13th week of 2016 patent applcation highlights part 58 |
Patent application number | Title | Published |
20160094495 | METHODS AND SYSTEMS FOR OBSCURING TEXT IN A CONVERSATION - A method at a first electronic device with a display and an input device includes: receiving a message from a second electronic device, the message comprising a first text and a text effect applied to the message; displaying a first representation of the message in accordance with the text effect; receiving a user input with respect to the first representation; and in response to the user input with respect to the first representation, displaying a second representation of the message in accordance with the text effect. | 2016-03-31 |
20160094496 | Devices for Instant Message Client Swap - This innovation relates to client devices to allow a single user to swap between devices in real-time within the same instant message session. | 2016-03-31 |
20160094497 | BUILDING MESSAGE RELATIONSHIPS FOR OFFLINE OPERATION OF AN ENTERPRISE APPLICATION - A system, method, and computer program product for building JSON message relationships for offline operation of an enterprise application is presented. The claimed embodiments address the problem of mobile application behavior during periods of limited access to backend application services and data. More specifically, some embodiments are directed to approaches for capturing request and response information communicated between a client device and application server when connected by a network, and storing respective relationships using the captured information. The stored requests and responses and respective relationships are used to emulate the backend services provided by the application server when the client device is disconnected from the network. In one or more embodiments, a crawler on the client device can generate simulated online requests to build a set of information for use by the emulator when the client device is disconnected from the application server. | 2016-03-31 |
20160094498 | SYSTEM AND METHOD FOR JMS INTEGRATION IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, a system and method provides a messaging service in a multitenant application server environment. Deployable resources are usable within the multitenant application server environment and groupings of resources are defined by resource group templates within a domain. One or more partitions are provided, with each partition providing an administrative and runtime subdivision of the domain that can be associated with a tenant. Java message service (JMS) resources are defined within a resource group template or a resource group, and instantiated within a partition to enable messaging for applications deployed within the partition and between partitions. Integrating JMS in a multitenant application server environment further includes a foreign JMS server feature which maps remotely hosted JMS connection factories and JMS destinations into a local partition's JNDI, so that bridges and applications in turn gain access to these resources by looking them up in this name-space. | 2016-03-31 |
20160094499 | TREATMENT OF CLOUD-BASED AND LOCAL ATTACHMENTS IN COMMUNICATION APPLICATIONS - Users of communication applications may be enabled to select from a user-friendly and efficiently provided list of files that may be of interest to them to attach to a correspondence and send to one or more recipients. For example, the communication application may retrieve information from one or more application programming interfaces (APIs) associated with applications of the user to determine the list of files. The files may be local files or cloud-based files, and a variety of criteria may be used to determine, group, and present the files to the user for selection. Once selected by the user, the files or links to cloud destinations of the files may be attached to the correspondence, where the files or links may be displayed in an attachment well or a body of the correspondence. Permissions associated with the attachments may be set by default, by user configuration, and/or modified by user. | 2016-03-31 |
20160094500 | CONTEXT-BASED AUTOMATED/INTELLIGENT CONTENT MANAGEMENT - Methods and systems to predictively determine to perform a computing activity based on contextual information. Context-based criteria are defined based relationships between user-computing activity and contextual information, and are evaluated based on updated contextual information to determine whether to perform the computing activity. Context-based criteria may be defined to predictively identify content to be transferred/synchronized/updated and/or deleted, and/or to select one or more of multiple devices to receive content. Content may be selectively synchronized across devices of a user and/or shared with another user(s). Context-based criteria may relate to, without limitation, location, activity, computer-usage patterns, motion, and/or schedule of a user, device location, user/device proximity, relationships amongst content, users, and/or devices. Context-based computing environment parameters may be provided to pre-loaded content on device (e.g., store, open, and/or configure an operating system, application, and/or resource), with little or no user interaction. | 2016-03-31 |
20160094501 | METHOD, SYSTEM AND RECORDING MEDIUM FOR PROVIDING VIDEO CONTENTS IN SOCIAL PLATFORM AND FILE DISTRIBUTION SYSTEM - A contents providing system for providing video contents through a social service includes a memory storing computer-readable instructions; and one or more processors configured to execute the instructions to, manage information on a social network between users of the social service; and provide a together-watching function if at least one conversation partner is selected from a list of different persons related to a user according to the social network, wherein the together-watching function is a function that provides simultaneous display of a conversation screen with the at least one conversation partner and a video reproduction screen in which the video contents are reproduced. | 2016-03-31 |
20160094502 | SERVICE COMPATIBILITY CHECK FOR MESSAGES - Systems, apparatuses, and methods are provided that can reduce problems associated with updates of various applications on various devices, including addition of new services for communicating with another device. A compatibility version (e.g., a minimum compatibility) for a first communication service on a first device can be checked against a compatibility version for communication service on a second device. A comparison of the compatibility versions can determine whether a message can be sent using the first communication service to the second device. | 2016-03-31 |
20160094503 | System and Method for Controlling a Virtual Environment of a User - A method and a system for controlling a virtual environment of a user, e.g., a child is provided. In the virtual environment, users are able to interact with other users using messages. Each message is made up of one or more items contained in a dictionary. Information is transmitted, e.g., by email, to an agent, e.g., a parent. The transmitted information is information that may be used to authorize the agent to control the virtual environment of the user. The virtual environment of the user is controlled by setting a level of interaction at which the user is permitted to interact with others. The messages may include pre-written messages and messages composed by a user using items contained in the dictionary. A message checker bars unsuitable combinations made up of items contained in the dictionary. Inappropriate language and personally identifiable information may be excluded from the contents of the messages. | 2016-03-31 |
20160094504 | Session History Horizon Control - Session history horizon control techniques are described in which participants in a communication session are able to selectively control how much history of the communication session is shown to individuals added into the session. A representation of a session record (e.g., a message thread) may be exposed for rendering by communication modules used by participants for the communication session. Responsive to addition of participants, the communication module(s) may be configured to expose a history control element in conjunction with the session record to enable control over portions of the session record exposed to people added into the session. The history control element for a particular participant is configured to visually identify portions within the session record that are accessible to the particular participant. The history control element may also be positioned in different locations in the session record to modify exposure of the messages to the particular participant. | 2016-03-31 |
20160094505 | MESSAGE HISTORY DISPLAY SYSTEM AND METHOD - A technique for message history display includes combining message histories for multiple different messaging services. A system constructed according to the technique may include, for example, a message history database; a history aggregation engine that aggregates message logs for storage in the message history database; and a history provisioning engine that provides an aggregated message log associated with the user from the message history database to a requesting device. A method according to the technique may include, for example, identifying a device in association with a user profile; providing an online platform that receives messages from and sends messages to the device; and creating an aggregated log from messages sent to and from the device. | 2016-03-31 |
20160094506 | INTERACTIVE SOCIAL MEDIA ACCESS TO DATA SYSTEMS - Provided are techniques for interactive social media access to data systems. A social media gateway interface with adapters for each of multiple social media applications is provided. An event is published from a data system to at least one of the multiple social media applications. A social media bot is created to represent the data system. The social media bot and one of the adapters are used to enable the data system to interact with at least one of the multiple social media applications. | 2016-03-31 |
