23rd week of 2017 patent applcation highlights part 74 |
Patent application number | Title | Published |
20170163573 | SYSTEMS AND METHODS FOR DETECTING COMPONENT ROTATION WITHIN A COMMUNICATION ASSEMBLY - Systems and methods for detecting component rotation within a communication assembly are provided. In certain embodiments, a system includes a module; an adapter block that includes multiple front ports and multiple rear ports configured to receive an optical connector; a managing entity configured to control port identification for the front and rear ports; and a circuit board mounted to the adapter block, wherein the circuit board comprises multiple front contact assemblies and multiple rear contact assemblies, wherein each front port is associated with a front contact assembly and each rear port is associated with a rear contact assembly, wherein when a rear contact assembly is electrically coupled to a connector, the connector generates an event that is sent to the managing entity, whereupon the managing entity remaps the port identification for the front and rear ports. | 2017-06-08 |
20170163574 | AUTOMATIC BUFFER SIZING FOR OPTIMAL NETWORK-ON-CHIP DESIGN - The present disclosure relates to automatic sizing of NoC channel buffers of one or more virtual channels to optimize NoC design, SoC design, and to meet defined performance objectives. The present disclosure further relates to a NoC element such as a router or a bridge having input ports associated with input virtual channels, and output ports associated with output virtual channels, wherein, aspects of the present disclosure enable sizing of any or a combination of the width of the input virtual channel(s), width of the output virtual channel(s), buffer(s) associated with input virtual channels, and buffer(s) associated with output virtual channels. In another aspect, the sizing can be performed based on one or a combination of defined performance objectives, throughputs of the input virtual channels, and throughputs of the output virtual channels, load characteristics, bandwidth characteristics of each input/output channel, among other like parameters. | 2017-06-08 |
20170163575 | MECHANISM TO SUPPORT MULTIPLE-WRITER/MULTIPLE-READER CONCURRENCY FOR SOFTWARE FLOW/PACKET CLASSIFICATION ON GENERAL PURPOSE MULTI-CORE SYSTEMS - Methods and apparatus to support multiple-writer/multiple-reader concurrency for software flow/packet classification on general purpose multi-core systems. A flow table with rows mapped to respective hash buckets with multiple entry slots is implemented in memory of a host platform with multiple cores, with each bucket being associated with a version counter. Multiple writer and reader threads are run on the cores, with writers providing updates to the flow table data. In connection with inserting new key data, a determination is made to which buckets will be changed, and access rights to those buckets are acquired prior to making any changes. For example, under a flow table employing cuckoo hashing, access rights are acquired to buckets along a full cuckoo path. Once the access rights are obtained, a writer is enabled to update data in the applicable buckets to effect entry of the new key data, while other writer threads are prevented from changing any of these buckets, but may concurrently insert or modify key data in other buckets. | 2017-06-08 |
20170163576 | ELECTRONIC DEVICE AND METHOD FOR OPERATION THEREOF - The present invention provides an electronic device including a display device, and a processor. When the content of a packet message of the instant messaging software is provided with specific content, the processor filters the specific content from the content of the packet message to serve as the main content. When the ratio of a specific language of the main content to the main content is greater than a first predetermined value, the processor displays a specific input interface corresponding to the specific language on the display device. | 2017-06-08 |
20170163577 | APPLICATION FOR AUGMENTING A MESSAGE WITH EMOTIONAL CONTENT - Implementations of this disclosure may assist users to communicate more effectively in online communications over a network such as emails, instant messaging, text messages, and social networking messages. In some implementations, systems and methods of this disclosure enable a message composer to augment a first message with one or more predefined or custom second messages where the second message is intended to convey an unspoken meaning about the first message. In some implementations, systems and methods of this disclosure enable a recipient of the augmented first message to rate the first message on its genuineness and to provide a predefined or custom explanation of the recipient's rating. In some implementations, systems and methods of this disclosure can change an online users' online picture (e.g., profile picture, avatar, etc.) based on ratings of the user's messages by recipients. | 2017-06-08 |
20170163578 | SYSTEM AND METHOD FOR MESSAGE DELIVERY - A message delivery system includes a plurality of smart devices associated with a person. Each smart device includes the person's contact information and a wireless transceiver for communicating with each of the other smart devices and communicating messages directed to the person. A message handling module having stored codes executable by a processor is embedded within one of the smart devices to receive current device status of each of the smart devices and to determine a chosen smart device to receive a current message directed to the person based on criteria including the current device status. | 2017-06-08 |
20170163579 | ELECTRONIC MESSAGE CONTENT DOWNLOAD MANAGEMENT - A messaging system creates a content index for messages for user selection of all of part of a message. By selecting only an indexed portion of the message, the user avoids downloading unneeded portions of the message. The content index is created according to pre-defined user criteria and semantic analysis of the contents of the message. | 2017-06-08 |
20170163580 | INTERACTIVE METHOD AND DEVICE FOR PLAYBACK OF MULTIMEDIA - Embodiments of the present disclosure provide a method and electronic device for interaction during multimedia play. The method includes: detecting a sharing request message from a first terminal, where the sharing request message includes information of a second terminal and information of to-be-shared multimedia content; sending a sharing invitation message to the second terminal according to the sharing request message, where the sharing invitation message includes the information of the to-be-shared multimedia content; acquiring a first viewing comment generated by the first terminal in response to the sharing request message; and acquiring a second viewing comment generated by the second terminal in response to the sharing invitation message; pushing the second viewing comment to the first terminal by a bullet curtain; and pushing the first viewing comment to the second terminal by the bullet curtain. | 2017-06-08 |
20170163581 | Determining a Number of Users Allowed to Access Message Based on Message Objective - Controlling access to categorized messages includes categorizing a message into a number of categories according to a message objective. The message objective informing user association, message association, and message access rules for each of the number of categories. Controlling access to categorized messages includes determining, based on the message objective, a number of users allowed access to the message. Controlling access to categorized messages includes allowing the number of users to access the message according to the message objective. | 2017-06-08 |
20170163582 | SYSTEMS AND METHODS FOR TRANSFERRING MESSAGE DATA - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, are described for providing messages to client devices. In certain examples, a stream of messages is provided to a messaging application on a client device at a desired message feed rate. A message download rate of the stream of messages by the messaging application is monitored. A determination is made that the message download rate is less than the desired message feed rate. In response, the stream of messages is provided to a buffer on the client device at the desired message feed rate, and the stream of messages is sent from the buffer to the messaging application at the message download rate. A determination is made that the message download rate is greater than the desired message feed rate and, in response, a stored quantity of messages on the buffer is allowed to decrease. A determination is made that the stored quantity of messages on the buffer is zero and, in response, the stream of messages is provided to the messaging application at the desired message feed rate. | 2017-06-08 |
20170163583 | USING E-MAIL MESSAGE CHARACTERISTICS FOR PRIORITIZATION - Message prioritization may be provided. First, a message may be received and a priority level may be calculated for the message. If the message is not rejected for having a priority lower than a predetermined threshold, the message may be placed in a first priority queue. Next, the message may be de-queued from the first priority queue based upon the calculated priority level for the message. Distribution group recipients corresponding to the message may then be expanded and the priority level for the message may be re-calculated based upon the expanded distribution group recipients. Next, the message may be placed in a second priority queue. The message may then be de-queued from the second priority queue based upon the re-calculated priority level for the message and delivered. | 2017-06-08 |
