38th week of 2015 patent applcation highlights part 67 |
Patent application number | Title | Published |
20150263939 | COMMUNICATION SYSTEM, CONTROL APPARATUS, CONTROL METHOD AND PROGRAM - A communication system includes a control apparatus that controls communication apparatus(s) included in a hierarchical network, and a first communication apparatus that forms links in a first layer of the network and performs processing related to communication flows based on a first packet handling operation. The control apparatus determines destinations to accommodate communication flows specified according to the first packet handling operation, based on information related to a second layer that differs from the first layer. | 2015-09-17 |
20150263940 | LABEL STACK ENCODING AND PROCESSING TO ENABLE OAM PROCEDURES FOR SERVICE SEGMENTS IN SEGMENT ROUTED (SR) NETWORKS - Exemplary methods for creating label stacks include creating and sending a first SR label stack for a data packet, wherein the first SR label stack causes the data packet to be forwarded through the SR network using a first set of links, and wherein the first SR label stack includes a first service label that identifies a first service to be applied to the data packet by a second network device. In one embodiment, the methods include creating and sending a second SR label stack for an operations administration and maintenance (OAM) packet, wherein the second SR label stack causes the OAM packet to be forwarded through the SR network using the first set of links, and wherein the second SR label stack prevents the second network device from applying the first service to the OAM packet. | 2015-09-17 |
20150263941 | NETWORK APPARATUS AND METHOD USING LINK LAYER ROUTING - A next-generation mobile communication network apparatus and method using link layer routing. The network apparatus uses an existing IP address as an identifier while using a link layer address as a locator, and utilizers a location server that manages mapping between the IP address and the link layer address, thereby providing mobility. | 2015-09-17 |
20150263942 | MESSAGE PATH SELECTION WITHIN A NETWORK - Embodiments relate to path selection for packet transfer in a network. An aspect includes a method of selecting a path among a plurality of paths in a network for transfer of a packet from a first system to a second system in the network. The method includes storing, in a memory device, a static path performance vector indicating a tier among a plurality of tiers corresponding with each of the plurality of paths, each of the plurality of tiers corresponding with a relative performance level. The method also includes maintaining a path availability bit vector indicating an availability of each of the plurality of paths, and selecting, using a processor, the path among the plurality of paths based on the path performance vector and the path availability bit vector. | 2015-09-17 |
20150263943 | METHOD FOR ACQUIRING PACKET, DEVICE AND RECORDING MEDIUM - A method for acquiring a packet of a monitoring target, the method includes, forming, by a control unit, a mirror path for arriving a mirror packet, of which a origin or a destination of a transmission is a virtual machine for the monitoring target, at a monitoring device which monitors the mirror packet through one or more relay devices, detecting, by the control unit, an occupation when a packet except the packet, of which the origin or the destination of a transmission is the virtual machine for the monitoring target, does not pass based on history information of the packet which passes the relay device, accumulating, by the monitoring device, the mirror packet which passes the relay device, and extracting, by the monitoring device, the mirror packet which arrived at in the occupation as the packet for the monitoring target. | 2015-09-17 |
20150263944 | LEARNING INFORMATION ASSOCIATED WITH SHAPING RESOURCES AND VIRTUAL MACHINES OF A CLOUD COMPUTING ENVIRONMENT - A source network device of a cloud computing network receives a packet destined for a destination virtual machine provided in a destination cloud computing device. The packet is received from a source virtual machine provided in a source cloud computing device. The source network device associates, to the packet, a source shaping resource of the source network device, where the source shaping resource includes a bandwidth that matches or exceeds a bandwidth associated with the source virtual machine. The source network device adds, to the packet, a header that identifies an address of the source virtual machine, an identifier associated with the source shaping resource, and the bandwidth associated with the source virtual machine. The source network device provides, via the source shaping resource, the packet and the header to the cloud computing network for transmission to the destination virtual machine. | 2015-09-17 |
20150263945 | HIGH ASSURANCE PACKET ROUTER | 2015-09-17 |
20150263946 | ROUTE ADVERTISEMENT BY MANAGED GATEWAYS - Some embodiments provide a network system. The network system includes a first set of host machines for hosting virtual machines that connect to each other through a logical network. The first set of host machines includes managed forwarding elements for forwarding data between the host machines. The network system includes a second set of host machines for hosting virtualized containers that operate as gateways for forwarding data between the virtual machines and an external network. At least one of the virtualized containers peers with at least one physical router in the external network in order to advertise addresses of the virtual machines to the physical router. | 2015-09-17 |
20150263947 | SECONDARY LOOKUP FOR SCALING DATAPATH ARCHITECTURE BEYOND INTEGRATED HARDWARE CAPACITY - Various exemplary embodiments relate to a method for routing an incoming packet to a destination, the method including: receiving, at a network device, the incoming packet; determining a destination address of the packet; determining that the destination address is not included in a routing table on the network device; sending a message to a companion device, wherein the message includes the destination address; receiving from the companion device, at the network device, a routing indicator for the destination address; and sending the packet towards a destination consistent with the routing indicator. | 2015-09-17 |
20150263948 | DEVICE AND METHOD FOR RETRANSMITTING DATA IN A NETWORK SWITCH - A device and a method for transmitting data within a network switch is provided. The method implemented by computer makes it possible to transmit to a receiver network domain only the applicational data necessary for this domain. The method identifies in a frame received solely the data corresponding to each addressee network domain, and then the frame is disassembled so as to write each suite of data into an assigned memory area of the network switch. The method moreover makes it possible to dispatch a frame with only the data of an addressee network domain by constructing a new frame with solely the data necessary for the addressee network which have been stored in a memory area of the switch. | 2015-09-17 |
20150263949 | COMPRESSED SOURCE ROUTING ENCODING - A method of generating identifiers associated with a communication network is described. In one approach, a global encoding scheme minimizes header length by encoding identifiers of network interconnects forming a packet network path. The method includes a controller accessing topology information associated with the communication network including identifiers of nodes and identifiers of interconnects between nodes of the communication network, the interconnects having associated parameters. The controller also generates codewords for the identifiers of the interconnects, the size of each codeword being based on a parameter of an associated interconnect. The controller further generates a mapping between the identifiers of the interconnects and the codewords, and stores the mapping into memory. The method supports source routing in a compact format for varied network configurations. | 2015-09-17 |
20150263950 | SYSTEMS AND METHODS FOR OPTIMIZING LAYER THREE ROUTING IN AN INFORMATION HANDLING SYSTEM - An information handling system is provided. The information handling system includes systems and methods for providing an anycast MAC addressing of a virtual redundancy router protocol instance that spans a plurality of aggregation switches. The anycast MAC address may be provided by a virtual bridging device and then used as an address of a virtual IP instance accessible through the virtual bridging device. Using the anycast MAC address with the virtual IP instance, a packet to be routed from one rack to another rack in a data center may be dynamically routed based a current load distribution. | 2015-09-17 |
20150263951 | METHODS AND APPARATUS FOR DATA TRANSFER IN A PACKET-SWITCHED DATA NETWORK - Apparatus for and methods of enabling a gateway node of a first packet-switched data network to select a first channel for transferring a data packet to a destination packet data protocol address of a correspondent node provided service in the first network are disclosed. The gateway node is configured to select the first channel from a plurality of channels configured to transfer data packets to the destination packet data protocol address of the correspondent node, wherein the data packet is sent from a mobile node of a second packet-switched data network external to the first network, and wherein the mobile node has been in a communication session with the correspondent node while provided service in a third packet-switched data network different to the second network. | 2015-09-17 |
20150263952 | LOGICAL ROUTER PROCESSING BY NETWORK CONTROLLER - Some embodiments provide a network controller for managing a logical network implemented across several managed network elements. The logical network includes at least one logical router. The network controller includes an input interface for receiving configuration state for the logical router. The network controller includes a table mapping engine for generating data tuples for distribution to the managed network elements in order for the managed network elements to implement the logical router. The network controller includes a route processing engine for receiving a set of input routes from the table mapping engine based on the configuration state for the logical router, performing a recursive route traversal process to generate a set of output routes, and returning the set of output routes to the table mapping engine. The table mapping engine uses the set of output routes to generate the data tuples for distribution to the plurality of managed network elements. | 2015-09-17 |
20150263953 | COMMUNICATION NODE, CONTROL APPARATUS, COMMUNICATION SYSTEM, PACKET PROCESSING METHOD AND PROGRAM - A communication node comprises: a first table for matching against first information in a header of a packet received and deciding an attribute or a right of a source of the packet; a second table for matching against second information in the header of the packet received and finding content of processing for the packet from the source of the packet having the attribute or the right as decided using the first table; and a packet processing unit that, on receipt of the packet, decides the attribute or the right of the source of the packet, using the first table, and that thereafter finds, using the second table, the content of processing for the packet from the source of the packet having the attribute or the right as decided using the first table. | 2015-09-17 |
20150263954 | COMMUNICATION SYSTEM, VIRTUAL MACHINE SERVER, VIRTUAL NETWORK MANAGEMENT APPARATUS, NETWORK CONTROL METHOD, AND PROGRAM - