13th week of 2022 patent applcation highlights part 81 |
Patent application number | Title | Published |
20220103537 | CANNABIS IDENTITY VERIFICATION AND EXCHANGE PLATFORM - A cannabis identification verification platform allows for users and entities to validate the identity of an individual involved, either directly or indirectly, in the cannabis industry to address laws and regulations on a federal, state, and local level. The identity verification can occur when conducting cannabis sales, dealing with cannabis vendors, accessing a cannabis facility, and when individuals access cannabis websites for either informational or ecommerce experiences. The identity verification platform allows businesses, whether directly or indirectly in the cannabis industry, to verify individuals based upon their own rules and processes with different data metrics. In addition, the identity verification platform allows cannabis data to be exchanged and shared to provide additional metrics to identify an individual between organizations and government entities. | 2022-03-31 |
20220103538 | Embedded Universal Integrated Circuit Card Supporting Two-Factor Authentication - A module with an embedded universal integrated circuit card (eUICC) can include a profile for the eUICC. The profile can include a first and second shared secret key K for authenticating with a wireless network. The first shared secret key K can be encrypted with a first key, and the second shared secret key K can be encrypted with a second key. The module can (i) receive the first key, (ii) decrypt the first shared secret key K with the first key, and (iii) subsequently authenticate with the wireless network using the plaintext first shared secret key K. The wireless network can authenticate the user of the module using a second factor. The module can then (i) receive the second key, (ii) decrypt the second shared secret key K, and (iii) authenticate with the wireless network using the second shared secret key K. The module can comprise a mobile phone. | 2022-03-31 |
20220103539 | VERIFYING TRUSTED COMMUNICATIONS USING ESTABLISHED COMMUNICATION CHANNELS - In various examples, communications from a host device—which may be associated with an entity—and to a client device may be are verified through established channels of communication. Systems and methods are disclosed that use authentication signals and notifications, which may include predetermined passwords and time-sensitive values, to facilitate verification of the communication between the host device and client device. The notifications may be delivered using applications or web-based applications that are associated with an entity. Once the communication has been verified as trusted, the host device and/or the client device may present notifications that the communication is verified as trusted. The notifications may be presented using audio, video, and/or haptic methods. | 2022-03-31 |
20220103540 | AUTHENTICATION METHOD FOR NEXT GENERATION SYSTEMS - The present disclosure relates to authentication methods supported by the User Equipment (UE) to the core network and authentication method (selected by the core network) to the UE. These can be used for negotiating any primary or secondary (or any) authentication method and are applicable when multiple authentication methods are supported at the UE and the network (authentication server). Further, the present disclosure also offers security solution to prevent modification or tampering of the parameters in the mechanisms in order to prevent attacks such as bidding-down, Denial of Service (DoS) and Man-In-The-Middle (MITM). | 2022-03-31 |
20220103541 | ENHANCED N-LAYER SSO CONTROLLED AUTHENTICATION FOR ENTERPRISE DEVICES - A system, method, and computer-readable storage medium provide single sign-on (SSO) in a nested virtualization environment by routing authentication tokens received from an authentication server through the hierarchy of virtual machines (VMs) using secure data communications tunnels between each hypervisor and its respective VMs. A key store stores SSO authentication tokens for users of the nested VMs, and a key controller ensures that each login by a user to a separate VM is associated with its own token. Each login request is uniquely tagged to identify the particular VM requesting credentials, so that the responsive authentication token can be properly routed through the hierarchy. Moreover, session preferences may be associated with each user and/or each VM, enabling a rules evaluator to determine, for each login request, whether SSO functionality should be provided or whether the user should be required instead to provide new login credentials. | 2022-03-31 |
20220103542 | MULTI-CLOUD DATA CONNECTIONS FOR WHITE-LABELED PLATFORMS - Methods, systems, and storage media for multi-cloud data connections for white-labeled platforms are disclosed. Exemplary implementations may: receive an indication of a plurality of applications to be accessed; receive authentication information for the plurality of applications; establish a plurality of data connections to the plurality of applications, if authenticated with the authentication information; receive application data received from the plurality of data connections; normalize the application data to provide normalized data; generate a customizable feed with display parameters and displaying the normalized data according to the display parameters; and generate a visualization dashboard with visualization parameters and displaying the normalized data according to the visualization parameters. | 2022-03-31 |
20220103543 | SECURE AUTHENTICATION METHOD FOR PERFORMING A HOST OPERATION USING A DELEGATED AUTHORIZATION MECHANISM - A method includes receiving a host operation request sent without a first credential that is associated with a first user, wherein the host operation request by a second user includes a second user credential, the second user is an administrator of a systems management application, and the first user has a privilege to perform the host operation request. The method also sends the host operation request to a host operating system agent to generate an authentication token, the host operation request includes a digital certificate associated with the management controller, and the authentication token based on the first user credential of the first user. The method may also receive the authentication token generated by the host operating system agent, and send a response to the host operation request of the second user, wherein the response includes the authentication token. | 2022-03-31 |
20220103544 | AUTHENTICATION IN A COMPUTER NETWORK SYSTEM - Methods and apparatuses for authentication in a computer network system based on security credentials issued for client hosts by a remote security authority are disclosed. In response to detection that a client host is prevented from obtaining security credentials from the remote security authority for use in accessing a target host, the client host can obtain an emergency security credential from a storage of emergency security credentials. The emergency security credential with an error state indication can be send from the client host to the target host for use in the authentication. | 2022-03-31 |
20220103545 | APPLICATION SECURITY THROUGH DECEPTIVE AUTHENTICATION - Systems, methods, and computer media for securing software applications are provided herein. Through an enhanced authentication token, an application session request can be deceptively authenticated. When a malicious session request is detected, an enhanced authentication token can be generated that appears to successfully authenticate the session but contains information indicating that the session is malicious. The attacker believes that the session has been authenticated, but the information in the token indicating that the session is malicious causes an application clone session to be established instead of an actual application session. The clone session appears to be an actual application session but protects the valid user's account by including fake data instead of the user's actual data. | 2022-03-31 |
20220103546 | DYNAMIC DISPLAY CONTROL APPLICATION FOR CONTROLLING GRAPHICAL USER INTERFACE ELEMENTS BASED ON ACTIVITY DATA - The systems and methods disclosed herein are for a control application for reformatting the graphical user interface being displayed on a computing device. In one embodiment, the control application interfaces with the operating system of the device and disables certain functionality. The disabled functionality may be restored based on user activity data. In which case, the control application re-enables functionality of certain applications by displaying additional graphical user interface elements. | 2022-03-31 |
20220103547 | Biometric Authentication, Decentralized Learning Framework, and Adaptive Security Protocols in Distributed Terminal Network - Biometric authentication, decentralized learning frameworks, and adaptive security protocols and services for a distributed operator terminals network are described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals. Security scores may be determined by a vendor, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The vendor may use the security scores to determine user privileges or permissions for the operations. The vendor may deliver instructions or messages to the terminals based on the determinations. | 2022-03-31 |
20220103548 | USER IDENTIFICATION WITH INPUT PROFILE RECORD - User identification with an input profile record (IPR). In one embodiment, a server includes a memory and an electronic processor. The electronic processor is configured to receive a plurality of input profile records (IPRs) associated with a first user, the plurality of IPRs each based on a plurality of user inputs and indicative of identity of the first user, control the memory to store the plurality of IPRs in the input profile record repository, receive a current IPR associated with a second user, determine whether the second user is the first user by comparing a first one or more biometric features based on the plurality of IPRs and a second one or more biometric features based on the current IPR, and responsive to determining that the second user is the first user, output an identity confirmation that the second user is the first user. | 2022-03-31 |