20170163584 | COMPUTING SYSTEM WITH CONVERSATION MODELING MECHANISM AND METHOD OF OPERATION THEREOF - A computing system includes: a control circuit configured to: access a subject interaction representing communication between a customer and a service provider; identify a communication segment and a sourcing party associated with the communication segment from the subject interaction; generate a message label for the communication segment based on the sourcing party; generate a dialog-flow framework based on the message label for representing the subject interaction; and a storage circuit, coupled to the control circuit, configured to store the dialog-flow framework. | 2017-06-08 |
20170163585 | E-Mail Proxy - In one embodiment, a method for processing an e-mail message addressed to an e-mail client is disclosed. The method comprises receiving at a mail server an e-mail message addressed to the e-mail client, the e-mail message including an attachment which is characterized by a size; reducing the size of the attachment to create a reduced size attachment; preparing a formatted message, which includes the reduced size attachment and a link to the attachment, wherein the attachment is downloadable from the mail server using the link; and delivering the formatted message to the e-mail client for display on a computational device. | 2017-06-08 |
20170163586 | MESSAGE DELIVERY SYSTEM - An embodiment of the invention may include a method, computer program product and computer system for disseminating messages to a user. The embodiment may receive a plurality of messages. The embodiment may classify the plurality of messages based on metadata contained in each message, wherein the metadata corresponds to one or more topics. The embodiment may place one or more messages from the plurality of messages in a queue associated with a user. The embodiment may receive a request for a message from the user, wherein the request details a first preferred topic. The embodiment may determine a message in the user queue that corresponds to the first preferred topic. The embodiment may send the user the message from the plurality of messages corresponding to the first preferred topic. | 2017-06-08 |
20170163587 | Onboarding of a Service Based on Client Feedback of Task Completion - Described herein are techniques and systems for onboarding a service from client-managed computing infrastructure to network computing infrastructure. As part of the onboarding, a database that stores onboarding information is accessed and a set of tasks is identified. A state diagram is generated based on the onboarding information. The techniques and systems are configured to calculate, within the state diagram, a task execution path that is associated with a highest probability of success for moving the client organization from a current environment associated with the client-managed computing infrastructure to a target environment associated with the network computing infrastructure. The task execution path can be used to identify and provide subsets of tasks for the client organization to implement. The task execution path can be re-calculated based on client feedback (e.g., indicating that implementation of an individual task was not successfully completed). | 2017-06-08 |
20170163588 | Detecting And Indicating Partial Read Status of Emails Based on Email Contents - According to one embodiment of the present invention, a system for marking an email as partially read includes at least one processor. The at least one processor may be configured to determine the types of content contained in an email within a user's inbox. The at least one processor may be further configured to monitor the portions of each of the types of content of the email to determine which portions from each of the types of content that are viewed by the user. Furthermore, the at least one processor may be configured to determine a percentage of the content that has been viewed by the user. Finally, the at least one processor may be configured to then display the percentage of the content that has been viewed by the user. | 2017-06-08 |
20170163589 | SHARING OF ACTIVITY METADATA VIA MESSAGING SYSTEMS - Systems and methods are provided for sharing activity information of devices engaged in a messaging session. In operation, the devices provide activity and sharing preference information to a data service. Thereafter, the data service generates notifications for the devices based on the activity, sharing preference, and device information, wherein the notifications include a payload with instructions for messaging clients at the devices to present user interface elements that allow users to access content and applications associated with other users in the messaging session. | 2017-06-08 |
20170163590 | MESSAGE DATA TRANSFER - In one embodiment, a method includes receiving a request to send data to a user. The data exceeds a message size limit of a delivery channel associated with the user. The method also includes converting the data into a number of messages that each conform to the message size limit; and sending the number of messages through the delivery channel. | 2017-06-08 |
20170163591 | LIVE EVENTS ATTENDANCE SMART TRANSPORTATION AND PLANNING - Live events attendance smart transportation and planning. A social media profile and a social media friends list corresponding to the user is retrieved by the event service. The event service generates and transmits an event recommendation list to the user. The event service receives the ticket confirmation of the user obtaining a ticket to an event and receives a user transportation preference to attend the event. The event service retrieves a transportation preference for a friend from the social media friends list who obtained the admissions ticket to the event and generates a transportation recommendation to the event for the user and the friend from the social media friends list based on each of their transportation preferences for the event. The event service transmits the transportation recommendation to the user and the friend from the social media friends list. | 2017-06-08 |
20170163592 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD AND TERMINAL DEVICE - There is provided an information processing device including a score calculation unit that calculates, for one or more events for which a plan is set by one or more of users in a user group composed of the plurality of users capable of sharing information by satisfying a predetermined condition and for which the information is capable of being shared in the user group, a score on a predetermined calculation basis using event information which is information related to the events. | 2017-06-08 |
20170163593 | SYSTEMS AND METHODS FOR RELAYING MESSAGES IN A COMMUNICATIONS SYSTEM - The various embodiments described herein include methods, devices, and systems for relaying messages in a communications system. In one aspect, a method is performed at a server having one or more processors and memory storing instructions for execution by the one or more processors. The method includes: (1) obtaining a plurality of incoming messages; (2) identifying one or more messages having popularity above a first threshold of popularity from among the plurality of incoming messages, the one or more messages obtained from a first user; (3) receiving a feedback message from a second user about at least one of: the first user and a first message of the one or more messages; and (4) sending the feedback message from the second user to a plurality of users, where the plurality of users track at least one of: the first user and the first message. | 2017-06-08 |
20170163594 | SYSTEMS AND METHODS FOR RELAYING MESSAGES IN A COMMUNICATIONS SYSTEM BASED ON USER INTERACTIONS - The various embodiments described herein include methods, devices, and systems for relaying messages in a communications system. In one aspect, a method is performed at a server. The method includes: (1) obtaining a plurality of incoming messages, including at least one target message and at least one priority message from a first user of the communication system; (2) obtaining a one or more interests of a second user; (3) selecting the target message based at least in part on the one or more interests of the second user; (4) sending the target message to a client device of the second user; (5) after sending the target message, receiving a notification from the client device indicating that the second user has interacted with the target message; and (6) in response to receiving the notification from the client device, sending to the client device the priority message. | 2017-06-08 |
20170163595 | DECLUTTERING GENERAL COMMUNICATION MESSAGE FOR SPECIFIC AUDIENCE - A communication system obtains a message intended for one or more recipients. The message contains one or more content elements. The communication system determines, based on the message, a first recipient of the one or more recipients. The communication system detects a first content tag associated with a first content element of the one or more content elements. The communication system alters the first content element based on the first recipient and the first content tag. | 2017-06-08 |
20170163596 | Methods, Systems, and Products for Monitoring Domain Name Servers - Methods, systems, and products infer performance of a domain name system. Queries to, and responses from, the domain name system are logged and categorized. Each category is associated with a different performance issue related to the domain name system. The number of entries in each category may be used to infer the performance of the domain name system | 2017-06-08 |
20170163597 | IP ADDRESS OF WIRELESS CLIENT DEVICE - In some examples, a message is received from a wireless client device. The message includes an IP address of the wireless client device. It is determined whether an IP address offered by a DHCP server is the same as an IP address in a message received from the wireless client device. If the IP addresses are not the same, then a force renew DHCP message is sent to the wireless client device. | 2017-06-08 |
20170163598 | LEARNING OF TUNNEL ENDPOINT SELECTIONS - Some embodiments provide a method for a managed forwarding element (MFE). At the MFE, the method receives a first packet from a particular tunnel endpoint. The first packet originates from a particular data compute node associated with multiple tunnel endpoints including the particular tunnel endpoint. Based on the first packet, the method stores an association of the particular tunnel endpoint with the particular data compute node. The method uses the stored association to encapsulate subsequent packets received at the MFE and having the particular data compute node as a destination address with the particular tunnel endpoint as a destination tunnel endpoint. | 2017-06-08 |
20170163599 | GROUPING TUNNEL ENDPOINTS OF A BRIDGE CLUSTER - Some embodiments provide a method for a first managed forwarding element (MFE). The method receives a packet from a data compute node that connects to the MFE. The packet has a destination address that corresponds to a data compute node in a remote network. The method determines (i) a group of MFEs that form a bridge cluster for sending packets to the remote network and (ii) multiple tunnel endpoints for the group of MFEs, wherein each MFE in the group has at least one of the plurality of tunnel endpoints. The method selects one of the plurality of tunnel endpoints as a destination tunnel endpoint for the packet. The method encpasulates the packet with a source tunnel endpoint associated with the first MFE and the selected destination tunnel endpoint. | 2017-06-08 |
20170163600 | PRIVATE APPLICATION PLATFORM - Methods and systems disclosed provide for creating private networks for secured communication between devices. The devices can communicate with each other over a secure tunnel created for a closed circle of devices. Furthermore, the methods and systems can enable offline communication between devices on a private network. | 2017-06-08 |
20170163601 | MOBILE HOTSPOT MANAGED BY ACCESS CONTROLLER - Systems and methods are described for a mobile hotspot that can be managed by an access controller. According to an embodiment, a WAN connection is established by a mobile hotspot through a telecommunication data network via a wireless WAN module. When in a first mode, the mobile hotspot: (i) sets up a secure tunnel through the WAN connection with an AC of the enterprise that manages APs of a wireless network of an enterprise; (ii) broadcasts an SSID that is also broadcast by the APs; (iii) establishes a WLAN connection with a WiFi-enabled device based on an AP profile containing (a) authentication information regarding users approved to access the wireless network and (b) information identifying the SSID; (iv) receives WLAN traffic from the WiFi-enabled device through the WLAN connection; and (v) transmits the WLAN traffic to a server of the enterprise via the secure tunnel and the AC. | 2017-06-08 |
20170163602 | Policy-Based Load Distribution Between Host-Based Packet Processing Units - A mechanism is provided in a network security subsystem in a virtual machine monitor for policy based load distribution among a plurality of packet processing units. Responsive to receiving a packet from a virtual machine, the network security subsystem compares the packet to rules in a load distribution policy in the network security subsystem. Responsive to the packet matching a rule in the load distribution policy, the network security subsystem identifies a packet processing unit list and an action in the matching rule. The network security subsystem distributes the packet to a selected packet processing unit from the packet processing unit list based on the action. | 2017-06-08 |
20170163603 | DISCOVERING AND SELECTING CANDIDATES FOR SINKHOLING OF NETWORK DOMAINS - Techniques for discovering and selecting candidates for sinkholing of network domains are provided. In some embodiments, a process for discovering and selecting candidates for sinkholing of network domains includes collecting passive DNS data from a plurality of security devices to discover candidates for sinkholing of domain names; selecting one or more domain names that are most commonly queried by distinct client devices based on the passive DNS data, wherein each of the one or more domain names is not yet registered; and automatically registering each of the one or more domain names with a domain registry to a sinkholed IP address in order to sinkhole each of the one or more domain names. | 2017-06-08 |
20170163604 | METHOD AND APPARATUS TO PERFORM MULTIPLE PACKET PAYLOADS ANALYSIS - A method and apparatus for identifying data patterns of a file are described herein. In one embodiment, an exemplary process includes, but is not limited to, receiving a data packet of a data stream containing a file segment of a file originated from an external host and destined to a protected host of a local area network (LAN), the file being transmitted via multiple file segments contained in multiple data packets of the data stream, and performing a data pattern analysis on the received data packet to determine whether the received data packet contains a predetermined data pattern, without waiting for a remainder of the data stream to arrive. Other methods and apparatuses are also described. | 2017-06-08 |
20170163605 | Systems and Methods for Harmful File Rating and Screening in Online File Transfers - Systems and methods of screening files during online file transfers at a computing device are disclosed. The computing device identifies a torrent identifier for a torrent file, where the torrent file is associated with content to be processed at the computing device; and uses the torrent identifier to search a data store, the data store having data indicating characteristics of the content associated with the torrent file. Where the search locates the data indicating characteristics of the content associated with the torrent file in the data store, the computing device controls whether to process the content associated with the torrent file at the computing device based on the located data. | 2017-06-08 |
20170163606 | FIREWALL POLICY MANAGEMENT - Methods and systems are provided for creation and implementation of firewall policies. According to one embodiment, a firewall maintains a log of observed network traffic flows. An administrator may request the firewall to generate a customized report based on the logged network traffic by extracting information from the log based on specified report parameters. The report includes aggregated network traffic items and one or more corresponding action objects. Responsive to receipt of a directive to implement an appropriate firewall policy for one or more network traffic items based on interaction with one or more action objects by the administrator, the firewall then automatically defines and establishes an appropriate firewall policy. | 2017-06-08 |
20170163607 | Establishing a Communication Event Using Secure Signalling - A communication event is established between an initiating device and a responding device under the control of a remote communications controller. In a pre-communication event establishment phase, a secure connection is established between the initiating device and the communications controller, and session key negotiation messages are exchanged between the initiating device and the communications controller via the secure connection to obtain session key data in an electronic storage location accessible to the initiating device. The secure connection terminates once the session key data has been obtained. In a subsequent communication event establishment phase—after the session key data has been obtained and the secure connection has terminated in the pre-establishment phase—a communication event request is transmitted from the initiating device to the communications controller comprising a payload encrypted with the session key data. | 2017-06-08 |
20170163608 | SECURE OFFLINE DATA OFFLOAD IN A SENSOR NETWORK - Methods and systems for secure data offload in a sensor network. The method comprises offloading data indicative of sensor measurements from a wireless sensing device to a gateway device through a first secure communication channel; and storing the data at the gateway device if there is not currently a second secure communication channel established between the gateway device and the management server. The method continues with offloading the data to the management server when the second secure communication channel is established; and reconciling the data at the management server to generate reconciled sensor measurements in which duplicates have been removed. | 2017-06-08 |
20170163609 | ENCRYPTED AUDIO STREAMS TRANSCEIVING PORTABLE DEVICE AND ASSOCIATED METHOD - An encrypted multimedia streams transceiving method between a first and second user, includes using a device for transceiving multimedia streams connected to a respective electronic computer by both users; the method including a step of preventive activation of a free-to-air communication session between the users through a software for making multimedia communications within which the device operates in a first free-to-air transmission configuration, a step of creating an encrypted communication, within which the device operates in a second encrypted transceiving configuration; a step wherein the device causes the opening of a session for the transfer of encrypted data between the electronic computers, different from the free-to-air communication session used by the software for making calls, and at least audio data stream transceived between the two users during their communication is selectively switched between the free-to-air communication session and the encrypted data transfer session on the basis of a predefined criterion. | 2017-06-08 |
