31st week of 2022 patent applcation highlights part 74 |
Patent application number | Title | Published |
20220247740 | INTEGRATED SECOND FACTOR AUTHENTICATION - Techniques and apparatuses are described that enable integrated second factor authentication. These techniques and apparatuses enable the improved security of something you have without the accompanying inconvenience or chance of loss. To do so, a secure physical entity is integrated within a computing device. While this provides the something you have without a need to carry a separate object with you, the something you have also must not be able to be accessed remotely. To prevent remote access physical wires are connected from the secure physical entity to physical structures on the computing device. In this way, a hacker or cyber thief cannot convince an authentication system that the cyber attacker does indeed have the something you have because to do so the attacker must be in physical possession of the computing device. | 2022-08-04 |
20220247741 | URL-BASED AUTHENTICATION FOR PAYMENT CARDS - Systems, methods, articles of manufacture for authentication of payment cards. A server may assign, in a database, an expected card identifier to a contactless card, the contactless card associated with an account. The server may receive, from a client device, a request comprising a uniform resource locator (URL), a parameter of the URL comprising a card identifier, wherein the URL is transmitted by the contactless card to the client device. The server may extract the card identifier from the URL and compare the extracted card identifier to the expected card identifier in the database. The server may determine, based on the comparison, that the extracted card identifier matches the expected card identifier. The server may authenticate the request based on the extracted card identifier matching the expected card identifier, and transmit, to the client device, an indication specifying that the request was authenticated. | 2022-08-04 |
20220247742 | MONITORING A MEDIA ACCESS CONTROL SECURITY SESSION - A device may determine that a first link of the device is active. The device may determine whether a Media Access Control Security (MACsec) session is established on the first link. The device may selectively enable or disable a second link of the device based on determining whether the MACsec session is established on the first link. | 2022-08-04 |
20220247743 | AUTHENTICATING A LIMITED INPUT DEVICE VIA AN AUTHENTICATED APPLICATION - A limited input device, such as a camera, is authenticated based on a request received from an authenticated application. The camera provides an authorization code to the authenticated application and receives an access token. The access token is associated with a user account. The access token is received based on a verification of the authorization code. The camera transmits one or more images associated with the user account to the first device based on the verification. | 2022-08-04 |
20220247744 | SYSTEM AND METHOD FOR SECURE ONBOARDING OF NETWORK DEVICES - A secure mechanism for adding network devices uses an unsecure guest network and a secure network both coupled to a secure hub. When an unknown device is introduced, it is initially connected to the guest network and can only communicate with the hub and with a wide area network (WAN). The unknown device is prohibited from communicating with the secure network and any device connected to the secure network. The unknown device provides credentials to the hub, which are verified with a secure database, such as a blockchain ledger, that provides manufacturer device information and certification. Upon authentication, the hub permits the identified device to connect to the secure network. The hub may also configure the now identified device for security and operational parameters. The hub may also retrieve network traffic pattern information from the secure database and use such information to monitor normal expected activity from the identified device. | 2022-08-04 |
20220247745 | FEDERATED AUTHENTICATION SERVER, FEDERATED AUTHENTICATION METHOD, FEDERATED AUTHENTICATION SYSTEM, AND STORAGE MEDIUM - A federated authentication server provides, in cooperation with an authentication server, a function of authenticating a user terminal to a resource server configured to provide a service to the user terminal, and includes an authentication information transmission unit configured to transmit authentication information about a user of the user terminal to the authentication server, a token reception unit configured to receive, from the authentication server, a token for use in accessing the resource server from the user terminal, a code issue unit configured to issue a code for identifying an authentication success response and transmit the code to the resource server, a storage unit configured to store the code and the token in association with each other, and a token transmission unit configured to transmit the token associated with the code to the resource server in a case where the code is transmitted from the resource server. | 2022-08-04 |
20220247746 | SIDECAR ARCHITECTURE FOR STATELESS PROXYING TO DATABASES - A mechanism for providing connection to a database is described. A connection to the database is intercepted. The connection is assigned to an instance of the database. A sidecar is configured to proxy the connection to the database. The sidecar is stateless and passes all communications for the connection to the instance of the database. | 2022-08-04 |
20220247747 | SYSTEM AND METHOD OF SECURED COMMUNICATION - Systems and methods of securing communication between a server and a client device, including: analyzing an application programming interface (API) payload from the server to identify server's object references, retrieving an authenticated client reference, encrypting at least one pair of server's object reference and client reference based on a predefined cryptographic function, analyzing a payload of an API call from the client device to identify the at least one encrypted pair, decrypting the at least one encrypted pair identified from the API call, to receive at least one pair of server's object reference and client reference, and blocking the API call if the decrypted client reference does not match the retrieved authenticated client reference. | 2022-08-04 |
20220247748 | System For Remote Execution Code-Based Node Control Flow Management, And Method Therefor - A method for managing a control flow by a server including: receiving a control flow generation request data packet from the terminal; transmitting a control flow communication code to the terminal; and receiving the result of executing the control flow communication code from the terminal, wherein if the result of executing the control flow communication code is normal, the server generates the control flow with the terminal, and if the execution result value is abnormal, or the execution result is not received from the terminal within a predetermined time, the server blocks the generation of the control flow with the terminal. | 2022-08-04 |
20220247749 | MANAGEMENT PROGRAM, INFORMATION PROCESSING DEVICE, AND MANAGEMENT METHOD - A non-transitory computer readable medium storing management program executable by a computer provided in an information processing device. The management program causes the computer to execute a process which includes determining whether a cloud access function is enabled in a terminal device, setting the terminal device as a management target in a case where it is determined that the cloud access function is not enabled in the determining; and performing at least one of acquiring terminal data that is included in the management target from the management target and writing the acquired terminal data into the cloud storage, or reading processing request data that is written into the cloud storage and indicates a processing to be executed by the management target from the cloud storage and causing the management target to execute the processing indicated by the processing request data. | 2022-08-04 |
20220247750 | EVALUATING ACCESS REQUESTS USING ASSIGNED COMMON ACTOR IDENTIFIERS - Techniques are discussed for grouping access requests made to a computer system using a log of access requests that includes a plurality of log entries of that include (a) a plurality of traffic indicators of the corresponding access request and/or (b) a plurality of identity indicators of a respective remote computer system that made the corresponding access request. The plurality of log entries is analyzed using a plurality of network analysis rules that are useable to group log entries according to traffic and/or identity indicators. Based on the analyzing, a plurality of groups of log entries are identified, and each group of log entries is assigned a corresponding common actor identifier (common actor ID). The determination of whether to grant a particular access request uses one or more assigned common actor IDs. | 2022-08-04 |
20220247751 | ENHANCED AUTHENTICATION FRAMEWORK USING EPROM GRID PATTERN RECOGNITION - Systems, computer program products, and methods are described herein for implementing an enhanced authentication framework using Erasable Programmable Read-Only Memory (EPROM) grid pattern recognition. The present invention is configured to receive an indication of a resource transfer interaction initiated by a user using a resource transfer instrument at a resource transfer terminal, wherein the resource transfer instrument comprises an embedded EPROM grid, wherein the embedded EPROM grid is configurable to store a unique pattern associated with the user; retrieve, from the resource transfer terminal, the unique pattern from the embedded EPROM grid; determine that the unique pattern from the embedded EPROM grid matches one or more pre-registered unique patterns associated with the user; and authorize an execution of the resource transfer interaction by the user based on at least determining that the unique pattern from the embedded EPROM grid matches one or more pre-registered unique patterns associated with the user. | 2022-08-04 |
20220247752 | ELECTRONIC CONFERENCING - Aspects of the subject technology provide for secure, privacy-preserving access to electronic conferencing. In one or more implementations, a server may receive a request to contact an account via a service, the request including a service-specific alias for the account. The service-specific alias may be configured for contact with one or more devices associated with the account via a set of services. The server may allow or deny contact with the one or more devices associated with the account via the service, based on whether the service is included in the set of services for the service-specific alias. In one or more implementations, the service is an electronic conferencing service. | 2022-08-04 |