20220103549 | MANAGEMENT OF SETTING CHANGE PROPAGATION IN NETWORKED DEVICES - A computer-implemented method is provided to automatically adjust a device setting of a plurality of networked devices. The method includes performing autonomously at a device of the plurality of networked devices, receiving a request to update a device setting to a new value, comparing a characteristic of the plurality of networked devices to a corresponding characteristic of the device, determining one or more similar devices of the plurality of devices that satisfy a similarity criteria based on a result of the comparison, and accessing the one or more similar devices to change the device setting of the one or more similar devices to the new value. | 2022-03-31 |
20220103550 | PROVIDING ISOLATED CONTAINERS FOR USER REQUEST PROCESSING - Methods, computer program products, and/or systems are provided that can perform the following operations: receiving a connection request from a first user device; creating an authentication container for the first user device; authenticating the first user device using the authentication container; in response to authentication for the first user device being successful, creating a first user request processing container for the first user device; and processing user requests received from the first user device using the first user request processing container. | 2022-03-31 |
20220103551 | ERROR HANDLING FOR MEDIA ACCESS CONTROL SECURITY - Embodiments improve error detection and recovery in media access control security sessions. A MACsec session is torn down after three liveness time intervals elapse without receiving a MACsec key exchange protocol data unit (MKPDU) from a remote peer. This delay between a cessation of effective network communication over the MACsec session and the expiration of the three “liveness” intervals results in increased packet loss and an increased network convergence time as a network continues to route/forward data over the MACsec session for a period of time after the MACsec session has entered secure block mode. To solve this problem, embodiments define a new alarm, called a MACsec link alert, which is raised earlier than a MACsec session timeout generated by traditional embodiments. The MACsec link alert is raised, by at least some embodiments, after a failure to successfully receive an MKPDU from the remote peer after a single MACsec “liveness” timeout interval elapses. | 2022-03-31 |
20220103552 | BINDING SERVER ACCOUNTS - One or more embodiments of the present specification relate to a data processing method for binding server accounts. An example method includes, in response to obtaining a binding request, determining a first account, and sending binding request feedback data to a terminal device. In response to obtaining binding object selection data that indicates a selection of candidate binding objects presented by the terminal device, a respective target binding object is determined for each selected candidate binding object, and a respective target server is determined for each target binding object. For each target server, the first account is bound to a second account of the target server. | 2022-03-31 |
20220103553 | SMART PERIPHERAL DEVICE FOR AN INFORMATION HANDLING SYSTEM - In one embodiment, a method for offloading one or more tasks from an information handling system to a smart peripheral device in a computing environment includes establishing a connection between the smart peripheral device and the information handling system; receiving a user identification from the information handling system indicating a user of the information handling system; receiving a query from the information handling system requesting a capabilities inventory of the smart peripheral device indicating the one or more tasks to be offloaded; determining user permissions based on a configuration policy of the smart peripheral device; generating the capabilities inventory based on the user permissions; sending the capabilities inventory to the information handling system; receiving one or more commands from the information handling system indicating the one or more tasks to be offloaded from the information handling system to the smart peripheral device; and executing the one or more commands. | 2022-03-31 |
20220103554 | ISOLATED CELL ARCHITECTURE FOR CLOUD COMPUTING PLATFORM - The present disclosure relates to system and techniques for enabling provisioning of cloud services for a client in an isolated yet scalable manner. In some embodiments, various computing resources are implemented within a cell (a self-sufficient unit). A number of cells are generated for a service or a group of services and distributed across a number of computing devices. Various cells may be generated that each pertain to a different aspect, or particular functionality, of the service. In some embodiments, cells providing various functionality for the service are implemented and distributed across different computing devices. | 2022-03-31 |
20220103555 | SERVICE DEPLOYMENT METHOD, DEVICE, SYSTEM, AND COMPUTER-READABLE STORAGE MEDIUM - Provided is a service deployment method, including: acquiring an installation file of a service to be deployed from a service operation system; accessing a first internal network of a service deployment demander; communicating with a service server operating in a second internal network of the service deployment demander via the first internal network through an authorization protocol from the service deployment demander, wherein the first internal network is in communication with the second internal network, and the second internal network allows to be accessed through the authorization protocol; and completing a service deployment in the service server by using the installation file. | 2022-03-31 |
20220103556 | SECURE PRIVATE NETWORK NAVIGATION - A secure network navigation system includes a secure network portal and a site-to-site authenticator. The secure network portal includes a network authenticator to authenticate a user's browser connection to access content at a first site on the secure network. The site-to-site authenticator creates an object that authenticates the user's browser connection, creates a transfer URL by which the user is to access content on a second site of the plural network sites on the secure network. The transfer URL includes values exported from the created object and a unique transfer token. The site-to-site authenticator then transfers the user's browser connection to an address corresponding to the transfer URL. The secure navigation from the first site to the other site on the secure network is transparent to the user. | 2022-03-31 |
20220103557 | MECHANISM FOR MANAGING SERVICES TO NETWORK ENDPOINT DEVICES - An apparatus comprising a processor comprising a trusted execution environment (TEE) to be attested by a plurality of service provider servers on behalf of a plurality of endpoint devices in a network environment and provision kernels for the plurality of service provider servers requesting to access one or more of the plurality of endpoint devices. | 2022-03-31 |
20220103558 | Session Security Splitting and Application Profiler - Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits. | 2022-03-31 |
20220103559 | DISTRIBUTING DYNAMIC ACCESS CONTROL LISTS FOR MANAGING INTERACTIONS WITH A CLOUD DATACENTER - Disclosed herein are system, method and computer readable storage medium for enabling access control to be performed on messages received in a first-party (corporate) data center from a third-party (cloud) data center. Based on a received update request from an update service in the third-party (cloud) data center, an access control system (“ACL”) controller generates an ACL entry for enabling access to a first-party (corporate) data center from a system, within the third-party data center where a system configuration change was performed by a cloud platform. The ACL controller then transmits the ACL entry to one or more devices within the first-party data center, enabling access from the updated system hosted in the third-party data center. | 2022-03-31 |
20220103560 | GENOME SHARING - Sharing data is disclosed. In some cases, sharing data includes receiving a request to share data from a first account to a second account, receiving an indication of a plurality of first account profiles associated with the first account to share with the second account, and establishing sharing from the plurality of first account profiles to the second account, wherein sharing comprises the second account having read access to a subset of nonpublic data associated with the plurality of first account profiles. | 2022-03-31 |
20220103561 | BEHAVIOR MANAGEMENT - Embodiments of the present invention relate to methods, systems, and computer program products for user behavior management. In embodiments, a group of states of a user of an application system within a previous time period may be obtained. A state in the group of states may be associated with a privilege of the user for accessing resources in the application system during the previous time period. A feature of the user may be generated based on the group of states. A privilege of the user at a current time may be managed in the application system based on the feature. With these embodiments, the user behavior may be managed according to various aspect of the user's historical states and thus the user may be managed in a more accurate and effective manner. | 2022-03-31 |
20220103562 | ACCESS CONTROL USING TASK MANAGER - Methods and systems are described for providing conditional access to a service. One or more tasks may be associated with a user profile. The one or more tasks may be indicated as required to be completed to access the service. The one or more tasks may have associated deadlines. If a task is not completed by the deadline, then any device associated with the user profile may be blocked from access to the service. | 2022-03-31 |
