19th week of 2016 patent applcation highlights part 64 |
Patent application number | Title | Published |
20160134572 | METHODS AND DEVICES FOR MESSAGE ATTACHMENT TRANSMISSION - Methods and devices for transmitting message attachments from a messaging server to a mobile device. The mobile device identifies if any of the attachments are of a first type and requests transmission, from the messaging server, of the identified attachments of the first type, if any. The device determines the remaining transmission capacity by subtracting the collective size of the message body received and the identified attachments of the first type, if any, from the initial data limit. Based on the remaining transmission capacity, the device determines that at least one of the one or more attachments, other than the identified attachments, has a size smaller than the remaining transmission capacity, and based on that determination, requests transmission of said at least one of the one or more attachments from the messaging server to the mobile device. | 2016-05-12 |
20160134573 | System and Method for Equitable Processing of Asynchronous Messages in a Multi-Tenant Platform - Systems, methods and media are shown for equitable job processing of asynchronous messages for multiple tenants in a multi-tenant platform that involve receiving messages of a given message type in an input buffer from at least one front end tier (FET) device, providing messages of the given message type from an output buffer to at least one back end tier (BET) device, determining a priority weight W for each message in the input buffer based on a tenant identifier and message type for the message, and evaluating the priority weight W for the message and delaying the message if the priority weight W is below a priority threshold and moving the message to the output buffer if the priority weight W is not below the priority threshold. | 2016-05-12 |
20160134574 | NOTIFICATION OF ELECTRONIC CONVERSATION - A computer system identifies an electronic conversation between a plurality of participants. The computer system identifies the plurality of participants. The computer system determines whether the plurality of participants match a specific list of participants that have been predetermined to be of interest to a user. In response to determining that the plurality of participants engaged in the electronic conversation matches the predetermined list of participants of interest to the user, the computer system notifies the user of the electronic conversation. | 2016-05-12 |
20160134575 | System and Method of Providing Social Networking Web Site - A method of providing a social networking website includes steps as follows. A user profile associated with the parent ID is acquired from a member database when a parent ID is logged in the social networking website, where the user profile includes a plurality of personal basic data, the personal basic data at least includes a child age. A first age range based on the child age is set. When the child age associated with the parent ID and another child age associated with another parent ID fall within the first age range, or when the gestational age associated with the parent ID and another child age associated with said another parent ID fall within the second age range, said another parent ID is served as a recommended parent ID, and information on the recommended parent ID is provided for the parent ID. | 2016-05-12 |
20160134576 | IDENTIFYING GROUPS FOR A SOCIAL NETWORKING SYSTEM USER BASED ON LIKELIHOODS OF THE USER INTERACTING WITH VARIOUS GROUPS - A social networking system selects a set of groups for presentation to a user of the social networking system. To select groups, the social networking system determining scores for various groups representing a likelihood of the user interacting with the groups. When determining a score for a group, the social networking system accounts for a likelihood of the user providing content to the group as well as the user accessing or viewing content associated with the group. Based on the scores, one or more groups are selected and presented to the user. Additionally, the social networking system may apply one or more diversity rules so that the selected groups have a variety of characteristics. | 2016-05-12 |
20160134577 | DETERMINING TEMPORAL RELEVANCE OF NEWSFEED STORIES - A social networking system generates stories based on actions of users in the system and provides a newsfeed to users that contain stories that related to one or more of their friends in the system. Although the story ranking algorithm includes a time decay to penalize older stories, stories may actually become stale at different rates. To measure the staleness of a story, the system computes a ratio of a current engagement rate for the story to an average engagement rate for the story. Based on this ratio, the system may filter out stale stories, includes the ratio as a feature in the scoring model, and/or adjust the decay rate. | 2016-05-12 |
20160134578 | SYSTEMS AND METHODS FOR IDENTIFYING CONNECTIONS - Various embodiments of the present disclosure can include systems, methods, and non-transitory computer readable media configured to perform a code based technique to identify at least one potential connection for a user. The code based technique comprises generating a code associated with the at least one potential connection; providing the code to a mobile device of the at least one potential connection; and providing information to allow the user to establish a connection with the at least one potential connection. | 2016-05-12 |
20160134579 | ALIGNING CONTENT AND SOCIAL NETWORK AUDIENCE USING ANALYTICS AND/OR VISUALIZATION - Various embodiments provide for the use of analytics to determine a number of key factors prior to a user sending a communication (e.g., an email or instant message, making an online social media post, or accepting or requesting friendship on a social media site). The analytics may determine content, subject, emotion, relationships, and other relevant details when users interact (e.g., with email or other social software). Any alerts/suggestions provided can be provided in real-time as the person types. | 2016-05-12 |
20160134580 | COMPUTER IMPLEMENTED METHODS AND APPARATUS FOR PROVIDING NEAR REAL-TIME PREDICTED ENGAGEMENT LEVEL FEEDBACK TO A USER COMPOSING A SOCIAL MEDIA MESSAGE - Disclosed are methods, apparatus, systems, and computer readable storage media for providing near real-time feedback when a user is composing a social media message. The feedback can indicate a predicted level of engagement with the social media message by other users of a social networking system. In some implementations, a prediction model is used to determine a predicted engagement score, which is an approximation of the predicted level of engagement with the social media message by the other users. A computing device can be configured to display a graphical representation of the predicted engagement score in a user interface at which the social media message is being composed. | 2016-05-12 |
20160134581 | APPARATUS AND METHOD FOR PROVIDING MESSAGES IN A SOCIAL NETWORK - A system that incorporates teachings of the present disclosure may include, for example, a server including a controller to receive audio signals and content identification information from a media processor, generate text representing a voice message based on the audio signals, determine an identity of media content based on the content identification information, generate an enhanced message having text and additional content where the additional content is obtained by the controller based on the identity of the media content, and transmit the enhanced message to the media processor for presentation on the display device, where the enhanced message is accessible by one or more communication devices that are associated with a social network and remote from the media processor. Other embodiments are disclosed. | 2016-05-12 |
20160134582 | MANAGING AN EPHEMERAL POST IN A SOCIAL NETWORKING SYSTEM - A method of posting ephemeral posts is disclosed. The method starts with receiving, from a user of a social network, a request to post an ephemeral post, the request including an ephemeral variable associated with a threshold event. The ephemeral post is posted on behalf of the user. Then an occurrence of the threshold event is monitored. When the threshold event has not occurred, the post is allowed to be accessible to at least one viewer other than the user. When the threshold event has occurred, the post is blocked from being accessible by the at least one view other than the user. | 2016-05-12 |
20160134583 | SYSTEM AND METHOD FOR OPENLY SHARING AND SYNCHRONIZING INFORMATION ACROSS A PLURALITY OF MOBILE CLIENT APPLICATION COMPUTERS - A system and method for interactively sharing, synchronizing and controlling information among a plurality of users with different electronic contact types using network-based communication between a plurality of client applications on a plurality of mobile devices and a central controller computer, are described. In an exemplary embodiment, an information context may be configured as open by a first client application. A plurality of client applications may then share information within the information context whereby the plurality of client applications may join the information context using the information context identifier. A method for synchronization allows for shared information on different client devices to be controlled and automatically synchronized by the central controller. Messages, data structures, communications, and protocols between clients and the central controller allowing at least the creation, update, and deletion of information data related to the event, are described. | 2016-05-12 |
20160134584 | DYNAMICALLY ASSIGNING NETWORK ADDRESSES - Dynamically assigning network addresses provided by a server in a network to virtual network adapters in virtual machines, in which a reassignment of the assigned network addresses due to suspending virtual machines is prevented. Network addresses of the virtual machines in the network are logged. Network addresses are combined with information about suspending and/or resuming virtual machines by a control instance. Information about the network addresses of suspended virtual machines for its virtual network adapters with dynamically assigned network addresses is sent to the server. | 2016-05-12 |
20160134585 | METHOD AND ARRANGEMENT FOR PROVIDING A WIRELESS MESH NETWORK - A method and an arrangement for providing a wire-free mesh network are provided. An approval procedure is carried out in situations in which a subscriber who is registering on the mesh network transmits an MAC address which already exists in the mesh network, such that two different subscribers within the mesh network never have identical MAC addresses. | 2016-05-12 |
20160134586 | NETWORK CONTROL METHOD AND SYSTEM - A network address determining unit determines a network address in an IP network between a parent node and a plurality of child nodes from the IP address of the parent node on the basis of a received subnet mask value assigned to the parent node. A host address determining unit determines the host address of a child node in the IP network from a logical address assigned to the child node. An IP address configuring unit combines the determined host address with the determined network address to configure an IP address of the child node in the IP network. | 2016-05-12 |
20160134587 | METHOD AND DEVICE FOR FORWARDING PACKET - Provided is a method for forwarding a packet, which includes that: when a matched network address port group translation entry is found according to a source Internet Protocol (IP) address and a source port number of a received packet, or according to a target IP address and a target port number of the received packet, the packet is translated according to the network address port group translation entry and then sent out. Also provided is a device for forwarding a packet. By adopting the solution, memory resources occupied by static configuration Network Address Port Translation (NAPT) rules and entries can be reduced, maintenance can be facilitated, and configurations can be reduced effectively. | 2016-05-12 |
20160134588 | REMEDIATING COMPUTER SECURITY THREATS USING DISTRIBUTED SENSOR COMPUTERS - A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; using the detection data, identifying one or more security threats that are indicated by the network messages; determining a specified remediation measure to remediate one or more of the security threats; providing the specified remediation measure to one or more of the compromised computer, the sensor computer, the firewall, and an enterprise computer. | 2016-05-12 |
20160134589 | MEDIA ACCESS CONTROL ADDRESS TRANSLATION IN VIRTUALIZED ENVIRONMENTS - A method and a network device are provided to transmit network packets through a network security device. The method, performed by the network device, receives a request to send a network packet from a first computing device to a second computing device over a network that includes the network device and the network security device. The network packet includes a first network interface identifier for identifying the first computing device and a second network interface identifier for identifying the second computing device. The method identifies third and fourth network interface identifiers that cause the network packet to be transmitted through the network security device. The method transmits the network packet over the network through the network security device using the third and fourth network interface identifiers. The method transmits the network packet to the second computing device using the first and second network interface identifiers. | 2016-05-12 |
20160134590 | METHODS AND SYSTEMS FOR ESTABLISHING VPN CONNECTIONS AT A VPN MANAGEMENT SERVER - The present invention discloses methods for establishing Virtual Private Network (VPN) connections among a plurality of VPN gateways at a VPN management server. The VPN management server determines VPN gateways belonging to a first VPN gateway group and also determines the number of possible VPN connections for each VPN gateway of the first VPN gateway group. Configuration for each VPN gateway of the first VPN gateway group is determined based on, at least in part, a VPN connection topology and the number of VPN connection license(s). Each VPN gateway of the first VPN gateway group is configured according to the configuration and a plurality of VPN connections is established based on, at least in part, the configurations. | 2016-05-12 |
20160134591 | VPN Implementation Processing Method and Device for Edge Device - The present disclosure discloses a Virtual Private Network (VPN) implementation processing method and device for an edge device. The method includes that: a VPN application request is acquired, wherein the VPN application request carries attribute configuration information about a VPN; VPN routing information is received from each edge device in the VPN; and VPN routing control information is sent to the edge devices, wherein the VPN routing control information is routing information obtained by performing centralized calculation and processing on the attribute configuration information and the VPN routing information. Adopting the above solution provided in the present disclosure solves the technical problems in the prior art that there are more complex configuration and table item contents in an automatic control solution for the VPN, etc., thereby being able to automatically control simpler configuration issuing, more intensive table item management and table item issuing under a uniform control platform, so that the configuration and table item capacity of the existing device are reduced. | 2016-05-12 |
20160134592 | SECURE NETWORK REQUEST ANONYMIZATION - Network request anonymizing nodes (“NRANs”) may be described herein. The NRANs may act as anonymizing proxies by generating additional anonymizing network requests to help anonymize a network request sent by a requesting computing node. By generating the additional anonymizing network request, the NRANs may cause a relatively large number of similar network requests to be transmitted in an approximately contemporaneous fashion with the transmission of the network request. The NRANs may receive indication of network requests via a secure anonymization proxy tunnel, which may be established through transmission of an anonymizing proxy request from the requesting computing node to the NRANs. The secure anonymization proxy tunnel may be established between a secure enclave of the requesting computing node and secure enclaves of the NRANs. Other embodiments may be described and/or claimed. | 2016-05-12 |
20160134593 | MANICODING FOR COMMUNICATION VERIFICATION - Verifiable, secure communications between a sender and a receiver on at least one shared communication channel is provided. A manicoded key encoder produces an argument of knowledge for a secret key to the at least one shared communication channel, and a manicoded message encoder provides an implication argument indicating that knowledge of the secret key enables access to message content of the manicoded message. The argument of knowledge is included in a key manifest for the secret key within a manicoded key, and the implication argument is included in a message manifest of a manicoded message. In this way, the sender may provide message content within the manicoded message, and the receiver may operate a decoder to access the message content. A verifier may use the manicoded key and the manicoded message to verify that the receiver has access to the message content. | 2016-05-12 |
20160134594 | METHOD PERFORMED BY AT LEAST ONE SERVER FOR PROCESSING A DATA PACKET FROM A FIRST COMPUTING DEVICE TO A SECOND COMPUTING DEVICE TO PERMIT END-TO-END ENCRYPTION COMMUNICATION - A method (500) performed by at least one server for processing a data packet from a first computing device to be transmitted to a second computing device is disclosed, in which the data packet includes a message encrypted using a first encryption key to form an encrypted message, identification data of the second computing device encrypted using a second encryption key to form encrypted identification data, and encrypted first and second encryption keys. The method comprises decrypting (504) the encrypted second encryption key; encryption key; decrypting (506) the encrypted identification data using the decrypted second encryption key; and transmitting (508) the data packet based on the decrypted identification data, wherein the encrypted message and first encryption key are arranged to be undecryptable by the server to permit end-to-end encryption communication between the first and recipient info encryption key end-to-end encryption communication between the first and second computing devices. A related system is also disclosed. | 2016-05-12 |
20160134595 | Semantic Obfuscation of Data in Real Time - Systems and methods for automatically maintaining the anonymity or privacy of a stream of data as it is transmitted over a network or provided for other use, by receiving a data stream in real-time from an original source and identifying a data subset of interest within the original data stream. The data subset of interest is segregated from the data stream for either obfuscating at least a portion of the data subset in accordance with certain criteria or encrypting it. The data subset is obfuscated or encrypted for purpose of transmission over the network or for testing and reunited at a target source with the remainder of the data stream. | 2016-05-12 |
20160134596 | Methods, Systems and Computer Program Products for an Application Execution Container for Managing Secondary Application Protocols - A virtual application container can manage a plurality of secondary applications using a graphical user interface (GUI). The secondary applications may be selectively downloadable by a user and/or provided by third-party external providers. The application execution container may include a common feature or services interface that is used by the secondary applications that are executed in the GUI, which may include user verification and/or authentication information. The application execution container may include security and control functions that may be used by external service providers to ensure that users are properly authenticated, and the ability to add and/or utilize individual secondary applications may be granted based on predetermined eligibility criteria. | 2016-05-12 |
20160134597 | DECODING OF ENCRYPTED FILE - A method and system for decoding an encrypted file. A recipient computer: receives, from a sender computer, the encrypted file having a filename that includes an encoded address; parses the received filename; extracts the encoded address from the parsed filename; accesses a voice check ticket at the extracted encoded address; receives voice check text from the voice check ticket; visually displays the received voice check text on a computer display of the recipient computer; prompts the recipient to read aloud the displayed voice check text; receives an audio signal from a reading aloud, by the prompted recipient, of the displayed voice check text; transmits the received audio signal to a server computer; and decrypts the received encrypted file using an encryption key. | 2016-05-12 |
20160134598 | METHOD FOR PROVIDING LICENSE CORRESPONDING TO ENCRYPTED CONTENTS TO CLIENT APPARATUS AND DIGITAL RIGHTS MANAGEMENT CONVERSION SYSTEM USING THE METHOD - Disclosed are a method for providing a license corresponding to encrypted contents to a client apparatus, which provides a license in response to a request of the license corresponding to contents super-distributed to a third person in a DRM conversion system, and a DRM conversion system using the same. First digital rights contents type first contents and a first license corresponding to the first contents are digital rights management converted to generate second digital rights contents type second contents and a second license corresponding to the second contents. A license request corresponding to the second contents super-distributed to a third person is received. A second license corresponding to the second contents super-distributed is requested from a server corresponding to the second digital right management. The second license corresponding to the second contents super-distributed is received and transmitted to the third person. | 2016-05-12 |
20160134599 | COMPUTER-IMPLEMENTED SYSTEMS AND METHODS OF DEVICE BASED, INTERNET-CENTRIC, AUTHENTICATION - Systems and computer-implemented methods for authorizing respective access by each of a plurality of Internet users to a respective one or more Internet services provided by each of a plurality of Internet service providers. A system includes a processor, and non-transient computer readable storage media, at a single identity provider. The storage media is encoded with program code executable by the processor for requiring an identity provider application residing on each of a plurality of devices to create a respective authentication token that is specific to a respective identifier and user credential of a respective Internet user, a respective device identifier, and the respective identity provider application, and for authorizing respective access by the plurality of Internet users to a respective requested one of the Internet services provided by each Internet service provider using the respective created authentication tokens and respective identifiers for each of the respective requested Internet services. | 2016-05-12 |
20160134600 | Authentication and Initial Key Exchange in Ethernet Passive Optical Network over Coaxial Network - A method comprising generating an updated security key upon expiration of a key exchange timer, transferring the updated security key to a Coaxial Network Unit (CNU), retaining an original key, wherein the updated security key comprises a different key identification number than the original key, accepting and decrypting upstream traffic that employs either the original key or the updated key, after transferring the updated security key to the CNU, creating a key switchover timer, before the key switchover timer expires, verify that upstream traffic transferred from the CNU on a logical link uses the updated security key, and when upstream traffic is encrypted using the updated security key, begin using the updated security key to encrypt downstream traffic and clear the key switchover timer. | 2016-05-12 |
20160134601 | Using a Hash of a Filename to Control Encoding/Decoding of a Digital File - Methods, devices, systems, and non-transitory process-readable storage media for a computing device to reversibly obfuscate contents of a digital file includes generating a binary string by applying a shared hash function to a public filename of the digital file. The method may include subdividing the digital file into a first plurality of data segments corresponding to one of a number of bits represented by the generated binary string and a file size of the digital file, shuffling the first plurality of data segments using a shared, looping shuffle algorithm. Each shuffling operation of the shared, looping shuffle algorithm may use a different bit of the generated binary string in a predefined first sequence. The shuffled first plurality of data segments may be combined to obtain a shuffled digital file. A reverse of the method may be performed to obtain the original digital file. | 2016-05-12 |
20160134602 | SECURE SHARING OF USER ANNOTATED SUBSCRIPTION MEDIA WITH TRUSTED DEVICES - Generally, this disclosure provides systems, methods and computer readable media for secure sharing of user annotated subscription media content with trusted devices. The shared content may include user specified snapshots of the media along with user supplied annotations. The system may include a host processor configured to arrange a secure session with a server and to receive the subscription media content from the server in an encrypted format. The system may also include a trusted execution environment (TEE) comprising a secure processor and secure storage configured to decrypt and store the media content, based on a content encryption key obtained from the server. The system may further be configured to: receive a snapshot frame request and annotations from the user; generate a composite image of the snapshot and an overlay including the annotations; and encrypt the composite image for sharing with other users. | 2016-05-12 |
20160134603 | INSTALLATION OF NETWORK DEVICES USING SECURE BROADCASTING SYSTEMS AND METHODS FROM REMOTE INTELLIGENT DEVICES - Secure installation of a new device onto a home-control network uses pairing with an intelligent device. The new device receives a private key for secure communications on the home-control network from the intelligent device. For security, the private key is transmitted over a second network different from the home-control network using a communication medium such as such as optical pulses, audible tones, or short-range radio frequency signals. The new device decodes the transmission and is capable to securely communicate with other network devices and a network controller over the home-control network using the private key. | 2016-05-12 |
20160134604 | SYSTEMS AND METHODS TO SECURELY INSTALL NETWORK DEVICES USING INSTALLED NETWORK DEVICES - Secure installation of a new device onto a home-control network uses pairing with an existing network device. The new device receives a private key for secure communications on the home-control network from an existing network device. For security, the private key is transmitted over a second network different from the home-control network, using a communication medium such as such as optical pulses, audible tones, or short-range radio frequency signals. The new device decodes the transmission and is capable to securely communicate with other network devices and a network controller over the home-control network using the private key. | 2016-05-12 |
20160134605 | SYSTEMS AND METHODS TO SECURELY INSTALL NETWORK DEVICES USING PHYSICAL CONFIRMATION - A cloud server communicates with a network controller over communication channels of a communication network to securely install a new device having a unique identifier and a device key onto a home-control network associated with a network key. The network device sends its unique identifier over the home-control network to the network controller and the network controller passes the unique identifier over the communication channels to the cloud server. the cloud server retrieves a device key associated with the network device based on the unique identifier and transmits the device key to the network controller over the communication channels. The network controller sends a message comprising the device key to the network device over the home-control network. The message is formatted to deliver the network key to the network device to permit the network device to send and receive messages comprising the network key over the home-control network. | 2016-05-12 |
20160134606 | CHANGING GROUP MEMBER REACHABILITY INFORMATION - In an embodiment, a method comprises obtaining a second network address at a computer node, which has been already associated with a first network address and provided first keying information; sending, to a key server computer, an update message that comprises both the first network address and the second network address; using the first keying information to encrypt messages that the computer node sends from the second network address to one or more other members of a group. | 2016-05-12 |
20160134607 | METHOD OF RSVP AUTHENTICATION WITH NON-DIRECTLY CONNECTED NEIGHBOR - A method is executed by a network device for authenticating resource reservation protocol (RSVP) messages between a sending node and a receiving node where the sending node and receiving node are directly or indirectly connected. The method authenticates RSVP messages using a security association between the sending node and the receiving node and an authentication key based on an address of the sending node and an address of the receiving node. The method includes generating an RSVP message to be sent to the receiving node, determining the security association for the sending node and receiving node pair, generating an integrity object for the RSVP message, determining an authentication key for the integrity object using the sending node address and the receiving node address, inserting the authentication key into the integrity object, and sending the RSVP message toward the receiving node. | 2016-05-12 |
20160134608 | NODAL RANDOM AUTHENTICATION - Systems, methods, and computer program products related to transaction application security are disclosed. In a particular embodiment, application nodes are randomly selected for requiring re-authentication of a user traversing nodes of the application. These and other embodiments are more fully disclosed herein. | 2016-05-12 |
20160134609 | USER AUTHENTICATION CONFIDENCE BASED ON MULTIPLE DEVICES - The present application is directed to user authentication confidence based on multiple devices. A user may possess at least one device. The device may determine a device confidence level that the identity of the user is authentic based on at least data collected by a data collection module in the device. For example, a confidence module in the device may receive the data from the data collection module, determine a quality corresponding to the data and determine the device confidence level based on the quality. If the user possesses two or more devices, at least one of the devices may collect device confidence levels from other devices to determine a total confidence level. For example, a device may authenticate the other devices and then receive device confidence levels for use in determining the total confidence level, which may be used to set an operational mode in a device or system. | 2016-05-12 |
20160134610 | PRIVACY DURING RE-AUTHENTICATION OF A WIRELESS STATION WITH AN AUTHENTICATION SERVER - Methods, systems, apparatuses, and devices are described for privacy during re-authentication of a wireless station with an authentication server. The wireless station may derive a first identifier from a re-authentication key and a sequence number. The re-authentication key may be derived at least in part from a first session key. The wireless station may transmit to an authenticator the first identifier and a domain name. The first identifier and the domain name may be transmitted during a first re-authentication of the wireless station with the authentication server. Transmission of a name of the first session key may be withheld during the first re-authentication. | 2016-05-12 |
20160134611 | SKILL-BASED SECURE DYNAMIC CONTACT CENTER AGENT ACCESS - Methods, systems and computer readable media for providing skill-based, secure and dynamic contact center agent network access are described. | 2016-05-12 |
20160134612 | User Authentication - A user may be authenticated using credentials associated with online retailers. A username and password associated with an online retailer, for example, may be submitted to a different online retailer. The different online retailer may thus use the username and password to verify the user, even though the username and password are associated with the online retailer. A single user identity, in other words, is more convenient for the user. | 2016-05-12 |
20160134613 | Wireless Local Area Network WLAN Access Method, Terminal, and Server - A wireless local area network (WLAN) access method, a terminal, and a server implement intelligentization and simplify a user operation. The method includes sending, by the terminal, a request for querying an available wireless access point to a server; sending, by the server according to the query request, obtained information about the available wireless access point; then, receiving, by the terminal, wireless access point information returned by the server, and determining a specific wireless access point from the received wireless access point information; then, sending, by the terminal, an authentication information request of the specific wireless access point to the server; and when receiving the request, sending, by the server, authentication information corresponding to the specific wireless access point to the terminal, where the authentication information is used to connect the terminal to the specific wireless access point. | 2016-05-12 |
20160134614 | USER AUTHENTICATION BASED ON OTHER APPLICATIONS - The present invention includes a system for authenticating a second action based on a first action, wherein the system is configured to: receive a first request to execute a first action associated with a first application; determine that execution of the first action requires user authentication; request one or more authentication credentials from the user; receive a first authentication credential associated with the first action; validate the first authentication credential, thereby resulting in a successful validation of the received first authentication credential; in response to the successful validation, execute the first action; receive a second request to execute a second action associated with a second application; determine that execution of the second action requires user authentication; use the successful validation of the first authentication credential to validate a second authentication credential so that the second action may be executed. | 2016-05-12 |
20160134615 | Computer-Implemented Method for Mobile Authentication and Corresponding Computer System - In one embodiment of the present invention a computerized method includes receiving at a personal-mobile device a first communication, which includes information for requesting user verification for logging into an account of a user, via a computing device. The account is with a service provided by an application server. The method includes starting a personal-authentication application on the personal-mobile device in response to receiving the first communication, and receiving in the personal-authentication application a user verification for confirming logging into the account. The method includes logging into the account via the computing device based on receipt of the user verification. Embodiments of the present invention provide enhanced security for logging into an account that a user may have with a service by providing that a personal-mobile device, such as a mobile telephone, which is personal to a user, is configured as a security token for login to the account. | 2016-05-12 |
20160134616 | DESKTOP APPLICATION FULFILLMENT PLATFORM WITH MULTIPLE AUTHENTICATION MECHANISMS - A service provider system may include an application fulfillment platform that delivers desktop applications to desktops on physical computing devices or virtual desktop instances. A computing resource instance may be registered with the platform, which generates a unique identifier and a security token for the computing resource instance using multiple authentication mechanisms. An end user of a customer organization may be registered with the platform, which generates a unique identifier and a security token for the end user using multiple authentication mechanisms. An application delivery agent may submit service requests to the platform on behalf of itself or the given user. The identity and security credentials included in the requests may be dependent on the request type and the entities on whose behalf they are submitted. A proxy service on the platform may receive the requests and validate the credentials, then dispatch the requests to other services on the platform. | 2016-05-12 |
20160134617 | SENDING SESSION TOKENS THROUGH PASSIVE CLIENTS - A session token can be requested to be sent to a first computing service from a second computing service, and a first computing service can receive the requested session token from the second computing service. The first computing service can send a message that includes the session token through a passive client to the second computing service. The second computing service can receive the message that includes the session token from the passive client, and the second computing service can verify that the message is valid. This verification of the validity of the message can include verifying that the session token received back from the passive client matches the session token the second computing service sent to the first computing service. | 2016-05-12 |
20160134618 | ANTICIPATORY SINGLE SIGN-ON (SSO) FOR PROXIED WEB APPLICATIONS - One embodiment provides a method, including: receiving, from an end user device, authentication data of a user of a web service; storing, in a single sign-on service, data for authenticating the user to the web service; receiving, at the single sign-on service, one or more initiations for the web service from the user; generating, using a processor, anticipatory sign-on data for the user based on the one or more initiations for the web service; and storing, at the single sign-on service, the anticipatory sign-on data. Other aspects are described and claimed. | 2016-05-12 |
20160134619 | System and Method for Single Sign-On Technical Support Access to Tenant Accounts and Data in a Multi-Tenant Platform - Shown is single sign-on support access to tenant accounts in a multi-tenant service platform involving a proxy user account in an identity provider for a tenant account on the service platform having security metadata associated therewith, mapping in the identity provider maps a support user to a proxy user identifier, a corresponding security endpoint in the service platform and mapping of the proxy user account identifier to the tenant account and security metadata. The identity provider authenticates a request to access the tenant account on the service platform, obtains the security credentials for the proxy user identifier, and sends a security assertion with the proxy user identifier and the security metadata to the security endpoint. The endpoint receives and validates the security assertion against the mapping for the proxy user identifier to the tenant account and the security metadata in the service platform, and permits access by the support user to the tenant account in the service platform. | 2016-05-12 |
