30th week of 2020 patent applcation highlights part 68 |
Patent application number | Title | Published |
20200236054 | ROUTING METHOD, RELATED DEVICE, AND SYSTEM - The present disclosure related to routing methods. One example method includes configuring a first path and a second path in charge of load sharing for a data flow, and configuring a third path in charge of reroute protection. A first group entry is generated for instructing the forwarding device to use the first path and the second path as load-sharing paths and use the third path to perform reroute protection on the first path and the second path. A flow entry for instructing to perform an operation of going to the first group entry is generated. | 2020-07-23 |
20200236055 | TRANSMISSION CONTROL PROTOCOL SESSION MOBILITY - A first node in a service mesh is configured to perform one or more services on network traffic obtained from an upstream network element via a pre-existing Transmission Control Protocol (TCP) session and provide the network traffic obtained from the upstream network element via the pre-existing TCP session to a downstream network element. The first node determines that the first node should no longer obtain the network traffic from the upstream network element via the pre-existing TCP session. In response, the first node provides state information for the pre-existing TCP session to the downstream network element. The downstream network element is configured to establish a new TCP session having the state information for the pre-existing TCP session with the upstream network element and to obtain further network traffic from the upstream network element via the new TCP session. The first node terminates the pre-existing TCP session. | 2020-07-23 |
20200236056 | Controlling Data Rate Based on Domain and Radio Usage History - A domain and a mobile device may exchange data via a radio access node included in a mobile network. During a time of peak demand, a data load level of the radio access node may exceed a threshold. To accommodate the peak demand, historical types and volumes of data may be used to manage a data rate related to data associated with the domain. Based on the historical information, the data rate for a mobile device, a radio access node, a range of time, or a data type may be controlled. The data rate may be managed by a network gateway, such as a gateway included in the mobile network. | 2020-07-23 |
20200236057 | Packet Processing Method and Apparatus - A packet processing method includes receiving, by a forwarding apparatus, a first packet, where the first packet belongs to a first packet flow, determining, by the forwarding apparatus, at least two types of information in the following four types of information a duration of staying in a first memory by the first packet flow, usage of the first memory, whether the first packet flow is a victim of a congestion control mechanism, and a drop priority of the first packet, and determining, by the forwarding apparatus based on the at least two types of information, whether explicit congestion notification marking needs to be performed on the first packet. | 2020-07-23 |
20200236058 | Data Transmission Method, Transmitter, and Receiver - A data transmission method, a transmitter, and a receiver, where the method includes obtaining constant bit rate (CBR) service data, performing physical coding sublayer (PCS) encoding on the CBR service data, inserting a rate adaptation code block in a PCS bitstream obtained by PCS encoding to perform rate adaptation on the PCS bitstream, mapping the adapted PCS bitstream to N timeslots of a flexible Ethernet (FlexE) frame, where N is a positive integer greater than or equal to one, and sending the FlexE frame, where FlexE overhead of the FlexE frame includes information indicating the N timeslots corresponding to the PCS bitstream. Hence, according to the data transmission method, the transmitter, and the receiver, the CBR service data may be mapped to a FlexE, and a carrying capability of the FlexE is improved. | 2020-07-23 |
20200236059 | SYSTEMS AND METHODS FOR ACQUIRING SERVER RESOURCES AT SCHEDULE TIME - Systems and methods are disclosed that acquire server resources at the time of scheduling an automated instance-related task, such as an instance migration task, and prior to starting the automated task (e.g., prior to determining scheduling conflicts, creating a change request, or creating a move context associated with starting the instance migration task). Advantageously, if acquiring the server resources fails, an orchestration server performing the automated task can simply retry acquiring the server resources, thus avoiding restarting the automated task and re-performing steps of the automated task, thus avoiding unnecessary overhead. | 2020-07-23 |
20200236060 | FACILITATING DYNAMIC HIERARCHICAL MANAGEMENT OF QUEUE RESOURCES IN AN ON-DEMAND SERVICES ENVIRONMENT - In accordance with embodiments, there are provided mechanisms and methods for facilitating dynamic hierarchical management of queue resources in an on-demand services environment in a multi-tenant environment according to one embodiment. In one embodiment and by way of example, a method includes assigning, in runtime, by the database system, weights to at least one of a plurality of tenants and a plurality of message types. The assigned weights are capable of being dynamically scaled, in runtime, based on one or more factors. The method may further include allocating, in runtime, by the database system, resources to one or more of the plurality of tenants and one or more of the plurality of message types based on their assigned one or more weights of the weights. The allocated resources are capable of being dynamically modified, in runtime, based on scaling of the assigned weights. | 2020-07-23 |
20200236061 | INTERNET PROVIDER SUBSCRIBER COMMUNICATIONS SYSTEM - A method for communicating in real-time to users of a provider of Internet access service, without requiring any installation or set-up by the user, that utilizes the unique identification information automatically provided by the user during communications for identifying the user to provide a fixed identifier which is then communicated to a redirecting device. Messages may then be selectively transmitted to the user. The system is normally transparent to the user, with no modification of its content along the path. Content then may be modified or replaced along the path to the user. For the purposes of establishing a reliable delivery of bulletin messages from providers to their users, the system forces the delivery of specially-composed World Wide Web browser pages to the user, although it is not limited to that type of data. | 2020-07-23 |
20200236062 | OPPORTUNISTIC DELIVERY OF CACHEABLE CONTENT IN A COMMUNICATIONS NETWORK - Systems and methods are described for using opportunistically delayed delivery of content to address sub-optimal bandwidth resource usage in network infrastructures that allow subscribers to share forward link resources. According to some embodiments, content is identified as delayable and assigned to a delaycast queue and/or service flow. For example, a server system of a satellite communications system identifies content that can be delayed to exploit future excess link capacity through multicasting and to exploit subscriber-side storage resources. Some implementations attempt to exploit any excess link resources at any time, while others exploit unused bandwidth only during certain times or when a certain threshold of resources is available. Various embodiments also provide content scoring and/or other prioritization techniques for optimizing exploitation of the delaycast queue. | 2020-07-23 |
20200236063 | PREDICTIVE NETWORK SYSTEM AND METHOD - A proactive networking system and method is disclosed. The network anticipates the user demands in advance and utilizes this predictive ability to reduce the peak to average ratio of the wireless traffic and yield significant savings in the required resources to guarantee certain Quality of Service (QoS) metrics. The system and method focuses on the existing cellular architecture and involves the design and analysis of learning algorithms, predictive resource allocation strategies, and incentive techniques to maximize the efficiency of proactive cellular networks. The system and method further involve proactive peer-to-peer (P2P) overlaying, which leverages the spatial and social structure of the network. Machine learning techniques are applied to find the optimal tradeoff between predictions that result in content being retrieved that the user ultimately never requests, and requests that are not anticipated in a timely manner. | 2020-07-23 |
20200236064 | FPGA-based virtual fabric for data center computing - A data center fabric includes a plurality of Field Programmable Gate Arrays (FPGAs), each FPGA interconnected by a plurality of links with other FPGAs, a plurality of servers in a data center, and physical network functions associated with the data center, wherein the plurality of FPGAs form a virtual fabric for switching between the FPGAs, the plurality of servers, and the physical network functions, and wherein the virtual fabric is arranged in a compound graph and a flat network with each FPGA being a node and a diameter of the compound graph and the flat network is indicative of a maximum number of hops for a packet through the virtual fabric. | 2020-07-23 |
20200236065 | METHODS AND APPARATUS TO REDUCE PACKET FLOODING AND DUPLICATE PACKETS IN A MULTI-FABRIC VIRTUAL NETWORK - A synchronizer is to synchronize a first MAC address from a first MAC address table of a first TOR switch to a second MAC address table of a second TOR switch, the first MAC address corresponding to a host, the first NIC to form a first active link between the first host and the first TOR switch, and store a first switch descriptor in association with the first MAC address in the second MAC address table, the first switch descriptor indicative of the first TOR switch. A packet transmitter is to, for a first packet to be delivered to the first host, send the first packet from the second TOR switch to the first TOR switch, without sending the first packet from the second TOR switch to the first host, based on the first switch descriptor stored in association with the first MAC address in the second MAC address table. | 2020-07-23 |
20200236066 | VIRTUAL SWITCH FABRICS IN CONVERGED NETWORKS - A Fibre Channel over Ethernet (FCoE) network can be inexpensively extended by additional switches ( | 2020-07-23 |
20200236067 | METHOD FOR TRANSMITTING DOWNLINK PACKET IN FUNCTION-SEPARATED CORE NETWORK - The present invention discloses method for transmitting downlink packet in function-separated core network. | 2020-07-23 |
20200236068 | EVALUATING RETRAINING RECOMMENDATIONS FOR AN AUTOMATED CONVERSATIONAL SERVICE - A retraining service accesses conversational logs, each of the conversational logs recording a separate conversation, between a separate user and a conversational service, and at least one outcome identified with the separate conversation. The retraining service assess, from the conversational logs, at least one conversation gap and response with the at least one outcome matching a type of outcome that indicates the response impacted user experience in a negative way from among types of outcomes. The retraining service evaluates one or more recommendations for retraining the response to promote a positive type of outcome from among the types of outcomes. The retraining service outputs the one or more recommendations to the conversational service for directing retraining of the response by the conversational service. | 2020-07-23 |
20200236069 | AUTOMATED ASSISTANTS WITH CONFERENCE CAPABILITIES - Techniques are described related to enabling automated assistants to enter into a “conference mode” in which they can “participate” in meetings between multiple human participants and perform various functions described herein. In various implementations, an automated assistant implemented at least in part on conference computing device(s) may be set to a conference mode in which the automated assistant performs speech-to-text processing on multiple distinct spoken utterances, provided by multiple meeting participants, without requiring explicit invocation prior to each utterance. The automated assistant may perform semantic processing on first text generated from the speech-to-text processing of one or more of the spoken utterances, and generate, based on the semantic processing, data that is pertinent to the first text. The data may be output to the participants at conference computing device(s). The automated assistant may later determine that the meeting has concluded, and may be set to a non-conference mode. | 2020-07-23 |
20200236070 | INFORMATION PROCESSING SYSTEM AND INFORMATION PROCESSING METHOD - [Object] To provide an information processing system and an information processing method to enable an automatic response to be performed with higher affinity in accordance with a mental condition of a user. | 2020-07-23 |
20200236071 | AUTOMATED POPULATION OF DEEP-LINKED INTERFACES DURING PROGRAMMATICALLY ESTABLISHED CHATBOT SESSIONS - The disclosed exemplary embodiments include computer-implemented apparatuses and processes that automatically populate deep-linked interfaces based n programmatically established chatbot sessions. For example, an apparatus may determine a candidate parameter value for a first parameter of an exchange of data based on received messaging information and on information characterizing prior exchanges of data between a device and the apparatus. The apparatus may also generate interface data that associates the first candidate parameter value with a corresponding interface element of a first digital interface, and may store the store interface data within a data repository. In some instances, the apparatus may transmit linking data associated with the stored interface data to the device, and an application program executed by the device may present a representation of the linking data within a second digital interface. | 2020-07-23 |
20200236072 | Cross-Platform Messaging System - An apparatus includes a memory and a hardware processor. The hardware processor receives a first message from a first chat application and parses the first message to determine a plurality of words in the first message. The processor determines an intent of the first user and communicates a second message to the first chat application indicating the intent. The processor receives a third message confirming the intent and determines an action and an object. The processor determines a processing application and communicates a fourth message that includes the action and the object to the processing application. The processor receives a fifth message that indicates the results of performing the action on the object and communicates the fifth message to the first chat application. The processor receives a sixth message from a second, different chat application and communicates the sixth message to the first chat application. | 2020-07-23 |
20200236073 | MOBILE DASHBOARD FOR AUTOMATED CONTACT CENTER TESTING - A mobile dashboard for automated contact center testing gives up-to-the-minute status reports on your customer experience, enabling you to make operational decisions and drill down to the source of an issue while on the go. A mobile-optimized executive dashboard display can be customized for each unique user, so business and technical stakeholders can filter the display for the customer experience (CX) metrics that are most relevant to them, and configure push notification alerts accordingly. | 2020-07-23 |
20200236074 | METHOD, SYSTEM, AND NON-TRANSITORY COMPUTER READABLE RECORD MEDIUM FOR SHARING INFORMATION IN CHATROOM USING APPLICATION ADDED TO PLATFORM IN MESSENGER - Provided is a method, system, and non-transitory computer-readable record medium for sharing information in a chatroom through a platform added to a messenger. An information sharing method includes registering at least one application to a platform of a user of a messenger based on a user input at the messenger installed on the computer system; executing an application selected by the user of the messenger from among applications registered to the platform in a chatroom of the messenger; and transmitting information shared by the application through the chatroom in response to receiving an information share request from the user during an execution of the selected application. | 2020-07-23 |
20200236075 | MEDIA ENHANCEMENT SYSTEM - Embodiments of the present disclosure relate generally to systems for enhancing a first media item through the addition of a supplemental second media item. A user may provide a request to enhance a selected media item, and in response, an enhancement system retrieves and presents a curated collection of supplemental content to be added to the media, to the user. The user may review the curated collection of supplemental content, for example by providing a tactile input to scroll through the curated collection of content. | 2020-07-23 |
20200236076 | MEDIA ENHANCEMENT SYSTEM - Embodiments of the present disclosure relate generally to systems for enhancing a first media item through the addition of a supplemental second media item. A user may provide a request to enhance a selected media item, and in response, an enhancement system retrieves and presents a curated collection of supplemental content to be added to the media, to the user. The user may review the curated collection of supplemental content, for example by providing a tactile input to scroll through the curated collection of content. | 2020-07-23 |
20200236077 | SUBSCRIPTION/NOTIFICATION OF A CONFERENCE IN A COLLABORATION CONFERENCING SYSTEM - Aspects of the present disclosure involve systems, methods, computer program products, and the like, for collaboration conferencing with multiple participants over a communications network, and more specifically for a conferencing controller in the network configured to control certain aspects of establishing a collaboration conference. In one particular embodiment, the user of the network may access the control system application to provide one or more conferencing parameters or settings the user wishes to be present during a collaboration conference session. The parameters may then be established by the control system and associated with the conferencing session involving the user. In one embodiment, such information may be associated with the identification token. In yet a further embodiment, a user to the collaboration control system may subscribe to receive a notification when another user of the system accesses a portion of a collaboration of the system. | 2020-07-23 |
20200236078 | Electronic Message Normalization, Aggregation, and Distribution - A system that provides an interface layer through which communications to users can be normalized by making consistent the value-reads (e.g., format) of the communications. The information or message inputted into the system can be used in each aspect of the system to personalize the user's experience. Also, when the system receives information/signals from the user himself/herself (e.g., time it takes to read or transmit a message, choice of communication, etc.), the system can adapt the user's experience to the user's cognitive wellness. The system includes normalization of messages for message aggregation and message distribution. | 2020-07-23 |
20200236079 | METHOD, APPARATUS, ELECTRONIC MESSAGE SERVER AND COMPUTER PROGRAM FOR PROCESSING A PLURALITY OF ELECTRONIC MESSAGES - Examples relate to a method, an apparatus and a computer program for processing a plurality of electronic messages, and to an electronic message server. The method comprises obtaining ( | 2020-07-23 |
20200236080 | MESSAGE ENCODING AND TRANSMISSION ACROSS MULTIPLE PLATFORMS - A data processing system is configured to perform a computer implemented method for facilitation of efficient processing of electronic messages via a network from message sources. The method includes receiving an electronic message including actionable object data and textual object data from a message source device. The actionable object data includes parameters actionable by at least one data processing transaction device to perform data processing transactions external to the network device and the textual object data including descriptors of the parameters actionable by the at least one data processing transaction device. The textual object data is operable by devices incompatible with the actionable object data. The method includes calculating an execution command for the data processing transaction in response to the actionable object data and based on at least the parameters of the actionable object data. | 2020-07-23 |
20200236081 | METHOD AND SYSTEM FOR ORGANIZING AND INTERACTING WITH MESSAGES ON DEVICES - Embodiments of the present invention include systems and methods managing messages on a user device. A first plurality of message tiles in a first vertical list may be displayed on a visual display of the user device. The first plurality of message tiles in the first vertical list may be associated with a first time period. A motion-based gesture may be detected. The motion-based gesture may include at least one of a tap on a surface of the visual display, a swipe across a surface of the visual display, or an acceleration of the user device. In an embodiment, in response to detecting a first motion-based gesture, a second plurality of message tiles in a second vertical list associated with a second time period may be displayed. In an embodiment, in response to detecting a second motion-based gesture, one or more message management functions may be performed. | 2020-07-23 |
20200236082 | SYSTEMS AND METHODS FOR CONTROLLING DELIVERY OF USER MESSAGES - Systems and methods for determining whether to send a message to a user take into account a pressure score for the user that is indicative of how receptive the user is to receiving messages. The user's pressure score can vary depending on user behavior. Multiple pressure scores relating to different respective topics or subjects may be maintained for the user. | 2020-07-23 |
20200236083 | SYSTEMS AND METHODS FOR PROCESSING REQUESTS FOR CONTENT OF A CONTENT DISTRIBUTION NETWORK - Improved methods for retrieval of content from CDNs is provided that includes a rendezvous controller that receives information of an identification of content being requested and an estimated location of a content requesting device. Based on this information, the rendezvous system identifies a server within a CDN from which the requested content may be retrieved. The selected server may be based on a repeatable hash function such that the likelihood that the content being requested is cached at the selected server. Steering requests to a server of the CDN which may have the content cached may reduce the number of servers within the CDN with the same cached content, particularly for the highest requested content. The rendezvous system may then return a corresponding domain name associated with the selected server and that can be subsequently submitted to a DNS for resolution to the IP address of the identified server. | 2020-07-23 |
20200236084 | COMPUTING SYSTEM WITH GATEWAY DATA TRANSFER BASED UPON DEVICE DATA FLOW CHARACTERISTICS AND RELATED METHODS - A computing system may include a server, client computing devices, a gateway device in communication between the server and the client computing devices, and a local device to be coupled to a given client computing device and to be operable in a given virtual desktop instance associated with the given client computing device, thereby generating client initialization packets. The gateway device may be configured to when the local device is coupled to the given client computing device, determine whether a client packet from a plurality of client initialization packets is within a client mapping table, replace the client packet with a client mapping ID number to define compressed client initialization packets, and send the compressed client initialization packets to the server. The server may be configured to replace the client mapping ID number with the client packet in the compressed client initialization packets based upon a server mapping table. | 2020-07-23 |
20200236085 | DATA PROTECTION AUTOMATIC OPTIMIZATION SYSTEM AND METHOD - A system includes a memory and at least one processor to set a network throughput level setting to a default network traffic rate in a computer network, begin a data protection operation at the network throughput level setting in the computer network, continually monitor the computer network and determine that a condition has occurred in the computer network, dynamically adjust the network throughput level setting in response to the condition by one of decreasing the network throughput level setting by a network traffic rate increment and increasing the network throughput level setting by the network traffic rate increment, and dynamically shape network or storage traffic for the data protection operation using the network throughput level setting. | 2020-07-23 |
20200236086 | SCORE-BASED DYNAMIC FIREWALL RULE ENFORCEMENT - Example methods and systems for score-based dynamic firewall rule enforcement in a software-defined networking (SDN) environment. One example method may comprise in response to detecting a first request to access a first resource, identifying a first score associated with the user, and a firewall rule that is applicable to the user based on information associated with the user. The firewall rule may be applied to allow access to the first resource. The method may further comprise adjusting the first score to a second score that represents a more restrictive access level compared to the first score. In response to detecting a second request to access the first resource, applying the firewall rule to block the second request based on the second score. | 2020-07-23 |
20200236087 | SECURE ANONYMOUS COMMUNICATIONS METHODS AND APPARATUS - Methods and apparatus for supporting secure anonymous communications are described. A first communications device, e.g., a virtual desktop device, in a communications network, e.g., a private ISP network, serves on behalf of a first user device as an endpoint for a communications session with a second device. The first communications device includes a fabricated set of device attribute information which is different from an actual set of device attribute information corresponding to the first user device. The communications network includes a set of onion routers and onion routing is used within the network. | 2020-07-23 |
20200236088 | DATA COMMUNICATION SYSTEM AND METHOD - A data communication system for a local network. The system includes a network node and a plurality of network devices associated therewith. The network node provides a network node service to clients or bots executing on the plurality of network devices. Individual clients or bots are communicably and only programmatically coupled around the network node service in a programmatic star configuration to create the local network. The network node service validates and authenticates local services provided by the clients or bots within the local network. Data is communicated between clients or bots within the local network in real time or near real time, by relaying the data through the network node service. Information content of the data is encrypted prior to communicating the data, by employing a key store associated with a user of the source client or bot. | 2020-07-23 |
20200236089 | RDMA-BASED DATA TRANSMISSION METHOD, NETWORK INTERFACE CARD, SERVER AND MEDIUM - A Remote Direct Memory Access (RDMA) based data transmission method is disclosed. In this method, an RDMA network interface card is used to encrypt data to improve the security of data transmission. In addition, the data encryption and decryption operation is implemented inside the RDMA network interface card and is transparent to software, thereby ensuring security without adversely affecting performance of an application program. | 2020-07-23 |
20200236090 | Secure Messaging Systems and Methods - Systems and methods for secure messaging and automation are disclosed herein. An example method includes providing, by an application server layer, a user-facing application that accesses a data retention system and a predictive analytics system through a web services layer, the user-facing application being secured through use of a security token cached on a web browser that provides the user-facing application, establishing a security protocol or security token utilized between the application server layer and the web services layer that is different from the security token cached on the web browser; and performing asynchronous processing based on user interaction with a goal-based planning application that processes data from a plurality of user accounts. | 2020-07-23 |
20200236091 | SYSTEMS AND METHOD FOR PROVIDING A DATA SECURITY SERVICE - Systems, methods, and computer-readable media for providing standards compliant encryption, storage, and retrieval of data are disclosed. In an embodiment, data is received at a first data center from a first device in connection with a service request and encrypted to produce encrypted data. The encrypted data may be transmitted from the first data center to the first device, and then may subsequently be received at a second data center. The second data center may store the encrypted data in a database accessible to the second data center. Because all data provided to the system is encrypted by the first data center prior to being stored and/or provided to the second data center, the database and the second data center may be out of the scope of compliance monitoring, auditing, and reporting for one or more data security standards. | 2020-07-23 |
20200236092 | TRANSENCRYPTING METHOD AND APPARATUS FOR REMOVING INFORMATION FROM DATA TRANSMITTED OVER NETWORKS AND STORED IN DATA STORAGE FACILITIES - Information is removed from data transmitted over networks and stored in data storage facilities by generating non-informational data as an output from a series of nodes (routers, computing devices or logical routing applications) by using a function that applies random data to the data received at each node. The function may be an XOR and the random data may be a pseudorandom string of the same length as the informational data. The non-informational data may be managed normally without concern for security. When the informational data is needed it can be re-generated using the non-informational data and a cascade of the random data from the series of nodes as inputs to an inverse function (XOR is its own inverse). The random data may be generated from a smaller random seed. | 2020-07-23 |
20200236093 | Extracting Encryption Keys to Enable Monitoring Services - The disclosed embodiments disclose techniques for extracting encryption keys to enable monitoring services. During operation, an encrypted connection is detected on a computing device. A monitoring service harvests an encryption key for this encrypted connection from the memory of a computing device and then forwards the encryption key to an intercepting agent in an intermediate computing environment that intercepts encrypted traffic that is sent between the computing device and a remote service via the encrypted connection. | 2020-07-23 |
20200236094 | GENERATING BRIDGE MATCH IDENTIFIERS FOR LINKING IDENTIFIERS FROM SERVER LOGS - Systems and methods of matching identifiers between multiple datasets are described herein. A system can transmit a first identifier vector to a third party server. The first identifier vector can include a first identifier, first parameters, and second parameters. The system can receive, from the third party server, the first identifier vector encrypted based on a third-party encryption. The system can receive, from the third party server, a second identifier vector encrypted based on the third-party encryption associated with the third party server. The second identifier vector can include a second identifier, third parameters, and fourth parameters. The system can determine a correlation count between the first identifier vector and the second identifier vector. The system can determine that the first identifier corresponds to the second identifier based on the correlation count. The system can generate one identifier key for both the first identifier and the second identifier. | 2020-07-23 |
20200236095 | SYSTEM AND METHOD TO ENABLE PKI- AND PMI- BASED DISTRIBUTED LOCKING OF CONTENT AND DISTRIBUTED UNLOCKING OF PROTECTED CONTENT AND/OR SCORING OF USERS AND/OR SCORING OF END-ENTITY ACCESS MEANS - ADDED - A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored. | 2020-07-23 |
20200236096 | METHODS, DEVICES, AND COMPUTER PROGRAM PRODUCTS FOR SERVICE SECURITY PROTECTION - Embodiments of the present disclosure provide a method, a device and a computer program product for protecting service security. The method of protecting service security comprises receiving, from a client, a deployment request to deploy a service into a cloud environment, and in response to the deployment request, deploying a service instance corresponding to the service in the cloud environment. The method further comprises setting, based on information specific to the service instance, an initial credential for accessing the service instance, and providing information associated with the initial credential to the client so as to enable the client to derive the initial credential. | 2020-07-23 |
20200236097 | MESSAGE AUTHENTICATION WITH SECURE CODE VERIFICATION - Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with an authorized code to determine that the code is authorized, the information being stored within the security device. In response to determining that the code is authorized, the security device enables to access data stored within the security device and generate a property of a message based on the data. | 2020-07-23 |
20200236098 | SECURITY MIGRATION IN A BUSINESS INTELLIGENCE ENVIRONMENT - In various implementations, local identifiers associated with users may be utilized to enable access one or more functions in a Business Intelligence (BI) Environment. A mapping may be generated to associate local identifiers and users. The mapping may be utilized to enable access in the BI environment by retrieving the local identifier from a mapping and enabling access in the BI environment based on the local identifier. In various implementations, a user may access the system as another user. | 2020-07-23 |
20200236099 | METHODS AND SYSTEMS FOR DETECTING UNAUTHORIZED ACCESS - Described are methods and systems to identify unauthorized attempts to access an account in a computer system, the account having an authorized user. The methods and systems include determining that a count of failed attempts to access the account exceeds a maximum. Based on the count exceeding the maximum, one or more peer contacts associated with the authorized user are retrieved from stored user data. A failure attribution request is transmitted to the one or more peer contacts and a response is received from at least one of the one or more peer contacts. If the response denies that the authorized user caused the failed attempts, then a security action is taken with respect to the account. The method may include first confirming that the number of failure attributions requests sent has not exceeded an abuse threshold to prevent denial-of-service attacks. | 2020-07-23 |
20200236100 | Sharing Access to a Media Service - Examples provided herein are directed to a computing device and media playback system sharing access to a media service corresponding to a media application installed on the computing device. In one example, a media playback system may be configured to (i) receive from the computing device an authorization code that corresponds to a media application installed on the computing device that is authorized to access media from a media service, (ii) transmit to the media service an authorization request with the authorization code, (iii) receive from the media service an authorization token that facilitates obtaining media from the media service, and (iv) transmit to the media service a request for media for playback by the media playback system, where the request for media includes the authorization token. | 2020-07-23 |
20200236101 | SYSTEM AND METHOD FOR AUTHENTICATING CLIENTS - A system is disclosed for authenticating a client's request for resources in a network environment. The system is configured to receive a request, the request comprising credentials and an API scope, authenticate the credentials, and confirm the API scope of the request is identified in one or more API scopes allocated to a client using an authorization server. The authorization server may comprise a relational database correlating one or more clients with one or more roles, the roles may be correlated with one or more permissions, and the permissions may be correlated with one or more API scopes. The system may be configured to request an access token, the access token comprising an API scope that correlates to the API scope of the request, and grant access to the requested resource if the API scope of the access token correlates to the API scope of the request. | 2020-07-23 |
20200236102 | CLIENT-SIDE NATIVE APPLICATION AND BROWSER IDENTIFICATION FOR SESSION CONTROL IN PROXY SOLUTIONS - Techniques are disclosed for session control of a client-side native application that utilizes a browser for an authentication process. A login request from the browser is received in a proxy service, which scans the request for a URL redirecting back to the native application. The URL is modified to redirect the login request to a policy endpoint to determine if the request is allowed based on policy applied to the native application and browser. If the request is allowed, the policy endpoint restores the URL redirecting to the native application and bypasses the request to resume normal authentication flow. If the request is prohibited, a failure message is sent to the browser. Some implementations may include injection of browser detection code into the browser to determine which variant of the browser is used and sending the browser data regarding the variant to the policy endpoint for consideration in applying policy. | 2020-07-23 |
20200236103 | NETWORK GATEWAY MESSAGING SYSTEMS AND METHODS - Embodiments of the present disclosure relate to network gateway based messaging systems and methods. Some methods include transparent message processing that includes receiving a message from a first party that includes a payload and a token. The token is associated with sensitive information. Next, the method includes replacing the token with the sensitive information within the message and forwarding the message with the sensitive information to a second party. The payload is unaffected by the token exchange process. | 2020-07-23 |
20200236104 | METHODS AND APPARATUS TO VERIFY ENCRYPTED HANDSHAKES - Methods, apparatus, systems and articles of manufacture are disclosed to verify encrypted handshakes. An example apparatus includes a message copier to clone a client introductory message, the client introductory message is included in a first handshake for network communication between a client and a server, a connection establisher to initiate a second handshake between the apparatus and the server based on the cloned client introductory message, and a decrypter to, in response to the second handshake, decrypt a certificate sent by the server. | 2020-07-23 |
20200236105 | RICH COMMUNICATION SERVICES SECURITY AUTHENTICATION SYSTEM - A method, a computer system, and a computer program product for authenticating a transaction are provided. An authentication system receives the transaction over a particular channel of a plurality of support channels. A risk score is determined for the transaction based on a number of contextual risk factors. An authentication scheme is determined from a number of authentication schemes for authenticating an identity of the user within an authentication context. The authentication scheme is determined based on the particular channel and the risk score. In response to successfully authenticating the identity of the user within the authentication context, the authentication system determines whether the transaction is a permitted transaction based on an assurance level associated with the authentication context. In response to determining that the transaction is the permitted transaction, the transaction is authenticated. | 2020-07-23 |
20200236106 | SYSTEM AND METHOD FOR PROTECTING SPECIFIED DATA COMBINATIONS - A method in one example implementation includes extracting a plurality of data elements from a record of a data file, tokenizing the data elements into tokens, and storing the tokens in a first tuple of a registration list. The method further includes selecting one of the tokens as a token key for the first tuple, where the token is selected because it occurs less frequently in the registration list than each of the other tokens in the first tuple. In specific embodiments, at least one data element is an expression element having a character pattern matching a predefined expression pattern that represents at least two words and a separator between the words. In other embodiments, at least one data element is a word defined by a character pattern of one or more consecutive essential characters. Other specific embodiments include determining an end of the record by recognizing a predefined delimiter. | 2020-07-23 |
20200236107 | SHARED TERMINAL THAT AUTHENTICATES A USER BASED ON A TERMINAL IDENTIFIER - A shared terminal includes: circuitry to control a display to display an image to a plurality of users, the plurality of users sharing a use of the shared terminal, and obtain, from a first privately-owned terminal owned by a first user of the plurality of users, first terminal identification information for identifying the first privately-owned terminal; a transmitter to transmit, to a terminal management server, an authentication request for authenticating the first privately-owned terminal to allow login of the first user into the shared terminal, the authentication request including the first terminal identification information of the first privately-owned terminal; and a receiver to receive an authentication result indicating whether the first privately-owned terminal is authenticated to allow login of the first user, from the terminal management server. When the authentication result indicates that the first privately-owned terminal is a legitimate terminal and login of the first user is successful, the circuitry controls the display to display a screen for allowing the plurality of users including the first user to draw an image. When the authentication result indicates that the first privately-owned terminal is not a legitimate terminal and login of the first user fails, the circuitry controls the display to display a screen with an error message. | 2020-07-23 |
20200236108 | SIDECAR ARCHITECTURE FOR STATELESS PROXYING TO DATABASES - A mechanism for providing connection to a database is described. A connection to the database is intercepted. The connection is assigned to an instance of the database. A sidecar is configured to proxy the connection to the database. The sidecar is stateless and passes all communications for the connection to the instance of the database. | 2020-07-23 |
20200236109 | Systems and Methods for Securing Social Media for Users and Businesses and Rewarding for Enhancing Security - The disclosed system and method enhances security of people, organizations, and other entities that use what has been termed “social media.” Recent trends have shown that information posted to social media may cause tremendous damage to individuals and other entities. This includes information that was posted deliberately or unintentionally, including social security numbers, financial data and other sensitive information. Further, information that previously may have been viewed as innocuous, such as location data, has caused harm on certain occasions and may need to be protected. The disclosed system provides a novel method of screening, identifying, and preventing certain information from being posted on social media and other public locations. In addition, the disclosed system and method improves security by motivating people to use security software by offering rewards for its use. | 2020-07-23 |
20200236110 | Direct Upload and Download to Content Management System Backend - Described is a content management system (CMS) arranged to provide a client device direct access to backend storage resources for the client device. The disclosed CMS can provision a transient storage bucket on backend storage resources for the CMS and provide the client device access credentials to upload digital content directly to the transient storage bucket. The CMS can cause the uploaded digital content to be replicated from the transient storage bucket to a persistent storage within the backend storage resources and can update the CMS based on the uploaded digital content. Additionally, the CMS can provide access credentials for the client device to download digital content directly from the backend storage resources for the CMS. | 2020-07-23 |
20200236111 | EQUIPMENT MANAGEMENT SYSTEM AND EQUIPMENT MANAGEMENT METHOD - An equipment management system comprises a gateway apparatus having an interface configured to receive an operation command for operating an equipment, a first database configured to store first information allowed access from the gateway apparatus, a second database configured to store second information prohibited access from the gateway apparatus, and a controller configured to allow access to the first database from the gateway apparatus and prohibit access to the second database from the gateway apparatus. The second information includes equipment information collected from a control apparatus controlling the equipment. | 2020-07-23 |
20200236112 | MACHINE LEARNING-BASED APPLICATION POSTURE FOR ZERO TRUST NETWORKING - In one embodiment, a gateway to a zero trust network applies an access control policy to an endpoint device attempting to access a cloud-based application hosted by the zero trust network. The gateway acts as a reverse proxy between the endpoint device and the cloud-based application, based on the access control policy applied to the endpoint device. The gateway captures telemetry data regarding application traffic reverse proxied by the gateway between the endpoint device and the cloud-based application. The gateway detects an anomalous behavior of the application traffic by comparing the captured telemetry data to a machine learning-based behavioral model for the application. The gateway initiates a mitigation action for the detected anomalous behavior of the application traffic. | 2020-07-23 |
20200236113 | SECURE ACCOUNT ACCESS - A computing device receives, from a first client device, a request for a security token to authenticate a transaction session for a user account administered by a network resource, the first client device being associated with the user account. In response to the request, the computing device generates and sends a security token to the first client device, which communicates the security token to a second client device. The computing device receives, from the second client device, a modified security token that includes the security token and a signature on the security token using a first key stored in a trusted hardware component coupled to the second client device. A second key corresponding to the first key is registered with the network resource. The computing device verifies the modified security token using the second key. Upon successfully verifying the modified security token, the computing device enables the transaction session. | 2020-07-23 |
20200236114 | TLS POLICY ENFORCEMENT AT A TUNNEL GATEWAY - Disclosed are various approaches for verifying the compliance of a TLS session with TLs policies. Traffic between an application and a destination server can be routed through a TLS gateway. The TLS gateway can inspect TLS handshake messages for compliance with TLS policies. | 2020-07-23 |
20200236115 | FLEXIBLE RIGHTS MANAGEMENT FOR CLOUD-BASED ACCESS TO COMPUTING RESOURCES - An example method for assigning rights to utilize cloud resources associated with a service provider's computing hardware is provided. The example method can include defining a rights package including multiple rights pertaining to utilization of the cloud resources. The rights package can be assigned across multiple tenants of the service provider. The example method can also include defining a global role that includes potential rights, where the global role is assignable to individual tenant users of the tenant. The global roles can be made available to multiple tenants using the service provider. The method can further include provisioning filtered rights to utilize the cloud resources to a tenant user of the tenant, the tenant user being assigned the global role. The filtered rights can include rights present in both the potential rights defined for the global role and the rights defined for the rights package. | 2020-07-23 |
20200236116 | MULTIFACTOR AUTHENTICATION FOR SECURE MANAGEMENT OF DATA CENTER ASSETS FROM A MOBILE DEVICE - An apparatus for multifactor identification of a mobile device for access to data processing devices within a secured data center includes a processor of a secured server and a memory that stores code executable by the processor. The code is executable by the processor to receive from a mobile device a request for authorization to access a data processing device within a secured data center, verify that user credentials received from the mobile device in conjunction with the authorization request match credentials of an authorized user, where the authorized user is authorized to access the data processing device, verify that the mobile device is in proximity to the data processing device, and authorize the mobile device to access the data processing device in response to verifying the user credentials match credentials of an authorized user and verifying that the mobile device is in proximity to the data processing device. | 2020-07-23 |
20200236117 | CHUNK-SCANNING OF WEB APPLICATION LAYER REQUESTS TO REDUCE DELAYS - A method by a web application layer attack detector communicatively coupled between web application clients and web application servers. The method includes receiving one or more data streams each carrying one or more web application layer requests, forming chunks from each of the one or more web application layer requests as it is being received, where each of the chunks is sized to be less than a preconfigured maximum chunk size, scanning the chunks for attacks as each of the chunks is formed without waiting to receive and store complete web application layer requests from which the chunks are formed, and sending each of one or more of the chunks that were determined, based on a result of the scanning, not to include an attack to the web application server for which the web application layer request from which that chunk was formed is intended. | 2020-07-23 |
20200236118 | SYSTEMS AND METHODS FOR SECURE COMMUNICATION IN CLOUD COMPUTING ENVIRONMENTS - Disclosed embodiments provide systems, methods, and computer-readable storage media for secure data communication between two devices. A disclosed system responds to a request from an originating communication device in a first network to connect with a communication device in a second network, for communication, by receiving a request from the communication device in the first network, the request including payload data and a destination network address in the second network. The system then transmits the received payload data to the destination address in the second network after analyzing the payload data for network intrusion. When the analysis does not indicate network intrusion, the system determines a route to the destination network address by looking up the destination address in a routing table and forwarding the payload data to the destination network address in the second network. If the analysis indicates network intrusion, the system discards the payload data. | 2020-07-23 |