20220103563 | METHODS AND AUTHENTICATION SERVER FOR AUTHENTICATION OF USERS REQUESTING ACCESS TO A RESTRICTED DATA RESOURCE USING AUTHORIZED APPROVERS - Disclosed is a method performed by an authentication server for authentication of users requesting access to a restricted data resource from a communication device, the authentication server being situated in the restricted data resource. After checking that a username and password received from a communication device matches a stored username and password, the authentication server sends, using the RADIUS protocol, a request to the communication device to enter an approver ID. After receiving an approver ID from the communication device in response to the request, via the RADIUS protocol, the authentication server sends an approval request including user ID to an approver device indicated by the approver ID, and if the approver approves the request, the authentication server receives an accept to the approval request and grants the user access to the restricted data resource. | 2022-03-31 |
20220103564 | METHOD, DEVICE AND COMPUTER PROGRAM PRODUCT FOR PROCESSING ACCESS MANAGEMENT RIGHTS - Techniques process an access management permission. Such techniques involve: receiving, from a client, a first request for obtaining an access management permission of a file. The techniques further involve: obtaining a current score of the file, wherein the current score indicates a probability of receiving, after the access management permission is assigned to the client, a second request conflicting with the first request. The techniques further involve: assigning the access management permission to the client if it is determined that the current score is greater than or equal to a threshold score. Such techniques alleviate the need to assign, to a client, the access management permission of a file with a high probability of an access conflict, thus enhancing the performance of the server as well as the user experience. | 2022-03-31 |
20220103565 | TEAM MEMBER TRANSFER TOOL - The present technology can provide a mechanism for providing a team member transfer interface to an administrator user for transferring team member user accounts from one team to another and also a mechanism for transferring the team member user accounts, such as by switching an assignment of one or more user accounts from a first team to another in a single atomic action. The transferring of the team member user accounts may also depend on passing a set of validation checks that check for inconsistencies that could cause an error in the transfer, and also updating access and privileges associated with being members of certain teams. | 2022-03-31 |
20220103566 | AUTOMATIC CONFIGURATION AND MANAGEMENT OF USER PERMISSIONS BASED ON ROLES AND USER ACTIVITY - The techniques disclosed herein provide automatic escalation and de-escalation of roles and permissions based on user activity of a communication system. Initial event parameters, such as an event attendee list and a meeting type, can be established by a user input. The system can then determine an initial set of roles and permissions for each attendee. A system can then monitor user activity associated with the event to generate a queue of activities. When the system detects that one or more activities satisfies given criteria, the system can escalate or de-escalate the roles and permissions for specific attendees. By dynamically controlling granular levels of permissions in a timely manner based on the detection of specific activities, a system can improve the security of stored data as well as improve the efficiency of detected collaborative event scenarios. | 2022-03-31 |
20220103567 | INFORMATION PROCESSING APPARATUS AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM - An information processing apparatus includes: a processor configured to: execute an authentication process of authenticating a user by a first authentication process, which is any one of plural authentication processes having different security levels; and execute, in a case where execution of a job is instructed by the authenticated user authenticated by the first authentication process, and a security level of the first authentication process is lower than a security level of the job, another authentication process of authenticating the authenticated user by a second authentication process having a security level higher than the security level of the first authentication process among the plural authentication processes as an additional authentication process. | 2022-03-31 |
20220103568 | AUTHENTICATION MANAGEMENT METHOD, AUTHENTICATION MANAGEMENT PROGRAM, AND USER AUTHENTICATION MANAGEMENT DEVICE - An authentication management method includes: generating an authentication state based on an authentication result by an authentication terminal, an authentication rule or rules and identity information, and notifying a vehicle application of the generated authentication state. An authentication rule stored in a storage defines a plurality of authentication levels according to security levels, and authentication by an authentication element in at least one of the authentication levels includes possession authentication by a hardware encryption module with physical security. | 2022-03-31 |
20220103569 | ADJUSTING BEHAVIOR OF AN ENDPOINT SECURITY AGENT BASED ON NETWORK LOCATION - Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device identifies whether a security service of a cloud-based security service is not reachable or is unresponsive. The security service is associated with a particular security function implemented by the agent. When the security service is not reachable or is unresponsive, the agent further determines whether the endpoint device is within a trusted network of multiple trusted networks that have been previously registered with the cloud-based security service by querying a trusted network determination service associated with the cloud-based security service. When the determination is affirmative, the particular security feature is configured for operating inside a trusted network. When the determination is negative, the particular security feature is configured for operating outside a trusted network. | 2022-03-31 |
20220103570 | INTEGRITY VERIFIED PATHS BETWEEN ENTITIES IN A CONTAINER-ORCHESTRATION SYSTEM - Techniques and mechanisms for providing integrity verified paths using only integrity validated pods of nodes. A network service mesh (NSM) associated with a first pod may locally generate a nonce and provide the nonce to the first pod, where the request includes a request for an attestation token. Using the nonce, the first pod may generate the attestation token and reply back to the NSM. The NSM may generate a second request for an attestation token and forward it to a NSE pod, where the request includes a second locally generated nonce generated by the NSM. The NSE pod may generate the second attestation token using the second nonce and reply back to the NSM. The NSM may then have the attestation tokens verified or validated by a certificate authority (CA) server. The NSM may thus instantiate an integrity verified path between the first pod and the NSE pod. | 2022-03-31 |
20220103571 | MESSAGING SOURCE VERIFICATION METHOD, APPARATUS, AND SYSTEM - Methods, apparatus, and system to verify the source of a suspect message, so that it is no longer suspect. | 2022-03-31 |
20220103572 | TRUST POLICIES FOR A DATA PROVISIONING LAYER - Techniques for enforcing trust policies for payload data transmitted through a data provisioning layer include: receiving, by a node in the data provisioning layer, payload data to be delivered to a recipient; obtaining, by the node, a trust policy indicating multiple attributes used to determine trustworthiness of payloads; determining, by the node, a set of values of the attributes associated with the payload data; generating, by the node, a trustworthiness opinion based at least on the trust policy and the set of values of the attributes; transmitting, by the node, the payload data and the trustworthiness opinion via the data provisioning layer toward the recipient; computing, by the recipient, a trustworthiness metric associated with the payload data based at least on the trustworthiness opinion; and determining, by the recipient, an action to take with respect to the payload data based at least on the trustworthiness metric. | 2022-03-31 |
20220103573 | INSPECTING NETWORK TRAFFIC ENCRYPTED WITH FORWARD SECRECY - A method is provided for inspecting network traffic carried by a connection that is encrypted as specified by a network encryption protocol that provides forward secrecy. A server establishes a shared secret with a client as specified by the protocol, derives traffic secrets from the shared secret, and sends the traffic secret to a visibility middlebox. The visibility middlebox derives keying materials from the traffic secrets and uses the keying materials to decrypt the traffic. | 2022-03-31 |
20220103574 | GENERATING AND MUTUALLY MATURING A KNOWLEDGE CORPUS - In an approach to mature a knowledge corpus using artificial intelligence (AI) and user collaboration, embodiments create, by an AI response system, a knowledge corpus based on retrieved data associated with a first user. Additionally, embodiments execute, by the AI response system, a search to locate one or more matching knowledge corpora based on a request of the first user, and identify, by an anonymous network, at least one cluster of one or more anonymous second users having respective search requests that substantially match the search request of the first user. Furthermore, embodiments execute an AI exchange between the identified one or more anonymous second users and the first user, and mature the knowledge corpus, via the AI response system, based on the AI exchange between the first user and the identified one or more anonymous second users. | 2022-03-31 |
20220103575 | System for Extracting, Classifying, and Enriching Cyber Criminal Communication Data - An apparatus, including systems and methods, for classifying, mapping, and predicting cybercriminal activity is disclosed herein. For example, in some embodiments, an apparatus is configured to: receive cybercriminal communication (CCC) data of postings from a source forum; identify, classify, and rank a threat topic for each posting; identify a first subset of postings that includes postings assigned the threat topic classification with the greatest threat topic rank; for each posting of the first subset of postings: identify and rank the threat actor; identify a second subset of postings that includes postings associated with the threat actor assigned the greatest threat actor rank; and send, to a cybersecurity data exchange module, the CCC data of the second subset of postings and associated enriched data including the source forum, the threat topic classifications, the threat actor, the threat actor rank, or the other threat actors that mentioned the threat actor. | 2022-03-31 |
20220103576 | NETWORK ANOMALY DETECTION AND MITIGATION SIMULATION TOOL - One or more network tests for a network are selected, wherein the selected one or more network tests simulate an attempt to establish an anomalous network configuration. A network configuration update is generated based on the selected one or more network tests and the network configuration update is issued to a network-based device. A performance of the network is monitored for establishment of the anomalous network configuration in response to the network configuration update and a configuration of the network is revised based on the monitored performance of the network, to mitigate the establishment of the anomalous network configuration. | 2022-03-31 |
20220103577 | Threat Mapping Engine - Various embodiments provide novel tools and techniques for a threat mapping engine. A system includes a vertex discovery harvester subsystem, an edge extractor subsystem, a vertex correlator subsystem, and a recursive graph builder subsystem. The recursive graph builder subsystem includes a processor, and a computer readable medium in communication with the processor, the computer readable medium having encoded thereon a set of instructions executable by the processor to generate a map of one or more connections from the first known vertex to at least one related vertex of the one or more vertices via at least one edge, based on the one or more vertex correlations, determine a threat score indicative of a threat posed by at least one related vertex of the map, and generate a threat graph based on the map and the threat score of the at least one related vertex layered over the map. | 2022-03-31 |
20220103578 | SYSTEMS AND METHODS FOR CYBER MONITORING AND ALERTING FOR CONNECTED AIRCRAFT - A method of monitoring network traffic of a connected vehicle. The method includes receiving network traffic information from a vehicle gateway, the network traffic information including malicious and/or benign information. The method also includes storing the network traffic information on a data server and periodically updating the network traffic information stored on the data server. The method further includes: pre-processing the network traffic information, the pre-processing the network traffic information including filtering and normalizing the network traffic information; generating a learning model based on the pre-processed network traffic information, the learning model being generated by an artificial intelligence learning; updating the learning model based on additional network traffic information, the additional network traffic information including real-time network data; in accordance with the updated learning model, detecting an anomaly event in the incoming network data; and generating a notification and/or blocking one or more packets associated with the incoming network data. | 2022-03-31 |
20220103579 | SYSTEM AND APPARATUS FOR INTERNET TRAFFIC INSPECTION VIA LOCALIZED DNS CACHING - An approach is proposed to support Internet traffic inspection to detect and prevent access to blocked websites or resources. First, access requests initiated by users to websites hosted on servers over a network are intercepted by an inspection agent, which identifies and caches a pair of the domain/host name of each website and its corresponding IP address on the Internet to a localized DNS cache. When a newly intercepted access request identifies the website by its IP address only without specifying its domain/host name, the inspection agent looks up the domain name by its IP address from the DNS cache. If no domain name is found, the inspection agent redirects the access request to a proxy server instead of forwarding it to the server hosting the website for further inspection. The proxy server then inspects the IP address to determine if it is a legitimate website or not. | 2022-03-31 |
20220103580 | PREVENTING SCHEDULING OR EXECUTING A RESOURCE ON AN INCONSISTENT HOST NODE - Examples relate to preventing scheduling or executing a resource on an inconsistent host node in a networked system. Some examples track a taint status of the host node and identify whether the host node is inconsistent based on the taint status of the host node over a predefined period of time. Upon identifying that the host node is inconsistent, a master taint is applied on the inconsistent host node, which prevents scheduling or executing a resource on the identified inconsistent host node. | 2022-03-31 |
20220103581 | SYSTEM AND METHOD FOR CYBERSECURITY OPERATIONS THREAT MODELING - Systems and methods for cybersecurity operations threat modeling are disclosed. In one embodiment, a method may include: (1) receiving threat actor data and threat actor group data; (2) processing the threat actor data and the threat actor group data; (3) for each threat actor group, generating a threat actor group profile; (4) collecting operational data from an organizational system; (5) generating a threat model by applying the threat actor group profile to the operational data; and (6) deploying at least one countermeasure to the organizational system in response to the threat model. | 2022-03-31 |
20220103582 | SYSTEM AND METHOD FOR CYBERSECURITY - A method for threat detection and automatic mitigated response to IP & DDOS born Cyber Security events and Threats. The Disclosed system can provide autonomous system numbers (ASNs) to prevent several network-born cyber threats. These ASN can be distributed to devices on a network along with IP addresses. Disclosed are an ASN record that can be incorporated into Global DNS Servers and systems and can store the IP Address and Private and Public ASN numbers. Also, the disclosed system and method can also provide anomaly detection techniques based on the ASN and Geolocation Proximity. | 2022-03-31 |
20220103583 | INFORMATION TRANSMISSION DEVICE, SERVER, AND INFORMATION TRANSMISSION METHOD - An information transmission device is provided in an object that including one or more devices and a monitoring sensor monitoring each device. The information transmission device includes: an obtainer that obtains, from the monitoring sensor, first detection information indicating that an anomaly is detected in any device; and a transmitter that transmits, to an external device, monitoring information including the first detection information and relevance information. The relevance information indicates relevance between the first detection information and second detection information which is obtained from the monitoring sensor and transmitted from the transmitter to the external device prior to the transmission of the first detection information. The second detection information indicating that an anomaly is detected in any device, and relating to the first detection information. | 2022-03-31 |
20220103584 | Information Security Using Blockchain Technology - Blockchain technology is used to provide security of electronic systems. The disclosed technology allows for a dynamic bond of trust to be applied to the field of information security without the need for a single point of trust to first be established. The lines of trust between electronic systems or devices is established by distributing information among the systems or devices. This allows for easy identification of commonalities and/or decision making whereby policy(s)/action(s)/monitoring/etc. can be enforced when those commonalities align. Simultaneously, deviations from those commonalities can be identified and policy(s)/action(s)/monitoring/etc. may also be invoked. The use of blockchain technology enables investigative and responsive actions to detect and exploit a potential attacker on a network. | 2022-03-31 |
20220103585 | Vector-Based Anomaly Detection - A hybrid-fabric apparatus comprises a black box memory configured to store a plurality of behavior metrics and an anomaly agent coupled to the black box. The anomaly agent determines a baseline vector corresponding to nominal behavior of the fabric, wherein the baseline vector comprises at least two different behavior metrics that are correlated with each other. The anomaly agent disaggregates anomaly detection criteria into a plurality of anomaly criterion to be distributed among network nodes in the fabric, the anomaly detection criteria characterizing a variation from the baseline vector, and each of the plurality of anomaly criterion comprising a function of a measured vector of behavior metrics. The variation can be calculated based on a variation function applied to a vector of measured behavior metrics having elements corresponding to member elements of the baseline vector. Anomaly criterion statuses calculated by at least some of the network nodes are aggregated. | 2022-03-31 |
20220103586 | TAILORED NETWORK RISK ANALYSIS USING DEEP LEARNING MODELING - A method, computer system, and computer program product are provided for network risk analysis. A plurality of risk reports relating to a network device in a network are obtained, wherein each risk report is associated with a particular dimension of a plurality of dimensions of risk for the network device in the network. A count of the plurality of risk reports is determined for each dimension of the plurality of dimensions of risk. A regression model is applied to determine a risk value for the network device in the network based on the count of the plurality of risk reports for each dimension and based a role of the network device in the network. | 2022-03-31 |
20220103587 | SYSTEMS AND METHODS FOR GRAPHICAL VISUALIZATION OF WEB APPLICATION VULNERABILITIES - A computer system is provided. The computer system includes a memory and at least one processor coupled to the memory and configured to extract, from a website vulnerability scanner log, a uniform resource locator (URL) and a vulnerability score and vulnerability classification associated with the URL. The at least one processor is further configured to generate an application vulnerability graph comprising connected nodes that are associated with a field of the URL. The nodes are labeled to indicate the associated field of the URL and color coded based on the vulnerability score. The nodes are also associated with the vulnerability classification. The at least one processor is further configured to enable or disable security protection against a user-selected vulnerability classification of a user-selected node by generating web application firewall security rules and/or web application firewall relaxation rules. | 2022-03-31 |
20220103588 | Network security system including a multi-dimensional domain name system to protect against cybersecurity threats - A method performed by a security system that can analyze a vulnerability or a risk applicable to a network entity to identify a cybersecurity threat and associated risk level. The security system can store indications of cybersecurity threats and risk levels in a database of a Domain Name System (DNS). The security system can monitor and resolve network traffic to determine IP addresses or URLs associated with the cybersecurity threats. The security system stores a map of the cybersecurity threats and IP addresses or URLs such that the security system can protect a network entity by processing network traffic to sources or destinations of network traffic that can harm particular network entities, and execute personalized security procedures to protect the network entities. | 2022-03-31 |
20220103589 | PREDICTING DATA TAMPERING USING AUGMENTED MACHINE LEARNING MODELS - Certain aspects involve using a set of machine learning modeling models for predicting attempts to tamper with records using a fraudulent dispute. A tampering prediction system receives a request from a target entity to modify event data for a historical event, including information about the target entity and the event. The system generates a first score by applying a first set of machine learning models to the information from the request and information about the target entity obtained from a database. They system computes a second score by applying a second machine learning model to event data retrieved from the database. The second machine learning model has been trained using labeled training data and is augmented with a model that has been trained using unlabeled training data. The system generates an overall score for the request based on the first score and the second score. | 2022-03-31 |
20220103590 | Classification of cyber-alerts into security incidents - Methods, apparatuses and computer program products that implement embodiments of the present invention for protecting a computer network, include receiving, in a security server, alerts of multiple different types, indicative of potentially malicious activity in the network, that are detected by multiple different protection appliances deployed in the network. The alerts in the security server are correlated so as to identify a first alert of a first type from a first protection appliance in the network and a second alert of a second type, different from the first type from a second protection appliance in the network that are together indicative of a single attack on the network. Finally, a consolidated alert is issued responsively to the attack. | 2022-03-31 |
20220103591 | SYSTEMS AND METHODS FOR DETECTING ANOMOLIES IN NETWORK COMMUNICATION - Systems and method for detecting anomalies in network communication in an industrial automation system. An anomaly detection system, a decentralized system, may identify IoT devices within the network communication and corresponding communication metrics. Using the communication metrics between the identified IoT devise, the anomaly detection system may generate a social network model that is indicative of expected network communication properties. By analyzing social network metrics and the overall entropy of the network communication in real time, the anomaly detection system may identify anomalies that may be associated with potential network vulnerabilities. | 2022-03-31 |
20220103592 | ENHANCED RISK ASSESSMENT - Systems, methods, and related technologies for determining a risk score or value are described. The risk score determination may include accessing network traffic from a network, where the network traffic is associated with a plurality of entities. One or more values associated with one or more properties associated with an entity are determined. The one or more values may be based on the network traffic. At least one of a functional risk value, a configurational risk value, or a behavioral risk value associated with the entity are determined. A risk value for the entity is determined based on the functional risk value and at least one of the configurational risk value or the behavioral risk value associated with the entity. | 2022-03-31 |
20220103593 | SYSTEMS AND METHODS FOR SECURING A WORKLOAD - The present disclosure provides systems and methods for securing a computer workload. The method may comprise: receiving a workload; embedding a secure agent into the workload, wherein the secure agent comprises (i) a shim layer located between an application libraries layer of the workload and an operating system service layer and (ii) a security policy repository; and implementing security policies based at least in part on application programming interface (API) calls intercepted by the shim layer. | 2022-03-31 |
20220103594 | ADJUSTING BEHAVIOR OF AN ENDPOINT SECURITY AGENT BASED ON NETWORK LOCATION - Systems and methods for adjusting the behavior of an endpoint security agent based on a network location are provided. According to an embodiment, an agent of an endpoint device detects whether the endpoint has moved to a new network by monitoring for changes to an IP address associated with the endpoint. When the detecting is affirmative, the agent further determines whether a trusted network determination service associated with a cloud-based security service is reachable. When the determining is affirmative, the agent further identifies whether the new network is among a set of trusted networks that have been previously registered with the cloud-based security service by querying the trusted network determination service. When the identifying is affirmative, a particular security feature on the endpoint is configured for operation within a trusted network and when the identifying is negative, the particular security feature is configured for operation outside of a trusted networks. | 2022-03-31 |
20220103595 | Intrusion Detection and Prevention System Rule Automation and Optimization - A network intrusion system for a protected network includes a ruleset module configured to receive metadata for rules. The metadata describes, for each of the rules, a set of associated network vulnerabilities. The ruleset module is configured to access vulnerability information describing a set of cumulative vulnerabilities that each is present in at least one network device within the protected network. The network intrusion system includes a rule management module configured to, for each rule of the plurality of rules: identify the set of associated network vulnerabilities described by the metadata for the rule, determine whether there is a match between any of the set of associated network vulnerabilities and the set of cumulative vulnerabilities, and, in response to determining that there is no match, transmit a first command signal to a network security module. The first command signal instructs the network security module to disable the rule. | 2022-03-31 |
20220103596 | DIGITAL ON-DEMAND COUPONS FOR SECURITY SERVICE OF COMMUNICATIONS SYSTEM - A method performed by a security system of a 5G network to protect against cyberattacks on a personalized basis. The security system can identify a cybersecurity threat to a wireless device based on contextual information relating to the wireless device, a user preference, or a call detail record. The security system can determine a one-time fee to charge the user in exchange for protecting the wireless device against the cybersecurity threat, generate an on-demand coupon to protect the wireless device against the cybersecurity threat, and send the on-demand coupon to the wireless device based at least in part on the contextual information relating to the wireless device and the user preference. When the security system receives an indication that the on-demand coupon was redeemed, responds by deploying a network asset to protect the wireless device against the cybersecurity threat. | 2022-03-31 |
20220103597 | DYNAMIC OPTIMIZATION OF CLIENT APPLICATION ACCESS VIA A SECURE ACCESS SERVICE EDGE (SASE) NETWORK OPTIMIZATION CONTROLLER (NOC) - A network optimization controller (NOC) performs operations including obtaining, from a secure access service edge (SASE) device executing a security service, a first data set defining a security performance metric provided by the security service, and obtaining, from the SASE, a second data set defining a network performance metric associated with a network device. The operations further include defining a policy based at least in part on the first data set and the second data set, determining if the policy has been violated, and changing a first access modality provided for the network device to access an end host to a second access modality based at least in part on the policy being violated. The first access modality and the second access modality define different methods of access to the end host. | 2022-03-31 |
20220103598 | NETWORK VIRTUALIZATION INFRASTRUCTURE WITH DIVIDED USER RESPONSIBILITIES - Some embodiments provide a method for network management and control system that manages one or more logical networks. From a first user, the method receives a definition of one or more security zones for a logical network. Each security zone definition includes a set of security rules for data compute nodes (DCNs) assigned to the security zone. From a second user, the method receives a definition of an application to be deployed in the logical network. The application definition specifies a set of requirements. Based on the specified set of requirements, the method assigns DCNs implementing the application to one or more of the security zones for the logical network. | 2022-03-31 |
20220103599 | METHOD, SYSTEM AND APPARATUS FOR UNIFIED SECURITY CONFIGURATION MANAGEMENT - Methods and apparatus are disclosed for unified security configuration management. A method may comprise: determine a security configuration to be executed; determine at least one security application which is installed on at least one node and is associated with the security configuration; format for the security configuration, instructions corresponding to each of the at least one security application, respectively; and send the instructions to the at least one node for respective configuration for each of the at least one security application. | 2022-03-31 |
20220103600 | MONITORING AND DETECTION OF FRAUDULENT OR UNAUTHORIZED USE IN TELEPHONE CONFERENCING SYSTEMS OR VOICE NETWORKS - Novel tools and techniques are provided for implementing monitoring and detection of fraudulent or unauthorized use in telephone conferencing systems or voice networks. In various embodiments, a computing system might monitor call activity through telephone conferencing system or voice network. In response to detecting use of the telephone conferencing system or voice network by at least one party based on the monitored call activity, the computing system might identify incoming and/or outgoing associated with a call initiated by the at least one party. The computing system might analyze the identified incoming and/or outgoing call data to determine whether the call initiated by the at least one party constitutes at least one of fraudulent use or unauthorized use of the telephone conferencing system or voice network. If so, the computing system might initiate one or more first actions. | 2022-03-31 |
20220103601 | TERMINAL DEVICES, INFRASTRUCTURE EQUIPMENT AND METHODS - A terminal device comprising: transceiver circuitry configured to communicate with infrastructure equipment; and processing circuitry configured to control the transceiver circuitry to: receive, from the infrastructure equipment, a media content stream via a media interface; and receive a remote control instruction via the media interface. | 2022-03-31 |
20220103602 | Voice Service Restoration After Element Failure - A particular computing device providing service to a user device may become unavailable. If a computing device becomes unavailable, a backup computing device may be requested to provide services to user devices on a temporary basis to allow call completion. Messages to the backup computing device instance may indicate the basis for service issues and prompt further action by the computing device, such as registration with an alternative computing device or re-registration with a computing device that was determined to be unavailable. | 2022-03-31 |
20220103603 | SYSTEM AND METHOD OF INTELLIGENTLY SHARING CONFERENCE CONTENT - A computer-implemented method for sharing conference content is provided. The method comprises receiving a share input from a first device corresponding to a participant of a conference session, determining content for sharing using communication information associated with the participant, determining that the content is available through a second device and sharing the content using the second device. | 2022-03-31 |
20220103604 | METHODS AND APPARATUS FOR SEAMLESS TRANSITION BETWEEN NETWORK CONFERENCES - Methods and apparatus for seamless transition between network conferences. In an embodiment, a method is provided for transitioning between network conferences. The method includes attending a first network conference using a first conference state and conferencing application, and displaying, on a display screen, Up-Next conference status comprising a meeting time for a second network conference and images of attendees that have joined the second network conference. The method also includes joining the second network conference using the first conference state and the conferencing application. | 2022-03-31 |
20220103605 | METHODS AND APPARATUS FOR DISPLAYING UP-NEXT CONFERENCE STATUS FOR SEAMLESS TRANSITION BETWEEN NETWORK CONFERENCES - Methods and apparatus for displaying Up-Next conference status for seamless transition between network conferences. In an embodiment, a method is provided for displaying Up-Next conference status. The method includes attending a first network conference, obtaining a meeting identifier and a meeting time for a second network conference, requesting conference status information for the second network conference based on the meeting identifier. The conference status information includes images of attendees that have joined the second network conference. The method also includes displaying Up-Next conference status during the first network conference. The Up-Next conference status includes the meeting time and the images of the attendees that have joined the second network conference. | 2022-03-31 |
20220103606 | SYSTEM AND METHOD FOR VISUAL AND AUDITORY COMMUNICATION USING CLOUD COMMUNICATION - Disclosed is a method and a system configured to be arranged at a location. The system being configured for visual and auditory communication between one or more at-location participants and one or more far-end participants. The system comprising an audio/video (AV)-system. The AV-system comprising an audio component for audio transmission and a video component for video transmission. The AV-system is configured for providing a video-feed from the location. The AV-system is configured to connect to a unified communication cloud server for enabling/performing cloud communication service. The system comprising a functionality service software embedded in the AV-system. The functionality service software being configured for controlling a number of functionalities of the video-feed to generate a processed video-feed. The processed video-feed from the location is configured to be provided to the far-end participant(s) via the cloud communication service. | 2022-03-31 |
20220103607 | METHODS AND SYSTEMS FOR MANAGING SIMULTANEOUS DATA STREAMS FROM MULTIPLE SOURCES - A system and method for managing simultaneous data streams from multiple sources is provided. At least one paired audio device within the system, is a managing device and coordinates the audio playback presented in each paired audio device. In this way, each device can produce an audio playback associated with different streams simultaneously. In some examples, the managing device is one of the two devices or a peripheral device, e.g., a smartphone. In some examples, each data stream contains data used to generate a priority level for each data stream. The managing device can allow a data stream having a higher priority level or the data stream with a detected change to “barge-in” causing the playbacks of each device to be associated with a different data stream. Additionally, each device is capable of assuming the role of “stream scanner” to prevent uneven power consumption between the devices within the system. | 2022-03-31 |
20220103608 | METHOD AND SYSTEM FOR GROUP CALL USING UNICAST AND MULTICAST - A method and a system for performing a group call using unicast and multicast are provided. A group call method performed by a first client device, may include: establishing a media session with a server providing a group call service based on a group call request from the first client device; transmitting, to the server through the media session, at least one first packet including a first source identifier of the first client device; providing a user interface at the first client device, that enables selecting at least one second client device from a plurality of second client devices that participate in a group call initiated by the first client device; and transmitting, from the first client device to the server, at least one second packet including a second source identifier of the selected at least one second client device as a destination of data included in the at least one second packet. | 2022-03-31 |
20220103609 | METHOD AND APPARATUS FOR PLAYING MULTIMEDIA STREAMING DATA - A transmission control method and an apparatus of multimedia streaming data are provided. The method includes, when an edge server is to transmit a data packet of a video requested by user equipment to the user equipment, and it is a first time that the edge server transmits the data packet according to the request, filtering, by the edge server, the data packet, and transmitting the filtered data packet to the user equipment, otherwise, directly transmitting the data packet to the user equipment, wherein the video includes an on-demand video and a real-time video, and playing, by the user equipment, the video directly according to the received data packet. | 2022-03-31 |
20220103610 | SINGLE STREAM FORMAT FOR MULTIPLE DISPLAY MODES - Disclosed herein are techniques to provide a unified display stream for multiple modes of a display specification. The display stream can include a link layer control protocol packet comprising link control information inserted between a set number of packets comprising display data. A packet can comprise indications of display data for a single stream or multiple streams. | 2022-03-31 |
20220103611 | CELLULAR COMMUNICATION PROTOCOL AWARE MULTIMEDIA STREAMING - A device implementing cellular communication protocol aware multimedia streaming may include at least one processor configured to establish a link for communicating with another device, wherein the link utilizes at least one of a first cellular communication protocol or a second cellular communication protocol. The at least one processor may be configured to determine a bit rate for a video stream to be provided to the other device based at least in part on whether the link utilizes the first cellular communication protocol or the second cellular communication protocol, wherein a first bit rate is determined when the link utilizes the first cellular communication protocol and a second bit rate is determined when the link utilizes the second cellular communication protocol. The at least one processor may be configured to provide, for transmission over the link to the other electronic device, the video stream at the determined bit rate. | 2022-03-31 |