20160134620 | LOADING USER DEVICES WITH LISTS OF PROXIMATELY LOCATED BROADCAST BEACONS AND ASSOCIATED SERVICE IDENTIFIERS - A user device transmits a location update message, indicating a location of the user device, to a network server. Responsive to the location update message, the user device receives from the network server a list of radio frequency beacons transmitted by resource devices and associated service identifiers for services available from the resource devices. A radio frequency beacon received from a resource device is identified as being in the list. A message is sent to the resource device requesting access to a service identified by a service identifier in the list associated with the radio frequency beacon and providing credentials for a user of the user device in the message. | 2016-05-12 |
20160134621 | CERTIFICATE PROVISIONING FOR AUTHENTICATION TO A NETWORK - A method for authenticating a device to a network using a device certificate is described. The method includes generating a private-public key pair on a system-on-chip (SoC) of the device. The private key is protected by a hardware-based root of trust of the SoC. The method also includes generating a device certificate that is signed using the private key. The method further includes using the device certificate to gain access to the network. | 2016-05-12 |
20160134622 | Restricted Certificate Enrollment For Unknown Devices In Hotspot Networks - A network access system, e.g. a network hotspot, requires a mobile network access device, e.g. a smart phone or WiFi only device, to provide a network access standard designation and/or a device identification datum to gain access to network services. The network access standard designation may be provided by the mobile network access device to an online signup server via a EKU_key_purpose field of a PKCS10 certificate signing request. The device identification datum may be provided to the OSU via a subject field of the signing request. The OSU may require that the device identification datum be the same as a device identification datum provided by the mobile network access device prior to the mobile network access device requesting a signed network access certificate. | 2016-05-12 |
20160134623 | SECURE EXECUTION ENVIRONMENT SERVICES - Techniques for managing secure execution environments provided as a service to computing resource service provider customers are described herein. A request to launch a secure execution environment is received from a customer and fulfilled by launching a secure execution environment on a selected computer system. The secure execution environment is then validated and upon a successful validation, one or more applications are provided to the secure execution environment to be executed within the secure execution environment. As additional requests relating to managing the secure execution environment are received, operations are performed based on the requests. | 2016-05-12 |
20160134624 | MOBILE AUTHENTICATION IN MOBILE VIRTUAL NETWORK - Systems, methods, and non-transitory computer-readable storage media for using mobile network authentication factors to authenticate a mobile device. | 2016-05-12 |
20160134625 | METHOD AND APPARATUS FOR CONTROLLING COMMUNICATIONS TERMINAL AND CORRESPONDING COMMUNICATIONS TERMINAL - Embodiments of the present invention disclose a method and an apparatus for controlling a communications terminal and a corresponding communications terminal, including: setting, in a communications terminal, authentication information of a subscriber identity module (SIM) change; monitoring a SIM change broadcast sent by the communications terminal, and setting, after the SIM change broadcast is monitored, the communications terminal to a locked state; and monitoring input information on the communications terminal, performing authentication and comparison, after the input information is monitored, on the input information and the set authentication information of a SIM change, and releasing, after the authentication succeeds, the locked state of the communications terminal The embodiments of the present invention can improve security of information in a communications terminal. | 2016-05-12 |
20160134626 | DEVICE NOTARIZATION - Methods and systems for device notarization and verification are provided. In one implementation, various integrity values are concatenated to generate a concatenated value that is used to generate a transaction data signature (TDS). In one implementation, the concatenated value is a concatenation of a device value, an application value, an application encryption (AE) module value, and an authentication generation (AG) module value. The TDS or notarization code is generated by applying the concatenated value to the AG module. In one implementation, subsequent use of the application on the device involves generation of a new TDS, which is compared against the notarization code to determine whether use of the application on the device is authorized. In one implementation, the AE module and the AG module are seeded with a seed value which includes a device value, an application value, a user specific value, and a pseudo random number. | 2016-05-12 |
20160134627 | SYSTEM FOR ESTABLISHING OWNERSHIP OF A SECURE WORKSPACE - The present application is directed to establishing ownership of a secure workspace (SW). A client device may provide a SW data structure (SWDS) to a SW configurator. A SWDS may comprise a hash of an original SW and a public key, and may be signed by a private key corresponding to the public key. The SW configurator may cause an execution container (EC) to be generated including a SW initiated using the SWDS. The client device may claim SW ownership using a request (signed by the private key) transmitted along with a copy of the public key. SW ownership may be determined by an ownership determination module that verifies the signature of the request using the public key received with the request, determines a hash of the received public key and compares the hash of the received public key to a hash of the public key in the SWDS. | 2016-05-12 |
20160134628 | INTEGRITY PROTECTION FOR DATA STORAGE - A system for protecting the integrity of a memory system maintains an age counter and an opportunity counter for each of multiple memory blocks; maintains an epoch counter for the memory system; writes data in a selected memory block; increases the local sequence number of the selected memory block; updates the opportunity counter for the selected memory block if the local sequence number of the selected memory block rolls over; computes a message authentication code (MAC) in the selected memory block based on a global sequence number and the local sequence number; updates the age counter and the opportunity counter for any non-selected memory blocks if the opportunity counter for the non-selected memory blocks does not match the LSB of the epoch counter for the non-selected memory blocks; and computes a new MAC for any memory block for which the updating is performed. | 2016-05-12 |
20160134629 | BINDING MOBILE DEVICE SECURE SOFTWARE COMPONENTS TO THE SIM - Various embodiments include a method for binding a secure software application to a mobile device wherein the mobile device includes a processor and a subscriber identity module (SIM) card, including transmitting, by the processor, an authentication challenge to the SIM card; receiving an authentication response from the SIM card; verifying the authentication response from the SIM card; and enabling the secure software application when the authentication response from the SIM card is verified. | 2016-05-12 |
20160134630 | OPEN CONNECTION MANAGER VIRTUALIZATION AT SYSTEM-ON-CHIP - Resource and memory use by applications used by user equipment (UE) can be adaptively controlled. A UE comprises a connection-manager kernel (CMKC) that can be embedded at the SOC level to facilitate resource and memory control at SOC level. CMKC operates in conjunction with an operating system kernel. CMKC comprises functional blocks that provide network enabler functions and observability APIs for network enhancement, traffic flow monitoring and filtering, QOE executive routines, and traffic flow time shifting. CMKC performs or provides analytics, security and firewall tags, cache management at SOC level, and policy enforcement. CMKC and a trusted memory operate in a trusted zone environment to facilitate secure operation. CMKC adaptively collects information from control registers and analytics, and maps such information to the trusted memory, which can be accessible to trusted APIs to facilitate enabling trusted applications to have knowledge of contextual network information. | 2016-05-12 |
20160134631 | ENABLING ENFORCEMENT OF LICENSING TERMS IN DISTRIBUTING CONTENT IN CONTAINERS BY INCLUDING A KEY IN THE CONTAINER CONTAINING THE PERTINENT LICENSING TERMS - A method, system and computer program product for enforcing licensing terms when distributing content via a container image running in a container. Upon receiving a request for a service from the container by the isolation code, where the isolation code limits, accounts and isolates resource usage of process groups, the commerce code application programming interfaces (APIs) of the isolation code read a key of the container. The key contains licensing terms applied to the component(s) (e.g., applications) of the container. The commerce code APIs will then confirm that the container is in compliance with those licensing terms. If the container is in compliance with the licensing terms, the container will be allowed to execute. Otherwise, the container will be prevented from executing. In this manner, the commerce code APIs can enforce the licensing terms, including restrictions and enforcement of payment to the licensor upon distributing content in the container. | 2016-05-12 |
20160134632 | SECURE INSTALLATION OF NETWORK DEVICES USING BEACONING SYSTEMS AND METHODS - Secure installation of a new device onto a home-control network uses pairing with an intelligent device. An intelligent device, such as a smartphone, receives a notification, such as optical pulses, audible tones, short-range radio frequency signals, a watermark, or a barcode, from an uninstalled network device over a second network other than the home-control network. The intelligent device reads and decodes a device key from the notification and sends the device key to a network controller via a third network. The network controller sends a message using the device key to the new device over the home-control network, where the message is formatted to deliver the network key to the network device to permit the network device to send and receive messages comprising the network key over the home-control network. | 2016-05-12 |
20160134633 | MECHANISM FOR REPUTATION FEEDBACK BASED ON REAL TIME INTERACTION - A method for confirming that a user interacted with a resource provider before allowing the user to submit feedback associated with the resource provider is disclosed. A social network provider can query entities that are aware of the user's interaction history before activating a feedback function. Also, non-sensitive information can be used to identify the user. | 2016-05-12 |
20160134634 | METHOD AND SYSTEM PROTECTING AGAINST IDENTITY THEFT OR REPLICATION ABUSE - A method, implemented by a computer-implemented authentication system, for authenticating a user attempting to access a target component of a computer system, the method comprising: a) receiving, from a first user system via a computer network, user authentication information and a network address identifying the first user system within the computer network; b) obtaining at least one data item of contextual information indicative of a property of an environment of a wireless communications device associated with the user authentication information; c) authenticating the user based on at least the user authentication information; and d) subject to successful authentication, granting access to the target component and storing a data record comprising the received network address and the received contextual information. | 2016-05-12 |
20160134635 | SYSTEMS, COMMUNICATION ENDPOINTS, AND RELATED METHODS FOR DISTRIBUTING IMAGES CORRESPONDING TO COMMUNICATION ENDPOINTS - Systems and methods are disclosed for distributing images corresponding to communication endpoints. A system includes one or more servers configured to determine whether image privacy settings corresponding to images of communication endpoints permit the images to be transmitted to others of the communication endpoints for display with contacts lists of the others of the communication endpoints. A method includes transmitting the data corresponding to the images to the others of the communication endpoints as permitted by the image privacy settings. A communication endpoint is configured to present a contacts list displaying the images corresponding to communication endpoints listed in the contacts list to a user, if permitted by the corresponding image privacy settings. A method of transforming a computing device into a communication endpoint includes storing computer-readable instructions directed to performing actions the communication endpoint is configured to perform, and transmitting the computer-readable instructions to the computing device. | 2016-05-12 |
20160134636 | Remote trust attestation and geo-location of servers and clients in cloud computing environments - Methods and systems may provide for selecting a hypervisor protocol from a plurality of hypervisor protocols based on a communication associated with a remote agent. The selected hypervisor protocol may be used to conduct a trust analysis of one or more digitally signed values in the communication, wherein a cloud attestation request may be processed based on the trust analysis. Processing the cloud attestation request may involve generating a trustworthiness verification output, a geo-location verification output, etc., for a cloud computing node corresponding to the remote agent. | 2016-05-12 |
20160134637 | SYSTEMS AND METHODS FOR ENABLING COLLABORATION AND COORDINATION OF SUPPORT - The present invention relates to systems and methods for enabling collaboration and coordination of support within a controlled electronic environment. In particular, embodiments of the present invention relate to a dynamic, collaborative, and online support system that integrates assessment functionality, data reporting, communication tools, calendaring, and specific curriculum, with the power of an online community support system devoted specifically to helping an individual maintain and/or improve from a current level of functioning to a higher level of functioning. Further, embodiments of the present invention embrace systems and methods for selectively distributing sensitive information in a timely and controlled manner to key people, organizations, and professionals, who are in positions to support a particular individual, family, or group, and wherein the information is provided based on the positive impact/influence each can provide based on given circumstances. | 2016-05-12 |
20160134638 | SYSTEMS AND METHODS FOR CONSUMER DIGITAL PRIVILEGES - Systems and methods are described for limiting access to digital content based on a privileged access model. In one implementation, a consumer identification is received based on a request by the consumer for content from a first content provider. The content includes a plurality of content portions, with each content portion having an associated minimum privilege level. A privilege level for the consumer is determined, where the privilege level is based at least in part on certain actions of the consumer taken with respect to content previously consumed by the consumer. Content portions can then be provided to the consumer based on the minimum privilege levels of the content portions and the privilege level of the consumer. Additional actions of the consumer can be identified and used to modify the privilege level of the consumer. | 2016-05-12 |
20160134639 | METHOD FOR USER AUTHENTICATION USING DNSSEC - This invention leverages DNSSEC to makes post-password technologies work against endpoints across the globe, rather than solely within company walls. It describes a system by which DS records are encoded in NS names, which traverse well from the customer to the registry. This invention also proposes a series of steps through which DNSSEC can be explored as a useful solution to real world problems. By creating and further developing a mirror of the real DNS, which grows by combination of true DNS record information with specially synthesized authentication keys, DNSSEC scales, providing greater security and less risk of corrupting or erroneous online material. This same technology also evaluates user activity to create a database of statistics regarding automated activity, as compared to human activity. This database assists in identification and prevention, or at least mitigation, of potential future attacks on any given client by automated bot-driven activity. | 2016-05-12 |
20160134640 | SYSTEMS AND METHODS TO SECURELY INSTALL NETWORK CONTROLLERS - Multi-network systems and methods to securely install communication information on a network controller for communications between the network controller and an intelligent device over a control network are disclosed. The network controller messages devices on a home-control network and the communications between the intelligent device and the network controller over the control network permit the intelligent device to control the home-control network via the network controller. | 2016-05-12 |
20160134641 | DETECTION OF BEACONING BEHAVIOR IN NETWORK TRAFFIC - A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities. | 2016-05-12 |
20160134642 | SECURE CONTENT AND ENCRYPTION METHODS AND TECHNIQUES - In order to capture electronic information provided by a user to another user different third parties seek to download tracking software, viruses etc. to the user's computer systems. These may include, but are not limited to, message intercepting, email logging, hacking, spamming, phishing, spyware, malware, keyloggers, screen capturing, Trojan horses, WWW robots (BOTs or bots), IP spoofing, man-in-the-middle attacks, worms and viruses. Whilst within the prior art methodologies exist to protect the message by converting the plaintext at the sender's terminal to ciphertext for transmission before it is re-converted to plaintext at the receiver's (or recipient's) terminal once decrypted the message content, now in plaintext is accessible to malware, Trojan horse software, etc. upon the recipient's terminal allowing its contents to be acquired and transmitted without the recipient's and/or sender's knowledge. Accordingly, it would be beneficial to provide users with methods and systems enabling secure messaging to be undertaken as well as secure document transmission and viewing that overcomes the limitations within the prior art. Accordingly, beneficially embodiments of the invention provide secure messaging and secure document transmission even upon potentially compromised desktop computers. | 2016-05-12 |
20160134643 | Network Protection from Cyber Attacks - Electronic screen shots protect against cyber attacks. When any webpage is received, a screen shot of the webpage may be generated. Should the webpage be from an untrusted source, the screen shot protects downstream resources and clients from potential malware contained within the webpage. | 2016-05-12 |
20160134644 | GEOLOCATION SAFETY AWARENESS - A method and/or technique for geolocation safety awareness is provided herein. When a user, having a client device, travels to a location, threats associated with that location may not be known to the user. To determine a safety of the location, the location of a client device may be determined. A search for safety information about the location may be performed, and a threat level may be determined based upon the safety information. When the threat level exceeds a threat threshold, a security operation may be performed. The security operation may comprise presenting a warning notice to the user and/or activating a security timer. | 2016-05-12 |