20160094507 | SOCIAL MEDIA BOT TO REPRESENTATIONAL STATE TRANSFER (REST) PROXY FOR DATA SYSTEMS - Provided are techniques for social media bot to Representational State Transfer (REST) proxy for data systems. An adapter for a social media application and message to Representational State Transfer (REST) mappings are provided. A social media bot is created to represent a data system component. The social media bot and the adapter are used to enable the data system component to interact with the social media application by using the message to REST mappings to map social media messages for the social media application and REST calls that are used to access the data system component. | 2016-03-31 |
20160094508 | POSTING CONTENT TO SOCIAL MEDIUM - A computer-implemented method of posting content to a social medium comprises receiving content posted by a user along with an associated posting time which indicates when the user selected an option to post the content to the social medium; determining that publication of the content posted by the user is dependent on a trigger; and in response to determining that publication of the content is dependent on the trigger, storing the content with the associated posting time and suspending publication of the content until the trigger is satisfied such that the posting time published with the content indicates a time prior to transmission of the content from an electronic device to a server for publishing. | 2016-03-31 |
20160094509 | METHOD AND SYSTEM FOR PRESENTING A LISTING OF MESSAGE LOGS - A computing device with processor(s) and memory obtains user-specific models corresponding to a user of the computing device, where the user-specific models are configured to determine respective listing priorities for message logs based on a respective set of parameters generated based at least in part on previous behavioral data corresponding to the user. The computing device obtains a request from the user to display a listing of message logs with message logs of at least two distinct message types. In response to obtaining the request, the computing device: determines listing priorities for the message logs in the listing of message logs according to user-specific models corresponding to the least two distinct message types; determines a presentation order for the listing of message logs based on the determined listing priorities and a prioritization preference of the user; and presents the listing of message logs in the determined presentation order. | 2016-03-31 |
20160094510 | SYSTEM AND METHOD FOR MESSAGING IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, a system and method provides a messaging service in a multitenant application server environment. Deployable resources are usable within the multitenant application server environment and groupings of resources are defined by resource group templates within a domain. One or more partitions are provided, with each partition providing an administrative and runtime subdivision of the domain that can be associated with a tenant. Java message service (JMS) resources are defined within a resource group template or a resource group, and instantiated within a partition from the one or more partitions to enable messaging for applications deployed within the partition and between the one or more partition. | 2016-03-31 |
20160094511 | METHOD, DEVICE, COMPUTER STORAGE MEDIUM, AND APPARATUS FOR PROVIDING CANDIDATE WORDS - A method, device, computer storage medium, and apparatus for providing candidate words. The method comprises steps of: detecting user input; determining whether the current application environment is an information exchange application if user input is detected; determining an identifier of the communication counterpart in communication with the user if it is determined that the current application environment is an information exchange application; determining, based on the determined identifier of the communication counterpart, the social relationship between the user and the communication counterpart according to a social relationship automatic determination model, which is a model for determining the social relationship between the user and the communication counterpart; determining, based on a social relationship correction mapping table, whether the user input matches the determined social relationship, wherein the social relationship correction mapping table provides, based on the determined social relationship, correction candidate words corresponding to the social relationship; providing, based on the social relationship correction mapping table, correction candidates the determined social relationship if it is determined that the user input does not match the social relationship. | 2016-03-31 |
20160094512 | INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - An information processing apparatus determines, when a data transmission is executed, whether or not a host name designated as a destination of the data transmission is set to a terminal list indicating an external terminal that is permitted as a data transmission destination, and if a result of the determination is that the host name is set to the terminal list, permits data transmission irrespective of whether or not an IP address corresponding to the host name is set to the terminal list; and executes data transmission if data transmission is permitted. | 2016-03-31 |
20160094513 | USE OF PACKET HEADER EXTENSION FOR LAYER-3 DIRECT SERVER RETURN - A method for performing Layer 3 direct server return is disclosed. The method comprises receiving an IP packet from a client device over a communication network. Further, the method comprises extracting a virtual IP address from a destination header field of the IP packet. Subsequently, the method comprises determining a server to which to forward the IP packet and inserting an IP address of the server in the destination header field of the IP packet. Next, the method comprises inserting the virtual IP address in an extension header for the IP packet. Finally, in one embodiment, the method comprises transmitting the IP packet to the server over the communication network. | 2016-03-31 |
20160094514 | Translating Network Attributes of Packets in a Multi-Tenant Environment - A method of translating network attributes of packets in a multi-tenant environment, and an appliance and a program product implementing the method. The method comprises the following steps: receiving a packet from a multi-tenant environment; referring to the information of tenants, translating a selected network attribute of the packet into a unique identity representing the packet in the multi-tenant environment; and forwarding the translated packet including the unique identity. | 2016-03-31 |
20160094515 | MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER - Systems and methods are described for a mobile hotspot that can be managed from an access controller. According to an embodiment, a mobile establishes a wide area network (WAN) connection through a wireless WAN module and establishes a wireless local area network (WLAN) connection with a wireless fidelity (WiFi)-enabled device using a first wireless access point (AP) profile, wherein the first AP profile is also used for multiple APs of an enterprise that are controlled by an access controller (AC). The mobile hotspot sets up a secure tunnel with the AC through the WAN connection. After receiving WLAN traffic from the WiFi-enabled device through the WLAN connection, the WLAN traffic is transmitted to the AC through the secure tunnel. | 2016-03-31 |
20160094516 | HIGH AVAILABILITY SECURITY DEVICE - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for processing a first plurality of packets using one or more processors and maintaining one or more flow records associated with the first plurality of packets, and processing a second plurality of packets without maintaining flow records associated with the second plurality of packets and allowing the second plurality of packets to pass to one or more destinations. | 2016-03-31 |
20160094517 | APPARATUS AND METHOD FOR BLOCKING ABNORMAL COMMUNICATION - An apparatus and method for blocking abnormal communication are disclosed herein. The apparatus for blocking abnormal communication includes a packet collection unit, a packet analysis unit, and an access control unit. The packet collection unit collects a packet via a network device. The packet analysis unit generates a system rule, a communication flow rule, and a packet characteristic rule based on the packet from the packet collection unit. The access control unit determines whether to block the packet by determining whether the packet from the packet collection unit satisfies the system rule, the communication flow rule and the packet characteristic rule. | 2016-03-31 |
20160094518 | METHOD TO ENABLE DEEP PACKET INSPECTION (DPI) IN OPENFLOW-BASED SOFTWARE DEFINED NETWORK (SDN) - The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol. | 2016-03-31 |
20160094519 | DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES - Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network I/O device of a network security device for each of multiple I/O device queues based on network security functionality performed by corresponding CPUs of a host processor. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the network I/O device. Information associated with the packet is queued onto an I/O device queue. The information is then transferred from the I/O device queue to a host memory of the network security device. Based on the control settings for the I/O device queue only those portions of the information corresponding to the one or more specified portions are copied to the cache of the corresponding CPU. | 2016-03-31 |