20220103612 | Application Recommendation Method, Device, and System - An application recommendation method, device, and system, which relate to the field of network technologies, and that can recommend an application related to a service system to a user in real time according to location information of a terminal device and the service system. The method includes initiating a broadcast message to each service system located within a preset geographic location range, so that each service system returns a response message, and when an application corresponding to a response message of the service system is not installed in a terminal device, sending a download request to a server; and downloading and installing the application according to download information sent by the server. | 2022-03-31 |
20220103613 | AUTO-DOCUMENTATION FOR APPLICATION PROGRAM INTERFACES BASED ON NETWORK REQUESTS AND RESPONSES - Disclosed embodiments are directed at systems, methods, and architecture for providing auto-documentation to APIs. The auto documentation plugin is architecturally placed between an API and a client thereof and parses API requests and responses in order to generate auto-documentation. In some embodiments, the auto-documentation plugin is used to update preexisting documentation after updates. In some embodiments, the auto-documentation plugin accesses an on-line documentation repository. In some embodiments, the auto-documentation plugin makes use of a machine learning model to determine how and which portions of an existing documentation file to update. | 2022-03-31 |
20220103614 | 5G NETWORK EDGE AND CORE SERVICE DIMENSIONING - Various systems and methods for implementing a multi-access edge computing (MEC) based system to realize 5G Network Edge and Core Service Dimensioning using Machine Learning and other Artificial Intelligence Techniques, for improved operations and usage of computing and networking resources, and are disclosed herein. In an example, processing circuitry of a compute node on a network is used to analyze execution of an application to obtain operational data. The compute node then may modularize functions of the application based on the operational data to construct modularized functions. A phase transition graph is constructed using a machine-learning based analysis, the phase transition graph representing state transitions from one modularized function to another modularized function, where the phase transition graph is used to dimension the application by distributing the modularized functions across the network. | 2022-03-31 |
20220103615 | DISTRIBUTED CONTENT DISTRIBUTION NETWORK - Examples of the present disclosure relate to a distributed CDN comprised of CDN nodes that each have a compute engine and a data store. Compute engines may be used to execute software associated with computing functionality of the distributed CDN and may be reconfigured according to changing conditions to adapt computing functionality to current or expected demand. Nodes may communicate with one another via an overlay network. A node may determine whether it should process a request or generate a route via the overlay network to the remote node, thereby enabling the remote node to process the request. In another example, a node may receive a request for a compute resource that is not currently provided by the node. The compute engine of the node may be reconfigured to provide the compute resource, thereby enabling the node to service the request rather than redirect the request to a different node. | 2022-03-31 |
20220103616 | CENTRALIZED APPROACH FOR MANAGING CROSS-SERVICE DATA OF CLOUD RESOURCES - Techniques for managing network-accessible infrastructure metadata are provided. A method includes receiving a resource request comprising resource metadata corresponding to a network-accessible infrastructure resource, determining whether to commit the resource request based at least in part on a constraint associated with the network-accessible infrastructure resource, and, in accordance with a determination to commit the resource request: generating, by the computer system, a resource identifier describing resource metadata in accordance with the resource request, storing, by the computer system, the resource metadata in a data store in communication with the computer system, receiving, by the computer system, a data request to provide the resource metadata described by the resource identifier, and providing, by the computer system, the resource metadata described by the resource identifier in accordance with the data request. | 2022-03-31 |
20220103617 | Methods and Systems for Orchestrating a Distributed Computing Service Based on Latency Performance Levels - An illustrative latency service system identifies, in response to a request by a user equipment (UE) device for performance of a distributed computing service, a latency performance level to which the UE device is subscribed. The system obtains real-time latency performance data for a distributed computing network that is to perform the distributed computing service for the UE device in response to the request, and, based on the real-time latency performance data, determines a characteristic of a geographic zone in which the UE device is located. The characteristic is associated with latency performance that the distributed computing network is capable of providing in the geographic zone. Based on the latency performance level and the characteristic of the geographic zone, the system arranges for the performance of the distributed computing service for the UE device by the distributed computing network. Corresponding methods and systems are also disclosed. | 2022-03-31 |
20220103618 | DATA PIPELINE ARCHITECTURE - A method and a system for managing data flows and data processing operations with respect to a platform are provided. The method includes: executing a first set of microservice applications for coordinating data flows with respect to a data repository; executing a second set of microservice applications for coordinating data processing operations; and executing a third set of microservice applications for performing metadata processing that relates to the data flows and the data processing operations. The system provides an architecture that is designed for delivering information with speed, scale, and quality to diverse destinations and use cases and providing advanced data processing to support real-time streaming processes and aggregated batch processes. | 2022-03-31 |
20220103619 | DETECTING ANOMALIES IN A DISTRIBUTED APPLICATION - Anomalies are detected in a distributed application that runs on a plurality of nodes to execute at least first and second workloads. The method of detecting anomalies includes collecting first network traffic data of the first workload and second network traffic data of the second workload during a first period of execution of the first and second workloads, collecting third network traffic data of the first workload and fourth network traffic data of the second workload during a second period of execution of the first and second workloads, and detecting an anomaly in the distributed application based on a comparison of the third network traffic data against the first network traffic data or a comparison of the fourth network traffic data against the second network traffic data. Anomalies may also be detected by comparing network traffic data of two groups of containers executing the same workload. | 2022-03-31 |
20220103620 | OPERATION MANAGEMENT SYSTEM AND OPERATION MANAGEMENT METHOD - An operation management system capable of implementing optimum deployment of applications and data is provided. The operation management system is designed to include: a first edge server including a first storage unit which stores data acquired from a sensor; a second edge server including an application for processing the data; an information management unit that generates relation information, when the data stored in the first storage unit is processed by the application, by associating information indicating the data, information indicating the first storage unit which stores the data, information indicating the application, and information indicating the second edge server in which the application is provided, with each other, and an output unit that outputs the relation information generated by the information management unit. | 2022-03-31 |
20220103621 | METHODS, APPARATUSES AND COMPUTER PROGRAM PRODUCTS FOR MANAGING PRODUCT FEATURE RELEASE IN A CLOUD-BASED COMPUTING ENVIRONMENT - Various embodiments herein described are directed to methods, apparatuses and computer program products configured for managing software product feature and version releases in complex and distributed network systems. Various embodiments are directed to systems and network frameworks that are configured to provide controlled release of software features/changes through admin user notification and control interfaces. In some embodiments, a sandbox system environment may be provided to admin users to test and configure upcoming software features/changes. Additional example embodiments provide a release track system that specifies and manages feature release schedules in a complex and multitenant cloud network environment. | 2022-03-31 |
20220103622 | COMMISSIONING AND DECOMMISSIONING METADATA NODES IN A RUNNING DISTRIBUTED DATA STORAGE SYSTEM - In a running distributed data storage system that actively processes I/Os, metadata nodes are commissioned and decommissioned without taking down the storage system and without introducing interruptions to metadata or payload data I/O. The inflow of reads and writes continues without interruption even while new metadata nodes are in the process of being added and/or removed and the strong consistency of the system is guaranteed. Commissioning and decommissioning nodes within the running system enables streamlined replacement of permanently failed nodes and advantageously enables the system to adapt elastically to workload changes. An illustrative distributed barrier logic (the “view change barrier”) controls a multi-state process that controls a coordinated step-wise progression of the metadata nodes from an old view to a new normal. Rules for I/O handling govern each state until the state machine loop has been traversed and the system reaches its new normal. | 2022-03-31 |
