21st week of 2016 patent applcation highlights part 67 |
Patent application number | Title | Published |
20160149817 | ANALYSIS DEVICE - An analysis device analyzes a packet processed by a communication device connected with a network. The analysis device includes a receiver and an analyzer. The receiver receives a mirror packet of the packet transmitted through the network. The analyzer obtains and analyzes a portion of information in the mirror packet, and determines a necessity or lack thereof for a function of the communication device to be performed on the packet transmitted through the network based on analysis results of the analyzer. | 2016-05-26 |
20160149818 | METHOD AND APPARATUS FOR OPTIMIZING TRANSMISSIONS IN WIRELESS NETWORKS - Various communication systems may benefit from optimized transmissions. A method can include receiving data to be forwarded to a first wireless device. The method can also include determining the data as delay tolerant data. Moreover, the method can include defining a role of at least one second wireless device for forwarding the delay tolerant data. Also, the method can include transmitting the delay tolerant data to the second wireless device to be forwarded to the first wireless device. | 2016-05-26 |
20160149819 | SYSTEMS AND METHODS FOR HARDWARE ACCELERATED TIMER IMPLEMENTATION FOR OPENFLOW PROTOCOL - A new approach is proposed to support a virtual network switch, which is a software implementation of a network switch utilizing hardware to accelerate implementation of timers of the virtual network switch under OpenFlow protocol. The approach utilizes a plurality of hardware-implemented timer blocks/rings, wherein each of the rings covers a specified time period and has a plurality of timer buckets each corresponding to an interval of expiration time of timers. When a new flow table entry is programmed at an OpenFlow agent of the virtual network switch, its associated timer entries are created and inserted into the corresponding timer bucket based on the expiration time of the timers. During operation, hardware of the virtual network switch traverses the timer rings for the timer bucket which time has expired, identifies timer entries in the expired timer bucket, interrupts CPU or provides a notification to the agent with necessary contextual information. | 2016-05-26 |
20160149820 | Hash Level Load Balancing For Deduplication Of Network Packets - Systems and methods are disclosed for hash level load balancing for removal of duplicate network packets to form deduplicated packet streams. Hash values for input packets are used in part to select deduplication engines to receive hash data associated with received input packets, and this hash data is then forwarded to the selected deduplication engines for deduplication processing. The hash level load balancing reduces bandwidth requirements within the deduplication processing as compared to prior packet-based load balancing solutions for deduplication systems. Additional embodiments utilize port identifiers in addition to hash values to allow for increased flexibility in deduplication of packets from multiple input ports. | 2016-05-26 |
20160149821 | Autonomic Ingress Traffic Load Balancing in Link Aggregation Groups by Modification of Switch Routing - Mechanisms are provided for performing traffic load balancing on ingress traffic directed to a Link Aggregation Group (LAG). The mechanisms monitor a ingress traffic load across a plurality of links of the Link Aggregation Group (LAG). The mechanisms determine if the ingress traffic load across the plurality of links is unbalanced. Moreover, the mechanisms, in response to determining that the ingress traffic load across the plurality of links is unbalanced, send a message to a switch associated with the LAG requesting the switch to modify routing of ingress traffic to the LAG to perform ingress traffic load balancing. | 2016-05-26 |
20160149822 | Autonomic Traffic Load Balancing in Link Aggregation Groups By Modification of Switch Ingress Traffic Routing - Mechanisms are provided for performing traffic load balancing on ingress traffic directed to a Link Aggregation Group (LAG). The mechanisms monitor a ingress traffic load across a plurality of links of the Link Aggregation Group (LAG). The mechanisms determine if the ingress traffic load across the plurality of links is unbalanced. Moreover, the mechanisms, in response to determining that the ingress traffic load across the plurality of links is unbalanced, send a message to a switch associated with the LAG requesting the switch to modify routing of ingress traffic to the LAG to perform ingress traffic load balancing. | 2016-05-26 |
20160149823 | Most Connection Method for Egress Port Selection in a High Port Count Switch - A switch according to the present invention can have a number of ports in an ASIC greater than the ASIC clock speed divided by the network protocol rate. The switch ASIC contains multiple blocks, each block having a number of ports equal to the ASIC clock speed divided the packet rate of the protocol. Each block has a number of queues equal to the total number of ports on the ASIC to receive packets. The queues are scheduled from each block into a number of outputs equal to the number of blocks. The outputs of each block are received by a scheduler which evaluates the packets available at the outputs of each block to determine the combination of outputs which provides the most connections that are ready for transmission. The combination with the most connections is then utilized to provide packets to the egress section of each block. | 2016-05-26 |
20160149824 | UTILIZING ACCESS CONTROL DATA STRUCTURES FOR SHARING COMPUTING RESOURCES - Systems and methods for sharing resources between multiple processing streams. An example method may comprise: maintaining, by a processing device, a first variable identifying a number of processing streams waiting to access a resource; performing an atomic operation on a second variable comprising a first portion and a second portion, the atomic operation comprising incrementing the first portion to reflect a number of available units of the resource and further comprising reading the second portion reflecting a value of the first variable. | 2016-05-26 |
20160149825 | COMPONENT SERVICES INTEGRATION WITH DYNAMIC CONSTRAINT PROVISIONING - Resource provisioning information links to resource provisioning information of at least one reusable component resource that satisfies at least a portion of user-specified resource development constraints of a new resource under development are identified within a resource provisioning-link registry. Using the identified resource provisioning information links, the resource provisioning information of the at least one reusable component resource is programmatically collected from at least one data provider repository that stores reusable resources and that publishes the resource provisioning information links to the resource provisioning-link registry. The programmatically-collected resource provisioning information of the at least one reusable component resource is analyzed. Based upon the analyzed programmatically-collected resource provisioning information of the at least one reusable component resource, a resource integration recommendation is provided that uses the at least one reusable component resource and that satisfies at least the portion of the user-specified resource development constraints of the new resource under development. | 2016-05-26 |
20160149826 | MEMORY USAGE OPTIMIZATION METHOD - The invention relates to memory usage optimization. A method for memory usage optimization comprises establishing a connection between a client device and a server suitable to have a plurality of connections with a plurality of client devices, utilizing a server memory of the server for establishing and maintaining connection of the client device with the server by connection content data and data structures, storing the connection content data and data structures to a disk from the server memory when the connection shifts to an idle state, and removing the connection data and data structure from the server memory. | 2016-05-26 |
20160149827 | BULK UPLOADING OF MULTIPLE SELF-REFERENCING OBJECTS - A computer implemented method, computer program product, and system for performing create, read, update, or delete operations on a plurality of resources in a client-server environment. In an embodiment, the computer implemented method includes the steps of identifying individual resources requiring operations to be performed, assigning local references for any resources to which a URI (Uniform Resource Identifier) has not been provided by the server, generating metadata describing the local references and operations to be performed, wrapping each individual resource with the metadata to provide a plurality of wrapped resources arranging the wrapped resources into a single payload, and transmitting the single payload to the server. | 2016-05-26 |
20160149828 | CLUSTERED STORAGE SYSTEM PATH QUIESCENCE ANALYSIS - A request that indicates a component that can be quiesced is received at a first node. It is determined that quiescence of the component might impact an endpoint. A request for identification of at least one path between a second node and the endpoint is sent to the second node. It is determined, based on a response received from the second node, whether the endpoint will be accessible to the second node if the component is quiesced. In response to a determination that the endpoint will be accessible to the second node if the component is quiesced, a positive analysis outcome is indicated. In response to a determination that the endpoint will not be accessible to the second node if the component is quiesced, a negative analysis outcome is indicated. | 2016-05-26 |
