources for streaming the videos to video-playing devices. The device monitors used resources for streaming the videos to the video-playing devices and, in response to determining that the used resources are within a threshold value of the first reserved aggregate allocated resources: from the plurality of discrete selectable allocated resources, selects second reserved aggregate allocated resources based on the respective differences between the reserved allocated resources and the actual allocated resources for the videos. | 2021-03-18 |
20210083992 | AUGMENTED REALITY FOR INTERNET CONNECTIVITY INSTALLATION - Apparatuses (e.g., systems and devices) and methods to view otherwise hidden connectivity of networking devices. An electronic device such as a network device connected to a variety of different devices, may be observed through a real-time image onto which information about the connectivity and/or connections may be display to show identity, connectivity state and other information associated with ports of the network device(s). These methods may be implemented on a mobile device used to capture images of the network device and present an overlay of virtual objects on the captured images to a user in real time. The virtual objects may dynamically move or change shape in real time depending on the movement of the mobile device. One or more filtering techniques may be used to stabilize the virtual objects with respect to the captured images. | 2021-03-18 |
20210083993 | SYSTEMS AND METHODS FACILITATING BOT COMMUNICATIONS - A method for delivering messages from customers to bots that includes providing a bot gateway and, pursuant to a process, formatting and sending the messages. The bot gateway includes bot schemas that each defines a data field arrangement for sending requests to a particular bot. The process includes receiving a first message and determining therefrom a first customer, a first tenant, a first bot, and a text message from the first customer to the first bot. The process includes: providing a bot configuration data set; selecting a first bot schema pertaining to the first bot; creating a formatted request via mapping the text message and the data values defined in the bot configuration data set to corresponding data fields defined within the data field arrangement; and sending the formatted request to the first bot. | 2021-03-18 |
20210083994 | DETECTING UNRELATED UTTERANCES IN A CHATBOT SYSTEM - Techniques are described to determine whether an input utterance is unrelated to a set of skill bots associated with a master bot. In some embodiments, a system described herein includes a training system and a master bot. The training system trains a classifier of the master bot. The training includes accessing training utterances associated with the skill bots and generating training feature vectors from the training utterances. The training further includes generating multiple set representations of the training feature vectors, where each set representation corresponds to a subset of the training feature vectors, and configuring the classifier with the set representations. The master bot accesses an input utterance and generates an input feature vector. The master bot uses the classifier to compare the input feature vector to the multiple set representations so as to determine whether the input feature falls outside and, thus, cannot be handled by the skill bots. | 2021-03-18 |
20210083995 | SYSTEMS AND METHODS FOR MANAGING ELECTRONIC COMMUNICATIONS - Systems and methods are disclosed for managing electronic communications. According to certain embodiments, an enterprise directory is provided for listing a plurality of enterprises. In one embodiment, the enterprise directory may include an enterprise profile for each enterprise identifying, among other things, a mode of communication for the enterprise. Enterprises that wish to communicate with one another may form partnerships with one another. In one embodiment, a partnership may be formed between two enterprises when one enterprise accepts a partnership request submitted by the other enterprise. Information regarding partnerships between enterprises may be stored in a database. Further, an enterprise user may request to electronically communicate (e.g., via IM, voice, or email) with a user associated with a different enterprise. Users associated with different enterprises may be allowed to communicate electronically with one another if their respective enterprises are in a partnership with one another. | 2021-03-18 |
20210083996 | DYNAMIC CONFIGURATION AND POPULATION OF DIGITAL INTERFACES DURING PROGRAMMATICALLY ESTABLISHED CHATBOT SESSIONS - The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically configure and populate a digital interface based on sequential elements of message data exchanged during a chatbot session established programmatically between an apparatus and a device. For example, the apparatus may generate first messaging data that includes a candidate input value for an interface element of a digital interface, and transmit the first messaging data to the device during the programmatically established chatbot session. The apparatus may also receive, from the device during the programmatically established chatbot session, second messaging data that includes a confirmation of the candidate input value. Based on the second messaging data, the apparatus may generate populated interface data that associates the interface element with the confirmed candidate input value, and store the populated interface data within a memory. | 2021-03-18 |
20210083997 | EVENT DETECTION USING INQUIRIES - Inquiry data from one or more sources (e.g., client devices) may be analyzed to determine if key terms, date terms, and locality terms are indicative of an event to occur at a locality during one or more dates. Events that are detected may be communicated (e.g., via an electronic message(s)). An owner of a property may receive the electronic message(s) that are communicated for detected events and the owner may act to garner interest in stays at their property. Travelers searching for a property to stay at during the event may receive the electronic message(s) in the form of an offer (e.g., an email, a text message, a Tweet, a newsletter, etc.). The inquiry data may be received in real time and/or may be accessed from a data store. The Inquiry data may be curated to remove non-essential information and/or to include edited key terms, date terms, and locality terms. | 2021-03-18 |
20210083998 | Machine Logic Rules to Enhance Email Distribution - Machine logic rules for adding, or recommending to add, recipients for an e-message based at least in part upon historical data relating to e-message distribution and content; machine logic rules for add adding, or recommending to add, text to an e-message based at least in part upon historical data relating to e-message distribution and content; and/or machine logic rules for responding to (for example, replying, forwarding), or recommending to respond to, an e-message based at least in part upon historical data relating to e-message distribution and content. Historical data relating to e-message distribution and content may be structured in the form of graphs with nodes and connections among and between the nodes. | 2021-03-18 |
20210083999 | PLUG-IN POWER ADAPTERS AND METHODS OF IMPLEMENTING A PLUG-IN POWER ADAPTER - A plug-in power adapter is described. The plug-in power adapter may comprise a plug having a plurality of prongs, wherein a first prong of the plurality of prongs is adapted to receive power; a transformer coupled to receive the power by way of the first prong of the plurality of prongs, wherein the transformer is adapted to generate a power signal on a power signal line coupled to the transformer; an input portion comprising a control button, wherein the control button is accessible by a user of the plug-in power adapter; and a plurality of contact elements on a surface of the plug-in power adapter and accessible by the user of the plug-in power adapter; wherein a contact element of the plurality of contact elements is adapted to receive a control signal. | 2021-03-18 |
