20th week of 2017 patent applcation highlights part 68 |
Patent application number | Title | Published |
20170141986 | METHODS, SYSTEMS, AND COMPUTER PROGRAM PRODUCTS FOR DISTRIBUTED PACKET TRAFFIC PERFORMANCE ANALYSIS IN A COMMUNICATION NETWORK - Network packet traffic in a Long Term Evolution (LTE) network is analyzed by associating a micro network access agent with a single network element in the LTE network and performing packet traffic analysis for packet traffic processed by the single network element using the micro network access agent. | 2017-05-18 |
20170141987 | USING AN SDN CONTROLLER FOR CONTEMPORANEOUS MEASUREMENT OF PHYSICAL AND VIRTUALIZED ENVIRONMENTS - A method and associated systems for using a software-defined network (SDN) controller to automatically test cloud performance. A bandwidth measuring and optimizing system associated with the SDN controller detects a triggering condition and, in response, directs a network-management tool to measure a bandwidth of a segment of a physical infrastructure of a network and directs the SDN controller to provision a virtual machine that then measures a bandwidth of a corresponding segment of virtual infrastructure that is overlaid upon the physical segment. In some embodiments, these two tests are synchronized so as to concurrently measure physical and virtual bandwidths while the same test data passes through the virtual infrastructure segment. The measured bandwidth of the virtual segment is then compared to the measured bandwidth of the physical segment in order to determine an efficiency of the virtual network. | 2017-05-18 |
20170141988 | USING AN SDN CONTROLLER FOR SYNCHRONIZED PERFORMANCE MEASUREMENT OF VIRTUALIZED ENVIRONMENTS - A method and associated systems for using a software-defined network (SDN) controller to automatically test cloud performance. A bandwidth measuring and optimizing system associated with the SDN controller detects a triggering condition and, in response, directs a network-management tool to measure a bandwidth of a segment of a physical infrastructure of a network and directs the SDN controller to provision a virtual machine that then measures a bandwidth of a corresponding segment of virtual infrastructure that is overlaid upon the physical segment. In some embodiments, these two tests are synchronized so as to concurrently measure physical and virtual bandwidths while the same test data passes through the virtual infrastructure segment. The measured bandwidth of the virtual segment is then compared to the measured bandwidth of the physical segment in order to determine an efficiency of the virtual network. | 2017-05-18 |
20170141989 | IN-LINE TOOL PERFORMANCE MONITORING AND ADAPTIVE PACKET ROUTING - Embodiments are disclosed for monitoring the performance of an in-line tool without adding data to network traffic routed through the in-line tool. In some embodiments, performance of the in-line tool is based on a measured latency introduced by the processing of packets through the in-line tool. In some embodiments, network traffic is adaptively routed based on the measured latency at the in-line tool. | 2017-05-18 |
20170141990 | MEASURING VIRTUAL INFRASTRUCTURE PERFORMANCE AS A FUNCTION OF PHYSICAL INFRASTRUCTURE PERFORMANCE - A method and associated systems for using a software-defined network (SDN) controller to automatically test cloud performance. A bandwidth measuring and optimizing system associated with the SDN controller detects a triggering condition and, in response, directs a network-management tool to measure a bandwidth of a segment of a physical infrastructure of a network and directs the SDN controller to provision a virtual machine that then measures a bandwidth of a corresponding segment of virtual infrastructure that is overlaid upon the physical segment. In some embodiments, these two tests are synchronized so as to concurrently measure physical and virtual bandwidths while the same test data passes through the virtual infrastructure segment. The measured bandwidth of the virtual segment is then compared to the measured bandwidth of the physical segment in order to determine an efficiency of the virtual network. | 2017-05-18 |
20170141991 | Software Discovery for Software on Shared File Systems - A method for software discovery may be provided. The method may comprise scanning an shared resource mounted to an endpoint device for identifying installed software on the shared resource for the endpoint device, monitoring a read access to such identified installed software by the endpoint device using a monitoring agent, and marking the installed software as used on the shared resource by the endpoint device using a software asset management unit. Additionally, the method may comprise recording a last time use of the installed software by the endpoint device, and marking the installed software as uninstalled on the endpoint device after a predetermined time after the last time use. | 2017-05-18 |
20170141992 | PERFORMANCE MONITORING IN A DISTRIBUTED STORAGE SYSTEM - Methods and systems for monitoring performance in a distributed storage system described. One example method includes identifying requests sent by clients to the distributed storage system, each request including request parameter values for request parameters; generating probe requests based on the identified requests, the probe requests including probe request parameter values for probe request parameter values, representing a statistical sample of the request parameters included in the identified requests; sending the generated probe requests to the distributed storage system over a network, wherein the distributed storage system is configured to perform preparations for servicing each probe request in response to receiving the probe request; receiving responses to the probe requests from the distributed storage system; and outputting at least one performance metric value measuring a current performance state of the distributed storage system based on the received responses. | 2017-05-18 |
20170141993 | OPTIMIZING THE MONITORING OF AN ENTERPRISE SERVER ENVIRONMENT - The present invention provides for identifying the core server parameters to be monitored enterprise-wide and the baseline thresholds/limits for such parameters. The thresholds are dynamically optimized as the server environment evolves over time based on the composite historical performance of the servers in the enterprise. Moreover, each parameter's threshold is optimized in comparison to the thresholds of other core parameters that impact that specific parameter. In the event that the monitoring results in a threshold being met or exceeded alerts may be generated to designated personnel and appropriate corrective action taken. | 2017-05-18 |
20170141994 | ANTI-LEECH METHOD AND SYSTEM - Disclosed is a hotlinking protection method and an electronic device. The method includes acquiring characteristic information from access request; generating a digital watermark based on the characteristic information and adding it to the URL of a file to be played to generate a play page address; counting the number of accesses of the play page address having the digital watermark within a certain period; comparing the number of accesses with the predetermined threshold to screen out the play page addresses of which the number of accesses is greater than the predetermined threshold; parsing the digital watermark in the play page addresses to determine IP address of hotlinking user; and shielding the IP address from access service. A more thorough hotlinking protection can be realized and the accuracy of hotlinking protection can be improved. | 2017-05-18 |
20170141995 | DATA DELIVERY METHOD BASED ON SOFTWARE DEFINED NETWORKING AND SOFTWARE DEFINED NETWORKING CONTROLLER USING THE METHOD - A data delivery method in a software defined network provides an optimized network delivery service. The method calculates an optimized tree transmission path from among several possible paths between a source client and a destination client. In addition, a unicast transmission is used to optimize a multicast transmission service. | 2017-05-18 |
20170141996 | ROUTING NETWORK TRAFFIC PACKETS THROUGH A SHARED INLINE TOOL - Introduced herein is a technology for a network switch device to route network packets through a inline tool, without introducing additional information to the network packets. The technology records an association between an input network port and a signature (e.g., source MAC address) of the network packet, before forwarding the packet to the inline tool. When receiving the packet back from the inline tool, the network device recognizes that the packet signature is associated with the input network port, and that the input network port is paired with a particular output network port. Thus, the network device identifies the output network port for sending the packet, without modifying contents of the packet. | 2017-05-18 |
20170141997 | MULTICAST ROUTING VIA NON-MINIMAL PATHS - A method of routing traffic for multi-cast routing through a node of a network that utilizes loop-free alternative paths is presented. The method includes receiving a join in the node from a second node in the network on a shortest path between the node and the second node; retrieving loop-free alternative paths to the second node; and adding an entry to a multi-cast routing table at the node that is based on a group that includes the shortest path to the second node and the loop-free alternative paths to the second node as cost equivalent paths. | 2017-05-18 |
20170141998 | DESIGNATED FORWARDER (DF) ELECTION BASED ON STATIC DF ELECTION PROCEDURE - A device may transmit, to one or more network devices of a portion of a network, information indicating that the device is configured to perform a static designated forwarder election procedure. The device may determine that the one or more network devices of the portion of the network are each configured to perform the static designated forwarder election procedure. The device may enable a static designated forwarder configuration of the device based on determining that the one or more network devices of the portion of the network are each configured to perform the static designated forwarder election procedure. | 2017-05-18 |
