24th week of 2020 patent applcation highlights part 81 |
Patent application number | Title | Published |
20200186481 | COMMUNICATION WITH SERVICE PROVIDERS USING DISPOSABLE EMAIL ACCOUNTS - One or more computing devices, systems, and/or methods for facilitating communications with service providers using disposable email addresses (DEAs) are provided. A first email, associated with a requested service, may be received from an email account. A set of service providers may be determined based upon the requested service. A DEA corresponding to the email account may be generated. A second email, comprising an indication of the DEA, may be generated based upon the first email. The second email may be transmitted to a set of email accounts associated with the set of service providers. Emails received from the set of email accounts that are addressed to the DEA may be transmitted to the email account. Responsive to receiving a request to deactivate the DEA from a device associated with the email account and/or responsive to determining that the requested service is completed, the DEA may be deactivated. | 2020-06-11 |
20200186482 | URGENCY AND EMOTION STATE MATCHING FOR AUTOMATED SCHEDULING VIA ARTIFICIAL INTELLIGENCE - In non-limiting examples of the present disclosure, systems, methods and devices for matching user tone to digital assistant response types and tones while assisting with meeting scheduling are presented. An electronic message may be received by a digital assistant service. The digital assistant service may detect an intent to schedule a meeting and identify an urgency level associated with the message. The digital assistant may respond to the scheduling user with a message having a tone corresponding to the identified urgency level. The digital assistant may also perform a follow-up action for scheduling the meeting in a manner consistent with the urgency level of the scheduling user. For example, the digital assistant may attempt to schedule the meeting in a higher priority manner if there is a high urgency associated with the message, and a lower priority manner if there is a low urgency associated with the message. | 2020-06-11 |
20200186483 | MESSAGING APPLICATION WITH TIME-GATED ACCESSIBILITY - An messaging application for electronic devices that allows a sending user to time-gate messages so that a receiving user can only access the message after a specified amount of time has elapsed. When the specified amount of time has passed the receiving user can access the message which presents a reveal effect which may include, a graphic, an animation, text, an audible cue, a haptic cue, or a combination thereof. | 2020-06-11 |
20200186484 | METHOD AND APPARATUS FOR PROCESSING IMAGE IN APPLICATION, TERMINAL DEVICE AND STORAGE MEDIUM - Provided is a method for processing an image in a social networking application, performed by a terminal device. The method includes: receiving an expression file generating instruction corresponding to an image displayed in the social networking application; invoking an expression editing tool built in the application according to the expression file generating instruction obtained after the image is triggered; obtaining a self-made expression image corresponding to the image by using the expression editing tool and an expression editing operation triggered for the image; and generating a self-made expression file that is configured in the social networking application and that corresponds to the self-made expression image, the self-made expression file being invoked by the social networking application to implement a self-configured specified function of the social networking application, and the specified function being different from an expression making function. | 2020-06-11 |
20200186485 | SIMULTANEOUS MESSAGE BLOCKING AND DELIVERY - Methods and systems for simultaneous message blocking and delivery are disclosed. A method includes: receiving, by a computing device, from a first user, a first message and a request to transmit the first message as a simultaneous message; receiving, by the computing device, an additional message from each of at least one additional user; determining, by the computing device, using natural language processing, a similarity score for each of the additional messages; and in response to the similarity score for each of the additional messages exceeding a predetermined threshold, the computing device transmitting the first message and the additional messages. | 2020-06-11 |
20200186486 | SYSTEM AND METHOD FOR FACILITATING CONTEXTUAL INFORMATION ON BUSINESS CONTACTS - A plurality of computing devices, each comprises a user terminal configured to create a profile of the user with a business attribute using a unique identity. The user terminal has an interaction unit to track and record at least one user interactions between the user and the contact or non-contact of computing device, using the business attribute. A server is configured to store the profile of each user along with the business attributes, match and retrieve the profile of each user corresponding to the contact data and/or non-contact data in the computing device, cluster the profile of each user to form a contextual information based on the business attribute and at least one user interaction, and store the contextual information of the user in the server. The computing device retrieves the contextual information of the contacts and non-contacts from the server and displays in the user terminal. | 2020-06-11 |
20200186487 | RECOMMENDING COMMUNICATION PATHS TO CONNECT WITH NEW CONTACTS BASED ON DIGITAL ALLIANCE DATA - A computer-implemented method is disclosed. The method comprises managing a plurality of user accounts, including a first user account associated with a first user and a first user device and a second user account associated with a second user and a second user device, the first user account being associated with an alliance network comprising the second user account as an alliance network member to the first user account. The method further comprises determining one or more interests of the first user from a first set of data sources, including a user profile associated with the first user account, an online activity log associated with the first user account, and a first plurality of digital communications offered by the first user account for exploration of relationships. The method further comprises detecting a new contact of the alliance network and identifying one or more interests of the new contact from a second set of data sources. In addition, the method comprises identifying, in response to determining that the one interest of the new contact matches the one interest of the first user, a communication path from the first user to the second user; and transmitting, in response to determining that a communication score of the communication path exceeds a certain threshold, certain data related to the communication path to the first user device. | 2020-06-11 |
20200186488 | SYSTEMS AND METHODS FOR PROVIDING CONTENT - Systems, methods, and non-transitory computer-readable media can group a set of live content items based at least in part on the live content items satisfying at least one relatedness criteria, the live content items being broadcasted through the content provider system. The set of live content items is ranked. An interface that includes a content feed through which the ranked set of live content items are accessible is generated. | 2020-06-11 |
20200186489 | UI AND DEVICES FOR INCENTING USER CONTRIBUTION TO SOCIAL NETWORK CONTENT - Systems and methods are provided for generating content. The systems and methods include operations for: identifying a content item generation template that is associated with instructions for generating a content item; displaying, by a messaging application, an identifier of the content item generation template; receiving, by the messaging application, input that selects the identifier of the content item generation template; retrieving, by the messaging application, a plurality of content items associated with the content item generation template, each of the plurality of content items having been previously generated by a respective user of a plurality of users of the messaging application in accordance with the instructions associated with the content item generation template; and displaying, by the messaging application, the retrieved plurality of content items associated with the content item generation template. | 2020-06-11 |
20200186490 | Methods and Apparatuses for Avoiding Paging Storm During ARP Broadcast for Ethernet Type PDU - Methods and apparatuses for acquisition of an address resolution protocol (ARP)/IPv6 Neighbour cache at a user plane function (UPF) entity without performing deep packet inspection for every packet that traverses a network. The ARP broadcast/ICMPv6 Neighbour Solicitation multicast from any Ethernet client (a user equipment (UE) or clients behind the UE or clients in a data network (DN)) is responded to by the UPF entity itself, by looking up the ARP/IPv6 Neighbour cache built in the UPF entity, irrespective of whether the UPF entity acts as the core Ethernet switch or whether the core Ethernet switch is in the DN. The solution is simplified to always intercept ARP at the UPF entity and respond to it based on a local ARP/IPv6 Neighbour cache. | 2020-06-11 |
20200186491 | Enabling Internet Protocol Carrier Peering to Foreign Network Domains - Concepts and technologies pertaining to enabling internet protocol carrier peering to foreign network domains are provided. A method includes identifying, by a computer system executing within an originating carrier network, a plurality of numbering plan area identifiers corresponding to a receiving carrier network. The method further includes accessing, by the computer system executing within the originating carrier network based on the plurality of numbering plan area identifiers, a plurality of numbering plan area zone file records stored on a private enabled telephone number mapping server. The method also includes creating, by the computer system executing within the originating carrier network, a single instance of a name authority pointer record placeholder within each of the plurality of numbering plan area zone file records stored on the private enabled telephone number mapping server. | 2020-06-11 |
