24th week of 2015 patent applcation highlights part 63 |
Patent application number | Title | Published |
20150163151 | HIERARCHICAL CONTROL IN SOFTWARE-DEFINED NETWORK (SDN) - System and method of providing SDN network service management by use of a distributed control system that comprises a hierarchy of controllers. The distributed control system includes regional controllers and one or more root controllers. A respective regional controller is configured to control a set of network devices and maintain regional network map related thereto. A respective root controller is configured to control a group of regional controllers and maintain a global network map across regions of the SDN. The root controllers can synchronize the global network map with each other and its subordinate controllers. A root controller may not be activated for packet transmission route determination unless its subordinate regional controller is unequipped with sufficient information to determine a requested route. | 2015-06-11 |
20150163152 | PERFORMANCE-BASED ROUTING IN SOFTWARE-DEFINED NETWORK (SDN) - System and method for performance-based routing in an SDN. An SDN controller is configured to adaptively determine data transmission routes based on real-time route performance evaluation provided by a virtual router. The virtual router includes a route detection component to attain route performance data and a performance evaluation component to evaluate the route performance based on predetermined criteria provided by the SDN controller. The evaluation result is sent to the SDN controller and used to intelligently determine a superior route selection and route usage for a specific application program. According to the determination, the SDN controller updates the flow table associated with the virtual router for subsequent data transmission. | 2015-06-11 |
20150163153 | PACKET AGGREGATION - Methods and apparatus for improving the efficient use of a wireless channel. Flows of compatible packets to be transmitted are processed in separate queues based on characteristics of the packets, destination and quality of service (QoS) requirements. Aggregation parameters selected for each flow define when packets aggregated on a flow are to be sent. The aggregation parameters may reflect packet type, such as QoS requirements, an application type and/or wireless channel conditions. In some embodiments, the aggregation parameters indicate a threshold frame size or include a threshold time to buffer a packet while waiting for other packets on that flow to fill a frame. When an aggregation parameter for a queue is met, the aggregated packets are transmitted as a frame. The queue is cleared and subsequent packets may begin aggregating. Some types of packets, such as acknowledgment packets, may be sent without aggregation. | 2015-06-11 |
20150163154 | METHOD AND DEVICES FOR PACKET SELECTION - This invention relates to packet selection techniques that can be used in conjunction with a clock recovery mechanism to mitigate the effects of packet delay variation on timing messages exchanged over a packet network, particularly when seeking to synchronize the time of a clock in a slave device to that of a master clock. The packet selection techniques can assist in reducing the noise in the recovered clock signal at the slave device, allowing recovery to a higher quality. Embodiments of the invention provide techniques based on extracting timing packets that create a constant interval between the arrival of selected packets at the slave device and on extracting timing packets which are closest to making the interval between arrival of the selected packets equal to the interval between the departure of the packets. | 2015-06-11 |
20150163155 | DELAY-BASED TRAFFIC RATE CONTROL IN NETWORKS WITH CENTRAL CONTROLLERS - A process is performed by a controller in a split-architecture network. The controller monitors congestion of traffic groups across the split-architecture network and executes the process to provide delay based data rate control to alleviate congestion of the traffic groups. The process includes configuring an ingress switch and egress switch for each traffic group to collect delay measurement data for data packets of each traffic group as they arrive at the ingress switch and egress switch. The delay measurement data is received from the ingress switch and egress switch of each traffic group. A check is made whether a minimum data packet delay for any traffic group exceeds a defined threshold value. At least one traffic group is then identified in the split architecture network to discard in response to the threshold value being exceeded. | 2015-06-11 |
20150163156 | NETWORK PROCESSOR UNIT AND A METHOD FOR A NETWORK PROCESSOR UNIT - A method of and a network processor unit for processing of packets in a network, the network processor comprising: communication interface configured to receive and transmit packets; at least one processing means for processing packets or parts thereof; an embedded switch configured to switch packets between the communication interface and the processing means; and wherein the embedded switch is configured to analyze a received packet and to determine whether the packet should be dropped or not; if the packet should not be dropped, the switch is configured to store the received packet, to send a first part of the packet to the processing means for processing thereof, to receive the processed first part of the packet from the processing means, and to transmit the processed first part of the packet. | 2015-06-11 |
20150163157 | ALLOCATION AND MIGRATION OF CLOUD RESOURCES IN A DISTRIBUTED CLOUD SYSTEM - A capability is provided for allocating and migrating cloud resources in a distributed cloud system. A cloud resource request is received and an associated cloud resource allocation is determined. The cloud resource request includes cloud resource request information. The cloud resource request information includes a cloud resource allocation parameter associated with allocation of requested cloud resources responsive to the cloud resource request and a cloud resource migration parameter associated with migration of cloud resources allocated responsive to the cloud resource request. The cloud resource allocation includes cloud resource allocation information specifying allocation of cloud resources within the cloud system responsive to the cloud resource request and cloud resource migration information specifying migration of cloud resources allocated within the cloud system responsive to the cloud resource request. | 2015-06-11 |
20150163158 | IDENTITY AND ACCESS MANAGEMENT-BASED ACCESS CONTROL IN VIRTUAL NETWORKS - Methods and apparatus for providing identity and access management-based access control for connections between entities in virtual (overlay) network environments. At the encapsulation layer of the overlay network, an out-of-band connection creation process may be leveraged to enforce access control and thus allow or deny overlay network connections between sources and targets according to policies. For example, resources may be given identities, identified resources may assume roles, and policies may be defined for the roles that include permissions regarding establishing connections to other resources. When a given resource (the source) attempts to establish a connection to another resource (the target), role(s) may be determined, policies for the role(s) may be identified, and permission(s) checked to determine if a connection from the source to the target over the overlay network is to be allowed or denied. | 2015-06-11 |
20150163159 | SOFTWARE-DEFINED NETWORKING SINGLE-SOURCE ENTERPRISE WORKLOAD MANAGER - Embodiments relate to a software-defined networking (SDN) single-source enterprise workload manager. An aspect includes a computer-implemented method for SDN single-source enterprise workload management. A network flow graph of a workload is received at an SDN controller in an enterprise network from a workload compiler of the enterprise network. The network flow graph defines interactions between a plurality of subprograms distributed in the enterprise network based on compile-time information of the workload. The SDN controller analyzes the network flow graph to identify the interactions between the subprograms as prompts. The SDN controller allocates network resources to define a plurality of flows through the enterprise network based on the prompts and characteristics of the enterprise network. Network traffic in the enterprise network is controlled based on the flows. | 2015-06-11 |
20150163160 | METHODS AND SYSTEMS FOR ALLOCATING AND DE-ALLOCATING DELIVERY GROUPS ACROSS MULTIPLE SERVER FARMS - The embodiments are directed to methods and apparatuses for pairing delivery group machines with one or more server farms in computing networks. The methods and apparatus can allocate machines in a delivery group across one or more server farms in a manner that maximizes efficiency through better computer resource usage. The methods and apparatuses select a server farm having a largest available capacity, and allocate machines from a delivery group to the server farm. If the quantity of delivery group machines exceeds the server farm capacity, the remaining machines are allocated to a second server farm. The methods and appliances also provide for de-allocating server farms, by selecting a server farm with the least allocated capacity, and de-allocating one or more delivery group machines from the selected server farm to reduce the number of utilized server farms. | 2015-06-11 |
20150163161 | GLOBAL SERVER LOAD BALANCING WITH QUEUED MESSAGING - A device may receive a request for messaging from a client device, and may determine a set of available data centers, of multiple of data centers, based on data received on a set of networking ports of the device. The device may configure a set of local queue managers to provide messaging to a set of external queue managers based on determining the set of available data centers. The device may assign the request to a particular local queue manager associated with providing messaging to a particular external queue manager that is associated with a particular data center. The device may provide the request to the particular data center via the particular local queue manager and a particular external queue manager associated with the particular data center, and may determine a reference identifier based on providing the request. | 2015-06-11 |