20170141999 | Multi-Cast Multi-Poll (MCMP) for Bluetooth Low Energy - A multi-cast multi-poll scheme for Bluetooth law energy (BLE) technology to be used by one or more mobile devices within a communication environment is disclosed. A broadcaster communication device comprises a transceiver that is configured to communicate with a plurality of recipient communication devices. The broadcaster communication device further comprises a controller that is configured to transmit a packet to the plurality of recipient communication devices and to receive, at predefined time intervals, responses from the plurality of recipient communication devices according to a pre-negotiated order without transmitting any additional packets. | 2017-05-18 |
20170142000 | PACKET CONTROL METHOD, SWITCH, AND CONTROLLER - The embodiments disclose a packet control method, a switch, and a controller. The method includes receiving, by a switch, a packet, and processing the packet according to a pipeline, where an original packet is stored in a buffer, and a buffer location of the original packet is identified by using a buffer identifier. The method also includes when the packet fails to match a flow table, sending, by the switch, a first packet message to a controller, where the first packet message carries the buffer identifier, all or partial content of the packet; receiving, a second packet message sent by the controller, where the second packet message carries the buffer identifier and a packet processing instruction, and the packet processing instruction includes indication information of a specified flow table. Additionally, the method includes reprocessing, the packet according to the packet processing instruction and starting at the specified flow table. | 2017-05-18 |
20170142001 | BYPASSING ROUTING STACKS USING MOBILE INTERNET PROTOCOL - Methods, systems and computer program products for load balancing using Mobile Internet Protocol (IP) Version 6 are provided. A request for a connection is received from a client at a routing stack. A Mobile IP Version 6 Binding Update message is transmitted from the routing stack to the client responsive to the received request. The Binding Update message identifies a selected target stack so as to allow the client to communicate directly with the target stack bypassing the routing stack. | 2017-05-18 |
20170142002 | COMMUNICATION DEVICE AND COMMUNICATION SYSTEM - A communication device that relays a communication between a certain communication device and a network, the communication device including a transfer processing circuit configured to receive a signal from the network through a further communication device and transfer the signal to the certain communication device when a failure occurs in a line between the further communication device and the certain communication device; and a transmission and reception circuit configured to receive, from the further communication device, a monitoring packet used to monitor a communication path between the further communication device and the network and transmit a response packet for the monitoring packet to the further communication device. | 2017-05-18 |
20170142003 | METHOD AND SYSTEM OF UPDATING CONVERSATION ALLOCATION IN LINK AGGREGATION - A method of updating conversation allocation in link aggregation is disclosed. The method starts with verifying that an implementation of a conversation-sensitive link aggregation control protocol (LACP) is operational at a network device of a network for an aggregation port. Then it is determined that operations through enhanced link aggregation control protocol data units (LACPDUs) are possible. The enhanced LACPDUs can be used for updating conversation allocation information, and the determination is based at least partially on a compatibility check between a first set of operational parameters of the network device and a second set of operational parameters of a partner network device. Then a conversation allocation state of an aggregation port of the link aggregation group is updated based on a determination that the conversation allocation state is incorrect, where the conversation allocation state indicates a list of conversations transmitting through the aggregation port. | 2017-05-18 |
20170142004 | Path Setup in a Mesh Network - A path of relay nodes is set up in a mesh network ( | 2017-05-18 |
20170142005 | Transaction Distribution with an Independent Workload Advisor - In an exemplary embodiment, a computer-implemented method includes providing a mapping between a set of two or more IP addresses and a set of two more servers. A weight recommendation for the servers is received, based at least in part on server data related to current states of the servers, where the weight recommendation represents a goal for distributing a plurality of transactions among the servers. The mapping is modified based at least in part on the weight recommendation. A transaction is received, directed toward a first IP address of the two or more IP addresses. The transaction is routed to a first server, of the two or more servers, associated with the first IP address according to the modified mapping. | 2017-05-18 |
20170142006 | MIGRATION SUPPORT FOR BIT INDEXED EXPLICIT REPLICATION - A method and network device are disclosed for multicast forwarding. In one embodiment, the method includes receiving at a node configured to use a bit-indexed forwarding table a multicast message comprising an incoming message bit array. The method further includes comparing the incoming message bit array to a first neighbor bit array within a first forwarding table entry, and determining that for at least one relative bit position in the bit arrays a corresponding destination node is both a destination for the message and a reachable destination from a first neighboring node. The method further includes forwarding toward the first neighboring node a copy of the message, where a first node on the path of the forwarded message is not configured to use a respective bit-indexed forwarding table. An embodiment of the device includes a network interface, a memory and a processor configured to perform steps of the method. | 2017-05-18 |
20170142007 | LARGE SCALE RESIDENTIAL CLOUD BASED APPLICATION CENTRIC INFRASTRUCTURES - A first customer edge network device receives an encapsulated packet that includes inner headers comprising source address information for a first service running on a first computing apparatus in a first home cloud and destination address information for a second service running on a second computing apparatus in a second home cloud. The customer edge network device inserts a predetermined portion of bits of a virtual domain identifier of the encapsulated packet into a label to form a virtual domain label for label-based routing. The virtual domain label is appended to the encapsulated packet. The encapsulated packet is sent to a first provider edge network device of a provider network. The first provider edge network device appends an virtual private network label to the encapsulated packet, and sends the encapsulated packet to a provider network device for label-based routing in the provider network. | 2017-05-18 |
20170142008 | METHODS AND APPARATUS FOR PROVIDING MOBILITY IN ETHERNET NETWORK - A method and apparatus for providing a mobility in an Ethernet network. An Ethernet switch receives an Ethernet frame through a port of the Ethernet switch, and transmits the Ethernet frame to an upper Ethernet switch through a root port of the Ethernet switch based on whether a forwarding information for a destination address of the Ethernet frame exists in a forwarding table. | 2017-05-18 |
20170142009 | CONNECTING A PVLAN SWITCH TO A NON-PVLAN DEVICE - A PVLAN switch for connecting a PVLAN to a non-PVLAN device is configured as a primary VLAN with secondary VLANs, the primary VLAN includes promiscuous ports, each of the secondary VLANs includes a smart PVLAN trunk port, and the smart PVLAN trunk port is included in at least two secondary VLANs where the smart PVLAN trunk port and the promiscuous port connect to non-PVLAN devices. A frame is received on a smart PVLAN trunk port sent from a non-PVLAN device, and includes a destination address and a secondary VLAN ID. The PVLAN switch port ID for the first frame, and a primary VLAN ID for the secondary VLAN ID are identified. If the frame is a non-isolated port, the secondary VLAN ID is modified to be the primary VLAN ID, and the modified frame is sent to another non-PVLAN device connected to the PVLAN switch port. | 2017-05-18 |
20170142010 | NETWORK OPERATION RULE - A software defined networking policy may be generated corresponding to an operation of a network device. A match field may be obtained and provided to the network device. A rule corresponding to the operation may be received from the network device. The rule may be used to generate the software defined networking policy. | 2017-05-18 |
20170142011 | Hybrid Packet Processing - Some embodiments provide a method of processing an incoming packet for a managed forwarding element that executes in a host to forward packets in a network. The method performs a lookup into a forwarding table to identify a flow entry matched by the incoming packet. The flow entry specifies a high-level action to perform on the incoming packet. The method provides packet data to a module executing separately from the managed forwarding element in the host. The module performs a set of processes in order to identify a set of low-level actions for the managed forwarding element to perform on the incoming packet without additional lookups into the forwarding table. The method receives data from the separate module specifying the set of low-level actions. The method performs the set of low-level actions on the incoming packet in order to further process the packet. | 2017-05-18 |
20170142012 | Multiple Active L3 Gateways for Logical Networks - Some embodiments provide a method for a network controller in a network control system that manages a plurality of logical networks. The method receives a specification of a logical network that comprises a logical router with a logical port that connects to an external network. The method selects several host machines to host a L3 gateway that implements the connection to the external network for the logical router from a set of host machines designated for hosting logical routers. The method generates data tuples for provisioning a set of managed forwarding elements that implement the logical network to send data packets that require processing by the L3 gateway to the selected host machines. The data tuples specify for the managed forwarding elements to distribute the data packets across the selected host machines. | 2017-05-18 |
20170142013 | SEARCH APPARATUS, SEARCH CONFIGURATION METHOD, AND SEARCH METHOD - A search apparatus, a search configuration method, and a search method are disclosed. The search apparatus includes N pipeline stages, where each pipeline stage includes a search unit. A search unit of each pipeline stage is configured with a prefix node. A prefix node configured in the (N−1) | 2017-05-18 |
20170142014 | SYSTEM AND METHOD FOR MODIFYING PER HOP BEHAVIOR OF ONE OR MORE EXPEDITED FORWARDING PACKETS - An escalated expedited forwarding system, for modifying per hop behavior of one or more Expedited Forwarding (EF) packets for a session in a communication network, the system comprising: a memory; a processor coupled to the memory storing processor executable instructions which when executed by the processor causes the processor to perform operations comprising: determining, by an escalated expedited forwarding system, at least one of latency, jitter and average jitter associated with the one or more EF packets for the session; marking, by the escalated expedited forwarding system, one or more EF packets based on the at least one of latency, jitter and average jitter; and modifying, by the escalated expedited forwarding system, the per hop behavior of the one or more marked EF packets. | 2017-05-18 |
20170142015 | METHOD AND APPARATUS FOR PRESERVING END TO END SEMANTIC AND PERFORMANCE ENHANCEMENT OF SPLIT-TCP PROTOCOLS - In one example embodiment, a network node includes a processor configured to receive one or more data packets from a transmitter and transmit at least one first-type confirmation message to the transmitter based on a threshold, the at least one first-type confirmation message including an acknowledgement that all but at least two bytes of data included in the one or more data packets are received from the transmitter. The processor is further configured to transmit at least one second-type confirmation message to the transmitter based on at least one of a size of a buffer at the network node available for receiving data packets and an acknowledgement from an end device acknowledging receipt of the one or more data packets, the at least one second message including an acknowledgement of one or more of the at least two bytes of data. | 2017-05-18 |
20170142016 | NETWORK CONTROLLER, CLUSTER SYSTEM, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREIN CONTROL PROGRAM - A network controller including a virtual network setter that sets a virtual communication interface; a dummy packet generator that obtains communication progress information representing a communication progress state of communication of the second processing device with the connection destination device by causing the virtual communication interface to process a dummy packet that causes a receiver of the dummy packet to falsely recognize that the dummy packet is transmitted from the connection destination device; a reset packet generator that generates a reset packet containing the communication progress information; and a reset packet processor that removes, based on the reset packet, connection record information of the second processing device and the connection destination device, the connection record information being stored in the second processing device. This configuration prevents congestion when a processor is switched to another in a cluster system from occurring. | 2017-05-18 |
20170142017 | A WLAN CONTROLLER - The present application is related to wireless networks and presents a method by which capacity on a wireless network may be measured. The capacity measurement may be employed to tune the EDCA settings of the wireless network. | 2017-05-18 |
20170142018 | LATENCY ENHANCEMENT IN A WIRELESS COMMUNICATION SYSTEM - The disclosure provides for a user equipment (UE) detecting an indication of an application-specific latency reduction triggering condition that may trigger switching of a communication state of the UE. For example, the UE may be in an initial state. The UE may transition into a different state that is associated with lower latency for data transfer. In an aspect, the UE may trigger the indication for latency reduction even when the network-configured criteria for the indication has not yet been met. The UE may trigger an application-specific latency reduction triggering condition during the startup of an application, which triggers a resource request message even before the network-configured threshold value for generating such resource request messages is satisfied. The resource request message may cause the network to command the UE to transition to a state that has a latency less than that in the current state. | 2017-05-18 |
20170142019 | COMMUNICATION APPARATUS, COMMUNICATION SYSTEM, AND BANDWIDTH CONTROL METHOD - An apparatus includes an obtainment circuit to measure first rates of traffics received from a previous node in a network, and second rates of traffics received from another apparatus connected to the communication apparatus, and to obtain sums of the first rates and the second rates for respective priorities; a calculation circuit to calculate discard rates for traffics for respective priorities from the sums obtained by the obtainment circuit and rates for traffics for the respective priorities posted by a subsequent node; and an output circuit to input the traffics received from the previous node and the another apparatus and to output for the subsequent node such that a certain traffic with a priority higher than a predetermined value is output more preferentially depending on the discard rate for the certain traffic, than a traffic with a priority lower than the predetermined value. | 2017-05-18 |
20170142020 | FRAMEWORK FOR EARLY CONGESTION NOTIFICATION AND RECOVERY IN A VIRTUALIZED ENVIRONMENT - The congestion notification system of some embodiments sends congestion notification messages from lower layer (e.g., closer to a network) components to higher layer (e.g., closer to a packet sender) components. When the higher layer components receive the congestion notification messages, the higher layer components reduce the sending rate of packets (in some cases the rate is reduced to zero) to allow the lower layer components to lower congestion (i.e., create more space in their queues by sending more data packets along the series of components). In some embodiments, the higher layer components resume full speed sending of packets after a threshold time elapses without further notification of congestion. In other embodiments, the higher layer components resume full speed sending of packets after receiving a message indicating reduced congestion in the lower layers. | 2017-05-18 |
20170142021 | REAL-TIME ANALYSIS OF QUALITY OF SERVICE FOR MULTIMEDIA TRAFFIC IN A LOCAL AREA NETWORK - The disclosure relates to quality of service (QOS) features for a router. The router may determine whether a congestion level of a first interface of the set of network interfaces exceeds a threshold level. Responsive to the congestion level exceeding the threshold level, the router activates a traffic analyzer configured to identify a first session that is present in the data traffic and inserts a set of packets that are part of the first session into a first queue of the set of queues via an expedited communications path over a bus. The router also forwards the set of packets in accordance with the desired quality of service. | 2017-05-18 |
20170142022 | Method For Transmitting Prioritized Data And A Transmitter - Described is a method for transmitting continuously created data items from an aircraft to a receiver. The data items are of a plurality of data types and each have a different priority. For each data type a live LIFO buffer and a main LIFO buffer are provided. In a regular operation mode continuously created data items are continuously stored in the main buffers. In a transmission operation mode continuously created data items are continuously stored in the live buffers, consecutive data packets are transmitted and for each data packet the data is selected from the buffers, wherein data items stored in live buffers are transmitted before data items stored in main buffers and data items of higher priorities are transmitted before data items of lower priorities. Further, a transmitter and an aircraft are described and claimed. | 2017-05-18 |
20170142023 | NETWORKED SYSTEM FOR INTERCONNECTING SENSOR-BASED DEVICES - A networked system that interconnects sensor-based devices comprises a discovery engine that discovers resources associated with respective sensors via respective communications comprising sensor data indicating respective resource availability and comprising resource parameters, and that discovers resource consuming devices, associated with respective sensors, using sensor data from the respective sensors of the resource consuming devices. A matching engine identifies, using respective resource parameters and the resource consuming sensor data, respective resource consuming devices that match available resources. A mediation engine publishes, to the matching resource consuming devices, an indication that the available resources are available, mediates requests for the available resources from matching resource consuming devices, and allocates available resources to requesting matching resource consuming devices. | 2017-05-18 |
20170142024 | ORCHESTRATING PHYSICAL AND VIRTUAL RESOURCES FOR DELIVERING DIGITAL CONTENTS - One embodiment relates to a device for resource orchestration configured to receive the following from a device for management of a digital content delivery service: a request for allocating content delivery resources and a characteristic representative of a level of service that is allocated to a provider of the content and concerning delivery of content. The device is configured to verify whether resources capable of delivering the content in compliance with the level of service characteristic are available from a determined set of resources comprising physical resources already deployed in a physical content delivery network and virtual resources already instantiated for the provider, and if it is detected that the available resources are insufficient, request the allocation of new physical resources in the physical content delivery network and/or the instantiation of new virtual resources for delivering the content. | 2017-05-18 |
20170142025 | BI-DIRECTIONAL AND REVERSE DIRECTIONAL RESOURCE RESERVATION SETUP PROTOCOL - A method, system and apparatus for resource reservation are disclosed herein. In an example, a first router may transmit, to a second router, a path message comprising an indication of resources to be reserved and a bidirectional direction indicator. On a condition that the indicated resources to be reserved are available to the second router, the first router may receive, from the second router, a reserve message, which may indicate that transmission resources have been allocated by the second router. On a condition that the indicated resources to be reserved are not available to the second router, first router may receive, from the second router, an error message, which may indicate that transmission resources have not been allocated. In a further example, the resources to be reserved may be resources associated with voice traffic, video traffic or both. Voice traffic may include multiple party communications involving three or more users. | 2017-05-18 |
20170142026 | EFFICENT CASCADING OF FLOW TABLES IN SOFTWARE DEFINED NETWORKS (SDN) - A method of providing access control for a software defined network (SDN) controller includes establishing a cascaded flow of flow table entries by linking together flow table entries of flow tables that are installed at network resources and that apply to the same packets or network flows, analyzing the impact of configuration requests from one or more applications regarding the installation and/or removal of flow table entries on existing cascaded flows, and rejecting configuration requests if the installation and/or removal of flow table entries according to the configuration requests would destroy an existing cascaded flow. The SDN controller includes an interface for interacting with one or more applications that are installed to run at the control plane of the SDN atop the SDN controller. | 2017-05-18 |
20170142027 | DYNAMIC PRIORITY CALCULATOR FOR PRIORITY BASED SCHEDULING - Discussed herein are methods, devices, and systems for providing a priority-based schedule. A method or providing a priority-based schedule can include receiving, at priority processing circuitry, for each of a plurality of nodes to be scheduled, a plurality of priority type values and a corresponding weighting factor value for each priority type value of the plurality type values, determining, at the priority processing circuitry, for each of the plurality of nodes to be scheduled, a priority total based on the received plurality of priority type values and the corresponding weighting factor values, and scheduling, using scheduler circuitry communicatively coupled to the priority processing circuitry, the plurality of nodes, such that a node of the plurality of nodes with a corresponding higher priority is allocated access to the medium before another node of the plurality of nodes with a corresponding relatively lower priority. | 2017-05-18 |
20170142028 | NETWORK COMMUNICATION METHOD BASED ON SOFTWARE-DEFINED NETWORKING AND SERVER USING THE METHOD - An SDN-enabled network communication method is disclosed. A master TURN server sends a client an error response and assigns a relay switch as a backup server for the client using an alternate-server mechanism. Therefore, data streams of the client are directly transferred to the relay switch. With support by a shadow TURN server and an SDN controller, switches forwarding the data streams are managed according to the OpenFlow protocol to implement path optimization for the data streams. | 2017-05-18 |
20170142029 | METHOD FOR DATA RATE ADAPTION IN ONLINE MEDIA SERVICES, ELECTRONIC DEVICE, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM - Disclosed are a method and electronic device for data rate adaption in online media services, the method including: collecting and analyzing network bandwidth information of users to obtain bandwidth utilization; determining a corresponding optimal data rate according to the bandwidth utilization; comparing the optimal data rate with a data rate of a current streaming media transmission, and deciding whether to adjust the data rate of the current streaming media transmission; maintaining the data rate of the current streaming media transmission and transmitting stream media data to users if adjustment is not necessary; or transmitting stream media data to users based on the optimal data rate if adjustment is necessary. The stream media business systems can adapt to time-varying characteristics of the channel to achieve coherence and stability of the stream media data transmission to improve application service quality to a certain extent. | 2017-05-18 |
20170142030 | DIGITAL COAX NETWORK SPLITTER - Embodiments of the present invention are directed to a network bridge capable of terminating, translating, and adapting multiple networking technologies when replacing Analog Coax Network Splitters in a coaxial network, such as a Home Coaxial Network. One example embodiment comprises two or more Coax-Compatible Network Technology (CCNT) devices, a Network Switch, and optionally includes any combination of an Access Network Frequency Domain Multiplexer (ANFDM), Non-CCNT (NCCNT) device(s), and CCNT, NCCNT and/or Cable Access Network Ports. The Network Switch distributes network data among the CCNT/NCCNT devices present. Multiple embodied devices may connect by means of CCNT/NCCNT devices. If present, an ANFDM provides required frequency band distribution between the Coax Access Network Port and Coax Ports. CCNT and/or NCCNT devices serve as network Bridges, Gateways and/or Routers. Different CCNT and NCCNT devices may be of the same or different technology. | 2017-05-18 |
20170142031 | NETWORK DEVICE DATA PLANE SANDBOXES FOR THIRD-PARTY CONTROLLED PACKET FORWARDING PATHS - In some examples, a network device comprises a first application and a second application; a forwarding unit comprising an interface card to receive a packet; a packet processor; an internal forwarding path of the forwarding unit; a forwarding unit processor; a first interface; and a second interface. The first application is configured to configure, via the first interface, the internal forwarding path to include a sandbox that comprises a container for instructions to be configured inline within the internal forwarding path. The second application is configured to configure, via the second interface, the sandbox with second instructions that determine processing of packets within the sandbox. The packet processor is configured to process, in response to determining a packet received by the forwarding unit is associated with a packet flow controlled at least in part by the second application, the packet by executing the second instructions configured for the sandbox. | 2017-05-18 |
20170142032 | METHOD OF OPERATING A NETWORK ENTITY - Method of operating a network entity A method of operating a network entity of a network comprising a gateway ( | 2017-05-18 |
20170142033 | TRACKING DATA LATENCY AND AVAILABILITY FOR DYNAMIC SCHEDULING - Generally discussed herein are devices, systems, and methods for determining if a master schedule will allow information to be recorded and downloaded from a node. A method can include receiving a plurality of schedules including a first schedule, a second schedule, and a list, determining, at the scheduler circuitry and based on the first schedule and the list, whether there is a threshold latency between mission data collection and downlink, determining, at the scheduler circuitry and based on the first schedule, the second schedule, and the list, whether any mission data will be overwritten in performing operations of the master schedule, and providing, by a display communicatively coupled to the scheduler circuitry, a first warning in response to determining that there is a threshold latency between mission data collection and downlink and a second warning in response to determining that mission data will be overwritten. | 2017-05-18 |
20170142034 | SERVICE BASED INTELLIGENT PACKET-IN BUFFERING MECHANISM FOR OPENFLOW SWITCHES BY HAVING VARIABLE BUFFER TIMEOUTS - A method is performed by a network device acting as a switch in a Software Defined Networking (SDN) network, where the switch is coupled to a controller in the SDN network. The method implements variable buffer timeout output actions. The method includes generating a flow entry that includes a packet matching criteria and an output action that specifies a buffer timeout value, receiving a packet for forwarding, determining whether the packet matches the packet matching criteria of the flow entry, and storing the packet in a buffer of the switch in response to determining that the packet matches the packet matching criteria of the flow entry, the buffer to temporarily store the packet while the controller determines processing for the packet. The method further includes associating the buffered packet with the buffer timeout value specified in the flow entry and transmitting a portion of the packet to the controller. | 2017-05-18 |
20170142035 | CREATION, PUBLICATION AND DISPLAY OF CONTENT ON A SOCIAL MEDIA NETWORK - A publication tool, and methods of use thereof, for publishing user created content as well as republishing content created by others to a social media network. The publication tool incorporates and uses analytic data from a plurality of data sources to identify and evaluate relationships between the user of the social media network and members of social media networks who subscribe to view the content published by the user on the social media network. The publication tool predicts the likelihood that a subscriber of the social media network will publish or share the same content as the user and if the publication tool predicts that the same content will be published by the user and the subscriber, the publication tool will publish the content on the social media network as a joint publication which can be viewed by all common subscribers shared between the user and the subscriber. | 2017-05-18 |