20200186492 | STAGED DEPLOYMENT OF RENDEZVOUS TABLES IN A CONTENT DELIVERY NETWORK (CDN) - A computer-implemented method in a content delivery network (CDN), wherein the CDN delivers content on behalf of at least one content provider. The CDN includes a rendezvous system that selects CDN servers for clients. In response to a request by a rendezvous mechanism in the rendezvous system, a first given function is evaluated. Based on the outcome of the evaluating, the rendezvous mechanism uses either a first table or a second table. The first table was generated by a first table generation mechanism for use by said rendezvous mechanism to select CDN servers for clients, and the second table was generated by a second table generation mechanism for use by the rendezvous mechanism to select CDN servers for clients. | 2020-06-11 |
20200186493 | WIRELESS ALLOCATION OF NETWORK ADDRESSES - A dynamically addressable master-slave system and a method for dynamically addressing slave units includes a master unit and a plurality of slave units, such that the slave units are interconnected with the master unit via a bus system. The respective network addresses of the slave units are assigned to the respective serial numbers of these slave units in a table in the master unit according to the position thereof in the system according to a determined order. Upon replacement of slave units, a list of serial numbers of the units to be replaced is transferred to the master unit in the sequence of the acquisition of the serial numbers, which master unit replaces these serial numbers in the table with the serial numbers of the replaced slave units transmitted to the master unit. | 2020-06-11 |
20200186494 | MANAGING ADDRESS SPACES ACROSS NETWORK ELEMENTS - In general, techniques are described for managing address spaces across network elements. A network device including a processor may be configured to perform the techniques. The processor may execute a pool manager that automatically distributes a first block of network addresses to a first network element acting, for a first network, as a first address allocation server to assign the first block of network addresses. The pool manager may further automatically distribute a second block of contiguous network addresses to a second network element acting, for a second network, as a second address allocation server. The pool manager may then dynamically manage a size of the first block of network addresses and a size of the second block of network addresses to address exhaustion of available network addresses within either or both of the first block of network addresses and the second block of network addresses. | 2020-06-11 |
20200186495 | Deploying and Utilizing a Dynamic Data Stenciling System with a Smart Linking Engine - Aspects of the disclosure relate to deploying and utilizing a dynamic data stenciling system with a smart linking engine. A computing platform may receive source data from one or more data source systems. Subsequently, the computing platform may identify a target application hosted by an enterprise application host platform as being an intended recipient of a portion of the source data. Then, the computing platform may select a dynamic data stencil from a plurality of available data stencils. Thereafter, the computing platform may overlay the portion of the source data onto the target application using the dynamic data stencil. In addition, by overlaying the portion of the source data onto the target application using the dynamic data stencil, the computing platform may cause the target application to execute one or more data processing functions using the portion of the source data received from the one or more data source systems. | 2020-06-11 |
20200186496 | LOCAL PEER TO PEER DIRECT CONNECTION IN NETWORK ADDRESS TRANSLATOR (NAT) AND OVERLAY NETWORKS - In a method of Local Peer to Peer Direct Connection in NAT and overlay network. A request is received from a first peer at a relay gateway to establish a direct connection with a second peer. The first peer and the second peer are located behind a NAT firewall. An authentication request is relayed from the first peer at the relay gateway. The authentication request is forwarded from the relay gateway to the second peer. Upon performing authentication at the second peer, an authentication response is received at the relay gateway. The authentication response is received from the relay gateway at the first peer. An internal route propagation is performed from the second peer to the first peer via the relay gateway. A Local Peer to Peer Direct Connection is established between the first peer and the second peer for packet flow through the direct connection. | 2020-06-11 |
20200186497 | Computer Security System and Method Based on User-Intended Final Destination - A system and method is described for protecting applications against malicious URL links by identifying a final destination. The system and method also includes enabling a user process to directly connect to the final destination, bypassing the original URL altogether; thereby bypassing the hacker's ability to use that URL to programmatically send the application to a malicious site. | 2020-06-11 |
20200186498 | Filtering Network Data Transfers - Aspects of this disclosure relate to filtering network data transfers. In some variations, multiple packets may be received. A determination may be made that a portion of the packets have packet header field values corresponding to a packet filtering rule. Responsive to such a determination, an operator specified by the packet filtering rule may be applied to the portion of packets having the packet header field values corresponding to the packet filtering rule. A further determination may be made that one or more of the portion of the packets have one or more application header field values corresponding to one or more application header field criteria specified by the operator. Responsive to such a determination, at least one packet transformation function specified by the operator may be applied to the one or more of the portion of the packets. | 2020-06-11 |
20200186499 | DYNAMIC FILTER GENERATION AND DISTRIBUTION WITHIN COMPUTER NETWORKS - Systems and methods for implementing filters within computer networks include obtaining blocklist data that includes blocklist entries for a network. Each of the blocklist entries includes one or more network traffic attributes for identifying traffic to be blocked. In response to receiving the blocklist data, a filter based on a common network traffic attribute shared between at least two of the plurality of blocklist entries is generated. The filter is then deployed to a network device within the network such that the filter may be implemented at the network device to block corresponding traffic. | 2020-06-11 |
20200186500 | Proxy Auto-Configuration For Directing Client Traffic To A Cloud Proxy - Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network. | 2020-06-11 |
20200186501 | Proxy Auto-Configuration For Directing Client Traffic To A Cloud Proxy With Cloud-Based Unique Identifier Assignment - Among other things, this document describes systems, methods and devices for providing a cloud proxy auto-config (PAC) function for clients connected to a private network, such as an enterprise network. The teachings hereof are of particular use with cloud hosted proxy services provided by server deployments outside of the private network (e.g., external to the enterprise or other organizational network). This document also describes systems, methods and devices for providing a proxy auto-config (PAC) function for clients connected to a third party network, such as when the client moves outside of the enterprise network. | 2020-06-11 |
20200186502 | METHOD FOR SECURELY NEGOTIATING END-TO-END CRYPTOGRAPHIC CONTEXT USING INLINE MESSAGES THROUGH MULTIPLE PROXIES IN CLOUD AND CUSTOMER ENVIRONMENT - Described embodiments provide systems and methods for establishing an end-to-end cryptographic context. A service node may be located intermediary between a client and server which provides a service to the client. At least one network device may be located intermediary between the service node and the server. The service node may obtain information for validating the service. The service node may establish an end-to-end cryptographic context between the service node and server through the network device(s). A first network device of the network device(s) may share a cryptographic context with the service node, which existed prior to establishment of the end-to-end cryptographic context. The service node may transmit a message to the network device encrypted using the first cryptographic context. The encrypted message may inform the first network device to pass through traffic that is encrypted using the end-to-end cryptographic context. | 2020-06-11 |
20200186503 | CENTRAL MANAGEMENT PLATFORM WITHOUT USER MANAGEMENT - Methods, systems, and computer-readable storage media for central management of multiple landscapes using a central management platform that is absent user management functionality. | 2020-06-11 |
20200186504 | Secure Virtual Personalized Network - A computer provides a secure, virtual personalized network (SVPN) for a first user with master privileges and at least a second user with guest privileges in the SVPN. Notably, the computer may execute a virtual machine that provides a container for the SVPN of the first user, and the first electronic device associated with the first user and a second electronic device associated with the second user may execute instances of an application that facilitates secure communication in the SVPN. Moreover, the first electronic device may store a set of first encryption keys and the second electronic device may store a set of second encryption keys, which allow the first electronic device and the second electronic device to securely communicate with each other via the SVPN. Note that the computer may not be able to access the set of first encryption keys or the set of second encryption keys. | 2020-06-11 |
20200186505 | SECURED EXTENDED RANGE APPLICATION DATA EXCHANGE - An application data exchange technique may include a communication device establishing a communication channel with an access device, receiving an access device profile of the access device, and emulating a virtual access device on the communication device based on the access device profile. The virtual access device executing on the communication device may issue a set of application commands to a transaction applet executing on the communication device, and receive a set of application data responses from the transaction applet in response to the set of application commands. The communication device, may then generate a data packet by concatenating application data contained in the set of application data responses, and transmitting the data packet to the access device via the communication channel. | 2020-06-11 |
20200186506 | SECURING ATTESTATION USING A ZERO-KNOWLEDGE DATA MANAGEMENT NETWORK - The techniques herein are directed generally to a “zero-knowledge” data management network. Users are able to share verifiable proof of data and/or identity information, and businesses are able to request, consume, and act on the data—all without a data storage server or those businesses ever seeing or having access to the raw sensitive information (where server-stored data is viewable only by the intended recipients, which may even be selected after storage). In one embodiment, source data is encrypted with a source encryption key (e.g., source public key), with a rekeying key being an encrypting combination of a source decryption key (e.g., source private key) and a recipient's public key. Without being able to decrypt the data, the storage server can use the rekeying key to re-encrypt the source data with the recipient's public key, to then be decrypted only by the corresponding recipient using its private key, accordingly. | 2020-06-11 |
20200186507 | METHOD TO SAVE COMPUTATIONAL RESOURCES BY DETECTING ENCRYPTED PAYLOAD - Described embodiments provide systems and methods for remapping connections to tunnels selected based on a security level of the communications. A first network device may be in communication with a second network device via a plurality of communication tunnels. The plurality of communication tunnels may include an encrypted communication tunnel and an unencrypted communication tunnel. The first network device may receive a packet, the packet including header information and a payload. The first network device may determine whether the received packet is encrypted to meet a threshold level of security. The first network device may, responsive to determining that the packet is to meet the threshold level of security, communicate an identifier of the payload and the header information to the second network device via the encrypted communication tunnel, and communicate the payload to the second network device via the unencrypted communication tunnel. | 2020-06-11 |
20200186508 | Secure Registration and Ignition of Network Nodes on a Multi-Hop Wireless Network - In one embodiment, a network node of a multi-hop wireless network may receive, from a network management system associated with the multi-hop wireless network, a request for identifying information associated with the network node. The network node may then send, responsive to the request for identifying information, to the network management system, registration information associated with the network node, wherein the registration information includes cipher text encoded with a public key, wherein the encoded cipher text is configured to be decoded with a private key, and wherein the encoded cipher text includes a MAC address and an identifier assigned to the network node. | 2020-06-11 |
20200186509 | SYSTEM AND METHOD FOR HIERARCHICAL DECISIONING WITHIN A HYBRID BLOCKCHAIN - The present disclosure is directed to a novel system for using unique device and user identifiers to perform authentication of a user, device, and/or transaction. In particular, the system may use a heterogeneous blockchain system comprising a series of non-uniform blockchain nodes that may differ in functionality and/or positions of hierarchy. Said non-uniform nodes may further be organized into groups and/or subgroups with custom weight inputs/outputs which alter the degree to which the nodes, groups, and/or subgroups influence the blockchain consensus. In this way, the system increases the security of device authentication by helping to prevent the use of device hijacking methods that exploit conventional authentication practices. | 2020-06-11 |
20200186510 | SYSTEM AND METHOD FOR HIERARCHICAL DECISIONING WITHIN A HYBRID BLOCKCHAIN - A system is provided which uses unique device and user identifiers to perform authentication of a user, device, and/or transaction. In particular, the system may use a heterogeneous blockchain system comprising a series of non-uniform blockchain nodes that may differ in functionality and/or positions of hierarchy. Said non-uniform nodes may further be organized into groups and/or subgroups with custom weight inputs/outputs which alter the degree to which the nodes, groups, and/or subgroups influence the blockchain consensus. In this way, the system increases the security of device authentication by helping to prevent unauthorized access to computing devices. | 2020-06-11 |
20200186511 | METHODS, SYSTEMS, AND MEDIA FOR RECOVERING IDENTITY INFORMATION IN VERIFIABLE CLAIMS-BASED SYSTEMS - Methods, systems, and media for recovering identity information in verifiable claims-based systems are provided. In some embodiments, the method comprises: determining that a graph of interdependencies between a plurality of issuers and a plurality of claims for a holder is to be reconstructed; restoring a root credential; transmitting a plurality of messages that are each signed with the root credential to a plurality of backup providers, wherein each of the plurality of backup providers has a portion of the graph of interdependencies between the plurality of issuers and the plurality of claims for the holder stored in a storage device; receiving a plurality of graph portions from at least a portion of the plurality of backup providers in response to each of the portion of the plurality of backup providers determining that the root credential is a correct root credential corresponding to the holder; and reconstructing the graph of interdependencies between the plurality of issuers and the plurality of claims for the holder using the plurality of received graph portions. | 2020-06-11 |
20200186512 | LICENSING AUTHENTICATION VIA INTERMEDIARY USING TIME AND PROXIMITY - An application client receives an open window event from an intermediary device before transmitting a licensing request to the intermediary device. The intermediary device transmits the licensing request to an authentication server, which responds by transmitting a message indicating approval status of the request back to the intermediary device. If the intermediary device is not within a predetermined proximity of the application client, the intermediary can wait predetermined amount of time for the intermediary device to return to the predetermined proximity of the application client before transmitting a second message indicating approval status to the application client. The application client receives, from the intermediary device, a licensing response reporting the approval status indicated by the message from the authentication server. | 2020-06-11 |
20200186513 | SYSTEMS AND METHODS FOR CRYPTOGRAPHIC AUTHENTICATION OF CONTACTLESS CARDS - Example embodiments of systems and methods for data transmission between a contactless card, a client device, and one or more servers are provided. The memory of the contactless card may include one or more applets and a counter. The client device may be in data communication with the contactless card and one or more servers, and the one or more servers may include an expected counter value. The client device may be configured to read the counter from the contactless card and transmit it to the one or more servers. The one or more servers may compare the counter to the expected counter value for synchronization. The contactless card and the one or more servers may resynchronize the counter, via one or more processes, based on one or more reads of the one or more applets. The one or more servers may authenticate the contactless card based on the resynchronization. | 2020-06-11 |
20200186514 | USER LOGIN CREDENTIAL WARNING SYSTEM - Virtually every online account requires login credentials like username and password for access. Using different credentials for each account can reduce the likelihood of unauthorized access to these accounts. Remembering all the different credentials, however, can be a challenge and it is not uncommon for a user to mistakenly provide credentials to a site that are for another, sensitive site. Accordingly, a system for warning a user of such an error is provided. The system includes a browser plugin that responds to a user entering their credentials at a requesting site by looking up an identifier of a trusted site associated with the user's credentials. The identifiers of the requesting and trusted sites are compared, and if they do not match, the browser plugin blocks the user from submitting their credentials to the requesting site. Advantageously, the system reduces the likelihood that credentials to sensitive accounts are provided by accident. | 2020-06-11 |
20200186515 | Generating Derived Credentials for a Multi-Tenant Identity Cloud Service - A multi-tenant system that provides cloud-based identity management receives a request to execute a job, where the job has a scheduled start time, or a timeframe to complete, that exceeds the validity time of a request access token. The system generates the request access token corresponding to the job, where the request access token has access privileges. The system schedules the job and persists the request access token. The system triggers the job at the scheduled start time and generates a derived access token based on the request access token, where the derived access token includes the access privileges. The system then injects the derived access token during runtime of the job and calls a service using the derived access token to execute the job. | 2020-06-11 |
20200186516 | Two-Level Sequence Learning for Analyzing, Metering, Generating, and Cracking Passwords - Managing passwords is provided. A machine training process is performed using a set of existing passwords to train a machine learning component. Members of a set of semantic categories are used to categorize respective passwords in the set of existing passwords. Password strengths corresponding to a set of candidate passwords are evaluated using the machine learning component. A resource is secured with a candidate password having a password strength greater than or equal to a defined password strength threshold level. | 2020-06-11 |
20200186517 | SECURE TOKEN PASSING VIA HASH CHAINS - Embodiments presented herein provide systems and methods for creating and modifying a hash chain. A hash chain is created to track resource-privilege transfers between entities. A root node of the hash chain identifies the resource and specifies a digest of a possession token held by a first entity that initially possesses the privilege. A transfer of the privilege to a second entity can be recorded by adding an expansion node to the hash chain. If the second entity successfully reveals a possession token that a hashing function associated with the hash chain maps to the digest, an expansion node is linked to the root node. The expansion node indicates the possession token and a successor digest that is based on a successor possession token. | 2020-06-11 |
20200186518 | Utilizing Federated User Identifiers to Enable Secure Information Sharing - Aspects of the disclosure relate to utilizing federated user identifiers to enable secure information sharing. A computing platform may receive, from an external application host platform, a federated login request comprising user identification information associated with a user account. Based on receiving the federated login request, the computing platform may send, to a client computing device linked to the user account, a push notification prompting a user of the client computing device to authenticate. Then, the computing platform may authenticate the user of the client computing device to the user account. Based on authenticating the user, the computing platform may generate an orchestration message directing a data hub platform to initiate a validated data transfer with the external application host platform and may send the orchestration message to the data hub platform to initiate a transfer of external information associated with the user of the client computing device. | 2020-06-11 |
20200186519 | AUTHENTICATED SERVICE APPLICATION SESSIONS USING VISUAL AUTHENTICATION INDICIA - Embodiments of the present disclosure provide methods, systems, apparatuses, and computer program products that are configured to provide authenticated access to a service application. The embodiments disclose an apparatus and system configured to launch an authenticated service application session in response to capturing authentication success rendering comprising visual authentication indicia. The authentication success rendering is a captured via a user device display, and includes visual authentication indicia. To facilitate rendering of the authentication success rendering, embodiments output a browser sign-in session request configured to launch a browser sign-in session associated with a browser application. Additionally, to facilitate capturing the rendering, embodiments initiate a display recorder module configured to capture, during the browser sign-in session and via the user device display, authentication success rendering comprising visual authentication indicia. Embodiments may be configured to parse the captured authentication success rendering to identify the visual authentication indicia, and decode the visual authentication indicia to identify user authentication data. Finally, embodiments may execute a service application sign-in protocol using the user authentication data to launch the authenticated service application session. | 2020-06-11 |
20200186520 | SYSTEMS AND METHODS OF PUSH-BASED VERIFICATION OF A TRANSACTION - A system and method of implementing an API of an authentication service includes implementing a confirmation API, wherein the implementing includes: initiating a confirmation API request based on receiving an access request, wherein the confirmation API request operates to perform an authentication of a requestor making the access request; identifying the requestor based on a search of the requestor via the confirmation API; identifying, by one or more API endpoints of the remote authentication service: (i) a subscriber account of the subscriber maintained by the remote authentication service and (ii) identifying a user device of the requestor that is enrolled with the subscriber account based on the confirmation API request; transmitting a confirmation request to the user device; obtaining from the user device a response to the confirmation request and presenting the response to the confirmation request to the subscriber; and granting or denying the access request. | 2020-06-11 |
20200186521 | METHOD, DEVICE AND SYSTEM FOR AUTHENTICATION IN ACCORDANCE WITH SIM CARD - A method, device and system for authentication in accordance with a SIM card is provided in the present disclosure. The method for authentication in accordance with the SIM card includes the following steps. First, the SIM card receives a feature code of a biometric feature information. Afterwards, the SIM card compares the feature code of the biometric feature information and a feature code stored in the SIM card for obtaining a comparison result. Afterwards, the SIM card returns the comparison result. Compared to existing technology, the above technical solution is configured to store the feature code in the SIM card and use it for authentication. The noncrackable SIM card protects a security of biometric feature information. After replacing the device, just plug the SIM card into the new device to complete the authentication and initialization of the new device. Therefore, the above technical solution avoids the initial setup of the new device and make it easy to use. | 2020-06-11 |
20200186522 | AUTHENTICATING A USER VIA MULTIPLE BIOMETRIC INPUTS - Example embodiments relate to authenticating a user operating a user computing entity. An input ordered sequence of biometric inputs is received and stored as profile templates. The templates are concatenated and a function is applied to generate a profile token. To authenticate a user, the same ordered sequence of biometric inputs are received to generate an authentication token with the profile token and the authentication token being compared for a match. | 2020-06-11 |
20200186523 | SYSTEM AND METHOD FOR DEVICE AND TRANSACTION AUTHENTICATION - The present disclosure is directed to a novel system for using unique device and user identifiers to perform authentication of a user, device, and/or transaction. In particular, the system may use device biometric profiles and/or user identifiers to generate a unique identifiable signature for each user and/or device. The unique signature may then be used to authenticate devices as well as transactions submitted by said devices. In this way, the system increases the security of device authentication by helping to prevent the use of device hijacking methods that exploit conventional authentication practices. | 2020-06-11 |
20200186524 | SMART HOME NETWORK SECURITY THROUGH BLOCKCHAIN - Systems and methods receive a first indication that an Internet of Things (IoT) device is attempting to access a home network; determine that the IoT device is a trusted device; store an identifier associated with the IoT device to a blockchain in response to determining that the IoT device is a trusted device; receive a second indication that an event has occurred with respect to the IoT device; determine whether the event is a major event; and verify the identifier associated with the IoT device by storing an identity and information associated with the event to the blockchain in response to determining that the event is a major event. | 2020-06-11 |
20200186525 | SYSTEM FOR CENTRALIZED CERTIFICATION OF ELECTRONIC COMMUNICATIONS - A system for processing communications is provided. The system includes a trusted receiver device configured to receive a communication directed to a known trusted receiver address, a message handler device configured to interface with the trusted receiver device and create a thumbprint of select portions of the communication, an analysis device configured to analyze the communication based on the communication and the thumbprint, and a metadata storage device connected to the trusted receiver device configured to receive and store metadata associated with each verified communication received. The communication comprises information identifiable to the system in a particular field of the communication intended to be invisible to unauthorized recipients, and the communication is verified and transmitted to the sender and intended recipient. Any entity can verify a communication received by the system. Any communication transmission protocol, service, or platform may be employed and the recipient does not require any specialized software. | 2020-06-11 |
20200186526 | SECURE ACCESS METHOD, DEVICE, AND SYSTEM - A secure access method performed by an authentication server includes receiving a first message from a non-3GPP access device. The method also includes performing fast re-authentication with the terminal when determining that fast re-authentication is allowed. The method further includes sending a second message to a home subscriber server. The second message carries a registration type identifier, an identifier of the terminal, and an address of the authentication server. The registration type identifier is used to indicate that current secure access of the terminal is secure access using a fast re-authentication procedure. The method additionally includes receiving a registration success indication from the home subscriber server. The method also includes sending an access success indication to the terminal based on the registration success indication. | 2020-06-11 |
20200186527 | Utilizing Smart Data Tags to Track and Control Secure Enterprise Data - Aspects of the disclosure relate to utilizing smart data tags to track and control secure enterprise data. A computing platform may receive, from an enterprise user computing device, enterprise data. Subsequently, the computing platform may determine one or more tags to be applied to the enterprise data. Then, the computing platform may generate a smart data object based on the enterprise data received from the enterprise user computing device and the one or more tags determined to be applied to the enterprise data received from the enterprise user computing device. Next, the computing platform may send, to an enterprise data storage platform, the smart data object, and sending the smart data object to the enterprise data storage platform may cause the enterprise data storage platform to store the smart data object in a repository comprising a plurality of smart data objects maintained by the enterprise data storage platform. | 2020-06-11 |