20220247753 | SYSTEMS AND METHODS FOR CONTROLLING THIRD-PARTY ACCESS OF A PROTECTED DATA RESOURCE - A computer-implemented method is disclosed. The method includes: receiving, via an application server associated with a first application, a request for the first application to perform a first access operation in connection with a user account at a protected resource; determining that the first access operation is not among permitted user account operations for the first application in connection with the user account; and in response to determining that the first access operation is not among the permitted user account operations: generating a request for a one-time authorization for the first application to perform the first access operation; sending, to a client device, the request for the one-time authorization; receiving, via the client device, an indication of the requested one-time authorization; generating an access token for a one-time access of the user account based on the indication of one-time authorization; and transmitting the access token to the application server associated with the first application to grant, to the first application, one-time access to the user account. | 2022-08-04 |
20220247754 | SYSTEMS AND METHODS FOR IDENTIFYING SYNTHETIC IDENTITIES ASSOCIATED WITH NETWORK COMMUNICATIONS - Systems and methods are provided for use in identifying synthetic identities. One example method includes receiving a request from a relying party for an identity asserted by a user to the relying party, where the request includes identity data indicative of the identity, feature data associated with the user asserting the identity, and a device ID for a communication device of the user. The method also includes parsing the identity data, the feature data, and the device ID from the request, and calculating a device behavior score based on the feature data and the device ID. The method then includes aggregating the device behavior score and at least one of a fraud profile score, a user profile score, and/or an exposure behavior score into a metric indicative of a likelihood that the identity asserted by the user is a synthetic identity and transmitting the metric to the relying party. | 2022-08-04 |
20220247755 | SYSTEMS, METHODS, AND APPARATUSES FOR PRE-CONFIGURED PER-TENANT ISOLATION IN A MULTI-TENANT CLOUD BASED COMPUTING ENVIRONMENT - Systems, methods, and apparatuses for pre-configured per-tenant isolation in a multi-tenant cloud based computing environment. An exemplary system having a processor and a memory therein includes means for creating an isolation group, in which creating the isolation groups includes: defining isolation requirements, identifying a group of features utilizing call-out functions, and selecting from among the group of features utilizing call-out functions a group of features having the defined isolation requirements; deploying platform software integrating the isolation requirements, in which the platform software contains instructions to map the isolation requirements to a customer organization; creating the customer organization; creating a unique variant of the customer organization, in which creating the unique variant of the customer organization includes declaratively applying an isolation layer containing isolation requirements on top of a base layer for the customer organization; and deploying the unique variant of the customer organization onto the customer organization's computing infrastructure, in which the unique variant validates per-tenant distinctions for various applications subjected to the isolation requirements. | 2022-08-04 |
20220247756 | METHOD AND SYSTEM FOR MULTI-TIERED, MULTI-COMPARTMENTED DEVOPS - A method of providing a secure development operations system that can accommodate multiple projects, multiple tenants, and multiple security classifications includes creating a first sub-program with the first sub-program being part of a first project and designating the first sub-program with a first security classification label. The method also includes transferring the first sub-program to a first repository of the development operations system with the first repository being configured to contain sub-programs associated with the first project and transferring a copy of the first sub-program to a second repository of the development operations system. The second repository is configured to contain sub-programs from multiple projects and sub-programs that have different security classification labels. | 2022-08-04 |
20220247757 | TECHNOLOGIES FOR PROVING PACKET TRANSIT THROUGH UNCOMPROMISED NODES - Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet. | 2022-08-04 |
20220247758 | COMBINATION RULE MINING FOR MALWARE SIGNATURE GENERATION - Malware signature generation through combination rule mining is disclosed. A set of properties associated, collectively, with a plurality of data samples is received. A first data sample has a first set of properties and a second data sample has a second set of properties. A combination signature comprising at least a first property included in the first set of properties and a second property included in the second set of properties is generated. | 2022-08-04 |
20220247759 | IMPEDING THREAT PROPAGATION IN COMPUTER NETWORKS - A computer implemented method to block malware propagation in a network of computer systems by receiving, for each of a plurality of time periods, a model of the network of computer systems identifying communications therebetween and a malware infection state of each computer system; identifying a common resource in the network involved in propagation of the malware, the identification being based on changes to malware infection states of computer systems and the communications therebetween identified in the models; and implementing protective measures in respect to the common resource so as to block propagation of the malware through the network. | 2022-08-04 |
20220247760 | REAL-TIME CLOUD DATA STREAMING - Some examples relate generally to computer architecture software for information security and, in some more particular aspects, to a frontier service engine for the real-time detection of malware in a monitored system. | 2022-08-04 |
20220247761 | DYNAMIC ROUTING OF ACCESS REQUEST STREAMS IN A UNIFIED POLICY ENFORCEMENT SYSTEM - The technology discloses processing incoming access requests of packets through cloud-based components that perform (a) packet-level access control and traffic inspection, (b) protocol-level access control and traffic inspection, (c) threat detection, and (d) activity contextualization, including a packet and stream router conveying each incoming access request of packets through all of components (a)-(d) that apply, at least until one of the components sets a restrictive state on at least one object corresponding to the incoming access request or until all of the components that apply have passed the incoming access request. The disclosed method also includes a restrictive state analyzer determining whether the first, second, third or fourth restrictive state has been set due to malformed packets, malicious signatures, requests directed to a threat destination or an activity classified as compromising, and based on setting of any of the states, taking restrictive steps in response to the incoming access request. | 2022-08-04 |
20220247762 | Multi-Path User Authentication And Threat Detection System And Related Methods - Embodiments of systems and methods are provided to enhance network security by providing secure, multi-path user authentication, while also providing a more convenient login experience to the user. In the present disclosure, a cloud-based user authentication and threat detection system is provided with an artificial intelligence (AI) engine and a training dataset. Utilizing a cloud-based system enables the AI engine to collect data from multiple devices located within different physical locations or environments (such as, for example, the user's home and office). The collected data is stored within the training dataset and used to create a personalized user profile for each user. Each time a user initiates login to a system or network from a particular location, the AI engine collects data from multiple devices within that location and utilizes the user profile data previously stored within the training dataset to securely authenticate the user or detect potential security threats. | 2022-08-04 |
20220247763 | Dynamic Computer Threat Alert System and Method - A configurable system and method for automatically taking in streams of log data from various sources, dynamically parsing, normalizing the data and routing it to subsystems of an analytics engine. The routed data may undergo aggregating and other enrichment based on content, rules and data, so as to generate useful event observations, which may recursively be fed back into the system's data ingestion stream to further enhance the usefulness of the system's outputs, in real-time, in the context of computer system and data security. | 2022-08-04 |
20220247764 | DYNAMIC POWER USER THROTTLING METHOD FOR MANAGING SLA GUARANTEES - A method and system disclosed dynamically throttling a rate or volume in time of a power user for avoiding throughput penalties imposed by SaaS vendors on a user group due to excessive Application Programming Interface (API) events from users in the group, monitoring API event rate for requests from the group, collectively, and from individual users of the user group to a SaaS vendor is disclosed. Also, identifying a power user as submitting API events in excess of a limit, and on behalf of the user, throttling the power user's rate of API events submissions, based on a configurable policy specific to the SaaS vendor managed by a proxy, to reduce the user's impact on the API event rate of the group at least when the group's API rate, overall, exceeds or approaches a SaaS imposed trigger of a throughput penalty on the group, thereby avoiding triggering of the throughput penalty by the SaaS. | 2022-08-04 |
20220247765 | FRAUD DETECTION USING GRAPH DATABASES - Aspects discussed herein relate to the storage of data in graph databases and detecting fraudulent behavior in the stored data. Fraud detection systems may use graph databases to store data, allowing for querying the graph database to obtain data using a variety of graph semantics such as nodes, edges, and properties. Graph databases in accordance with embodiments of the invention may include account nodes and attribute nodes, where nodes of the same type are not directly linked to each other. When a particular node is updated, an updated node may be created with a higher version number than the existing node. Each node may include an indication of the node being associated with fraudulent activity. Fraud indicators may be calculated based on the relationships between the nodes and fraud indicators for the nodes. | 2022-08-04 |
