37th week of 2021 patent applcation highlights part 67 |
Patent application number | Title | Published |
20210288915 | NEW QOS MODEL FOR SUPPORTING LOW LATENCY SERVICES AND TIME-SENSITIVE NETWORKING - This disclosure describes systems, methods, and devices related to enhanced traffic model. A device may maintain, at an upper layer, a self-ordering queue associated with one or more time sensitive packets associated with times sensitive traffic streams. The device may transmit the one or more time sensitive packets from the self-ordering queue to a TSN queue at a lower layer. The device may control one or more enhanced distributed channel access (EDCA) queues by using a control function. The device may transmit the one or more time sensitive packets to a first station device. | 2021-09-16 |
20210288916 | METHOD AND SYSTEM FOR PREVENTIVE FILTERING OF NETWORK TRAFFIC - A method for learning vector representations of network traffic data offline includes: receiving historical network traffic data and a domain classification list; generating a unique domain names list based on the historical network traffic data; generating a bad domains list based on the unique domain names list and the domain classification list; modifying the unique domain names list by replacing each entry of the unique domain names list that appears in the bad domains list by a common classification label; and learning a respective vector representation for each entry of the modified unique domain names list. | 2021-09-16 |
20210288917 | Communications Hub - A method for end point data communications anonymization for a local communications hub is provided. The method commences with receiving a first request addressed to a server from a computing device. The method further includes selecting a first remote communications hub from a plurality of remote communications hubs. The method continues with modifying the first request to generate a first modified request and sending the first modified request to the first remote communications hub. The first remote communications hub modifies the first modified request to produce a second modified request and forwards the second modified request to the server. The method further includes receiving a first response to the second modified request from the server, modifying the received first response to produce a first modified response, modifying the first modified response to produce a second modified response, and providing the second modified response to the computing device. | 2021-09-16 |
20210288918 | MULTI-RESOURCE AND AUTONOMOUS HIERARCHICAL BROKERING PLATFORM TO ENABLE SLICE RESOURCE EXCHANGE AMONG HETEROGENEOUS NETWORK TENANTS - A method for enabling dynamic resource ownership transfer among network slice tenants includes acquiring an initial share of resources, admitting a plurality of tenants to a private blockchain platform, initiating a resource transaction process within a consortium of peer nodes, and validating proposed transactions in a distributed and automatized way. An infrastructure provider (InP) provides a mobile network that is virtually divided into a set of slices, and an intermediate broker (IB) regulates transactions, executed via a blockchain, by which resources are distributed between tenants. A smart contract (SC) running within the blockchain implements resource auditing among tenants and enforces IB-specific policies in managing transfers of the resources between the tenants. A consensus algorithm validates the transactions, and the infrastructure provider (InP) processes validated transactions and enforces transaction directives in the resource allocation process. | 2021-09-16 |
20210288919 | RESERVATION OF RESOURCES AND DEPLOYMENT OF APPLICATIONS USING AN INTEGRATED DEVELOPMENT ENVIRONMENT - Systems and methods to reserve resources is provided. In exemplary embodiments, a selection of a profile from a user is received. A dynamic graphical user interface is generated, using one or more processors. The dynamic graphical user interface allows the user to configure a topology based on the selected profile. The dynamic graphical user interface provides input fields in which the user may select a resource. An indication of the selected applicable topology property for configuring the topology is received. A topology is automatically generating based in part on the selected applicable topology property. | 2021-09-16 |
20210288920 | RUNTIME SCHEMA FOR SERVICES IN A SWITCH - One embodiment of the present invention provides a switch. During operation, the switch parses a first schema of the switch. The first schema indicates initialization information for one or more services of the switch expressed based on one or more tags. The switch then identifies a tag of the one or more tags in the first schema based on the parsing and identifies information corresponding to the tag from a profile of the switch. Subsequently, the switch generates a second schema from the first schema based on the identified information. | 2021-09-16 |
20210288921 | Flexible CLOS Topology Switch - In one embodiment, a computer network system, includes at least one lower tier of lower switches, at least one upper tier of upper switches, and a middle tier of middle switches connected down-tier to ones of the lower switches and up-tier to ones of the upper switches, one of the middle switches including a clos topology arrangement of leaf and spine switches, the leaf switches being connected via K internal network connections to the spine switches, each leaf switch being connected to each spine switch, the leaf switches being connected via N down-tier network connections to ones of the lower switches and via M up-tier network connections to ones of the upper switches, there being more of the N down-tier network connections than there are of the M up-tier network connections, and there being less of the K internal network connections than there are of the N and M connections. | 2021-09-16 |
20210288922 | BUILDING SYSTEM WITH SPACE USE CASE OPERATION - A network switch includes a device interface configured to facilitate communication between the network switch and a plurality of building devices that serve a space, network routing circuitry configured to route network communications associated with the building devices in accordance with one or more network parameters, a control circuit configured to control the plurality of devices via the network communications to provide a plurality of space use cases for the space. and a network manager circuit configured to determine values for the one or more network parameters based on the plurality of space use cases for the space. | 2021-09-16 |
20210288923 | VIOLATION DETECTION AND ISOLATION OF ENDPOINT DEVICES IN SOFT ZONING ENVIRONMENT - Systems and methods for handling soft zoning violations comprise assigning a first target device and an endpoint device that is coupled to a switch port of a Fibre Channel (FC) switch to a zone(s). In embodiments, in response to the endpoint device logging into the FC switch, sampled traffic that originates at the endpoint device and ingresses at the switch port may be obtained. In response to determining that the sampled traffic comprises a second traffic that is intended for a second target device that has not been assigned to the zone(s), some action to restrict the second traffic may be performed such as to restrict the non-assigned traffic and prevent devices from sending potentially harmful traffic to other devices that are not assigned to a same zone. | 2021-09-16 |
20210288924 | SYSTEMS AND METHODS FOR AUTO-DETECTION AND AUTO-CONFIGURATION OF UPLINKS AND SERVER INTERFACES FOR STORAGE SOLUTIONS - Presented are efficient systems and methods for automatically detecting and configuring network connections in Fibre Channel (FC) and similar networks. In various embodiments, this is accomplished by using an I/O module (IOM)'s fabric login (FLOGI) response or FLOGI request to identify the type of an uplink interface as either FC Gateway or FC Direct Attach, determining whether server interfaces coupled to the IOM support FCoE, and then, automatically configuring server interfaces based on the identified type of uplink interface. | 2021-09-16 |
20210288925 | MICROSERVICE DEPLOYMENT IN MULTI-TENANT ENVIRONMENTS - A method includes providing a server executing computer code embodying the chat-bot, receiving, via the server, a requirement for customization of a main computer code, the main computer code including modules, and determining, by the chat-bot, top-k modules of the main computer code potentially affected given the requirement for customization. The determination of the top-k modules includes representing each of the modules of the main computer code in an embedding vector space, representing the requirement for customization as a vector in the embedding space, and fetching the top-k modules nearest the requirement for customization in the embedding space. The method further includes determining a question, communicating the question to an entity providing the requirement for customization, receiving a response to the question, and filtering the top-k modules using the response to determine a set of the modules associated with the requirement for customization. | 2021-09-16 |
20210288926 | PERSONALITY-PROFILED LANGUAGE MODELING FOR BOT - A method uses personality-profiled language modeling for bots. An input phrase is received from a user. A language personality vector is determined using a language neural network and the input phrase. A response phrase to the input phrase is determined using the language personality vector from the language neural network. The response phrase is presented. | 2021-09-16 |
20210288927 | ENABLING COMMUNICATION WITH UNIQUELY IDENTIFIABLE OBJECTS - An approach is disclosed that provides personalized two-way communication with a uniquely identified object and an AI agent. Information about the object in a context associated with a requestor is received to access to an object knowledge base. The information is analyzed to determine a unique reference for the object. A selected set of the received information and the object categorization may be sent to an object knowledge base populated with AI configuration parameters tied to uniquely identified objects. The object knowledge base is searched for the unique reference to determine a registration assessment. The registration assessment is one of registered and not registered. When the registration assessment is determined to be not registered, the object is added to the object knowledge base. After receiving an AI connection from the object knowledge base, the context associated with the requestor is sent to the AI connection. | 2021-09-16 |