20160149829 | REVERSE BREADTH-FIRST SEARCH METHOD FOR OPTIMIZING NETWORK TRAFFIC IN A DISTRIBUTED SYSTEM WITH A POINT OF CONVERGENCE - Techniques are disclosed herein for managing network bandwidth in a distributed system having multiple endpoints that upload data to a central server or server cluster. One embodiment provides a computer-implemented method that includes receiving a logical topology of the network that is determined based on network measurements. The method further includes generating a tree having links of the logical network topology as nodes, and allocating bandwidth during a traversal of the tree to obtain a bandwidth allocation scheme for the endpoints uploading data. In addition, the method includes controlling bandwidth consumption by the endpoints based on the determined bandwidth allocation scheme. | 2016-05-26 |
20160149830 | MARKET-DRIVEN VARIABLE PRICE OFFERINGS FOR BANDWIDTH-SHARING AD HOC NETWORKS - Systems and methods to establish and execute market-driven variable price offerings among the lenders and borrowers in a bandwidth-sharing ad hoc network for shared bandwidth usage. The method comprises establishing and executing market-driven variable price offerings among lenders and borrowers. A bandwidth-sharing ad hoc network for shared bandwidth usage is formed based on the established and executed market-driven variable price offering. | 2016-05-26 |
20160149831 | RESOLVING A CONVEX OPTIMIZATION PROBLEM TO OPTIMIZE NETWORK TRAFFIC IN A DISTRIBUTED SYSTEM - Techniques are disclosed herein for managing network bandwidth in a distributed system having multiple endpoints that upload data to a central server or server cluster. One embodiment provides a computer-implemented method that includes receiving a logical topology of the network that is determined based on network measurements. The method further includes resolving a convex optimization problem over the logical topology to determine a bandwidth allocation scheme for the endpoints uploading data. In addition, the method includes controlling bandwidth consumption by the endpoints based on the determined bandwidth allocation scheme. | 2016-05-26 |
20160149832 | METHOD AND APPARATUS FOR INCREASING SUBRESOURCE LOADING SPEED - Provided are methods and apparatus for increasing subresource loading speed. A method may include receiving a page request initiated by a user, extracting the host domain name corresponding to the page URL, and querying if the hash table has a domain name tree corresponding to the host domain name; if the hash table has a domain name tree corresponding to the host domain name, traversing the domain name tree to extract a plurality of subresource domain names with the highest priority, and at the same time, establishing TCP connections for the host domain name and the plurality of subresource domain names; when the main document data of the host domain name is received, initiating a subresource loading request according to the subresource URL in the main document data; if the subresource domain name in the subresource loading request is a domain name in the above plurality of subresource domain names, directly initiating a HTTP request by using the previously established TCP connection, and completing the loading of the subresource. By establishing TCP connections for subresource domain names with high priority in advance, such methods and apparatus solve the problem that TCP connection needs to be established on site when a subresource loading is requested. | 2016-05-26 |
20160149833 | DISCOVERING AND IDENTIFYING RESOURCE DEPENDENCIES - Discovering and identifying resource dependencies. Resources are discovered and managed as configuration items, wherein selected configuration items are each assigned a Uniform Resource Identifier (URI) object. The assigned URI-objects are included in configuration data structures. The configuration data structures are stored in a configuration management system. A resource accessor address and an access point address are assigned. Further, an access resolve entry object is provided that provides a function for address translations, wherein the access resolve entry object includes at least a part of the resource accessor address and at least a part of the access point address, each of them in the URI-object form. | 2016-05-26 |
20160149834 | STORAGE DEVICE IN WHICH FORWARDING-FUNCTION-EQUIPPED MEMORY NODES ARE MUTUALLY CONNECTED AND DATA PROCESSING METHOD - According to one embodiment, a storage device includes a plurality of memory nodes. Each of memory nodes includes a plurality of input ports, a plurality of output ports, a selector, a packet controller and a memory. The selector outputs a packet input to the input port to one of the output ports. The packet controller controls the selector. The memory stores data. The memory nodes are mutually connected at the input ports and the output ports. The memory node has an address that is determined by its physical position. The packet controller switches the output port that outputs the packet based on information including at least a destination address of the packet and an address of the memory node having the packet controller when receiving a packet that is not addressed to the memory node having the packet controller. | 2016-05-26 |
20160149835 | Relay Apparatus - A relay apparatus includes line cards, switch fabric cards, and a management card. The management card and the switch fabric cards are connected through a first communication network, and the switch fabric cards and the line cards are connected through a second communication network. The switch fabric card includes an error control unit. The error control unit stops switching of data transmission using a path of the second communication network by controlling the switch fabric card as an abnormal state based on an error signal that is output when a fault of the first communication network or an internal fault of the switch fabric card is detected as an error. | 2016-05-26 |
20160149836 | Communication and Messaging Architecture for Affiliated Real-Time Rich Communications Client Devices - A real-time rich communications (“RTC”) architecture consolidates a SIP/IMS framework and other frameworks for the desired communication and messaging services into a RTC host, which functions like a client to a SIP/IMS core in an IMS network, but which functions like a server to any number of RTC client devices over any number and any type of RTC capable networks. Advantageously, the RTC host may manage the RTC functions in the RTC clients without requiring support from any network infrastructure. Advantageously, the frameworks may be but need not necessarily be modular to facilitate design flexibility, modification, and upgrade. Advantageously, an RTC client may be a thin client. | 2016-05-26 |
20160149837 | SOCIAL NETWORK CHANNEL COMMUNICATION - Technologies are described for methods and systems effective for sending a communication from a first device to a second and a third device. The methods may comprise receiving a request to send the communication from the first device to a group that includes the second and the third device. The methods may include determining the group includes the second device and the third device. The methods may comprise identifying an email address associated with the second device. The methods may comprise identifying a text address associated with the third device. The methods may comprise sending the communication to the second device with use of the email address. The methods may comprise sending the communication to the third device with use of the text address. | 2016-05-26 |
20160149838 | METHOD OF PROVIDING MESSAGE AND USER DEVICE SUPPORTING THE SAME - A method of providing a message by a user device and user device supporting the same are provided. The method includes displaying a message with a first attribute through a user device, detecting a user input corresponding to a portion of the message, and providing the portion with a second attribute based on the user input. | 2016-05-26 |
20160149839 | Multi-Network Chat System - A network-based chat server provides a virtual chat room for chat participants, and synchronizes and shares chat dialogue exchanged between the chat participants regardless of whether the chat participants are logged onto the same chat platform or different chat platforms. The chat server includes a plurality of chat proxies; each of which is configured to communicate data with a particular chat platform. A chat synchronizer function executing at the chat server communicates the chat dialogue between the chat participants via the chat proxies. | 2016-05-26 |
20160149840 | PRESENCE AND GEOGRAPHIC LOCATION NOTIFICATION BASED ON A DELEGATION MODEL - A user of an instant messaging system may store names of other users of the instant messaging system on a participant list (which may be referred to as a “buddy list”), and the names may be categorized into one or more groups. Similarly, a user of a mobile device, such as a mobile telephone, may store contact information about people on the mobile device. Information describing the on-line presence of the user within the instant messaging system or geographic location of a mobile device, such as a mobile telephone associated with the user system, may be disseminated to users on the participant list or people on the contact list based on notification information that is associated with groups of users or contacts. A delegation model is used to control whether a user is permitted to make modifications to the notification information. | 2016-05-26 |
20160149841 | MESSAGING FOR EVENT LIVE-STREAM - A messaging system for a live event is described. A processing device provides a user interface having at least a first portion and a second portion. The first portion includes a media player streaming a live event having at least one active participant. The user interface is different from a native interface of an event hosting platform. The processing device receives one or more active participant messages entered via the native interface of the event hosting platform during the live event. The processing device also receives one or more viewer messages via the second portion of the user interface during the live event. The processing device provides the one or more active participant messages and the one or more viewer message for presentation in the second portion of the user interface during the live event. The presented viewer messages are integrated with the active participant messages. | 2016-05-26 |
20160149842 | METHOD, SYSTEM AND RECORDING MEDIUM FOR COMMUNICATING AND DISPLAYING CONTENT IN A MESSENGER APPLICATION - In one example embodiment, a communication method includes identifying a selection instruction for content provided by a content provider, and establishing a communication link between a first account of a user and a second account of a business operator relevant to the content based on the identification of the selection instruction. | 2016-05-26 |
20160149843 | SYSTEMS AND METHODS FOR CREATING AND ACCESSING COLLABORATIVE ELECTRONIC MULTIMEDIA COMPOSITIONS - Systems and methods for production of a collaborative electronic multimedia composition allow an initiator to select a collaboration template and multiple collaborating users. The collaborating users receive invitations to contribute to the collaborative electronic multimedia composition by customizing one or more fields of the collaboration template with multimedia content, including for example photographs and captions. | 2016-05-26 |
20160149844 | CONTEXTUAL INTERSTITIALS - An interstitial message server system selects a like interstitial message that corresponds to a like user event generated by a user, a skip interstitial message corresponding to a skip user event generated by the user and a playthrough interstitial message corresponding to a play through user event. The like, skip and playthrough interstitial messages can be selected based upon an identifier of a media object that can be presented to the user. At least one each of the like, skip and playthrough interstitial messages can be sent to a user computer before or during the presentation of a media object. While or after the media object is presented to the user at the user computer, the user computer can be caused to detect a like, skip or playthrough user event with respect to the media object. The user computer can be caused to present the like, skip or playthrough interstitial message that was received by the computer and that corresponds to the detected like, skip or playthrough user event with minimal delay from the time the user event is detected. | 2016-05-26 |
20160149845 | METHOD AND SYSTEM OF AUTOMATING DATA CAPTURE FROM ELECTRONIC CORRESPONDENCE - In some embodiments, electronic data may be automatically captured to provide a user with a universal Internet identity and e-mail address, comprehensive e-mail filtering and forwarding services, and e-receipt identification and data extraction. Detailed user e-mail preferences data stored at a central server may be selectively altered such that incoming correspondence is redirected in accordance with the user's preferences. Computer program code at the central server may parse incoming e-mail header information and data content, selectively extract data from identified types of correspondence, and forward the extracted data in accordance with the user's preferences. Additional computer program code may manipulate the extracted data in accordance with format requirements and display the manipulated data to a user in a desired format. | 2016-05-26 |
20160149846 | PUBLISH/SUBSCRIBE MESSAGING USING MESSAGE STRUCTURE - Publish/subscribe messaging using a message structure carried out at a messaging intermediary system is provided. A plurality of lists to which publishing entities can publish messages and to which subscribing entities can subscribe to messages is maintained. A list for messages conforming, at least partly, to a common message structure is provided. A request from a publishing entity or a subscribing entity is matched to one or more provided lists by comparing a message having a message structure or an abstract representation of one or more messages to the provided lists. Messages conforming, at least partly, to the common message structure via the list are shared. | 2016-05-26 |
20160149847 | METHOD AND SYSTEM FOR CORRELATING CONVERSATIONS IN MESSAGING ENVIRONMENT - A computer based method for correlating conversations is provided, including the steps of providing a discussion interface at an interface device, receiving an indication that one of several messages displayed at the discussion interface is part of an active conversation, providing a message entry location for imputing new messages associated with the discussion interface, and receiving new messages at the message entry location. New messages received are automatically associated with the active conversation by displaying them with a visual cue shared by all messages associated with the active conversation. | 2016-05-26 |
20160149848 | METHODS AND APPARATUS FOR ENHANCED COMMUNICATION IN EMAIL APPLICATIONS - A method and system for providing a communication stream for associating messages are described. A communication stream receives various message types including messages, posts, events, tasks, and comments, and presents them to users. Private messages relating to one or more messages may be sent between and among one or more users. | 2016-05-26 |
20160149849 | Systems and Methods for Generating a Message Topic Training Dataset from User Interactions in Message Clients - Systems and methods for classifying messages are provided. Each message in a plurality of messages is classified, thereby independently identifying a message category in a set of message categories for each respective message in the plurality of messages. The plurality of messages is delivered to a plurality of recipients with a designation of the message category of each respective message in the first plurality of messages. A plurality of recipient initiated message interaction events for messages in the first plurality of messages over a predetermined period of time is collected from the plurality of recipients. A message categorization dataset is then constructed from (i) the first plurality of messages, (ii) the designation of the message category of each respective message in the subset of the first plurality of messages, and (iii) the plurality of recipient initiated message interaction events. This message categorization dataset is used to train or evaluate a message classifier. | 2016-05-26 |
20160149850 | INTELLIGENT SCHEDULING FOR EMPLOYEE ACTIVATION - Techniques for intelligent scheduling of content sharing by company employees via an online social networking service are described. According to various embodiments, a request is received from a member of an online social networking service to share a content item among members in the member's connection network on the online social networking service. Member behavior log data associated with the members in the connection network of the member is then accessed. Thereafter, an optimum sharing time for sharing the content item among the members in the member's connection network is calculated. The content item is then caused to be shared at the optimum sharing time with the members in the member's connection network. | 2016-05-26 |
20160149851 | SUGGESTED CONTENT FOR EMPLOYEE ACTIVATION - Techniques for identifying suggested online content for company administrators to broadcast to company employees via an online social networking service are described. According to various embodiments, a plurality of suggested content items are displayed, via an administrator user interface, to a user associated with a company. A user request is then received via the administrator user interface, the request being to broadcast a recommendation to view a specific content item of the suggested content items to one or more employees of the company that are members of an online social networking service. The recommendation to view the specific content item is then broadcast to the employees of the company. | 2016-05-26 |
20160149852 | GROUP FORMATION FOR EMPLOYEE ACTIVATION - Techniques for forming groups of employees for receiving online content broadcasted by company administrators via an online social networking service are described. According to various embodiments, a plurality of content items is displayed, via an administrator user interface, to a user associated with a company. Thereafter, a user specification of a topic-based group is received together with a user request to broadcast a recommendation to view a specific content item to one or more employees of the company that are members of an online social networking service and that are associated with the topic-based group. The employees of the company that are associated with the topic-based group are then identified, and the recommendation to view the specific content item is broadcasted to the employees of the company that are associated with the topic-based group. | 2016-05-26 |
20160149853 | TEXT MESSAGE INTEGRATION WITH A COMPUTER-IMPLEMENTED COLLABORATION PLATFORM - The present disclosure describes integrating SMS/MMS messaging with an electronic communications collaboration platform, and filtering SMS/MMS messages within a collaboration platform environment. One method includes associating a phone number with a particular project within a collaboration platform to form a project phone number, receiving a message at the project phone number, based on receiving the message at the project phone number, adding the content of the message to an activity feed of the particular project, and sending the message content added to the activity feed to one or more phone numbers from the project phone number. A project phone number can be associated with a plurality of projects, and the phone number from which a message is received at the project plurality phone number is compared to project data of the plurality of projects to route the message content to an activity feed of a project of the plurality of projects. | 2016-05-26 |
20160149854 | Framework for Application to Application Interworking in the M2M World - One aspect of the teachings herein is directed to a framework through which M2M applications can interact with each other, either through configuration or via autonomous interaction. In one example, the contemplated framework allows applications to publish their interfaces in a discoverable fashion, and allows the invocation of applications in a manner that allows for the retrieval of results of operations invoked on the target application. At least some embodiments protect the security and confidentiality of the information involved in those interactions. | 2016-05-26 |
20160149855 | SERVICE PROCESSING METHOD, SYSTEM, AND RELEVANT DEVICE - Embodiments of the present invention provide a service processing method, system and relevant device. The method includes: when a gateway device receives an activation request sent by a user equipment, allocating, by the gateway device, a user IP address to the user equipment; and sending, by the gateway device, user information and the user IP address of the user equipment to an SP server, so that the SP server saves a correspondence between the user IP address and the user information and performs service processing on a service packet according to the correspondence between the user IP address and the user information. By using the present invention, loss of system resources of a gateway device may be reduced. | 2016-05-26 |
20160149856 | OPTIMIZING GLOBAL IPV6 ADDRESS ASSIGNMENTS - In one embodiment, a device in a network determines that one or more network nodes should use a stateful address configuration protocol to obtain network addresses. The device causes the one or more network nodes to use the stateful address configuration protocol, in response to determining that the one or more nodes should use the stateful address configuration protocol to obtain network addresses. The device determines that the one or more network nodes should use a stateless address configuration protocol to obtain network addresses. The device causes the one or more network nodes to use the stateless address configuration protocol, in response to determining that the one or more nodes should use the stateless address configuration protocol to obtain network address. | 2016-05-26 |
20160149857 | PROCESS FOR ASSIGNING A NETWORK ADDRESS TO A TERMINAL NETWORK-ELEMENT, NETWORK, INTERCONNECTION NETWORK-ELEMENT, ADDRESSING SERVER AND ASSOCIATED TERMINAL NETWORK-ELEMENT - The invention relates to a process for assignment, by an addressing server for a network, of a network address to a terminal network-element connected to one of the connection ports of one of the interconnection network-elements of said network, comprising: transmission of a network address request by said terminal network-element to said interconnection network-element, the determination by said interconnection network-element of a location of said terminal network-element where said location combines a topological identifier for said interconnection network-element with at least one identifier for said connection port, the transmission by said interconnection network-element to said addressing server of said request with said location, assignment by said addressing server to said terminal network-element of said network address based on said location. | 2016-05-26 |
20160149858 | TRANSPARENT TUNNELING ARCHITECTURE FOR A SECURED DATABASE - A method and associated systems for a transparent tunneling architecture for a secured database. A tunneling driver captures a user's database-access request before it can be blocked by a security gateway. The driver translates the request into a Web-service request, where the requested Web service is implemented by means of classes or objects that correspond to database operations. The request is formatted into a standard database-independent form that the security gateway allows to pass to the database server intact. A Web-service runtime environment interprets the requested Web service, thereby instructing the server-side database-management application to respond to the user's access request. In a reverse procedure, the database's response is translated into a Web-service response to the requested Web service that may similarly tunnel through the security gateway, and that is then translated back into a form that may be properly interpreted by the requesting user's client application. | 2016-05-26 |
20160149859 | Managing Authentication Requests when Accessing Networks - Techniques for managing authentication requests. At a gateway device to a network, packets of a message intended for said network are received. Fields within payloads of the packets which contain authentication or authorization information are read. The message is redirected to an authentication server. The authentication server determines that a requester who sent the message to the gateway device is authorized to access a target resource specified in the message and responds to the gateway device that the requester is authorized to access the target resource. The gateway device responds to the requester that the requester is authorized to access the target resource. The gateway device notifies a server hosting the target resource that the requester is authorized to access the target resource. If the gateway device receives a subsequent message from the requester to utilize the target resource, the gateway device forwards the message toward the server. | 2016-05-26 |
20160149860 | SECURE DATA REDACTION AND MASKING IN INTERCEPTED DATA INTERACTIONS - A method for modifying intercepted data interactions is provided in the illustrative embodiments. At a security application executing in a security data processing system, an intercepted packet of data arranged according to a protocol is received from an intercepting agent executing in an intercepting data processing system. A security policy is applied to the intercepted packet. In an instruction according to a coding grammar, a modification of the intercepted packet is encoded. The instruction is suited for the encoding under a circumstance of the modifying. The instruction is sent to the intercepting agent. The intercepting agent at the intercepting data processing system performs the modification according to the security policy and independently of the protocol. | 2016-05-26 |
20160149861 | Firewall with Application Packet Classifier - An improved system for establishing rules in a firewall for an industrial network is disclosed. Rules are established at an application level, identifying, for example, actions to occur between two devices. The action may be, for example, read data table or get attribute, and each action may require multiple message packets to be transmitted between the two devices in order to complete. A network device executing the firewall is configured to receive message packets from a sending device and to inspect the message packets to determine which action the sending device is requesting to perform. If the action corresponds to a rule in the database, the network device manages communications between the two devices until all message packets have been transmitted. Thus, a single action, or application, may be defined in the rules database to permit multiple data packets to be communicated between the devices. | 2016-05-26 |
20160149862 | Systems and Methods For Implementing A Privacy Firewall - Systems and methods for protecting private data behind a privacy firewall are disclosed. A system for implementing a privacy firewall to determine and provide non-private information from private electronic data includes a data storage repository, a processing device, and a non-transitory, processor-readable storage medium. The storage medium includes programming instructions that, when executed, cause the processing device to analyze a corpus of private electronic data to identify a first one or more portions of the data having non-private information and a second one or more portions of the data having private information, tag the first one or more portions of the data as allowed for use, determine whether the second one or more portions of the data includes non-private elements, and if the second one or more portions of the data comprises non-private elements, extract the non-private elements and tag the non-private elements as information allowed for use. | 2016-05-26 |
20160149863 | METHOD AND SYSTEM FOR MANAGING A HOST-BASED FIREWALL - Disclosed herein are a system and method for managing a firewall of one or more host computing device associated with a customer, wherein each host computing device including a configurable firewall. In one arrangement, the system includes: a central management suite coupled to a first host computing device via a communications link, said central management suite including: a management portal for receiving instructions from said customer relating to a set of policies, wherein each policy defines a set of firewall rules; a storage device for storing said set of policies in a format inapplicable for configuring the firewall of the first host computing device; and a management policy module for retrieving from said stored set of policies a policy associated with said first host computing device. The system further includes: a first policy translator resident on said first host computing device for receiving said retrieved policy from said central management suite, via said communications link, and for translating said retrieved policy to a format applicable for configuring the firewall of the first host computing device to facilitate implementing a set of firewall rules defined by said retrieved policy. | 2016-05-26 |
20160149864 | METHOD AND SYSTEM FOR E-READING COLLECTIVE PROGRESS INDICATOR INTERFACE - A method and system for implementing an e-reading collective progress indicator interface is provided. One embodiment, utilizes a share progress selection to share reading progress between members in a trusted e-reading community reading the same e-book. In addition, an indicator bar is provided to indicate the reading progress of each of the members in the trusted e-reading community, such that any member can view the reading progress of any other member in the trusted e-reading community that has selected to share reading progress. | 2016-05-26 |