20160094520 | NETWORK GATEWAY APPARATUS - A network gateway apparatus which adds encryption to easily implement secure communication without affecting network environment settings includes two network interface cards to communicate on two networks. The processor of the network gateway apparatus initializes communications through the network interface cards and uses a TCP/IP protocol stack to communicate through the network interface cards. When a packet is received by one of the network interface cards, the processor replaces the origin MAC and IP addresses and the destination MAC and IP addresses with temporary values. Then the processor encrypts the payload. The packet is sent to the TCP/IP protocol stack, which sends the packet to one of the two network interface cards according to the temporary values. The MAC an IP addresses of the final destination of the packet are rewritten to the packet and the packet is transmitted. | 2016-03-31 |
20160094521 | DATA ENCRYPTION, TRANSPORT, AND STORAGE SERVICE FOR CARRIER-GRADE NETWORKS - A method, a system, and a non-transitory storage medium for storing user preferences pertaining to a data encryption service that provides on-demand encryption for data in-flight and at rest; receiving data from a user device; determining whether to invoke the data encryption service based on the data and the user preferences; generating a key to encrypt the data based on determining that the data encryption service is to be invoked; generating a first message that includes the data, the key, and data indicating where encrypted data is to be stored; establishing a secure connection with a device; and transmitting the first message to the device via the secure connection. | 2016-03-31 |
20160094522 | SECURING RELAYED EMAIL COMMUNICATION - Disclosed are systems and methods that facilitate encryption of email messages that are transported between mail servers. In some cases, email messages may be relayed through relay mail servers as well. An email message can be encrypted using a public key that corresponds to an organization associated with the recipient rather than a public key associated with the particular recipient. The email message can then be decrypted by the recipient mail server and deposited into a mailbox of the recipient. | 2016-03-31 |
20160094523 | MULTI-NODE ENCRYPTION - For multi-node encryption, a method generates an upstream node nonce from communication data exchanged with an upstream node. In addition, the method generates a first upstream message transformation as a function of the upstream node nonce. The method further generates a tunnel transformation as a function of previous upstream message transformations and the first upstream message transformation. | 2016-03-31 |
20160094524 | LINGUAL TRANSFORMATION BASED ENCRYPTION - For lingual transformation-based encryption, a method parses a secure message into lingual units. The method further generates a validation nonce from the lingual units. In addition, the method generates a transform unit for each lingual unit by applying a lingual message transformation to each lingual unit as an encryption function of a selection rule. | 2016-03-31 |
20160094525 | INFORMATION INTERACTION METHODS AND DEVICES - An information interaction method and device are provided. In the method, the device establishes a connection with a wearable device. The device sends information to be interacted corresponding to a logged-in ID to the wearable device via the connection. The device receives a first encrypted result returned by the wearable device. The device generates a first verifying factor corresponding to the first encrypted result with a predetermined algorithm. The device sends the information to be interacted and the first verifying factor in an associated manner to a server. The device receives a message indicating that an interaction is finished, where the message is sent if the server determines that a second verifying factor generated with the predetermined algorithm and corresponding to a second encrypted result matches the first verifying factor. The second encrypted result is obtained by encrypting the information to be interacted by the server with the pre-stored encryption key. | 2016-03-31 |
20160094526 | SECURITY CONTROL OF ON-BOARD ENCRYPTION PROCESSOR - A communication and security device for a portable computer having an interface for connecting the security device to a host device to enable the security device to control encryption and decryption of data communication between a processor of the host device and a data storage of the host device. Examples include a security device with data storage for storing an encryption key for the encryption and decryption of the data communication, a security processor coupled to the interface and to the data storage for controlling the data communication by use of the encryption key, and a wide area communication interface configured for secure communication with a remote device. The security processor may be configured to control the data communication between the processor of the host device and the data storage of the host device based on the secure communication. | 2016-03-31 |
20160094527 | METHODS AND SYSTEMS FOR AUTHORIZING AND DEAUTHORIZING A COMPUTER LICENSE - A system and method of deauthorizing a computer-based licensed product. During the deauthorization process, an end user device transmits an encrypted character string (i.e., the Proof Of Removal Code), including a Transaction ID, to a licensing authority. The licensing authority receives the Proof Of Removal Code from the end user device and decrypts the Transaction ID using a decryption key associated with a product for which the end user is seeking deauthorization. The licensing authority compares Transaction IDs and produces a Deauthorization number, which is sent to the end user device. Each product is associated with a different decryption key resulting in a different Deauthorization number being produced for each product based on the same Transaction ID. Thus, the same identical Transaction ID can be decrypted into as many different Deauthorization numbers as there are products. | 2016-03-31 |
20160094528 | Authenticating Redirection Service - A redirection service may receive a destination URI plus a set of conditions for reaching the URI. The conditions may include authentication conditions. The service may generate an intermediate URI which may direct to an intermediate service. The intermediate service may execute the various conditions, then redirect to the destination URI. In some cases, the intermediate service may pass data to the destination URI, and such data may include data gathered while executing the various conditions. The intermediate service may accessed through an Application Programming Interface (API). An example use scenario for the redirection service may be to generate publically publishable URIs for a private chat service, where an intermediate URI may be generated for a specific user or group of users, and may permit only those users to access a private chat room through the publically available URI. | 2016-03-31 |
20160094529 | Identifying Related User Accounts Based on Authentication Data - In some embodiments, upon detecting malicious activity associated with a user account, a content management system can identify other user accounts related to the malicious user account. The content management system can identify related user accounts by comparing authentication information collected for the malicious user account with authentication information collected for other user accounts. Authentication information can include IP address information, geographic information, device type, browser type, email addresses, and/or referral information, for example. The content management system can compare the content items associated with the malicious user account to content items associated with other user accounts to determine relatedness or maliciousness. After identifying related malicious user accounts, the content management system can block all related malicious user accounts. | 2016-03-31 |
20160094530 | AUTHORIZATION BASED ON ACCESS TOKEN - A mobile device may include an authenticator and a processor. The authenticator may generate an authorization request with a secure token to access a server. The processor may access the server using an authorization token, if the authenticator receives the authorization token in response to the authorization request. The authenticator may embed the authorization request with a plurality of parameters to allow the server to determine, based upon at least one of the plurality of parameters, if the authorization token should be given to the mobile device. | 2016-03-31 |
20160094531 | CHALLENGE-BASED AUTHENTICATION FOR RESOURCE ACCESS - Examples of the present disclosure describe systems and methods for authentication by an authentication component when a client attempts to access a secured resource(s). As an example, an access request is received from a client at an authentication component. The authentication component generates an authentication challenge including criteria to assist the client in selecting an appropriate authentication credential, a request for proof of possession of the authentication credential, and challenge-specific data for the client to return in a challenge response. A challenge response is received from the client. The authentication component evaluates the challenge response and determines whether to authenticate the client for access to a resource based on the evaluated challenge response. Other examples are also described. | 2016-03-31 |
20160094532 | METHOD AND SYSTEM FOR COMMUNICATION CONTROL - The present disclosure relates to a method for communication control, comprising: receiving, from a second user, a request for communicating with a first user, the request including a first identification specific to the first user, the first identification being different from an account used by the first user in the communication; determining, based on a communication mapping associated with the first user, whether the second user is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized users allowed to communicate with the first user and respective identifications allowed to be used by the authorized users; and obtaining, in response to determining that the second user is allowed to communicate with the first user using the first identification, the account used by the first user in the communication to initiate the communication with the first user. | 2016-03-31 |