20210084000 | SYSTEMS AND METHODS FOR LOCATION-BASED MESSAGING - A location-based digital communication platform, whereby users may digitally interact with one another based, at least in part, on the users' physical locations in the real world. For example, a user may have the ability to associate a digital message with a particular geographic location. In this way, other users who may be at or near that same geographic location, or who may later travel to the geographic location, may have the ability to view or access the digital message. In some embodiments, access controls may allow a user to control which users have access to the message, the size of the area in which the message is available, and/or the length of time for which the message is available. | 2021-03-18 |
20210084001 | ELECTRONIC MESSAGING PLATFORM THAT ALLOWS USERS TO CHANGE THE CONTENT AND ATTACHMENTS OF MESSAGES AFTER SENDING - Systems, methods, and computer media for manipulating electronic messages are provided herein. A system for editing electronic messages can include at least one processor, and an application. The application can be configured to, by the at least one processor, send an electronic message from a sender to a recipient, edit the message after it has been sent to the recipient to create an edited message, retain a relative location of the message in the recipient's inbox while the edited message is created, send the edited message from the sender to the recipient, and place the edited message in the relative location of the message in the recipient's inbox. | 2021-03-18 |
20210084002 | ASYNCHRONOUS MESSAGING AND COMMUNICATION IN A SOCIAL NETWORKING SYSTEM - The present disclosure is for systems and methods for asynchronous communication within a social networking system. Specifically, the present invention is for receiving capsuled data that is directed to a recipient. The capsuled data may be partially viewable by a recipient within the social networking system, but may not become fully viewable until a trigger condition is met. The systems and methods disclosed herein enable a determination of whether a trigger condition is met, and, if it is met, the capsuled data may be fully viewable by a recipient. | 2021-03-18 |
20210084003 | EFFICIENTLY MAPPING A DISTRIBUTED RESOURCE TO A VIRTUAL NETWORK - A distributed resource may be mapped into a virtual network, where the resource is distributed across a large number of nodes that are uniquely addressable within the distributed resource service's address space. The resource can be represented using a relatively small number of private VIP addresses within the virtual network, while still enabling access to all of the nodes that are uniquely addressable within the address space of the distributed resource service. A resource map may be created that relates the distributed resource service's address space to the virtual network's address space. The resource map may be used by a gateway that facilitates access to a distributed resource by clients. The resource map may also be used to translate packets that are sent from clients within a virtual network into the distributed resource service's address space. | 2021-03-18 |
20210084004 | ADDRESS RESOLUTION PROTOCOL ENTRY VERIFICATION - In some embodiments, a method receives a first address resolution mapping from a workload and verifies the first address resolution mapping. When the first address resolution mapping is verified, the method adds the first address resolution mapping to a list of address resolution mappings. The list of address resolution mappings includes verified address resolution mappings. The list of address resolution mappings is sent to the workload to allow the workload to verify a second address resolution mapping using the list of verified address resolution mappings. | 2021-03-18 |
20210084005 | SYSTEM AND METHOD FOR IDENTITY RESOLUTION ACROSS DISPARATE DISTRIBUTED IMMUTABLE LEDGER NETWORKS - A system and method for identifying previously unknown counterparties by registering distributed ledger public keys and/or addresses associated with specific business entities and/or individuals. The system and method are configured to provide tools for administering public facing distributed ledger identifiers using cryptographic proof messaging and transactions made on the Distributed Ledger. It also provides queries and lookups to discover public keys associated with entities and allows users to link identifiers on competing Distributed Ledgers to a disambiguated entity, thereby enabling cross Ledger transactions to occur. | 2021-03-18 |
20210084006 | DNS RENDEZVOUS LOCALIZATION - A method of generating a routing table containing information as to the weighted distance between client's that use a resolver and each rack gateway, taking into account how traffic to each client can egress from the CDN AS. The routing table is generated from matrix multiplication of two matrices. One matrix contains information as to the proportion of each client's use of each resolver in a first autonomous system. The second matrix contains information as to the distance between each client and each rack, with respect to an egress gateway, in a second autonomous system. The resulting routing table is used to identify a gateway from which to serve content to a client. | 2021-03-18 |
20210084007 | IP Address Allocation Method, and Device - An Internet Protocol (IP) address allocation method and a device to resolve a technical problem that an IP address conflict occurs when a control plane device and a user plane device allocate an IP address for one user equipment (UE) at the same time. When receiving a session establishment request message, a control plane network device may determine whether a first user plane network device is capable of allocating an IP address for a terminal device. If the first user plane network device is capable of allocating the IP address for the terminal device, the control plane network device may send an address allocation indication to the first user plane network device. | 2021-03-18 |
20210084008 | FULLY QUALIFIED DOMAIN NAME (FQDN) DETERMINATION - Fully qualified domain name determination is disclosed. A queue of fully qualified domain names (FQDN) is created using a predetermined amount of network domains. Each FQDN is crawled from a plurality of collection agents of a computer network. For each FQDN, data comprising an Internet Protocol (IP) address of the FQDN, IP addresses for resources loaded for the FQDN and load times of the resources loaded for the FQDN are extracted. A correlation model is generated based on the data. An FQDN being accessed by one or more computer devices of the computer network is determined by using the correlation model. | 2021-03-18 |
20210084009 | ROUTE GENERATION METHOD AND DEVICE - This application provides a route generation method, applied to an SRv6 network and including: receiving, by a first network device, a first notification packet from a second network device; where the first notification packet includes a network slice identifier, the first notification packet indicates an association relationship between information of the network slice identifier and an IPv6 address prefix of the second network device, and the network slice identifier is used to identify one network slice; and generating, by the first network device, a route forwarding entry for the IPv6 address prefix of the second network device based on an association relationship between the network slice identifier and the IPv6 address prefix of the second network device. This helps implement a network slice and resource isolation in the SRv6. | 2021-03-18 |