20170163610 | METHODS, APPARATUSES, AND SYSTEMS FOR ACQUIRING LOCAL INFORMATION - The present application discloses methods, apparatuses, and systems for acquiring local information to solve the problems of browser instability and difficulty in website maintenance due to the acquisition of local information by using a browser plug-in technology in the prior art. An exemplary method may include sending a first request for information acquisition to a network apparatus through a script in a browser. The first request for information acquisition may be used for instructing a local application tool to acquire local information. The method may also include monitoring, through the local application tool, a random number, sent by the network apparatus, corresponding to the first request for information acquisition. Moreover, the method may include acquiring, through the local application tool, the first request for information acquisition corresponding to the random number stored in the network apparatus, the correspondence between the random number and the first request for information acquisition being established and stored by the network apparatus. Furthermore, the method may include acquiring, through the local application tool, local information corresponding to the first request for information acquisition, and sending, through the local application tool, the local information to the network apparatus. | 2017-06-08 |
20170163611 | EXTERNAL INDEXING AND SEARCH FOR A SECURE CLOUD COLLABORATION SYSTEM - An end-to-end secure cloud-hosted collaboration service is provided with a hybrid cloud/on-premise index and search capability. This approach includes on-premise indexing and search handling, while relying on the cloud for persistent storage and search of the index. The on-premise indexer receives a copy of an encrypted message from the cloud-hosted collaboration service. The encrypted message has been encrypted with a conversation key. The indexer receives the conversation key from an on-premise key management service, and decrypts the encrypted message with the conversation key. A set of tokens are extracted from the decrypted message, and subsequently encrypted with a secret key, different than the conversation key, to generate a first set of encrypted tokens. The first set of encrypted tokens is transmitted for storage in a search index on the cloud-hosted collaboration service. | 2017-06-08 |
20170163612 | COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD - A wireless communication circuit includes a receiver to receive at least one of a beacon frame and a probe response frame from a first wireless communication apparatus belonging to a first communication group, at least one of the beacon frame and the probe response frame including first security information indicating a first encryption method. The circuit includes a transmitter to transmit an association request frame to the first wireless communication apparatus, the association request frame including second security information indicating a second encryption method which is supported by the wireless communication circuit, after a determination that the second encryption method overlaps with the first encryption method. The transmitter declines to associate with the first wireless communication apparatus if the first encryption method fails to overlap with the second encryption method. The transmitter transmits a data frame including a frame body after a reception of an association response frame. | 2017-06-08 |
20170163613 | PROTECTING SENSITIVE INFORMATION USING A TRUSTED DEVICE - The invention relates to the information processing field, and discloses a method for protecting sensitive information, comprising: encrypting sensitive information with a first secret key; transmitting the encrypted sensitive information to an untrusted device for forwarding to a server for authentication; receiving an authentication identification originated from the server and forwarded by the untrusted device; decrypting the authentication identification; and transmitting the decrypted authentication identification to the untrusted device to enable the untrusted device to use the authentication identification to communicate with the server. | 2017-06-08 |
20170163614 | Method, a Device, a Dedicated Device and a System for Encrypting Communication - The application relates to a method for encrypting communication in a communication network, a communication device, a dedicated device and a system for encrypting communication in a communication network. | 2017-06-08 |
20170163615 | SYSTEMS AND METHODS FOR USER ACCOUNT RECOVERY - Systems, methods, and non-transitory computer-readable media can determine a request to recover access to an account of a first user, the request being received from a computing device of a second user. A determination is made that the first user and the second user are recognized as social connections by a social networking system. The first user is authenticated through the computing device of the second user based at least in part on the first user and the second user being recognized as social connections. A login session is established between the computing system and the computing device of the second user upon authenticating the first user. | 2017-06-08 |
20170163616 | SYSTEM, APPARATUS AND METHOD FOR PROVIDING PRIVACY PRESERVING INTERACTION WITH A COMPUTING SYSTEM - In one embodiment, a system including one or more hardware processors is: to receive a user request to access a website; sign a nonce with at least some of the plurality of group private keys, the at least some of the plurality of group private keys corresponding to personalization attributes of the website; and send the signed nonce to a web server to enable personalized interaction with the web server. Other embodiments are described and claimed. | 2017-06-08 |
20170163617 | UNIQUE CODE FOR TOKEN VERIFICATION - A method for tokenizing credentials is disclosed. In addition to a token, a verification value can be provided for each interaction. The verification value can be generated based at least in part on a dynamic data element. The dynamic data element may be kept secret, while the verification value can be distributed for use during an interaction. When the verification value is used, it can be validated by re-creating the verification value based at least on the stored dynamic data element. | 2017-06-08 |
20170163618 | API AUTHENTICATION - Techniques are disclosed relating to signing and authentication of network messages such as API calls. A server system and a client system may collaboratively establish a shared secret key, which is then usable to sign such messages. These techniques may be useful in various situations, such as for integrations between different systems. | 2017-06-08 |
20170163619 | APPARATUS AND METHOD FOR USING A SECURITY APPLIANCE WITH IEC 61131-3 - A security appliance to perform a method that includes receiving a first set of data from a first device using a first secure protocol of a first network, the first secure protocol comprises a first level of security, and determining, by the security appliance, that the received first set of data is intended for a second device on a second network using a second secure protocol, the second secure protocol comprises a second level of security different from the first. The method includes authenticating, by the security appliance, the received first set of data from the first network using the first secure protocol for transmission through the second network using the second secure protocol while collecting and concentrating additional data from the first network and transmitting, by the security appliance, the received first set of data to the second device via the second network comprising the second secure protocol. | 2017-06-08 |
20170163620 | METHODS AND APPARATUS TO ENHANCE SECURITY OF AUTHENTICATION - A system is disclosed that includes a processor including watermark logic to output a first watermark to an output device that outputs a first watermark signal, based on the first watermark, to an acoustic transmission medium. The processor also includes recording logic to capture, at a first time period, an authentication submission comprising the first watermark signal convolved, via the acoustic transmission medium, with a first passphrase signal. The system also includes a dynamic random access memory (DRAM). Other embodiments are disclosed and claimed. | 2017-06-08 |
20170163621 | WIRELESS COMMUNICATION APPARATUS, AUTHENTICATION APPARATUS, WIRELESS COMMUNICATION METHOD AND AUTHENTICATION METHOD - According to one embodiment, when a control unit is notified of information in at least one second signal received by one of first and second wireless communication units after the control unit provides the second wireless communication unit with a command to transmit a first signal containing first address information and before a waiting time elapses and when the at least one second signal contains second address information assigned to an authentication apparatus having received the first signal, then the control unit provides the first wireless communication unit with a command to transmit a third signal for a connection request with the second address information set in a destination address. | 2017-06-08 |
20170163622 | AUTHENTICATION APPARATUS, AUTHENTICATION SYSTEM, AUTHENTICATION METHOD AND STORAGE MEDIUM - The first authentication unit of an authentication apparatus decides whether first authentication data exists in a received message, and performs, if it is decided that the first authentication data exists, authentication based on the first authentication data. The second authentication unit of the authentication apparatus decides whether second authentication data exists in the received message, and performs, if it is decided that the second authentication data exists, authentication based on the second authentication data. If the second authentication unit decides that no second authentication data exists in the received message, and the first authentication unit decides that authentication has succeeded, it is decided that authentication for the received message has succeeded. | 2017-06-08 |