20160094533 | AUTHENTICATION OF A SECURE ELECTRONIC DEVICE FROM A NON-SECURE ELECTRONIC DEVICE - The application relates in particular to a method for authentication of a secure electronic device (BNK_SRV) from a non-secured electronic device (PC, SP) comprising an input peripheral (KBD, MS, TS, CAM), an output peripheral (SCR, SPK, PRN) and a secure electronic circuit (TPM). | 2016-03-31 |
20160094534 | SERVICE PROVIDING APPARATUS, STORAGE MEDIUM AND SERVICE PROVIDING METHOD - A service providing apparatus configured to acquire a resource request from a terminal apparatus, specify destination information, which is associated with authentication information stored in a storage and coinciding with authentication information included in the acquired resource request, from the storage, determine whether domain information included in the acquired resource request and the specified destination information coincide with each other, and transmit a first response including information indicating that authentication is required and the domain information to the terminal apparatus when the domain information and the destination information coincide with each other, and transmit a second response not including the domain information to the terminal apparatus when the domain information and the destination information do not coincide with each other. | 2016-03-31 |
20160094535 | PRIVATE SIMULTANEOUS AUTHENTICATION OF EQUALS - A passphrase is assigned to an end user device for use in authenticating the end user device for a network using SAE. An identification of the end user device is determined during an authentication process. The passphrase assigned to the end user device is determined at a network side using the identification of the end user device. A shared secret is generated using the passphrase. Whether the end user device has generated the shared secret is determined. The end user device is authenticated for the network, if it is determined that the end user device has generated the shared secret. | 2016-03-31 |
20160094536 | SYSTEM AND METHOD FOR PORTABLE SOCIAL DATA IN A WEBPUBLISHING APPLICATION - A system and method is described for managing permissions for a system that organizes shared electronic media using a card/deck/project schema. A permissions manager allows a user to share a card, deck or project with another user and further provides the option of requiring the receiving user to log in to access the shared media using the receiving user's system password. Advantageously, the receiving user does not need to remember another password, but merely enters his/her system user ID and system password to access the shared media. The sharing user can turn off all permissions to a single user with a single action. | 2016-03-31 |
20160094537 | FACILITATING NETWORK LOGIN - A system and method for transmitting user credentials to another device. According to some embodiments, a method is described of receiving into a first portable electronic device a set of credentials from a user, the set of credentials to include a WLAN SSID and a network key, the set of credentials to allow the first device to connect to the WLAN. The set of credentials is used to connect the first device to the WLAN. The first device creates a message for wireless transmission, the message includes the set of credentials for accessing the WLAN and is adapted to be delivered to a second device. Finally, the first device transmits the message over the air, wherein the message is addressed to the second device. The second device receives the message and uses the credentials in the message to connect to the WLAN. Other embodiments are also described. | 2016-03-31 |
20160094538 | MANAGED CLONE APPLICATIONS - Disclosed are various embodiments relating to managed clones of applications. In one embodiment, an application is received. If it is determined that the application should be managed, a managed clone of the application is generated. The managed clone of the application is configured for coexistence along with the application upon a client device under management. The managed clone of the application may then be deployed to the client device under management. | 2016-03-31 |
20160094539 | SYSTEMS AND METHODS FOR PERFORMING SINGLE SIGN-ON BY AN INTERMEDIARY DEVICE FOR A REMOTE DESKTOP SESSION OF A CLIENT - The present disclosure is directed to systems and methods for performing single sign on by an intermediary device for a remote desktop session of a client. A first device intermediary to a plurality of clients and a plurality of servers authenticates a user and establishes a connection to the user's client device. The device provides a homepage including links to one or more remote desktop hosts associated with the user. The device receives a request to launch an RDP session with a remote desktop host via the homepage and generates RDP content, including a security token, for the user. The device receives a second request that includes the security token to launch the RDP session. The device validates the user using the security token and establishes a connection to the remote desktop host. The device signs into the desktop host using session credentials. | 2016-03-31 |
20160094540 | Distributed Single Sign-On - Methods and apparatus are provided for authenticating user computers | 2016-03-31 |
20160094541 | DIGITAL CERTIFICATION ANALYZER - A digital certification analyzer (or “analyzer”) provides protection for digital content stored on servers, file sharing systems, hard drives and USB enabled external drives or other digital repositories. The analyzer prevents unauthorized access from both owners/administrators and recipients of digital content being shared through a web based or file sharing type service. The analyzer protects the owner of the shared digital content from unauthorized access, while allowing multiple protection instances to be applied to multiple digital content shares within a digital file hosting and sharing environment. Timers are provided to limit access to digital content at the discretion of the owner of the digital content. | 2016-03-31 |
20160094542 | ON-DEMAND SERVING NETWORK AUTHENTICATION - A method, an apparatus, and a computer program product for wireless communication are provided. A method includes transmitting a request to a serving network with a nonce and a signature request directed to a network function of the serving network, receiving a response to the request from the serving network, and authenticating the serving network based on the signature of the network function. The nonce may provide replay protection. The response may include a signature of the network function. The request sent to the serving network may include a radio resource control (RRC) message or a tracking area update (TAU) request. The serving network may be authenticated using a trusted third party to verify a certificate associated with the serving network. | 2016-03-31 |
20160094543 | FEDERATED FULL DOMAIN LOGON - Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Components used to implement fast smart card logon may also be used to implement a federated full domain logon. A virtual smart card credential, which may be ephemeral, may be issued based on the acceptance of an external authentication event. Example external authentication events include logon at a Security Assertion Markup Language (SAML) Identity Provider, smart card authentication over TLS or SSL, and alternative authentication credentials such as biometrics or one-time password (OTP) without AD password. Moreover, the certificate operation interception components from fast smart card logon may be used to enable interaction with the virtual smart card without fully emulating a smart card at the PC/SC API level. The virtual smart card may be created locally at the authentication server or on a separate server that may be highly protected. | 2016-03-31 |
20160094544 | AUTOMATED PRODUCTION OF CERTIFICATION CONTROLS BY TRANSLATING FRAMEWORK CONTROLS - A compliance application automatically produces certification controls by translating framework controls. The framework controls are common certification controls used in production of the certification. The application retrieves framework controls including metadata from a compliance framework data store. Metadata of the framework controls map the framework controls to the certification. In addition, the application retrieves certification parity data associated with the metadata. Certification controls are produced based on the framework controls and the certification parity data. A view of the certification including the certification controls is provided to a customer requesting the certification. | 2016-03-31 |
20160094545 | NFC DEVICE, SOFTWARE INSTALLATION METHOD, SOFTWARE UNINSTALLATION METHOD, COMPUTER PROGRAM AND ARTICLE OF MANUFACTURE - There is disclosed an NFC device comprising an NFC communication unit and a memory unit; the NFC device being arranged to receive, through the NFC communication unit, a device identifier of a computing device and to store said device identifier in the memory unit; the NFC device further being arranged to send, upon or after storing said device identifier, at least one software installation key through the NFC communication unit to the computing device. Furthermore, a corresponding software installation method, software uninstallation method, computer program and article of manufacture are disclosed. | 2016-03-31 |
20160094546 | FAST SMART CARD LOGON - Methods and systems for faster and more efficient smart card logon and for giving a client device full domain access in a remote computing environment are described herein. Fast smart card logon may be used to reduce latency and improve security. For example, the system may reduce the number of operations (e.g., interactions) between a server device used for authentication and the client device. These operations may include fetching a user certificate from the smart card or signing data. Fast smart card logon may also improve security by optionally avoiding PIN (or other credential) transmission over networks, and to enable single sign on from an authentication event (e.g., Secure Sockets Layer (SSL) or Transport Layer Security (TLS) authentication) using a smart card to the domain logon without resorting to PIN caching. | 2016-03-31 |