20210084010 | SYSTEM AND METHOD FOR SECURELY INTERCONNECTING BRANCH NETWORKS TO ENTERPRISE NETWORK THROUGH TSPS - A system, a method, and a computer program are provided for securely connecting a main network to one or more subnetworks in an enterprise network through a group of enterprise routers has all data traffic routed between the main network and the subnetwork through an encrypted virtual private network (VPN) tunnel. The data traffic is monitored for a cyberthreat indication in the enterprise network, and any cyberthreat indication is has the cyberthreat remediated by modifying a policy in a firewall or one of the group of enterprise routers to stop routing exchange or cease encryption or transmission of data between the main network and the one or more subnetworks. In part, a key server and each router and the group of enterprise routers is configured with an Internet Protocol address, a group security association value, and a group profile which are employed by the technological solution for secure enterprise connectivity. | 2021-03-18 |
20210084011 | HARDWARE ACCELERATION DEVICE FOR STRING MATCHING AND RANGE COMPARISON - Systems and methods are described for providing effective hardware acceleration by performing a combination of string matching and range comparison. According to one embodiment, acceleration device of a host device associated with datacenter receives an input stream of information. The received information is matched with contents of a hash-based lookup table to identify one or more units, which satisfy at least one condition for any or a combination of a string match and a range comparison. The identified one or more units are correlated based on a set of conditions, which define at least one rule related to any of a network policy definition, a packet inspection rule, a database operation command or a format of the input stream. Any or a combination of exact string matching and exact range matching is then performed based on the at least one set of correlated units. | 2021-03-18 |
20210084012 | METHODS AND SYSTEMS OF AN AUTOMATIC CENTRALIZED FIREWALL FOR INDUSTRIAL IOT WAN FABRIC - In one aspect, a computerized method for implementing an automatic centralized firewall for industrial Internet of Things-based (IIOT) wide area network (WAN) fabric includes the step of providing an automatic centralized firewall in an IIOT-based WAN fabric. The method includes the step of strictly operating the automatic centralized firewall in a white-listed manner. The method includes the step of automatically discovering a set of subnet end points and a set of network address ranges for each network in the IIOT-based WAN fabric. The method includes the step of providing a set of flow rues at both ends of each machine network in the WAN fabric. | 2021-03-18 |
20210084013 | METHOD AND APPARATUS FOR AUTONOMOUS FIREWALL RULE MANAGEMENT - In accordance with an embodiment, described herein is a system and method for autonomous firewall rule management, for use with cloud computing environments or other types of network environments. A firewall rule management automation framework provides rule management for firewalls deployed across availability domains. The system is adapted to automatically determine firewalls that can receive network traffic from a given source subnet or destination subnet; configure the firewalls with required firewall rules; monitor the firewall rules through collection of metrics snapshots and rule hit counts; and purge underused or potentially obsolete firewall rules, for example those having zero hits over a particular period of time or number of snapshots. The system provide generic support for different types of firewall devices, and autonomous management of firewall rules within large heterogeneous computer networks that may include several types of firewalls. | 2021-03-18 |
20210084014 | VIRTUALIZED CENTRALIZED FIREWALL - This innovative apparatus and method called the Virtualized Centralized Firewall (VCF), with its hardware and software provides a means for Security and Firewall services at line speed for internet connections to several users, homes and enterprises at the same time from a centralized location like the ISP, Telephone Central office (for DSL), the Cable headend, 5G/LTE edge networks or similar locations. The resources in this VCF are shared by multiple users based on pre-subscribed bandwidth and types of security services. These services can be controlled by the end user by self-service or by the operator or a combination of both. This results in efficient usage of resources, lower cost (about 90% cost reduction) and more importantly provide a fast and efficient way to update the security profiles for virus scans and protect end users and IoT devices against new types of cyber-attacks. | 2021-03-18 |
20210084015 | SYSTEM AND METHOD TO LEVERAGE EDR, ECU, CAN AND OBD DATA FROM VEHICLES BY MEANS OF BLOCKCHAIN TECHNOLOGY - Systems and methods to retrieve, encrypt, and transmit control area network (CAN), event data recorder (EDR), engine control unit (ECU) and onboard diagnostics (OBD) data from vehicles such as automobiles and airplanes etc. is disclosed. The invention having, but not limited to, several main parts: a first part being a microcontroller having onboard memory, a second part being a connector that interfaces with a vehicle's existing CAN, EDR, ECU and OBD data, a third part being onboard software that encrypts said data to a blockchain within a vehicle, and a fourth part being multiple, wireless transmitters that send blockchain information to a cloud network. An object of the invention is to leverage and decentralize valuable telematic, CAN, EDR, ECU and OBD vehicle data for an array of stakeholders including dealers, insurers and consumers in a secure manner through the latest cryptography software. | 2021-03-18 |
20210084016 | SYSTEMS AND METHODS FOR CLIENT COLLABORATED MIGRATION OF LIVE TLS CONNECTION - Described is an improved approach to ensure high availability for established sessions (e.g., application layer sessions) over network connections that negotiates and renegotiates encryption keys (e.g., TLS/SSL) at clean boundaries to ensure in-transit data are properly handled during migration of an application (e.g., a reverse proxy server instance). Connected TCP sessions may be handed off to another application (e.g., from existing proxy server to new/upgraded proxy server) and after establishing a new TLS session with a new encryption key, data transfer may be resumed between a client and a server using the new/upgraded application in a client-server architecture. | 2021-03-18 |
20210084017 | SYSTEMS AND METHODS FOR SELECTING CRYPTOGRAPHIC SETTINGS BASED ON COMPUTING DEVICE LOCATION - Systems and methods for selecting cryptographic settings based on computing device location are disclosed. According to an aspect, a method includes determining a location of a client of a server. The method also includes selecting, at the server and based on the location of the client, one of several different cryptographic settings for communication with the client or data management. The method may also include implementing, at the server, the selected cryptographic setting. | 2021-03-18 |
20210084018 | APPLICATION PROGRAM AS KEY FOR AUTHORIZING ACCESS TO RESOURCES - In a networked environment, an application executed on a computing device may transmit a distribution rule associated with a resource. The distribution rule can require a key application to be enabled as hardware associated with a client device prior to access to a resource. The application may receive a request for access to the resource by the client device. In an instance in which it is determined that the client device complies with the distribution rule, the application may provide, to the client device, authorization to access the resource. | 2021-03-18 |
