33rd week of 2022 patent applcation highlights part 71 |
Patent application number | Title | Published |
20220263772 | METADATA DRIVEN STATIC DETERMINATION OF CONTROLLER AVAILABILITY - Systems and methods for determining if a controller that can service a custom resource (CR) exists are disclosed. The method includes evaluating a custom resource (CR) and determining whether a controller among a plurality of controllers can service the CR based on filter metadata associated with each of the plurality of controllers. | 2022-08-18 |
20220263773 | Upstream Bandwidth Management Methods and Apparatus - A system and method for managing bandwidth of an upstream communications channel in a communications system. | 2022-08-18 |
20220263774 | HYPERSCALE SWITCH AND METHOD FOR DATA PACKET NETWORK SWITCHING - A hyperscale switch is implemented with a plurality of semiconductor crossbar switching elements connected to one another according to a direct point-to-point electrical mesh interconnect for transceiving data packets between peripheral devices connected to the switch and utilizing a lookup table and network device addressing for reduced switching power. | 2022-08-18 |
20220263775 | METHOD AND SYSTEM FOR VIRTUAL CHANNEL REMAPPING - A virtual channel (VC) allocation system is provided. During operation, the system can maintain, at an ingress port of a switch, a set of counters. A respective counter can indicate a number of data units queued at a corresponding egress port for an ingress VC. A data unit can indicate a minimum number of bits needed to form a packet. The system can maintain, at an egress port, an ingress VC indicator indicating that a packet in an egress buffer for an egress VC corresponds to the ingress VC. Upon sending the packet, the system can update a counter based on the ingress VC indicator. The counter can be associated with the egress buffer and the ingress VC. The system can then issue, to a sender device, credits associated with the ingress VC based on a minimum number of available data units indicated by the set of counters. | 2022-08-18 |
20220263776 | Zero-Copy Buffering of Traffic of Long-Haul Links - A network device includes multiple ports, multiple buffer slices, a controller, and buffer control circuitry. The multiple ports are configured to communicate packets over a network. The multiple buffer slices are linked respectively to the multiple ports. The controller is configured to allocate a group of two or more of the buffer slices to a selected port among the ports. The buffer control circuitry is configured to buffer the packets, communicated via the selected port, in the group of the buffer slices, using zero-copy buffering. | 2022-08-18 |
20220263777 | CONTROL APPARATUS AND NON-TRANSITORY COMPUTER READABLE MEDIUM - A control apparatus includes an execution controller configured to, when information related to an instruction for causing an information processing apparatus to execute a specific process is posted by a user in a talk room in which each of plural participating users is capable of posting and viewing information, control one information processing apparatus among information processing apparatuses associated with other users, among the users participating in the talk room, than the user who posts the information, to execute the specific process. | 2022-08-18 |
20220263778 | SYSTEMS AND METHODS FOR A TWO-TIER MACHINE LEARNING MODEL FOR GENERATING CONVERSATIONAL RESPONSES - Methods and systems are described for generating dynamic conversational responses using two-tier machine learning models. The dynamic conversational responses may be generated in real time and reflect the likely goals and/or intents of a user. The two-tier machine learning model may include a first tier that determines an intent cluster based on a feature input, and a second tier that determines a specific intent from the cluster. | 2022-08-18 |
20220263779 | MESSAGING SYSTEM INCLUDING AN EXTERNAL-RESOURCE DOCK AND DRAWER - A conversation interface in a messaging application is displayed, the conversation interface being presented to participants in a conversation that is being conducted on the messaging application. The conversation interface is constructed by determining statuses of at least two external resources that have been launched, within the context of the messaging application, by one or more of the conversation participants. An external resource notification interface (or “dock”) is displayed in the conversation interface, the external resource notification interface including icons corresponding to the at least two external resources. Upon user selection of the external resource notification interface, a list interface (or “drawer”) including user-selectable cells corresponding to the at least two external resources is displayed. | 2022-08-18 |
20220263780 | METHOD AND SYSTEM FOR RESOLVING PRODUCER AND CONSUMER AFFINITIES IN INTERACTION SERVICING - A system and a method for processing a message on a processing platform, such as a Kafka processing platform, are provided. The method includes: acquiring a plurality of partitions from the messaging platform; designating a first partition from among the plurality of partitions as a sticky partition; generating a plurality of routing keys that are configured to route messages to the sticky partition; using a first routing key from among the plurality of routing keys to identify a first service subscription; subscribing to a second service using the first routing key; and receiving a message transmitted by the second service. | 2022-08-18 |
20220263781 | METHOD AND SYSTEM FOR MANAGING AVATAR USAGE RIGHTS - A method for managing avatar usage rights including transmitting a request to use an avatar of a second user who is registered as a messenger friend of a first user of a user terminal on an instant messaging service, and in response to the request to use the avatar of the second user being accepted by the second user, allowing the use of the avatar of the second user in the user terminal associated with the first user may be provided. | 2022-08-18 |
20220263782 | MULTI-CHANNEL MESSAGING SYSTEM - A computer-implemented method is disclosed. The method includes: detecting a trigger condition associated with a data record based on monitoring data record operations in connection with the data record; in response to detecting the trigger condition, generating a first message object for the data record, the first message object being associated with at least one compatible access channel and one or more defined rules for evaluating the first message object prior to delivery of the first message object to a recipient entity; storing the first message object in a memory, the first message object being stored in association with a first set of one or more message objects for the data record, wherein the first set defines an order for the one or more message objects; detecting a data record operation via a first access channel; retrieving, from the memory, at least one message object of the first set that is associated with the first access channel; and causing the at least one message object to be delivered to the recipient entity via the first access channel. | 2022-08-18 |
20220263783 | USER CONTEXT RECOGNITION IN MESSAGING SERVICE ENVIRONMENT AND INTERACTION WITH MESSAGING SERVICE BASED ON USER CONTEXT RECOGNITION - Disclosed is technique for a user context detection and interaction with a messaging service based on a user context in a messaging service environment. An interaction method of a mobile device may include acquiring information associated with a context of at least one of a mobile device and a user of the mobile device under control of an application installed and executed on the mobile device in association with a messaging service, determining a context of the user based on the acquired information, verifying a function to be provided to the user through the messaging service based on the determined context of the user, dynamically determining a configuration of a user interface based on the determined context of the user, and providing the function through the user interface of which the configuration is dynamically determined. | 2022-08-18 |
20220263784 | GRAPHICAL USER INTERFACE NAVIGATIONAL SYMBOL - A method for real-time multiparty communications across a social network organized according to a fluid timeline is taught. In the method, a user accesses the social network. The user views a story posted by a first user and favorably reacted to by a second user. The user also likes the story, so the user favorably reacts to the posted story. Since a threshold number of users have favorably reacted to the posted story, a collective network group messaging feature is made available. The user accesses the feature participates in real time in a collective network group messaging session in a virtual room with at least one other user. | 2022-08-18 |
20220263785 | REAL TIME COLLECTIVE NETWORK GROUP MESSAGING SESSION - A method for real-time multiparty communications across a social network organized according to a fluid timeline is taught. In the method, a user accesses the social network. The user views a story posted by a first user and favorably reacted to by a second user. The user also likes the story, so the user favorably reacts to the posted story. Since a threshold number of users have favorably reacted to the posted story, a collective network group messaging feature is made available. The user accesses the feature participates in real time in a collective network group messaging session in a virtual room with at least one other user. | 2022-08-18 |
20220263786 | METHODS, SYSTEMS, APPARATUSES, AND DEVICES FOR FACILITATING MANAGING DIGITAL CONTENT - A method and system for facilitating managing digital content is provided. Further, the method comprises receiving digital content, a supplemental content identifier, and a plurality of target identifiers corresponding to a plurality of target consumer devices from the one source user device, identifying a plurality of destination servers associated with the plurality of target identifiers, identifying a supplemental content based on the supplemental content identifier, processing the digital content based on a plurality of platform characteristics corresponding to the plurality of destination servers embedding the supplemental content in the digital content, generating the supplemental content in the digital content, generating a plurality of digital content based on the processing, transmitting, the plurality of digital content to the plurality of destination servers, and authenticating a consumer with the of destination servers based on a credentials. | 2022-08-18 |