20160094547 | IMAGE CAPTURE CHALLENGE ACCESS - Aspects of image capture challenge access are described. In one embodiment, an access service of a computing device directs an imaging system to capture an image including facial fiducial features and determine whether the features correspond to an expected set of features. The access service may also issue a request for a response including, for example, a request to tilt or move the computing device, move an individual's face, or contort an individual's facial features. After the request for the response, the access service may capture a response image. The response image may include an adjustment to facial fiducial features. The access service may further determine whether the adjustment to the facial fiducial features corresponds to the request. Depending upon whether the adjustment corresponds to the request, the access service may permit or deny access to features of the computing device. | 2016-03-31 |
20160094548 | METHOD FOR SECURE KEY INJECTION WITH BIOMETRIC SENSORS - Systems and methods are disclosed for securely injecting one or more key values into an electronic device by reading with a fingerprint sensor a manufactured key device having a key value. A secure communication channel between a fingerprint sensor and a secure processing system enables the reading, processing, and storing of the fingerprint sensor data from the key device. The key device includes a conductive substantially planar substrate (“substrate”) with raised conductive portions configured to encode a key value. The substrate can be made from a non-conductive material and have conductive material applied to the substrate to encode the key value. The substrate can be covered with an opaque, conductive layer so that the encoding cannot be visually perceived. The encoding scheme can be a QR code, a bar code, an image, an alphanumeric string, or other encoding. One or more electronic device access policies can be associated with a key value to control how an electronic device can be used when the electronic device is accessed with the manufactured key device. | 2016-03-31 |
20160094549 | Electronic Tag and Authentication Method, Device and System thereof - The invention discloses an electronic tag and authentication method, device and system thereof. The authentication method of the electronic tag comprises: a first terminal generating a two-dimensional code of a product, sending the two-dimensional code to a second terminal and providing the two-dimensional code in an electronic tag of the product; the second terminal reading the two-dimensional code in the electronic tag, and authenticating the electronic tag according to the two-dimensional code sent from the first terminal; the second terminal sending an activation instruction to the electronic tag if authentication is successful; and the electronic tag changing colors according to the activation instruction. As compared with the prior art, the identify authentication of the users corresponding to the first terminal and the second terminal is achieved in the invention, and the results of authentication are more intuitive due to the color change of the electronic tag. | 2016-03-31 |
20160094550 | Biometric Device Pairing - A first electronic device is associated with a biometric sensor. Biometric data received by the biometric sensor is used to permit the first electronic device to pair with, unlock, and/or access a second electronic device. | 2016-03-31 |
20160094551 | Transaction Verification Through Enhanced Authentication - Methods, systems, and computer program products for providing transaction verification through enhanced authentication are provided. A method performed by a computer system may include receiving one or more credentials to authenticate an application programming interface request received from a second computer system based on a first level of authentication, generating an additional authentication challenge to further authenticate the application programming interface request in response to detecting a change associated with the second computer system, issuing the additional authentication challenge to the second computer system, and processing the application programming interface request based on a result of the additional authentication challenge. | 2016-03-31 |
20160094552 | CREATING STACK POSITION DEPENDENT CRYPTOGRAPHIC RETURN ADDRESS TO MITIGATE RETURN ORIENTED PROGRAMMING ATTACKS - A computing device includes technologies for securing return addresses that are used by a processor to control the flow of execution of a program. The computing device uses a cryptographic algorithm to provide security for a return address in a manner that binds the return address to a location in a stack. | 2016-03-31 |
20160094553 | Hash-Based Forwarding In Content Centric Networks - A method implemented by a network element (NE), comprising obtaining a first mapping between a first content name identifying a content data in a content centric network (CCN) and a first hash value of at least a portion of the first content name, wherein the first content name comprises a character string in a hierarchical namespace, receiving, via a receiver of the NE, an initial packet comprising an initial hash value from the CCN, determining, via a processor the NE, that the initial hash value in the received initial packet matches the first hash value in the obtained first mapping, replacing, via the processor, the initial hash value in the received initial packet with the first content name in the matched first mapping to produce a translated initial packet, and forwarding, via a transmitter of the NE, the translated initial packet comprising the first content name to a connected end host. | 2016-03-31 |
20160094554 | Teleconference System and Storage Medium Storing Program for Teleconference - In a teleconference system, it is determined whether address information of a terminal apparatus operated by a conference participant is included in a particular range. When the address information of the terminal apparatus is within the particular range, first authentication information corresponding to the conference participant is transmitted from a first communicator of the security server to an authentication server. The first authentication information is acquired from the terminal apparatus through the first communicator. The authentication server authenticates usage of a function through a network corresponding to the particular range. When the address information of the terminal apparatus is outside the particular range, second authentication information corresponding to the conference participant is transmitted from the first communicator to the conference management server. The second authentication information is acquired from the terminal apparatus through the first communicator. The conference management server authenticates connection to a conference server that controls the teleconference. | 2016-03-31 |
20160094555 | SYSTEM AND METHODS FOR EXECUTING ENCRYPTED MANAGED PROGRAMS - The present disclosure relates to systems and methods for enabling execution of encrypted managed programs in common managed execution environments. In particular the disclosure relates to method of loading and associating an extension module to the managed execution environment configured to receive execution event notifications. The events corresponding to the execution of encrypted methods are intercepted and passed on to a decryption module operable to execute within an hypervisor environment, such that the managed encrypted program is decrypted, executed in a secured location, preventing access of untrusted party. The decryption module is further configured to discard decrypted instruction if cooperation of the extension module is required, or upon program termination. | 2016-03-31 |
20160094556 | COMMAND ORIGIN FILTERING - A communication and security device for a portable computer is disclosed including a housing, a connector provided on the housing for physical connection to the portable computer, a computer interface coupled to the connector for communicating data with the portable computer, a wireless modem coupled to the computer interface for communicating data between the portable computer and a remote device via a wireless network, a controller configured to control access to the data storage based on an identifier in a security message received via the wireless network. | 2016-03-31 |
20160094557 | USER AUTHENTICATION FOR PROXY-CONFIGURED CLIENTS IN CAPTIVE PORTAL ENVIRONMENTS - Methods, systems and computer readable media for user authentication for proxy-configured clients in captive portal deployments are described. In some implementations, the method can include receiving, at a captive portal, a request from a client device to resolve a proxy IP address, and determining whether the client device has been authenticated. The method can also include, when the client device has not been authenticated, causing the captive portal to act as an intermediate domain name system (DNS) server and forwarding the DNS request to one or more other DNS servers, and evaluating any received responses from the one or more other DNS servers. The method can include, when received responses contain an IP address, replying to the client with the received IP address, and when the received responses do not contain an IP address, replying to the client with an IP address of the captive portal. | 2016-03-31 |
20160094558 | SECURING SENSOR DATA - Systems and methods include establishing a secure communication between an application module and a sensor module. The application module is executing on an information-handling machine, and the sensor module is coupled to the information-handling machine. The establishment of the secure communication is at least partially facilitated by a mutually trusted module. | 2016-03-31 |