20210084019 | SECURED REST EXECUTION INSIDE HEADLESS WEB APPLICATION - A system and method for facilitating establishing a secure connection between a client application and a content provider. An example method includes employing a security gateway to authenticate a client for communications therewith; maintaining, for the client, security credentials for a data provider via a security configuration module, wherein the security credentials are associated with a description of data, which is associated with a data provider; using the gateway to determine which of the security credentials to use to fulfill the request message received by the security gateway from the client based on the request; and employing the selected security credentials to selectively retrieve data from and deliver the data to the client application. The example method may further include generating the request message when a User Interface (UI) control displayed in a UI display screen of a browser client is selected or activated. | 2021-03-18 |
20210084020 | SYSTEM AND METHOD FOR IDENTITY AND AUTHORIZATION MANAGEMENT - A system for identity and authorization management of users of remote applications on a computer network, the system including: an Identity, Application and role-aware enrichment module configured to determine and authenticate an identity of a user and issue an access token; an Identity, Application and Role-Aware enforcement module configured to determine access to at least one application and provide access to the user based on the access token; a database configured to store authorization roles associated with the identity of the user and the at least one application; and a database configured to store rules associated with the authorization roles. | 2021-03-18 |
20210084021 | ACCESS CONTROL SYSTEM - A device is described that includes a first microprocessor configured for interfacing with a digital access control backend, and a second microprocessor configured for dedicated communications with an access control manager device backend. The first microprocessor is a master device that controls the operation of the second microprocessor as a secondary device. The proposed device is configured for operation of the first microprocessor and the second microprocessor at low clock speeds and to maintain a hash segregation between locally received data sets and data sets transmitted to an external authentication system. | 2021-03-18 |
20210084022 | METHODS AND SYSTEMS FOR CONTROLLING ACCESS TO A PROTECTED RESOURCE - An electronic device is disclosed. The electronic device includes a memory, a camera module, a communications module, and a processor that is configured to: receive, from the camera module, image data associated with a machine-readable optical label, the optical label encoding transaction details of a transfer of data to a recipient account, wherein the transaction details do not indicate an identity of the recipient account; receive a user input indicating authorization to initiate a transfer of data, via a protected resource, from an account associated with the user to the recipient account; and in response to receiving the user input, generate a request for initiating the transfer of data based on the transaction details, the request including an access token for use in authenticating the user on requests to access the protected resource. | 2021-03-18 |
20210084023 | USING KEYS WITH TARGETED ACCESS TO THE BLOCKCHAIN TO VERIFY AND AUTHENTICATE IDENTITY - Systems and methods for accessing credentials from a blockchain are provided. A computing device requests for a server to process a transaction. In response to the request, the server transmits a server public key to the computing device. A key generator of the computing devices uses the user private key and the server public key to generate a user public key. The user public key includes permissions to access credentials that are stored on blockchain. The server receives the user public key and generates a request for credentials to blockchain. The request includes the user public key and the server private key. The blockchain receives the request and generates an identity token. The identity token includes credentials that are specified in the user public key. The blockchain transmits the identity token to the server and the server uses the identity token to processes the transaction. | 2021-03-18 |
20210084024 | SINGLE SIGN-ON AUTHENTICATION VIA MULTIPLE AUTHENTICATION OPTIONS - A hybrid authentication system, a method, and a non-transitory computer-readable medium for single-sign-on authentication is provided. The hybrid authentication system is communicatively coupled to a web application server and a public ledger. The hybrid authentication system receives a request from the web application server to access secure content on a resource server and controls display of a set of user-selectable options on a user interface of a user device based on the received request. The hybrid authentication system selects at least one authentication option from the displayed set of user-selectable options and authenticates the received request based on the selected at least one authentication option. The selection of the at least one authentication option is based on a user input over the displayed set of user-selectable options. | 2021-03-18 |
20210084025 | POLLING SERVICE - Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service. | 2021-03-18 |
20210084026 | AUTHENTICATION SERVICE - Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached. | 2021-03-18 |
20210084027 | A Digitally Certified Ecosystem - A digitally certified ecosystem includes a plurality of verifying entities and a plurality of verified entities, each verified entity verified according to at least one aspect of the entity by at least one of the verifying entities. The digitally certified ecosystem further includes an issuing system server which enables a secure communications mode on a website of a verified entity. | 2021-03-18 |
20210084028 | SYSTEMS AND METHODS FOR CREATING MULTI-APPLICANT ACCOUNT - Methods and systems for creating a multi-applicant account profile are described. During a first remote session, a first applicant provides at least two pieces of contact data for second applicant. A unique link and a one-time password are transmitted to the second applicant using respective first and second pieces of contact data. A second remote session is initiated, in response to receipt of the one-time password, provided via the unique link. During the second remote session, identification information of the second applicant is provided. A new multi-applicant account profile is then created, after verifying the identification information of the first applicant and the second applicant. | 2021-03-18 |
20210084029 | TECHNIQUES FOR REPEAT AUTHENTICATION - The invention provides an authentication technique that involves provision of a new authentication credential for each authentication attempt. The requestor of the new authentication credential is required to provide a previous authentication credential in order to successfully receive the new authentication credential. The previous authentication credential has however been de-authorised so it cannot be used to authenticate the requestor, only to successfully obtain a new authentication credential. The requestor then authenticates using the new authentication credential. The cycle is repeated for as many repeat authentication attempts as are made by the requestor. | 2021-03-18 |
20210084030 | ONE-TIME-PASSWORD GENERATED ON READER DEVICE USING KEY READ FROM PERSONAL SECURITY DEVICE - An authentication system is provided using one-time passwords (OTPs) for user authentication. An OTP key may be stored on a different device than the device on which the OTP is generated. In an embodiment, the system described herein enables a combined authentication system, including the two separate devices communicating over a non-contact interface, to provide advantageous security features compared to the use of a single device, such as a hardware OTP token. One device may be a personal security device and the other device may be a reader device coupled to a host device via which access is being controlled. | 2021-03-18 |