20170163623 | MULTI-USER AUTHENTICATION - In an approach to multi-user authentication, one or more computer processors receive a first user login. The one or more computer processors determine whether at least one additional user login is received. The one or more computer processors receive an access request from the first user. The one or more computer processors receive an access request from the at least one additional user. In response to receiving the access request from the first user and the access request from the at least one additional user, the one or more computer processors determine whether the access request from the first user and the access request from the at least one additional user meet pre-defined criteria. In response to determining the access requests meet pre-defined criteria, the one or more computer processors authorize the access request of the first user and the access request of the at least one additional user. | 2017-06-08 |
20170163624 | METHOD AND ARRANGEMENTS FOR INTERMEDIARY NODE DISCOVERY DURING HANDSHAKE - A method executed by an Intermediary Node arranged between a Client and a Server for participating in the setting up of a connection between the Client and a Server is described. In response to intercepting a first message, the method transmits from the Client and destined for the Server, and requests for a connection to be set-up between the Client and the Server. The method recognizes, based on content of the received first message, that it is desirable for the Intermediary Node to perform at least one function on the requested connection, the Intermediary Node is transmitting a second message to the Client, comprising an identity of the Intermediary Node. This enables the Client to accept or reject the Intermediary Node as a node participating in the requested connection set-up. | 2017-06-08 |
20170163625 | USING TIMING OF CHARACTER INPUT TO VERIFY PASSWORD - A multi-dimensional approach can be used to verify a password. In addition to requiring the input of the correct password, the timing at which the characters of the password are input can be determined and compared to stored timing values. Even if the correct password is input, authentication can still fail if the characters of the password are not input in accordance with a required timing. | 2017-06-08 |
20170163626 | METHOD AND DEVICE FOR NETWORK ACCESS OF A SMART TERMINAL DEVICE - A method and device for network access of a smart terminal device. The smart terminal device generates a network access request message and broadcasts the network access request message; and then receives a network access response message transmitted by a mobile terminal device, the network access response message including connection information of a router to be accessed, such that the smart terminal device may connect to the router to be accessed based on the connection information. | 2017-06-08 |
20170163627 | NETWORK AUTHENTICATION - A method for determining an access right of a user terminal to a first network, wherein the user terminal ( | 2017-06-08 |
20170163628 | USER LOGIN METHODS, DEVICES, AND SYSTEMS - A user login method for use in a terminal is provided. The method includes: receiving an automatic login request; acquiring a terminal identifier of the terminal; sending, to a server, a query request about a user account associated with the terminal identifier and a password corresponding to the user account, the query request including the terminal identifier; receiving, from the server, a query result based on the query request; selecting a user account from the query result and a password corresponding to the selected user account, if the query result is not empty; and sending, to the server, the selected user account and the corresponding password, for the selected user account to login after authentication by the server. | 2017-06-08 |
20170163629 | SECURE TOKEN DISTRIBUTION - A method for utilizing a registration authority to facilitate a certificate signing request is disclosed. In at least one embodiment, a registration authority computer may receive a certificate signing request associated with a token requestor. The registration authority may authenticate the identity of the token requestor and forward the certificate signing request to a certificate authority computer. A token requestor ID and a signed certificate may be provided by the certificate authority computer and forwarded to the token requestor. The token requestor ID may be utilized by the token requestor to generate digital signatures for subsequent token-based transactions. | 2017-06-08 |
20170163630 | COMPUTER READABLE STORAGE MEDIA FOR LEGACY INTEGRATION AND METHODS AND SYSTEMS FOR UTILIZING SAME - Systems and methods for integrative legacy context management are disclosed herein. An example computer hardware system may include at least one processing unit coupled to a memory, and the memory may be encoded with computer executable instructions that when executed cause the at least one processing unit to receive a set of credentials associated with a user from a user device, cross-reference the set of credentials with a first set of credentials of an agent associated with the user to determine whether the set of credentials is valid; and if the set of credentials is valid, provide a second set of credentials of the agent to the user device in response to a request for the second set of credentials from the user device. | 2017-06-08 |
20170163631 | SECURITY CERTIFICATION AND APPLICATION CATEGORIZATION FOR MOBILE DEVICE MANAGEMENT - Implementations for managing mobile devices associated with enterprise operations include actions of receiving a request to access information regarding at least one mobile application for download to and installation on a mobile device of a user, the request including an identifier associated with an enterprise, receiving a tenant-specific configuration based on the identifier, the tenant-specific configuration including criteria for mobile applications to be available for download to and installation on mobile devices associated with the enterprise, transmitting a request for a list of available mobile applications to an application and certification database, the request including the tenant-specific configuration, receiving the list of available mobile applications, which includes a subset of mobile applications of a superset of mobile applications, the subset of mobile applications being provided based on the tenant-specific configuration, and providing graphical representations of each mobile application in the list of available mobile applications for display to the user. | 2017-06-08 |
20170163632 | Control Of Access To Contents Which Can Be Retrieved Via A Data Network - A method is provided for controlling access to content accessible via a data network, by transmitting an IP address in response to a name resolution request with respect to a domain name or IP address. If an access request is performed for an IP address or a name resolution for a domain name marked with an access control marker, an identifier is transmitted with at least one returned IP address, which indicates that the retrievable content retrieved should be subject to access control at the requesting computer system, e.g., because the content contains adult content. Using an IP address for this purpose has the advantage that the transmission of the IP address does not require changes in the established name resolution and transmission protocols, and IP addresses can be hierarchically structured. This allows a faster check as to whether a specific IP address lies in a specified address region. | 2017-06-08 |
20170163633 | Exchange of Control Information between Secure Socket Layer Gateways - Provided are a method and a system for exchanging control information between secure socket layer (SSL) gateways. The method may commence with intercepting, by a client facing node, a client request including session-specific information and a session request to establish an SSL communication session between a client and a server. The method may continue with generating an SSL extension based on the session-specific information and adding the SSL extension to the session request to obtain an extended session request. The extended session request may be sent to a server facing node in communication with the client facing node. The method may further include identifying the session-specific information contained in the SSL extension of the extended session request and generating a further session request for establishing the SSL communication session between the server facing node and the server. The method may further include sending the further session request to the server. | 2017-06-08 |
20170163634 | SYSTEM AND METHOD FOR COMMUNICATION TO ENTERPRISE ENVIRONMENT USERS OF A MOBILE APPLICATION BY THE MOBILE APPLICATION PROVIDER - A method for communicating with enterprise users of an enterprise mobile application on a mobile communication device includes providing the enterprise mobile application to a distribution platform server for downloading to memory of a plurality of mobile communication devices. Including in the enterprise mobile application instructions to connect to the application distribution platform server, and to cause a respective device identifier token to be downloaded to the memory of the mobile communication device, where the device identifier token is specific to that instantiation of the downloaded enterprise mobile application. Where an enterprise mobile application developer and/or provider uses the respective device identifier token to address a message to respective ones of a plurality of mobile communication devices at about the same time. A system and a non-transitory computer-readable medium for implementing the method are also disclosed. | 2017-06-08 |