20160094559 | Auto Configuration For Auto-Enrolled Access Controller Systems - Disclosed is a system for a facility supporting an access controller, at least one ingress card reader and an auto-enrollment type controller including a front panel having a single button, a controller board, a terminal block for connecting at least the one ingress card reader to the auto-enrollment type controller board and to connect the auto-enrollment type controller to door locks, and a mounting plate, with the auto-enrollment type controller being configured by a user according to operational requirements of the facility by the user asserting the button for a defined period of time. | 2016-03-31 |
20160094560 | REMOTE PROCESSING OF MOBILE APPLICATIONS - In an example implementation of the disclosed technology, a method includes accessing, by a management agent associated with a client device, a profile associated with a requested resource, wherein the profile comprises at least one profile criterion. The method also includes evaluating the profile criterion based, at least in part, on status information associated with the client device to determine any processing restrictions associated with the requested resource. The method also includes, responsive to receiving an indication that the resource is subject to a server-device processing restriction, requesting access to the resource from a remote server and receiving an instance of a user interface for interacting with the resource. | 2016-03-31 |
20160094561 | IDENTIFYING ROLES WITH SIMILAR MEMBERSHIP AND ENTITLEMENT INFORMATION - Techniques are disclosed for identifying roles with similar membership and/or entitlement information in an identity management system of an enterprise. A role defined in an identity management system may be associated with membership information and entitlement information. The membership information may identify one or more members who has been assigned the role. The entitlement information may determine how members of the role can interact with a target system within the enterprise. The entitlement information may include a list of actions that members of the role can perform on the target system. Embodiments allow for identifying roles that have similar membership and/or entitlement information. If an existing role already gives similar entitlement(s) to similar member(s), the role may be prevented from being created. Thus, embodiments prevent creating and maintaining redundant roles. | 2016-03-31 |
20160094562 | METHOD AND SYSTEM FOR COMMUNICATION CONTROL - The present disclosure relates to a method for communication control, comprising: receiving, from a second user, a request for communicating with a first user, the request including a first identification specific to the first user, the first identification being different from an account used by the first user in the communication; determining, based on a communication mapping associated with the first user, whether the second user is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized users allowed to communicate with the first user and respective identifications allowed to be used by the authorized users; and obtaining, in response to determining that the second user is allowed to communicate with the first user using the first identification, the account used by the first user in the communication to initiate the communication with the first user. | 2016-03-31 |
20160094563 | SELECTIVELY PERMITTING OR DENYING USAGE OF WEARABLE DEVICE SERVICES - Selectively permitting or denying usage of a service available on a device is provided. Usage restrictions on usage of services available on the device are maintained, the usage restrictions including customizable restrictions on usage of the services available on the device. A usage restriction for a service indicates usage parameter(s) of the device under which the service is usable or is unusable to users of the device. Based on detecting an event associated with the device, current usage parameter(s) of the device are identified and compared to usage parameter(s) indicated by a usage restriction to determine whether the service is to be usable or unusable. Usage of the service by a user of the device is then permitted or denied based the comparison. | 2016-03-31 |
20160094564 | TAXONOMIC MALWARE DETECTION AND MITIGATION - In an example, a classification engine compares two binary objects to determine whether they can be classified as belonging to a common family. As an example application, the classification engine may be used to detect malware objects derived from a common ancestor. To classify the object, the binary is disassembled and the resulting assembly code is normalized. Known “clean” functions, such as compiler-generated library code, are filtered out. Normalized blocks of assembly code may then be characterized, such as by forming N-grams, and checksumming each N-gram. These may be compared to known malware routines. | 2016-03-31 |
20160094565 | TARGETED ATTACK DISCOVERY - A device may receive usage information, associated with a group of client networks, including particular usage information associated with a particular client network. The device may receive threat information, associated with the group of client networks, including particular threat information associated with the particular client network. The device may determine a baseline based on the usage information. The device may determine a normalization function, associated with the particular client network, based on the baseline and the particular usage information. The device may determine normalized threat information, associated with the particular client network, based on the normalization function and the particular threat information. The device may determine overall normalized threat information associated with the group of client networks. The device may compare the normalized threat information and the overall normalized threat information. The device may provide information associated with comparing the normalized threat information and the overall normalized threat information. | 2016-03-31 |
20160094566 | METHOD AND SYSTEM FOR EMAIL PRIVACY, SECURITY, AND INFORMATION THEFT DETECTION - A system and method is proposed for managing email messages across a network. The system provides multiple means of verifying an originating sender of email. In addition, the system automatically generates unique email addresses as a means mask the email address of an original sender and shield users from unwanted email. The system may also be configured to block email security threats (e.g. phishing, spear phishing, etc.). Further, the system provides means of processing email messages to enable encryption, spam detection, geographical location identification of users, and social networking | 2016-03-31 |
20160094567 | METHODS AND APPARATUS TO IDENTIFY MEDIA DISTRIBUTED VIA A NETWORK - Methods, apparatus, systems and articles of manufacture to monitor media presentations are disclosed. An example method includes extracting first network packet parameters from a first network packet received at a media device when retrieving a first encrypted web page, storing, at the media device, the first network packet parameters in association with a uniform resource locator for the first encrypted web page, the uniform resource locator received from an extension in a web browser at the media device, extracting second network packet parameters from a second network packet received at the media device from an unknown encrypted web page, when the extension is inoperative, comparing the second network packet parameters to the first network packet parameters, and identifying the unknown encrypted web page as the first encrypted web page when the comparison of the second network packet to the first network packet parameters has a similarity above a threshold. | 2016-03-31 |
20160094568 | AUTOMATED RESPONSE TO DETECTION OF THREAT TO CLOUD VIRTUAL MACHINE - An approach for responding to a threat in a networked computing environment (e.g., a cloud computing environment) is provided. In an embodiment, a set of associations to a virtual machine (VM) instance are established, each association indicating a relationship between the VM instance and a related VM instance. Each of the associations in the set of associations is assigned a strength attribute. When a threat is detected in a VM instance, a first preventative measure is performed on a first related VM instance, the strength of which is determined based on the strength attribute that corresponds to the association between the VM instance and the first related VM instance. A second preventative measure is performed on a second related VM instance, the strength of which is based on the strength attribute that corresponds to the association between the VM instance and the second related VM instance. | 2016-03-31 |
20160094569 | BEHAVIORAL DETECTION OF MALWARE AGENTS - In an example, a detection engine identifies potential malware objects according to behavior. In order to circumvent blacklists and fingerprint-based detection, a malware server may frequently change domain names, and change the fingerprints of distributed malware agents. A malware agent may perform only an initial DNS lookup, and thereafter communicate with the malware command-and-control server via “naked” HTTP packets using the raw IP address of the server. The detection engine identifies malware agents by this behavior. In one example, if an executable object makes repeated HTTP requests to an address after the DNS lookup “time to live” has expired, the object may be flagged as potential malware. | 2016-03-31 |