20210288928 | DETERMINING ENGAGEMENT SCORES FOR SUB-CATEGORIES IN A DIGITAL DOMAIN BY A COMPUTING SYSTEM - In general, techniques are described to determine engagement scores representative of a level of engagement in a digital domain for a particular sub-category within the common category of entities on a social media platform. In accordance with these techniques, a computing system is configured to receive, from one or more client devices, messages composed by one or more users of the one or more client devices. Each of the messages includes a respective identifier, and each respective identifier is associated with a common category of entities. The computing system is further configured to determine, based on the messages, an engagement score that represents a level of engagement for a particular sub-category within the common category of entities. The computing system is further configured to output, for display at a display device operatively connected to the computing system, a visual representation of the engagement score. | 2021-09-16 |
20210288929 | LOCATION BASED CONTENT SYSTEM FOR MOBILE APPLICATIONS - Disclosed are systems and methods for improving interactions with and between computers in content searching, hosting and/or providing systems supported by or configured with devices, servers and/or platforms. The disclosed systems and methods provide a novel framework for providing users with electronic retrieval capabilities that are activated upon the users' determined locations respective to real-world locations associated with a message providing entity. The disclosed technology combines the previously separate systems of mail extraction, geo-fencing and content delivery (e.g., notification) into a single system that efficiently manages a user's inbox in order to provide the user with content the user has expressly indicated is of interest to that user. The disclosed systems and methods effectively realize a location-aware mail experience that provides functionality for delivering location (and timing) specific content to a user when the user is actually capable of acting on/interacting with the content in real-time. | 2021-09-16 |
20210288930 | CROSS-APPLICATION MEDIA EXCHANGE - Systems and methods for sharing authentication information are provided. The systems and methods include generating, with a messaging application, a media item using a camera of a client device; identifying a target application that has been authorized by the messaging application to share authentication information with the messaging application; generating a share option associated with the media item for display in a graphical user interface of the messaging application; and in response to receiving a user selection of the share option, enabling the target application to access the media item. | 2021-09-16 |
20210288931 | GENERATING INTERACTIVE MESSAGES WITH ENTITY ASSETS - Systems and methods are provided for retrieving assets associated with branding for an entity, generating an interactive message comprising at least a first mechanical object, updating the first mechanical object with one or more of the assets associated with branding for the entity, and sending the generated interactive message to a plurality of computing devices. The systems and methods further provided for receiving from at least a subset of the plurality of computing devices, usage data associated with interaction by each computing device of the subset of computing devices with the interactive message, generating metrics for the interactive message from the usage data for the interactive message, and generating at least one report based on the metrics for the interactive message. | 2021-09-16 |
20210288932 | Shared Content Presentation With Integrated Messaging - Users who are experiencing a shared content stream can exchange messages. Each user device can present a graphical user interface that includes controls to interact with a shared content stream being received and presented at the user device; a control to begin composing a message to other users who are receiving the shared content stream, and a display area to display previously received messages associated with the shared content stream. A message can be associated with a shared content stream, e.g., by providing a tag that identifies the content being played at the time the message was sent. | 2021-09-16 |
20210288933 | SYSTEMS AND METHODS FOR FILTERING NOTIFICATIONS FOR END POINTS ASSOCIATED WITH A USER - Described embodiments provide systems and method for filtering notifications across multiple end points associated with a user. A server can establish, for a user of an end point, a session with the end point. The server can identify properties of a plurality of applications and properties of the plurality of end points. A filter can be generated for the user and the filter can include one or more polices to selectively permit or prevent notifications received from one or more applications through the client application. The server can apply the filter to the applications and use the filter to filter one or more notifications received from the applications to selectively permit or prevent the one or more notifications from being received at each end point of the plurality of end points that the user accesses during the session to the server through the client application. | 2021-09-16 |
20210288934 | PERSONALIZED DASHBOARD CHART FOR EMAIL SUBSCRIPTIONS - A method for managing a user's email subscriptions has been developed. The method provides a user interface (UI) to the user that allows the user to view and select multiple stand-alone components across multiple dashboard displays for an email subscription to an email address. The user's selections are received via the UI and include one or more stand-alone components from a first dashboard display and one or more stand-alone components from a second dashboard display in the email subscription. The first dashboard display is not the same was the second dashboard display. A display of each of the subscribed stand-alone components is rendered periodically based on the user's preference. The rendered displays are combined into a single email message that is sent to the email address upon completion of the rendering of the displays. | 2021-09-16 |
20210288935 | SECURITY FOR VIRTUAL EXTENSIBLE LOCAL AREA NETWORKS - Presented herein are embodiments of mechanisms to add security in the communication of messages between devices, particularly in the context of VXLAN (Virtual eXtensible Local Area Network (LAN)) environments. When a VXLAN device sends a multicast message to discover other devices in the network, there is possibilities for rogue devices to respond and then receive data that is not intended for them. In one or more embodiments, information handling systems operating as a VTEP (VXLAN tunnel endpoint) may use enhanced encryption that is shared with other authorized VTEP—but not shared with rough VTEP devices—to verify other authorized VTEPs. In one or more embodiments, information used to verify a VTEP device is included in the message, such as included in the header, which a properly configured receiving VTEP will recognize and use to verify that that sending VTEP is not a rogue device. | 2021-09-16 |
20210288936 | TECHNIQUES TO FACILITATE OPENROAMING INTEGRATION INTO A WIRELESS ROAMING INTERMEDIARY EXCHANGE DATA-CLEARING AND FINANCIAL-SETTLEMENT ARCHITECTURE - Presented herein are techniques to facilitate OpenRoaming integration into a Wireless Roaming Intermediary Exchange (WRIX) data-clearing and financial-settlement architecture. In one example, a method is provided that may include querying, by an application endpoint, a Domain Name System (DNS) server to determine support for a service for a domain; and obtaining, by the application endpoint from the DNS server, an explicit indication that one of: the service is not supported for the domain; or the service is proprietary and is supported for the domain. | 2021-09-16 |
20210288937 | DOMAIN NAME SERVICE (DNS) SERVER CACHE TABLE VALIDATION - In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table. | 2021-09-16 |
20210288938 | Network Data Processing Method, Apparatus, Electronic Device, and Storage Medium - A network data processing method and apparatus, an electronic device, and a storage medium are provided, which are related to the fields of big data and cloud computing. The specific embodiment is: acquiring a plurality of network access records, each of the plurality of network access records includes a source address and a target address; determining a first redirect relationship from the source address to the target address in a respective network access record of the plurality of network access records; determining a set of redirect relationships for all of addresses in the plurality of network access records according to a plurality of first redirect relationships of the plurality of network access records; and acquiring an address to be searched, and determining a final address to which the address to be searched is redirected according to the set of redirect relationships. | 2021-09-16 |
20210288939 | MANAGEMENT OF INTERNET OF THINGS (IOT) BY SECURITY FABRIC - The present invention relates to a method for managing IoT devices by a security fabric. A method is provided for managing IoT devices comprises collecting, by analyzing tier, data of Internet of Things (IoT) devices from a plurality of data sources, abstracting, by analyzing tier, profiled element baselines (PEBs) of IoT devices from the data, wherein each PEB includes characteristics of IoT devices; retrieving, by executing tier, the PEBs from the analyzing tier, wherein the executing tier is configured to control network traffic of IoT devices of a private network; generating, by the executing tier, security policies for IoT devices from PEBs of the IoT devices; and controlling, by the executing tier, network traffic of the IoT devices of the private network to comply with the security policies | 2021-09-16 |
20210288940 | Computer Security System and Method Based on User-Intended Final Destination - A system and method is described for protecting applications against malicious URL links by identifying a final destination. The system and method also includes enabling a user process to directly connect to the final destination, bypassing the original URL altogether; thereby bypassing the hacker's ability to use that URL to programmatically send the application to a malicious site. | 2021-09-16 |