20170163635 | AUTHORIZATION SERVER, AUTHENTICATION COOPERATION SYSTEM, AND STORAGE MEDIUM STORING PROGRAM - An authorization token verification request including the authorization token is received from an application server having received a processing request along with the authorization token from the client, and, in a case where the authorization token is verified successfully on basis of the received authorization token and the authorization token information, the local user information included in the authorization token information is transmitted to the application server. | 2017-06-08 |
20170163636 | AUTHORIZATION SERVER, AUTHENTICATION COOPERATION SYSTEM, AND STORAGE MEDIUM STORING PROGRAM - An authorization token verification request including a second authorization token is received from an application server having received a processing request along with the second authorization token from a client device, and, in a case where the authorization token is verified successfully on basis of the received second authorization token and the authorization token information, the local user information included in the authorization token information is responded to the application server. | 2017-06-08 |
20170163637 | DETERMINATION OF DEVICE WITH WHICH TO ESTABLISH COMMUNICATION BASED ON BIOMETRIC INPUT - In one aspect, a first device includes a processor, a wireless transceiver accessible to the processor, at least one biometric sensor accessible to the processor, and storage accessible to the processor. The storage bears instructions executable by the processor to receive input from the at least one biometric sensor, identify a user based on input from the at least one biometric sensor, and determine a second device with which the first device is to communicate using the wireless transceiver based at least in part on identification of the user based on input from the at least one biometric sensor. | 2017-06-08 |
20170163638 | AUTHENTICATION SYSTEM - The invention relates to an authentication system, comprising a security element ( | 2017-06-08 |
20170163639 | Voice Over IP Based Biometric Authentication - A request from a party is received by a receiver from a remote system. The request from the party is received when the party attempts to obtain a service using the remote system. A selective determination is made to request, over a network, authentication of the party by a remote biometric system. A request is sent to the remote system for the party to provide a biometric sample responsive to determining to request authentication of the party. The service is provided contingent upon authentication of the party by the remote biometric system. | 2017-06-08 |
20170163640 | Systems and Methods for Authentication of Printer Supply Items - Systems and methods for authenticating printer supply items using revocation lists are disclosed. Revocation lists are updated using DNSSEC to communicate between a printer and a DNS name server. A domain name is created containing a printer supply item serial number, a message digest, and a message authentication code. The domain name is sent to the DNS name server, and the returned IP address is used to update a revocation list. Other systems and methods are disclosed. | 2017-06-08 |
20170163641 | Systems and Methods for Authentication of Printer Supply Items - Methods for authenticating printer supply items using revocation lists are disclosed. Revocation lists are updated using DNSSEC to communicate between a printer and a DNS name server. A first domain name is created containing a request for a challenge to an authentication module and sent to the DNS name server. A second domain name is created containing a response to the challenge and sent to the DNS name server. The DNS name server indicates success or failure, which is used to authenticate the printer supply item. Other systems and methods are disclosed. | 2017-06-08 |
20170163642 | Method, Electronic Device and System for Content Pushing - Disclosed are a method and an electronic device for content pushing. The method mainly includes: obtaining, by a client, a device identity (ID) from an authentication server, wherein the device ID is a unique device identification assigned for the client by the authentication server; adding the device ID into a request for a content; and sending the request for the content to a CDN server, so that the CDN server returns the requested content to the client after authenticating the device ID. | 2017-06-08 |
20170163643 | DEVICE, METHOD AND SYSTEM FOR ENABLING MULTIPLE WIRLESS COMMUNICATION DEVICES TO COMMUNICATE WITH A TRUSTED NETWORK VIA A SECURE CONNECTION - The present disclosure provides a device, method, and system for enabling multiple wireless communication devices to communicate with a trusted network over a secure connection. The device includes a communication interface configured to communicate with the wireless communication devices and local area networks (LANs) and a processor configured to: broadcast a non-trusted service set identifier (SSID); in response to detecting a non-secure connection to a wireless communication device of the wireless communication devices using the non-trusted SSID, establish a connection to a local area network (LAN) of the LANs. In response to establishing a connection to the LAN: the processor establishes a secure connection to the trusted network; discontinues broadcast of the non-trusted SSID; and broadcasts a trusted SSID to the wireless communication devices to enable the wireless communication devices to wirelessly connect to the network device to communicate with the trusted network using the secure connection. | 2017-06-08 |
20170163644 | PERMISSION BASED ACCESS CONTROL FOR OFFLOADED SERVICES - Systems and methods for network access control, including sending a service request from an on-premise system to one or more offloaded front-end services on one or more offloading servers. The requests by the offloaded services to access back-end services in one or more on-premise systems are monitored, and access requests by the offloaded services for unauthorized back-end services are denied. The service request is redirected and locally executed to generate logs of the back-end services used to perform the service request if the access requests are denied. A permission mapping in a firewall between the offloaded services and the logged back-end services is updated to permit future access requests by the offloaded services. | 2017-06-08 |
20170163645 | Interoperable Systems and Methods for Peer-to-Peer Service Orchestration - Systems and methods are described for performing policy-managed, peer-to-peer service orchestration in a manner that supports the formation of self-organizing service networks that enable rich media experiences. In one embodiment, services are distributed across peer-to-peer communicating nodes, and each node provides message routing and orchestration using a message pump and workflow collator. Distributed policy management of service interfaces helps to provide trust and security, supporting commercial exchange of value. Peer-to-peer messaging and workflow collation allow services to be dynamically created from a heterogeneous set of primitive services. The shared resources are services of many different types, using different service interface bindings beyond those typically supported in a web service deployments built on UDDI, SOAP, and WSDL. In a preferred embodiment, a media services framework is provided that enables nodes to find one another, interact, exchange value, and cooperate across tiers of networks from WANs to PANs. | 2017-06-08 |
20170163646 | METHOD OF UNBLOCKING EXTERNAL COMPUTER SYSTEMS IN A COMPUTER NETWORK INFRASTRUCTURE, DISTRIBUTED COMPUTER NETWORK HAVING SUCH A COMPUTER NETWORK INFRASTRUCTURE AS WELL AS COMPUTER PROGRAM PRODUCT - A method of unblocking external computer systems includes transmitting an authentication packet from an external computer system, configured outside the computer network infrastructure, to a broker computer system within the computer network infrastructure, wherein the authentication packet contains signed information for authentication of the external computer system, automatically transmitting the authentication packet from the broker computer system to at least one processing computer system within the computer network infrastructure, wherein the processing computer system keeps predetermined network ports at least temporarily closed wherein, however, the processing computer system is capable of accessing the broker computer system to fetch the authentication packet from the broker computer system, unblocking at least one selective network port by the processing computer system for communication with the external computer system, and establishing a connection to the selectively unblocked network port of the processing computer system by the external computer system. | 2017-06-08 |
20170163647 | SYSTEMS AND METHODS FOR SCALABLE-FACTOR AUTHENTICATION - Authentication systems and methods can selectively authenticate a request to access a resource data store storing access rights associated with a user device. The systems and methods can scalably execute challenges workflows as part of the authentication process. For example, a request to access one or more access rights stored in the data store can be received from the user device. The user device can be authenticated using challenge workflows selected based on a device identifier of the user device. The selected challenge workflows can be executed to determine whether or not to grant access to the access rights stored in the resource data store. | 2017-06-08 |
20170163648 | FILE AND BIT LOCATION AUTHENTICATION - An approach for authentication is provided. The approach performs identifying, by one or more computer processors, an account attempting to access content. The approach performs identifying, by one or more computer processors, a file including at least authentication information. The approach performs identifying, by one or more computer processors, a location of the authentication information within the identified file. The approach performs identifying, by one or more computer processors, a length of the authentication information. The approach performs identifying, by one or more computer processors, the authentication information in the identified file based at least on the identified location and the identified length of the authentication information. The approach performs includes determining, by one or more computer processors, whether the identified authentication information matches previously submitted authentication information for the identified account attempting to access content requiring authentication. | 2017-06-08 |
20170163649 | ENABLING TRUSTED CONFERENCING SERVICES - Architecture for providing a superuser privilege in a conferencing environment. A pre-configured entity such as a bot program receives special conferencing privileges. A request can be identified as originating from a trusted service and an associated predetermined set of privileges passed to the service. The trusted service can impersonate a user, and join a conference using its own identity or using the identity of a user. Conference control rules can be enforced on the trusted user (e.g., no other users can eject or mute this entity). Moreover, the trusted service can (optionally) hide itself from the conference roster to remain invisible to all participants. | 2017-06-08 |
20170163650 | USAGE-BASED MODIFICATION OF USER PRIVILEGES - Systems and techniques to identify and modify unused (or seldom used) access privileges are described. Group membership data may be correlated with access map data to create a user-resource access map identifying privilege levels associated with individual user accounts to access computing resources in a computing system. User activity event logs generated as a result of user accounts accessing the resources may be correlated with the user-resource access map to identify user accounts that do not use (or seldom use) particular privilege levels to access particular resources. The identified user accounts may be modified to remove the unused (or seldom used) privileges levels. | 2017-06-08 |
20170163651 | DYNAMIC PERMISSION ASSESSMENT AND REPORTING ENGINES - Methods and systems of the present disclosure provide techniques for dynamically assessing a permission of a user that one of modifies or adds at least one content change in a source environment. The methods may further assess the permission of the user when the at least one content change relates to role content data or functional content data. The permissions of the users may be evaluated based on rule data specific to the source environment or user assignment data relating to the source environment. In addition, the disclosure provides techniques for reporting the dynamic assessment to an administrator based on a triggering event. | 2017-06-08 |
20170163652 | SECURE DATA CORRIDORS - A system and method of providing a secure data corridor are provided. A request is received from a subject for a data feed comprising one or more data elements. A use-case is identified and a security level is determined for the data feed. For each data element of the data feed, a security level and one or more security controls that are mapped to the corresponding data element, are determined. A data sensitivity rating is assigned to the use-case. Upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, the subject is granted privilege to the data feed via the secure data corridor. | 2017-06-08 |
20170163653 | SERVICING OF NETWORK SOFTWARE COMPONENTS OF NODES OF A CLUSTER STORAGE SYSTEM - Described herein are method and apparatus for servicing software components of nodes of a cluster storage system. During data-access sessions with clients, client IDs and file handles for accessing files are produced and stored to clients and stored (as session data) to each node. A serviced node is taken offline, whereby network connections to clients are disconnected. Each disconnected client is configured to retain its client ID and file handles and attempt reconnections. Session data of the serviced node is made available to a partner node (by transferring session data to the partner node). After clients have reconnected to the partner node, the clients may use the retained client IDs and file handles to continue a data-access session with the partner node since the partner node has access to the session data of the serviced node and thus will recognize and accept the retained client ID and file handles. | 2017-06-08 |
20170163654 | SECURE DATA CORRIDORS FOR DATA FEEDS - A system and method of providing a secure data corridor are provided. A request from a subject for at least one data element of a data feed is received. A use-case is identified for the data feed. A security label is assigned to the use-case. A clearance of the subject is compared to the security label of the use-case. Upon determining that a clearance of the subject is at or above the data sensitivity rating of the use-case, the subject is allowed access privilege to the data feed via the secure data corridor. | 2017-06-08 |
20170163655 | TRANSACTION COMPLETION BASED ON GEOLOCATION ARRIVAL - Techniques for providing friction-free transactions using geolocation and user identifiers are described herein. These techniques may ascertain a user's location based on a location of a mobile device. A transaction between the user and a merchant may be completed with zero or minimal input from the user based on the geolocation of the mobile device and the user identifiers. In some implementations, a transaction initiated earlier is completed when the mobile device arrives at the merchant. Additionally, a parent-child or similar relationship may be established between multiple devices. Security on the mobile device based may be provided by biometric identification and calculation of variance from regular movement patterns. Advertisements may be sent to the mobile device based on bids from merchants near to the mobile device. Promotions may be sent to the mobile device when more than a threshold number of mobile devices are located at the same merchant. | 2017-06-08 |
20170163656 | System And Method For Implementing A Two-Person Access Rule Using Mobile Devices - A system using mobile devices and a network provides access authentication, authorization and accounting to computing resources using a two-person access rule solution approach. A central access control server coordinates a rule-based authorization process in which a requesting user and one or more authorizing users are engaged in real-time communications to facilitate approved access to a sensitive resource. The technique utilizes mobile cellular interfaces and location service technologies, while also providing traditional security control measures of voice and visual verification of user identities. | 2017-06-08 |
20170163657 | Method and Secure Element for Using a Network - A method for using a network and a secure element, whereby the secure element of a device receives a request for usages data from the device. The secure element sends the usage data to the device in response to the request. The usage data enable the device to use the network. The secure element applies a timer to measure a delay time. The device shall only use the network, after the delay time has expired. The secure element prevents the usage of the network by the device until the delay time has expired. | 2017-06-08 |
20170163658 | Session Security Splitting and Application Profiler - Intelligent methods of providing online security against hackers, which prevents the hackers from obtaining unauthorized access to secure resources. A first application session established between a first client and a first application of a first host device is detected. The first application is associated with a first plurality of security time limits that divide security for the first application into security tiers. A duration of the first application session established between the first client and the first application is monitored. One or more first security actions are executed against the first application session responsive to the duration of the first application session reaching a security time limit of the first plurality of security time limits. One or more second security actions are executed against the first application session responsive to the duration of the first application session reaching another security time limit of the first plurality of security time limits. | 2017-06-08 |
20170163659 | SECURED DISTRIBUTED COMPUTING ACROSS MULTIPLE FIREWALLS - This disclosure is directed to securely exchanging information between private domains. Methods and systems of the disclosure perform operations including providing a user identifier (“ID”) and a first session ID to a user of a first private domain. The operations further include receiving from the user a service call for a first analytic service. Additionally, the operations include providing a service message for a second analytic service residing in a second private domain. Moreover, the operations include receiving a first verification message from the second private domain. The operations also include validating the first verification message. The operations further include providing a second verification message. Additionally, the operations include receiving a response message from the second private domain, the response message including information determined by the second analytic service based on job information in the service message. | 2017-06-08 |
20170163660 | METHOD AND APPARATUS FOR PROVIDING FORENSIC VISIBILITY INTO SYSTEMS AND NETWORKS - Methods and systems for providing forensic visibility into systems and networks are provided. More particularly, a sensor agent may receive events defining an action of a first object acting on a target. The object, the event, and the target are then correlated to at least one originating object such that an audit trail for each individual event is created. A global perspective indicating an age, popularity, a determination as to whether the object may be malware, and IP/URL information associated with the event may then be applied to at least one of the object, the event, the target, and the originating object. A priority may then be determined and assigned to the event based on at least the global perspective. An event line containing event information is then transmitted to an end recipient where the information may be heuristically displayed. | 2017-06-08 |
20170163661 | METHOD OF DETECTING ATTACKS IN A CLOUD COMPUTING ARCHITECTURE - A method and a detection entity for detecting attacks in a system including at least two host servers. Each host server hosts a set of virtual machines. The detection entity performs acts of: detecting that a number of migrations of virtual machines from one server to another during a current time period is greater than a threshold value; partitioning the virtual machines of the system into a first subset having a stable profile of consumption of at least one resource, and into a second subset having a fluctuating profile; calculating, for the pairs of virtual machines of the second subset, a value of temporal correlation between the two profiles of the pair; and identifying in the second subset the virtual machines for which the correlation value is greater than or equal to a threshold correlation value, the machines being identified as constituting the origin of the attack. | 2017-06-08 |
20170163662 | DIRECT CACHE ACCESS FOR NETWORK INPUT/OUTPUT DEVICES - Methods and systems for improving efficiency of direct cache access (DCA) are provided. According to one embodiment, a set of DCA control settings are defined by a network interface controller (NIC) of a network security device for each of multiple I/O device queues. The control settings specify portions of network packets that are to be copied to a cache of the corresponding CPU. A packet is received by the NIC. The packet is parsed to identify boundaries of portions of the packet and is queued onto an I/O device queue. The packet is then transferred from the I/O device queue to a host memory of the network security device and the specified portions are concurrently copied to the cache of the corresponding CPU based on the control setting associated with the I/O device queue. | 2017-06-08 |
20170163663 | FALSE POSITIVE DETECTION REDUCTION SYSTEM FOR NETWORK-BASED ATTACKS - A system detects a security attack through a network-based application. The system receives a runtime request for invocation of a function and dynamically determines if the request for invocation of the function is associated with a cross-site scripting attack. In response to determine the function is associated with a cross-site scripting attack, the system stores information associated with the request, which is used for determining if the request is a legitimate request or a cross-site scripting attack. | 2017-06-08 |
20170163664 | METHOD TO SECURE PROTECTED CONTENT ON A MOBILE DEVICE - A method and device for securing data accessed by a mobile device. The mobile device detects a request to record content displayed on a display of the mobile device. A determination is then made regarding whether the content that was displayed on the screen when the request to record was received is protected content. If the displayed content was protected, then a third party is notified that a security breach has been detected. A remedial action is also performed regarding the security breach. | 2017-06-08 |
20170163665 | SYSTEMS AND METHODS FOR MALWARE LAB ISOLATION - Generally discussed herein are systems, devices, and methods for malware analysis lab isolation. A system can include a malware analysis zone LAN in which malware analysis is performed, a separation zone LAN communicatively connected to the malware analysis zone LAN, the separation zone LAN providing access control to manage communication of data between other LANs of the plurality of LANs, an analyst zone LAN communicatively connected to the separation zone LAN, and a remote access zone LAN communicatively connected to the separation zone LAN, the remote access zone LAN providing a user LAN with results from the malware analysis zone LAN and the analyst zone LAN and providing an item for malware analysis by the malware analysis zone LAN. | 2017-06-08 |
20170163666 | Systems and Methods for Detecting and Responding To Security Threats Using Application Execution and Connection Lineage Tracing - Systems and methods for detecting and responding to security threats using application execution and connection lineage tracing in accordance with embodiments of the invention are disclosed. In one embodiment, a process for detecting suspicious activity in a network and in a computer server system includes receiving at a collector server a first piece of activity data including a first set of attributes, each attribute having a particular value, combining a first set of context information with the first piece of activity data to generate a first activity record, comparing the first activity record to a set of baseline signatures, where each baseline signature includes a second set of attributes, each attribute having a particular value and each baseline signature being unique in the combination of values of its attributes, incrementing a count of a first matching baseline signature from the set of baseline signatures when the first activity record has the same values for all attributes in the first matching baseline signature, receiving from a second connection and application execution sensor a second piece of activity data including a third set of attributes, each attribute having a particular value, combining, a second set of context information with the second piece of activity data to generate a second activity record, and generating an alert when the values of the attributes of the second activity record differ from all baseline signatures in the set of baseline signatures by at least a predetermined threshold number of attributes. | 2017-06-08 |
20170163667 | SYSTEM AND METHOD FOR DETECTING NETWORK ACTIVITY OF INTEREST - A network activity detection system is trained to detect network activities of interest such as threats by malicious computer data. The training involves distilling the characteristics of known network activities of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a minimal set of meta-expressions. At run-time, the network activity detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known network activities of interest, as well as their unknown variants, among an unknown set of network activity. The network activity detection system may produce appropriate responses upon the detection of network activities of interest. | 2017-06-08 |
20170163668 | PATH SCANNING FOR THE DETECTION OF ANOMALOUS SUBGRAPHS AND USE OF DNS REQUESTS AND HOST AGENTS FOR ANOMALY/CHANGE DETECTION AND NETWORK SITUATIONAL AWARENESS - A system, apparatus, computer-readable medium, and computer-implemented method are provided for detecting anomalous behavior in a network. Historical parameters of the network are determined in order to determine normal activity levels. A plurality of paths in the network are enumerated as part of a graph representing the network, where each computing system in the network may be a node in the graph and the sequence of connections between two computing systems may be a directed edge in the graph. A statistical model is applied to the plurality of paths in the graph on a sliding window basis to detect anomalous behavior. Data collected by a Unified Host Collection Agent (“UHCA”) may also be used to detect anomalous behavior. | 2017-06-08 |
20170163669 | METHODS AND SYSTEMS TO DETECT ANOMALIES IN COMPUTER SYSTEM BEHAVIOR BASED ON LOG-FILE SAMPLING - Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems. | 2017-06-08 |
20170163670 | PACKET LOGGING - Systems and methods associated with packet logging are described. One example method includes testing a packet obtained from a packet stream against a whitelist and a blacklist. The method also includes dropping the packet when the packet tests positive against the whitelist. The method also includes providing the packet to a security manager when the packet tests positive against the blacklist. The method also includes logging the packet when the packet tests negative against the whitelist. | 2017-06-08 |
20170163671 | System and method for Using Simulators in network security and useful in IoT Security - The invention provides a system and method for detecting intrusion is an intranet, determining of attack intent; identifying compromised servers and network elements; creating request log; and outputting alerts to users by a predetermined alert medium. The invention provides encoding of received requests such that compromised network elements can be identified. | 2017-06-08 |
20170163672 | COGNITIVE INFORMATION SECURITY USING A BEHAVIORAL RECOGNITION SYSTEM - Embodiments presented herein describe a method for processing streams of data of one or more networked computer systems. According to one embodiment of the present disclosure, an ordered stream of normalized vectors corresponding to information security data obtained from one or more sensors monitoring a computer network is received. A neuro-linguistic model of the information security data is generated by clustering the ordered stream of vectors and assigning a letter to each cluster, outputting an ordered sequence of letters based on a mapping of the ordered stream of normalized vectors to the clusters, building a dictionary of words from of the ordered output of letters, outputting an ordered stream of words based on the ordered output of letters, and generating a plurality of phrases based on the ordered output of words. | 2017-06-08 |