20160094570 | CROSS-VIEW MALWARE DETECTION - In an example, a cross-view detection engine is disclosed for detecting malware behavior. Malware may attempt to avoid detection by remaining in volatile memory for as long as possible, and writing to disk only when necessary. To avoid detection, the malware may also provide a pseudo-driver at a file system level that performs legitimate-looking dummy operations. A firmware-level driver may simultaneously perform malicious operations. The cross-view detection engine detects this behavior by deconstructing call traces from the file system-level operations, and reconstructing call traces from firmware-level operations. If the traces do not match, the object may be flagged as suspicious. | 2016-03-31 |
20160094571 | DETECTION AND MITIGATION OF MALICIOUS INVOCATION OF SENSITIVE CODE - Particular embodiments described herein provide for an electronic device that can be configured to identify regions of code to be monitored, probe and lock code pages that include the identified regions of code, and remap the code pages as execute only. The code pages can be remapped as execute only in an alternate extended page table view. | 2016-03-31 |
20160094572 | DE-OBFUSCATING SCRIPTED LANGUAGE FOR NETWORK INTRUSION DETECTION USING A REGULAR EXPRESSION SIGNATURE - A device receives data, identifies a context associated with the data, and identifies a script, within the data, associated with the context. The device parses the script to identify tokens, forms nodes based on the tokens, and assembles a syntax tree using the nodes. The device renames one or more identifiers associated with the nodes and generates a normalized text, associated with the script, based on the syntax tree after renaming the one or more identifiers. The device determines whether the normalized text matches a regular expression signature and processes the data based on determining whether the normalized text matches the regular expression signature. The device processes the data by a first process when the normalized text matches the regular expression signature or by a second process, different from the first process, when the normalized text does not match the regular expression signature. | 2016-03-31 |
20160094573 | TECHNOLOGIES FOR DISTRIBUTED DETECTION OF SECURITY ANOMALIES - Technologies for distributed detection of security anomalies include a computing device to establish a trusted relationship with a security server. The computing device reads one or more packets of at least one of an inter-virtual network function network or an inter-virtual network function component network in response to establishing the trusted relationship and performs a security threat assessment of the one or more packets. The computing device transmits the security threat assessment to the security server. | 2016-03-31 |
20160094574 | DETERMINING MALWARE BASED ON SIGNAL TOKENS - Example embodiments disclosed herein relate to determining malware. A set of tokens is generated from an application under test, A set of signal tokens is generated from the set of tokens. A likelihood of malware is determined for the application under test based on the signal tokens and a signal token database. | 2016-03-31 |
20160094575 | AUTOMATED HARDENING OF WEB PAGE CONTENT - Methods and apparatus are described for automatically modifying web page source code to address a variety of security vulnerabilities such as, for example, vulnerabilities that are exploited by mixed content attacks. | 2016-03-31 |
20160094576 | ANTI-VULNERABILITY SYSTEM, METHOD, AND COMPUTER PROGRAM PRODUCT - A system, method, and computer program product are provided for accessing at least one data storage identifying a plurality of mitigation techniques that mitigate effects of attacks that take advantage of vulnerabilities, such that: each mitigation technique is capable of mitigating an effect of an attack that takes advantage of a corresponding vulnerability, and each mitigation technique has a mitigation type including at least one of a patch, a policy setting, or a configuration option. Further, the system, method, and computer program product are provided for displaying at least one mitigation technique in connection with at least one vulnerability to be applied as an attack response, and receiving user input for selecting the at least one mitigation technique in connection with the at least one vulnerability. | 2016-03-31 |
20160094577 | PRIVILEGED SESSION ANALYTICS - A privileged account manager is provided for monitoring privileged sessions on target systems of an enterprise. In an embodiment, the privileged account manager is configured to capture metadata related to a privileged session and generate a first activity pattern for the privileged session based on the captured metadata. The first activity pattern may include a sequence of one or more activities performed by a first user during the privileged session. The privileged account manager may be configured to identify a second activity pattern that comprises at least a subset of the one or more activities performed by the first user during the privileged session and determine an appropriate action to be performed for the first activity pattern based on the identification of the second activity pattern. In some embodiments, the privileged account manager may be configured to transmit the action to a second user on a client device. | 2016-03-31 |
20160094578 | SCADA INTRUSION DETECTION SYSTEMS - According to one aspect, a SCADA system is provided. The SCADA system includes a network interface configured to communicate data with a plurality of industrial control devices via an industrial control system (ICS) network. The SCADA system further includes a memory storing SCADA configuration information including ICS network configuration information and device information descriptive of each industrial control device of the plurality of industrial control devices and at least one processor in data communication with the memory and the network interface. The SCADA system also includes an intrusion detection component executable by the at least one processor and configured to read the SCADA configuration information, generate, from the SCADA configuration information, authorized communication information descriptive of one or more expected communication types of communications authorized for transmission via the ICS network. | 2016-03-31 |
20160094579 | Local Applications and Local Application Distribution - Concepts and technologies are disclosed herein for local applications and local application distribution. According to one aspect of the concepts and technologies disclosed herein, an application authority system can receive a local application for distribution to a local router. The application authority system can perform an application approval process to approve the local application for distribution to the local router. The application authority system can cause the local application to be distributed to the local router. The local router can receive the local application and can distribute the local application to one or more devices via a local network. | 2016-03-31 |
20160094580 | DYNAMIC LOADING AND CONFIGUATION OF THREAT DETECTORS BASED ON FEEDBACK FROM OTHER NODES - Artificial Immune Systems (AIS) including the Dendritic Cell Algorithm (DCA) are an emerging method to detect malware in computer systems. The DCA implementation may use an inflammation signal to communicate information among the processes of device or a network or among nodes of a network, where the inflammatory signal indicates a likelihood that a process or a node has been attacked by malicious software. The DCA implementation may dynamically change the malware sensitivity and responsiveness based on the inflammation signals without requiring user intervention. The inflammatory signal includes one or more inflammatory tuples, which may include multiple components such as a strength, a PrimeIndicator, and an optional third element, p. The strength component may be an indication of the magnitude of an attack and provide a degree of certainty of the attack. The PrimeIndicator may be an identifier of the indicator type that is the source of the inflammation tuple. | 2016-03-31 |
20160094581 | HTTPS request enrichment - This disclosure provides for a network element (in the middle) to inject enrichments into SSL connections, and for taking them out. This network element is sometimes referred to herein as a “middle box.” In the context of layered software architecture, this solution preferably is implemented by a library that operates below the SSL layer and above the TCP sockets layer at the two endpoints of the SSL connection. Preferably, the SSL enrichments are implemented as SSL/TLS records. | 2016-03-31 |
20160094582 | SYSTEM AND METHOD FOR SUPPORTING WEB SERVICES IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for supporting web services in a multitenant application server environment. The system comprises a domain with a plurality of partitions, wherein each partition can include one or more web services, and a web services inspection language (WSIL) application. A partition-aware managed bean server can include managed beans for generating addresses of web services deployed to each partition, wherein the generated addresses can be retrieved by the WSIL application in that partition for use by clients in accessing the web services. The system can further include a web service security manager that can secure web services in each partition, by attaching security policies to each web service endpoint and enforcing the security policies on requests directed to that web service endpoint. | 2016-03-31 |
20160094583 | SYSTEM AND METHOD FOR DYNAMIC SECURITY CONFIGURATION IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for supporting dynamic security configuration in a multitenant application server environment. Common configuration changes required for partition level security can be made without requiring a server restart, such as for example, adding a new security realm for a partition; deleting an existing realm; changing the configuration on an existing realm; adding or removing a security provider to a realm; or changing the configuration of a security provider. In accordance with an embodiment, also described herein is a system and method for supporting dynamic reconfiguration in a multitenant application server environment. Attributes of partition management components, for example managed beans (MBeans) and child MBeans contained within a partition, can be made dynamic and annotated accordingly, so that a restart of servers is not required for configuration changes to those attributes for a particular partition. | 2016-03-31 |