20210288941 | METHOD AND SYSTEM FOR SECURING DATA TRANSMISSION IN COMMUNICATION NETWORKS - A method and system for securing data transmission in communication networks is disclosed. The method includes the steps of allocating a sequence ID (SQID) to each of a plurality of packets. The SQID is embedded in an Internet Protocol (IP) header of an associated packet from the plurality of packets. The method further includes grouping the plurality of packets into at least one cluster based on at least one of a distance amongst at least one IP attribute associated with destination address of each of the plurality of packets and variance in IP attributes associated with destination address of each of the plurality of packets. The method includes transmitting each of the at least one cluster to an associated destination address. Each cluster in the at least one cluster includes a set of packets from the plurality of packets and at least a domain-name is same in destination address. | 2021-09-16 |
20210288942 | AUTOMATIC PROVISIONING OF STREAMING POLICIES FOR VIDEO STREAMING CONTROL IN CDN - Methods and systems for automatic provisioning of security policies for content streaming control within a Content Delivery Network (CDN) are provided. According to one aspect, a method for automatic provisioning of security policies for content streaming control by a network node within a CDN that supports at least one streaming media protocol comprises: obtaining a manifest, the manifest being generated in response to a user requesting a streaming content from the CDN; determining a first security policy associated with the user and/or the requested streaming content in accordance with the manifest; updating a set of firewall rules for implementing security policies in accordance with the determined first security policy; and applying the updated set of firewall rules to validate requests from the user for the streaming content. The policies are dynamically configured and may be sparsely provisioned, e.g., downloaded only to the pertinent nodes and activated only when necessary. | 2021-09-16 |
20210288943 | VIRTUAL MACHINE PERFECT FORWARD SECRECY - Provided is a method, a computer program product, and a system for providing perfect forward secrecy in virtual machines. The method includes receiving a secure memory allocation function from an application, including a connection secret to be stored in memory. The method further includes allocating memory for the connection secret according to the memory size parameter and storing an entry relating to the connection secret in a secure database. The memory information includes a memory location and a memory size of the memory. The method also includes monitoring an operation state relating to the virtual machine. The method further includes receiving, from the application, a secure deallocation function relating to the connection secret and retrieving the memory information from the secure database. The method also includes deleting the connection from the memory and sanitizing the memory location logged by the memory information. | 2021-09-16 |
20210288944 | METHODS AND APPARATUS FOR ENCRYPTED COMMUNICATION - Aspects of the present disclosure relate to an apparatus comprising first interface circuitry to communicate with a first computing device and second interface circuitry to communicate with a second computing device. The first interface circuitry is configured to receive a handshake message from the first computing device. The second interface circuitry is configured to transmit the handshake message to the second computing device and to receive a handshake response message from the second computing device. The first interface circuitry is configured to transmit the handshake response message to the first computing device, whereby to establish a communication session between the first computing device and the second computing device. Apparatus comprises trusted execution environment circuitry to determine a cryptographic session key associated with said communication session, and use said session key to decrypt content of messages transmitted between the first and second computing devices via the apparatus, and analyse said decrypted content. | 2021-09-16 |
20210288945 | Low-Latency MACsec Authentication - An apparatus may include a pipeline circuit configured to process packets and an authentication engine configured to authenticate packets and to provide an authentication signal to the pipeline circuit based on whether packets have been authenticated. The apparatus may further include a control circuit configured to route a given incoming packet to both the authentication engine and to a bypass path. The bypass path may be configured to provide a copy of the given incoming packet to the pipeline circuit to bypass the authentication engine. | 2021-09-16 |
20210288946 | METHODS AND APPARATUSES FOR OBLIVIOUS TRANSFER USING TRUSTED ENVIRONMENT - Methods and apparatuses for performing oblivious transfer using a trusted intermediate environment are described. A data object identifier is used to identify requested data object. The requested data object is stored as a plurality of corresponding data chunks over a plurality of data buckets. The data object identifier is encoded with information identifying each of the plurality of corresponding data chunks within each respective data bucket. A trusted intermediate environment receives a data stream that includes data chunks stored in an assigned data bucket. Using the encoded information from the data object identifier, the trusted intermediate environment determines which of the data chunks in the data stream is the corresponding data chunk streamed from the assigned data bucket. | 2021-09-16 |
20210288947 | SECURE CONTENT ACCESS ACROSS USER ACCOUNTS - The present disclosure relates generally to systems and methods to enable users to access content authorized to other users. A method for accessing content may include receiving an access activation request from a primary device or a primary user account corresponding to a content item accessible by the primary user account, generating an access identifier corresponding to the content item, where the access identifier identifies the content item and includes access information, receiving an access request including the access identifier from a secondary device or a second user account, determining that the access identifier is valid, and delivering the content item to the secondary device. | 2021-09-16 |
20210288948 | SECURE DOMAIN NAME SYSTEM - A method and system for authenticating answers to Domain Name System (DNS) queries originating from recursive DNS servers are provided. A verification component provides a verification that a DNS query originated from the recursive DNS server. An authoritative DNS server receives the query via a network, such as the Internet, and provides an answer to the query to an authentication component. The authentication component then provides an authentication, such as a digital signature, which confirms that the received answer was provided by the authoritative DNS server, and then communicates the answer and the authentication to the verification component via the network. The verification component then verifies that the authentication corresponds to the received answer and sends the answer to the recursive DNS server. When the verification component receives an answer in the absence of a corresponding authentication, the verification component drops the answer. | 2021-09-16 |
20210288949 | METHODS AND PROCESSES FOR UTILIZING INFORMATION COLLECTED FOR ENHANCED VERIFICATION - A system for verifying a user identity. The system comprises one or more memory devices storing instructions and one or more processors configured to execute the instructions. The processors are configured to receive information associated with an account of a user. The processors are further configured to generate a first profile, where the first profile being related to the user. The processors also receives an indication that the account is accessed by an accessor through an accessor device; and receive, from the accessor device, identity data comprising a plurality of data subsets associated with the accessor. The processors are configured to store the data subsets in respective clusters. The processors are further configured generate cluster analyses by analyzing the data subsets in respective clusters; and output the cluster analyses to node instances that weighs the cluster analyses outputs. The processors also generate a second profile, the second profile related to the accessor and being based on the received identity data and weighted cluster analysis. And the processors are configured to determine a likelihood factor that the accessor is the user based on a comparison of the first profile and the second profile. | 2021-09-16 |
20210288950 | FACILITATING PASSWORD CREATION VIA A SECURE DEVICE - Techniques are described with respect to facilitating password creation via a secure device in a defined corporate environment. An associated method includes receiving an authentication request associated with an authorized client of a client system in the defined corporate environment and initializing the secure device with respect to the client system responsive to validating the authentication request. The method further includes creating a password for the client system in compliance with policy criteria associated with the defined corporate environment, encrypting the password, and distributing the password via at least one predetermined technique. In an embodiment, the method further includes creating access control credentials for the client system in compliance with the policy criteria associated with the defined corporate environment. | 2021-09-16 |
20210288951 | Distributed Terminals Network Management, Systems, Interfaces and Workflows - A graphical user interface (GUI) and operator console management system for a distributed terminal network is described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations. | 2021-09-16 |
20210288952 | IDENTIFICATION OF A RELATED COMPUTING DEVICE FOR AUTOMATIC ACCOUNT LOGIN - In an implementation of identifying related computing devices for automatic user account login, a login request to a user account that includes a unique identification (ID) of a user computing device and an internet protocol (IP) address of the user computing device are received. One or more user computing devices that have logged in to the user account using a same IP address as the user computing device are identified based on a user ID of the user account and the unique ID of the user computing device. Whether one or more unique IDs corresponding to the one or more user computing devices that have logged in to the user account are correlated with the unique ID of the user computing device is determined. If yes, data corresponding to login information used by the one or more user computing devices to log in to the user account to the user computing device for automatic account login are sent. | 2021-09-16 |
20210288953 | CUSTOMIZABLE AUTHENTICATION SYSTEM - An online authentication system allows a user to define their own logic for multistage authentication, which is provided to an online authentication center and stored as encrypted bytecode based on each user's password. Implementation logic can use third party information sources to provide additional authentication options. | 2021-09-16 |
20210288954 | DYNAMIC AUTHENTICATION SCHEME SELECTION IN COMPUTING SYSTEMS - Techniques of dynamic authentication scheme selection in distributed computing systems are disclosed herein. One example technique includes analyzing a received authentication request for an indicator of an authentication scheme that is supported by a computing service submitting the authentication request. The example technique can also include determining whether the authentication scheme associated with the indicator is also supported by the authentication service and in response to determining that the authentication scheme associated with the indicator is also supported by the authentication service, initiating an authentication process with the computing service according to the authentication scheme that is supported by both the computing service and the authentication service. As such, the authentication scheme can be dynamically selected at the authentication service for the received authentication request. | 2021-09-16 |
20210288955 | UTILIZING CAVEATS FOR WIRELESS CREDENTIAL ACCESS - A method according to one embodiment includes receiving, by an access control device, a credential token from a mobile device, wherein the credential token includes an access credential, a credential identifier, and a caveat that instructs the access control device to perform an associated action, determining, by the access control device, a credential type associated with the access credential based on the credential identifier, determining, by the access control device, a set of caveat rules associated with the credential type, wherein the set of caveat rules identifies one or more actions authorized for an access credential of the credential type, and performing, by the access control device, the associated action identified by the caveat in response to a determination that the associated action is an action authorized by the set of caveat rules associated with the credential type. | 2021-09-16 |
20210288956 | SECURE PERMISSIONING OF ACCESS TO USER ACCOUNTS, INCLUDING SECURE DEAUTHORIZATION OF ACCESS TO USER ACCOUNTS - A permissions management system is disclosed for enabling a user to securely authorize a third-party system to access user account data and initiate transactions related to a user account, without disclosing to the third-party system account credentials. The system enables the user to also securely de-authorize the third-party system. For example, records may be automatically generated that securely store account information, including one or more permissions related to the account and/or the third-party. A token associated with a record may be shared with the third-party system, but neither the record itself, nor the user account credentials, may be shared with the third-party. Accordingly, the third-party may request user account data and/or initiate transactions by providing the token, but does not itself know, e.g., the user account credentials. Further, the user may set various permissions related to the token, and may also revoke the token (e.g., de-authorize the third-party), thus providing increased security to the user's account. | 2021-09-16 |
20210288957 | TIME-BASED ONE TIME PASSWORD (TOTP) FOR NETWORK AUTHENTICATION - A Time-based One-Time Password (TOTP) validator is interposed between a principal and a network service. The validator interacts with a mobile application (app) on the mobile device associated with the principal to dynamically supply a validator secret. The secret and, perhaps, other information are processed by the app to generate a TOTP when the principal attempts to access a protected resource of the network service. The validator independently generates the TOTP and compares the app generated TOTP, and on a successful match, a principal's access device is redirected for access to the protected resource. | 2021-09-16 |
20210288958 | SYSTEMS AND METHODS FOR SECURE ONLINE CREDENTIAL AUTHENTICATION - Systems, methods, and non-transitory computer-readable medium are disclosed includes for secure online credential authentication. One method includes receiving, over an electronic network, identification information from an identity provider; accessing, from a database, previously stored hashed identification information stored in association with a previous identity provider; comparing the identification information to previously stored hashed identification information; and storing the identification information in association with the identity provider that provided the identification information in the database when the hashed identification information does not match previously stored hashed identification information. | 2021-09-16 |
20210288959 | STATELESS MULTI-PARTY AUTHORIZATION SYSTEM IN WEB APPLICATIONS - A method, a computer system, and a computer program product for authorization using multiple entities is provided. Embodiments of the present invention may include generating a secret, a user hash and an application hash. Embodiments of the present invention may include transmitting the user hash, the application hash and the password to an identity verification authority. Embodiments of the present invention may include generating a password hash. Embodiments of the present invention may include transmitting the user hash and the application hash to a server. Embodiments of the present invention may include identifying the password hash that is associated with the user hash and the application hash, transmitting the password hash and an authorization notification to the identity verification authority, comparing the password hash with a previously stored password hash and determining that the comparison of the password hash with the previously stored password hash matches. | 2021-09-16 |
20210288960 | AUTHENTICATION USING CLIENT LOGIN METRICS - A method comprises an authentication agent receiving a communications protocol message from a login agent of a client attempting to login to a target system. The authentication agent determines a login metric associated with the protocol message. The login metric comprises a latency, network, and/or data entry metric. The authentication agent receives credentials associated with an authentic client of the target system and compares the login metric with a registered metric associated with the authentic client. Based on the login metric comporting with the registered metric, the authentication agent continues login processing or performs a non-comporting metric action. Another method comprises the authentication agent sending a training request to the login agent, receiving a training response, determining a login metric associated with the training response, and recording the login metric among registered metrics of an authentic client. A computing system can implement the methods. | 2021-09-16 |
20210288961 | IDENTIFYING ACCOUNTS HAVING SHARED CREDENTIALS - Disclosed are systems, methods, and non-transitory computer-readable storage media for identifying accounts having shared credentials. In some implementations, a content management system can collect user login context data when a user logs in to or accesses a user account of the content management system. For example, the content management system can collect client device data, client application data, internet protocol (IP) address data, and/or other data from the user's device when the user logs in to the user account. The content management system can analyze the login context data to determine patterns that indicate that the user account login credentials are being shared among multiple users. | 2021-09-16 |
20210288962 | SECURE MODIFICATION OF MANUFACTURER USAGE DESCRIPTION FILES BASED ON DEVICE APPLICATIONS - Techniques for providing secure modification of manufacturer usage description (MUD) files based on device applications are provided. In one embodiment, a method for secure modification of MUD files may include obtaining a request for one or more applications from a device. The method also includes providing to the device the one or more applications and a certification that includes an updated MUD identifier determined based on the one or more applications requested. The updated MUD identifier is associated with a concatenated MUD file that comprises individual MUD file portions for each of the one or more applications requested. The device is configured to request an updated device identifier using the certification. The updated device identifier includes the updated MUD identifier that is associated with the concatenated MUD file. | 2021-09-16 |
20210288963 | REVISION OF ACCESS CONTROL PROCESS ACCORDING TO VIRTUAL ROLES OF SUBJECTS BASED ON ATTRIBUTES THEREOF - A solution is proposed for reviewing a control of access in an information technology system. A corresponding method comprises retrieving an indication of granted accesses to objects, being granted to subjects according to policies based on attributes. Virtual roles (each defined by one or more of the attributes) are determined according to a correlation among access types of the granted accesses and the attributes of the subjects being granted them. A computer program and a computer program product for performing the method are also proposed. Moreover, a system for implementing the method is proposed. | 2021-09-16 |
20210288964 | SYSTEM, METHOD AND COMPUTER-READABLE MEDIUM FOR UTILIZING A SHARED COMPUTER SYSTEM - The present invention is directed to a method, apparatus and computer-readable medium for utilizing a shared computer system. The method includes receiving, by way of at least one interface, an access request associated with a potential user of a financial entity for access to a secure data processing center of a financial regulatory system, wherein the secure data processing center is configured to share information associated with specified financial activities. The method includes determining a classification of the potential user with respect to one or more potential or actual access rights to be associated with the potential user for accessing the secure data processing center. The determined classification of the potential user is that the potential user is an eligible user of the secure data processing center as defined by an accrediting organization of the financial regulatory system. | 2021-09-16 |
20210288965 | NETWORK RESOURCE PRIVACY NEGOTIATION SYSTEM AND METHOD - A method for accessing a network resource including detecting an attempt by a user via a computing device to access a service enabled by a computing system via a network and transmitting via the network to the computing system a first request to access the service in response to detecting the attempt by the user to access the service, the first request including at least one empty personally identifiable data structure. A failure to access the service responsive to the first request is determined. A second request to access the service in response to the first failure to access the service is transmitted via the network to the computing system, the second request including artificial personally identifiable information, and access to the service from the computing system is received for the user. | 2021-09-16 |
20210288966 | Graphical User Interface and Operator Console Management System for Distributed Terminal Network - A graphical user interface (GUI) and operator console management system for a distributed terminal network is described. In some embodiments, the terminals may be hardware terminals, kiosks, or clients. In some embodiments, a security analysis may be performed, and security scores may be determined, for visitors requesting operations at terminals based on an operator configuration. Security scores may be determined by a provider, in communication with the operator terminals, based on aggregation of a plurality of factors, wherein each factor may be weighted. The factors may incorporate operator settings or preferences. In one embodiment, the factors include one or more facial recognition factors. The one or more facial recognition factors may be used for biometric authentication. The provider may use the security scores to determine user privileges or permissions for the operations. The provider may deliver instructions or messages to the terminals based on the determinations. | 2021-09-16 |
20210288967 | SYSTEMS AND METHODS FOR EFFICIENT AND SECURE TEMPORARY ANONYMOUS ACCESS TO MEDIA CONTENT - A method for providing access to media content from a media content provider is performed at an electronic device. The method includes receiving, from a client device, a request for access to a media item. The request for access includes a self-describing user-identifier. The method includes, in response to the request for access to the media item, initiating an analysis to determine whether the client device is authorized to access the media item, the analysis including an examination of a media consumption log associated with the client device. The media consumption log stores data representing self-describing user-identifiers. The analysis includes, based on the examination of the media consumption log, detecting multiple requests from different self-describing user identifiers corresponding to the client device to determine whether the client device has reached an access limit and, when the client device has reached the access limit, terminating access to the media item. | 2021-09-16 |
20210288968 | SYSTEM AND METHOD FOR AGGREGATING CLIENT DATA AND CYBER DATA FOR AUTHENTICATION DETERMINATIONS - The invention relates to a method and system that aggregates client data and cyber indicators to authenticate a client. The system comprises: a computer server comprising at least one computer processor and coupled to the memory, programmed to: receive, via an electronic input, an authorization request from a requester for access to an account; identify a client identifier associated with the authorization request; using the client identifier, retrieve, from the memory, a client profile, wherein the client profile is based on an aggregation of client data, client device data, claims data and cyber data; generate a risk score based on the aggregated combination of the client data, client device data, claims data and cyber data to determine whether the requester is authenticated to access the account; and automatically apply an authentication determination to the authorization request. | 2021-09-16 |
20210288969 | METHOD FOR SUPPLYING A SECURE CONNECTION PROXY - A method for automatically supplying a secure connection proxy with remote targets on the basis of privileged account data, includes a step of exploring, by a robot program, at least one domain for identifying the privileged accounts; a step of filtering the privileged accounts on the basis of criteria; steps of extracting characteristics from identified privileged accounts; and a step of supplying the proxy with the gathered data. | 2021-09-16 |
20210288970 | DYNAMIC MEMBERSHIP ASSIGNMENT TO USERS USING DYNAMIC RULES - Techniques for identity management, and more particularly, to techniques for dynamically assigning membership to users in the system based on dynamic rules. In one aspect a computer-implement method is provided that breaks down the processing from a single large thread or operation into multiple minutest level threads or operations and makes use of event driven architecture used in distributed environments such as a cloud environment, to achieve a scalable model and can work seamlessly for multi-tenant applications. Every sub problem is assigned to a dedicated set of subscribers on a messaging service for processing. | 2021-09-16 |
20210288971 | EFFICIENT RETRIEVAL AND RENDERING OF ACCESS-CONTROLLED COMPUTER RESOURCES - Particular aspects of this disclosure relate to computerized systems for generating and using improved data structures and functionality to efficiently render different multiple access-controlled resources (or properties of access-controlled resources) that are part of a concept. Often times, two or more resources of a concept or properties of a resource are subject to different access controls. This adds computing complexity as to whether or not a user is granted access to the entire concept or resource, a portion of the concept or resource, or none of the concept or resources and what exactly is surfaced back to the user when there are resources or properties the user does and does not have access to. Some embodiments accordingly render an efficient composite view of concepts or resources where some resources or properties are accessible by the requesting user, while other resources or properties are not accessible by the requesting user. | 2021-09-16 |
20210288972 | ACCESS CONTROL FOR OBJECT INSTANCES - The present disclosure involves systems, software, and computer implemented methods for access control for object instances. A method includes receiving, at a cloud application, a user request associated with a user. The user request corresponds to an instance of a first application artifact type. Role assignments for the user are retrieved from a cloud platform and a determination is made that the role assignments grant permission to the first application artifact type to the user. A determination is made that a first instance-based access policy exists for the first application artifact type. A determination is made regarding whether the first instance-based access policy grants permission for the user to access the instance. The user request is serviced in response to determining that the first instance-based access policy grants permission for the user to access the instance. The use request is denied in response to determining that the first instance-based access policy does not grant permission for the user to access the instance. | 2021-09-16 |
20210288973 | LOCATION-BASED USER AUTHENTICATION - A method at a computing device is described. The method comprises executing an application for verifying a location of a user requesting to access a location-based service, receiving, at the application, information indicating a location of the computing device, and encoding, with the application, at least the location to thereby generate a location token for responding to a challenge for the location token. The method further comprises outputting the location token from the application, the location token configured for use in applying a location-based access policy that controls access by the user to the location-based service. | 2021-09-16 |
20210288974 | ACCESS TOKEN FOR A VERIFIABLE CLAIM - Authorizing access to a verifiable claim so that a user who is the subject of the verifiable claim need not actively authorize the access. An access token is generated that is configured to provide access to a verifiable claim that was previously issued on behalf of a user that is the subject of the verifiable claim. The access token is then provided to an entity that is to be given access to the verifiable claim. The access token is next received from the entity when the entity attempts to access the verifiable claim and is validated. Finally, the entity is provided with access to the verifiable claim upon validation of the access token without the user having to actively authorize the access. | 2021-09-16 |
20210288975 | APPARATUS FOR GENERATING HETEROGENEOUS FUNCTIONAL EQUIVALENT AND METHOD THEREOF - An apparatus for generating heterogeneous functional equivalent and method thereof includes: a heterogeneous functional equivalent generator and an element pool connected to the heterogeneous functional equivalent generator, where the element pool includes at least one element. The heterogeneous functional equivalent generator is configured to obtain a generation policy and is further configured to select element sets corresponding to the number from the element pool according to the generation policy. The heterogeneous functional equivalent generator is further configured to generate the number of heterogeneous functional equivalents based on the selected element sets. Because the elements for constructing heterogeneous functional equivalents are different, the relationship between element and service response output by the heterogeneous functional equivalent to outside is uncertain, thereby making it uneasy to sniff an unknown defect or a backdoor of the heterogeneous functional equivalent, and lowering the success rate of an intruder's attack on the heterogeneous functional equivalent. | 2021-09-16 |
20210288976 | METHODS AND APPARATUS TO ANALYZE NETWORK TRAFFIC FOR MALICIOUS ACTIVITY - Methods, apparatus, systems and articles of manufacture are disclosed to analyze network traffic for malicious activity. An example apparatus includes a graph generator to, in response to obtaining one or more internet protocol addresses included within input data, generate a graph data structure based on one or more features of the one or more internet protocol addresses in the input data, a file generator to generate a first matrix using the graph data structure, the first matrix to represent nodes in the graph data structure and generate a second matrix using the graph data structure, the second matrix to represent edges in the graph data structure, and a classifier to, using the first matrix and the second matrix, classify at least one of the one or more internet protocol addresses to identify a reputation of the at least one of the one or more internet protocol addresses. | 2021-09-16 |
20210288977 | CONTEXTUAL SECURITY RECOMMENDATIONS FOR OPTIMIZATION AND SECURITY BEST PRACTICES IN A DATA NETWORK SECURITY FABRIC - A network gateway interrogates a plurality of network devices to collect security state data and operational state data on a periodic basis. Contextual security recommendations are generated based on the security rating report. Security actions can be taken based on the contextual security recommendations. | 2021-09-16 |
20210288978 | WEB SERVER SECURITY | 2021-09-16 |
20210288979 | SCALING A PROCESSING RESOURCE OF A SECURITY INFORMATION AND EVENT MANAGEMENT SYSTEM - Concepts for scaling a processing resource of a security information and event management system for processing a set of security events are presented. One example comprises identifying an event property of a set of security events, then assessing the identified event property against a predetermined rule. The method then comprises, in response to the assessed event property satisfying the predetermined rule, scaling a processing resource for processing the set of security events based on the predetermined rule. | 2021-09-16 |
20210288980 | Relationship-Based Conversion of Cyber Threat Data into a Narrative-Like Format - A mechanism is provided in a data processing system for displaying cyber threat data in a narrative format. The mechanism receives a cyber threat information file that comprises cyber threat data in a serialized format. The mechanism generates a tree data structure representing relationships between objects in the cyber threat data and generates a user interface presenting the cyber threat data in a narrative format based on the tree data structure. The mechanism presents the user interface to an analyst. | 2021-09-16 |
20210288981 | IDENTITY ATTACK DETECTION AND BLOCKING - Embodiments detect identity attacks by comparing usage of compromised passphrases or other weak credentials in failed sign-in attempts to access restriction conditions. A restriction threshold amount of weak credential failed sign-ins (WCFSI) or a WCFSI increase indicates an identity attack, such as a password spray attack. Going beyond the mere number of failed sign-ins by also considering credential strength allows embodiments to detect attacks sooner than other approaches. An embodiment may also initiate or impose defenses by locking accounts, blocking IP addresses, or requiring additional authentication before access to an account is allowed. Weak credentials may include short passwords, simple passwords, compromised passwords, or wrong usernames, for instance. Password strength testing may be used for attack detection in addition to preventive use on passwords proposed by authorized users. Familiar and unfamiliar traffic source locations may be tracked, as sets or individually. | 2021-09-16 |
20210288982 | ACTIVITY DETECTION BASED ON TIME DIFFERENCE METRICS - In some examples, a system determines a difference between a received time indication and a previous time indication, performs a modular arithmetic operation with respect to a first integer on the difference, and increments a count related to a first set associated with a first result of the modular arithmetic operation. The system compares respective counts associated with respective sets of a plurality of sets including the first set, wherein each set of the plurality of sets is associated with a different result of the modular arithmetic operation, and detects an occurrence of a security intrusion based on the comparison. | 2021-09-16 |
20210288983 | Machine Learning Based Anomaly Detection and Response - The technology relates to machine responses to anomalies detected using machine learning based anomaly detection. In particular, to receiving evaluations of production events, prepared using activity models constructed on per-tenant and per-user basis using an online streaming machine learner that transforms an unsupervised learning problem into a supervised learning problem by fixing a target label and learning a regressor without a constant or intercept. Further, to responding to detected anomalies in near real-time streams of security-related events of tenants, the anomalies detected by transforming the events in categorized features and requiring a loss function analyzer to correlate, essentially through an origin, the categorized features with a target feature artificially labeled as a constant. An anomaly score received for a production event is determined based on calculated likelihood coefficients of categorized feature-value pairs and a prevalencist probability value of the production event comprising the coded features-value pairs. | 2021-09-16 |
20210288984 | MONITORING THE INTEGRITY OF A SPACE VEHICLE - Space system TT&C monitoring includes analyzing network traffic comprising of data packets between a front-end processor (FEP) and a cryptographic unit. A JavaScript Object Notation (JSON) object is created when the network traffic containing a vehicle command is detected. The JSON object is transmitted, by way of a data transport mechanism, to either a cyber defense module or a security information and event management (SIEM) module for further ingestions and visualization. The JSON object is analyzed using machine learning (ML) module or a rule-based intrusion detection system (IDS) module to generate an anomaly score for the SIEM module for further ingestions and visualization. | 2021-09-16 |
20210288985 | SYSTEM AND METHOD FOR BEHAVIOURAL BIOMETRIC AUTHENTICATION USING PROGRAM MODELLING - An authentication method for use in a device and comprises monitoring a program behavior stream comprising a plurality of program observables that comprises a program observable. The method records the program observable and matches the recorded first program observable to a program model selected from a plurality of program models stored within a program store. A user model is selected from a plurality of user models stored within a user store corresponding to the program model. A user behavior stream corresponding to the program observable is monitored and a user observable contained in the user behavior stream is recorded. The user observable is correlated to the user model and an authentication state associated with the device is determined based on the correlating. | 2021-09-16 |
20210288986 | DATA EXFILTRATION DETECTOR - Disclosed herein are methods, systems, and processes for detecting data exfiltration. A data exfiltration event in a network is detected. Traffic data regarding outgoing traffic of a source in the network associated with the data exfiltration event is received. A logarithmic transformation is applied to the traffic data to generate transformed data. An outlier identification technique is selected based on the transformed data and is executed on the transformed data to determine that the outgoing traffic is indicative of the data exfiltration event. An alert is generated in response to the determination that the outgoing traffic is indicative of the data exfiltration event. | 2021-09-16 |
20210288987 | THREAT MITIGATION SYSTEM AND METHOD - A computer-implemented method, computer program product and computing system for: obtaining system-defined consolidated platform information for a computing platform from an independent information source; obtaining client-defined consolidated platform information for the computing platform from a client information source; and comparing the system-defined consolidated platform information to the client-defined consolidated platform information to define differential consolidated platform information for the computing platform. | 2021-09-16 |
20210288988 | HOME AUTOMATION RISK ASSESSMENT AND MITIGATION VIA MACHINE LEARNING - An approach for identifying mitigation solution based on critical situations is disclosed. The approach includes detecting one or more critical situations associated within a structure and detecting one or more location of one or more users in the structure. The approach retrieves a user-knowledge corpus based on one or more smart IoT devices or from existing database. Furthermore, the approach retrieves a critical situation knowledge corpus from various servers and creates risk mitigation action plans to address the one or more critical situations. The approach selects an optimal plan, by leveraging machine learning through combinatorial optimization technique, from the existing risk mitigation action plans and executing the optimal plan. | 2021-09-16 |
20210288989 | INFORMATION PROCESSING DEVICE AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM - According to one embodiment, an information processing device ranks one or more security measures technologies to be ranked. The information processing device includes processing circuitry configured to operate as an influence information obtaining unit, a requirements information obtaining unit and a ranking unit. The influence information obtaining unit obtains influence information indicating correspondence between the one or more security measures technologies and an influence on a system when each of the one or more security measures technologies is introduced into the system. The requirements information obtaining unit obtains requirements information indicating system requirements of the system. The ranking unit ranks the one or more security measures technologies based on a degree of satisfaction of the system requirements indicated in the requirements information, using the requirements information and the influence information. | 2021-09-16 |