20210084031 | Multi-Tenant Identity Cloud Service with On-Premise Authentication Integration - Embodiments are directed to a multi-tenant cloud system. Embodiments receive a request for an authentication action for a user and create an authenticate target action. Embodiments register a cache listener to listen for a target action response that is responsive to the authenticate target action and initiate the authentication action for the user at an on-premise active directory (“AD”) via a bridge. Embodiments wait for a cache callback and, at the cache callback, receive a target action response comprising a result of the authentication action. | 2021-03-18 |
20210084032 | AUTHENTICATION FOR REQUESTS FROM THIRD-PARTY INTERFACES - Methods, systems, and apparatus, including computer-readable media, for authentication requests from third party interfaces. In some implementations, an information request is received to an information system from a computing system that provides a natural language interface, wherein the information request is associated with a user, and (ii) a token corresponding to the information request. In response to receiving the information request, a user data request and the token corresponding to the information request are sent for requesting user profile information for the user associated with the information request. A user identifier is extracted from user profile information received from the trusted profile provider system. A user identity is identified for the user based on a match between the extracted user identifier and a user identifier in a user registry associated with the information system. The information request is processed based on the identified user identity. | 2021-03-18 |
20210084033 | METHOD AND SYSTEM FOR INTEGRATING VOICE BIOMETRICS - Systems and methods for determining whether a voice biometrics credential provides a reliable mechanism for authenticating a user are provided. The method includes receiving at least one set of voice data from the user; determining, based on the received at least one set of voice data, a value of at least one parameter that corresponds to a user-specific voice biometrics credential; obtaining at least one user-specific item of information; accessing at least one business rule that relates to the user; and determining, based on the at least one set of voice data, the at least one user-specific item of information, and the at least one business rule, whether the user-specific voice biometrics credential is usable for authenticating the user. | 2021-03-18 |
20210084034 | CALLER AND RECIPIENT ALTERNATE CHANNEL IDENTITY CONFIRMATION - A system and method are disclosed that leverage multi-factor authentication features of a service provider and intelligent call routing to increase security and efficiency at a customer call center. Pre-authentication of customer support requests reduces the potential for misappropriation of sensitive customer data during call handling. A contactless card uniquely associated with a client may provide a second factor of authentication to reduce the potential for malicious third-party impersonation of the client. Pre-authorized customer support calls are intelligently and efficiently routed in a manner that reduces the opportunity for malicious call interference and information theft. | 2021-03-18 |
20210084035 | QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION - A method performed by a user device may include obtaining biometric information relating to a user of the user device using a biometric sensor of the user device; determining that the biometric information is valid; generating a biometric indicator indicating that the biometric information is valid; providing a request for a callback from an entity, wherein the request includes the biometric information indicating that the biometric information is valid; and receiving the callback from the entity, wherein the callback is received based on the biometric information indicating that the biometric information is valid, and wherein the callback is associated with an entity identifier that is not provided to the user. | 2021-03-18 |
20210084036 | Facial Profile Password to Modify User Account Data for Hands Free Transactions - An account management system establishes an account for a user. The user enters user account information into the account and the account management system establishes a facial template for the user based on an image of the face of the user. The user requests to change user account information at a merchant POS (POS) device. The merchant POS device captures a facial image of the user and transmits the image the account management system, which generates a facial template and compares the generated facial template against the existing facial template associated with user account. If the generated facial template is less than a threshold difference from the existing facial template, the user may update user account information at the merchant POS device, which communicates the updated user account information to the account management system. The account management system associates the updated user account information with the user account. | 2021-03-18 |
20210084037 | COMMUNICATION LINE MUTUAL AUTHENTICATION SYSTEM IN IP NETWORK - A system for determining whether spoofing occurs at an activating communication line under the condition that a connection by three-way handshake can be established between activating and activated communication lines regardless of the spoofing. Authentication units are arranged above communication terminal devices respectively. While a three-way handshake is executed once between the communication terminal devices, a three-way handshake is executed twice between the associated communication lines. One communication line activates the other communication line, and when a connection by a first three-way handshake is established between the communication lines, the connection is disconnected. Thereafter, it is determined at the activating communication line whether a SYN( | 2021-03-18 |
20210084038 | TRANSPARENTLY USING ORIGIN ISOLATION TO PROTECT ACCESS TOKENS - The disclosed technology teaches safely attaching an access token to a browser-based request from a first app loaded by a webpage, without exposing the token to malicious code loaded by the webpage, providing an identity proxy that transparently determines which network requests to relay and a secrets management proxy that provides access tokens transparently to the requests. The identity proxy intercepts an access request from the first app to the resource server and relays the request via the secrets management proxy, which forwards the request to the resource server with an access token, receives a response from the resource server and forwards the response to the identity proxy for return to the first app. The secrets management proxy is implemented in an iFrame that has isolated storage subject to a browser-enforced same origin policy that makes the isolated storage used by the iFrame inaccessible to malicious code on the webpage. | 2021-03-18 |
20210084039 | EVENT BASED TRANSFER OF DID DELEGATED AUTHORITY - Embodiments are related to computing systems and methods for event based transfer of DID delegated authority. An indication is received that a first DID user is attempting to use a delegated DID on behalf of a second DID user. The first DID user has previously been delegated authority to use the delegated DID by operation of a legal relationship or a legal agreement between the first and second DID users. A determination is made if an event has occurred that has changed the legal relationship or the legal agreement between the first and second DID users. If an event has occurred, the delegation of authority to use the delegated DID is automatically revoked such that the first DID user is no longer able to use the delegated DID. If an event has not occurred, the first DID user is allowed to continue to use the delegated DID. | 2021-03-18 |
20210084040 | AUTOMATIC REDUCTION OF PERMISSIONS FOR CLIENT APPLICATIONS - A least-privilege permission or permissions is automatically assigned to a client application in order to ensure that the client application is able to perform the bare minimum actions on a resource. The client application accesses the protected resource using a web API. The determination of the least-privilege permission(s) is based on actions previously performed on the resource by the client application. The identity provider monitors the actions performed on a resource by the client application and determines the bare minimum permission needed for the client application. | 2021-03-18 |
20210084041 | SYSTEMS AND METHODS FOR PROVIDING SECURITY VIA INTERACTIVE MEDIA - Methods and systems for providing security and verifying a human user and/or an authorized user are described. A system may include a processor and a non-transitory, processor-readable storage medium. The non-transitory, processor-readable storage medium may include one or more programming instructions that, when executed, cause the processor to receive a request to access a secured resource, provide a verification challenge to a user via a user interface, receive at least one input from the user in response to the verification challenge, and determine that the at least one input corresponds to at least one parameter indicative of a human user. The verification challenge may include a game. | 2021-03-18 |
20210084042 | MODIFYING MEMBERSHIP RIGHTS IN A DATA EXCHANGE - Systems and methods for managing membership in a private data exchange are provided herein. In one embodiment, the method comprises adding a new member to a data exchange, wherein the data exchange comprises a set of listings, each listing comprising data from one or more datasets stored on a cloud computing service. An account type is assigned to the new member, the account type comprising at least one of a consumer type, provider type, or exchange administrator type. Each of the account types associated with one or more rights with respect to the set of listings, such that the new member has a set of rights based on the account type. The set of rights of the new member are then modified with respect to one or more listings from the set of listings based on a set of visibility and access rules for each of the set of listings. | 2021-03-18 |
20210084043 | Data and Context Based Role Membership System - A data and context based role management system comprising: a community, the community including at least one data source having plural roles stored therein, the plural roles including an identity including at least one of a credential, a function, a capability, and a historic response data; a discovery module configured to identify an alert associated with an event requiring a response, the discovery module being further configured to search the community for a responder based on the event, wherein the discovery module is configured to compare a criteria based on the event to the identity associated with each of the plural roles to identify the responder; and when the responder is identified, the community promotes the responder to transform at least one device of the responder to provide at least access to data associated with the event. | 2021-03-18 |
20210084044 | RESOURCE-DRIVEN DYNAMIC AUTHORIZATION FRAMEWORK - Embodiments concern a dynamic authorization framework. Security Classification Process (SCP) is the process of classifying raw data, information extracted from raw data, content or code from security-value perspective. Security Achievability Determination Process (SADP) is a process based on a SV/SC that has been assigned, the RHE may determine the Security Requirements and how the security requirements may be achieved. During the Security Achievability Listing Process (SALP), the RHE uploads onto the Resource Listing Entity (RLE) the URI of the resource, the SAM associated with the resource and optionally a digital certificate associated with the resource. During the SAM Assessment Process (SAMAP) process, a Client evaluates the security mechanisms that must be carried out in order to meet the SAM that was provided as part of the Discovery Process (DP). Based on the SAM obtained from the RLE, the Client may initiate a Security Achievability Enabling Process (SAEP). The Client may be required to initiate an Authentication, Authorization, Payment and obtain an assertion of secure behavior from a Security-Achievability Enabler Function (SAEF), which may be a trusted third-party Function or Entity. | 2021-03-18 |
20210084045 | SYSTEM AND METHOD FOR FACILITATING USER INTERACTION WITH A SIMULATED OBJECT ASSOCIATED WITH A PHYSICAL LOCATION - Systems and methods for facilitating user interaction with a simulated object that is associated with a physical location in the real world environment is herein disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, of identifying the simulated object that is available for access based on location data. The location data can include a location of a device in a time period, the device for use by a user to access the simulated object. One embodiment includes, verifying an identity of the user; and in response to determining that the user is authorized to access the simulated object, providing the simulated object for presentation to the user via the device. | 2021-03-18 |
20210084046 | METHODS AND DEVICES FOR CONTROLLING A SMART DEVICE - The present application provides a method for controlling a smart device, in which a management device provides a user equipment with information on currently-controllable smart devices. Thus a user can learn actual situation of the currently-controllable smart devices through the user equipment so as to determine a target smart device and send an authorization request for the target smart device through the user equipment. Then the management device determines a control authority of the target smart device for the user equipment according to request parameters in the authorization request and provides customized allocation of a corresponding control authority of the target smart device to each user equipment, so that the user equipment can control the target smart device under the control authority. Thus control authorities for different user equipments is controlled flexibly, while an excessively broad control authority for a specific user equipment which affects security is avoided. | 2021-03-18 |
20210084047 | Dynamic Profile Control System - Systems for dynamic profile control are provided. A system may receive first check data that may include a number of checks written over a predetermined time period for an account, or the like. The first check data may be analyzed to determine a number of checks written in a predetermined time period and the volume or number may be compared to one or more thresholds or ranges. Based on the comparison, a first tier level may be identified for the account or the like. A profile record may be generated including a check profile that may include one or more parameters determined based on the identified first tier level. The system may then build the profile by adding checks or other documents to the profile upon determining that the checks or other documents meet predefined criteria. After a predetermined time period has expired, the system may process additional data to determine whether the identified tier level and associated parameters should be modified. | 2021-03-18 |
20210084048 | Cognitive Access Control Policy Management in a Multi-Cluster Container Orchestration Environment - Dynamically enforcing access control policies unique to respective users in a multi-cluster container orchestration environment is provided. Resource-permission-role mappings are generated for users in the multi-cluster container orchestration environment based on preset access control criteria. Dynamic access control criteria are learned from the multi-cluster container orchestration environment over time. The resource-permission-role mappings for the users in the multi-cluster container orchestration environment are updated based on the dynamic access control criteria learned from the multi-cluster container orchestration environment over time. The resource-permission-role mappings are enforced to respective users in the multi-cluster container orchestration environment in response to receiving corresponding user resource access requests. | 2021-03-18 |