20160094584 | MANAGEMENT OF APPLICATION ACCESS TO DIRECTORIES BY A HOSTED DIRECTORY SERVICE - Features are disclosed for facilitating management of network directories of multiple organizations by a centralized directory management system. Various applications can access the directories of the organizations via the directory management system according to the permissions that the applications have been granted by the respective organizations. Organizations may maintain directories on-premises or off-premises, and the applications can access the directories via the directory management system regardless of the physical location of the directories. Additionally, the applications may be hosted by a computing service provider that also hosts or otherwise manages the directory management service, or the applications can be hosted by third-party servers separate from the directory management system and the organizations. | 2016-03-31 |
20160094585 | SECURE POLICY PORTAL FOR REMOTE STORAGE NETWORKS - A system for securely managing uploaded content according to client-definable policies in remote storage configurations may include a content storage network with servers that are distributed in a plurality of geographic regions. The system may also include a policy engine that stores and processes policies that govern how content uploaded to the content storage network is stored. The system may additionally include a client portal that may be configured to receive a content object at the client device for upload to the content storage network, receive a policy or a selection of a policy that governs how the content object should be stored in the content storage network, and provide a status of how the policy is applied to the content object after the content object is uploaded to the content storage network. | 2016-03-31 |
20160094586 | Media Session Between Network Endpoints - A media session between an initiating endpoint and a responding endpoint is effected, there being a plurality of available paths through a communication network via which the media session could be established. Type metrics associated with the available paths convey the directness of the available paths and are for making a selection of an available path for the media session. Network information indicative of the quality of the available paths and collected from a plurality of network nodes comprises contributions from network nodes other than the initiating and receiving endpoints which have current and/or have had past visibility of at least parts of the available paths. Said selection is influenced so as to cause the endpoints to select for the media session a higher quality but less direct available path in favour of a more direct but lower quality available path. | 2016-03-31 |
20160094587 | ENHANCING USER EXPERIENCE FOR INTERNET PROTOCOL MULTIMEDIA CORE NETWORK SUBSYSTEM BASED COMMUNICATION SERVICES - User experience is enhanced for Internet Protocol Multimedia Core Network Subsystem (IMS) based rich communication services in telecommunication environments. A system receives, from a user equipment, a session initiation protocol invitation packet to commence a communication session, and as a function of the session initiation protocol invitation packet, displays an access network technology type used by the user equipment to access a network device associated with a multiple access communication network. | 2016-03-31 |
20160094588 | METHOD AND APPARATUS FOR MANAGING CALLS - A system that incorporates teachings of the present disclosure may include, for example, receiving a request for a voice call at a mobile switching center server, transmitting a mapping query from the mobile switching center server to a database in response to the request for the voice call, route the request from the mobile switching center server to an internet protocol multimedia subsystem for facilitating establishing the voice call when the mapping query is successful in obtaining an internet protocol address for establishing the voice call with a recipient communication device, and routing the request from the mobile switching center server to a second server for facilitating establishing the voice call without routing the request to the internet protocol multimedia subsystem when the mapping query is not successful in obtaining the internet protocol address. Other embodiments are disclosed. | 2016-03-31 |
20160094589 | Media Session Between Network Endpoints - A media session between an initiating endpoint and a responding endpoint is established via a communication network. A set of candidate pairs is generated, each comprising a respective network address available to the initiating endpoint and a respective network address available to the responding endpoint by exchanging network addresses between the initiating endpoint and the responding endpoint. The media session is established using a candidate pair of the set determined to be valid. Connectivity checks are performed for at least one candidate pair of the set to determine whether or not the candidate pair is valid. The at least one candidate pair is selected in dependence on selection data pertaining to at least one of the network addresses and indicative of the quality of a path through the network that would be traversed were that network address to be used for the media session. | 2016-03-31 |
20160094590 | SYSTEM AND METHOD FOR CONFIGURING COMMUNICATION SESSION - Disclosed is a system for configuring a communication session. The system comprises a plurality of operator devices associated with a plurality of sales operators. The system further comprises a server arrangement coupled via one or more communication networks to the plurality of operator devices. The server arrangement is operable to receive information pertaining to a web page that is accessed by a consumer device associated with a given consumer. The server arrangement is then operable to analyze the information to select an operator device from the plurality of operator devices. Moreover, the server arrangement is operable to start the communication session between the consumer device and the selected operator device. | 2016-03-31 |
20160094591 | Media Session between Network Endpoints - A media session is established between a first endpoint and a second endpoint via a communication network based on connectivity checks performed by the endpoints. A set of candidate pairs, each comprising a first network address available to the first endpoint and a second network address available to the second endpoint, is generated. To each candidate pair of the candidate pair set, a respective priority is assigned. If none of the criteria is determined to be met by the first endpoint, the priorities are assigned by the first endpoint according to a standardized networking protocol as specified by the standardized networking protocol, and if any of the criteria is determined to be met by the first endpoint, at least one of the priorities assigned by the first endpoint is different from that specified by the standardized networking protocol. | 2016-03-31 |
20160094592 | Creating and Using Groups for Task Collaboration - Concepts and technologies are disclosed herein for creating and using groups for task collaboration. A computing device can include a processor. The computing device can detect an opportunity to initiate collaboration on a task by a group of devices that includes a collaborating device. The computing device can create the group of devices, provide collaboration data to the collaborating device, and obtain input generated by the collaborating device based upon the collaboration data. The computing device can terminate the group. | 2016-03-31 |
20160094593 | METHOD AND APPARATUS FOR SHARING VIEWABLE CONTENT WITH CONFERENCE PARTICIPANTS THROUGH AUTOMATED IDENTIFICATION OF CONTENT TO BE SHARED - A computer implemented method and apparatus for sharing the contents of a presentation in a web conference through automated identification of documents for selective sharing with web conferences comprises launching a web conference in which an application or an entire desktop view of a conference presenter is caused to be rendered as content viewable on the displays of all conference participants. The method detects that one or more documents are being accessed by application(s) executed concurrently with the desktop sharing application and identifies documents having a supported format as including viewable content available for rendering to the display of the presenter. Automatically, or after presenter confirmation, the content is uploaded to a web server and converted into a format that can be distributed to and cached at the respective participant computers. | 2016-03-31 |
20160094594 | APPARATUS, SYSTEM, AND METHOD OF CONTROLLING TRANSMISSION OF DATA - A system stores, in a memory, first service identification information for identifying a service to be used by a first communication terminal that requests for content data, second service identification information for identifying a service to be used by a second communication terminal that transmits content data, and content data information indicating property of content data that can be transmitted to the first communication terminal, in association with one another. After a session for transmitting content data is established between the first communication terminal and the second communication terminal, the system controls transmission of content data from the second communication terminal to the first communication terminal, so as to transmit content data having a property indicated by the content data information that is stored in association with the first service identification information and the second service identification information. | 2016-03-31 |