20220247766 | SCALABLE AUTOMATED TRAINING FRAMEWORK - Techniques for implementing a scalable automated training framework for anomaly and ransomware detection are disclosed. In some embodiments, a computer system performs operations comprising: instantiating a plurality of virtual machines, each one of the virtual machines being loaded with a corresponding file system; simulating user actions and ransomware on the virtual machines, the simulating of user actions and ransomware on the virtual machines causing changes to the corresponding file systems of the virtual machines; for each one of the plurality of virtual machines, generating a corresponding metadata file based on one or more corresponding snapshots of the virtual machine, the one or more corresponding snapshots indicating the changes to the corresponding file system of the virtual machine; and training a ransomware detection model using a machine learning algorithm and training data, the training data being based on the corresponding metadata files of the virtual machines. | 2022-08-04 |
20220247767 | DIGITAL ACCESS CONTROL USING TIME-BASED BASELINE ACCESS DISTRIBUTIONS - An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required. | 2022-08-04 |
20220247768 | DYNAMIC DISTRIBUTION OF UNIFIED POLICIES IN A CLOUD-BASED POLICY ENFORCEMENT SYSTEM - The technology discloses a method applied by a policy manager to a cloud-based security system that unifies functions of access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic, with a data manager coupled to the policy manager storing a superset of fields used to specify security policies across the cloud-based unified functions, including common fields shared by two or more of the functions. The method includes the manager validating, saving and distributing policy specifications applicable to respective functions among the functions, and receiving requests for policy specifications stored in common fields from each of the functions, converting the common fields into values used by a respective requesting function, and returning the values of the field used by the respective requesting function to any requesting function among the functions of access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic. | 2022-08-04 |
20220247769 | LEARNING FROM SIMILAR CLOUD DEPLOYMENTS - Learning from similar cloud deployments, including: identifying, for at least a portion of a first cloud deployment, one or more additional cloud deployments to utilize for cross-customer learning; receiving information describing configurations associated with the additional cloud deployments; and identifying, based on the configurations, one or more configurations to adopt for the first cloud deployment. | 2022-08-04 |
20220247770 | SYSTEMS DATA AVAILABILITY VALIDATION - A network connection between a server group of a data intake and query system and each of one or more source network nodes is established. Source data at the server group is received from at least one of the one or more source network nodes via the respective network connections and transformed, by the indexer server, to timestamped data entries of machine data. A model management server detects data constraints for a security model that include a data element used by the security model and an availability requirement set. Using the timestamped data entries, the data constraints are validated, and the validation used to determine a data availability assessment of the security model. | 2022-08-04 |
20220247771 | MONITORING ENCRYPTED NETWORK TRAFFIC - Embodiments are directed to monitoring network traffic using network monitoring computers (NMCs). Networks may be configured to protect servers using centralized security protocols. Centralized security protocols may depend on centralized control provided by authentication control servers. If a client intends to access protected servers it may communicate with the authentication control server to obtain keys that enable it to access the requested servers. NMCs may monitor network traffic the centralized security protocol to collect metrics associated with the control servers, clients, or resource servers. | 2022-08-04 |
20220247772 | ATTACK MONITORING CENTER APPARATUS AND ATTACK MONITORING TERMINAL APPARATUS - In an attack monitoring center apparatus, an event log transmitted from an attack monitoring terminal apparatus is received via a communication network. A first pattern and a second pattern are read from an event log occurrence pattern database which describes event log occurrence patterns. The first pattern is referred to in response to an abnormality being detected in the attack monitoring center apparatus; the second pattern is referred to in response to an abnormality being detected in the attack monitoring terminal apparatus. An abnormality is detected based on the event log and the first pattern. The second pattern is transmitted to the attack monitoring terminal apparatus in response to detecting the abnormality based on the event log and the first pattern. | 2022-08-04 |
20220247773 | ANOMALY DETECTION - Computer-implemented method of detecting potential cybersecurity threats from collected data pertaining to a monitored network, the collected data comprising network data and/or endpoint data. The method comprises structuring the collected data as at least one data matrix, each row of the data matrix being a datapoint and each column corresponding to a feature. The method also comprises identifying one or more datapoints as anomalous, thereby detecting a potential cybersecurity threat. The method also comprises extracting causal information about the anomalous datapoint based on an angular relationship between a second-pass coordinate vector of the anomalous datapoint and a second-pass coordinate vector of one or more features. The second-pass coordinate vectors are determined by applying a second-pass singular value decomposition (SVD) to a residuals matrix. The residuals matrix is computed between the data matrix and an approximation of the data matrix by applying a first-pass truncated SVD to the data matrix. | 2022-08-04 |
20220247774 | Methods and Systems for Accurately Assessing Application Access Risk - Systems and methods for assessing an application access risk are provided. An example method commences with collecting data concerning relationships between an application, one or more client devices, and one or more users in a computing environment. The method includes updating a graph database including nodes and edges. The nodes represent the application, the one or more client devices, and the one or more users and the edges represent relationships between the application, the one or more client devices, and the one or more users. The method continues with enriching the graph database by associating the nodes with metadata including information concerning the one or more users accessing the application from the one or more client devices. The method further includes analyzing the graph database to identify a subset of nodes used to access the application and displaying a graphical representation of the subset of nodes. | 2022-08-04 |
20220247775 | Systems and Methods for Improved Network Vulnerability Scanning and Reporting - Vulnerability scanning systems and methods are provided for automatically performing the steps necessary for compliance testing and auditing of an organization's systems, and determining security posture in real time. A Machine-in-the-Middle Microserviced Security Engine (MiMMSE) is provided that provides one-way traffic for command execution and security improvement, management for automating services in OS containers, the elimination of multiple connections to services per client to give users more control of network access, total data destruction after each run to reduce attack surfaces, encryption over container services, reverse tunnel or VPN traffic between pods, clusters, and other separated networks, and machine learning (e.g., neural-network-based) maps for command execution order. | 2022-08-04 |
20220247776 | ANALYZING AND ADDRESSING SECURITY THREATS IN NETWORK RESOURCES - Disclosed embodiments relate to systems and methods for composite risk scores for network resources. Techniques include retrieving data associated with multiple network resources. The retrieved data is used to perform a first assessment for each of the multiple network resources to estimate a vulnerability level for each of the multiple network resources. The retrieved dated is also used to perform a second assessment for each of the multiple network resources to estimate an importance level for each of the multiple network resources. Based on a result of the first assessment and a result of the second assessment, a composite risk score for each of the multiple network resources is determined. When needed, a security response is performed based on the determined composite risk score of a specific network resource among the multiple network resources. | 2022-08-04 |
20220247777 | Assessing Computer Network Risk - Systems and methods for risk assessment of a computer network are described. In one embodiment a first static risk score corresponding to a first computing device is computed. A connectivity map corresponding to the first computing device is determined. Communication performed by the first computing device via the connectivity map is analyzed, and a first dynamic risk score corresponding to the first computing device is computed. The first static risk score and the first dynamic risk score are combined to generate a first total risk score for the first computing device. A second total risk score for a second computing device is determined. The first total risk score and the second total risk score are aggregated into an aggregate risk score. A risk assessment of the computer network is determined based on the aggregate risk score. | 2022-08-04 |
20220247778 | SYSTEMS AND METHODS FOR AUTOMATICALLY SELECTING AN ACCESS CONTROL ENTITY TO MITIGATE ATTACK TRAFFIC - The methods and system described herein automatically generate network router access control entities (ACEs) that are used to filter internet traffic and more specifically to block malicious traffic. The rules are generated by an ACE engine that processes incoming internet packets and examines existing ACEs and a statistical profile of the captured packets to produce one or more recommended ACEs with a quantified measure of confidence. Preferably, a recommended ACE is identified in real time of the attack, and preferably selected from a library of pre-authored ACEs. It is then deployed automatically or alternatively sent to system personnel for review and confirmation. | 2022-08-04 |
20220247779 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR MITIGATING DENIAL OF SERVICE (DoS) ATTACKS AT NETWORK FUNCTIONS (NFs) - A method for DoS attacks at an NF includes maintaining, at a first NF, an NF subscription database containing rules that specify maximum numbers of allowed subscriptions and corresponding rule criteria. The method further includes receiving, at the first NF and from a second NF, a subscription request for establishing a subscription. The method further includes determining, by the first NF, that the subscription request matches criteria for at least one rule in the NF subscription database and incrementing, by the first NF, at least one count of a number of subscriptions for the at least one rule. The method further includes determining, by the first NF, that the at least one count of the number of subscriptions exceeds a maximum number of allowed subscriptions for the at least one rule. The method further includes, in response to determining that the at least one count of the number of subscriptions exceeds the maximum number of allowed subscriptions for the at least one rule, preventing establishment of the subscription. | 2022-08-04 |
20220247780 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND COMPUTER READABLE MEDIUM - An evaluation-value acquisition unit ( | 2022-08-04 |
20220247781 | DETECTING POTENTIAL DOMAIN NAME SYSTEM (DNS) HIJACKING BY IDENTIFYING ANOMALOUS CHANGES TO DNS RECORDS - Systems and methods are described for scanning or monitoring of Domain Name System (DNS) records of an entity for identifying anomalous changes to the DNS records that may be indicative of possible DNS hijacking. According to one embodiment, DNS monitoring engine running on a network security appliance protecting a private network, or implemented as a cloud-based service can be used for monitoring DNS records of the entity. Any modification in the monitored DNS record(s) can be detected within a pre-defined or configurable time-frame. The detected modification can be determined to be anomalous or not, by assigning a criticality value based on current value and previous value of one or more fields of the DNS record, one or more attributes of the DNS record and one or more derived attributes based on the DNS record. | 2022-08-04 |
20220247782 | PHISHING WEBSITE DETECTION BY CHECKING FORM DIFFERENCES FOLLOWED BY FALSE CREDENTIALS SUBMISSION - There is provided a method to detect phishing websites so as to protect users from sending their sensitive information to criminal servers. When browsing a web site having an input form asking sensitive information, the input fields are recorded (i.e. username field and password field). Then false credentials are generated and submitted in background. The new control layer then checks the response page content whether it includes an input form and if there is an input, it checks whether the form has the same fields as the first form. If the responded page does not have a form, or it has a form but includes different fields than the initial page's form, then the original site is identified as phishing. | 2022-08-04 |
20220247783 | ELECTRONIC AUTHENTICATION INFRASTRUCTURE - Briefly, example methods, apparatuses, and/or articles of manufacture are disclosed that may be implemented, in whole or in part, using one or more computing devices to facilitate and/or support one or more operations and/or techniques for electronic authentication infrastructure, such as implemented, at least in part, via one or more electronic communications. | 2022-08-04 |
20220247784 | EXTENSION FRAMEWORK FOR AN INFORMATION TECHNOLOGY AND SECURITY OPERATIONS APPLICATION - Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins. | 2022-08-04 |
20220247785 | UNIFIED SYSTEM FOR DETECTING POLICY ENFORCEMENT ISSUES IN A CLOUD-BASED ENVIRONMENT - Disclosed is a unified security system of cloud-based components configured for (a) packet-level and (b) protocol-level access control and traffic inspection, (c) threat detection and (d) activity contextualization. Packet-level inspects and classifies headers in requests or responses, sets a first restrictive state or passes the request or response. Protocol-level performs deep packet inspection for malicious signatures then sets a second state or passes. Threat detection, when the request or response is an HTTP/S stream, classifies as directed to a threat destination or not, then sets a third state or passes the request or response and activity contextualization, when the request is an HTTP/S stream seeking access to a cloud-based application, recognizes, processes and classifies content-containing activity as compromising or not, then sets a fourth state or passes. A restrictive state analyzer determines whether the first, second, third or fourth restrictive state has been set and takes restrictive steps in response. | 2022-08-04 |
20220247786 | SECURITY POLICY GENERATION AND ENFORCEMENT FOR DEVICE CLUSTERS - Techniques for generating and enforcing security policies for device clusters are disclosed. A security manager generates a plurality of clusters of devices for applying security policies. For each cluster of devices, the security manager trains a machine learning model to indicate whether a particular data flow associated with a device in the particular cluster of devices is allowed or denied. The security manager detects a data flow corresponding to a device. If the security manager determines that the device corresponds to a first cluster of devices, the security manager identifies a first trained machine learning model corresponding to the first cluster of devices. The security manager applies the first trained machine learning model to the first data flow to determine whether the first data flow is to be allowed or denied. The security manager allows or denies the first data flow based on the applying operation. | 2022-08-04 |
20220247787 | UNIFIED AUTHORIZATION WITH DATA CONTROL LANGUAGE FOR CLOUD PLATFORMS - Methods, systems, and computer-readable storage media for receiving, by an AMS, a policy definition file defining policies to be enforced during execution of an instance of an application within the cloud platform, providing, by the AMS, an enhanced policy definition file indicating authorizations for roles for a policy of the policy definition file, providing an authentication bundle for execution of policy decisions at the instance, the authentication bundle provided based on the enhanced policy definition file, the authentication bundle distributed to application containers within the cloud platform, and during execution of the instance: transmitting, by the instance, an authorization request from the instance to an ADC, the ADC including an OPA and being executed within the container and executing policy decisions based on the authentication bundle, receiving, by the instance, a policy decision from the ADC and enforcing the policy based on the policy decision. | 2022-08-04 |
20220247788 | COMPUTER-BASED POLICY MANAGER FOR CLOUD-BASED UNIFIED FUNCTIONS - The technology discloses a computer-implemented policy manager device for a cloud-based security system that manages cloud-based unified functions of packet-level and protocol-level access control and traffic inspection, threat detection and activity contextualization on inspectable and non-inspectable traffic. Packet-level access control inspects packet headers for malformation, protocol-level access control performs deep packet inspection for malicious signatures, threat detection determines whether traffic in an HTTP/S stream as directed to a threat destination, and activity contextualization recognizes whether an activity in an HTTP/S stream accessing a cloud-based application is a compromising activity. Policy manager for a superset of fields specifying security policies across the cloud-based unified functions includes common fields shared by the unified functions, specification receiver handles policy specifications in a common format for values of the common fields, and policy manager is configured to validate, save and distribute policy specifications applicable to respective functions among the cloud-based unified functions. | 2022-08-04 |
20220247789 | SECURITY GUIDANCE FOR CREATION OF MULTI FACTOR AUTHENTICATION POLICY - An identity provider (“IdP”) system maintains a framework of authentication methods and security targets that enables flexible authentication policy authoring and analysis of authentication performed by users of an organization. The IdP system generates authentication method profiles that include authentication factors and attributes, which may be further classified as required or optional. The IdP system also generates security target profiles that indicate security requirements needed to satisfy the corresponding security targets. The IdP system uses the generated profiles to determine relationships between authentication methods and security targets (e.g., a list of authentication methods that satisfy a given security target). Using these relationships, the IdP system may enable users to author policies and analyze how users' authentication behaviors comply with security targets. | 2022-08-04 |
20220247790 | METHOD AND SYSTEMS FOR ANALYZING SECURITY COVERAGE OF A SET OF ENTERPRISE ACCESS MANAGEMENT POLICIES - Disclosed in some examples, are methods, systems, and machine-readable mediums for identifying security vulnerabilities across a plurality of access control policies. An administrator of the computing resource may be alerted to these vulnerabilities to allow the administrator to craft a policy, or modify an existing policy, to close these security gaps. In other examples, the system may automatically suggest and/or apply a modification to an existing policy or a new access control policy that closes the security gaps. The vulnerabilities may be determined based upon a comparison of the access control policy criteria in the previously set access control policies and a set of possible values of access control signals to determine access scenarios that are not covered by the access control policies. | 2022-08-04 |
20220247791 | SELECTIVE POLICY-DRIVEN INTERCEPTION OF ENCRYPTED NETWORK TRAFFIC UTILIZING A DOMAIN NAME SERVICE AND A SINGLE-SIGN ON SERVICE - Techniques for utilizing an enterprise traffic interception service (TIS) to enforce policies that mandate how clients access software as a service (SaaS) offered by service providers and selectively intercept enterprise network traffic utilizing a domain name service (DNS) and a single sign-on (SSO) service on a per-client per-service basis. The TIS may include a DNS server, an identity provider service, a TLS inspecting proxy, and/or a policy server. The DNS server may handle requests to resolve an address of a service, and identify a policy, stored in the policy server, to redirect the client based on the identity of the client and the service. The identity provider service may later query the policy server during client authorization for the service to verify that the client request is in line with the policy and allow or deny access to the service. | 2022-08-04 |
20220247792 | MULTI-ACCESS EDGE COMPUTING SERVICES SECURITY IN MOBILE NETWORKS BY PARSING APPLICATION PROGRAMMING INTERFACES - Techniques for providing multi-access edge computing (MEC) services security in mobile networks (e.g., service provider networks for mobile subscribers, such as for 5G networks) by parsing Application Programming Interfaces (APIs) are disclosed. In some embodiments, a system/process/computer program product for MEC services security in mobile networks by parsing APIs in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an API message associated with a new session, wherein the mobile network includes a 5G network or a converged 5G network that includes a multi-access edge computing (MEC) service; extracting mobile network identifier information from the API message at the security platform; and determining a security policy to apply at the security platform to the new session based on the mobile network identifier information. | 2022-08-04 |
20220247793 | SCANNING AND REMEDIATING CONFIGURATION SETTINGS OF A DEVICE USING A POLICY-DRIVEN APPROACH - The present disclosure relates to systems, methods, and computer-readable media for implementing an efficient and flexible policy-driven approach to securing a computing device. For example, systems disclosed herein can enforce a first security policy of a first security standard. Systems disclosed herein can further audit for a first compliance level with the first security standard. Systems disclosed herein can further audit for a second compliance level with a second security standard. Systems disclosed herein can further determine an overlap between the first security standard and the second security standard, the overlap associated with a second security policy. Systems disclosed herein can further enforce the second security standard. Systems disclosed herein can further determine an update of the first compliance level based on the overlap. | 2022-08-04 |
20220247794 | BACNET CONVERSION OF WATER MANAGEMENT DATA FOR BUILDING MANAGEMENT SOLUTIONS - Methods and systems of monitoring and managing a facility including a plurality of end point devices. One system includes a first gateway device. The first gateway device includes a first electronic processor configured to receive fixture data from at least one electro-mechanical element of a fixture associated with the facility, the fixture data related to an operation of the fixture, and enable transmission of the fixture data to a remote device for virtual processing. The system also includes a second gateway device communicatively coupled with the first gateway device. The second gateway device includes a second electronic processor configured to receive, from the first gateway device, the processed fixture data. The second electronic processor configured to convert the processed fixture data pursuant to a networking protocol associated with a building management system and transmit the converted fixture data for display via a visual dashboard associated with the building management system. | 2022-08-04 |
20220247795 | MEDIA CONTENT SERVICE DELIVERY IN A WIRELESS COMMUNICATION NETWORK - A wireless communication network delivers a video-conferencing service from a video-conferencing system to wireless User Equipment (UEs) over a wireless network core and a Radio Access Network (RAN). The wireless network core monitors performance of video-conferencing functions in the video-conferencing system and prioritizes the video-conferencing functions based on their performance. The wireless network core transfers a video-conferencing function list to the RAN that prioritizes the video-conferencing functions by their performance. The RAN wirelessly transfers the video-conferencing function list to the wireless UEs. The RAN wirelessly exchanges video-conference signaling between the wireless UEs and the wireless network core. The wireless network core exchanges the video-conference signaling between the RAN and the video-conferencing functions. Individual wireless UEs select their individual video-conferencing functions based on the video-conferencing function list that prioritizes the video-conferencing functions by their performance. | 2022-08-04 |
20220247796 | ELECTRONIC CONFERENCING - Aspects of the subject technology provide for secure, privacy-preserving access to electronic conferencing. In one or more implementations, participant devices in a conferencing session may be provided with the ability to expel one or more other participant devices from the conferencing session, even when the participant device(s) are not hosts or cohosts of the conferencing session. A participant device may be expellable by another participant device based on a connection mechanism by which the participant device is connected to the conferencing session, and/or based on an amount of time since the participant device joined the conferencing session. | 2022-08-04 |
20220247797 | ELECTRONIC CONFERENCING - Aspects of the subject technology provide for secure, privacy-preserving access to electronic conferencing. In one or more implementations, an electronic device associated with an account can generate links, such as links for joining an electronic conferencing session. In some use cases, multiple electronic devices can be associated with the same account. Aspects of the subject technology provide for synchronization of links generated by multiple electronic devices associated with the same account. | 2022-08-04 |
20220247798 | NETWORK NODES AND METHODS PERFORMED THEREIN FOR HANDLING DISCOVERY OF ENTRANCE POINTS TO AN IP MULTIMEDIA SUBSYSTEM - A method performed by a network node in a communications network, for handling of discovery of entrance points of a User Equipment (UE) to an IP Multimedia Subsystem (IMS) network, during an IMS Protocol Data Unit (PDU) session setup. The network node obtains a list of IMS entrance point instances, wherein the list of IMS entrance point instances comprises an address of each IMS entrance point instance and one or more transport protocols supported by each IMS entrance point instance. The network node generates, based on the obtained list of IMS entrance point instances, a configuration message for IMS entrance point discovery, comprising the address of the IMS entrance point instance and the one or more transport protocols supported by each IMS entrance point instance. The network node further provides to the UE the generated configuration message. | 2022-08-04 |
20220247799 | Outbound Call Routing In An Integrated Voice And Video Platform - Voice and video features of a software platform are integrated to enable customization of software services of the software platform on a customer-basis. Routing rules are defined to route calls to certain phone numbers from certain software services. Thereafter, when an outbound call is initiated by a software service, the call is received via a telephony system associated with the software platform, a routing rule customized for the software platform is identified based on information signaled with the call, such as an identifier associated with the software service. A phone number is determined based on the routing rule, and the outbound call reporting the determined phone number is delivered to a destination phone number. | 2022-08-04 |
20220247800 | SELECTIVE CONTENT SHARING - Co-browsing allows a providing party to access visual content on a computing device for sharing with one or more other parties. The parties receiving the shared image may have dissimilar security authorizations. Accordingly, systems and methods are provided that enable shared content, such as a document, web page viewed in a browser, etc., to automatically be redacted to block those parties who are not authorized to view the content. For example, a neural network may be utilized to scan the document and provide specific redacted copies to the parties so each can view the image of the content with unauthorized content redacted. | 2022-08-04 |
20220247801 | SYSTEMS AND METHODS FOR VIDEO CONFERENCING AND COLLABORATION - A conference and collaboration system including local computing devices and a receiver are provided. The receiver and/or local devices may run collaboration applications and/or virtual conferencing applications. The receiver and/or at least one local device may be in communication with a remote server running a conference platform and hosting a virtual conference. The receiver may join the conference as a participant and share audio/visual data with the conference platform. The local device may also join and may share audio/visual data with the conference platform and receive conference audio/visual data from the conference platform. The local device may share the conference audio/visual data with the receiver. The receiver may further receive audio/visual data from a non-participant local device and send such data to the conference platform. Alternatively, only a conference device may join the conference as a participant and share audio/visual data from the conference with the local devices. | 2022-08-04 |
20220247802 | SYSTEMS AND METHODS FOR JOINING A SHARED LISTENING SESSION - A server system stores a list of trusted users that are authorized to access a first electronic device's shared listening sessions. While the first electronic device is hosting a shared listening session playing back media on a second electronic device, the server system receives, from a third electronic device, a request that includes an identifier of the second electronic device. In response to the first request and in accordance with a determination that the third electronic device is associated with a user that is on the list of trusted users, the server system automatically transmits, to the third electronic device, a session identifier for the first shared listening session. The server system receives, from the third electronic device, a request to join the shared listening session, in response to the second request, provides, to the third electronic device, access to control media playback of the first listening session. | 2022-08-04 |
20220247803 | DYNAMIC DATA STREAM PROCESSING FOR APACHE KAFKA USING GRAPHQL - Systems and methods for specifying a stream processing topology via a client-side API without server-side support. A schema may be generated by a client-side application using a query language and transmitted to a stream processor registry, wherein the schema defines a desired data stream. The stream processor registry, acting as a server-side run time corresponding to the query language, may store the schema as metadata. The stream processor registry may generate a stream processing topology based on the metadata to obtain data relevant to the data stream and generate a user-specific topic comprising the data relevant to the data stream. The stream processor registry may filter the data relevant to the data stream based a subscription call by the client to generate a target topic comprising portions of the data relevant to the data stream. | 2022-08-04 |
20220247804 | METHODS AND SYSTEMS FOR DATA TRANSMISSION - Methods and systems for transmitting data are presented. Data received from at least one data source is retained in at least one buffer. In one example, initial hierarchical data may be provided from the at least one buffer to a device, followed by additional hierarchical data. In one example, the data is received into the at least one buffer via a multicast connection, and the data is provided to the device via a point-to-point connection. | 2022-08-04 |
20220247805 | AUTHENTICATING-AND-PROFILING SYSTEM AND METHOD FOR DELIVERING REQUESTED CONTENT - A server operates between a patron (user), a subscriber (e.g., owner of a venue of exhibits and its website; museum, stadium, zoo, theme park, etc.), and possibly third parties such as a content distribution network (CDN). Access and content delivery are based on 1) control information provided to a patron device by physical objects at the venue and sent by the patron device to the server as part of a mutual authentication to one another, 2) user-specific information corresponding to the patron device, and 3) a pre-authorization exchange granting user-device access to physical objects and the server with the server receiving access to the user-specific information in order to locate requested information and select a subset thereof adapted in accordance with the user information. Moving physically between exhibits, a patron device rapidly disengages and re-engages the server, based thereon, without repeated logins. | 2022-08-04 |
20220247806 | REMOTE DEVICE OPERATION USING DATA STREAM AGGREGATIONS - Remote device operation using data stream aggregations includes processing, during a performance of the event, input data streams representative of user interactions with user applications, such as to indicate levels of enthusiasm of the users with respect to occurrences within the event. Data of the input data streams are aggregated according to pooling constraints to determine data pools, which are then used to synthesize trends and trend velocities for determining an operation of a function of a remote device to cause. A signal configured to cause that operation is then transmitted to the remote device. | 2022-08-04 |
20220247807 | ENHANCED BLOCK-REQUEST STREAMING SYSTEM FOR HANDLING LOW-LATENCY STREAMING - A block-request streaming system provides for low-latency streaming of a media presentation. A plurality of media segments are generated according to an encoding protocol. Each media segment includes a random access point. A plurality of media fragments are encoded according to the same protocol. The media segments are aggregated from a plurality of media fragments. | 2022-08-04 |
20220247808 | CONTENT DISTRIBUTION NETWORK CONTROL BASED ON NETWORK MEASUREMENT DATA - Various embodiments of the invention relate to system and method for controlling data streaming rate in a content distribution network (CDN) based on the network performance measurement. Embodiments of the system involve estimating a maximum stable rate for streaming data and sending a media control packet including the maximum stable rate to a CDN gateway on a user-side device. Based on the maximum stable rate, a media server may adjust the streaming rate of the media file segments. Upon receiving the media control packet, the CDN gateway read the maximum stable rate and may reduce the instantaneous streaming speed if the current streaming rate is higher than the maximum stable rate. Alternatively, in response to the current streaming rate being much less than the maximum stable rate, the media server increases the instantaneous rate. | 2022-08-04 |
20220247809 | INFORMATION INDICATING METHOD AND APPARATUS, ELECTRONIC DEVICE AND STORAGE MEDIUM - The embodiments of the disclosure disclose an information indicating method and apparatus, an electronic device and a storage medium, where the method includes: acquiring a first position parameter of first target information in a current page, where the current page is a page in a shared file shared by a sharer client; acquiring a second position parameter of second target information in a display page of the sharer client; and determining an indication identifier according to the first position parameter and the second position parameter, and indicating the second target information according to the indication identifier. | 2022-08-04 |
20220247810 | MASS ELECTRONIC MAIL SENDING SYSTEM WITH FLEXIBLE PUBLIC SENDING NETWORK ADDRESSES - A method by an email sending system to send emails from different public sending network addresses. The method includes receiving, by a load balancer, an email that is to be sent by the email sending system, sending, by the load balancer, the email to a mail transfer agent (MTA) instance from a plurality of MTA instances, wherein each of the MTA instances has access to configuration data that indicates which proxy virtual machines (VMs) serve as egresses for which public sending network addresses, determining, by the MTA instance, a public sending network address to send the email from, determining, by the MTA instance based on consulting the configuration data, a proxy VM that serves as an egress for the public sending network address, and sending, by the MTA instance, the email to the proxy VM for sending to its destination from the public sending network address. | 2022-08-04 |
20220247811 | BALANCE OF LOAD - A system is provided that includes: a first load balancing device cluster, the first load balancing device cluster includes a first load balancing device pool and a second load balancing device pool; at least one first switch respectively coupled with each load balancing device in the first load balancing device pool via a routing protocol link; and at least one second switch respectively coupled with each load balancing device in the second load balancing device pool via a routing protocol link, the at least one first switch and the at least one second switch are configured to be able to be connected with the Internet; and one of the first load balancing device pool and the second load balancing device pool is configured as a standby load balancing device pool of the other. | 2022-08-04 |
20220247812 | Grey Failure Handling in Distributed Storage Systems - Techniques are disclosed relating to managing distributed storage of data across availability zones and the replication of data in case of storage server failures. A distributed storage system may include storage servers distributed across availability zones with an auditor instantiated in at least one storage server. The auditor manages the replication of data in the event of one or more storage servers failure in an availability zone. In the event of the failure, the auditor may determine the extent of the failure and whether the failure involves a small number or a large number of storage servers. In the event a large number of storage servers being affected, the auditor may delay replication of data to see if the failure is temporary and avoid unwanted data transfer of large amounts of data across availability zones. | 2022-08-04 |
20220247813 | SERVER MANAGEMENT SYSTEM, METHOD OF MANAGING SERVER, AND PROGRAM OF MANAGING SERVER - Provided is a server management system which selects an active system and a standby system by using multiple server resources managed by being divided into multiple categories in a predetermined standard and in which a service providing server is redundantly disposed, the system including: a selection information input unit acquiring selection information that is information necessary for selecting the category; a selection information storage unit storing the selection information input from the selection information input unit; a failure information storage unit storing failure information indicating a failure occurring in the category; a selection unit selecting an additional category based on an failure occurrence according to the active system and/or the standby system; and a selection result output unit outputing the category selected, in which the selection unit refers to the failure information with respect to a category satisfying a condition indicated by selection information and selects an additional category. | 2022-08-04 |
20220247814 | EDGE COMPUTING FOR INTERNET OF THINGS SECURITY WITH BLOCKCHAIN AUTHENTICATION - A device may include a memory storing instructions and processor configured to execute the instructions to receive, by a first blockchain node and via a first base station, a message from a first Internet of Things (IoT) device to a second IoT device, wherein the device corresponds to a first multi-access edge computing (MEC) device located in a first MEC network associated with the first base station. The processor may be further configured to authenticate, by the first blockchain node, the first IoT device using a blockchain associated with a group of IoT devices and send, by the first blockchain node, the message to a second blockchain node in a second MEC device in a second MEC network associated with a second base station servicing the second IoT device, in response to authenticating the first IoT device using the blockchain associated with the group of IoT devices. | 2022-08-04 |
20220247815 | NETWORK STORAGE BACKUP USING DISTRIBUTED MEDIA AGENTS - Certain embodiments disclosed herein reduce or eliminate a communication bottleneck at the storage manager by reducing communication with the storage manager while maintaining functionality of an information management system. In some implementations, a client obtains information for enabling a secondary storage job (e.g., a backup or restore) from a storage manager and stores the information (which may be referred to as job metadata) in a local cache. The client may then reuse the job metadata for multiple storage jobs reducing the frequency of communication with the storage manager. When a configuration of the information management system changes, or the availability of resources changes, the storage manager can push updates to the job metadata to the clients. Further, a client can periodically request updated job metadata from the storage manager ensuring that the client does not rely on out-of-date job metadata. | 2022-08-04 |
20220247816 | COOKIE-BASED NETWORK LOCATION OF STORAGE NODES IN CLOUD - Techniques are disclosed relating to storing location information about storage nodes in cookies. A cloud-based service may send location requests to an orchestration service that instantiated storage nodes included in a storage cluster of the cloud-based service. The cloud-based service may receive location information that identifies in which computer zone that a given storage node is located. The cloud-based service may store the location information in cookies at a metadata store that is shared among the storage nodes. The cloud-based service may receive, from a client node, a search request to identify ones of the storage nodes that store particular data. The cloud-based service may return a set of cookies corresponding to identified storage nodes. The set of cookies may enable the client node to determine whether there is a storage node that stores the particular data and is within the same computer zone as the client node. | 2022-08-04 |
20220247817 | MANAGEMENT SYSTEM, MANAGEMENT METHOD, MANAGEMENT PROGRAM, AND INSTALLATION PROGRAM - A management system includes a first communication device configured to access a cloud storage, and a second communication device that is configured to access the cloud storage and is communicably connected to a first terminal device or provided in a second terminal device. The first communication device is configured to execute a first writing processing of writing task request data into the cloud storage, and a first acquisition processing of acquiring terminal data from the cloud storage in response to arrival of a first acquisition timing. The second communication device is configured to execute a second acquisition processing of acquiring the task request data from the cloud storage in response to arrival of a second acquisition timing, and a second writing processing of acquiring the terminal data from the management target and write the terminal data into the cloud storage. | 2022-08-04 |
20220247818 | SYSTEMS AND METHODS FOR RECORDING AN INDETERMINISTIC TRANSACTION ON A DISTRIBUTED LEDGER NETWORK - A computer-implemented method and system of recording an indeterministic transaction on a distributed ledger network is described. The method comprises (a) selecting a transaction from a transaction pool; (b) determining if the transaction comprises a deterministic transaction or an indeterministic transaction, if the transaction comprises the indeterministic transaction, sending the indeterministic transaction to an off-chain controller, marking the indeterministic transaction as a pending indeterministic transaction, attaching an identifier to the pending indeterministic transaction, and proceeding to step (c), if the transaction comprises the deterministic transaction, computing a new state in an update to a ledger, updating a status of a second indeterministic transaction in the off-chain controller if the deterministic transaction comprises a second identifier of the second indeterministic transaction; and proceeding to step (c); (c) determining if a target update time or a maximum update size is reached. Other steps are also described herein. | 2022-08-04 |
20220247819 | REUSE OF EXECUTION ENVIRONMENTS WHILE GUARANTEEING ISOLATION IN SERVERLESS COMPUTING - Systems, methods, and computer-readable media are provided for reusing execution environments and code of serverless functions while ensuring isolation in serverless computing environments. In some examples, a method can include, in response to a first request to run a serverless function, executing, at an execution environment on a network, computer-readable code configured to perform the serverless function; after the computer-readable code has executed, modifying a pointer to an area of memory used to store a first state of the serverless function to reference a different area of memory; in response to a second request to run the serverless function, reusing, at the execution environment, the computer-readable code to perform the serverless function; and based on the pointer referencing the different area of memory, using the different area of memory to store a second state of the serverless function. | 2022-08-04 |
20220247820 | 5G Internet of Things Data Delivery - A wireless transmit/receive unit (WTRU) may establish one or more protocol data unit (PDU) sessions via a radio access network (RAN) node. The WTRU may transition to an inactive state. The WTRU may send a connection resume message to a RAN node that indicates a request to resume the established plurality of PDU sessions via the RAN node. The WTRU may receive a message from the RAN node. For example, the RAN node may send a message indicating a subset of the plurality of PDU sessions that are available upon resuming a connection with the RAN node. The WTRU may deactivate at least one established PDU session of the plurality of PDU sessions based on the received message from the RAN node that indicates at least one established PDU session not being included in the subset of the plurality of PDU sessions that are available. | 2022-08-04 |
20220247821 | Apparatus And Method For Client Connection Establishment - Connecting a client computer to a server may include receiving a first request at the server from the client computer for content managed by the server, and the first request includes a communication protocol and is sent from a first access point, receiving a second request at the server from the client computer for the content managed by the server, and the second request is transmitted from a second access point prior to the server responding to the first request and includes a different communication protocol than the first request, determining by the server the first request and the second request share a common attribute, transmitting a connection acceptance message from the server to the client computer identifying a selected one of the first request and the second request based on a most optimal connection associated with the selected request, and establishing a connection between the server and the client computer based on the selected request. | 2022-08-04 |
20220247822 | ELECTRONIC APPARATUS AND OPERATING METHOD THEREOF FOR DETERMINING SESSION DURATION TIME OF CHATBOT - An electronic apparatus and an operation method thereof for determining a session duration time according to a characteristic of a response message in a chatbot are provided. The electronic apparatus is configured to determine a default session time based on a difficulty level of the response message, determine an additional session time based on conversation history information through the chatbot prior to outputting of the response message, determine a session duration time, which is a sum of the default session time and the additional session time, and provide the session duration time. | 2022-08-04 |
20220247823 | MINIMIZING CONNECTION DELAY FOR A DATA SESSION - One example process may include identifying a paused active communication session between a client device and a server, releasing communication session resources dedicated to the communication session to a session resource pool, and re-establishing the active data session responsive to receiving a message from the client device including one or more session re-establishment parameters. | 2022-08-04 |
20220247824 | INTELLIGENT CONFIGURATION OF PERSONAL ENDPOINT DEVICES - Methods, systems, and apparatus, including computer programs encoded on computer storage media provide for the intelligent configuration of personal endpoint devices for video communication. The system identifies, within a room, a personal endpoint device to be used in a video communication session, then authenticates the personal endpoint device. The system then performs one or more diagnostic operations to receive diagnostic output from the personal endpoint device. The system processes the diagnostic output to determine a unique broadcasting signature of the room, and determines whether an existing optimal settings configuration of the personal endpoint device can be detected for the room. If an optimal settings configuration is detected, the setup dynamically configures one or more parameters of the personal endpoint device to match the optimal settings configuration. If not, then the system determines a new optimal settings configuration and stores it for future video communication in the room. | 2022-08-04 |
20220247825 | Managing Browser Session Navigation Between One Or More Browsers - Methods and systems for detecting and/or synchronizing browsing session navigation between one or more browsers are described herein. A browser window associated with a browser application executing at a server device may be displayed at a client device. An instance of a local browser window may execute at the client device, and a page comprising content may be displayed via the instance of the local browser window. Commands to navigate to a different page may be issued to either browser, and the commands may be synchronized between the browsers. | 2022-08-04 |
20220247826 | BROKERING APPARATUS AND BROKERING METHOD FOR TRUSTED REALITY SERVICE - A trust reality service brokering apparatus located on an edge cloud receives a context rule, analyzes event data of at least one physical entity connected to the edge cloud based on the context rule, and transmits an action command to a physical entity or virtual entity corresponding to the event when it is determined that an event has occurred according to an analysis result. | 2022-08-04 |
20220247827 | APPARATUS, METHODS, AND COMPUTER PROGRAMS - An aspect of the disclosed invention provides a network apparatus for a network function, the network apparatus comprising: at least one processor; and at least one memory comprising code that, when executed by the at least one processor, causes the network apparatus to: in response to a request from a service consumer, determine a first network service function for providing services to the service consumer; determine an identity of a second network service function, wherein the second network service function is an alternative or backup network service function to provide the service to the service consumer; and provide the service consumer with the identity of the second network service function. | 2022-08-04 |