20160149865 | CRYPTOGRAPHIC SECURITY PROFILES - Two endpoint devices communicate with one another in a secure session by negotiating encrypted communications at initial establishment of the session. Each endpoint device communicates its available security profiles to the other endpoint. A specific security profile is then selected that defines the data encryption and authentication used during the secure session between the two endpoint devices. | 2016-05-26 |
20160149866 | ACCUMULATING AUTOMATA AND CASCADED EQUATIONS AUTOMATA FOR NON-INTERACTIVE AND PERENNIAL SECURE MULTI-PARTY COMPUTATION - A method of securely executing practically unbounded input stream of symbols, by non-interactive, multi-party computation, according to which the input stream is distributed among a plurality of parties, which do not communicate among themselves throughout execution, by a dealer with a secret initial state. The dealer distributes shares of the secret state between the parties. The input stream is executed by a finite-state automaton which may be an accumulating automaton with accumulating nodes or an automaton that is defined by a series of cascaded equations. During any execution stage, the input stream and the current state of the original automaton are concealed from any coalition of participants being smaller than a given threshold. Upon receiving a signal from the dealer, the parties terminate the execution and submit their internal state to the dealer, which computes the current state that defines the computation result. | 2016-05-26 |
20160149867 | ADAPTIVE TRAFFIC ENCRYPTION FOR OPTICAL NETWORKS - A technique is provided for a transmitting optical network element with an encrypting entity. The transmitting optical network element has an interface for receiving key information from a key management entity, storage means for storing a public key received by the key management entity, and a key generation entity configured for generating a symmetric encryption key. The transmitting optical network element is adapted to encrypt a received payload to be transmitted to a receiving optical network element using the generated symmetric encryption key, encrypt the generated symmetric encryption key using the public key of the receiving optical network element, and transmit the encrypted payload and the encrypted symmetric encryption key via an optical network to the receiving optical network element. | 2016-05-26 |
20160149868 | CONTENT TRANSMISSION DEVICE AND CONTENT TRANSMISSION METHOD, CONTENT RECEPTION DEVICE AND CONTENT RECEPTION METHOD, COMPUTER PROGRAM, AND CONTENT TRANSMISSION SYSTEM - To reduce a load of time and cost at the time of transition to a safer system in which an encryption scheme is newly set. By allowing a device of a transition step which implements a predetermined security reinforcement measure to handle high-value content only for a given system transition period, a problem of a time necessary for the transition can be avoided and the transition to the safer system can be performed smoothly. The device mentioned herein which implements the predetermined security reinforcement measure is, for example, a device which supports only an existing encryption algorithm and for which security of a weaker portion other than the encryption scheme is ensured. | 2016-05-26 |
20160149869 | KEY ESTABLISHMENT FOR CONSTRAINED RESOURCE DEVICES - It is disclosed a method and a constrained resource device ( | 2016-05-26 |
20160149870 | Network Authentication Method using a Card Device - A network authentication method includes: by a user terminal, through execution of an application, connecting to a network server and sending a server verification request to a card device coupled to the user terminal; by the card device, generating a server dynamic link program based on a server verification code, encrypting the server dynamic link program, and transmitting the encrypted server dynamic linking program to the network server through the user terminal; by the user terminal, sending a server code data received from the network server to the card device as generated by the network server based on the server dynamic link program; and by the card device, verifying the network server based on the server code data and the server verification code. | 2016-05-26 |
20160149871 | METHOD AND APPARATUS FOR SECURE COMMUNICATION VIA MULTIPLE COMMUNICATION PATHS - A method for sending and receiving a data through multiple communication paths and an apparatus for receiving a data through multiple communication paths. A method for receiving a data through multiple communication paths by an apparatus for receiving a data includes receiving at least t (here, 02016-05-26 | |
20160149872 | SECURE CONNECTION BETWEEN A DATA REPOSITORY AND AN INTELLIGENCE APPLICATION - Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application. In one embodiment, a method includes receiving, from a user device and using a processing device, a request from the intelligence application, the request communicated from the intelligence application through a data virtualization application and for obtaining access to the data repository; responding, using the processing device, to the request comprising preparing and sending an authentication request through the data virtualization application to the intelligence application; receiving authentication credentials from the intelligence application through the data virtualization application, the authentication credentials associated with one or more users of a plurality of users authorized to access the data repository; determining that the authentication credentials are valid; and providing device, access to the data repository in response to validating the authentication credentials. | 2016-05-26 |
20160149873 | ELECTRONIC COMMERCE WITH CRYPTOGRAPHIC AUTHENTICATION - A method for facilitating an authentication related to an electronic transaction between a first and a second user is provided. Authentication data is received from the first user along with transaction data defining the first user and the electronic transaction to be authenticated. This authentication data is compared to enrollment authentication data associated with the first user in order to verify the identity of the first user. When the user is properly verified, access to at least one private cryptographic key stored on a secure server is available for use in securing the electronic transaction. The particular private cryptographic key need not be released from the secure server. Data indicating the status of the authentication may then be sent to one of either the first or second user. | 2016-05-26 |
20160149874 | PRIMITIVE FUNCTIONS FOR USE IN REMOTE COMPUTER MANAGEMENT - The invention facilitates remote management of a computer via a network. Remote computer management capability can be expanded beyond that previously available through the addition of one or more new primitive functions that can be performed on a managed computer. | 2016-05-26 |
20160149875 | PROTECTED INFORMATION SHARING - A request for sharing information of a first user to a second user is received. Responsive to the request, information of the first user is obtained. The information is encrypted using a first server key to generate first encrypted information, the first server key being unavailable to the second user. The first encrypted information is encrypted using a second user key specific to the second user to generate second encrypted information for sharing with the second user. | 2016-05-26 |
20160149876 | SECURITY FOR PROSE GROUP COMMUNICATION - A method of performing authentication and authorization in Proximity based Service (ProSe) communication by a requesting device ( | 2016-05-26 |
20160149877 | SYSTEMS AND METHODS FOR CLOUD-BASED WEB SERVICE SECURITY MANAGEMENT BASEDON HARDWARE SECURITY MODULE - A new approach is proposed that contemplates systems and methods to support security management for a plurality of web services hosted in a cloud at a data center to offload their crypto operations to one or more hardware security modules (HSMs) deployed in the cloud. Each HSM is a high-performance, Federal Information Processing Standards (FIPS) 140-compliant security solution for crypto acceleration of the web services. Each HSM includes multiple partitions, wherein each HSM partition is dedicated to support one of the web service hosts/servers to offload their crypto operations via one of a plurality of HSM virtual machine (VM) over the network. An HSM managing VM can also be deployed to monitor and manage the operations of the HSM-VMs to support a plurality of web services. | 2016-05-26 |
20160149878 | PROTECTING USER IDENTITY AND PERSONAL INFORMATION BY SHARING A SECRET BETWEEN PERSONAL IOT DEVICES - A wearable device provides protection for personal identity information by fragmenting a key needed to release the personal identity information among members of a body area network of wearable devices. A shared secret algorithm is used to allow unlocking the personal identity information with fragmental keys from less than all of the wearable devices in the body area network. The wearable devices may also provide protection for other personal user data by employing a disconnect and erase protocol that causes wearable devices to drop connections with an external personal data space and erase locally stored personal information if a life pulse from a connectivity root device is not received within a configurable predefined period. | 2016-05-26 |
20160149879 | METHOD FOR GENERATING CRYPTOGRAPHIC "ONE-TIME PADS" AND KEYS FOR SECURE NETWORK COMMUNICATIONS - A method of generating random and pseudo-random material which is incorporated in devices located at each end of a communications network for secure communications through a channel of the network. The material is used to generate time based one-time pads, one-time keys, and the keys themselves. The one-time pads, one-time keys, and the keys support a key-based or pad based cryptographic technique employed to produce secure communications of messages transmitted through the channel with a one-time pad, one-time key, or a key generated at one interval of time being different and unique from a one-time pad, one-time key, or a key generated at any other interval of time. | 2016-05-26 |
20160149880 | SECURE COMMUNICATION PATHS IN DATA NETWORKS WITH TETHERED DEVICES - A communication network processes intermediate security data from intermediate access nodes on a communication path between a network access node and an end-point device to determine if the intermediate access nodes are authorized. If the intermediate access nodes are authorized, then the network processes end-point security data from the end-point device to determine if the end-point device is authorized. If the end-point device is authorized, then the network processes end-point tethering data from the end-point device to determine if any tethered communication devices are coupled to the end-point device. If the end-point device is not coupled to any tethered communication devices, then the network authorizes a data transfer session for the end-point device over the communication path. If the end-point device is coupled to a tethered communication device, then the network denies authorization for the data transfer session over the communication path for the end-point device. | 2016-05-26 |
20160149881 | PROVIDING ACCESS TO A RESTRICTED RESOURCE VIA A PERSISTENT AUTHENTICATED DEVICE NETWORK - Providing access to a restricted resource via a persistent authenticated device network, including: authenticating a user; joining a persistent authenticated device network; iteratively, upon the expiration of a predetermined period of time, determining whether the user remains authenticated; responsive to determining that the user remains authenticated, determining whether a downstream computing device in the persistent authenticated device network is attempting to access a restricted resource; and responsive to determining that the downstream computing device in the persistent authenticated device network is attempting to access a restricted resource, providing user authentication information to the downstream computing device. | 2016-05-26 |
20160149882 | MULTI-TENANCY SUPPORT IN A CLOUD BASED DATA GRID - A system with a tenant aware in-memory data grid includes a data grid configured to store data in memory. A request manager is configured to receive a data grid label and a tenant identifier and to request a data grid entry based on the data grid label and tenant identifier. A data grid controller is configured to receive a request for data from the data grid based on a combined data grid label and tenant identifier. A security provider is configured to authenticate and authorize the request for data. | 2016-05-26 |
20160149883 | TEMPORAL MODIFICATION OF AUTHENTICATION CHALLENGES - A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device. | 2016-05-26 |
20160149884 | ELECTRONIC KEY SYSTEM AND INFORMATION REGISTRATION SYSTEM - An electronic key system includes a mobile device and a control device. Main identification information identifying the control device is registered in the control device as registrant identification information. When the mobile device receives a response request including the registrant identification information and response timing, the mobile device compares the registrant identification information and the response timing which included in the response request with registrant identification information and response timing registered in the mobile device. When a result of the comparing is a match, the mobile device transmits the mobile device code to the control device. The control device includes a registration unit that newly generates the main identification information with different content each time a registration command is inputted, and registers the newly generated main identification information in a storage device of the control device as registrant identification information. | 2016-05-26 |
20160149885 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING SYSTEM, AND INFORMATION PROCESSING METHOD - An information processing device includes: an authentication unit configured to compare, when receiving first user information used for authentication processing of determining whether a user has authority to use the information processing device, the first user information with second user information identifying users having the authority to use the information processing device, and execute the authentication processing; a first storage unit storing first association information in which installation screen information identifying an installation screen for installation of an application is associated with each piece of the second user information; and a second display unit configured to generate, based on a command associated with an application selected by a user among an application displayed by a first display unit, an installation screen identified by installation screen information which is associated with second user information identifying the user, and display the installation screen. | 2016-05-26 |
20160149886 | METHOD, DEVICE AND SYSTEM FOR ACCOUNT RECOVERY WITH A DURABLE CODE - A method for resetting credentials of an account of a user by a server and a database associated with the server is provided, the database including records of electronic accounts. The method includes logging into an account recovery website hosted by the server for requesting an account recovery, generating an account recovery item at the server and generating an optical code that represents the account recovery item, the account recovery item including identity information to identify the account of the user, and printing the optical code that represents the account recovery item onto an object with a printer. The method further includes capturing and processing an image of the optical code from the object to extract the identity information of the account recovery item, matching the identity information with the records of the electronic accounts of the database at the server, and prompting the user to update account credentials. | 2016-05-26 |
20160149887 | SYSTEMS AND METHODS FOR MALICIOUS CODE DETECTION ACCURACY ASSURANCE - There is provided a method for authenticating an attempt at establishment of a network connection by allowed code, comprising: providing a dataset having previously observed stack trace templates each representing a stack trace pattern prevailing in stack traces recorded by monitoring stacks of clients executing an allowed code during a connection establishment process for establishing network connections related to the allowed code; receiving a new stack trace recorded during a new connection establishment process for a new network connection by a new client; measuring a similarity between the new stack trace and the plurality of stack trace templates to identify a match to a stack trace template; evaluating the matched stack trace template for a predefined rule requirement; and updating a rule-set database with the matched stack trace template to authenticate new network connection establishments associated with stack templates matching the matched stack trace template. | 2016-05-26 |
20160149888 | Systems and Methods for Facilitating Access to Private Files Using a Cloud Storage System - A method for providing access to objects associated with a particular client in a cloud storage system is disclosed. The method includes the steps of establishing a connection with a user, providing a client namespace associated with the client to the user, where the client namespace represents objects stored on the cloud storage system and objects stored on a private storage system apart from the cloud storage system, receiving a request from the user to access an object stored on the private storage system, and providing information to the user to facilitate access to the object stored on the private storage system by said user. Other systems and methods are also disclosed. Important advantages of the present invention are facilitated by separating the logic for user access (control plane) from the actual storage (Storage plane). Private file system access can still be managed from the cloud, while keeping the client data private. | 2016-05-26 |
20160149889 | SECURE CONNECTION BETWEEN A DATA REPOSITORY AND AN INTELLIGENCE APPLICATION - Embodiments of the invention are directed to systems, methods and computer program products for establishing a secure connection between a data repository and an intelligence application. In one embodiment, a method includes receiving, from a user device and using a processing device, a request from the intelligence application, the request communicated from the intelligence application through a data virtualization application and for obtaining access to the data repository; responding, using the processing device, to the request comprising preparing and sending an authentication request through the data virtualization application to the intelligence application; receiving authentication credentials from the intelligence application through the data virtualization application, the authentication credentials associated with one or more users of a plurality of users authorized to access the data repository; determining that the authentication credentials are valid; and providing device, access to the data repository in response to validating the authentication credentials. | 2016-05-26 |
20160149890 | AUTHENTICATION METHOD - An authentication method for at least one of a plurality of devices connected to a HAN includes checking, with a first device among the plurality of devices, validity of a second device using a CRL including attribute information regarding the second device among the plurality of devices, and revoking, with the first device, the second device if a result of the checking is negative. | 2016-05-26 |
20160149891 | Sharing Access to a Media Service - Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token. | 2016-05-26 |
20160149892 | ELECTRONIC PASSWORD LOCK APPARATUS AND PASSWORD PROTECTION SYSTEM USING THE SAME - An electronic password lock apparatus includes a storage unit, an input unit, and a communication unit. The storage unit stores a unique identification number of the electronic password lock apparatus, the electronic password lock apparatus is associated with a portable electronic device via the unique identification number. The input unit triggers a locking signal and an unlocking signal. The communication unit sends the locking signal or the unlocking signal to the portable electronic device to lock or unlock the portable electronic device, respectively, and receives an acknowledgement (ACK) signal from the portable electronic device to determine whether the portable electronic device is in a locking state or an unlocking state. | 2016-05-26 |