20170142036 | SUMMARIZING AND VISUALIZING INFORMATION RELATING TO A TOPIC OF DISCUSSION IN A GROUP INSTANT MESSAGING SESSION - Summarizing and visualizing information relating to a topic of discussion in a group instant messaging session is provided. A message from a client device of a plurality of client devices is received. One or more keywords from the message are extracted based, at least in part, on at least one of (i) one or more natural-language processing algorithms and (ii) one or more text mining algorithms. The one or more keywords are incorporated into a model that includes a plurality of keywords and describes, at least in part, a topic of a group instant messaging session among the plurality of client devices. At least one of (i) the model and (ii) instructions describing how to update the model are distributed to the plurality of client devices. | 2017-05-18 |
20170142037 | METHOD FOR GENERATING A DATASET DEFINING A MESSAGE FOR A CONSTRAINED APPLICATION - The method for generating a dataset defining a message includes a definition of a first descriptor of a set of messages, wherein each message includes a set of attributes each including a reduced type, wherein the descriptor also describes the set of reduced types, and wherein each reduced type is encoded from an original type; a transformation of the first descriptor into a library of preconfigured messages defining a given repository; an instantiation of a message of the repository to generate a dataset in a memory. | 2017-05-18 |
20170142038 | INTERLACING RESPONSES WITHIN AN INSTANT MESSAGING SYSTEM - A computer-implemented method of interlacing responses within an instant messaging (IM) system can include, responsive to a request from a user in an IM session, storing an IM message fragment input by the user and associating the IM message fragment with a message selected from an IM session transcript. The method can include recalling the IM message fragment and outputting, at least in part, the IM message fragment in response to the message. | 2017-05-18 |
20170142039 | TECHNIQUES TO CONFIGURE THE NETWORK DISTRIBUTION OF MEDIA COMPOSITIONS FOR TRANSMISSION - Techniques to configure the network distribution of media compositions for transmission are described. An apparatus may comprise a user interface component of a messaging client on a client device operative to receive a media composition via a composition interface, the messaging client associated with a user account with a messaging system; and receive a transmission command via the composition interface; and a messaging component operative to transmit a media composition package from the client device to the messaging system in response to the transmission command, the media composition package comprising the media composition, the media composition package addressed to a media composition distribution group for the user account, the media composition distribution group determined based on, at least in part, a messaging history for the user account with the messaging system. Other embodiments are described and claimed. | 2017-05-18 |
20170142040 | METHOD, SYSTEM AND APPARATUS FOR ESTABLISHING AND MONITORING SESSIONS WITH CLIENTS OVER A COMMUNICATION NETWORK - Systems and methods provide real-time communication between website operators and website visitors including monitoring, gathering, managing and sharing of information. The features include: simultaneous chatting with system's website visitor while responding/submitting tickets/emails and searching through company knowledge base; operator communicating message to another operator directly in active chat session, while message remains hidden to visitors/customers; displaying advertising messages to visitors/customers within chat window during active chat sessions; growing knowledge base by adding information into knowledge base during chat session; providing real-time access to system's website visitor information by seeing the content of visitor's shopping cart or by passing information from system's server into visitor's information located in operator's panel; creating and branding multiple chat windows and selectively linking all or some to the account; tagging and grouping each chat sessions; parent-child ticketing for project management; lead scoring; and mobile live chatting. | 2017-05-18 |
20170142041 | MESSAGE DELIVERY IN A MESSAGE SYSTEM - Embodiments include a method of controlling message delivery from a publisher application to one or more subscriber applications of a messaging system, the one or more subscriber applications having a plurality of subscriptions registered with a broker application of the messaging system. The method includes generating a unified subscription description representing the plurality of registered subscriptions based on at least one stored intermediate subscription description, where each intermediate subscription description represents one or more registered subscriptions. The method also includes communicating the unified subscription description to the publisher application. | 2017-05-18 |
20170142042 | Preview of Compressed File Email Attachments - A system and method of generating a preview of a file attachment includes receiving the file attachment in an email server. The file attachment can be received either during composition of the email or when receiving an inbound email. Determining if the file attachment is a previewable file type or compressed file type or non-previewable file type and automatically generating a preview of the file attachment including identifying the file attachment, parsing the file attachment to identify content of the file attachment, wherein the identified content includes a pagination of the file attachment. A file structure for each page of the file attachment is created and then saved to an attachment store in the email server. | 2017-05-18 |
20170142043 | AGGREGATING REDUNDANT MESSAGES IN A GROUP CHAT - Embodiments of the present invention provide a method, system, and computer program product for aggregating redundant messages in a group chat. A computer may receive a plurality of messages in a group chat from one or more chat devices. The computer may extract a fact from each of the plurality of messages using natural language processing. The computer may identify redundant messages within the plurality of messages. The computer may aggregate the redundant messages into a combined message. The computer may provide the combined message to the group chat. A number of redundant messages aggregated in the combined message may be provided. The redundant messages may be provided. | 2017-05-18 |
20170142044 | Ranking and Filtering Comments Based on Impression Calculations - In one embodiment, a method includes retrieving a plurality of comments associated with a content object, determining a score for each of the comments, where the score is based on one or more signals associated with the comment, and where the score is further based on a qualitative analysis of each of one or more impressions related to the comment, and wherein each of the impressions comprises an interaction by a historical user with the comment, ordering the comments based on the respective scores, presenting one or more of the ordered comments to a target user. The qualitative analysis may determine a category of interaction for the impression, the score may be based at least in part on the category of interaction, and the category of interaction may include user input related to the comment, such as a reply to the comment. | 2017-05-18 |
20170142045 | PRESENTING BROWSER CONTENT BASED ON AN ONLINE COMMUNITY KNOWLEDGE - Embodiments described herein provide approaches for presenting browser content to a user. Specifically, a way for customizing content having an informational topic provided in a web browsing experience is provided. Content having the informational topic to be displayed to a user in a web browsing experience is analyzed, with the user being a member of the online community. The web browsing experience is customized based on extracted browsing behaviors of an online community. Content is displayed to the user at a level of detail and technological depth that is commensurate with a knowledge level of one or more members of the online community while hiding other content. | 2017-05-18 |
20170142046 | IDENTIFYING RELEVANT CONTENT CONTAINED IN MESSAGE STREAMS THAT APPEAR TO BE IRRELEVANT - A first level of relevance, to at least one interest of a user, of content within a topic message within a message stream can be determined. Responsive to determining that the first level of relevance, to the at least one interest of the user, of the content within the topic message is below a threshold value, each of a plurality of other messages within the message stream can be processed using natural language processing performed by a processor. A respective second level of relevance, to the at least one interest of the user, of each the other messages can be determined. For each of the other messages for which the respective second level of relevance is equal to or above the threshold value, an alert can be presented to bring an attention of the user to the other message. | 2017-05-18 |
20170142047 | SYSTEMS AND METHODS FOR PROVIDING MULTIMEDIA REPLAY FEEDS - Systems, methods, and non-transitory computer-readable media can receive a plurality of content posts posted to a social networking system. The plurality of content posts are filtered based on filtering criteria to determine one or more filtered content posts. Multimedia content items from the one or more filtered content posts are presented in succession as a multimedia feed, wherein succession of the multimedia content items occurs without user intervention. | 2017-05-18 |