20220103623 | INTELLIGENT PEER-TO-PEER CONTAINER FILESYSTEM - A peer container filesystem is provided. The peer container filesystem allows peer nodes to share containers. The peer container filesystem allows the images or portions thereof to be shared without a container registry. A node send requests to the network that are configured to push or distribute an image in the network, search for an image in the network, download an image in the network, and perform updates amongst the peer nodes such that the locations of images and/or their files are known to at least some of the peers in the network. | 2022-03-31 |
20220103624 | NODE DATA TRANSMISSION METHOD - A node data transmission method, which pertains to the field of information technology, wherein in order to solve the problem of rationally processing the relationship between data collection and data transmission among multiple radio-frequency charged nodes, two neighboring nodes are synchronously awakened by a time synchronization method, and after the two neighboring nodes are time synchronized and awakened, the node determines data cache thereof and performs a corresponding node role conversion, and the effect thereof is reasonable use of the electricity. | 2022-03-31 |
20220103625 | DIGITAL TWIN OF IT INFRASTRUCTURE - A digital twin of an IT infrastructure is created to identify a group of critical servers (called “base servers”) needed to replicate the IT infrastructure in a cloud-computing environment. To identify the correct base servers and their actual server configurations, the IT infrastructure is crawled and various telemetry, connection, and network data is analyzed against data sets of other known servers. The digital twin is created to include these base servers and their particular configurations. Then, the digital twin may be deployed on demand in the cloud-computing environment using executable scripts that mimic the base servers and their particular configurations, creating a replication of the IT infrastructure for various purposes (e.g., redundancy, testing, etc.). | 2022-03-31 |
20220103626 | DETERMINISTIC MAPPING AND UNIFORM ROUTING OF ITEMS TO PHYSICAL RESOURCES USING HASH VALUES - A string, identifying an item to be assigned to a physical resource, is hashed to obtain a numeric hash value. The numeric hash value is downscaled to obtain a bucket identifier that identifies a bucket that will hold the numeric hash value. The bucket is then deterministically mapped to a physical resource so that it can be retrieved without accessing a stored data structure representative of the mapping. | 2022-03-31 |
20220103627 | Fully Orchestrated Setup of a Containerized Cloud Communication System Within an Embedded Operating System - A storage system management application contains control logic configured to enable the storage system management application to fully orchestrate setup of a containerized cloud communication system within embedded operating system, with minimal interaction from an end user. Upon receipt of an instruction to initiate cloud access, the storage system management application enrolls a cloud tethering subsystem and establishes a secure communication channel to the cloud tethering subsystem. The storage system management application also creates a cloud protection environment within the operating system for use by the cloud tethering subsystem, and registers the storage system to the cloud tethering subsystem. The storage system management application also creates external network interfaces on the cloud tethering subsystem and configures one or more private cloud provider endpoints on the cloud tethering subsystem. | 2022-03-31 |
20220103628 | SECURE COMMUNICATIONS OF STORAGE TENANTS THAT SHARE A STORAGE CLUSTER SYSTEM - A first set of one or more tenant communication components are configured to communicate with a first separate system component of a first storage tenant via a first virtual network. A second set of one or more tenant communication components are configured to communicate with a second separate system component of a second storage tenant via a second virtual network. The second virtual network is separate from the first virtual network. A plurality of tenant communication components of the storage cluster system including the first set of one or more tenant communication components and the second set of one or more tenant communication components are configured to communicate internally in the storage cluster system via a third virtual network separate from the first virtual network and the second virtual network. | 2022-03-31 |
20220103629 | ACCESSING AN EXTERNAL STORAGE THROUGH A NIC - Some embodiments provide a method of providing distributed storage services to a host computer from a network interface card (NIC) of the host computer. At the NIC, the method accesses a set of one or more external storages operating outside of the host computer through a shared port of the NIC that is not only used to access the set of external storages but also for forwarding packets not related to an external storage. In some embodiments, the method accesses the external storage set by using a network fabric storage driver that employs a network fabric storage protocol to access the external storage set. The method presents the external storage as a local storage of the host computer to a set of programs executing on the host computer. In some embodiments, the method presents the local storage by using a storage emulation layer on the NIC to create a local storage construct that presents the set of external storages as a local storage of the host computer. | 2022-03-31 |
20220103630 | METHODS AND SYSTEMS FOR PROCESSING DATA REQUESTS - Methods and systems for managing data and transmission of content are disclosed. A computing device may receive a request for content. The computing device may determine data associated with the requested content. | 2022-03-31 |
20220103631 | REDUCING DISTRIBUTED STORAGE OPERATION LATENCY USING SEGMENT ROUTING TECHNIQUES - Systems, methods, and computer-readable media for reducing distributed storage operation latency using segment routing. In some examples, a method can involve receiving, from a client, a message identifying an intent to store or retrieve data on a distributed storage environment, and sending to the client a segment routing (SR) list identifying storage node candidates for storing or retrieving the data. The method can involve steering a data request from the client through a path defined by the SR list based on a segment routing header (SRH) associated with the request, the SRH being configured to steer the request through the path until a storage node from the storage node candidates accepts the request. The method can further involve sending, to the client device, a response indicating that the storage node has accepted the request and storing or retrieving the data at the storage node that accepted the request. | 2022-03-31 |
20220103632 | COMMUNICATION PATHS FOR STORAGE DEVICES HAVING DIFFERING CAPACITIES - A storage system is provided. The storage system includes a plurality of storage nodes, each of the plurality of storage nodes having a plurality of storage units with storage memory. The system includes a first network coupling the plurality of storage nodes and a second network coupled to at least a subset of the plurality of storage units of each of the plurality of storage nodes such that one of the plurality of storage units of a first one of the plurality of storage nodes can initiate or relay a command to one of the plurality of storage units of a second one of the plurality of storage nodes via the second network without the command passing through the first network. | 2022-03-31 |
20220103633 | HART-ENABLED DEVICE WITH REDUCED COMMUNICATION LINES AND BREAK EXTENSION PROTOCOL - A current loop includes a receiver assembly and a transmitter assembly. The current loop also includes: a first conductor between the receiver assembly and the transmitter assembly; and a second conductor between the receiver assembly and the transmitter assembly to complete the current loop. The transmitter assembly includes: a Highway Addressable Remote Transducer (HART) modem; a component in communication with the HART modem via a partial set of Universal Asynchronous Receiver-Transmitter (UART) communication lines; and a break extension protocol controller coupled to or included with the HART modem and configured to support UART and non-UART communications between the HART modem and the component using the partial set of UART communication lines. | 2022-03-31 |
20220103634 | DEVICE REGISTRATION MECHANISM - Broadly speaking, the present techniques relate to a machine-implemented method for registering a device with a server, the method performed at the device comprising: applying a data-reducing function to at least one object, object instance, resource and/or resource instance at the device to generate resource data comprising compressed data representative of the at least one object object instance, resource and/or resource instance; transmitting a registration message comprising said resource data to register said device with server. | 2022-03-31 |
20220103635 | EVENT SUBSCRIPTION NOTIFICATION METHOD, NETWORK SIDE DEVICE, APPLICATION ENTITY, INTERNET OF THINGS SYSTEM, AND STORAGE MEDIUM - An event subscription notification method, including: creating a subscription resource, the subscription resource including an event notification rule; determining whether subscribed data meets the event notification rule; and when the subscribed data meets the event notification rule, generating an event notification. | 2022-03-31 |
20220103636 | METHOD AND SYSTEM FOR DELIVERING A SHOULDER-TAP FOR BATTERY-CONSTRAINED CELLULAR IOT DEVICES - A computer-implemented method, system, and a computer program product for delivering a shoulder-tap to one or more battery-constrained devices are disclosed. The computer-implemented method includes receiving a shoulder-tap request; storing the shoulder-tap request in a database; retrieving last known network session information for the one or more battery-constrained devices; calculating shoulder-tap beacon frequency for each of the one or more battery-constrained devices; creating a shoulder-tap beacon for each of the one or more battery-constrained devices; and sending the shoulder-tap beacon to the destination IP address for each of the one or more battery-constrained devices in the calculated shoulder-tap beacon frequency. | 2022-03-31 |