20200236119 | THREAT DETECTION AND SECURITY FOR EDGE DEVICES - Disclosed are various examples for threat detection and security for edge devices in communication with Internet-of-Things (IoT) devices. In one example, a profile is associated with a virtual machine of a gateway device. The profile includes an expected behavior for the virtual machine. The virtual machine is executed by a hypervisor of the gateway device. An actual behavior for the virtual machine is determined. A remedial action is performed. The remedial action is based on an anomaly between the expected behavior and the actual behavior. | 2020-07-23 |
20200236120 | DETECTING AND MITIGATING RISK IN A TRANSPORT NETWORK - Embodiments for implementing intelligent risk detection and mitigation in a transport network by a processor. Data gathered from a plurality of data sources relating to an entity and a selected region of interest may be analyzed. Behavior of an entity, in relation to a risk event, may be learned and interpreted based on a plurality of identified contextual factors, geographical data, current data, historical data, a learned risk event model, or a combination thereof. One or more mitigation actions may be performed to mitigate risk of occurrence or a possible negative impact of the risk event caused at least in part by the behavior of the entity. | 2020-07-23 |
20200236121 | DATA PROTECTION AUTOMATIC OPTIMIZATION SYSTEM AND METHOD - A system includes a memory and at least one processor to continually analyze at least one of metrics, events, and conditions for indications of an attack in a computer network, determine a change in the at least one of metrics, events, and conditions in the computer network, detect the attack in the computer network based on the change in the at least one of metrics, events, and conditions in the computer network, analyze the at least one of metrics, events, and conditions in the computer network and determine that at least one hardware device has been infected, restrict access to the at least one hardware device that has been infected, and generate a copy of data that was created before the attack and associated with the at least one hardware device that has been infected. | 2020-07-23 |
20200236122 | SECURITY PROTECTION FOR A HOST COMPUTER IN A COMPUTER NETWORK USING CROSS-DOMAIN SECURITY-RELEVANT INFORMATION - A computer-implemented method and system for protecting a host computer in a computer network from security threats uses local security-relevant data for the host computer, as well as global security-relevant data for other components in the computer network downloaded from a security information plane system to the host computer, to determine a security threat to the host computer. When a security threat is determined to be a legitimate threat, a security alert is issued, and then an action is initiated in response to the security alert. | 2020-07-23 |
20200236123 | DETECTION OF ANOMALIES IN COMMUNITIES BASED ON ACCESS PATTERNS BY USERS - A system, method, and machine-readable storage medium for detecting an anomaly are provided. In some embodiments, the method includes computing an access rate of a set of entities for each user of a plurality of users. The access rate may refer to data operations for the set of entities stored by a storage system. The method also includes normalizing the access rates for a subset of the plurality of users, the subset belonging to a community. The method further includes determining whether a normalized access rate from among the access rates satisfies a threshold. The method also includes detecting an anomaly in response to a determination that the normalized access rate satisfies the threshold. | 2020-07-23 |
20200236124 | DATA SEGMENTATION - Techniques are disclosed relating to data management. A computer system may evaluate network traffic to extract and group data objects based on their content satisfying similarity criteria, and to identify baseline behavior with respect to those data objects. The computer system may generate data-defined network (DDN) data structures that include a content class and one or more behavioral classes. The content class may be indicative of one or more of the data objects that have been grouped based on them satisfying the similarity criteria. The one or more behavioral classes may indicate baseline behavior of those data objects within the content class as determined from evaluation of the network traffic. The computer system may detect, using the DDN data structures, anomalous data behavior within network traffic. In response to detecting anomalous data behavior, the computer system may prevent network traffic corresponding to the anomalous data behavior from being communicated. | 2020-07-23 |
20200236125 | Statistical Analysis of Network Behavior Using Event Vectors to Identify Behavioral Anomalies Using a Composite Score - Examples of the present disclosure describe systems and methods for identifying anomalous network behavior. In aspects, a network event may be observed network sensors. One or more characteristics may be extracted from the network event and used to construct an evidence vector. The evidence vector may be compared to a mapping of previously-identified events and/or event characteristics. The mapping may be represented as one or more clusters of expected behaviors and anomalous behaviors. The mapping may be modeled using analytic models for direction detection and magnitude detection. One or more centroids may be identified for each of the clusters. A “best fit” may be determined and scored for each of the analytic models. The scores may be fused into single binocular score and used to determine whether the evidence vector is likely to represent an anomaly. | 2020-07-23 |
20200236126 | SYSTEMS AND METHODS FOR DETECTION AND MITIGATION OF MALICIOUS ENCRYPTION - The present disclosure describes systems and methods for detection and mitigation of malicious encryption. A security agent on an infected computing device may monitor data writes to disk, memory, or network transmission buffers for strings that may represent encryption keys or moduli. The security agent may apply one or more techniques to decode and parse the string to either identify or extract the keys, or rule out the string as containing an encryption key or modulus. If a key is identified, or its presence cannot be excluded, then the security agent may generate an alert and take mitigation actions. | 2020-07-23 |
20200236127 | NETWORK APPLIANCE FOR VULNERABILITY ASSESSMENT AUDITING OVER MULTIPLE NETWORKS - An apparatus, system, and method are directed towards enabling auditing of network vulnerabilities from multiple network vantage points virtually simultaneously. Multiple network vantage points may include, but are not limited to, remote/branch enterprise sites, devices on an enterprise perimeter, on either side of a security perimeter, and even through the security perimeter. In one embodiment, an auditor performs reflected audits thereby extending auditing of network vulnerabilities to provide a comprehensive 360 degree audit of internal, external, and remote enterprise network sites. In one embodiment, the present invention may be implemented employing a single auditing device, and one or more audit extension devices that are configured to extend the auditing device's audit reach. The auditing device and one or more audit extension devices may communicate using an encrypted network channel through a security perimeter and/or across multiple networks. | 2020-07-23 |
20200236128 | IDENTIFYING HIGH RISK COMPUTING OPERATIONS - This specification discloses techniques for risk identification. One example method includes receiving, by a client device, a risk identification request identifying a requested service operation and service data associated with the requested service operation; retrieving, by the client device, service data corresponding to the risk identification request; determining, by the client device, service indicator data associated with the service data; analyzing, by the client device, one or more of the service data and the service indicator based on a risk identification rule or a risk identification model to produce a risk result; and determining, by the client device, whether the requested service operation is a high risk operation based at least in part on the risk result. | 2020-07-23 |
20200236129 | SYSTEMS AND METHODS FOR VULNERABILITY SCORECARD - A vulnerability scorecard correlates a vulnerability detected for a network-connected host with an underlying CI, services that may my run on, depend from, or otherwise utilize the CI, and the service owners responsible for the services. The vulnerability scorecard may include a GUI that includes window, widgets, and/or other visualizations that represent data related to the vulnerabilities, CIs, services, service owners, etc. The vulnerability scorecard widgets may be separated into groups and distributed over pages organized by tabs. | 2020-07-23 |
20200236130 | Selectively Choosing Between Actual-Attack and Simulation/Evaluation for Validating a Vulnerability of a Network Node During Execution of a Penetration Testing Campaign - Methods and systems for penetration testing of a networked system by a penetration testing system. In some embodiments, both active and passive validation methods are used during a single penetration testing campaign in a single networked system. In other embodiments, a first penetration testing campaign uses only active validation and a second penetration campaign uses only passive validation, where both campaigns are performed by a single penetration testing system in a single networked system. Node-by-node determination of whether to use active or passive validation can be based on expected extent and/or likelihood of damage from actually compromising a network node using active validation. | 2020-07-23 |