20170142048 | ENHANCED E-MAIL DELIVERY TO MOBILE DEVICES - Systems and methods for providing e-mail to a mobile client are disclosed. In one example, the method can include receiving, at a server associated with transmitting e-mail to the mobile client, an indication of a battery level in the mobile client. The method can also include comparing the battery level to a threshold level and synchronizing e-mail with the mobile client when the battery level meets the threshold level. The method can further include activating, when the battery level is below the threshold level, a filtered mode for synchronizing e-mail with the mobile client, the filtered mode transmitting fewer than all of the available e-mail messages for the mobile client. | 2017-05-18 |
20170142049 | METHOD AND DEVICE FOR PROCESSING AND DISPLAYING EMAILS - A method of processing emails, the method being executed on a client device, the client device being connected to a server, the server hosting an email service, the method comprising: acquiring, by the client device, a plurality of emails from the server, each email within the plurality of emails comprising a respective email-inherent data, each email-inherent data being structured by the email service according to an email-native protocol; generating, by the client device, a grouped message element, the grouped message element being associated with a group of emails within the plurality of emails; generating, by the client device, an individual message element; displaying, by the client device, the grouped message element and the individual message element concurrently such that the grouped message element is visually distinguishable from the individual message element. | 2017-05-18 |
20170142050 | IDENTIFICATION OF CONTENT BY METADATA - Systems and methods for identifying content in electronic messages are provided. An electronic message may include certain content. The content is detected and analyzed to identify any metadata. The metadata may include a numerical signature characterizing the content. A thumbprint is generated based on the numerical signature. The thumbprint may then be compared to thumbprints of previously received messages. The comparison allows for classification of the electronic message as spam or not spam. | 2017-05-18 |
20170142051 | System and Method For Analyzing Messages In A Network or Across Networks - Systems and methods for analyzing messages in a network or across networks are disclosed. In one aspect, embodiments of the present disclosure include a method, which may be implemented on a system, for determining the interests of the user from online activity of the user. Thee online activity of the user is automatically detected from those activities of the user on or via the online media services without requiring additional interaction or input from the user. The method can further include increasing visibility of those incoming messages which are more interesting to the user among other incoming messages in the stream for presentation in a user interface. In one embodiment, the user interface is a part of a platform which is independent of any of the online media services. | 2017-05-18 |
20170142052 | METHOD, SYSTEM AND COMPUTER PROGRAM PRODUCT FOR INTERCEPTION, QUARANTINE AND MODERATION OF INTERNAL COMMUNICATIONS OF UNCONTROLLED SYSTEMS - Embodiments disclosed herein may intercept, quarantine, and moderate communications internal to an uncontrolled system. An example of an uncontrolled system may be a web application associated with a social networking site. In accessing the social networking site, a user may type in a message. An instance of the uncontrolled system running on the user's device may prepare a request containing the message. Some embodiment disclosed herein may determine that the message is subject to moderation, intercept the request, and place the message in a queue. This determination may be based on the destination of the request as well the type of the message. Some embodiments may reconstruct the original request for resubmission. If the session is expired, some embodiments may log in for the user and resubmit the reconstructed request. Some embodiments may wait for the next time the user logs in to resubmit the reconstructed request. | 2017-05-18 |
20170142053 | IDENTIFICATION TO A RECIPIENT OF AN ELECTRONIC COMMUNICATION OF ANOTHER USER WHO HAS ACCESSED THE ELECTRONIC COMMUNICATION - Responsive to each of a plurality recipients of an electronic communication accessing the electronic communication and accessing information that is associated with the electronic communication but not contained in a body of the electronic communication, activity information relating to activities of respective electronic communication recipients accessing information associated with the electronic communication can be received. A request to receive at least one recommendation as to who is able to provide information pertaining to the electronic communication can be received from another electronic communication recipient. Responsive to receiving the request, each of the electronic communication recipients can be rated to generate at least one recommendation as to who is able to provide information pertaining to the electronic communication, the recommendation based, at least in part, on the received activity information and respective weighted attributes. The recommendation can be communicated to other electronic communication recipient. | 2017-05-18 |
20170142054 | METHODS AND SYSTEMS FOR DISPATCHING MESSAGES TO MOBILE DEVICES - A mail server collects messages from a number of user accounts and presents them to the user from a single location. Forwarded messages are automatically reformatted for the receiving device, while a copy of the original message is retained. Messages may be reformatted to include the phone number of the message sender. The reformatted message can then present the user with an option to return the message via a phone call. The reformatted message can include more than one phone number, in which case the sender's phone numbers can be prioritized for presentation to the user. The reformatted message can also present the user with an option to review notes or other contact-specific information prior to responding to the message. | 2017-05-18 |
20170142055 | TECHNIQUES TO CONFIGURE THE NETWORK DISTRIBUTION OF MEDIA COMPOSITIONS FOR RECEPTION - Techniques to configure the network distribution of media compositions for reception are described. An apparatus may comprise a user interface component operative to display a messaging interface in association with a first user account with a messaging system, the messaging interface comprising a visual indicator for a second user account with the messaging system, the visual indicator comprising a media composition availability indicator, the media composition availability indicator associated with an inclusion of the first user account in a media composition distribution group for the second user account; receive a user selection of the media composition availability indicator in the messaging interface; and display the media composition in response to the user selection of the media composition availability indicator; and a messaging component operative to receive a media composition package associated with the first user account, the media composition package comprising the media composition. Other embodiments are described and claimed. | 2017-05-18 |
20170142056 | METHOD AND ELECTRONIC DEVICES FOR PROCESSING EMAILS - A method of processing emails, the method being executed by an electronic device, the method comprising: retrieving, by the electronic device, a first email originated from a user of an email service and a second email destined to the user of the email service, the first email and the second email comprising a respective first and a second email-inherent data, the first and the second email-inherent data being structured according to an email-native protocol of the email service; identifying, by the electronic device, a first summary data of the first email and a second summary data of the second email; generating, by the electronic device, a first and a second message element, the first message element comprising the first summary data and the second message element comprising the second summary data for a display concurrently, the first message element being visually distinguishable from the second message element. | 2017-05-18 |
20170142057 | ELECTRONIC INFORMATION SYSTEM ENABLING EMAIL-BASED TRANSACTIONS WITH FORMS - A method and apparatus for enabling email-based transactions utilizing forms in an electronic information system is described herein. The method includes determining to whether an alert related to a task is sent to a registered individual, on a condition that the alert related to the task should be sent, generating an email message, wherein the email includes at least one mailto link and a form for the registered individual to complete, transmitting the email message to the registered individual, receiving a response email from the registered individual, authenticating the email message and decoding a token, and updating an information database. | 2017-05-18 |
20170142058 | EMAIL AS A TRANSPORT MECHANISM FOR ACTIVITY STREAM POSTING - A method, system and computer program product for utilizing email as a transport mechanism for activity stream posting. The method, program system, and computer product may include receiving an email, with content, at a target email system of a target from a source email system of a source. Content that is to be posted to an activity stream is extracted from the email content. The extracted content is posted to the activity stream. The method, program system, and computer product may further include examining the email at the target to identify whether the email includes content that is to be posted to the activity stream, or the target email system may deliver the email to a designated email address mailbox assigned to emails containing content to be sent to the activity stream. A notification of the email may be provided or the mailbox may be checked for email. | 2017-05-18 |