20220263787 | METHOD AND APPARATUS FOR SHARING USER EVENT BETWEEN CHATBOTS - Provided is a method by which a cross chatbot gateway allows an event to be shared between chatbots, and the method includes the steps of: receiving an event message from a first chatbot communicating with a first chatting server using a first chatting protocol, wherein the event message includes destination information and event information of a first user, who is a chatting counterpart of the first chatbot; and transmitting the event information to a second chatbot communicating with a second chatting server using a second chatting protocol, on the basis of the destination information. | 2022-08-18 |
20220263788 | METHOD AND DEVICE FOR EDGE APPLICATION SERVER DISCOVERY - The disclosure relates to a 5th generation (5G) communication system communication scheme and a system thereof to support a higher data rate than that of the 4th generation (4G) system. A method performed by an edge application server discover function (EASDF) to discover an edge application server (EAS) is provided. The method includes receiving EAS domain configuration information including an enhanced domain name system (DNS) client subnet (ECS) option from an edge application service domain repository (EDR), receiving a protocol data unit (PDU) session state report message including a DNS message processing rule from an session management function (SMF), receiving a DNS query message from a user equipment (UE), processing the DNS query message based on the EAS domain configuration information and the PDU session state report message, transmitting the processed DNS query message to a DNS server, receiving a DNS response message including an EAS internet protocol (IP) address from the DNS server in response to the processed DNS query message, and transmitting the DNS response message to the UE. | 2022-08-18 |
20220263789 | SCALING IP ADDRESSES IN OVERLAY NETWORKS - Techniques are disclosed for scaling an IP address in overlay networks without using load balancers. In certain implementations, an overlay IP address can be attached to multiple compute instances via virtual network interface cards (VNICs) associated with the multiple compute instances. Traffic directed to the multi-attached IP address is distributed across the multiple compute instances. In some other implementations, ECMP techniques in overlay networks are used to scale an overlay IP address. In forwarding tables used for routing packets, the IP address being scaled is associated with multiple next hop paths to multiple network virtualization devices (NVDs) associated with the multiple compute instances. When a particular packet directed to the overlay IP address is to be routed, one of the multiple next hop paths is selected for routing the packet. This enables packets directed to the IP address to be distributed across the multiple compute instances. | 2022-08-18 |
20220263790 | CONTENT-MODIFICATION SYSTEM WITH HOUSEHOLD COORDINATION FEATURE - In one aspect, an example method includes receiving, from a first content-presentation device, a request for supplemental content for use in connection with performing a content-modification operation; identifying a download conflict between the first content-presentation device and a second content-presentation device having a same IP address as the first content-presentation device; and providing, to the first content-presentation device, a response to the request, with the request including a download delay instruction. Reception of the download delay instruction by the first content-presentation device causes the first content-presentation device to wait until a condition associated with the download delay instruction is satisfied before downloading a supplemental content item specified in the response. | 2022-08-18 |
20220263791 | VIRTUAL NETWORK ROUTING GATEWAY THAT SUPPORTS ADDRESS TRANSLATION FOR DATAPLANE AS WELL AS DYNAMIC ROUTING PROTOCOLS (CONTROL PLANE) - Systems and methods for a virtual network routing gateway that supports address translation for data plane as well as dynamic routing protocols are disclosed herein. The method can include coupling a gateway with a plurality of ports to a network having a plurality of first IP addresses in a private address space, generating a Network Address Translation (“NAT”) function in the gateway, inputting translation information into the NAT function, advertising routes based on the translation information, populating a unified routing table in the gateway based on the plurality of first IP addresses in the private address space and on translated route advertisements, receive an inbound network packet at the gateway, translating an inbound address of the inbound network packet with the NAT function, and delivering the network packet according to the routing table and based on the translated inbound address. | 2022-08-18 |
20220263792 | NETWORK ADDRESS TRANSLATION (NAT) TRAVERSAL AND PROXY BETWEEN USER PLANE FUNCTION (UPF) AND SESSION MANAGEMENT FUNCTION (SMF) - A method enables communication between Session Management Function (SMF) and User Plane Function (UPF) instances which are separately deployed behind Network Address Translation (NAT) services. The method includes configuring an SMF or a UPF to initiate an association with a corresponding UPF or SMF. The SMF registers first information with a Network Repository Function (NRF) enabling the remote UPF to communicate with the SMF through a NAT service. The method further includes obtaining second information from the NRF enabling the SMF to communicate with the remote UPF through the NAT service. The method also includes sending an association request to the remote UPF based on the second information and receiving an association response from the remote UPF through the NAT service. | 2022-08-18 |
20220263793 | CLOUD INFRASTRUCTURE RESOURCES FOR CONNECTING A SERVICE PROVIDER PRIVATE NETWORK TO A CUSTOMER PRIVATE NETWORK - Techniques for providing, to a resource on a private network of a service provider, access to a resource on a private network of a customer. Service to customer (S2C) resources deployed on a cloud infrastructure to facilitate the access. Whereas IP address ranges may overlap between private networks and/or private IP addresses may be used in one or more of the private networks, the S2C resources enable the data exchange between the private networks. For example, the S2C resources translate between IP addresses such that data within each private network uses IP addresses that can be properly processed by the private network. | 2022-08-18 |
20220263794 | METHOD, APPARATUS, AND SYSTEM FOR GENERATING FORWARDING INFORMATION - This application provides a method, an apparatus, and a system for generating forwarding information. The method includes: A first network device receives n packets, where the n packets include n media access control (MAC) addresses, and source MAC addresses of the n packets are respectively the n MAC addresses. The first network device stores the correspondence between the n MAC addresses and n translated MAC addresses belonging to a same MAC address segment, and the first network device sends the first MAC address segment to a second network device. The method reduces the quantity of MAC routes locally maintained by a device such as a network provider edge router, saves device storage resources, improves query efficiency, and relieves the pressure of maintaining MAC routes locally on a device. | 2022-08-18 |
20220263795 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING PROGRAM - An information processing apparatus includes a processor configured to receive a first e-mail, generate a document including content in a body of the first e-mail, generate address information for accessing the document, send a second e-mail to an e-mail address designated as an addressee of the first e-mail, the second e-mail including the address information and only a portion of the content in the body of the first e-mail, and in a case where an address indicated by the address information is accessed by a user of the addressee, display the document on a display of the addressee user. | 2022-08-18 |
20220263796 | Method and Device for IP Address Allocation and Topology Management in DAS System, and Storage Medium - The present disclosure relates to a method and a device for IP address allocation and topology management in a DAS system, and a readable storage medium. The method for IP address allocation and topology management in a DAS system comprises: configuring a port number for a communication port of a host; allocating an address number and one or more port numbers to a first-level slave according to a port number of the host; allocating an address number and one or more port numbers to a next-level slave according to a port number of a previous-level slave; and determining an IP address of a corresponding slave according to a network segment number of the host and the address number of the slave. | 2022-08-18 |
20220263797 | IAB NODE DUAL CONNECTIVITY SETUP METHOD AND COMMUNICATION APPARATUS - The present disclosure relates to integrated access and backhaul (IAB) node dual connectivity setup methods and communication apparatus. In one example method, a first IAB node sets up a first F1 interface with a primary donor node of the first IAB node. The first IAB node obtains an internet protocol (IP) address anchored at a secondary donor node connected to the first IAB node and/or configuration information of a serving cell, of the first IAB node, belonging to the secondary donor node. The first IAB node sends, to the secondary donor node, a request for setting up a second F1 interface with the secondary donor node, where the request includes the configuration information of the serving cell, of the first IAB node, belonging to the secondary donor node. | 2022-08-18 |
20220263798 | APPLICATION AND NETWORK SLICE SECURITY PROFILE MAPPING FOR SECURE TUNNELING - A network node residing in a mobile network identifies a first network slice of the mobile network for use by a first session between a first user equipment device (UE) and a first application hosted by a first hosting device. The network node obtains a first security profile based on an identity of the first application and based on the identified first network slice, and establishes, using the obtained first security profile, a first secure tunnel between the network node and the first hosting device for transporting first data units associated with the first session between the network node and the first hosting device. | 2022-08-18 |
20220263799 | DYNAMICALLY ROUTING NETWORK TRAFFIC BETWEEN DEFENSE LAYERS - Techniques are disclosed relating to dynamically routing network traffic between defense layers. For example, in various embodiments, a server system may implement a traffic distribution module that is operable to distribute a particular type of network traffic across multiple different defense layers. The traffic distribution module may receive a first set of requests that have been identified as being indicative of that particular type of network traffic and then route this first set of requests across the different defense layers based on a set of distribution weightage values. In various embodiments, the disclosed techniques include determining an updated set of distribution weightage values based on an effectiveness of the defense layers in mitigating the particular type of network traffic. In such embodiments, the traffic distribution module may then use this updated set of distribution weightage values to route a second set of network traffic across the various defense layers. | 2022-08-18 |
20220263800 | SECURE ON-PREMISE TO CLOUD COMMUNICATION - A plurality of system nodes coupled via a dedicated private network is described herein. The nodes offer an end-to-end solution for protecting against network-based attacks. The nodes can include network gateways that allow remote systems, such as servers located at an entity's place of operation or a data center accessible by the entity, to securely transmit data between the nodes and the remote systems. For example, the network gateways can transmit split data into different portions, and transmit each portion over a different path through a public network to mitigate the effects of man-in-the-middle attacks. Once data reaches a node, transmission of the data from one node to another can pass through multiple intermediary nodes via the dedicated private network. The nodes and/or remote systems may also include cross-domain guard devices that control whether data can pass from one security domain to another. | 2022-08-18 |
20220263801 | EDGE DATA CORRECTNESS AND CORRECTNESS SPREAD DETERMINATION - A method, system and apparatus for providing edge data correctness and correctness spread determination, including identifying an incorrectness bias in data received at an edge server of a network through a filter with filter rules, performing corrective measures to the data according to the incorrectness bias that is identified, and learning and automatically updating the filter rules of the filter based on an extent of the incorrectness bias of the data and spread of the incorrectness bias of the data to reduce latency in future data validation of the data. | 2022-08-18 |
20220263802 | REMOTE SESSION BASED MICRO-SEGMENTATION - The disclosure provides an approach for implementing a distributed firewall within a data center. The firewall is implemented as a kernel space filter driver within the operating system of virtual machines. Each virtual machine hosts several user sessions. The firewall may be dynamically updated with new security policies, either by an administrator or a component of the data center. | 2022-08-18 |
20220263803 | Information Reporting Method, Data Processing Method, and Apparatus - An information reporting method includes after receiving a Border Gateway Protocol (BGP) flow specification (FS) rule, a network node obtains a status of implementing the BGP FS rule on the network node, where the status indicates that either the BGP FS rule is implemented on the network node or the BGP FS rule is not implemented on the network node. Then the network node sends the status to a server. | 2022-08-18 |
20220263804 | VPN MANAGER AND MONITOR FOR VPN CONNECTION SELECTION - Dependence on Virtual Private Network (VPN) connections to a target source continues to increase along with the need for improved connection reliability and speed. A VPN manager provides an automatic or seamless switching of the routing of data or traffic directed to an initial VPN connection associated with an initial VPN gateway at the target source to a different VPN connection associated with a different VPN gateway of the target source. The VPN manager can select a VPN connection based on a monitored VPN session status. The VPN session status can be based on one or more VPN status parameters. The VPN session status can be customized. Switching routing from an initial VPN connection to a different VPN connection provides a VPN session with the VPN connection that meets the requirements of a user providing an enhanced the Quality of experience (QoE) of a user. | 2022-08-18 |
20220263805 | SCALABLE BROKERLESS MESSAGING STRATEGY WITH SIDECAR SECURITY CONTAINER STACK - A scalable brokerless messaging network includes a service mesh implementing a plurality of service nodes in signal communication with one another to exchange a plurality of messages. A control plane is in signal communication with the plurality of service nodes and is configured to register an application service associated with a given service node included in the service mesh. The plurality of service nodes define a messaging middleware layer that establishes several point-to-point connections between each service in the network via transmission control protocol (TCP) sockets. | 2022-08-18 |
20220263806 | ENCRYPTED COMMUNICATION OF A SENSOR DATA CHARACTERISTIC - A sensor may obtain sensor data. The sensor may transmit the sensor data to a controller via a sensor-controller interface. The sensor may determine, based on the sensor data, a security characteristic for the sensor data. The sensor may encrypt the security characteristic to generate an encrypted security characteristic. The sensor may transmit the encrypted security characteristic to the controller via the sensor-controller interface. | 2022-08-18 |
20220263807 | Systems and Methods for Application Identification - Systems and methods for application identification in accordance with embodiments of the invention are disclosed. In one embodiment, a user device includes a processor and memory configured to store an application, a session manager, an application identifier, and at least one shared library, and the processor is configured by the session manager to communicate the application identifier and the application identifier data to an authentication server and permit the execution of the application in response to authentication of the application by the authentication server. | 2022-08-18 |
20220263808 | ETHERNET DATA TRANSMISSION CIRCUIT AND SYSTEM AND ETHERNET DATA TRANSMISSION METHOD - An Ethernet data transmission circuit, an Ethernet data transmission system and an Ethernet data transmission method are provided. The Ethernet data transmission circuit includes: a polarity processing circuit for processing a polarity carried by Ethernet data into a preset polarity; and an encoder for receiving the Ethernet data and the preset polarity carried by the Ethernet data, and encoding the Ethernet data. On the one hand, the security of Ethernet in a transmission process can be improved; on the other hand, without increasing workload of the encoder, the polarity processing circuit of the Ethernet data transmission circuit can be used to process the Ethernet data to be with a preset polarity, to facilitate the encoder to code. | 2022-08-18 |
20220263809 | METHOD AND SYSTEM FOR DIGITAL RIGHTS MANAGEMENT OF DOCUMENTS - A method and system for transmission of digital content via e-mail with point of use digital rights management is disclosed. The secured access rights to the digital content may be customized for individual recipients by the sender, and may evolve over time. The access rights are enforced according to a time-dependent scheme. A key server is used to arbitrate session keys for the encrypted content, eliminating the requirement to exchange public keys prior to transmission of the digital content. During the entire process of transmitting and receiving e-mail messages and documents, the exchange of cryptographic keys remains totally transparent to the users of the system. Additionally, electronic documents may be digitally signed with authentication of the signature. | 2022-08-18 |
20220263810 | SYSTEM AND METHOD FOR TRANSFERRING DATA - According to one example, a system includes a first computing device that includes one or more processors configured to generate a first encryption key, and encrypt data, using the first encryption key, for transmittal to a second computing device. The one or more processors are further configured to determine a first set of tokens; determine, from the first set of tokens, a plurality of tokens for the first encryption key; generate a packet comprising the encrypted data, and further comprising the plurality of tokens; and transmit the packet for receipt by the second computing device. | 2022-08-18 |
20220263811 | Methods and Systems for Internet Key Exchange Re-Authentication Optimization - A method for Internet Key Exchange (IKE) re-authentication optimization includes sending, by a first network device and a second network device, a notification, which contains new Security Parameters Index (SPI) for new security association (SA), and sending, by the first network device alone, an OLD_SPI notification to map SPI of Internet Protocol Security (IPsec) (Authentication Header (AH)/Encapsulating Security Payload (ESP)) with the old IPSec SA. | 2022-08-18 |