20200186528 | Method for Faster Secure Multiparty Inner Product Computation with SPDZ - A method for secure multiparty computation of an inner product includes performing multiparty additions to generate a first sum share and a second sum share between two shares of alternating elements from corresponding pairs of elements in a first vector and a second vector, performing multiparty multiplications with at least one other node to generate inner product pair shares corresponding to products of the first sum shares and the second sum shares corresponding to pairs of elements in the first and second vectors, and performing another multiparty addition of each inner product pair share with a first negated shares of pair products corresponding to pairs of elements in the first vector and a second negated shares of pair products corresponding to pairs of elements in the second vector to generate a share of an inner product of the first and second vectors. | 2020-06-11 |
20200186529 | EVALUATING SECURITY OF DATA ACCESS STATEMENTS - Techniques are provided for evaluating the security of data access statements. Specifically, in one embodiment of the claimed subject matter there is provided a technique for evaluating the security of data access statements, comprising: evaluating the criticality of multiple SQL statements contained in multiple sessions accessing a database; generating a critical item set from the multiple sessions, each element in the critical item set indicating one or more SQL statements contained in a session; extracting at least one association rule from the critical item set, each of the at least association rule indicating a sequence of SQL statements contained in a session; and calculating the criticality of each of the at least one association rule. | 2020-06-11 |
20200186530 | Authentication System and Method - An authentication system for authenticating the identity of a requester of access by an unauthorized service client to a secured resource. The system has a messaging gateway having a first set of instructions operable to receive from a requester purporting to be an authorized user of a secured resource a request for limited access to the secured resource by an unauthorized service client for a particular transaction; a server having a second set of instructions operable to determine a key string known to both the secured resource and the authorized user the requestor purports to be, the key string being adapted to provide a basis for authenticating the identity of the requester as the authorized account holder; and a service user interface having a third set of instructions embodied in a computer readable medium operable to receive transaction specific information input into the request by the unauthorized service client. | 2020-06-11 |
20200186531 | Method and System for Implementing Customer Resource Use as a Service - Novel tools and techniques are provided for implementing customer resource telemetry and use as a service. In various embodiments, a computing system might receive, from a user, a request to access at least one network-accessible resource associated with a customer of a service provider, the user being unassociated and unrelated with the customer; might identify at least one of a user identification, a company, or a class of user associated with the user; might determine whether at least one resource record associated with the customer indicates that the user has permission to access the at least one network-accessible resource, based on the identification. If so, the computing system might provide the user with access to the at least one network-accessible resource associated with the customer. If not, the computing system might deny, to the user, access to the at least one network-accessible resource associated with the customer. | 2020-06-11 |
20200186532 | Secure Computing Platform - Apparatus, systems and methods for providing a limited capabilities computer which may operate on a network and be controlled, monitored and/or administered by a central network authority such as a VDI server. | 2020-06-11 |
20200186533 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND RECORDING MEDIUM RECORDING INFORMATION PROCESSING PROGRAM - An information processing apparatus includes: a memory; and a processor coupled to the memory and configured to: generate, when a browser is coupled to an authenticator, unique identification information by using information acquired from the browser; verify, by referring to a first list storing identification information of a browser permitted to be coupled, whether or not the identification information is stored in the first list, store a verification result in the memory while linking with the identification information, and transmit a verification completion notification to the browser; acquire, by receiving unique identification information generated by the authenticator using the information acquired from the browser, the verification result linked with the identification information from the memory; and transmit the acquisition result to the authenticator that controls coupling propriety with the browser. | 2020-06-11 |
20200186534 | IDENTITY-BASED ACCESS CONTROL FOR CLOUD APPLICATIONS - Techniques for providing application-independent access control in a cloud-services computing environment are provided. In one embodiment, a method for providing application-independent access control is provided. The method includes obtaining a user identity for accessing the cloud-services computing environment and receiving a user request to perform a task using an application. The method further includes collecting process-related data for performing the task using the application and obtaining one or more network routing addresses. The method further includes determining, based on the user identity, the process-related data, and the one or more network routing addresses, whether the task is to be performed. If that the task is to be performed, the task is caused to be performed using the application; and if the task is not to be performed, the user request is denied. | 2020-06-11 |
20200186535 | METHODS, SYSTEMS, APPARATUSES AND DEVICES FOR FACILITATING SECURITY OF A RESOURCE USING A PLURALITY OF CREDENTIALS - Disclosed herein is a system for facilitating security of a resource using a plurality of credentials, in accordance with some embodiments. Accordingly, the system may include a communication device configured for receiving a user credential associated with a user from a user device to access one or more services of the resource, and obtaining a current contextual data from the user device. Further, the system may include a storage device configured for retrieving a stored contextual data and a stored credential associated with the user from a database. Further, the system may include a processing device configured for comparing the user credential with the stored credential, analyzing the current contextual data and the stored contextual data, and authenticating the user device based on the comparing and the analyzing to determine a level of access to the one or more services of the resource by the user device. | 2020-06-11 |
20200186536 | GRADUATED AUTHENTICATION IN AN IDENTITY MANAGEMENT SYSTEM - A method and system for graduated security in an identity management system utilize differing levels of time sensitivity, channel security and authentication security to provide a multi-dimensional approach to providing the right fit for differing identity requests. The differing levels of security can be selected by user preference, membersite request or homesite policy. | 2020-06-11 |
20200186537 | SEGREGATION OF PROTECTED RESOURCES FROM NETWORK FRONTEND - A method of performing operations involving accessing a set of protected computing resources of a computing device includes (a) receiving, by a frontend service, an instruction via a network connection, the instruction directing the computing device to perform an operation involving accessing the set of protected resources, the set of protected computing resources being configured to refuse access to the frontend service, (b) in response to receiving the instruction, sending a request from the frontend service to a backend service, the request instructing the backend service to access the set of protected resources, the backend service being configured to not communicate via the network connection, the set of protected computing resources being configured to permit access to the backend service, and (c) in response to the backend service receiving the request from the frontend service, the backend service accessing the set of protected resources in fulfillment of the operation. | 2020-06-11 |
20200186538 | SECURE AND SEAMLESS REMOTE ACCESS TO ENTERPRISE APPLICATIONS WITH ZERO USER INTERVENTION - In secure and seamless remote access to enterprise applications with zero user intervention, a first set of policies is generated at a controller based on a user role. A user device associated with the user role is in an enterprise network. The first set of policies is pushed to the security agent in the user device associated with a user, an enterprise server, and a secure remote access gateway from the controller. Upon determining that the user device moves to a remote network, a secure connection is initiated by the security agent from the user device to the secure remote access gateway. Upon determining by the controller that the user is authenticated for the secure connection, a second set of policies is generated by the controller for the user device, the enterprise server and the secure remote access gateway. The second set of policies is pushed to the devices. | 2020-06-11 |
20200186539 | DETECTION OF GENUINE SOCIAL MEDIA PROFILES - Embodiments include a method, system and computer program product for performing the detection of genuine social media profiles. In some embodiments, a request is received for a target user to join the social network. The request can be used to analyze one or more categories associated with a user profile information of at least one of a requesting user or the target user, and a category score can be calculated for one or more categories. A total score can be calculated from the one or more category scores, and a notification can be provided to the target user indicating the total score. | 2020-06-11 |