20150163162 | SOFTWARE-DEFINED NETWORKING SINGLE-SOURCE ENTERPRISE WORKLOAD MANAGER - Embodiments relate to a software-defined networking (SDN) single-source enterprise workload manager. An aspect includes a system for SDN single-source enterprise workload management. A network flow graph of a workload is received at an SDN controller in an enterprise network from a workload compiler of the enterprise network. The network flow graph defines interactions between a plurality of subprograms distributed in the enterprise network based on compile-time information of the workload. The SDN controller analyzes the network flow graph to identify the interactions between the subprograms as prompts. The SDN controller allocates network resources to define a plurality of flows through the enterprise network based on the prompts and characteristics of the enterprise network. Network traffic in the enterprise network is controlled based on the flows. | 2015-06-11 |
20150163163 | DISTRIBUTED APPLICATION AND DATA HOSTING SYSTEM - This invention includes an application server for executing an application and transmitting the execution results to a terminal or other such device connected to a network, and a management server for allocating the application and data on an application server and a storage device, respectively, wherein the management server reallocates the application execution site using: a procedure for obtaining device location information from a device via an application server and selecting, from the location information, an application server that will be the application migration destination; a procedure for indicating the migration-destination application server to the migration-source application server; and a procedure for migrating the application and the data between the application servers. | 2015-06-11 |
20150163164 | METHOD AND MULTI-CARRIER TRANSCEIVER WITH STORED APPLICATION PROFILES FOR SUPPORTING MULTIPLE APPLICATIONS - In a multicarrier communication system having a plurality of subchannels, a method and apparatus for supporting at least two applications. For example, the method includes associating at least a first application in a set of currently active applications with a first latency path, allocating at least one subchannel to the first latency path, and in response to a change in the set of currently active applications, allocating the at least one subchannel to a second latency path associated with a second application in the set of currently active applications and different from the first latency path. | 2015-06-11 |
20150163165 | METHOD AND DEVICE FOR PROVIDING SERVICE FILE AND COMPUTER STORAGE MEDIUM - The present disclosure provides a method and device for providing a service file, and the method includes: a service file acquisition request sent by a client is received; a service file is acquired according to the service file acquisition request; level information of the client is acquired; and the service file is transmitted to the client, and a transmission rate of the service file is controlled according to the level information. The present disclosure enables a high-level client to obtain a higher download rate. | 2015-06-11 |
20150163166 | Cloud Computing Infrastructure, Method and Application - The present invention discloses a cloud computing infrastructure having a rights management device, which is designed to manage operating rights for at least one application which can be executed in the cloud computing infrastructure for the purpose of controlling the operation of the at least one application in the cloud computing infrastructure, to evaluate the managed operating rights with respect to execution of the at least one application and to output an execution enable on the basis of the evaluation of the operating rights, and having an execution device which is designed to execute the at least one application in the cloud computing infrastructure on the basis of the output execution enable. The present invention also discloses a method for operating at least one application in a cloud computing infrastructure and an application for execution in a cloud computing infrastructure. | 2015-06-11 |
20150163167 | METHOD AND APPARATUS FOR IMPLEMENTING TRAFFIC FLAGS FOR LARGE SERVICE GROUPS - The use of traffic flag symbols allows a large number of CPEs to transmit traffic notifications to a network controller. In some such embodiments, hundreds of CPEs simultaneously transmit traffic flags on different subcarriers of a channel. For example, in a MoCA2 based access network, up to 480 CPEs can transmit flags in only 5 μs in the 100 MHz-wide channel. | 2015-06-11 |
20150163168 | SEAMLESS PUSH SYSTEM AND METHOD FOR SAME - A seamless push system has a first push gateway within an intranet and which, in response to a transmission request for a push message, transmits the push message to a terminal in a connected state via the intranet, and a second push gateway within the Internet and which is capable of maintaining a connected state with the terminal via the Internet. When the terminal can be connected to the Internet, the second push gateway establishes a connected state from the terminal via the Internet and maintains the connected state, the first push gateway transfers the push message to the second push gateway in response to the transmission request for the push message, and the second push gateway transmits the push message via the Internet to the terminal in the connected state in response to the transfer of the push message. | 2015-06-11 |
20150163169 | INFORMATION HANDLING SYSTEM EMPLOYING UNIFIED MANAGEMENT BUS - An information handling system includes a host including a central processing unit, a first management controller (MC) enabled to communicate with the host, and a network interface resource (NIR) in communication with the host and operable to enable the information handling system to communicate via an external network. The NIR includes a unified management module (UMM) operable to receive and route a local management packet, sent from the host, to the first management controller via a first unified management bus (UMB) and further operable to receive and route a remote management packet, sent from a remote resource via the external network, to the first management controller via the first UMB. | 2015-06-11 |
20150163170 | LINK TRANSFER, BIT ERROR DETECTION AND LINK RETRY USING FLIT BUNDLES ASYNCHRONOUS TO LINK FABRIC PACKETS - Method, apparatus, and systems for Link Transfer, bit error detection and link retry using flit bundles asynchronous to link Fabric Packets. A first type of packet comprising a Fabric Packet is generated and its data content is divided into multiple data units called “flits.” The flits are then bundled into a second type of packet comprising Link Transfer Packets (LTPs). The LTPs are then sent over single link segments in a fabric comprising many point-to-point links. Each LTP includes a CRC that is used to ensure that data transmitted over each link segment is error free, and comprises a unit of retransmission. The size of the fabric packets may vary, and they may be larger or smaller than an LTP. The transfer scheme enabled flits from multiple fabric packets to be bundled into a single LTP. Upon receipt at a fabric endpoint, the flits from the LTPs are extracted and reassembled to regenerate the Fabric Packets. | 2015-06-11 |
20150163171 | METHODS AND APPARATUS RELATED TO A FLEXIBLE DATA CENTER SECURITY ARCHITECTURE - In one embodiment, edge devices can be configured to be coupled to a multi-stage switch fabric and peripheral processing devices. The edge devices and the multi-stage switch fabric can collectively define a single logical entity. A first edge device from the edge devices can be configured to be coupled to a first peripheral processing device from the peripheral processing devices. The second edge device from the edge devices can be configured to be coupled to a second peripheral processing device from the peripheral processing devices. The first edge device can be configured such that virtual resources including a first virtual resource can be defined at the first peripheral processing device. A network management module coupled to the edge devices and configured to provision the virtual resources such that the first virtual resource can be migrated from the first peripheral processing device to the second peripheral processing device. | 2015-06-11 |
20150163172 | SERVER SWITCH INTEGRATION IN A VIRTUALIZED SYSTEM - A switch, a system and operational method for packet switching between virtual machines running in a server and a network. The server comprises a switch with swappable, virtual ports. The switch routes packets to and from the various virtual machines resident in the server memory. | 2015-06-11 |
20150163173 | SYSTEMS AND METHODS FOR INTEGRATING WIRELESS LOCAL AREA NETWORKS ON EXTENDED BRIDGES - An information handling system is provided herein. The information handling system includes a controlling bridge having a plurality of bridge ports and at least one port extender coupled to one of the bridge ports of the controlling bridge to form an extended bridge. The port extender has a plurality of extension ports. The information handling system further includes an access point coupled to the port extender such that a wireless association between the access point and one or more stations appears as a logical bridge port to the controlling bridge and to an access controller system. The access point has a wireless transceiver to communication with the one or more stations. Associated methods are provided herein for providing wireless network access to a local area network. | 2015-06-11 |
20150163174 | ACTIVE MULTI-PATH NETWORK REDUNDANCY WITH PERFORMANCE MONITORING - A receiving network node ( | 2015-06-11 |
20150163175 | FIFO Affinity for Multiple Ports - A mechanism is provided in a data processing system for shared buffer affinity for multiple ports. The mechanism configures a physical first-in-first-out (FIFO) buffer with a plurality of FIFO segments associated with a plurality of network ports. The plurality of network ports share the physical FIFO buffer. The mechanism identifies a FIFO segment under stress within the plurality of FIFO segments. The mechanism reconfigures the physical FIFO buffer to assign a portion of buffer space from a FIFO segment not under stress within the plurality of FIFO segments to the FIFO segment under stress. | 2015-06-11 |
20150163176 | Method for Data Delivery in a Network - A method for transmitting data between a sender queue of a sender intermediate layer of a protocol stack and a receiver queue of a receiver intermediate layer of the protocol stack. The method includes receiving a data message from a sender messaging layer. The method also includes tagging the data message with a unique identifier. The method further includes writing the data message as a data window in the sender queue of the sender intermediate layer. The method additionally includes transmitting a front data window of the sender queue of the sender intermediate layer to the receiver queue of the receiver intermediate layer. The method also includes receiving a single receipt-acknowledgement message after a receiver transport layer of the protocol stack has received all of the front data window. The method further includes receiving a commit-acknowledgement message. | 2015-06-11 |
20150163177 | SYSTEM AND METHOD FOR PSEUDO-PRESENCE INDICATION FOR NON-XMPP CLIENT DEVICES WITHIN XMPP APPLICATIONS - A method includes receiving a message from an XMPP client for delivery to a contact, querying an XMPP presence system for an XMPP address and presence information related to the contact, querying the XMPP presence system for an alternative address if an XMPP address is not available or the presence information indicates that the contact is unavailable, and delivering the message to the alternative address or storing the message for future delivery if an alternate address is unavailable. | 2015-06-11 |
20150163178 | PUSH NOTIFICATION-BASED REMOTE CONTROL METHOD AND APPARATUS FOR THE SAME - Disclosed herein are a push notification-based remote control method and an apparatus for the remote control method. A push notification client includes a message receiving module for receiving a push notification message from a push notification server. A rule interpretation module determines whether a remote control rule is present in the push notification message. A rule registration management module is configured to, if it is determined that the remote control rule is present in the push notification message, register the remote control rule in a rule execution list. A rule execution module executes the remote control rule. | 2015-06-11 |
20150163179 | EXECUTION OF A WORKFLOW THAT INVOLVES APPLICATIONS OR SERVICES OF DATA CENTERS - A service exchange includes an orchestrator to execute a workflow that involves a plurality of applications and services of a plurality of data centers. A message broker is to exchange messages between the orchestrator and the applications. Adapters are to perform protocol and interface translations for information communicated between at least some of the applications and the message broker. | 2015-06-11 |
20150163180 | CONNECTION ARCHITECTURE FOR A MOBILE NETWORK - A mobile device for accessing content stored on a remote server over a mobile network is provided. The mobile device includes a processor configured to direct the mobile device to receive at least a portion of a list initiated by the remote server, the list identifying folders or files stored on the remote server, process a selection to identify one of the folders or files on the list having the content on the remote server, and send a request directing a management server to initiate a transaction including an identifier indicating the one of the folders or files having the content on the remote server that is to be sent as the attachment to the destination. | 2015-06-11 |
20150163181 | MULTIPURPOSE INTERNET MAIL EXTENSIONS ("MIME") METADATA FOR GROUP MESSAGING - A user device may be configured to generate a multipart message (e.g., a multimedia messaging service (“MMS”) message). A message part of the multipart message may include conversation metadata that includes information regarding a messaging conversation between the user device and at least one other user device. The message part may include a multipart type indicator (e.g., a Multipurpose Internet Mail Extensions (“MIME”) type indicator) that indicates that a type of the at least one part is a type associated with conversation metadata. The user device may output the multipart message to the other user device. | 2015-06-11 |
20150163182 | CONFIDENTIAL MESSAGES IN A GROUP CHAT - A device is configured to receive a message associated with a group chat. The group chat may include a communication session among a set of user devices including a first user device and a second user device. The device is configured to receive an indication that the message is confidential and designate the message as a confidential messaged based on the indication. The device is configured to determine that the first user device is authorized to display the message and that the second user device is not authorized to display the message. The device is configured to provide the confidential message to the first user device for display as part of the group chat, and to provide a blocked version of the confidential message to the second user device for display as part of the group chat. | 2015-06-11 |
20150163183 | SYSTEM AND METHOD FOR SPAM FILTERING USING INSIGNIFICANT SHINGLES - Disclosed system and methods for detecting spam using shingles. An example system identifies in a received message one or more insignificant text portions based on a text pattern database storing defined insignificant text patterns not containing spam; removes at least a portion of the one or more identified insignificant text portions from the message to generate an abridged and canonized message; generates a set of shingles from the abridged and canonized message; identifies in the set of shingles one or more shingles based on a shingles database storing defined insignificant shingles that occur only in messages not containing spam; removes one or more identified shingles from the set of shingles to generate a reduced set of shingles upon detecting the one or more identified shingles matching at least one of the defined insignificant shingles; and determines whether the received message contains spam based on the reduced set of shingles. | 2015-06-11 |
20150163184 | Moderating Content in an Online Forum - Users of social networking system are provided with user interface elements permitting the user to post comments on pages within the social networking system. Pages may be provided for any non-user entity, including for example, pages for businesses, products, concepts, etc. Embodiments provided herein permit page moderators to ban certain content from being displayed on a page. For example, the social networking system may receive a list of proscribed content and block comments containing the proscribed content by reducing the distribution of those comments to other viewing users. However, the social networking system may display the blocked content to the commenting user such that the commenting user is not made aware that his or her comment was blocked, thereby providing fewer incentives to the commenting user to spam the page or attempt to circumvent the social networking system filters. | 2015-06-11 |
20150163185 | Message Gateway with Hybrid Proxy / Store-and-Forward Logic - Described is a technology by which an email filtering service or other gateway includes hybrid proxy and store-and-forward logic. A message is initially processed with proxy logic. If the proxy logic is unable to complete filtering/scanning of a message within a timeout period, the store-and-forward logic is invoked to complete filtering/scanning of the message. The store-and-forward logic also may be invoked if a delivery attempt made by the proxy logic fails or does not complete prior to a delivery timeout period. When such a condition is met, the store-and-forward logic accepts the message, including storing the message, sending a response that indicates the message was accepted, and closing the connection over which the message was received. The store-and-forward logic may complete any scanning if not completed by the proxy logic, and takes over delivery responsibilities. | 2015-06-11 |
20150163186 | LAUNCHING A CLIENT APPLICATION BASED ON A MESSAGE - Launching a client application based on a message is disclosed, including: receiving a message at a client device; using information included in the message to identify a client application that corresponds to the message; and automatically launching the client application, wherein the client application is configured to receive at least some of the information included in the message. | 2015-06-11 |
20150163187 | INTELLIGENT PRESENCE BASED MESSAGING - A method, performed by a computer device, may include receiving a request to send a message from a sender to a recipient. The method may further include obtaining a recipient status associated with the recipient, wherein in the recipient status includes an indication that the recipient is in motion; identifying a sender rule associated with the sender; selecting a notification type for the message based on the recipient status and the identified sender rule; and applying the selected notification type to the message. | 2015-06-11 |
20150163188 | PREDICTIVE FORWARDING OF NOTIFICATION DATA - A computing system is described that receives notification data associated with a user, and responsive to determining that the user is interacting with a first computing device at a first particular time, outputs, for transmission to the first computing device, the notification data. The computing system determines that the user is interacting with a second computing device at a second particular time, and responsive to determining, based on the second particular time being less than a threshold amount of time after the first particular time, that the user did not view the notification data at the first computing device, outputs, for transmission to the second computing device, the notification data. | 2015-06-11 |