20160134645 | IDENTIFYING AN IMPOSTER ACCOUNT IN A SOCIAL NETWORK - A method for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account. | 2016-05-12 |
20160134646 | METHOD AND APPARATUS FOR DETECTING MALICIOUS SOFTWARE USING HANDSHAKE INFORMATION - In one embodiment, a method includes identifying unusual behavior with respect to a handshake between a first endpoint and a second endpoint that are included in a network, and determining whether the unusual behavior with respect to the handshake indicates presence of malicious software. The method also includes identifying at least one of the first endpoint and the second endpoint as potentially being infected by the malicious software if it is determined that the unusual behavior with respect to the handshake indicates the presence of malicious software. | 2016-05-12 |
20160134647 | Cognitive Detection of Malicious Documents - An approach is provided in which a knowledge manager identifies document command statements in a document that correspond to requests included in the document. The knowledge manager compares the document command statements against promise structures corresponding to promises included in valid documents and generates a suspicion score based on the analysis. In turn, the knowledge manager generates a suspicious document notification corresponding to the document when the suspicion score reaches a suspicion threshold. | 2016-05-12 |
20160134648 | DETECTING COMPUTER SECURITY THREATS IN ELECTRONIC DOCUMENTS BASED ON STRUCTURE - In an embodiment, a data processing method providing an improvement in computer security comprises selecting, from a queue identifying a plurality of web pages, a particular web page to retrieve from one of a plurality of internet sources; causing retrieving a copy of the particular web page from a particular internet source; determining a hierarchical structure of the particular web page; based upon a hierarchical structure of the particular web page and without consideration of content of the particular web page, identifying one or more features, of links in the particular web page or files referenced in the particular web page, that indicate one or more security threats; determining a reputation score for the particular web page; determining a specified remediation measure, based upon the reputation score, to remediate a security threat that is identified in the particular web page; providing the specified remediation measure to one or more of a compromised computer, a sensor computer and an enterprise computer. | 2016-05-12 |
20160134649 | Cognitive Detection of Malicious Documents - An approach is provided in which a knowledge manager identifies document command statements in a document that correspond to requests included in the document. The knowledge manager compares the document command statements against promise structures corresponding to promises included in valid documents and generates a suspicion score based on the analysis. In turn, the knowledge manager generates a suspicious document notification corresponding to the document when the suspicion score reaches a suspicion threshold. | 2016-05-12 |
20160134650 | SYSTEM, METHOD, AND APPARTUS FOR PROACTIVE CYBERSECURITY - The present disclosure describes a device, software package, method and system for active scanning, testing, and risk assessment of networks. The present disclosure describes a device that may be installed on a network, control of network traffic between the network and outside networks may be controlled, or may pass through device. Embodiments may scan and test both the internal and external network assets for security vulnerabilities. The results may be communicated via a cloud-based service to remote servers where the data may be processed and analyzed. Results of this analysis may be communicated to end users via a variety of communication channels. | 2016-05-12 |
20160134651 | DETECTION OF BEACONING BEHAVIOR IN NETWORK TRAFFIC - A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities. | 2016-05-12 |
20160134652 | METHOD FOR RECOGNIZING DISGUISED MALICIOUS DOCUMENT - A method for recognizing disguised malicious document, carried out by a computer system including a central processing unit (CPU), a memory, and a database storing rules for defining executable file and non-executable file, comprising steps of: receiving a static file through a network and an input/out interface; scanning the static file for a file header to determine if it is a non-executable file; analyzing file body of the non-executable file to locate components of an executable file and mark these positions; extracting components of the executable file from the non-executable file; concatenating the extracted components in accordance with a default rule or a heuristic rule to form a new file; and obtaining a new file that is executable, such that the received static file is a non-executable file having an embedded executable file, thus labeling the static file as a disguised malicious document. | 2016-05-12 |
20160134653 | Synthetic Cyber-Risk Model For Vulnerability Determination - A system, method, and device are presented for assessing a target network's vulnerability to a real cyberthreat based on determining policy-based synthetic tests configured to model the behavior of the cyberthreat. Real-time feedback from the target network (e.g., servers, desktops, and network/monitoring hardware and/or software equipment) are received, analyzed, and used to determine whether any modifications to the same or a new synthesized test is preferred. The technology includes self-healing processes that, using the feedback mechanisms, can attempt to find patches for known vulnerabilities, test for unknown vulnerabilities, and configure the target network's resources in accordance with predefined service-level agreements. | 2016-05-12 |
20160134654 | THIRD PARTY CENTRALIZED DATA HUB SYSTEM PROVIDING SHARED ACCESS TO THIRD PARTY QUESTIONNAIRES, THIRD PARTY RESPONSES, AND OTHER THIRD PARTY DATA - A system for providing a third party centralized data hub. The system includes a server storing a database of sets of third party data, and the system includes a third party risk management module on the server maintaining the third party data. The system includes a first set of client devices communicatively linked with the server over a digital communications network and operable by data providers to provide and modify one of the sets of third party data. The system includes a second set of client devices linked with the server and operable by data consumers to access a subset of the sets of third party data. During operations, the risk management module monitors the third party data, identifies a modification, by one of the data providers, of one of the sets of third party data, and automatically generates and transmits an alert to the second set of client devices. | 2016-05-12 |
20160134655 | Health Monitor Based Distributed Denial of Service Attack Mitigation - Provided are methods and systems for mitigating a DDoS event. The method may comprise receiving an indication of a collapse of a collapsible virtual data circuit associated with network data traffic. In response to the received indication of the collapse, the collapse may be attributed to the DDoS event. Furthermore, the method may comprise redirecting the network data traffic to one or more DDoS mitigation services. The method may further comprise mitigating the DDoS event by the one or more DDoS mitigation services. | 2016-05-12 |
20160134656 | Communication Device Ingress Information Management System And Method - The components of communication network device ingress systems and methods cooperate to manage information ingress and prevent denial of service attempts. A classifier classifies incoming information. A classification filter filters the information on a classification basis to prevent denial of service. The classification filter includes a classification filter counter for tracking the flow of information associated with the classification filter. A zero value in the classification filter counter indicates that a buffer capacity limit associated with the classification is reached. The counter permits information to flow to a packet buffer if the classification filter counter value is not zero and discards information if the classification filter counter value is zero. In one exemplary implementation the classification filter counter decrements a classification filter counter value when the information is placed in the buffer. The classification filter counter value is incremented when the information is processed out of the buffer. | 2016-05-12 |
20160134657 | IDENTIFYING AN IMPOSTER ACCOUNT IN A SOCIAL NETWORK - A system for identifying an imposter account in a social network includes a monitoring engine to monitor user accounts of a social network, an identifying engine to identify attributes associated with each of the user accounts of the social network, a matching engine to match the attributes associated with each of the user accounts of the social network, a determining engine to determine when one of the user accounts is an imposter account associated with identity theft of a victim account, a calculating engine to calculate a threshold, and an executing engine to execute an action against the identity theft of the victim account by the imposter account. | 2016-05-12 |
20160134658 | UNAUTHORIZED ACCESS DETECTING SYSTEM AND UNAUTHORIZED ACCESS DETECTING METHOD - In an unauthorized access detecting system, authentication information to be leaked outside is generated, and unauthorized access to a content using the generated authentication information is detected. In the unauthorized access detecting system, if the unauthorized access has been detected, content falsification is monitored. If, as a result of the monitoring, content falsification has been detected, the unauthorized access detecting system extracts a character string, which has been newly added to the content. | 2016-05-12 |