20220263812 | NETWORK SECURITY ARCHITECTURE - In an aspect, a network supporting client devices includes one or more network nodes implementing network functions. Such network functions enable a client device to apply a security context to communications with the network when the client device is not in a connected mode. The client device obtains a user plane key shared with a user plane network function implemented at a first network node and/or a control plane key shared with a control plane network function implemented at a second network node. The client device protects a data packet with the user plane key or a control packet with the control plane key. The data packet includes first destination information indicating the first network node and the control packet includes second destination information indicating the second network node. The client device transmits the data packet or control packet. | 2022-08-18 |
20220263813 | MULTI-LAYER AUTHENTICATION - A layered authentication process can use a first authentication layer to filter out invalid requests. The first layer can perform a lightweight authentication to determine requests that do not meet certain authentication criteria. This can include, for example, denying requests that have invalid credentials or that are received from unapproved locations or sources, or that lack the proper format. Requests that pass the initial authentication can be directed to a more robust authentication service that is capable for performing a full authentication of the request. Such an approach prevents various invalid requests from being delivered to the robust authentication service, thereby preventing the robust authentication service from being overwhelmed by a large number of requests, such as may correspond to a coordinated attack on the service. | 2022-08-18 |
20220263814 | MANAGING THIRD-PARTY ACCESS TO CONFIDENTIAL DATA USING DYNAMICALLY GENERATED APPLICATION-SPECIFIC CREDENTIALS - The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically manage consent, permissioning, and trust between computing systems and unrelated, third-party applications operating within a computing environment. By way of example, the apparatus may receive a request for an element of data that includes an access token and first credential data associated with an application program. When the first credential data corresponds to second credential data associated with the application program, may determine that the requested data element is accessible to the application program and perform operations that validate the access token. Further, and based on the validation of the access token, that apparatus may obtain and encrypt the requested data element, and may transmit the encrypted data element to a device via the communications interface. | 2022-08-18 |
20220263815 | MULTIPLE APPLICATION AUTHENTICATION - Systems and methods are provided for sharing authentication information. The systems and methods include retrieving, with a messaging application, a list of applications that are installed on a user device; searching the list of applications to identify a given application within the list of applications that is configured to share authentication information with the messaging application; and in response to identifying the given application within the list of applications, generating for display within a graphical user interface of the messaging application an option to authorize the messaging application to share authentication information with the given application. | 2022-08-18 |
20220263816 | AUTHENTICATION IDENTITY MANAGEMENT FOR MOBILE DEVICE APPLICATIONS - An identity authenticator receives a first authentication credential from a first application at a first computing device. The identity authenticator then determines that the first authentication credential is associated with a second authentication credential for the first application at a second computing device based on a stored authentication identity. The identity authenticator then provides a stored execution state for the first application to the first computing device, wherein the stored execution state is associated, based on the stored authentication identity, with at least one of the first authentication credential or the second authentication credential. | 2022-08-18 |
20220263817 | Method and System for Securely Authenticating a User by an Identity and Access Service Using a Pictorial Code and a One-Time Code - The present invention comprises scanning, by a mobile device of the user, a QR code generated by a server application when the user requests access to a secure web portal and generating, within a client application, a login code which is used to authenticate the user within an authentication service and then being redirected to the requested portal. | 2022-08-18 |
20220263818 | USING A SERVICE WORKER TO PRESENT A THIRD-PARTY CRYPTOGRAPHIC CREDENTIAL - A method is provided for remote identification of a subject to a verifier using a third-party cryptographic credential. To create the credential, JavaScript code originating from the credential issuer generates a key pair using a cryptographic library, the Web Cryptography API or a FIDO2 authenticator, obtains from the issuer a disclosable portion of the credential containing the public key and subject attributes, and registers a service worker with the browser. To identify the subject, the verifier redirects a login request to a URL in the scope of the service worker, which intercepts the redirected request and dynamically generates a credential presentation page that sends the disclosable portion of the credential to the verifier and proves knowledge of the private key. | 2022-08-18 |
20220263819 | MUTUAL AUTHENTICATION AND RE-AUTHENTICATION METHOD BETWEEN WIRELESS POWER TRANSMITTING DEVICE AND WIRELESS POWER RECEIVING DEVICE, AND WIRELESS POWER TRANSMITTING DEVICE AND WIRELESS POWER RECEIVING DEVICE USING SAME - According to one embodiment of the present specification, a method for performing authentication between an authentication initiator and an authentication responder in a wireless power transmission system comprises the steps in which: the authentication initiator transmits an initiator certificate chain and an initiator signature to the authentication responder; the authentication initiator receives a responder certificate chain and a responder signature from the authentication responder who has authenticated the authentication initiator by verifying the initiator signature information; and the authentication initiator verifies the responder signature to authenticate the authentication responder. | 2022-08-18 |
20220263820 | REMOTE ACCESS POLICIES FOR IOT DEVICES USING MANUFACTURER USAGE DESCRIPTION (MUD) FILES - In one embodiment, a management service for a network that is executed by one or more devices establishes a trust relationship with an entity associated with an endpoint in the network. The management service receives, via a Manufacturer Usage Description (MUD) file for the endpoint, an indication that the entity desires remote access to the endpoint in the network. The management service configures, based on the indication, the network to provide a remote access connection between the entity and the endpoint in the network. The management service provides, to the entity, credentials to the entity for the remote access connection. | 2022-08-18 |
20220263821 | SYSTEMS AND METHODS FOR CHANGING A SUPPLICANT FROM ONE VIRTUAL LOCAL AREA NETWORK TO ANOTHER USING A CHANGE OF AUTHORIZATION MESSAGE - Systems and methods are provided herein for transitioning a supplicant from one virtual local area network (VLAN) to another using a change of authorization (COA) message. This may be accomplished by an authentication server notifying a network device that a host should be granted access to the network, wherein the authentication server authenticates the host using MAC based authentication. Based on this notification and the MAC address of the host, the network device assigns the host to a first VLAN. If the authentication server determines that the host needs to change from the first VLAN to a second VLAN the authentication server generates a COA message, associated with the host, wherein the COA message comprises a VLAN identifier related to the second VLAN. The authentication server transmits the COA message to the network device causing the network device to route traffic to and from the host using the second VLAN. | 2022-08-18 |
20220263822 | RAPID IDENTIFICATION OF MESSAGE AUTHENTICATION - Techniques are presented for uniquely identifying authentication associated with messages. A message is inspected for sender or domain identifying information associated with a sender of the message or a sender's domain. The identifying information is authenticated, and if authentication, then distinctive metadata is associated with the message. The distinctive metadata is presented or played in connection with the message for purposes of readily identifying the authentication. | 2022-08-18 |
20220263823 | Packet Processing Method and Apparatus, Device, and Computer-Readable Storage Medium - A packet processing method. A protection device receives a first access request packet. The first access request packet includes a packet sent based on a TCP/IP protocol. The protection device extracts a first fingerprint feature from a transport-layer packet header and/or a network-layer packet header of the first access request packet. The first fingerprint feature corresponds to an operating system type of a terminal device that transmits the first access request packet. The protection device recognizes the first fingerprint feature based on a fingerprint feature database to determine whether to allow the first access request packet to access a server. The protection device allows the first access request packet to pass through when the first access request packet is allowed to access the server. The protection device blocks the first access request packet when the first access request packet is not allowed to access the server. | 2022-08-18 |
20220263824 | METHOD FOR DETERMINING ACCESS DEVICE TYPE, DEVICE, AND SYSTEM - This application provides a method for determining an access device type, a device, and a system. An access device type is determined by obtaining one or more packet pairs and a time difference of each packet pair. Each packet pair includes a first packet and a second packet, where the second packet is a response to the first packet, and the one or more packet pairs pass through a same access device. Based on this solution, maintenance manpower required for determining an access device type can be reduced, and O&M personnel management complexity of operators or service providers can be reduced. | 2022-08-18 |
20220263825 | AUTHORIZATION PROXY - A computer-implemented method includes a proxy receiving an authorization message from a load balancer and the proxy selecting an authorization cell from a plurality of authorization cells designated for the proxy in response to receiving the authorization message. The proxy sending a second authorization message to the selected authorization cell and the proxy receiving a response message from the selected cell, wherein the response message corresponds to the second authorization message. The proxy then sending a second response message to the load balancer in response to receiving the response message. | 2022-08-18 |
20220263826 | DYNAMIC ALLOCATION OF NETWORK SLICE-SPECIFIC CREDENTIALS - A credential manager imports credentials for a network slice in response to deployment of the network slice. The credentials are not known to other network slices. A repository is configured to store the credentials and protect the credentials based on credential protection policies that are defined by a service profile of the network slice. The repository is implemented in the credential manager, an authentication, authorization, and accounting (AAA) server, or other location. Properties of the credentials are modified in response to a modification trigger and the credentials are withdrawn in response to a withdrawal trigger. | 2022-08-18 |
20220263827 | SECURE DOCUMENT STORAGE SYSTEM - A system is provided for the storage of data, the system having: an encrypted host platform upon which regulatory controlled data is stored; a controller configured to allow a primary user to set permission settings and identify authorized end users and degrees of access granted to each the authorized end user, the authorized end user being pre-cleared for compliance with regulatory controls pertaining to the regulatory controlled data; the controller configured to permit access to the encrypted host platform only if the hosting platform is in compliance with predefined data security protocols the controller configured to allow the authorized end user access to the regulatory controlled data, and the controller configured to exclude access to both a provider of the system for storage and a system host platform provider; at least one individual computing device accessible by at least one the authorized end user, the individual computing device configured to provide authorized end user identification data to the controller and receive permissions from the controller for access to the host platform; and the host platform only communicates with individual user devices if the devices have received permission from the controller. | 2022-08-18 |
20220263828 | CLIENT-SIDE BLOCKING AND REPORTING OF UNAUTHORIZED NETWORK TRANSMISSIONS - Systems and methods for monitoring webpage traffic. A web server can generate a JavaScript wrapper and wrap requested webpage code in the JavaScript wrapper. A client device in communication with the web server can receive a user request to load a webpage in a web browser, receive, from the web server, webpage code for the requested webpage that is wrapped in the JavaScript wrapper and includes an allowlist of allowed domains, execute the wrapped webpage code in the web browser, receive a domain request, identify the requested domain from the allowlist, execute the request if the domain is in the allowlist, and transmit, to the web server, run-time information associated with the domain request. The web server can determine, based on the run-time information, a frequency that the domain request was made, add the requested domain to a proposed allowlist, and generate a proposed modification to the JavaScript wrapper. | 2022-08-18 |
20220263829 | DIABETES MANAGEMENT PARTNER INTERFACE FOR WIRELESS COMMUNICATION OF ANALYTE DATA - Systems, devices, and methods are disclosed for wireless communication of analyte data. In embodiments, a method of using a diabetes management partner interface to configure an analyte sensor system for wireless communication with a plurality of partner devices is provided. The method includes the analyte sensor system receiving authorization to provide one of the partner devices with access to a set of configuration parameters via the diabetes management partner interface. The set of configuration parameters is stored in a memory of the analyte sensor system. The method also includes, responsive to input received from the one partner device via the diabetes management partner interface, the analyte sensor system setting or causing a modification to the set of configuration parameters, according to a system requirement of the one partner device. | 2022-08-18 |
20220263830 | AGENTLESS ACCESS CONTROL SYSTEM FOR PROFILE MANAGEMENT - Systems and methods are provided for efficient and automated control of software permissions and access to network resources across a complex enterprise environment. An access request management (“ARM”) system may formulate a list of functions and associated parameters that may be processed by an agentless distribution system. In response to receiving the set of instructions, the agentless distribution system may generate system-specific executable instructions for performing automated control of one or more of the network resources. The agentless distribution system may formulate system-specific executable instructions for a network resource using commands that, when executed on the network resource, implement automated control in accordance with the parameters defined in the set of instructions provided by the ARM system. | 2022-08-18 |
20220263831 | AGENTLESS ACCESS CONTROL SYSTEM FOR DYNAMIC CALIBRATION OF SOFTWARE PERMISSIONS - Systems and methods are provided for efficient and automated control of software permissions and access to network resources across a complex enterprise environment. User access is may be governed by software bundles. Such bundles and bundles may or may not include all programs or access to all systems needed by the user. An access request management tool is provided that includes new process flows and artificial intelligence for automated refining of software access across a complex and large network of computer servers. The management tool may eliminate conventional intermediary systems needed when utilizing centralized access request management. The management tool may check which user has access to a software bundle and may assign the bundle to other users. The management tool may revoke or grant access to a software bundle. | 2022-08-18 |
20220263832 | METHOD AND SERVER FOR PROVIDING USER CONSENT TO EDGE APPLICATION - Embodiments herein provide a method for providing a service to an edge application ( | 2022-08-18 |
20220263833 | AUTHENTICATION AND ACCESS MANAGEMENT FOR HETEROGENEOUS SOURCES OF ANOMALY DETECTION DATA - The disclosed technology teaches aggregating 3rd-party risk measures during an authentication journey, including providing a risk measure aggregation node, a JSON transform, and a configuration for 3rd-party risk measures to request. Responsive to invocation of the risk measure aggregation node during the authentication journey, the method includes setting a timer for receipt of a configured 3rd-party risk measure, wherein expiration of the timer causes the risk measure aggregation node to stop waiting for a timed-out 3rd party risk measure provider and requesting the configured 3rd-party risk measures. Upon receiving at least some of the requested 3rd-party risk measures, included is applying the JSON transform to aggregate the returned 3rd-party risk measures into an aggregate score, and the risk measure aggregation node providing to another node in the authentication journey an aggregated score taking into account the configured 3rd-party risk measures received prior to expiration of the timer. | 2022-08-18 |
20220263834 | SYSTEM, COMPUTER PROGRAM PRODUCT AND METHOD FOR RISK EVALUATION OF API LOGIN AND USE - A method, system and computer program product assess risk of an unauthorized API login and mitigate damage from an unauthorized API login. The method includes collecting in a database license attributes of a user license, user profile attributes, and database content change attributes; receiving an API login request; comparing features of the API login request to at least one of the database license attributes, user profile attributes, and database content change attributes against a predetermined threshold; assessing a risk of the an unauthorized API login request based on a result of the comparison; and based on a level of the assessed risk, implemented protective action to mitigate harm that may result from an unauthorized user from accessing information or services from a computer system by way of an API. | 2022-08-18 |
20220263835 | TECHNIQUES FOR AUTOMATICALLY CONFIGURING MINIMAL CLOUD SERVICE ACCESS RIGHTS FOR CONTAINER APPLICATIONS - A computer system may receive one or more requests for access to one or more cloud services and may store the one or more requests in a request log. The computer system may receive one or more access rules applicable to cloud service access rights. The computer system may aggregate the one or more requests of the request log to determine access requirements for a container, the container being configured to store one or more applications. The computer system may generate and store container access policies that define access of a container and the one or more cloud services, the container access policies based at least in part on the aggregated one or more requests and the one or more access rules. The computer system may send the container access policies to a request forwarder of a compute instance in a production environment. | 2022-08-18 |