20200186540 | METHOD FOR MANAGING A MEMORY - A computer-implemented method for managing a memory in a network, to which, in particular, a unit for detecting or preventing undesirable network intrusions is assigned. A first message is received by a user of the network, and it is randomly decided whether or not the first message is to be stored in the memory. Depending on the random decision, the first message is stored or is not stored in the memory. | 2020-06-11 |
20200186541 | Real-time Scanning of IP Addresses - Examples of the present disclosure describe systems and methods of providing real-time scanning of IP addresses. In aspects, input may be received by a real-time IP scanning system. The system may generate one or more work orders based on the input. A scanner associated with the system may access a work order and attempt to communicate with one or more devices identified by the work order. If the attempted communication with a device is successful, a protocol analyzer may be used to provide a predefined payload to the device. If the response from the device matches an expected string, the device may be determined to be a safe and/or legitimate device. If the response from the device does not match an expected string, the device may be determined to be a malicious device. | 2020-06-11 |
20200186542 | SYSTEM AND METHOD FOR PROTECTING NETWORK RESOURCES - The present disclosure includes methods and systems for protecting network resources. An exemplary method comprises starting, by a processor, copy-on-write snapshotting for modifications to a plurality of files in storage, the modification initiated by a suspicious application, detecting, by the processor, a modification of a file of the plurality of files, determining, by the processor, whether the file is stored on a shared network resource or a local resource, in response to determining that the file is stored on a shared network resource, determining, by the processor, that a current region being modified is not already saved in a snapshot, and if the current region is not saved, saving the current region to a snapshot, marking, by the processor, the current region as being saved and analyzing all saved regions that were modified for malicious activity to determine that the suspicious application modifying the saved regions is malicious. | 2020-06-11 |
20200186543 | SYSTEM AND METHOD FOR ENHANCED SECURITY ANALYSIS FOR QUARANTINED EMAIL MESSAGES - A method of enabling enhanced security analysis for quarantined email messages, comprises receiving, at an email gateway an inbound email message from an external network, determining whether the email message is to be quarantined, restructuring the email message, if the message is to be quarantined, as an attachment for a new email, constructing a new email message addressed to a secure repository on a secure pathway, attaching the restructured email message to the new email message and releasing the new email message that includes the restructured email message as an attachment. Threat analysis is performed by one or more security services in the secure pathway. Suspicious emails and analysis results are stored in the secure repository. | 2020-06-11 |
20200186544 | Systems And Methods For Behavioral Threat Detection - In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space. | 2020-06-11 |
20200186545 | Systems And Methods For Behavioral Threat Detection - In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space. | 2020-06-11 |
20200186546 | Systems And Methods For Behavioral Threat Detection - In some embodiments, a behavioral computer security system protects clients and networks against threats such as malicious software and intrusion. A set of client profiles is constructed according to a training corpus of events occurring on clients, wherein each client profile represents a subset of protected machines, and each client profile is indicative of a normal or baseline pattern of using the machines assigned to the client respective profile. A client profile may group together machines having a similar event statistic. Following training, events detected on a client are selectively analyzed against a client profile associated with the respective client, to detect anomalous behavior. In some embodiments, individual events are analyzed in the context of other events, using a multi-dimensional event embedding space. | 2020-06-11 |
20200186547 | DETECTING ENCRYPTED MALWARE WITH SPLT-BASED DEEP NETWORKS - In one embodiment, a device obtains telemetry data for a plurality of encrypted traffic flows observed in a network. The device clusters the flows into observed flow clusters, based on one or more flow-level features of the obtained telemetry data, as well as malware-related traffic telemetry data into malware-related flow clusters. The observed and malware-related telemetry data are indicative of sequence of packet lengths and times (SPLT) information for the traffic flows. The device samples sets of flows from the observed and malware-related flow clusters, with each set including at least one flow from an observed flow cluster and at least one flow from a malware-related flow cluster. The device trains a deep learning neural network to determine whether a particular encrypted traffic flow is malware-related, by using the SPLT information for the sampled sets of traffic flows as input to an input layer of neurons of the deep network. | 2020-06-11 |
20200186548 | NETWORK SECURITY INTRUSION DETECTION - An intrusion detection system that includes a tree builder engine configured to receive HyperText Transfer Protocol (HTTP) data and to convert the HTTP data into a data tree object that links field values from the HTTP data. The system further includes a feature extractor engine configured to identify a field value from the data object tree and to determine a set of feature values for the field value corresponding with input features for the neural network model. The system further includes a neural network engine configured to apply the determined set of feature values to the neural network model to generate an attack vector array. The attack vector array includes flag bits that each correspond with an attack type. the system further includes an intrusion analyzer engine configured to trigger an event in response to determining that at least one flag bit is set. | 2020-06-11 |
20200186549 | METHOD AND SYSTEM FOR DETECTING ATTACKS ON MONITORED PHYSICAL SYSTEMS - A computer system and computer implemented method of detecting attacks on physical systems are disclosed. The system may include one or more databases and one or more controller configured to execute instructions. The instructions may include the following method steps: receiving at least one signal related to a monitored physical system; de-nosing the at least one signal to extract a smooth portion of the signal; detecting one or more states of the monitored physical system by analyzing the smooth proton of the signal; obtaining a noise portion of the signal by subtracting the de-noised smooth portion from the at least one signal; classifying the noise portion; determining expected states of the system based on the classified noise portion; comparing the expected states to the detected one or more states; and detecting an attack on the monitored physical system based on the comparison. | 2020-06-11 |
20200186550 | METHOD AND A SYSTEM FOR DETECTING AN INTRUSION ON A NETWORK - A system and method for detecting an intrusion on a network is described herein. The system comprises a processor | 2020-06-11 |
20200186551 | METHOD FOR AUTOMATICALLY RETRIEVING WORKFLOW AND METHOD FOR DETECTING INTRUSION IN DISTRIBUTED SYSTEM - The present disclosure relates automatically retrieving a workflow with an increased efficiency. The present disclosure further relates to detecting an intrusion in a distributed system, thereby improving system security. The present disclosure relates to a method for automatically retrieving a workflow, a device for automatically retrieving a workflow, a device for detecting an intrusion in a distributed system, and a storage medium for implementing a method according to the present disclosure. | 2020-06-11 |
20200186552 | METHOD FOR SENSING FRAUDULENT FRAMES TRANSMITTED TO IN-VEHICLE NETWORK - A fraud detecting method for use in an in-vehicle network system including a plurality of electronic control units that communicate with each other via a network includes detecting whether a state of a vehicle satisfies a first condition or a second condition, and switching, upon detecting that the state of the vehicle satisfies the first condition or the second condition, an operation mode of a fraud-sensing electronic control unit connected to the network between a first mode in which a first type of detecting process for detecting a fraudulent message in the network is performed and a second mode in which the first type of detecting process is not performed. | 2020-06-11 |
20200186553 | SYSTEM MONITOR - One embodiment provides an apparatus. The apparatus includes detector circuitry and monitor logic local to a computing device. The detector circuitry is to generate local sensor data based, at least in part, on a sensor signal received from a sensor incorporated in the local computing device. The monitor logic is to identify an event based, at least in part, on the local sensor data. The generating and identifying is independent of operation of an operating system and/or an application executing on the local computing device. | 2020-06-11 |
20200186554 | Method and System for Identification and Prevention of Profiling Attacks in Electronic Authorization Systems - An electronic authorization system is typically configured for: receiving electronic activity requests from a plurality of source nodes; analyzing each of the electronic activity requests using a decisioning algorithm, wherein a decision boundary of the decisioning algorithm is dynamically altered while analyzing the electronic activity requests; for each of the electronic activity requests, determining an activity exposure level of the decision boundary based on (i) a distance to the decision boundary and (ii) an amount of information exposed regarding the decision boundary; for each of the plurality of source nodes, determining a source exposure level of the decision boundary based on the activity exposure levels of the decision boundary of the electronic activity requests; and in response to determining that a likelihood of decision boundary profiling by one or more first source nodes exceeds a defined threshold, performing an exposure remediation action. | 2020-06-11 |
20200186555 | MONITORING NETWORK ACTIVITY - A method for monitoring network activity includes initiating a training phase by a machine learning (ML) server. Data associated with normal network traffic through the ML server during the training phase is collected. A classification model is generated based on the collected data. The ML server switches the training phase to an active phase. An outbound request is received during the active phase. Whether the outbound request is an anomalous request is determined based on the classification model. | 2020-06-11 |
20200186556 | MONITORING APPARATUS - A monitoring apparatus includes: an acquisition unit sequentially receiving messages on a network; a first calculation unit calculating a difference between data values of two continuous messages; a second calculation unit calculating a difference between reception time points of two continuous messages; a first determination unit determining whether a received message is an abnormal message based on the difference calculated by the first calculation unit or the second calculation unit; a second determination unit determining whether a received message is a suspicious message based on the difference calculated by the first calculation unit or the second calculation unit; and a recording unit recording, when the second determination unit determines that the received message is the suspicious message, as a history, data values and reception time points of the suspicious message and a predetermined number of messages received before and after reception of the suspicious message. | 2020-06-11 |
20200186557 | NETWORK ANOMALY DETECTION APPARATUS, NETWORK ANOMALY DETECTION SYSTEM, AND NETWORK ANOMALY DETECTION METHOD - A network anomaly detection apparatus configured to detect an anomaly of a network to be monitored based on received flow statistical information, the network anomaly detection apparatus including a processor, a memory, a statistical information collection unit, an anomaly detection unit and scenario information. The statistical information collection unit configured to receive flow statistical information aggregated from header information of packets in the network and collect the flow statistical information in a flow statistical information storage unit. Scenario information including a scenario in which a time-series sequential relation of events concerning a plurality of flows is defined. The anomaly detection unit configured to acquire flow statistical information in a predetermined period from the flow statistical information storage unit and determine whether any anomaly exists in the network based on whether any flow statistical information matching the events in the scenario of the scenario information exists. | 2020-06-11 |
20200186558 | SIMULTANEOUSLY TESTING WHETHER A PLURALITY OF ELECTRONIC DEVICES CONNECTED VIA A COMMUNICATION NETWORK CORRECTLY HANDLE EXCEPTIONS - A system for simultaneously testing whether a plurality of electronic devices connected via a communication network correctly handle exceptions. The system includes a communication network, and a plurality of electronic devices and a testing device connected via the communication network. The testing device includes an electronic processor. The electronic processor is configured to send a first status query message to the plurality of electronic devices, send fuzzed data to one or more of the plurality of electronic devices, and send a second status query message to the plurality of the electronic devices. The electronic processor is also configured to, for each electronic device that responds to the first status query message with a valid response and responds to the second status query message with an invalid response or fails to respond to the second status query message, record the electronic device in a failure log. | 2020-06-11 |
20200186559 | ANOMALY DETECTION USING COGNITIVE COMPUTING - An anomaly detection system configured to generate a plurality of tensors based on spatial attributes of a set of cybersecurity data and temporal attributes of the set of cybersecurity data. The set of cybersecurity data comprising numeric data and textual data collected from a plurality of computational sources. The anomaly detection system can provide the plurality of tensors to a Hierarchical Temporal Memory (HTM) network. The HTM network can be configured to generate respective HTM outputs for respective regions of the HTM network. The anomaly detection system can determine that at least one HTM output indicates an anomaly, convert the at least one HTM output to a notification, and provide the notification to a user interface. | 2020-06-11 |
20200186560 | SYSTEM AND METHOD FOR TIME BASED ANOMALY DETECTION IN AN IN-VEHICLE COMMUNICATION NETWORK - A system and method for providing security to a network may include maintaining, by a processor, a model of an expected behavior of data communications over the in-vehicle communication network; receiving, by the processor, a message sent over the network; determining, by the processor, based on the model and based on a timing attribute of the message, whether or not the message complies with the model; and if the message does not comply with the model then performing, by the processor, at least one action related to the message. | 2020-06-11 |
20200186561 | MANAGING CREDENTIALS OF MULTIPLE USERS ON AN ELECTRONIC DEVICE - Systems, methods, and computer-readable media for managing credentials of multiple users on an electronic device are provided. | 2020-06-11 |
20200186562 | NETWORK VULNERABILITY ASSESSMENT - A method to assess network vulnerabilities of devices may include accessing, by a relay device, a network that includes a firewall to separate the network from external networks such that the relay device is coupled to the network from behind the firewall attached to the network. The method may further include establishing a communication channel over a secondary network between the relay device and a monitor system. The method may further include detecting one or more devices behind the firewall attached to the network by the relay device. The method may also include after establishing the communication channel and detecting the one or more devices and while the relay device is coupled to the network from behind the firewall attached to the network, performing, by the monitor system, one or more network vulnerability assessments on the one or more devices via network communications that pass through the relay device. | 2020-06-11 |
20200186563 | METHODS FOR DETECTING AND MITIGATING MALICIOUS NETWORK ACTIVITY BASED ON DYNAMIC APPLICATION CONTEXT AND DEVICES THEREOF - Methods, non-transitory computer readable media, attack mitigation apparatuses, and network security systems that maintain an application context model for a protected application based on ingested logs. The application context model includes a map of network infrastructure associated with the protected application. Using the application context model, potential attack(s) against the protected application are identified and possible mitigation action(s) to take in response to one or more of the identified potential attack(s) are scored. A stored policy is executed to evaluate the possible mitigation action(s) based on the scoring. One or more of the possible mitigation action(s) are initiated on the identified potential attack(s) based on the evaluation. With this technology, malicious network activity can be more effectively and quickly detected and mitigated resulting in improved network security. | 2020-06-11 |
20200186564 | METHOD FOR MANAGING A MEMORY - A computer-implemented method for managing a memory in a network to which a unit for detecting or preventing undesirable network intrusions is assigned. A first message is received by a user of the network in the process. If the first message is to be stored, a second message is randomly selected from the messages stored in the memory, the randomly selected second message is deleted from the memory, and the first message is stored in the memory. | 2020-06-11 |
20200186565 | RELAY ATTACK PREVENTION - A system comprising: at least one hardware processor; and a non-transitory computer-readable storage medium having stored thereon program instructions, the program instructions executable by the at least one hardware processor to: receive, using a first transceiver, a radio-frequency (RF) transmission from an RF device; extract, from said RF transmission, at least one of: (i) noise samples from one or more segments of said RF transmission, and (ii) signal samples from one or more segments of said RF transmission; and determine the presence of a second transceiver in the path of said RF transmission, based, at least in part, on processing said extracted noise samples and signal samples. | 2020-06-11 |
20200186566 | SYNTHETIC IDENTITY SIGNAL NETWORK - A synthetic identity network for detecting synthetic identities may receive a first request for credit including one or more user attributes, compare the one or more user attributes to one or more stored user identities, create a new user identity, flag the new user identity as a potentially synthetic identity based on comparing the one or more user attributes to the one or more stored user identities, receive a second request for credit including or more second user attributes, compare the one or more second user attributes to the one or more user attributes associated with the potentially synthetic identity, prepare a notice including the potentially synthetic identity and a credit request identifier, and transmit the notice to one or more servers. | 2020-06-11 |
20200186567 | Generation of Honeypot Data - Data is received that includes a plurality of fields. These fields are modified using at least one differential privacy algorithm to result in fake data. This fake data is subsequently used to seed and enable a honeypot so that access to such honeypot and fake data can be monitored and/or logged. Related apparatus, systems, techniques and articles are also described. | 2020-06-11 |
20200186568 | High performance distributed system of record with secure interoperability to external systems - A high-performance distributed ledger and transaction computing network fabric over which large numbers of transactions (involving the transformation, conversion or transfer of information or value) are processed concurrently in a scalable, reliable, secure and efficient manner. In one embodiment, the computing network fabric or “core” is configured to support a distributed blockchain network that organizes data in a manner that allows communication, processing and storage of blocks of the chain to be performed concurrently, with little synchronization, at very high performance and low latency, even when the transactions themselves originate from distant sources. This data organization relies on segmenting a transaction space within autonomous but cooperating computing nodes that are configured as a processing mesh. Each computing node typically is functionally-equivalent to all other nodes in the core. The nodes operate on blocks independently from one another while still maintaining a consistent and logically-complete view of the blockchain as a whole. | 2020-06-11 |