20150163189 | SOCIAL MESSAGING SYSTEM AND METHOD - Embodiments of the invention provide a system for facilitating user engagement with a high profile person or brand including program logic defining a content message service that facilitates engagement of a user with a high profile person. When executed by a processor the program logic performs steps to enable user account formation, content category selection and viewing, creation and posting of a content message, calculating a content message ranking and a decay for each posted content message, displaying a content message, and enabling a user to create a votable answer. The steps include compiling a total number of content messages composed by the user, the total number of responses to the messages, the high profile person viewing or response total from the high profile person's viewing or response behavior to the content message and assigning a status category, score, and status value to the user. | 2015-06-11 |
20150163190 | SUGGESTED OUT OF NETWORK COMMUNICATION RECIPIENTS - Disclosed in some examples are methods, systems and machine readable medium for recommending an out-of-network communication by determining a set of potential recommended members of a social networking service based upon one or more recommendation criteria. In some examples the recommendation criteria may include: a profile similarity to a previous target of an out-of-network communication, a degree of correspondence between an interest and intent of the sending member, and a likelihood of response. | 2015-06-11 |
20150163191 | METHODS AND SYSTEMS FOR CREATING AND MANAGING MULTI PARTICIPANT SESSIONS - A method of creating a multi participant session among a plurality of viewers of media content. The method comprises automatically identifying which media content is currently presented on a plurality of client terminals of a plurality of subscribers, receiving, from a first subscriber, a first selection indicative of a template of a multi participant session object and a second selection indicative of a group from the plurality of subscribers, creating a multi participant session object adapted for simultaneous presentation with the media content according to first and second selections and establishing a multi participant session among at least one member of the group and the first subscriber using the multi participant session object. | 2015-06-11 |
20150163192 | Detection of a Misconfigured Duplicate IP Address in a Distributed Data Center Network Fabric - Presented herein are techniques to detect a misconfigured duplicate Internet Protocol (IP) address in a distributed data center network fabric. A network topology is provided that includes a plurality of network elements. A network element receives a configuration message comprising an IP address from a first host associated with the first network element. The IP address is detected to already be in use by a second host associated with a second network element. A request message is provided to the second network element, the request message configured to cause the second network element to attempt to contact the second host. A reply message is received from the second network element. If the reply message indicates that the second host exists at the second network element, an indication of a misconfiguration event is generated. Otherwise, the IP address is associated with the first host. | 2015-06-11 |
20150163193 | SYSTEM FOR TRACKING DIFFUSION - A tracking system comprising a non-transitory computer readable storage medium having stored therein data representing instructions executable by a programmed processor is provided. The storage medium of the tracking system includes instructions for receiving a request for content from a device using a first shortened content address, the first shortened content address including a shortened content address base and a first link identifier. The storage medium further includes instructions for determining a content address identifier associated with the first shortened content address and instructions for searching the device for a cookie associated with the content address identifier, the cookie including a cookie link identifier. The storage medium also includes instructions for providing the content to the device using the first shortened content address when the cookie is found on the device and the cookie link identifier is the first link identifier and instructions for providing the content to the device using a second shortened content address when the cookie is found on the device and the cookie link identifier is not the first link identifier, the second shortened content address including the shortened content address base and the cookie link identifier. The storage medium further includes instructions for generating a new link identifier when the cookie is not found on the device and instructions for providing the content to the device using a third shortened content address when the cookie is not found on the device, the third shortened content address including the shortened content address base and the new link identifier. | 2015-06-11 |
20150163194 | COMMUNICATING BETWEEN CLIENTS AT SAME LOCATION ACCORDING TO PREDETERMINED NAMING CONVENTION WITH LOCATION-BASED HOSTNAMES - A method of automatic hostname configuration includes receiving a request from a client device. A location detection module may be utilized for determining a location identifier representing a location at which the client device is located. A hostname is formed including at least the location identifier, and a control server assigns the hostname to the client device by sending an acknowledgement including the hostname to the client device. The request and acknowledgement may be communicated using DHCP. Simple network management protocol messages may be sent to one or more switches to query for a MAC address of the client device to determine the source switch and port from which the request originated. The switch-port-to-location table may include several ports that map to a same location identifier. The hostname may further be formed by including a device type identifier associated with the client device. | 2015-06-11 |
20150163195 | COMPUTER SYSTEM, ADDRESS MANAGEMENT APPARATUS, AND EDGE NODE - A network address management unit ( | 2015-06-11 |
20150163196 | SYSTEM AND METHOD FOR DYNAMICALLY CONFIGURING A DHCP SERVER IN A VIRTUAL NETWORK ENVIRONMENT - Techniques for dynamically configuring a dynamic host configuration protocol (DHCP) server in a virtual network environment are described. In one example embodiment, DHCP bindings are configured using virtual machine (VM) inventory objects. Further, the configured DHCP bindings are transformed by replacing the VM inventory objects in the configured DHCP bindings with associated media access control (MAC) addresses using a VM object attribute table. Furthermore, the transformed DHCP bindings are sent to the DHCP sever for assigning Internet protocol (IP) addresses to multiple VMs running on a plurality of host computing systems in a computing network. | 2015-06-11 |
20150163197 | SYSTEMS, METHODS, AND APPARATUS FOR FULL-CONE AND ADDRESS RESTRICTED CONE NETWORK ADDRESS TRANSLATION USING HARDWARE ACCELERATION - This disclosure describes systems, methods, and apparatus for using a NATTYPE module in a Linux kernel to carry out Full Cone NAT and address-restricted cone NAT while offloading NAT functionality to a hardware accelerator. The NATTYPE module can be configured to create a mapping between conntrack entries and NATTYPE entries and a conntrack module can be configured to update a NATTYPE entry when a conntrack entry is updated and the conntrack entry includes a mapping to a NATTYPE entry. Alternatively, a hardware accelerator controller can be configured to refresh conntrack entries as well as NATTYPE entries. | 2015-06-11 |
20150163198 | METHODS AND APPARATUS FOR PROVIDING CONTROLLED UNIDIRECTIONAL FLOW OF DATA - Systems, methods, and apparatus that allow a controlled unidirectional flow of information between a source network and a destination network, and do not allow a flow of information from the destination network to the source network or any other network, thereby providing an unobservable and/or undetectable destination network, accessible only by a singular permitted flow of information. In addition, transformation of the data block of information is can be performed. Other functions can be performed on the data blocks. The options for transformations and/or functions are expandable, such that options can be added or removed. Log files can be generated at one or more points. The log files can be configured to comply with a desired format and/or standard. | 2015-06-11 |
20150163199 | SYSTEMS AND METHODS FOR INTEGRATING CLOUD SERVICES WITH INFORMATION MANAGEMENT SYSTEMS - Systems and methods of integrating log data from a cloud system with an internal management system are described, wherein the cloud system is located externally from a secure network which contains the internal management system. The systems and methods include receiving log data from a cloud system through a secure connection between the secure network and the cloud system; buffering the received log data; filtering the buffered, received log data; and transmitting the filtered, buffered, received log data to the internal management system in a format associated with the internal management system. | 2015-06-11 |
20150163200 | Zone-Based Firewall Policy Model for a Virtualized Data Center - Techniques are provided for implementing a zone-based firewall policy. At a virtual network device, information is defined and stored that represents a security management zone for a virtual firewall policy comprising one or more common attributes of applications associated with the security zone. Information representing a firewall rule for the security zone is defined and comprises first conditions for matching common attributes of applications associated with the security zone and an action to be performed on application traffic. Parameters associated with the application traffic are received that are associated with properly provisioned virtual machines. A determination is made whether the application traffic parameters satisfy the conditions of the firewall rule and in response to determining that the conditions are satisfied, the action is performed. | 2015-06-11 |
20150163201 | CLIENT/SERVER SECURITY BY AN INTERMEDIARY RENDERING MODIFIED IN-MEMORY OBJECTS - In an embodiment, a method comprises intercepting, from a server computer, a first set of instructions that define one or more objects and one or more operations that are based, at least in part, on the one or more objects; generating, in memory, one or more data structures that correspond to the one or more objects; performing the one or more operations on the one or more data structures; updating the one or more data structures, in response to performing the one or more operations, to produce one or more updated data structures; rendering a second set of instructions, which when executed by a remote client computer cause the remote client computer to generate the updated data structures in memory on the remote client computer, wherein the second set of instructions are different than the first set of instructions; sending the second set of instructions to the remote client computer. | 2015-06-11 |
20150163202 | SECURITY KEY GENERATION FOR SIMULTANEOUS MULTIPLE CELL CONNECTIONS FOR MOBILE DEVICE - A first security context is established between a given user computing device and a first network computing device associated with a first network cell of a communications network to enable a secure data connection between the given user computing device and the first network computing device. A second security context is established between the given user computing device and a second network computing device associated with a second network cell of the communications network to enable a secure data connection between the given user computing device and the second network computing device simultaneous with the secure data connection between the given user computing device and the first network computing device. Establishment of the second security context includes the first network computing device sending the given user computing device a simultaneous secure data connection parameter useable by the given user computing device to establish the second security context with the second network computing device. | 2015-06-11 |
20150163203 | Standard Telephone Equipment (STE) Based Deployable Secure Communication System - Sensitive, Standard Telephone Equipment (STE) data is encapsulated into IP packets in a remotely deployed, secure communication system. The IP packets are addressed to a matching IP encapsulator/decapsulator device over the public Internet or other IP protocol network, that then passes it to a similar STE device over an ISDN link for decryption. The present invention is embodied in a system that provides secure Voice-Over-IP (VOIP), video and data network functionality in a single, small size deployable case, to a remote user. Most importantly, the embodiment allows for the routing of bulk encrypted (i.e., secure) data over a public network, e.g., the Internet. | 2015-06-11 |
20150163204 | DIGITAL CONTENT ACCESS CONTROL - Control of access to at least one digital content is managed as a function of at least one access criterion. The digital content is transmitted to at least one terminal in the form a data stream. The access criterion is stored in the terminal as a function of an identifier. The terminal receives the data stream in association with a control message indicating the identifier. It then retrieves the stored access criterion as a function of the identifier received in the control message. Finally, it verifies whether the stored access criterion is satisfied in order, where appropriate, to authorize access to the content. | 2015-06-11 |
20150163205 | DYNAMIC DEVICE ALLOCATION APPARATUS, DYNAMIC DEVICE ALLOCATION SYSTEM, DYNAMIC DEVICE ALLOCATION METHOD AND STORAGE MEDIUM STORING DYNAMIC DEVICE ALLOCATION PROGRAM - Disclosed is a dynamic device allocation apparatus capable of allocating dynamically and flexibly the I/O device, which inputs and outputs information, to the information processing carried out in the system. | 2015-06-11 |
20150163206 | CUSTOMIZABLE SECURE DATA EXCHANGE ENVIRONMENT - In embodiments, the disclosure provides a secure data exchange system that includes a data management facility; and a plurality of data storage nodes. The data management facility manages content sharing between entities of data stored in the data storage nodes, wherein the data is stored by a user of a first entity and comprises content and metadata. The data management facility only has access to the metadata of the user data for managing of the data in the plurality of data storage nodes and not the content. The data management facility may be geographically distributed at a plurality of data management sites and the data storage nodes may exist inside and outside of a firewall of the first entity. | 2015-06-11 |
20150163207 | PAIRWISE TEMPORAL KEY CREATION FOR SECURE NETWORKS - A system and method for establishing a pairwise temporal key (PTK) between two devices based on a shared master key and using a single message authentication codes (MAC) algorithm is disclosed. The devices use the shared master key to independently compute four MACs representing the desired PTK, a KCK, and a first and a second KMAC. The Responder sends its first KMAC to the Initiator, which retains the computed PTK only if it verifies that the received first KMAC equals its computed first KMAC and hence that the Responder indeed possesses the purportedly shared master key. The Initiator sends a third message including the second KMAC to the Responder. The Responder retains the computed PTK only if it has verified that the received second KMAC equals its computed second KMAC and hence that the Initiator indeed possesses the purportedly shared master key. | 2015-06-11 |
20150163208 | SYSTEM FOR USER-FRIENDLY ACCESS CONTROL SETUP USING A PROTECTED SETUP - A method and apparatus includes a determining unit configured to determine whether a device entering a network should be allowed access and an executing unit configured to execute a configuration protocol between the registrar and the device and to a shared unique configuration key between the registrar and the device. If the device provides a privileged service, the configuration protocol enables the device to advertise the privileged service or if the device is a control point, the configuration protocol enables the device to advertise that it is able to control certain privileged services. The registrar also includes a controlling unit configured to obtain a controller key, if the registrar is to become controller of the new device and a service unit configured to execute a credential service that allows devices providing privileged services to delegate issuing of access control credentials to the registrar, wherein other devices may use the credential service to obtain credentials for privileged services. | 2015-06-11 |
20150163209 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND COMPUTER PROGRAM - There is provided an information processing device including an information storage unit configured to store information about a state in which a first secret key used during authentication is held in devices, and information about connection between the devices, and a communication unit configured to send the first secret key so that the first secret key is delivered to the devices based on the information stored in the information storage unit. | 2015-06-11 |
20150163210 | MOBILE DEVICE SENSOR DATA SUBSCRIBING AND SHARING - Techniques for mobile devices to subscribe and share raw sensor data are provided. The raw sensor data associated with sensors (e.g., accelerometers, gyroscopes, compasses, pedometers, pressure sensors, audio sensors, light sensors, barometers) of a mobile device can be used to determine the movement or activity of a user. By sharing the raw or compressed sensor data with other computing devices, the other computing devices can determine a motion state based on the sensor data. Additionally, in some instances, the other computing devices can determine a functional state based on the sensor data and the motion state. For example, functional state classification can be associated with each motion state (e.g., driving, walking) by further describing each motion state (e.g., walking on rough terrain, driving while texting). | 2015-06-11 |
20150163211 | UNCLONABLE ID BASED CHIP-TO-CHIP COMMUNICATION - A first copy of an intrinsic ID of a first node may be stored on a second node. The first node may receive a challenge that causes it to generate a second copy of its intrinsic ID. The second copy and a random value may be used as inputs of a function to generate a first code. The first code is transmitted to the second node. The second node decodes the first code using its local copies of the random value and/or the intrinsic ID. The second node checks the decoded information against its local information and authenticates the first node if there is a match. | 2015-06-11 |
20150163212 | WORK MACHINE, MANAGEMENT SYSTEM OF WORK MACHINE, AND METHOD OF MANAGING WORK MACHINE - A work machine provided with a device configured to execute processing, the work machine includes: a communication terminal device configured to, when the communication terminal device has received a request command for causing the device to execute processing from a command source outside the work machine, return notification of reception completion to the command source, and output the request command to the device that executes processing corresponding to the request command, and transmit processing completion notification indicating the processing has been completed to the command source when the device that executes processing corresponding to the request command executed the processing. | 2015-06-11 |
20150163213 | PRIVATE AND SECURE COMMUNICATION ARCHITECTURE WITHOUT UTILIZING A PUBLIC CLOUD BASED ROUTING SERVER - A method for use with a public cloud network is disclosed. The method includes setting up a private cloud routing server and a smart device client in a client server relationship. The private cloud routing server includes a first message box. The smart client includes a second message box. The first and second message boxes are located on the public cloud network. The method also includes passing an authenticated session based message between the first and the second message boxes in a secure manner. The smart device client and the private cloud routing server can communicate with each other after authentication to provide security. The method also includes setting up another smart device client in a client server relationship with the private cloud routing server. The two smart device clients can privately and securely communicate with each other through the public cloud network. | 2015-06-11 |
20150163214 | INFORMATION PROCESSING APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM - By a Web browser, an authentication screen is displayed based on HTML data received from a Web server, and authentication information inputted via the authentication screen is managed. Upon a display of the authentication screen, in a case where it is set to display an address of the HTML data as the identification information of the authentication screen, the address of the HTML data is displayed in a case where the title of the authentication screen does not exist, and in a case where it is set to not display the address of the HTML data as the identification information of the authentication screen, a predetermined character string is displayed in a case where the title of the authentication screen does not exist. | 2015-06-11 |
20150163215 | Method and Apparatus for Upgrading Open Authentication (OAUTH) Credentials - According to an example, after the open platform upgrades its OAuth protocol version, if receiving a service request carrying an old version OAuth credential, the open platform prompts the third party application to upgrade its OAuth credential. The third party application starts the OAuth credential upgrade process initiatively by transmitting a version upgrade request to the open platform. | 2015-06-11 |
20150163216 | METHOD, APPARATUS AND SERVER FOR IDENTITY AUTHENTICATION - The disclosure relates to a method, apparatus and server for identity authentication, related to communication technique to solve system overload problem caused by invalid access ID attack. The method may include: a server receiving an API calling request from third party developer, the API calling request carrying access ID generated in advance by server and assigned to the third party developer; searching for a version character carried in the access ID; based on a version character generation rule, verifying whether the version number marked by the version character being the same as a version number of the check character generation rule used by the server; when the version character being verified successfully, searching for at least a check character carried in the access ID; and based on the check character generation rule, verifying respectively on the at least a check character. The disclosure is applied to API calling request process. | 2015-06-11 |
20150163217 | Managing Trust Relationships - Systems and methods for managing trust relationships. In some embodiments, a method may include receiving an indication of an in-person transaction between a first user and a second user; calculating, for the first user, a trust score associated with the second user, the trust score based, at least in part, upon the indication; and storing a record of the trust score. For example, the in-person transaction may include a face-to-face meeting. | 2015-06-11 |
20150163218 | AUTHENTICATION UTILIZING A DYNAMIC PASSCODE FROM A USER-DEFINED FORMULA BASED ON A CHANGING PARAMETER VALUE - An authentication system utilizes dynamic passcode from a user-defined formula based on a changing parameter value. The changing parameter is publicly accessible through the communication network and has a current value that is periodically updated, such as a stock value, temperature at a specific location, or a sports score. The user-defined formula is based on the changing parameter in order to derive a passcode which authenticates a user to an associated user account. As referred to herein, the user-defined formula is a mathematical formula in which the changing parameter is one variable (e.g., [changing parameter value]+1). Some formulas include more than one changing parameter. | 2015-06-11 |
20150163219 | BIOMETRICS DATA RECOGNITION APPARATUS, SYSTEM, METHOD AND APPLICATION PROGRAM - A biometrics data recognition apparatus includes a computer device and a biometrics data recognition device, which includes a biometrics data sensor, a control processor and a storage. The biometrics data sensor captures to-be-recognized biometrics data of an organism. storage stores template biometrics data and website login data corresponding to each other. The control processor receives and judges whether the to-be-recognized biometrics data matches with the template biometrics data and outputs the website login data to the computer device if a match occurs. The computer device communicates with a cloud server and extracts login format data from the cloud server according to the website login data, and combines the website login data with the login format data to make the computer device log in a website corresponding to the website login data. Biometrics data recognition system, method and application program are also disclosed. | 2015-06-11 |
20150163220 | METHOD FOR AUTHENTICATING A USER OF A CONTACTLESS CHIP CARD - A method is intended for authenticating a user of a contactless chip card by means of a contactless card reader. This method comprises the steps of: (i) using this contactless card reader for acquiring a first image of at least a part of the user hand that holds the card when it is presented to this contactless card reader, (ii) comparing this first image with a second image stored into this contactless chip card, this second image defining a reference image of at least this part of the user hand when it holds the contactless chip card, to determine if this first image is similar to this second image, and (iii) authenticating this user if this first image is effectively similar to this second image. | 2015-06-11 |
20150163221 | SYSTEM AND METHOD FOR ALLOWING ACCESS TO ELECTRONIC DEVICES USING A BODY AREA NETWORK - A method, system and devices for creating access to a wireless communication device by using BAN, comprising detecting the presence of a user's body by using a BAN enabled access module connected to the wireless communication device, collecting biometric data of the user and receiving authentication data from a BAN enabled peripheral device through BAN by using the BAN enabled access module and allowing access to the wireless communication device if the collected biometric data and the received authentication data are valid. | 2015-06-11 |
20150163222 | STRONG USER AUTHENTICATION FOR ACCESSING PROTECTED NETWORK - Systems and methods for strong user authentication for accessing protected networks. An example method may comprise: transmitting, by a processing device, an authentication request to an authentication server; receiving an access granting token from the authentication server; transmitting, to a nonce server, a nonce request using the access granting token; receiving a cryptographic nonce from the nonce server; and transmitting, to a virtual private network (VPN) server, a VPN connection request using the cryptographic nonce. | 2015-06-11 |
20150163223 | Managing Resources In A Distributed Computing Environment - Methods, apparatuses, and computer program products for managing resources in a distributed computing environment that includes a plurality of resources and a resource recycling unit for storing discarded resources are provided. Embodiments include a management system maintaining within a resource recycling unit, a plurality of discarded resources of the distributed computing environment. Embodiments also include the management system receiving from a user, a request for a resource of the distributed computing environment and in response to receiving the request, selecting a first discarded resource from the plurality of discarded resources of the resource recycling unit. Embodiments also include the management system providing the selected first discarded resource to the user. | 2015-06-11 |
20150163224 | DEVICE AND METHOD FOR DETECTING BYPASS ACCESS AND ACCOUNT THEFT - Disclosed is technology relating to a device and method for detecting bypass access and account theft. In the method for detecting bypass access from a client to a server according to the present invention: a server receives access data comprising data about hops on the route from the client to the server by using a route tracing agent; region data is extracted from the IP address(es) of the hop(s) comprised in the received access data; a judgment is made as to whether the extracted region data belongs to a pre-set access-permitted region; and the server detects whether the access from the client is bypass access, in accordance with the judgment results. | 2015-06-11 |
20150163225 | METHOD OF ESTABLISHING A TRUST RELATIONSHIP FOR SHARING RESOURCES BETWEEN TWO TENANTS IN A CLOUD NETWORK - One embodiment disclosed herein serves to establish a trust relationship for sharing resources between a trustee tenant and a trustor tenant in a cloud network. It comprises receiving a requirement file (REQ) from the trustee tenant said file including at least one permission desired by the tenant, searching for and identifying at least one opportunity file sent by a trustor tenant, this file including at least the permissions, and storing information representative of a trust relationship for sharing resources between the tenants. | 2015-06-11 |