20160149893 | STRONG AUTHENTICATION METHOD - The present invention relates to a method of authenticating, with an authentication server, a user having at his disposal a calculator storing at least one unique identifier specific to the calculator and one first secret key (KO) and calculating a non-invertible function (H); the method comprising: • reception of the unique identifier by the authentication server, which sends an item of information (challenge) and an action code; • reception by the authentication server of three results of the non-invertible function, • the first result (R | 2016-05-26 |
20160149894 | SYSTEM AND METHOD FOR PROVIDING MULTI FACTOR AUTHENTICATION - An authentication technique is disclosed that permits or denies access to content based on several factors. Such factors include a user ID, a user password, a device ID, and a unique dynamic password. The unique dynamic password is only valid for a particular request to access the content. The unique dynamic password may be based on a key shared between a user device of a user desiring access to the content and an authentication server that permits or denies access to the content based on the authentication factors. The authentication factors may include whether a current geolocation of the user device meets a defined permissible geolocation specified in a user authentication profile. The authentication technique may further include obtaining approval to access the content by an administrative user. Additionally, the access to the content may be restricted based on duration, content, or termination by administrative user. | 2016-05-26 |
20160149895 | Authentication Apparatus That Assists Input of User ID and Password Authentication Method, and Recording Medium - An authentication apparatus includes an authentication determination circuit, a partial determination circuit, and a combination determination circuit. The partial determination circuit determines whether or not any one of a first set or a second set exists. The first set is a set where only the input user ID matches the registered user ID. The second set is a set where only the input password matches the registered password. The combination determination circuit generates a new set by combining the input user ID of the existing first set and the input password of another set or a similar method. The authentication determination circuit executes a user authentication if, among the generated sets, the input user ID matches the registered user ID, and the input password matches the registered password. | 2016-05-26 |
20160149896 | FILE FORMAT AND PLATFORM FOR STORAGE AND VERIFICATION OF CREDENTIALS - In various embodiments, a computer-implemented method for generating and verifying officially verifiable electronic representations may be disclosed. The method may comprise receiving, by a credential database, a request for a credential action. The credential database may be configured to store one or more credentials comprising a status indicator. The method may further comprise determining, by the credential database, a response to the credential action based on the one or more user credentials stored in the credential database and transmitting, by the credential database, the response to a client device. | 2016-05-26 |
20160149897 | INTERACTIVE BASE AND TOKEN CAPABLE OF COMMUNICATING WITH COMPUTING DEVICE - A smart charm bracelet that includes an elongated band or other base, at least one smart charm or other token that may be coupled to or otherwise associated with the elongated band or base, wherein the elongated band is able to communicate with the charm. The band and/or charm may also be able to communicate with a computing device, including but not limited to a mobile device. In addition, the band and/or charm may produce a light, sound, and/or vibration indication to a user upon the occurrence of an event. | 2016-05-26 |
20160149898 | REDIRECT TO INSPECTION PROXY USING SINGLE-SIGN-ON BOOTSTRAPPING - An authentication request is generated when a user of a client device attempts to initiate a user session with an application managed by a service provider. An authentication response is generated based on credentials received from the user. The authentication response includes an assertion on behalf of the user. A delivery resource locator for the assertion is rewritten to a resource locator of a proxy in order to redirect the assertion to the proxy. The authentication response is sent to the client device together with the resource locator of the proxy in order to cause the client device to send the assertion to the proxy that decodes the re-written resource locator and sends the assertion to the service provider. | 2016-05-26 |
20160149899 | SYSTEM AND METHOD FOR NON-REPLAYABLE COMMUNICATION SESSIONS - Systems, methods, and non-transitory computer-readable storage media for a non-replayable communication system are disclosed. A first device associated with a first user may have a public identity key and a corresponding private identity. The first device may register the first user with an authenticator by posting the public identity key to the authenticator. The first device may perform a key exchange with a second device associated with a second user, whereby the public identity key and a public session key are transmitted to the second device. During a communication session, the second device may transmit to the first device messages encrypted with the public identity key and/or the public session key. The first device can decrypt the messages with the private identity key and the private session key. The session keys may expire during or upon completion of the communication session. | 2016-05-26 |
20160149900 | AUTONOMOUS SYSTEM FOR SECURE ELECTRIC SYSTEM ACCESS - Secure electronic access may be provided by receiving at least one electronic certificate from an electronic device seeking to access a secure resource at a device under protection including at least one security processor, the at least one certificate providing device information related to the security of the electronic device, and comparing with at least one autonomous processor of an autonomous system the device information to the security requirement information. The at least one autonomous processor may instruct the at least one security processor to provide the secure resource to the device when the device information meets the security requirement information. The device under protection may provide the secure resource to the electronic device in response to the instruction. | 2016-05-26 |
20160149901 | METHOD AND APPARATUS FOR ENABLING SERVICE-CONFIGURABLE WIRELESS CONNECTIONS - The disclosed embodiments provide a system that enables service-configurable wireless connections. During operation, a local service endpoint of a service runs on a wireless device. The local service endpoint sends a request to establish a datapath with another service endpoint on another device. Meanwhile, the wireless device's service discovery module discovers a remote endpoint for the service on a remote device. In response to the request, the wireless device's service-configurable security entity configures a Wi-Fi connection's security configuration, thereby enabling the local endpoint to establish a datapath between the local endpoint and the remote endpoint over the Wi-Fi connection. | 2016-05-26 |
20160149902 | TEMPORAL MODIFICATION OF AUTHENTICATION CHALLENGES - A method for authenticating a user of a computing device. The method includes a computer processor receiving an indication that a user of a computing device is accessing an object that utilizes an authentication process. The method further includes a computer processor selecting a first multi-media file that is associated with a user profile of the user and the object of the authentication process, wherein the first multi-media file is associated with a baseline user input authentication sequence. The method further includes creating a first temporal manipulation vector based on the user profile and a security requirement of the object of the authentication process, wherein the temporal manipulation vector modifies a presentation of a multi-media file and a corresponding time sequence of a user input authentication sequence in the multi-media file. The method further includes transmitting the first temporal manipulation vector and the first multi-media file to the computing device. | 2016-05-26 |
20160149903 | METHOD FOR SUPPORTING SUBSCRIBER'S SERVICE PROVIDER CHANGE RESTRICTION POLICY IN MOBILE COMMUNICATIONS AND APPARATUS THEREFOR - The present invention relates to a method and an apparatus for employing an embedded subscriber identity module (hereinafter referred to as eSIM) to apply a policy such as a subsidy policy to, activate, deactivate, add to, update, and delete a user profile in a mobile communications network. The present invention enables a mobile device to determine whether to host the policy of a new service provider when it changes the present service provider or to perform a lock for prohibiting the policy change, and to change the profile related to the determination. The present invention also enables a mobile device to replace the policy related to the service provider by applying the policy, or to employ eSIM so as to activate, deactivate, revise, add, or delete the rules of the policy related to the service provider. The present invention provides various examples of hosting and applying the policy and various examples of activating, deactivating, revising, adding, deleting the policy rules so as to make eSIM identify the subscriber as the existing subscriber identity module. The invention also enables the device or eSIM to be reused when changing the service provider throughout the life cycle thereof without limiting the use of eSIM to a single service provider. The invention also provides a method for locking the policy applied per service provider, and the use of eSIM when changing to another service provider by the policy per service provider. The present invention also provides a method for checking the criteria of decision and verifying the power of decision when administering the policy rules and eSIM through deleting, adding, revising, activating, and deactivating the profile management plan and policy rules by applying the service provider's policy. Thus the present invention enables the device to host a new service provider's policy for communicating therewith when changing from the existing service provider to the new service provider, or when the government changes the service provider for an M2M device related to the electricity, infrastructure, etc. under an environment such as EUTRAN (Evolved Universal Terrestrial Radio Access Network) or UTRAN (Universal Terrestrial Radio Access Network)/GERAN(GSM/EDGE Radio Access Network). The present invention also is advantageous in that if the change of a service provider is not allowed according the policy of the existing service provider, the information related to communication and the security information are set revised safely by locking, thus enhancing the communication efficiency and security. The present invention also enables the device to verify the power of the user or to revise safely the information of eSIM for adding, revising, deleting, activating, and deactivating the policy rules for managing the operation profile for administration of the policy of the service provider under an environment such as EUTRAN(Evolved Universal Terrestrial Radio Access Network) or UTRAN(Universal Terrestrial Radio Access Network)/GERAN(GSM/EDGE Radio Access Network), thus enhancing the communication efficiency and security. | 2016-05-26 |
20160149904 | SYSTEMS AND METHODS TO GENERATE AUTHORIZATION DATA BASED ON BIOMETRIC DATA AND NON-BIOMETRIC DATA - A method of selectively authorizing access includes obtaining, at an authentication device, first information corresponding to first synthetic biometric data. The method also includes obtaining, at the authentication device, first common synthetic data and second biometric data. The method further includes generating, at the authentication device, second common synthetic data based on the first information and the second biometric data. The method also includes selectively authorizing, by the authentication device, access based on a comparison of the first common synthetic data and the second common synthetic data. | 2016-05-26 |
20160149905 | Apparatus for Authenticating Pairing of Electronic Devices and Associated Methods - An apparatus comprising: a processor; and a memory including computer program code, the memory and the computer program code configured, with the processor, to cause the apparatus to perform at least the following: compare received biometric face vectors, wherein each received biometric face vector is received from a respective electronic device of a plurality of electronic devices and comprises one or more biometric face values determined from a respective image of a person captured by the corresponding electronic device; and provide for pairing authentication of the plurality of electronic devices if the comparison meets a predetermined similarity criterion. | 2016-05-26 |
20160149906 | BIOMETRIC AUTHENTICATION METHOD, COMPUTER-READABLE RECORDING MEDIUM, AND BIOMETRIC AUTHENTICATION APPARATUS - A biometric authentication method is disclosed. Biometric information is acquired from a pair of portions at right and left of a body. Collation feature data are generated from the biometric information for right and left. Similarity feature data are generated for calculating a similarity between the biometric information for right and left. A similarity score between right and left is calculated by using the similarity feature data. The collation feature data for right and left and the similarity score are registered in a registration database. Collation scores for right and left are calculated by comparing the collation feature data in the registration database, and other collation feature data generated in an authentication. It is determined whether the authentication is successful, by using the collation scores, the similarity score in the registration database, and another similarity score generated in the authentication. | 2016-05-26 |
20160149907 | BIOMETRIC-BASED WIRELESS DEVICE ASSOCIATION - According to one aspect of the present disclosure, a method and technique for automatically associating a wireless device to a data processing system using biometric data is disclosed. The method includes: receiving biometric data corresponding to a user of a data processing system; creating a certificate by the data processing system based on the biometric data; discovering a wireless device able to communicate with the data processing system; responsive to discovering the wireless device, automatically requesting a certificate from the wireless device; and, responsive to the certificate from the wireless device matching the certificate created by the data processing system, automatically associating the wireless device with the data processing system. | 2016-05-26 |
20160149908 | AUTHENTICATION METHOD AND AUTHENTICATION SYSTEM - A system performs mutual authentication between a controller and a first device, creates a group key, shares the group key, and sets the first device as a reference device. The system performs mutual authentication between the controller and a second device, and shares the group key with the second device. Thereafter, the system, performs mutual authentication between the controller and the first device, updates the group key, and shares the updated group key between the controller and the first device. At a group key update timing when the group key is updated, the system performs mutual authentication between the controller and the second device, and shares the updated group key with the second device. | 2016-05-26 |
20160149909 | IMPLEMENTING BLOCK DEVICE EXTENT GRANULARITY AUTHORIZATION MODEL PROCESSING IN CAPI ADAPTERS - A method, system and computer program product are provided for implementing block extent granularity authorization model processing in Coherent Accelerator Processor Interface (CAPI) adapters. The CAPI adapter includes an authorization table and a file system authorization function to authenticate data access for a client at an extent granularity and to prevent an application from accessing unauthorized data in the CAPI adapter. Each authorization table entry provides for the CAPI client, a CAPI client identification (ID), a CAPI server register space assigning resource ownership to the CAPI client with a CAPI set of allowed functions. | 2016-05-26 |
20160149910 | MANAGING SOFTWARE KEYS FOR NETWORK ELEMENTS - Methods and systems for managing software keys include distributing software keys from a vendor to a customer key manager at a secure customer network that includes network elements comprising a transport network operated by a customer. Responsive to a provisioning event involving a network element, the network element may request a software key from the customer key manager for a network service associated with the provisioning event. The customer key manager may manage the software keys issued to network elements within the secure customer network. The software key may be provided as a key file that may be encrypted. | 2016-05-26 |
20160149911 | FACILITATION OF SEAMLESS SECURITY DATA TRANSFER FOR WIRELESS NETWORK DEVICES - Configuration and credential data associated with a wireless network can be stored by the wireless network or a by a gateway device associated with the wireless network. The configuration and credential data can be accessed via a user profile and pushed to unauthenticated wireless devices to authenticate the unauthenticated wireless devices for the wireless network. The configuration and credential data can be backed up via a manual, automatic, or semi-automatic back-up process. | 2016-05-26 |
20160149912 | Trusted Computing Base Evidence Binding for a Migratable Virtual Machine - In an embodiment, at least one computer readable medium has instructions stored thereon for causing a system to cryptographically sign, at a secure platform services enclave (PSE) of a computing system and using a secure attestation key (SGX AK), a public portion of a trusted platform module attestation key (TPM AK) associated with a trusted computing base of a physical platform, to form a certified TPM AK public portion. Also included are instructions to store the certified TPM AK public portion in the PSE, and instructions to, responsive to an attestation request received from a requester at a virtual trusted platform module (vTPM) associated with a virtual machine (VM) that has migrated onto the physical platform, provide to the requester the certified TPM AK public portion stored in the PSE. Other embodiments are described and claimed. | 2016-05-26 |
20160149913 | Access Control in an Information Centric Network | 2016-05-26 |
20160149914 | User Consent for Generic Bootstrapping Architecture - It is disclosed a method and a bootstrapping client ( | 2016-05-26 |
20160149915 | METHOD OF PROVIDING FRESH KEYS FOR MESSAGE AUTHENTICATION - The present invention provides a method of operating a mobile unit in a wireless communication system. Embodiments of the method may include providing access request message(s) including information indicative of a first counter and a message authentication code formed using a first key. The first key is derived from a second key and the first counter. The second key is derived from a third key established for a security session between the mobile unit and an authenticator. The first counter is incremented in response to each access request provided by the mobile unit. | 2016-05-26 |
20160149916 | Method and Nodes for Authorizing Network Access - The embodiments herein relate to a method performed by an AAA server ( | 2016-05-26 |