20200186569 | Security Rule Generation Based on Cognitive and Industry Analysis - Security rules management mechanisms are provided. A cognitive computing system of the security rules management system ingests natural language content, from one or more corpora, describing features of security attacks, and ingests security event log data from a monitored computing environment. The cognitive computing system processes the natural language content from the one or more corpora and the security event log data to identify attack characteristics applicable to the security event log data. A security rule query engine evaluates existing security rules present in a security rules database to determine if any existing security rule addresses the attack characteristics. In response to the evaluation indicating that no existing security rule addresses the attack characteristics, a security rule generator automatically generates a new security rule based on the attack characteristics, which is then deployed to the monitored computing environment. | 2020-06-11 |
20200186570 | HIGH PERFORMANCE ACCESS CONTROL - A computer program product including a computer readable storage medium having program instructions to: receive a request for access to a micro-service for a subject to perform an action using a resource; determine whether an access policy governing the access for the subject to perform the action using the resource is stored in a cache memory; in response to the access policy being stored in the cache memory, allow or deny the request to the micro-service based on the access policy; and in response to the access policy not being stored in the cache memory, request a new access policy for the subject to perform the action using the resource, receive the new access policy that includes an access decision and a duration of the new access policy, allow or deny the request based on the new access policy, and store the new access policy in the cache memory. | 2020-06-11 |
20200186571 | HIGH PERFORMANCE ACCESS CONTROL - A computer-implemented method includes receiving a request for access to a micro-service for a subject to perform an action using a resource; determining whether an access policy governing the access for the subject to perform the action using the resource is stored in a cache memory; in response to the access policy being stored in the cache memory, allowing or denying the request based on the access policy; in response to the access policy not being stored in the cache memory, requesting a new access policy for the subject to perform the action using the resource; receiving the new access policy including an access decision and a duration of the new access policy; allowing or denying the request based on the new access policy; and storing the new access policy in the cache memory. | 2020-06-11 |
20200186572 | DATA PROCESSING SYSTEMS AND METHODS FOR PERFORMING PRIVACY ASSESSMENTS AND MONITORING OF NEW VERSIONS OF COMPUTER CODE FOR PRIVACY COMPLIANCE - Data processing systems and methods, according to various embodiments, perform privacy assessments and monitor new versions of computer code for updated features and conditions that relate to compliance with privacy standards. The systems and methods may obtain a copy of computer code (e.g., a software application or code associated with a website) that collects and/or uses personal data, and then automatically analyze the computer code to identify one or more privacy-related attributes that may impact compliance with applicable privacy standards. The system may be adapted to monitor one or more locations (e.g., an online software application marketplace, and/or a specified website) to determine whether the application or website has changed. The system may, after analyzing the computer code, display the privacy-related attributes, collect information regarding the attributes, and automatically notify one or more designated individuals (e.g., privacy office representatives) regarding the attributes and information collected. | 2020-06-11 |
20200186573 | Distributed cloud-based security systems and methods - A distributed security system includes a plurality of content processing nodes that are located external to a network edge of an enterprise and located external from one of a computer device and a mobile device associated with a user, and a content processing node is configured to monitor a content item that is sent from or requested by the external system; classify the content item via a plurality of data inspection engines that utilize policy data and threat data; and one of distribute the content item, preclude distribution of the content item, allow distribution of the content item after a cleaning process, or perform threat detection on the content item, based on classification by the plurality of data inspection engines; and an authority node communicatively coupled to the plurality of content processing nodes and configured to provide the policy data and the threat data for threat classification. | 2020-06-11 |
20200186574 | DYNAMIC SESSION INITIATION PROTOCOL PEERING CONFIGURATION - Aspects of the present disclosure include techniques for dynamically exchanging session initiation protocol (SIP) configurations between a SIP node and a neighbor SIP node. For example, a SIP node may send a first request to the neighbor SIP node to subscribe to neighbor SIP node configurations. The SIP node may then receive a second request from the neighbor SIP node for the neighbor SIP node to subscribe to SIP node configurations. The SIP node then sends the SIP node configurations from the SIP node to the neighbor SIP node and receives the neighbor SIP node configurations from the neighbor SIP node. In some aspects, the SIP node may store the neighbor SIP node configurations to a data store for formatting subsequent SIP messages exchanged between the SIP node and the neighbor SIP node. | 2020-06-11 |
20200186575 | COLLABORATIVE SESSION OVER A NETWORK - Certain examples described herein provide a method for providing a collaborative session over a network. In these examples, a collaborative session is a series of geographically-separated temporally-coordinated events, such as a performance or concert. In examples, a global latency is set for the collaborative session. The global latency is set to a value greater than a longest latency for a plurality of client devices engaging in the collaborative session, and is defined as a function of a temporal rate for the series of temporally-coordinated events. During the collaborative session data streams are received from the plurality of client devices and presentation of the received data streams on the plurality of client devices is synchronised to enforce the global latency. | 2020-06-11 |
20200186576 | SYSTEMS AND METHODS FOR SCHEDULED VIDEO CHAT SESSIONS - A computer-implemented method for facilitating a virtual meet-and-greet between a first client device, a second client device, and at least a third client device is provided. The method involves establishing a first private one-on-one video chat between the first client device and the second client device. The method also involves transmitting a request to the third client device to carry out one or more preloading operations to test the operation of one or more hardware and/or software elements of the third client device. The method further involves establishing a second private one-on-one video chat between the first client device and the third client device based at least in part on the third client device have successfully completed the preloading operations and being ready to establish a private one-on-one video chat. | 2020-06-11 |
20200186577 | METHOD AND SYSTEM FOR SHARING AN OUTPUT DEVICE BETWEEN MULTIMEDIA DEVICES TO TRANSMIT AND RECEIVE DATA - A method and system for sharing an output device between multimedia devices to transmit and receive data, is provided. The method includes operations of automatically discovering one or more second multimedia devices, when a first multimedia device is positioned within communication range of the one or more second multimedia devices that transmit a low power signal; and transmitting data of the first multimedia device to the one or more second multimedia devices, when the one or more second multimedia devices are discovered. | 2020-06-11 |
20200186578 | ORGANIZING A SYNCHRONOUS COMMUNICATION SESSION ACCORDING TO CONTEXT - Organizing a synchronous communication session can include determining, using a processor of a data processing system, a context responsive to detecting a trigger event. The context specifies a foreground application executing within the data processing system. Candidate participants can be determined from the context. A user interface is displayed separate from the foreground application. The user interface lists the candidate participants. Further, responsive to a user input received within the user interface, an invite to the candidate participants is sent. The invite specifies access information for the synchronous communication session. | 2020-06-11 |
20200186579 | RESERVATION MANAGEMENT FOR CLIENT-INITIATED POLLING REQUESTS IN A COMMUNICATION SYSTEM - Methods, systems, and apparatuses are provided for reservation management for client-initiated polling requests in a communication system. | 2020-06-11 |
20200186580 | DYNAMIC ROTATION OF STREAMING PROTOCOLS - A method and apparatus for dynamic rotation of streaming protocols are disclosed. In the method and apparatus, a first portion of content is streamed to a client device in accordance with a first content delivery protocol. Further, information indicating client device attributes, network conditions or usage conditions is received. A plurality of content delivery protocols including the first content delivery protocol are evaluated based at least in part on the received information to identify a content delivery protocol for streaming the a second portion of the content. | 2020-06-11 |