20160134659 | INSPECTION OF DATA CHANNELS AND RECORDING OF MEDIA STREAMS - In one implementation, two or more endpoints or client devices communication uses a peer-to-peer, browser based, real time communication protocol. One example of such a protocol is Web Real-Time Communication (WebRTC). An intermediary device receives from a first endpoint, a request for communication with a second endpoint, using the browser based real time communication. The intermediary device identifies a control protocol based on the request for communication, and receives one or more write keys from the first endpoint. The intermediary device monitors communication between the first endpoint and the second endpoint using the one or more write keys. Examples for the intermediary devices include servers, firewalls, and other network devices. | 2016-05-12 |
20160134660 | SECURELY OPERATING A PROCESS USING USER-SPECIFIC AND DEVICE-SPECIFIC SECURITY CONSTRAINTS - A method for enforcing secure processes between a user and a device involves determining that the user has initiated installation of a secure application, installing the RA part of the secure application, triggering a trusted UI session upon realization that the TA part of the secure application is not installed, receiving, via the trusted UI session, user credentials for authenticating the user and enforcing user-specific and device-specific security, cryptographically signing combined user credentials with a cryptographic signature to obtain an authentication object, passing the authentication object to a service provider associated with the secure application for extraction of the user credentials, and generating an authorization token permitting the installation of the TA part of the secure application upon verification of the cryptographically signed authentication object. | 2016-05-12 |
20160134661 | Operation of a Security Element with the Set of Operating Parameters Matched to the Selected Use Profile - A method for operating a security element which is part of a mobile end device, and a security element, have functionality depending on a set of operating parameters that is deposited on the security element. The method comprises the following steps: operating the security element with the set of operating parameters that is deposited on the security element; collecting data about the use of the security element and/or of the mobile end device; selecting a use profile on the basis of the collected data, with the use profile being assigned a set of operating parameters that is matched thereto; and operating the security element with the set of operating parameters that is matched to the selected use profile. | 2016-05-12 |
20160134662 | Lawful Interception and Security Based Admission Control for Proximity Service - There are provided measures for lawful interception and security based admission control for proximity service. Such measures could include detecting a requirement for control in relation to setting up or securing a connection of a proximity service between at least two devices, determining availability of at least one lawful interception and security agent capable of performing an operation relating to lawful interception and/or security in relation to the connection of the proximity service, and performing control in relation to setting up or securing the connection of the proximity service when availability of the at least one lawful interception and security agent is determined. | 2016-05-12 |
20160134663 | SYSTEM AND METHOD FOR PROVIDING ENTERPRISE VOICE CALL CONTINUITY - An improved system and method are disclosed for providing voice call continuity in an enterprise network. For example, an enterprise public branch exchange (PBX) may be configured with a pilot number that is used to provide VCC services when called by a client. Digit collection via DMTF signaling or other means may be used to collect destination information from the client. The enterprise network may use the collected digits to establish a communication session with another device that corresponds to the destination information. | 2016-05-12 |
20160134664 | Providing Session Initiation Protocol Request Contents Method and System - An embodiment provides a user equipment that includes a processor configured to receive a Session Initiation Protocol (SIP) NOTIFY message transmitted by a network component as a result of a registration event. The SIP NOTIFY message contains at least a portion of information included in a first SIP message sent between a first user equipment and the network component. Another embodiment provides method and apparatus for a network node to determine whether filter criteria include one or more indicators that specify the need for information, and including in a second SIP message the information specified by the one or more indicators. | 2016-05-12 |
20160134665 | TELEPHONY APPLICATION PLATFORM - A hosted private branch exchange (PBX) platform includes associated application programming interfaces (APIs) that provide a range of integration points with the PBX platform that, in turn, enables the development of a broad range of applications that can customize and/or enhance the basic functionality of the underlying PBX platform. | 2016-05-12 |
20160134666 | PROVIDING SURVIVABLE CALLING AND CONFERENCING - Disclosed herein are system, apparatus, method and/or computer program product embodiments for providing survivable calling and conferencing. An embodiment operates by providing, by a first server, a first sub-conference to a plurality of user devices over first lines. The first sub-conference is combined with a second sub-conference to form a collective conference of the plurality of user devices. The first server accesses the conference. A second server is configured to provide the second sub-conference of the collective conference to the plurality of user devices over second lines, the first and second lines being distinct from each other. The collective conference may provide resilient and reliable sharing of information among participants and may leverage dispersed elements or diverse links simultaneously without impediments of echoes, loops, or other impacts. | 2016-05-12 |
20160134667 | CONTENT COLLABORATION - Method(s) and system(s) for collaboration of content are described herein. The system includes a dynamic content editor coupled to a processor to generate a graphical user interface including interactive elements for receiving user inputs for relating contents in a content repository and specifying a layout of display of curated contents. The system further includes a content processing engine coupled to the processor to build relationships between the contents in the content repository, based on the user inputs, data and metadata of the contents; and provide the curated contents to a user based on the relationships and the specified layout of display. | 2016-05-12 |
20160134668 | SYSTEM AND METHOD FOR DIGITAL AUDIO CONFERENCE WORKFLOW MANAGEMENT - In one embodiment, a computer-program product embodied in a non-transitory computer read-able medium that is programmed to manage a digital audio conference including a plurality of conference units and each conference unit including a microphone is provided. The computer-program product includes instructions to receive first information corresponding to a layout of a venue that facilitates an audio conference for users of the plurality of conference units. The computer-program product further includes instructions to store second information corresponding to an arrangement of a plurality of seats in the venue and to associate a first conference unit of the plurality of conference units to a first seat of the plurality of seats. | 2016-05-12 |
20160134669 | Information Sharing System, Recording Medium, and Information Sharing Method That Ensures Set and Cancel of Information Sharing by User - An information sharing system includes a group management server and at least one terminal. The group management server includes a mark generating circuit that generates a group ID for uniquely identifying a group. The terminal includes a mark analysis circuit that analyzes the imaged mark; and a second communication control circuit that controls the second communication circuit to communicate with the group management server and the file server, and sends a request for the user ID stored in the second storage circuit based on the analysis results to join the group indicated by the group ID. The shared folder management circuit of the group management server set an access right for the received user ID on the shared folder when receiving the request from the terminal. | 2016-05-12 |
20160134670 | INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A non-transitory computer readable medium stores a program causing a computer to execute a process for displaying parts of display screens in synchronization across multiple terminals connected via a network. The process includes receiving connection requests from the terminals, granting to one of the terminals having transmitted the connection request an operation right to operate on materials that are displayed in synchronization, and notifying the terminals, other than the terminal that has been granted the operation right from among the terminals having transmitted the connection requests, of material information of the materials displayed on the terminal and operation information indicating contents of an operation performed on the materials. | 2016-05-12 |
20160134671 | System and Method for Providing an Ethernet Interface - An apparatus is provided that includes communication channels, and m communication media interfaces, and v virtual lanes. V is a positive integer multiple of the least common multiple of m and n. An information stream is transferred into data and alignment blocks striped across all of the v virtual lanes, the blocks being communicated from the virtual lanes onto the communication channels. The blocks are received on the communication channels. Each of the communication channels transmits a different portion of the blocks striped across all of the v virtual lanes. | 2016-05-12 |