20170142059 | ERRONEOUS COMMUNICATION PREVENTION APPARATUS FOR ELECTRONIC MAIL - An electronic mail client includes features for preventing addressing errors in electronic messaging such as those caused by predictive text features. A messaging client tracks addressing parameters including the length of time since each previous addressee has been messaged, the quantity of times selected addressees have been co-addressees on messages, if any, whether the addressees are designated as sensitive and whether the messages contain sensitive subject matter. If a high risk of addressing error is determined, the client delays transmission of the message to permit the user to review the message recipient addresses and correct any erroneous addressees. | 2017-05-18 |
20170142060 | TECHNIQUES FOR DIRECTING A DOMAIN NAME SERVICE (DNS) RESOLUTION PROCESS - In one embodiment, a privacy and security engine enables a user to specify a recursive resolver for a domain name service (DNS) resolution process. The privacy and security engine receives default DNS settings that specify a default recursive resolver to be implemented as a recursive resolver for the DNS resolution process. The default DNS settings are provided by an underlying mobile operator network to which the user device is connected. The privacy and security engine causes the user device to disregard the default DNS settings and implement customized DNS settings that specify a preferred recursive resolver to be implemented as the recursive resolver for the DNS resolution process. The customized DNS settings are associated with an activated privacy and security mode. Unlike conventional approaches to overriding DNS settings, the user is able to specify the recursive resolver that implements the DNS resolution process irrespective of the underlying network. | 2017-05-18 |
20170142061 | SYSTEM AND METHOD FOR DOMAIN MANAGEMENT AND MIGRATION - A system and method for managing domain registrations across multiple domain registrars, and for migrating domains from one or more server computers to one or more other server computers. More specifically but not exclusively, disclosure relates to software processes, algorithms, and protocols for the management and movement of domains, as accessed across a network. | 2017-05-18 |
20170142062 | NETWORK RESOURCE IDENTIFICATION - A system, method and computer-readable medium for client-side processing of resource identifiers. A client request for content is returned that includes information for generating a request for translation information and a number of embedded resource identifiers. Based on the information for generating a request for translation information, the client generates and obtains translation information and processes the embedded resource identifiers to obtain resources from a service provider. | 2017-05-18 |
20170142063 | WEB CONTENT DISPLAY SYSTEM AND METHOD - A web content display system including a provided interface, a processor, a storage unit and an operation interface. The processor is coupled to the provided interface, the storage unit and the operation interface. The provided interface is for inputting a web address with an authorization data corresponding thereto. The processor acquires and analyzes at least one web content corresponding to the web address to obtain a title, an article content with a display format corresponding thereto and an original marketing content with a display format corresponding thereto. The storage unit stores analyzed information and a third party marketing content. The operation interface receives a request for the title from a user device. The processor generates an embedded code executed by a web browser to display a reorganized web content. The article contents of the reorganized web content and the web content have the same display format. | 2017-05-18 |
20170142064 | ALLOCATION OF LOCAL MAC ADDRESSES TO CLIENT DEVICES - At a network device configured to control access to a network, a client device authentication request is received from a client device. The request includes identity credentials and a temporary media access control (MAC) address of the client device. The client device is successfully authenticated based on the identity credentials. After authentication, a new MAC address is established in the client device. A data frame is received from at the network device. It is determined whether the client device is using the new MAC address based on the received data frame. If it is determined that the client device is using the new MAC address, the client device is permitted access the network. | 2017-05-18 |
20170142065 | SYSTEM, METHOD, AND RECORDING MEDIUM FOR AN EMOTIONAL FIREWALL FOR DELETERIOUS INFORMATION - A method, system, and non-transitory computer readable medium for an emotional firewall including an information gathering device configure to gather information based on a user request, an emotional implication calculating device configured to calculate an emotional implication of conveying the information to a user, and a control device configured to control the conveying of the information to the user based on the emotional implication and a predetermined setting. | 2017-05-18 |
20170142066 | NETWORK DEVICE IMPLEMENTING TWO-STAGE FLOW INFORMATION AGGREGATION - A network security device includes a network flow statistics processing engine to process network flow information related to network flows. The network flow statistics processing engine includes a first processing stage performing per-flow information aggregation and a second processing stage performing per-destination system component information aggregation, with each processing stage implementing a threshold-based data export scheme and a timer-based data export scheme. In this manner, up-to-date flow information is available to peer system components regardless of the varying flow rates of the network flow. | 2017-05-18 |
20170142067 | METHOD AND SYSTEM FOR PACKET ACQUISTION, ANALYSIS AND INTRUSION DETECTION IN FIELD AREA NETWORKS - A system for intrusion detection in a field area network where data is transmitted via packets, includes a processor for analyzing the packets to ascertain whether the packets conform to a sets of rules indicating an intrusion, and a database for storing an alert indicating an intrusion if the packets conform to at least one rule in the sets. The sets of rules are for field network layer data, internet protocol traffic data and field area application traffic data. A method for detecting intrusion in a field area network where data is transmitted via packets, including analyzing the packets to ascertain whether the packets conform to the sets of rules, and storing an alert indicating an intrusion if the packets conform to at least one rule in the sets of rules. | 2017-05-18 |
20170142068 | MULTI-TENANT CLOUD-BASED FIREWALL SYSTEMS AND METHODS - A multi-tenant cloud-based firewall method from a client, performed by a cloud node, includes receiving a packet from the client, wherein the client is located externally from the cloud node; checking if a firewall session exists for the packet, and if so, processing the packet on a fast path where a lookup is performed to find the firewall session; if no firewall session exists, creating the firewall session; and processing the packet according to the firewall session and one or more rules. The cloud node can perform the method without a corresponding appliance or hardware on premises, at a location associated with the client, for providing a firewall. | 2017-05-18 |
20170142069 | METHOD AND SYSTEM FOR CHECKING COMPLIANCE OF MESSAGES WITH A USER-DEFINED COMMUNICATION MODEL - Techniques for generating a secure communication layer for a certain software application in a computer system are disclosed. The certain application is configured and operable to exchange data via a communication interface using a specific protocol implementation. A communication protocol model is generated for the specific protocol implementation based on input data about the specific communication protocol and being associated at least in part with functioning of the certain application. The generated communication protocol model is used for generating a dedicated protection layer component corresponding to the specific communication protocol, wherein the dedicated protection layer component is capable of analyzing communication traffic data associated with the certain application and validating communication traffic data addressed to the certain application and complying with the generated protocol model. | 2017-05-18 |
20170142070 | METHOD TO ENABLE DEEP PACKET INSPECTION (DPI) IN OPENFLOW-BASED SOFTWARE DEFINED NETWORK (SDN) - The present invention relates to a method and system for performing deep packet inspection of messages transmitted through a network switch in a Software Defined Network (SDN). Embodiments of the invention include a network switch, a controller, and a firewall in a software defined networking environment. In the present invention, the network switch is a simple network switch that is physically separate from the controller and the firewall. The invention may include a plurality of physically distinct network switches communicating with one or more controllers and firewalls. In certain instances, communications between the network switch, the controller, and the firewall are performed using the Open Flow standard communication protocol. | 2017-05-18 |
20170142071 | NETWORK SECURITY - An example of a computing system is described herein. The computing system includes a plurality of network security devices. The computing system also includes a network switch configured to direct network traffic. The computing system further includes a controller coupled to the network switch. The controller is to instruct the network switch in directing network traffic to the plurality of network security devices. | 2017-05-18 |
20170142072 | SAFE SECURITY PROXY - The system and method for protecting multiple networked enclaves each having one or more insecure machines. The system may include an attack detector as part of a secure node (e.g., SAFE node) proxy. The system may include an attack detector external to the proxy. The proxy may support multiple detectors and its actions may include isolating an insecure machine, cleansing an insecure machine, or tattling on (impugning the reputation of) an insecure machine. | 2017-05-18 |