20210084049 | SCORE BASED PERMISSION SYSTEM - One or more files are determined. Each file of the one or more files has a score threshold for access. One or more users are determined. Each user of the one or more users has a score for each file of the one or more files. An access request from a user of the one or more users is received. The request is for the user to access a file of the one or more files. The score for the file for the user is compared to the score threshold for access for the file. | 2021-03-18 |
20210084050 | DATA CLASSIFICATION OF COLUMNS FOR WEB REPORTS AND WIDGETS - A method of restricting data through a data source connection with a web application, including applying a data classification to each data column of the data source, wherein the application of each data classification is based on a data set in a data file or data column in a database not supported by the data classification. | 2021-03-18 |
20210084051 | OPERATOR ACTION AUTHENTICATION IN AN INDUSTRIAL CONTROL SYSTEM - Operator actions and/or other commands or requests are secured via an authentication path from an action originator to a communications/control module or any other industrial element/controller. In implementations, an industrial control system includes an action authenticator configured to sign an action request generated by the action originator. The destination communications/control module or any other industrial element/controller is configured to receive the signed action request, verify the authenticity of the signed action request, and perform a requested action when the authenticity of the signed action request is verified. | 2021-03-18 |
20210084052 | IDENTITY VERIFICATION AND LOGIN METHODS, APPARATUSES, AND COMPUTER DEVICES - A login method includes: after a login process of a service apparatus is triggered, acquiring verification information of a target primary account, and sending the verification information to an identity management apparatus; after receiving the verification information by the identity management apparatus, performing identity verification on the target primary account by using an identification information set of a registered primary account, and after the identity verification is passed, acquiring login information of at least one sub-account associated for the service apparatus in advance with the target primary account and sending the login information to the service apparatus; and determining, by the service apparatus, a target sub-account based on the login information and logging in to a server side. | 2021-03-18 |
20210084053 | Using a Story When Generating Inferences Using an Adaptive Trust Profile - A system, method, and computer-readable medium are disclosed for monitoring actions of an entity. In various embodiments the monitoring includes: monitoring a plurality of electronically-observable actions of the entity, the plurality of electronically-observable actions of the entity corresponding to a plurality of events enacted by the entity; associating the plurality of events enacted by the entity with a story; and, using the story to derive an inference regarding the entity. | 2021-03-18 |
20210084054 | SIMULATING USER INTERACTIONS FOR MALWARE ANALYSIS - Simulating user interactions during dynamic analysis of a sample is disclosed. A sample is received for analysis. Prior to execution of the sample, a baseline screenshot of a desktop is generated by accessing frame buffer data stored on a graphics card. The sample is caused to execute, at least in part using one or more hypervisor instructions to move a pointing device to an icon associated with the sample. A current screenshot of the desktop is generated by accessing current frame buffer data stored on the graphics card. | 2021-03-18 |
20210084055 | RESTRICTED WEB BROWSER MODE FOR SUSPICIOUS WEBSITES - A method of restricting presentation of known or suspected malicious content in a web browser comprises receiving a request for web content, and determining whether the web content contains known or suspected malicious content. If the requested web content contains known or suspected malicious web content, the requested web content is displayed in a restricted browsing mode that restricts or blocks presentation of one or more elements of the known or suspected malicious content in the requested content. | 2021-03-18 |
20210084056 | REPLACING VIRTUAL SENSORS WITH PHYSICAL DATA AFTER CYBER-ATTACK NEUTRALIZATION - An industrial asset may have a plurality of monitoring nodes, each monitoring node generating a series of monitoring node values over time representing current operation of the industrial asset. An abnormality detection computer may determine that an abnormal monitoring node is currently being attacked or experiencing a fault. Responsive to an indication that a monitoring node is currently being attacked or experiencing a fault, the system may automatically replace monitoring node values from the at least one abnormal monitoring node currently being attacked or experiencing a fault with virtual node values. The system may also determine when the abnormal monitoring node or nodes will switch from the virtual node values back to monitoring node values. | 2021-03-18 |
20210084057 | SYSTEM AND METHOD FOR A VENDOR RISK MANAGEMENT PLATFORM - A risk management platform may have a risk management server and a client portal. The client portal can be configured to: receive security data relating to a client system; anonymize the security data; and transmit the security data to the risk management server along with a unique key linked the client system. The security data the risk management server can be configured to: identify the client system using the unique key; generate a score as a security assessment of the client system using a plurality of rules to evaluate the security data; detect a security threat relevant to the client system by processing real-time data feeds; generate an alert for the security threat to the client system; monitor the client portal for a response to the alert by the client system; and update the score in response to the alert or the response. | 2021-03-18 |
20210084058 | MACHINE LEARNING BASED INTRUSION DETECTION SYSTEM FOR MISSION CRITICAL SYSTEMS - The present invention is generally directed to the detection of an intrusion event in a computer network and a control network. More particularly, the present invention provides a system, framework, architecture, etc. for intrusion detection functions for network elements and control elements used in high demand and/or mission critical environments, including, but not limited to, power stations, sub-stations, intelligent transportation systems (ITS), rail, traffic control systems, chemical, oil & gas, critical manufacturing, and industrial applications. | 2021-03-18 |
20210084059 | ASSESSING TECHNICAL RISK IN INFORMATION TECHNOLOGY SERVICE MANAGEMENT USING VISUAL PATTERN RECOGNITION - A computer system, non-transitory computer storage medium, and a computer-implemented method of assessing technical risk using visual pattern recognition in an Information Technology (IT) Service Management System. A data visualization engine and a time series generation engine receive the operational data, respectively. A first representation of the data is generated by the data visualization engine, and a second representation of the data is generated by the time series generation engine. Anomaly patterns are identified by a pattern recognition engine configured to perform feature extraction and data transformation. An ensembler is configured to accept the outputs from two AI anomaly engines and make a final decision of whether anomaly patterns are captured. Risk scores based on the identified anomaly patterns are output by a pattern recognition engine to an automated management system. The anomalies includes information regarding vulnerabilities of devices or components of the IT Service Management System. | 2021-03-18 |