20200236131 | PROTECTING ENDPOINTS WITH PATTERNS FROM ENCRYPTED TRAFFIC ANALYTICS - In one embodiment, an encrypted traffic analytics service captures telemetry data regarding encrypted network traffic associated with a first endpoint device in a network. The encrypted traffic analytics service receives, from the first endpoint device, an indication that a security agent executed on the first endpoint device has detected malware on the first endpoint device. The encrypted traffic analytics service constructs one or more patterns of encrypted traffic using the captured telemetry data from a time period associated with the received indication. The encrypted traffic analytics service uses the one or more patterns of encrypted traffic to detect malware on a second endpoint device by comparing the one or more patterns of encrypted traffic to telemetry data regarding encrypted network traffic associated with the second endpoint device. | 2020-07-23 |
20200236132 | THREAT RESPONSE IN A MULTI-ROUTER ENVIRONMENT - Systems, methods, and software to implement network configuration updates in a computing network. In one implementation, a method includes identifying a threat related to an internet protocol (IP) address, wherein the IP address corresponds to a computing node in the computing network. After identifying the threat, the method further includes generates one or more routing update packets that indicate a block request for at least the IP address. Once generated, the method also provides communicating the one or more routing update packets to one or more routers in the computing network. | 2020-07-23 |
20200236133 | SYSTEMS AND METHODS FOR SIGNALING AN ATTACK ON CONTACTLESS CARDS - Example embodiments of systems and methods for data transmission system between transmitting and receiving devices are provided. In an embodiment, each of the transmitting and receiving devices can contain a master key. The transmitting device can generate a diversified key using the master key, protect a counter value and encrypt data prior to transmitting to the receiving device, which can generate the diversified key based on the master key and can decrypt the data and validate the protected counter value using the diversified key. In an embodiment, the transmitting device can signal an attack or potential attack through the counter value. The attack signaling can further include information relating to the attack or potential attack. | 2020-07-23 |
20200236134 | DETECTING AND PREVENTING DENIAL OF SERVICE ATTACKS DUE TO FRAUDULENT BSS COLOR COLLISION EVENTS - A management entity obtains from a first wireless access point a Basic Service Set (BSS) color collision event detected by the first wireless access point. The first wireless access point uses a first BSS color. A color collision event occurs when the first wireless access point receives from a device in a BSS of a different physical wireless access point a frame or PHY Protocol Data Unit (PPDU) that includes the first BSS color. The management entity obtains from the first wireless access point an indication whether the color collision event has been detected for longer than a predetermined duration. When the color collision event has been detected for longer than the predetermined duration, the management computes a probability of the color collision event. The management entity determines whether the color collision event is malicious or benign, and determines whether to maintain the first BSS color. | 2020-07-23 |
20200236135 | INFRASTRUCTURE DISTRIBUTED DENIAL OF SERVICE PROTECTION - A method of providing infrastructure protection for a server of a network organization, the method including announcing an internet protocol (IP) address range associated with the network organization using a border gateway protocol (BGP) on an edge server of a distributed network of edge servers. The method further including receiving an incoming network packet intended for the server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a distributed network of edge servers. The method further including determining, by the distributed network, whether the incoming network packet is legitimate. The method further including responsive to determining that the incoming network packet is legitimate, routing, by a processor using generic routing encapsulation (GRE), the incoming network packet to the server at a private IP address. | 2020-07-23 |
20200236136 | INFRASTRUCTURE DISTRIBUTED DENIAL OF SERVICE PROTECTION - A method of providing infrastructure protection for a server of a network organization, the method including announcing an IP address range associated with the network organization using a border gateway protocol on an edge router of a scrubbing center associated with the network organization. The method further including receiving an incoming network packet intended for a server of the network organization identified using a public IP address within the IP address range, the public IP address serving as a first anycast address for a plurality of scrubbing centers in a distributed network of scrubbing servers, the plurality of scrubbing centers including the scrubbing center. The method further including determining, by the scrubbing center, whether the incoming network packet is legitimate. The method further including, responsive to determining that the incoming network packet is legitimate, routing, by a processor, the incoming network packet to the server at a private IP address. | 2020-07-23 |
20200236137 | METHOD AND SYSTEM FOR CHECKING MALICIOUS HYPERLINK IN EMAIL BODY - A network-based document protection system for the protection of business secret includes: a template module configured to search for the template information of a template stored in a template database (DB) or the document information of a document stored in a document DB, and to execute the corresponding template or document via a dedicated application; an authentication module configured to generate the document information by including the identification code of an operator in the corresponding template information or to identify a corresponding operator by recognizing an identification code from the document information of the executed document, according to the execution procedure of the template module; and a security module configured to store the document, generated or updated via the dedicated application, in the document DB, and to perform security processing on the document. | 2020-07-23 |
20200236138 | SYSTEMS AND METHODS FOR SITUATIONAL LOCALIZATION OF AIDA - The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user. A campaign controller may identify an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action. | 2020-07-23 |
20200236139 | A METHOD AND APPARATUS FOR REDUCING LATENCY OF NETWORK PROTOCOLS - The embodiments herein disclose methods and systems for reducing network protocol latency for at least one application on an electronic device, a method includes pre-resolving a plurality of Domain Name System (DNS) queries for the at least one application. The plurality of DNS queries is pre-resolved before triggering at least one DNS resolution query from the at least one application. The method includes pre-connecting a plurality of TCP connections of the at least one application with at least one Transmission Control Protocol (TCP) server. The plurality of TCP connections are pre-connected before triggering at least one TCP connection request from the at least one application. The method includes exchanging a plurality of secure certificates with the at least one TCP server to secure the plurality of pre-connected TCP connections. The secure certificates are exchanged before receiving at least one request from the at least one application for secure certificate negotiation. | 2020-07-23 |
20200236140 | TRANSPORT LAYER SECURITY OFFLOAD TO A NETWORK INTERFACE - Examples described herein relate to an interface that is to receive data for transmission and based on indication of failure of receipt of one or more packets that carry segments of the data, cause re-transmission of solely one or more of the multiple packets that comprise a segment of the data referenced by the indication of failure of receipt of one or more packets. In some examples, the interface is to encrypt the data using an encryption engine and to segment the data for transmission using one or more packets. In some examples, the interface is to receive the data and an indication of which segment of the data to re-transmit; encrypt the data; segment the encrypted data into one or more packets; and based on the indication of which segment of the data to re-transmit, transmit solely one or more of the multiple packets that comprise a segment of the data referenced by the indication of failure of receipt of one or more packets. | 2020-07-23 |
20200236141 | IDENTIFYING SECURITY PROFILES ASSOCIATED WITH ACCESS PROTOCOLS OF SECONDARY STORAGE - For migrating data to a remote data repository based on the security protocol capabilities of the remote data repository, a storage module identifies a security profile of a file residing in an on-premise data repository, where the security profile comprises security protocol requirements, matches the identified security profile with an entry in a list of one or more remote data repository providers, each entry comprising a security protocol capability of a corresponding remote data repository provider, and migrates, in response to finding a match of the identified security profile and the identified security protocol capability, the file to the matched remote data repository provider. | 2020-07-23 |
20200236142 | Method for Target Sequence Identification and Device thereof - Disclosed is a method and device for target sequence identification, wherein an optical binary sequence and an all-zero sequence are subjected to an XNOR operation and a first candidate sequence set is generated by splitting the result sequence; a second candidate sequence set is generated by splitting the optical binary sequence; multiple binary sequences are selected from the first candidate sequence set and the second candidate sequence set according to the target sequence to generate a to-be-delayed sequence set; various delay duration are configured for each binary sequence of the to-be-delayed sequence set; a to-be-matched sequence set is generated after delaying; an AND operation is performed on the sequences of the to-be-matched sequence set to generate a final sequence; and the number and position of the target sequence in the binary sequence can be determined according to the number and position of a pulse in the final sequence. | 2020-07-23 |
20200236143 | DATA MANAGEMENT PLATFORM - Techniques are disclosed relating to the management of data. A data provider computer system may store particular data of a user. The data provider computer system may commence sharing of a portion of the particular data with a data consumer computer system. The data provider computer system may continue sharing additional portions of the particular data with the data consumer computer system in response to receiving a report from a verification environment indicating that the particular data is being utilized by the data consumer computer system in accordance with a specified usage policy. | 2020-07-23 |
20200236144 | BUILDING A COOPERATIVE SECURITY FABRIC OF HIERARCHICALLY INTERCONNECTED NETWORK SECURITY DEVICES - Systems and methods for implementing a cooperative security fabric (CSF) protocol are provided. According to one embodiment, an NSD of multiple NSDs participates in the dynamic construction of a CSF interconnecting the NSDs in a form of a tree, having multiple nodes each representing one of the NSDs, based on hierarchical interconnections between the NSD and directly connected upstream and downstream NSDs. A communication channel is established by a backend daemon of the NSD with a directly connected upstream node of the NSD within the CSF through which queries and replies are communicated and through which periodic keep-alive messages and responses are exchanged between the upstream node and the NSD. A CSF protocol is enforced by a forward daemon of the NSD that limits issuance of query messages to those originated by a source NSD representing an upstream node and directed to a destination NSD representing a downstream node. | 2020-07-23 |
20200236145 | SYSTEM AND METHOD FOR EMBEDDING INFRASTRUCTURE SECURITY SERVICES INTO MANAGEMENT NODES - In one example, a cloud computing environment may be probed to detect an actual topology including connectivity between infrastructure security nodes and management nodes. Each management node may execute a corresponding centralized management service. Each infrastructure security node may execute a corresponding infrastructure security service that handles at least one infrastructure security function. Further, a set of candidate topologies may be generated based on the actual topology. Each candidate topology may indicate a way to replicate the infrastructure security service into the management nodes. Furthermore, a replication partner associated with each of the management nodes may be determined based on a selection of one of the candidate topologies. An operation to deploy the infrastructure security service on the management nodes may be executed based on the selected one of the candidate topologies and the determined replication partners to form an embedded linked mode architecture. | 2020-07-23 |
20200236146 | SYSTEM AND METHOD FOR EMBEDDING EXTERNAL INFRASTRUCTURE SERVICES INTO MANAGEMENT NODES - In one example, a management node and an infrastructure node external to the management node may be identified in a cloud computing environment. The management node may execute a centralized management service and the external infrastructure node may execute a first infrastructure service that handles at least one infrastructure network function for the centralized management service. Further, a second infrastructure service may be deployed on the management node. Data in the first infrastructure service may be replicated to the second infrastructure service. Furthermore, the centralized management service in the management node may be repointed to the second infrastructure service such that the second infrastructure service is to operate within the management node. | 2020-07-23 |
20200236147 | BROKERED AUTHENTICATION WITH RISK SHARING - Embodiments described herein are implemented in authentication brokering systems where an authentication broker issues security tokens that represent its authentications of users. Client devices operated by the users store the security tokens and send them to resource providers. The resource providers authenticate and grant access to the users based on validation of the security tokens. Authentication related messages exchanged between the resource providers and the authentication broker are used to exchange authentication risk data that is obtained or derived by the resource providers and the authentication broker. The resource providers obtain authentication risk data directly from the authentication broker and indirectly, via the authentication broker, from each other. As security tokens are used or managed, authentication risk data is shared among the participants in the authentication brokering system. The participants are able to modify their authentication procedures or make authentication decisions based on shared authentication risk data. | 2020-07-23 |
20200236148 | INTERFACE SESSION DISCOVERY WITHIN WIRELESS COMMUNICATION NETWORKS - A method for discovering an interface session within a wireless communication network is discussed herein. The method includes establishing an Internet Protocol (IP) packet-switched network registration between a first node of a plurality of nodes within the wireless communication network and a second node of the plurality of nodes. The method further includes, requesting, by a third node of the plurality of nodes from a fourth node of the plurality of nodes, service for a call of a mobile device within the wireless communication network. Based upon not having an appropriate interface session established between the first node and the fourth node, the method also includes performing, by the fourth node, an interface session discovery. Based at least in part on the interface session discovery, a dedicated bearer is established at the second node for the call. | 2020-07-23 |
20200236149 | Telecommunications Network Call Control - Telecommunications network components configured to manage call control of a communication session of user equipment are described herein. An anchoring network device may proxy signaling traffic for the communication session. The anchoring network device may determine a routing identifier based at least in part on which access network, or which type of access network, is carrying the communication session, and may transmit state information of the communication session to a call-control server in association with the routing identifier. The call-control server may provide control information of the communication session to the anchoring network device in response to the state information. The anchoring network device may modify the communication session, e.g., by adding or dropping one or more parties, in response to the control information. The routing identifier may be determined based at least in part on capabilities of a communication session indicated in a session-initiation message. | 2020-07-23 |
20200236150 | METHOD AND APPARATUS FOR TRANSFERRING INFORMATION BETWEEN ELECTRONIC DEVICES - Embodiments of the disclosure provided herein generally include a system and a method of configuring and/or controlling the transfer of information between two or more electronic devices due to the interaction of an electronic device and a host identifier signal generating system. Embodiments of the disclosure may include a system and a method of distributing useful information received by or contained within a memory of the electronic device based on the receipt of a host identifier signal. The electronic device may then perform one or more desirable functions or processes based the portable electronic device's interaction with the host identifier signal generating system. Some aspects of the invention may include an apparatus, method and/or one or more computing device software applications that are configured to more easily setup, configure and/or control the presentation, distribution, collection and/or analysis of program information residing in a first electronic device to a second electronic device based on the interaction of the first electronic device with the host identifier signal generating system. | 2020-07-23 |
20200236151 | COMPUTER-IMPLEMENTED METHOD OF PERFORMING A REAL-TIME COLLABORATION SESSION, COLLABORATIVE PLATFORM FOR PERFORMING REAL-TIME COLLABORATION SESSIONS, AND COLLABORATIVE CHAT POST OBJECT - A telecommunication device, apparatus, and a computer-implemented method of performing a real-time collaboration session with a plurality of participants can be configured so that a method can be performed. The method can include starting a chat application (e.g. a group chat application) for the participants of the real-time collaboration session; automatically creating, upon a first event being external or internal to the chat application, creating a collaborative chat post object (CCPO), for the session, authorizing the participants to edit the chat conversation content of the CCPO; and automatically sealing permanently the CCPO upon a second event being external or internal event to the chat application. For sealing the CCPO, the editable content of the CCPO can be converted into read-only content. | 2020-07-23 |
20200236152 | NETWORK SYSTEM FOR CONTENT PLAYBACK ON MULTIPLE DEVICES - Embodiments described herein provide a network system to enable content playback on multiple devices. An electronic device can receive information associated with media playback request and resolve a media item and intended playback device for the media request based on a set of available media items and player devices. The device can then transmit, via the data interface, a request to play the media item at the player device via a secure device to device communication system. | 2020-07-23 |
20200236153 | MECHANISM FOR FACILITATING USER-CONTROLLED FEATURES RELATING TO MEDIA CONTENT IN MULTIPLE ONLINE MEDIA COMMUNITIES AND NETWORKS - In accordance with embodiments, there are provided mechanisms and methods for facilitating playlist assistance and sharing of media content over multiple media communities according to one embodiment. In one embodiment and by way of example, a method includes receiving, at a first computing device, a request relating to media content. The request may be placed by a user at a second computing device. The method may further include researching a plurality of media playlists at a plurality of media communities for the media content, selecting one or more of the plurality of media playlists at one or more of the media communities having the media content, and transmitting, from the first computing to the second computing device, the one or more media playlists having the media content. | 2020-07-23 |