20220247828 | Offloading Visual Frames to a Gateway Device - Implementations offload visual frames from a client device to a gateway or edge device for processing. The client device can receive streaming visual frames and a request to process the visual frames using a data service. The client device can offload visual frames to a gateway or edge device preloaded with a resource that corresponds to the requested data service. After the gateway or edge device processes the visual frames using the resource, the processed visual frames can be returned to the client device. In implementations, the offload device and client device are situated in a network such that a latency for the offload communications supports real-time video display. A gateway device manager can locate a gateway connected to the client device, and resources can be deployed (or the gateway can be prepopulated) so that the device can perform gateway services and edge processing services for the client device. | 2022-08-04 |
20220247829 | DYNAMIC OPTIMIZATION OF REQUEST PARAMETERS FOR PROXY SERVER - Systems and methods of task implementation are extended as provided herein and target the web crawling process through a step of submitting a request by a customer to a web crawler. The systems and methods allow a more complex request for a web crawler to be defined in order to receive more specific data. In one aspect, a method for data extraction and gathering from a Network by a Service provider infrastructure include the following steps: checking the parameters of a request received from a User's Device, adjusting the request parameters according to pre-established Scraping logic, selecting a Proxy according to the criteria of the pre-established Scraping logic, sending the adjusted request to the Target through the selected Proxy, checking metadata received from the Target, and forwarding the data to the User's device. | 2022-08-04 |
20220247830 | PROXY MANAGEMENT CONTROLLER SYSTEM - A proxy management controller system includes a first management controller device in a first server device, a second management controller device in a second server device, and a proxy management controller manager subsystem coupled to the first and second management controller device. The first management controller device receives an instruction from the proxy management controller manager subsystem to provide a proxy management controller for the second management controller device, and creates a proxy management controller virtual container for the second management controller device. The first management controller device then receives raw data collected by the second management controller device from the second server device, stores the raw data in the proxy management controller virtual container, and converts the raw data to formatted data. The first management controller device then uses the formatted data to perform at least one management operation that is associated with the second management controller device. | 2022-08-04 |
20220247831 | WIFI ROUTER BUFFERED DOWNLOAD - A computer implemented method includes receiving an indication from a user internet access device that the user internet access device supports user internet access device download management, The user device then generates a download request for a data download and sends the download request from the user device to the user internet access device. The user device is then disconnected. The internet access device continues downloading and storing the data while the user device is disconnected. In response to connecting of the user device, the data downloaded is received from the user internet access device. | 2022-08-04 |
20220247832 | DEPENDENCY MANAGEMENT FOR SHARED DATA OBJECTS IN A DATABASE SYSTEM - Techniques are disclosed relating to managing dependencies between shared data objects in a database system. In various embodiments, a data storage system may maintain a function cache that is operable to store functions that are accessible to one or more applications hosted by a server system. In response to a request to invalidate a first data type utilized by one or more of these functions, various embodiments may include accessing an inverted index that specifies a mapping between data types and corresponding functions, stored in the function cache, which depend on those data types. Using the inverted index, various embodiments include identifying a set of functions that depend on the first data type and invalidating the set of functions in the function cache such that the set of functions are no longer accessible by the applications. | 2022-08-04 |
20220247833 | INSTALLABLE WEB APPLICATIONS - According to one general aspect, a method of executing a web application installed on an apparatus may include executing, via a processor included by the apparatus, a web browser. The method may include loading, via the web browser, the web application. In some embodiments, the web application may include a manifest and at least a portion of a web site and wherein the web application was packaged as an installable entity. The method may further include managing, by the web browser, the execution of the web application. The method may include accessing, via the web browser, from a local storage medium one or more portions of the web site included by the web application. In some embodiments, the one or more portions of the web site may have been stored in the local storage medium when the web application was installed. | 2022-08-04 |
20220247834 | System and Method for Improving Internet Communication by Using Intermediate Nodes - A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both. The partition into slices may be overlapping or non-overlapping, and the same slice (or the whole content) may be fetched via multiple tunnel devices. | 2022-08-04 |
20220247835 | System and Method for Improving Internet Communication by Using Intermediate Nodes - A method for fetching a content from a web server to a client device is disclosed, using tunnel devices serving as intermediate devices. The client device accesses an acceleration server to receive a list of available tunnel devices. The requested content is partitioned into slices, and the client device sends a request for the slices to the available tunnel devices. The tunnel devices in turn fetch the slices from the data server, and send the slices to the client device, where the content is reconstructed from the received slices. A client device may also serve as a tunnel device, serving as an intermediate device to other client devices. Similarly, a tunnel device may also serve as a client device for fetching content from a data server. The selection of tunnel devices to be used by a client device may be in the acceleration server, in the client device, or in both. The partition into slices may be overlapping or non-overlapping, and the same slice (or the whole content) may be fetched via multiple tunnel devices. | 2022-08-04 |
20220247836 | GUEST ACCESS MANAGEMENT IN A MOBILE APPLICATION - Identifying as a guest a user of a mobile application on a mobile device includes: following a selection to use the mobile application in guest mode, sending by an access request to a web server of a web platform, including a device token generated by a trusted provider, generating by the web server a guest user ID and sending the guest user ID to the mobile application, generating a passcode and sending the passcode along with the device token to the trusted provider, relaying by the trusted provider through a push notification service the passcode to the mobile device and the mobile application, returning by the mobile application the passcode along with the guest user ID to the web server, verifying that the returned passcode matches the guest user ID and, in case of positive match, creating a user account in a database, using the guest user ID as identifier. | 2022-08-04 |
20220247837 | COORDINATION AMONG ARTIFICIAL REALITY LINKS - Disclosed herein are related to a system and a method of coordinating among artificial reality links. In one approach, a system comprising a first console for executing an application for artificial reality may include a wireless communication interface and a processor. The processor may be configured to send, via the wireless communication interface, a first message comprising a first plurality of parameters and a first schedule for access to a shared wireless channel by the first console, receive, from a second console via the wireless communication interface, a second message comprising a second plurality of parameters and a second schedule for access to the shared wireless channel by the second console, update, responsive to the second message, the first plurality of parameters and the first schedule, and/or send, via the wireless communication interface, a third message comprising the updated first plurality of parameters and the updated first schedule. | 2022-08-04 |
20220247838 | CONTEXTUAL CONNECTION INVITATIONS - Systems and methods are provided for including information in an invitation from a first to connect with a second user that identifies a context regarding how the first user found the second user. A system can include a request component configured to receive, at a first network source, information identifying a second user that a first user has selected to send an invitation to connect with at the first network source, a context component configured to determine a context regarding selection of the second user by the first user, including where the first user found the information identifying the second user, and a generation component configured to generate an invitation that invites the second user to connect with the first user at the first network source. The invitation comprises first user identification information and context information identifying the context regarding the selection of the second user by the first user. | 2022-08-04 |
20220247839 | Service Subscription Method and System for Reporting Service Change in Communication System - A service subscription method and an apparatus for reporting a service change, where the method includes a first network function network element sending the address of the first network function network element to a second network function network element. Therefore, when a first service changes, the first network function network element can receive a notification. | 2022-08-04 |