20220263836 | SYSTEM, DEVICE, AND METHOD FOR TRANSFERRING SECURITY ACCESS PERMISSIONS BETWEEN IN-CAMERA USERS - A process for transferring security access permissions between in-camera users includes capturing, at an electronic computing device via an image capture device, an image of two or more in-camera users. A first in-camera user and a second in-camera user are identified n the image. An input gesture identifying the first in-camera user as a source of security access permissions and the second in-camera user as a destination of security access permissions is detected. Responsively, the electronic computing device causes a first particular security access permission associated with the first in-camera user to be applied to and modify a current set of security access permissions associated with the second in-camera user. | 2022-08-18 |
20220263837 | UTILIZING BLOCKCHAINS TO IMPLEMENT NAMED DATA NETWORKING - Novel tools and techniques are provided for utilizing blockchain to implement named data networking. In various embodiments, a computing system might determine whether a cache that is communicatively coupled to the computing system contains data that is responsive to a first request received from a user. If so, the computing system might retrieve and send (to the client device) data that is responsive to the received first request. If not, the computing system might send, to a blockchain system, a second request for identifying a blockchain containing a block containing data responsive to the received first request. In response to identifying such a blockchain, the computing system might receive a copy of the identified blockchain; might abstract, from the identified blockchain, the block containing the data responsive to the received first request; might abstract the data from the identified block; and might send the data to the client device. | 2022-08-18 |
20220263838 | METHOD OF ESTABLISHING AD-HOC DEVICE-BASED TRUST - A method for establishing ad-hoc trust between a guide device and an invitee device to exchange sensitive guest data. The method includes: receiving, at a verification system, a request from the guide device for data pertaining to a specific guest profile at the verification system through an authorised first communication channel; transmitting, by the verification system, a guest booking confirmation to the guide device; receiving, by the verification system, a connection request from the invitee device through an internet browser accessible public access portal resulting in an unverified second communication channel; generating two unique and matching keys in response to the connection request; forming, by the verification system using the two unique and matching keys, a secure communication link spanning from the guide device to the invitee device over the first authorised communication channel; and associating, at the verification system, the secure communication link with the guest profile. | 2022-08-18 |
20220263839 | COMPUTER SYSTEM AND METHOD FOR SHARING INFORMATION - A computer system comprises an analysis module configured to execute dynamic analysis for a sample of a malicious program, and to output an analysis result including a coupling destination to and from which the malicious program communicates; a variation detection module configured to detect variation of the coupling destination based on results of cyclic observation of the coupling destination, and to output a result of the detection; and an information sharing module configured to store information output from the analysis module and information output from the variation detection module in a form that allows sharing among a plurality of external computers. | 2022-08-18 |
20220263840 | SYSTEMS AND METHODS FOR MULTIRESOLUTION PARSING - A multiresolution parser (MRP) can selectively extract one or more information units from a dataset based on the available processing capacity and/or the arrival rate of the dataset. Should any of these parameters change, the MRP can adaptively change the information units to be extracted such that the benefit or value of the extracted information is maximized while minimizing the cost of extraction. This tradeoff is facilitated, at least in part, by an analysis of the spectral energy of the datasets expected to be processed by the MRP. The MRP can also determine its state after a processing iteration and use that state information in subsequent iterations to minimize the required computations in such subsequent iterations, so as to improve processing efficiency. | 2022-08-18 |
20220263841 | Digital Security Violation System - A computing system determines that a third party system has been exposed to a digital security violation. The computing system identifies a first user account of a user registered with the computing system that has a corresponding account associated with the third party system. The computing system determines that the first user account has stored a first set of user credentials for the corresponding account associated with the third party system at a storage location accessible by the computing system. The computing system launches a series of web browsers configured to access a first website associated with the third party system. The computing system executes, via a first web browser of the series of web browsers, a first automated script specific to the first website associated with the third party system. The computing system performs at least one of a plurality of remedial operations with respect to the corresponding account. | 2022-08-18 |
20220263842 | Machine learning detection of network attacks using traffic and log information - Systems and methods for detecting intrusions, attacks, and sub-attacks launched against a network under observations are provided. A method, according to one implementation, includes obtaining network traffic information regarding data traffic in a network under observation and obtaining system log information regarding operations of the network under observation. The method further includes the step of inserting the network traffic information and system log information into one or more analysis procedures, where each analysis procedure is configured to detect a respective sub-attack of a multi-stage attack to which the network under observation is susceptible. Also, the method includes the step of combining the outputs of the one or more analysis procedures to detect whether one or more sub-attacks have been launched against the network under observation. In response to detecting that one or more sub-attacks have been launched, the methods include the step of determining the type of the one or more sub-attacks. | 2022-08-18 |
20220263843 | SYSTEM AND METHOD FOR DATA BREACH PROTECTION - A method for data breach protection includes analyzing network traffic of an enterprise. Uniform Resource Locators (URLs) included in the network traffic may be identified. The URLs may be classified into a bipartite graph. Classification sets of the bipartite graph may be established and displayed. In response to displaying the classification sets, an instruction related to management of the network traffic may be received and/or executed. | 2022-08-18 |
20220263844 | SYSTEMS, METHODS AND COMPUTER-READABLE MEDIA FOR MONITORING A COMPUTER NETWORK FOR THREATS USING OLAP CUBES - Systems, methods, and computer-readable media for monitoring a computer network for threats using OLAP cubes are disclosed. In one embodiment, a method of monitoring a computer network for threats includes receiving, from a plurality of computing devices on the network, dataset data, asset data, and temporal data, and storing, in an online analytical processing cube for each computing device of the plurality of computing devices, the dataset data within a dataset dimension, the asset data within an asset dimension, and the temporal data within a temporal dimension. The method further includes searching one or more online analytical processing cubes for correlated data within two or more of the dataset dimension, the asset dimension, and the temporal dimension satisfying an alert metric, and issuing an alert when correlated data satisfies the alert metric. | 2022-08-18 |
20220263845 | SYSTEM AND METHOD FOR COMPREHENSIVE DATA LOSS PREVENTION AND COMPLIANCE MANAGEMENT - A system and method to identify and prevent cybersecurity attacks on modern, highly-interconnected networks, to identify attacks before data loss occurs, using a combination of human level, device level, system level, and organizational level monitoring. | 2022-08-18 |
20220263846 | METHODS FOR DETECTING A CYBERATTACK ON AN ELECTRONIC DEVICE, METHOD FOR OBTAINING A SUPERVISED RANDOM FOREST MODEL FOR DETECTING A DDoS ATTACK OR A BRUTE FORCE ATTACK, AND ELECTRONIC DEVICE CONFIGURED TO DETECT A CYBERATTACK ON ITSELF - A method for detecting a cyberattack on an electronic device is provided. The method is performed by the electronic device itself. The method includes collecting data at the electronic device. Further, the method includes classifying the collected data as regular data or malicious data using a supervised machine-learning model for the cyberattack. The method additionally includes determining whether the electronic device is under the cyberattack based on the classification of the collected data. | 2022-08-18 |
20220263847 | SUSPICIOUS GROUP DETECTION - Systems, devices, media, and methods are presented for determining a level of abusive network behavior suspicion for groups of entities and for identifying suspicious entity groups. A suspiciousness metric is developed and used to evaluate a multi-view graph across multiple views where entities are associated with nodes of the graph and attributes of the entities are associated with levels of the graph. | 2022-08-18 |
20220263848 | RECONSTRUCTING NETWORK ACTIVITY FROM SAMPLED NETWORK DATA USING ARCHETYPAL ANALYSIS - Methods, systems, apparatuses, and computer program products are provided for reconstructing network activity. A network activity monitor is configured to monitor network activity for various network entities. Based on the monitoring, a set of features may be obtained for each network entity. A determination may be made for a number of vertices suitable for describing the sets of features in a multidimensional space. In some implementations, the vertices may define a convex hull in the multidimensional space. Each of the vertices may be assigned a different usage pattern that represents a certain type of network usage types. Reconstructed network activity for a particular network entity may be represented as a weighted combination of the usage patterns. Based on the reconstruction, a network anomaly may be detected, a network may be modified, and/or an alert may be generated. | 2022-08-18 |