20150163226 | SECURE ACCESS USING LOCATION-BASED ENCRYPTED AUTHORIZATION - A computer sends a request to an authorization source to access a resource and includes its own location information. The computer receives a reply that includes the unencrypted location information of the computer and the resource encrypted such that a decryption key of the computer decrypts the encrypted resource. The entire reply is encrypted such that a decryption key of a third-party computer can decrypt the reply. The computer sends the encrypted reply to the third-party computer, and the reply is decrypted and returned to the computer if a distance between the computer and the third-party computer fulfills a proximity condition, as determined by the location of the computers. | 2015-06-11 |
20150163227 | VISUALLY REPRESENTING AND MANAGING ACCESS CONTROL OF RESOURCES - An approach is provided for controlling access to a resource. Visual representations of the resource and an entity are included in a display. In the display, a movement of the entity visual representation to a position proximate to a boundary of the resource visual representation is detected. Based on an attribute assigned to the entity visual representation being determined to satisfy an access control requirement assigned to the resource visual representation, the entity is permitted to access the resource. In the display, based on the entity being permitted to access the resource, a movement of the entity visual representation across the boundary of the resource visual representation and a placement of the entity visual representation within the boundary of the resource visual representation are permitted. | 2015-06-11 |
20150163228 | METHOD FOR OBTAINING FONT MAP, CHARACTER DISPLAY DEVICE AND SYSTEM, ELECTRONIC SIGNATURE TOKEN - A matrix obtaining method, a character display device and system and an electronic signature tool. The matrix obtaining method includes the following steps: the character display device receives a matrix sent by a matrix storage device; the character display device calculates the check code of the matrix sent by the matrix storage device; the character display device compares the calculated check code of the matrix with the locally-stored corresponding matrix check code; and if the two check codes are consistent, the character display device determines that the matrix sent by the matrix storage device is correct. Through the method, the character can be displayed by obtaining the matrix stored in the matrix storage device so as to reduce the cost of the character display device. The matrix storage device may be a transaction terminal including a computer, a mobile phone and the like, and the character display device may be an electronic signature tool. | 2015-06-11 |
20150163229 | Data Security and Integrity by Remote Attestation - The invention includes a system comprising a device, software installed on the device and coupled to the device's hardware and software stack to execute data encryption and remote attestation. The invention includes a process to configure the device for encryption and remote attestation and performing an initial inventory and content scan of the device's hardware and software stack with results transmitted across a communication network to the attestation server. The invention includes periodic inventory and content scans of the device's hardware and software stack with results transmitted again to the server via the network. The attestation server stores the results in a database for comparison to subsequent results sent by devices. The attestation server notes any differences in the most recent results and sends an alert to the device if the device is configured differently based on the previous scan, or configured the same if no differences were noted. | 2015-06-11 |
20150163230 | SYSTEM AND METHOD FOR DETECTING NETWORK ACTIVITY OF INTEREST - A network activity detection system is trained to detect network activities of interest such as threats by malicious computer data. The training involves distilling the characteristics of known network activities of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a minimal set of meta-expressions. At run-time, the network activity detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known network activities of interest, as well as their unknown variants, among an unknown set of network activity. The network activity detection system may produce appropriate responses upon the detection of network activities of interest. | 2015-06-11 |
20150163231 | SYSTEM AND METHOD FOR REDUCING LOAD ON AN OPERATING SYSTEM WHEN EXECUTING ANTIVIRUS OPERATIONS - An initial trust status is assigned to a first object, the trust status representing one of either a relatively higher trust level or a relatively lower trust level. Based on the trust status, the first object is associated with an event type to be monitored, where the event type is selected from among: essential events, occurrence of which is informative as to trust status evaluating for an object, and critical events, including the essential events, and additional events, occurrence of which is informative as to execution of suspicious code. Occurrences of events relating to the first object are monitored. In response to the first object being assigned the relatively higher trust level, only the essential events are monitored. In response to the first object being assigned the relatively lower trust level, the critical events are monitored. A need for performing malware analysis is determined based on the trust status of the first object and the event type. In response to determination of the need for performing the malware analysis, the malware analysis for the first object is either performed, or not. | 2015-06-11 |
20150163232 | METHOD, DEVICE AND SYSTEM FOR DETECTING MALWARE IN A MOBILE TERMINAL - A method, device and system for detecting malware in a mobile terminal are disclosed. The method includes at least the following operations: obtaining an installation package of a software which is to be checked; decompressing the installation package to obtain a decompressed installation package; detecting the decompressed installation package to obtain a first detection result; sending the decompressed installation package to a cloud system; receiving a second detection result returned from the cloud system based upon the cloud performing a malware check on the decompressed installation package; determining that the software being checked is a malware, if one or both of the following is found: the first detection result and the second detection result each indicates that the decompressed installation package is abnormal. | 2015-06-11 |
20150163233 | Method And Apparatus For Scanning Files - A method and apparatus for scanning files are provided. The method includes determining whether to perform a full scanning according to a pre-scanning mode. The method further includes determining whether a deep scanning is selected by a user, when it is determined not to perform the full scanning according to the pre-scanning mode. The method further includes performing the deep scanning, when the deep scanning is selected by the user. | 2015-06-11 |
20150163234 | SYSTEM AND METHODS FOR PROTECTING COMPUTING DEVICES FROM MALWARE ATTACKS - An online protection system and method for actively filtering webpages using a rule-based protective agent such that internet connectable communication devices receive a clean copy of the webpage. The protective agent may be operable to perform rule based filtering of static and web-generated pages. The system includes a data scanner, a report processor and a rule-based logic generator. The protection system may include malware server site scanner to prevent any potential backdoors and possibly introducing remedy to the infected files or quarantining in a non-standard directory locations. | 2015-06-11 |
20150163235 | METHODS AND APPARATUS TO IDENTIFY AN INTERNET PROTOCOL ADDRESS BLACKLIST BOUNDARY - Methods, apparatus, systems and articles of manufacture are disclosed to identify an Internet protocol address blacklist boundary. An example method includes identifying a netblock associated with a malicious Internet protocol address, the netblock having a lower boundary and an upper boundary, collecting netflow data associated with a plurality of Internet protocol addresses in the netblock, establishing a first window associated with a lower portion of Internet protocol addresses numerically lower than a candidate Internet protocol address, establishing a second window associated with an upper portion of Internet protocol addresses numerically higher than a candidate Internet protocol address, calculating a breakpoint score based on a comparison between a behavioral profile of the first window and a behavioral profile of the second window, and identifying a first sub-netblock when the breakpoint score exceeds a threshold value. | 2015-06-11 |
20150163236 | UNAUTHORISED/MALICIOUS REDIRECTION - Method(s) and apparatus are described for use in preventing unauthorised redirection and/or routing of packets transmitted in a communication network. Packets generated by one or more devices in the communications network are intercepted by an apparatus. The intercepted packets are inspected and it is detected whether at least one of the intercepted packets is associated with redirection based on an unauthorised destination. For each intercepted packet, packet and protocol inspection may be used to determine the originally intended destination of the packet and to determine any other destination(s) associated with redirection of the packet. For each intercepted packet, if the any other destination(s) are not associated with one or more authorised destinations corresponding to the originally intended destination, then the intercepted packet is associated with redirection to an unauthorised destination. Those detected intercepted packets associated with redirection based on the unauthorised destination are blocked or corrected. | 2015-06-11 |
20150163237 | TESTING WEB APPLICATIONS FOR SECURITY VULNERABILITIES WITH METAREQUESTS - A method includes instantiating, in response to a request by an executing application, an input data object with one or more unitialized fields and traversing a path toward a sink in the executing application to a branching point of the executing application. In response to reaching the branching point, one or more parameters are provided for some or all of the one or more unitialized fields of the input data object, wherein the one or more parameters were determined prior to beginning of execution of the executing application to cause a branch to be taken by the executing application toward the sink. The path is traversed toward the sink at least by following the branch in the executing application. Apparatus and computer program products are also disclosed. | 2015-06-11 |
20150163238 | SYSTEMS AND METHODS FOR TESTING AND MANAGING DEFENSIVE NETWORK DEVICES - The field of the invention relates to systems and methods for securing networked computing devices, and more particularly to systems and methods for testing and managing defensive network systems. In a preferred embodiment, a defensive network management subsystem is included. The subsystem is operatively coupled to a defensive network system and a networked computing system. The defensive network management subsystem is configured to generate test data for the networked computing system, transmit the generated test data to the networked computing system, and record the networked computing system's response to the generated test data. The subsystem is further configured to correlate its recorded data with the defensive network system's response to said generated test data to assess the defensive network system's efficacy. | 2015-06-11 |
20150163239 | System and Method of Valuating Resource in a Computer Network for Compliance with Requirements for a Computer System - Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest. | 2015-06-11 |
20150163240 | Simultaneous Determination of a mobile device and its user identification - An apparatus including an intrusion detection arrangement and a location identification arrangement which ties digital information (i.e. transaction events such as exact parameters of information, database queries, transaction ranges, etc.) submitted to a computer system with the physical characteristics of the event such as the area and/or picture of the person(s) submitting the information. | 2015-06-11 |
20150163241 | PROTECTING COMPUTING ASSETS FROM SEGMENTED HTTP ATTACKS - A method and system for managing data traffic and protecting computing assets. The method and system includes analyzing HTTP requests to determine if the HTTP requests are overly segmented, and, if the HTTP request is overly segmented, blocking and/or black-listing the malevolent communications and computing device. The analysis to determine if an HTTP request is overly segmented includes comparing the packet's size to a threshold, identifying the packet's content or lack thereof, identifying whether the packet is the last packet in a communication, and identifying whether the packet ends with the “\n” ASCII character. | 2015-06-11 |
20150163242 | PROFILING CYBER THREATS DETECTED IN A TARGET ENVIRONMENT AND AUTOMATICALLY GENERATING ONE OR MORE RULE BASES FOR AN EXPERT SYSTEM USABLE TO PROFILE CYBER THREATS DETECTED IN A TARGET ENVIRONMENT - A computer implemented method of profiling cyber threats detected in a target environment, comprising: receiving, from a Security Information and Event Manager (SIEM) monitoring the target environment, alerts triggered by a detected potential cyber threat, and, for each alert: retrieving captured packet data related to the alert; extracting data pertaining to a set of attributes from captured packet data triggering the alert; applying fuzzy logic to data pertaining to one or more of the attributes to determine values for one or more output variables indicative of a level of an aspect of risk attributable to the cyber threat. | 2015-06-11 |
20150163243 | DATA STREAM SECURITY PROCESSING METHOD AND APPARATUS - Embodiments of the present invention provide a data stream security processing method and apparatus. In the embodiments of the present invention, security levels of data streams are determined according to different feature information of the data streams, and forwarding paths corresponding to the data streams are determined according to the security levels, where a forwarding path may go through a security device to implement a corresponding security function of the forwarding path, thereby improving data stream forwarding security and lightening load of a central controller. | 2015-06-11 |
20150163244 | APPARATUS AND SYSTEM FOR PACKET TRANSMISSION - A packet transmission apparatus verifies a sequence number of each received packet using an anti-replay window. Upon detecting a suspected packet with a sequence number exceeding a highest sequence number set in the anti-replay window, an inquiry transmitting unit transmits a highest sequence number inquiry to an opposing apparatus. An anti-replay control unit drops the suspected packet when the sequence number of the suspected packet is more than a highest sequence number acquired from a response of the opposing apparatus in reply to the highest sequence number inquiry. | 2015-06-11 |
20150163245 | SYSTEMS AND METHODS FOR MANAGING DOMAIN NAME SYSTEM SECURITY (DNSSEC) - The present invention is directed towards systems and methods for providing multiple modes of a zone for DNSSEC by an intermediary device. The method includes providing, by a device intermediary to a plurality of clients and a plurality of servers, a plurality of modes of a zone for Domain Name Service. The device receives a selection of a first mode of the zone of the plurality of modes of the zone. The device receives information identifying to enable DNS Security for the selected first mode. The device establishes the zone for DNS in accordance with the selected first mode and with DNS Security enabled. | 2015-06-11 |
20150163246 | SYSTEM AND METHOD FOR ACTIVATION OF PERSONAS BASED ON ACTIVATION PARAMETERS RELATED TO A MULTIPLE-PERSONA MOBILE TECHNOLOGY PLATFORM (MTP) - A method, user terminal, and server are provided for activating a persona in a multiple-persona mobile technology platform (MTP). The method includes receiving at least one activation parameter value respective of the MTP; retrieving at least one activation rule defining at least one activation condition and at least one action to be performed on at least one persona of the multiple-persona of the MTP; analyzing the at least one received activation parameter value to determine the if the at least one activation condition has been met; and, upon determining that the at least one activation condition has been satisfied, applying the at least one action defined in the satisfied activation condition on the at least one persona. | 2015-06-11 |
20150163247 | POLICY-BASED RUNTIME CONTROL OF A SOFTWARE APPLICATION - A method, process, and associated systems for policy-based development and runtime control of mobile applications. Security objects that describe or enforce security policies are embedded into the source code of an enhanced application while the application is being developed. When a user attempts to launch the enhanced application on a mobile device, the security objects are updated to match a latest valid version of the objects stored on an enterprise server. The security objects may be further updated at other times. Global security policies, which affect the entire enterprise and which may deny the application permission to launch, are enforced by a global security policy stored within one of the updated security objects. If the application does run, application-specific security policies contained in the updated security objects modify application behavior at runtime in order to enforce application-specific security policies. | 2015-06-11 |
20150163248 | AUTOMATIC CURATION AND MODIFICATION OF VIRTUALIZED COMPUTER PROGRAMS - In an embodiment, a data processing method comprises receiving a first instance of computer program data at a security unit having one or more processors; executing the first instance of the computer program data in a monitored environment; observing and recording identification information for each of a plurality of functions called by the first instance of the computer program data; sending the identification information to one or more security enforcement endpoints over a computer network; and generating one or more instructions describing security protections to implement for function calls not included in the identification information in a second instance of the computer program data, and sending the instructions to one or more security enforcement endpoints over a computer network. | 2015-06-11 |
20150163249 | POLICY-BASED SELECTION OF REMEDIATION - Methods and systems for remediating a security policy violation on a computer system are provided. According to one embodiment, a first computer system receives information regarding an operational state of a second computer system. It is determined whether the operational state represents a violation of a security policy that has been applied to or is active in regard to the second computer system by evaluating the received information with respect to the multiple security policies. Each security policy defines a parameter condition violation of which is potentially indicative of unauthorized activity on or manipulation of the second computer system to make it vulnerable to attack. When a result of the determination is affirmative, then a remediation is identified by the first computer system that can be applied to the second computer system to address the violation; and the remediation is deployed to the second computer system. | 2015-06-11 |
20150163250 | PROVISIONING ACCESS CONTROL USING SDDL ON THE BASIS OF AN XACML POLICY - A method is disclosed, and a corresponding data carrier and policy converter, for producing at least one Security Descriptor Definition Language, SDDL, rule from an eXtensible Access Control Markup Language, XACML, policy (P), wherein said at least one SDDL rule is enforceable for controlling access to one or more resources in a computer network. A reverse query is produced indicating a given decision (d), which is one of permit access and deny access, and a set (R) of admissible access requests. Based on the reverse query, the XACML policy (P) and the given decision (d) are translated into a satisfiable logic proposition in Boolean variables (v | 2015-06-11 |