20210084060 | CRYPTOCURRENCY MINING DETECTION USING NETWORK TRAFFIC - A method of identifying cryptocurrency mining on a networked computerized device includes intercepting network traffic between the networked computerized device and a public network, and extracting Internet Protocol (IP) packet data of the intercepted network traffic. The IP packet data of the intercepted network traffic is evaluated such that if the intercepted network traffic is determined to be characteristic of communication with a cryptocurrency mining pool it is determined that the networked computerized device is mining cryptocurrency. One or more remedial actions are taken if it is determined that the networked computerized device is mining cryptocurrency, such as blocking traffic between the networked computerized device and the mining pool or notifying a user. | 2021-03-18 |
20210084061 | BIO-INSPIRED AGILE CYBER-SECURITY ASSURANCE FRAMEWORK - A framework for efficiently and automatically exploring a data network and accurately identifying network threats, which comprises a plurality of software and hardware-based agents, distributed over the data network. The agents are capable of adjusting or reconfiguring, on the fly, the behavior of the agents and their ability to collect data in a targeted manner, so as to investigate suspicious incidents and alerts and collect data that was not yet collected by the system; collecting forensic data by executing tasks defined in workflows, being distributed threat intercepting programs and reporting about the collected forensic data, back to a Central Control Unit (C&C). Distributed threat intercepting programs (“workflows”) are used to provide instructions to agents, to perform branching and provide instructions to the Central Control Unit (C&C), which orchestrates the agents to assure proper execution of the workflows; analyzes the collected information and presents ongoing status to an operator supervising the data network. | 2021-03-18 |
20210084062 | Method and Apparatus for Network Fraud Detection and Remediation Through Analytics - A system and method for assessing the identity fraud risk of an entity's (a user's, computer process's, or device's) behavior within a computer network and then to take appropriate action. The system uses real-time machine learning for its assessment. It records the entity's log-in behavior (conditions at log-in) and behavior once logged in to create an entity profile that helps identify behavior patterns. The system compares new entity behavior with the entity profile to determine a risk score and a confidence level for the behavior. If the risk score and confidence level indicate a credible identity fraud risk at log-in, the system can require more factors of authentication before log-in succeeds. If the system detects risky behavior after log-in, it can take remedial action such as ending the entity's session, curtailing the entity's privileges, or notifying a human administrator. | 2021-03-18 |
20210084063 | INSIDER THREAT MANAGEMENT - A method is provided. The method includes receiving information about user data and user behavior relating to a user, where the information is derived at least in part from a human resources database. The method includes applying analytics to the received information. The method includes, as a result of applying analytics to the received information, generating a threat score for the user. | 2021-03-18 |
20210084064 | SYSTEMS AND METHODS OF INTELLIGENT AND DIRECTED DYNAMIC APPLICATION SECURITY TESTING - Disclosed are systems, methods and computer readable mediums for intelligent and directed dynamic application security testing. The systems, methods and computer-readable mediums can be configured to receive an attack location and an attack type for a web-application, transmit the attack location and attack type to a ID-DAST platform, receive from the ID-DAST platform a payload, attack the web-application using the payload, and receive results of the attack. | 2021-03-18 |
20210084065 | SYSTEMS AND METHODS FOR AN ARTIFICIAL INTELLIGENCE DRIVEN AGENT - A system and method is described that sends multiple simulated phishing emails, text messages, and/or phone calls (e.g., via VoIP) varying the quantity, frequency, type, sophistication, and combination using machine learning algorithms or other forms of artificial intelligence. In some implementations, some or all messages (email, text messages, VoIP calls) in a campaign after the first simulated phishing email, text message, or call may be used to direct the user to open the first simulated phishing email or text message, or to open the latest simulated phishing email or text message. In some implementations, simulated phishing emails, text messages, or phone calls of a campaign may be intended to lure the user to perform a different requested action, such as selecting a hyperlink in an email or text message, or returning a voice call. | 2021-03-18 |
20210084066 | IDENTIFYING AUTOMATED RESPONSE ACTIONS BASED ON ASSET CLASSIFICATION - Systems, methods, and software described herein provide for responding to security threats in a computing environment based on the classification of computing assets in the environment. In one example, a method of operating an advisement computing system includes identifying a security threat for an asset in the computing environment, and identifying a classification for the asset in relation to other assets within the computing environment. The method further provides determining a rule set for the security threat based on the classification for the asset and initiating a response to the security threat based on the rule set. | 2021-03-18 |
20210084067 | SCALABLE DDOS SCRUBBING ARCHITECTURE IN A TELECOMMUNICATIONS NETWORK - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for an orchestrator device associated with a scrubbing environment of a telecommunications network that receives one or more announced routing protocol advertisements from a customer device under an attack. In response to receiving the announcement, the orchestrator may configure one or more scrubbing devices of the network to begin providing the scrubbing service to packets matching the received routing announcement. A scrubbing service state for the customer may also be obtained or determined by the orchestrator. With the received route announcement and the customer profile and state information, the orchestrator may provide instructions to configure the scrubbing devices of the network based on the received information to dynamically automate scrubbing techniques without the need for a network administrator to manually configure the scrubbing environment or devices. | 2021-03-18 |
20210084068 | DISTRIBUTED DENIAL-OF-SERVICE MITIGATION - The techniques described in this disclosure provide resilient and reactive on-demand Distributed Denial-of-Service (DDoS) mitigation services using an exchange. For example, an exchange comprises a first virtual network for switching mixed traffic (including dirty (DDoS) traffic and clean (non-DDoS) traffic)) from one or more networks to one or more DDoS scrubbing centers; and a second virtual network for switching the clean traffic from the one or more DDoS scrubbing centers to the one or more networks, wherein the exchange is configured to receive the mixed traffic from the one or more networks and switch, using the first virtual network, the mixed traffic to a selected DDoS scrubbing center of the one or more DDoS scrubbing centers, and wherein the exchange is configured to receive the clean traffic from the selected DDoS scrubbing center and switch, using the second virtual network, the clean traffic to the one or more networks. | 2021-03-18 |