20220263849 | ANOMALY DETECTION METHOD, RECORDING MEDIUM, AND ANOMALY DETECTION SYSTEM - An anomaly detection method in an in-vehicle network system in which a plurality of ECUs are connected. Among the plurality of ECUs, at least one ECU includes a detector which determines whether a received message satisfies a predetermined rule, and the at least one ECU transmits the detection result determined to a network. The anomaly detection method includes (i) receiving the detection result from the network, and storing the detection result received in a memory, (ii) determining whether the detection result is received within a predetermined time, and storing a determination result in the memory in association with the detection result, and (iii) outputting a message to the outside, the message including the detection result in association with the determination result. | 2022-08-18 |
20220263850 | DISTRIBUTED NETWORK-LEVEL PROBABILISTIC ATTACK GRAPH GENERATION - A method for generating a network-level attack graph is described. A first computing device in a network generates a first attack graph and transmits the first attack graph to a central computing device in the network. A second computing device in the network generates a second attack graph, wherein the second computing device is different than the first computing device, and transmits the second attack graph to the central computing device. The central computing device generates, based on the first attack graph and the second attack graph, a network-level attack graph by merging the first attack graph, the second attack graph, and an attack graph stencil of cross-device vulnerability interactions. | 2022-08-18 |
20220263851 | DETERMINING DATA RISK AND MANAGING PERMISSIONS IN COMPUTING ENVIRONMENTS - Methods, systems, apparatuses, and computer-readable storage mediums are described for assigning a security risk score to a resource. In one example, resource access data is collected for a resource. Based at least on the resource access data, a data risk index (DRI) score is generated for the resource. The DRI score comprises a value that is indicative of a level of risk that the resource will be compromised. At least one of the DRI score, an alert based at least on the DRI score, or a policy change for the resource based at least on the generated DRI score is reported to an administrator. | 2022-08-18 |
20220263852 | SYSTEM AND METHOD FOR CYBERSECURITY ANALYSIS AND SCORE GENERATION FOR INSURANCE PURPOSES - A system for comprehensive cybersecurity analysis and rating based on heterogeneous data and reconnaissance is provided, comprising a multidimensional time-series data server configured to create a dataset with at least time-series data gathered from passive or active network reconnaissance of a client or target; and a cybersecurity scoring engine configured to retrieve the dataset from the multidimensional time-series data server, process the dataset using at least computational graph analysis, and generate an aggregated cybersecurity score based at least on results of processing the dataset. | 2022-08-18 |
20220263853 | SYSTEM AND METHOD FOR MITIGATING CYBER SECURITY THREATS BY DEVICES USING RISK FACTORS - A system and method for mitigating cyber security threats by devices using risk factors. The method includes determining a plurality of risk factors for a device based on a plurality of risk behaviors indicated by network activity and information of the device, wherein the plurality of risk behaviors includes observed risk behaviors and assumed risk behaviors, wherein the observed risk behaviors are indicated by data related to network activity by the device, wherein the assumed risk behaviors are extrapolated based on known contextual information related to the device; determining a risk score for the device based on the plurality of risk factors and a plurality of weights, wherein each of the plurality of weights is applied to one of the plurality of risk factors; and performing at least one mitigation action based on the risk score. | 2022-08-18 |
20220263854 | AUTOMATED PRODUCT UPDATE MANAGEMENT IN MANAGED NETWORKS - An embodiment includes a method of vulnerability detection and mitigation in a managed network. The method includes receiving a defined state of a product on a managed endpoint of a managed network. The method includes detecting a trigger event in the managed network. The trigger event is indicative of a change to the managed device or to the product that is inconsistent with the defined state. Responsive to detection of the trigger event, the method includes automatically implementing a product modification process. The product modification process includes distribution of at least one product update to a product installed at the managed endpoint. | 2022-08-18 |
20220263855 | AUTOMATED PRIORITIZATION OF PROCESS-AWARE CYBER RISK MITIGATION - Implementations are directed to receiving graph data representative of a process-aware AAG that is representative of potential lateral movement of adversaries within a computer network, receiving risk profile data representative of a risk profile of an enterprise with respect to two or more risk aspects, generating, by a process-aware risk assessment module, a risk assessment based on the process-aware AAG and the risk profile, and generating, by a mitigation simulator module, a mitigation list based on the process-aware AAG, the risk profile, and the risk assessment, the mitigation list comprising a prioritized list of two or more facts of the process-aware AAG. Other implementations of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices. | 2022-08-18 |
20220263856 | System and method for electronic risk analysis and remediation using network monitored sensors and actionable feedback methodologies for operational resilience - System and method for electronic risk and remediation analysis using network monitored sensors and actionable feedback methodologies for operational resilience. Various embodiments of the present technology include methods of assessing digital risks posed to a computer network of an entity that may result in a digital risk event, or privacy incident. The network includes information and technology assets that are subject to one or more security risk policies. | 2022-08-18 |
20220263857 | SYSTEM AND METHOD FOR USING WEIGHTING FACTOR VALUES OF INVENTORY RULES TO EFFICIENTLY IDENTIFY DEVICES OF A COMPUTER NETWORK - A method for using inventory rules to identify devices of a computer network includes intercepting data traffic across one or more communication links of the computer network. The intercepted data traffic is analyzed to determine whether one or more of a plurality of inventory rules is satisfied by the intercepted data traffic. Each of the plurality of inventory rules comprises one or more conditions indicating the presence of a particular computer network device having a set of parameters. Each one of the plurality of inventory rules has a weighting factor value indicative of a priority of the application of a corresponding rule. The weighting factor value depends on previously identified devices. One or more devices of the computer network are identified using the weighting factor value of the one or more satisfied inventory rules. | 2022-08-18 |
20220263858 | SYSTEMS AND METHODS FOR AUTOMATED THREAT DETECTION - Systems and methods for dynamically training a threat detection system include monitoring security analyst workflow data from security analysts analyzing scans of security logs. The workflow data includes rules applied to security log scan results, rule results selected for further analysis, tags applied to rule results, filters applied to rule results, rankings applied to rule results, or actions associated with a pivot by security analysts. A tagging classifier is then trained based on tags assigned to scan results. A review classifier is trained based on scan results previously reviewed by security analysts. A filter and ranking method is trained based on filters and rankings applied to the scan results. An automated threat hunting playbook is generated including the tagging classifier, the review classifier, and the filter and ranking method. The automated threat hunting playbook generates one or more scripts to automatically analyze incoming security data. | 2022-08-18 |
20220263859 | METHOD AND APPARATUS FOR DEFENDING AGAINST CYBER ATTACKS, RECEIVING DEVICE AND COMPUTER STORAGE MEDIUM - Embodiments of the present disclosure provide a method and system for defending against cyber-attacks, and a computer storage medium. An apparatus for defending against cyber-attacks randomly generates a new keyword. The apparatus for defending against cyber-attacks transmits the new keyword to a transmitting device and a receiving device, respectively. The receiving device updates a keyword set of the receiving device to include the new keyword, acquires a keyword carried in a communication message transmitted by the transmitting device, and determines whether the communication message is a cyber-attack message according to the keyword carried and the keyword set. The receiving device discards the communication message in response to the communication message being determined to be a cyber-attack message. | 2022-08-18 |
20220263860 | ADVANCED CYBERSECURITY THREAT HUNTING USING BEHAVIORAL AND DEEP ANALYTICS - A system for cyber threat hunting employing an advanced cyber decision platform comprising a time series data store, a directed computational graph module, an automated planning service module, and observation and state estimation module, wherein the state of a network is monitored and used to predict network resources that may be vulnerable to a future cyber threat and to produce a cyber-physical graph representing the vulnerable network resources, a human operator is provided with the cyber-physical graph to analyze the data contained therein to initiate an investigation of network resources, and the results of the threat investigation and their effects are analyzed to produce security recommendations. | 2022-08-18 |
20220263861 | DETECTING BOTNETS - A network apparatus maintains a data repository comprising network traffic data related to a plurality of user devices, the network traffic data being collected from a plurality of Network Service Providers (NSPs). A subset of the plurality of user devices are detected to be communicating with one or more same endpoint devices based on analysing the network traffic data. A number of historical connections between each user device of the subset of the plurality of user devices and the one or more endpoint devices is determined based on analysing historical connection data maintained in the data repository, and in response to detecting that the number of historical connections between the subset of the plurality of user devices and the one or more endpoint devices exceeds a predetermined threshold, the one or more endpoint devices are identified as a suspected botnet. | 2022-08-18 |
20220263862 | HARDWARE ACCELERATION DEVICE FOR DENIAL-OF-SERVICE ATTACK IDENTIFICATION AND MITIGATION - Systems and methods for providing an integrated or Smart NIC-based hardware accelerator for a network security device to facilitate identification and mitigation of DoS attacks is provided. According to one embodiment, a processor of a network security device receives an application layer protocol request from a client, directed to a domain hosted by various servers and protected by the network security device. The application layer protocol request is parsed to extract a domain name and a path string. The hardware acceleration sub-system updates rate-based counters based on the application layer protocol request by performing a longest prefix match on the domain name and the path string. When a rate threshold associated with the rate-based counters is exceeded, a challenge message is created and transmitted to the client, having embedded therein the application layer protocol request; otherwise the application layer protocol request is allowed to pass through the network security device. | 2022-08-18 |
20220263863 | VERIFYING INCOMING COMMUNICATIONS - Disclosed are systems, methods, and non-transitory computer-readable media for verifying an incoming communication. A recipient client device receives an incoming communication including an identifier identifying a second client device as having initiated the incoming communication. A verification service installed on the recipient client device queries a call placement service directory based on the first identifier. The call placement service directory maintains a listing of identifiers for client devices and corresponding communication providers that manage the identifiers. The call placement service directory returns information identifying the communication provider that manages the identifier. In turn, the verification service transmitting a request to the communication provider to confirm whether the second client device initiated the incoming communication. The verification service processes the incoming communication based on the response from the communication provider indicating whether the second client device initiated the incoming communication. | 2022-08-18 |
20220263864 | METHODS AND APPARATUS FOR FINDING GLOBAL ROUTING HIJACKS - Every day, thousands of routing “hijacks” occur on the Internet, almost all of them benign. The malicious ones and the resulting misdirection of Internet traffic can be identified by applying sophisticated analytics to extensive global real-time feeds of Border Gateway Protocol (BGP) routing updates. When legitimate attacks are discovered, the automated analysis may be augmented with Domain Name Service (DNS) data (to determine the likely targets), traceroute data (to determine if they represent Man-In-The-Middle exploits), interred business relationships (to understand the scope of the impacts) and even the raw BGP messages. These techniques can be used to uncover attacks against both commercial and government entities. | 2022-08-18 |
20220263865 | ENDPOINT SECURITY MECHANISM TO DETECT IP THEFT ON A VIRTUAL MACHINE MOBILITY IN SWITCH FABRIC - Methods to secure against IP address thefts by rogue devices in a virtualized datacenter are provided. Rogue devices are detected and distinguished from a migration of an endpoint in a virtualized datacenter. A first hop network element in a one or more network fabrics intercepts a request that includes an identity of an endpoint and performs a local lookup for the endpoint entity identifier. Based on the lookup not finding the endpoint entity identifier, the first hop network element broadcasts a message such as a remote media access address (MAC) query to other network elements in the one or more network fabrics. Based on the received response, which may include an IP address associated with the MAC address, the first hop network element performs a theft validation process to determine whether the request originated from a migrated endpoint or a rogue device. | 2022-08-18 |
20220263866 | METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR TESTING A NETWORK SYSTEM UNDER TEST COMMUNICATING OVER A SECURE CHANNEL - Methods, systems, and computer readable media for testing a system under test (SUT). A method includes sending a first test packet to the SUT over a communication link. The first test packet is associated with a layer 2 secure channel that is bound to an emulated network device. The method includes receiving a second test packet from the SUT over the communication link. The second test packet includes an unencrypted portion and an encrypted portion. The method includes forming a test identifier that uniquely identifies the layer 2 secure channel and the emulated network device using a subset of bits from a secure channel identifier in the unencrypted portion of the second test packet. The method includes decrypting the encrypted portion of the second test packet by finding a security key using the test identifier. | 2022-08-18 |
20220263867 | Resilient Self-Detection of Malicious Exfiltration of Sensitive Data - Aspects of the disclosure relate to exfiltrated data detection. A computing platform may receive secure enterprise data from an enterprise data management platform. In response to receiving the secure enterprise data, the computing platform may generate data entities. The computing platform may load, into the data entities, secure enterprise data. After loading the secure enterprise data into the data entities, the computing platform may activate a verification process associated with each data entity, which may include triggering each data entity to send verification messages to other data entities. Each data entity may be configured to receive and validate verification messages received from the other data entities of the plurality of data entities, and may be configured to delete secure enterprise data stored in the corresponding data entity upon failing to receive the verification messages from the other data entities. | 2022-08-18 |
20220263868 | METHODS AND SYSTEMS FOR PROVIDING A SECURE CONNECTION TO A MOBILE COMMUNICATIONS DEVICE WITH THE LEVEL OF SECURITY BASED ON A CONTEXT OF THE COMMUNICATION - Based on context received regarding a computing device and a security policy, a computing device evaluates a request by an application program to determine whether or not to allow the establishment of an application connection. | 2022-08-18 |
20220263869 | DATA VALIDATION FOR ZERO COPY PROTOCOLS - Systems and methods are disclosed for data validation for zero copy protocols. In some examples, a server may include hardware, software, or a combination thereof to provide flexibility and data validation for a read request operation of a zero copy protocol. A read request operation can include a validation request frame, a status response frame, or both. In further examples, the validation request frame, the status response frame, or both can be configured by a requesting device to facilitate read data validation. In yet further examples, another device can receive a read request operation with a variably configured validation request frame, status response frame, or both and configure one or more data validation processes based on such. | 2022-08-18 |
20220263870 | DETERMINING RELEVANT SECURITY POLICY DATA BASED ON CLOUD ENVIRONMENT - A system and method for returning security policy requirements data based on user input that identifies a cloud environments, a service model, first or third party responsibilities, and/or code deployment information is disclosed. A user provides answers to straightforward, generally non-expert questions directed to the user's cloud environment, first or third party responsibilities, and/or code deployment information for the user's scenario, e.g., technical workload. The answers result in determining which architecture layers apply (are in-scope architecture layers) relevant to the user's scenario. The in-scope architecture layers map to security requirements maintained in a security policy data store. The security requirements are returned (e.g., as a list) in response to the user's answers. | 2022-08-18 |
20220263871 | EXECUTING CODE INJECTED INTO AN INTERCEPTED APPLICATION RESPONSE MESSAGE TO ELIMINATE ACCUMULATION OF STALE COMPUTING SESSIONS - A client request message is received at a policy enforcement system from a client-side application intended for a server-side application. The client request message is forwarded to a server-side application. An application response message from the server-side application is intercepted at the policy enforcement system in response to the client request message, resulting in an intercepted application response message. The intercepted application response message is analyzed in view of context information and a network policy. Code to inject into the intercepted application response message is determined based on the analyzing. The code has instructions for eliminating accumulation of stale computing sessions. The code is injected into the intercepted application response message, resulting in a modified message. The modified message is forwarded to the client-side application for automatically executing the instructions on the client-side application. | 2022-08-18 |