20170142073 | INTERNET OF THINGS DATAPOINT ENGINE - Techniques allow owners of Internet of Things (IoT) devices to provide specific access to data from their IoT devices to requesters of data. A request for data from one or more IoT devices is received from one or more requesters, and the request is provided to the owner of the one or more IoT devices. An indication of acceptance by the owner is provided for at least one of the requests from the requesters. A public key of a public/private key pair associated with each of the accepted requester(s) is received. A plurality of datapoints from the one or more IoT devices is also received. For each of the selected requester(s), at least one datapoint of the plurality of datapoints is encrypted with the public key of the requester. The encrypted at least one datapoint is then sent to the requester, where the requester can decrypt the encrypted at least one datapoint using the private key of the public/private key pair. | 2017-05-18 |
20170142074 | Methods and First, Second and Network Nodes for Managing Traffic Characteristics - Methods and a first node ( | 2017-05-18 |
20170142075 | DIGITAL BROADCAST METHODS USING SECURE MESHES AND WAVELETS - Methods and apparatuses are presented for securely providing digital streaming data to subscriber devices using encrypted wavelet meshes. A recorded image may be subdivided into three sources of data: light sources, camera angles, and the objects themselves. Each of these sources of data may be considered unique from each other, and the totality of the three sources of data may comprise a complete image. Without one of the sources of data, the image may not be complete. Each of the three sources of data may therefore be characterized as key spaces, wherein encrypting part of or the entirety of even one of these key spaces prevents the complete image from being viewed. Methods and apparatuses are provided for utilizing the concept of encrypting at least a portion of at least one of the three key spaces in order to securely and/or privately transmit image data to subscribers. | 2017-05-18 |
20170142076 | SYSTEMS AND METHODS OF SECURE DATA EXCHANGE - In embodiments of the present invention improved capabilities are described for managing digital rights management (DRM) protected content sharing in a networked secure collaborative computer data exchange environment through a secure exchange facility managed by an intermediate organizational entity amongst users of a plurality of other organizational entities, wherein computer data content and access rights for the computer data content is shared between a first and second user, the computer data content and access rights for the computer data content are transformed into a DRM protected computer data content through communications with a DRM engine, wherein the DRM engine is selected based on a content type of the computer data content, and the DRM engine is provided by an entity other than the intermediate organizational entity and other than any of the plurality of other organizational entities. | 2017-05-18 |
20170142077 | DATA ENCRYPTION AND TRANSMISSION METHOD AND APPARATUS - Embodiments of the present invention provide a data encryption and transmission method and apparatus. The data encryption and transmission apparatus includes: a processing module, configured to evenly partition original data into N first data packets, where N is a positive integer; encrypt at least one first data packet in the N first data packets to obtain N encrypted first data packets; and encode, by using fountain code, the N encrypted first data packets to obtain M second data packets, where M is a positive integer, and M>N; and a sending module, configured to send the M second data packets obtained by the processing module to a receive end. The data encryption and transmission method and apparatus are provided in the embodiments of the present invention to improve security of encoding to-be-transmitted data by using the fountain code. | 2017-05-18 |
20170142078 | METHOD AND APPARATUS FOR PROVIDING SECURITY SERVICE FOR VEHICLE-DEDICATED DATA CHANNEL IN LINKING BETWEEN VEHICLE HEAD UNIT AND EXTERNAL DEVICE - A method and apparatus for providing a security service for a vehicle-dedicated data channel in linking between a vehicle head unit and an external device is disclosed. The method of providing the security service for the vehicle-dedicated data channel may include: transmitting, to the terminal, a predetermined integrity verification request message for requesting integrity verification of application software and an operating system included in the terminal; receiving an integrity verification result message from the terminal, exchanging a plaintext symmetric key with the terminal when integrity of the operating system and the application software is successfully verified according to the integrity verification result message; and establishing a vehicle-dedicated data channel to the terminal and transmitting and receiving a packet encrypted using the plaintext symmetric key through the established vehicle-dedicated data channel when the plaintext symmetric key is successfully exchanged. | 2017-05-18 |
20170142079 | SECURE SOFTWARE UPDATES - Improved techniques to update software in electronic devices that are already in use are disclosed. In one embodiment, software can be updated in a secure and controlled manner using cryptography. The authenticity of the updated software as well as its appropriateness for the particular electronic device can be confirmed prior to update. The software can also be updated on a per module basis. In one embodiment, a server hosts software updates for various electronic devices, and supplies the appropriate software update to the electronic devices via a data network. | 2017-05-18 |
20170142080 | SYSTEMS AND METHODS FOR USER ACCOUNT RECOVERY - Systems, methods, and non-transitory computer-readable media can determine a user request to recover control of an account for accessing an account provider system. A recovery token that is associated with the account can be obtained. A signature for at least a portion of the recovery token can be generated. Metadata information associated with the account provider system can be obtained. The signed recovery token can be provided to the account provider system based at least in part on the metadata information, wherein the account provider system is configured to provide control of the account to the user upon validating the signed recovery token. | 2017-05-18 |
20170142081 | Parallelizable Encryption Using Keyless Random Permutations And Authentication Using Same - First and second computer systems exchange randomness and the first computer system derives a uniformly random key from the randomness. The first computer system encrypts a multitude of blocks of plaintext using the uniformly random key to create a corresponding multitude of blocks of ciphertexts. The exchanging, deriving, and encrypting each uses a public random permutation. The first computer system transmits the multitude of blocks of ciphertexts to the second computer system. Another example includes the first computer system exchanging randomness and deriving the uniformly random key. The first computer system generates an authentication tag on a multitude of blocks of plaintexts. The exchanging, deriving, and generating each uses a public random permutation. The first computer system sends the authentication tag and the multitude of blocks of plaintext to the second computer system for authentication of the plaintext by the second computer system. Systems, methods, and program products are disclosed. | 2017-05-18 |
20170142082 | SYSTEM AND METHOD FOR SECURE DEPOSIT AND RECOVERY OF SECRET DATA - A system and method are disclosed for providing secure deposit and recovery of secret data based on a secret of a user, such as a password, a shared secret from a recovery server, and a secret from a recovery peer. The secret data is encrypted with these three secrets and stored remote from the user device to only allow the user to recover the secret data without compromising the secrecy of the secret data. Systems and methods for decoupling a password from the secret data the password protects is also provided to allow resetting the password or recovering the secret data to be separate operations that can be carried out independently. Another aspect provides for a user account to be securely recovered using a recovery peer to verify ownership of the user account. | 2017-05-18 |
20170142083 | SECURE DATA PROVISIONING - A first instruction to store an entity identification (ID) in a memory of a device may be received. The entity ID may be stored in the memory in response to receiving the first instruction. Furthermore, a second instruction to store a value based on a key in the memory of the device may be received. A determination may be made as to whether the value based on the key that is to be stored in the memory corresponds to the entity ID that is stored in the memory. The value based on the key may be stored in the memory of the device when the value based on the key corresponds to the entity ID. | 2017-05-18 |
20170142084 | Systems and Methods for Employing RSA Cryptography - A system that includes a client front end, a client server, and an authentication server, wherein the authentication server is configured to contains a public key to be employed for encryption of a license key, and the client server is configured to contain a private key to be employed for decryption of the license key. | 2017-05-18 |
20170142085 | Systems and Methods for Authenticating Network Messages - Networks and methods for use in authenticating messages, based on the clients and the computing devices, are provided. One exemplary method generally includes performing, by an API gateway, validation of a computing device based on a certificate identifying the computing device as one of the recognized computing devices, via the repository, and performing, by the API gateway, validation of the client based on the client certificate via a global access manager, separate from the repository. The exemplary method further includes causing a security token indicative of the client to be generated, when the computing device and the client are validated, whereby the security token is indicative of the client and permits the message, from the client, to be delivered to one or more backend services. | 2017-05-18 |