20210288990 | INVESTIGATION OF THREATS USING QUERYABLE RECORDS OF BEHAVIOR - Introduced here are computer programs and computer-implemented techniques for producing records of digital activities that are performed with accounts associated with employees of enterprises. Such an approach ensures that records are created for digital activities that are deemed unsafe and for digital activities that are deemed safe by a threat detection platform. At a high level, more comprehensively recording digital activities not only provides insight into the behavior of individual accounts, but also provides insight into the holistic behavior of employees across multiple accounts. These records may be stored in a searchable datastore to enable expedient and efficient review. | 2021-09-16 |
20210288991 | SYSTEMS AND METHODS FOR ASSESSING SOFTWARE VULNERABILITIES THROUGH A COMBINATION OF EXTERNAL THREAT INTELLIGENCE AND INTERNAL ENTERPRISE INFORMATION TECHNOLOGY DATA - Computer-implemented methods and systems for assessing software vulnerabilities through a combination of external threat intelligence and internal information technology data are disclosed. | 2021-09-16 |
20210288992 | Operational Network Risk Mitigation System And Method - A computer network risk mitigation system includes a computerized platform configured to utilize gathered contextual data regarding cyber-risk metrics in are operational technology network. The computerized platform is configured to conduct network configuration changes in accordance with the gathered contextual data in order to mitigate cyber-security threats. Methods for refining a network attack graph and for utilizing risk score evaluation are also described. | 2021-09-16 |
20210288993 | CORRELATION-DRIVEN THREAT ASSESSMENT AND REMEDIATION - Introduced here are security management platforms configured to identify, assess, and monitor organizational vulnerability to security threats. By monitoring netflow data regarding the traffic traversing the Internet, a security management platform can identify security threats that would otherwise go undetected. Such action can be performed instead of, or in addition to, monitoring netflow data regarding the traffic traversing a local network (also referred to as an “internal network”) associated with an organization under examination. Thus, rather than monitor the traffic leaving public-facing Internet Protocol (IP) addresses residing on the local network, the security management platform can instead monitor traffic traversing the Internet and then filter the traffic to identify flows originating from the local network, flows destined for the local network, or any combination thereof. | 2021-09-16 |
20210288994 | PROACTIVE DETECTION OF VULNERABILITIES IN A DATA NETWORK SECURITY FABRIC - A network gateway interrogates a plurality of network devices to collect security state data and operational state data on a periodic basis. A vulnerability resolution module to automatically uploads a security report and downloads actions (e.g., updates to operating system, configurations or policies) from a cloud vulnerability server corresponding to resolution of the vulnerabilities. A security remediation module can remediate on the network device for protection against at least the specific vulnerability of the at least one the peripheral. | 2021-09-16 |
20210288995 | Operational Network Risk Mitigation System And Method - A computer network risk mitigation system includes a computerized platform configured to utilize gathered contextual data regarding cyber-risk metrics in an operational technology network. The computerized platform is configured to conduct network configuration changes in accordance with the gathered contextual data in order to mitigate cyber-security threats. Methods for refining a network attack graph and for utilizing risk score evaluation are also described. | 2021-09-16 |
20210288996 | DDOS-HANDLING DEVICE, DDOS-HANDLING METHOD, AND PROGRAM - A DDoS attack handling technology is provided in which even when a plurality of IP addresses are attacked at the same time, resource load distribution between sites can be achieved while an increase in delay of target-addressed communications due to the handling of DDoS attacks is prevented. A DDoS handling apparatus | 2021-09-16 |
20210288997 | VERIFYING INCOMING COMMUNICATIONS - Disclosed are systems, methods, and non-transitory computer-readable media for verifying an incoming communication. A recipient client device receives an incoming communication including an identifier identifying a second client device as having initiated the incoming communication. A verification service installed on the recipient client device queries a call placement service directory based on the first identifier. The call placement service directory maintains a listing of identifiers for client devices and corresponding communication providers that manage the identifiers. The call placement service directory returns information identifying the communication provider that manages the identifier. In turn, the verification service transmitting a request to the communication provider to confirm whether the second client device initiated the incoming communication. The verification service processes the incoming communication based on the response from the communication provider indicating whether the second client device initiated the incoming communication. | 2021-09-16 |
20210288998 | MONITORING SCAN ATTEMPTS IN A NETWORK - Disclosed herein are methods, systems, and processes for monitoring scan attempts in a network. A virtual security appliance with multiple ports is deployed in a network. One or more ports are obfuscated via the virtual security appliance to make the various ports appear to be closed. An address of the virtual security appliance within the network is modified, the several ports are adjusted to assume a predetermined profile, a network neighbor's profile is discovered and emulated, and a received connection attempt intended for the virtual security appliance is monitored. | 2021-09-16 |
20210288999 | APPROACHES FOR SECURING MIDDLEWARE DATA ACCESS - Systems and methods are provided for determining an access request provided by an entity that seeks to interact with one or more backend systems through a middleware system, the access request including a genuine access token. The entity can be authenticated based on the genuine access token. When a client request is made to the middleware system with a genuine access token, the request can be made through a smart ingress and egress proxy which intercepts the request and replaces the genuine access token with an invalid access token. The middleware system can subsequently make authorized requests to downstream systems on behalf of the middleware system's client by treating the smart proxy as an egress proxy for those subsequent requests, and the smart proxy replaces the invalid access token with a genuine one. | 2021-09-16 |
20210289000 | RESTRICTIVE USER PRIVILEGES - An information handling system may include a host system and a management controller configured to provide out-of-band management of the information handling system. The management controller may be configured to: receive, via a management bus of the management controller, a user login request for access to a first user account associated with the management controller; determine a second user account corresponding to the first user account, wherein the second user account is associated with a security policy; and provide the user access to the management controller via the first user account, wherein a privilege level of the provided access is based on a set of privileges associated with the second account. | 2021-09-16 |
20210289001 | AUTOMATED AUTHENTICATION AND AUTHORIZATION IN A COMMUNICATION SYSTEM - An application-operating organization may delegate a third-party server to serve as an automated contextual authentication responder and an authorization responder. The third-party server may manage a delegated section of the organization's namespace that includes the public identities of various devices controlled by the organization. The third-party server may also dynamically generate interaction control list that is tailored to a requesting device's context based on the interaction control policies set forth by the organization. The interaction control list may include information that determines the authorization of the requesting device to interact with another device. The third-party server may also automatically determine the role of a new device to which existing policies are inapplicable and provide guided workflow for the organization to set up new interaction control policies in governing the new device. The determination of the roles of devices may be based on an iterative process using external data sources. | 2021-09-16 |
20210289002 | ADAPTIVE OFFLINE POLICY ENFORCEMENT BASED ON CONTEXT - Disclosed are various examples that relate to adjusting a stringency of offline policy restrictions based on a situational context of a computing device. In one example, a system can receive an offline restriction policy for an application. The system can identify a request to execute an application during the offline period of time. A situational context of the computing device can be determined. A first application restriction can be enforced for the application on the computing device based on the identification of the computing device being in the offline period of time and the situational context. A change in the situational context of the computing device can be identified during the offline period of time based on a detection of a second condition. A second application restriction can be enforced for the application on the computing device during the offline period of time. | 2021-09-16 |
20210289003 | INFORMATION COLLECTION SYSTEM, INFORMATION COLLECTION METHOD, AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING CONTROL PROGRAM - In an information collection system, an address posting unit posts address information of a hidden service provided by a hidden service providing system to a server serving as a posting target server. Then, the hidden service providing system provides a hidden service appropriate to a hidden service request received from a user terminal to the user terminal. After that, an information collection unit collects information (e.g., input request information, service result information, etc.) about the hidden service provided by the hidden service providing system. | 2021-09-16 |
20210289004 | LAWFULLY INTERCEPTING TRAFFIC AND PROVIDING THE TRAFFIC TO A CONTENT DESTINATION BASED ON CHAINED TRAFFIC TAPPING - A network device may receive a request, to install a filter, that includes information identifying a first source address, a first destination address, a content destination device, and a tapping level indicator. The network device may create an additional filter, based on the tapping level indicator, by setting the first destination address as a second source address, determining a third destination address that is a destination for the second source address, and setting the third destination address as a third source address. The network device may add the filter and the additional filter to a list of filters, and may receive, from source devices, packets destined for destination devices. The network device may generate a copy of a packet, and may determine that the copy of the packet matches the filter or the additional filter. The network device may forward the copy of the packet to the content destination device. | 2021-09-16 |
20210289005 | SYSTEM AND METHOD FOR CONTROLLING DATA INTERCEPTION IN A COMMUNICATION SYSTEM - The present disclosure relates to a system and method for controlling data interception in a communication network. One or more requests from a user for accessing one or more microservices are received through an Application Programming Interface (API). Information associated with one or more requests is the detected and requests are classified as secured microservice request and non-secured microservice request. The information is detected through predefined rules. Authentication token is then issued for secured microservice based on the detecting. The authentication token stores information detected by the detector in a geo storage system. The one or more requests are then routed according to the authentication token towards one or more corresponding microservices of the one or more microservices. | 2021-09-16 |
20210289006 | Modifications to Electronic Communication Protocols to Facilitate Agent-based Communications - A communication application is implemented in which the application implements transmission routing protocols and other parameters for subjects to utilize remote agents during a virtual communication session. The communication session may be hosted by a remote host service that each participant, including the subjects and agents, access using extensibility from a proprietary communication application, plugin, or a web browser application. One of the user-participants may create the communication session, which, in typical implementations, would have four participants—two subjects and two agents. Initiating an active state may trigger a set of communication protocols and parameters, whether standardized or user-customized. The communication routing protocols prohibit communication between the two subjects, including restricting A/V (Audio/Video) and text transmissions. This way, the agents are the conduits through which the subjects communicate with each other. | 2021-09-16 |
20210289007 | COMBINABLE CONFERENCE ROOMS - Methods and systems for combinable conference rooms. The method including establishing a baseline audio and video (AV) signal flow for combinable rooms in a baseline state, generating a baseline macroinstruction for the baseline state, establishing non-baseline AV signal flows for one or more non-baseline states, where each non-baseline AV signal flow turns off certain paths in the baseline AV signal flow to establish AV signal flow isolation between certain of the combinable conference rooms, generating a non-baseline macroinstruction for each of the one or more non-baseline states, providing an interface for selecting the baseline and each non-baseline macroinstruction, where the baseline and each non-baseline macroinstructions are generated for operation with an AV controller and the interface which collectively control AV signal flow of the combinable conference rooms, and configuring the combinable conference rooms based on selection, via the interface, of one of the baseline or the non-baseline macroinstructions. | 2021-09-16 |
20210289008 | METHOD FOR SETTING UP A WEBRTC SESSION - Some embodiments relate to a method implemented by a first terminal for setting up a session with a second terminal. An identifier of a session server is obtained at least from a subscriber device in the first terminal which comprises a subscriber identifier and an operator identifier. A session request and an identifier of the second terminal are sent to the server. At least one instruction is received from the server and a message comprising a first set, relative to the first terminal, of at least one characteristic parameter of the requested session is generated in accordance with at least one instruction received and sent to the server. A message is received from the server comprising a second set of at least one characteristic parameter of the requested session, the second set relating to the second terminal and having a non-zero overlap with the first set. | 2021-09-16 |
20210289009 | METHOD FOR SETTING UP A WEBRTC SESSION - Some embodiments relate to a method implemented by a first terminal for setting up a session with a second terminal. An identifier of a session server is obtained at least from a subscriber device in the first terminal which comprises a subscriber identifier and an operator identifier. A session request and an identifier of the second terminal are sent to the server. At least one instruction is received from the server and a message comprising a first set, relative to the first terminal, of at least one characteristic parameter of the requested session is generated in accordance with at least one instruction received and sent to the server. A message is received from the server comprising a second set of at least one characteristic parameter of the requested session, the second set relating to the second terminal and having a non-zero overlap with the first set. | 2021-09-16 |
20210289010 | METHOD FOR PROCESSING MESSAGE IN GROUP SESSION, STORAGE MEDIUM, AND COMPUTER DEVICE - A computer device receives a session message in a group session on a social networking application. The session message includes a child application identifier corresponding to a child application. The device determines a session identifier corresponding to the group session to which the session message belongs. The device transmits the session identifier to the child application and receives from the child application a request for page data corresponding to the session identifier. In accordance with the request, the device obtains the page data corresponding to the child application identifier. The device renders a child application page in a child application according to the obtained data. In accordance with detecting a trigger event corresponding to the child application identifier on the session message, the device invokes the child application in the social networking application. | 2021-09-16 |
20210289011 | INFORMATION EXCHANGE METHOD AND TERMINAL - This application relates to the communications field, and disclose an information exchange method and a terminal. The method includes: determining target content in a current interface according to an operation instruction entered by a topic initiator for the current interface; determining a discussion topic title based on the target content, and setting up a topic discussion group; adding a topic participant to the topic discussion group based on the target content and/or the discussion topic title; and receiving discussion content entered by the topic initiator and/or the topic participant, and displaying the discussion content. | 2021-09-16 |
20210289012 | Indicating an Association Between a Social-Media Account and a Media Playback System - Examples disclosed herein include a social-media computing system receiving, from a first computing device, a first message indicating that a media playback system is associated with a first social-media account; and based on the received first message, sending, to a second computing device associated with a second social-media account, a second message indicating that the media playback system is associated with the first social-media account. The examples may also include the second computing device receiving, from the social-media computing system, the second message; and based on the received second message, causing display of an indication of the association between the media playback system and the second social-media account. | 2021-09-16 |
20210289013 | CHUNK-BASED PREDICTION ADAPTATION LOGIC - A multimedia player downloads chunks (parts of the segment file) during the download of a segment of a stream of segments of a low-latency stream. The first chunks of a segment may be downloaded while the segment is still being written to the CDN server. A chunk-based prediction adaptation logic uses throughput measurements on a chunk instead of a segment and specifically looks at bursts in a sliding window. This data is used to build a prediction of future throughput by applying linear adaptive filter algorithms that may rely on recursive least squares. This adaptation logic leads to very accurate bandwidth predictions and as a consequence, better user experience, compared to existing adaptation algorithms. | 2021-09-16 |
20210289014 | MULTIPATH DATA STREAMING OVER MULTIPLE NETWORKS - Embodiments described herein relate to real-time streaming of large quantities of time critical data over multiple distinct networks from a communications device. More specifically, embodiments described herein may address challenges and problems of maintaining consistent data reception quality when faced with the anomalies of a moving sender that is sending data using a relatively unstable method. This may be achieved by converting single source data into multiple data streams, placing them in transport buffers and storing them for forwarding. | 2021-09-16 |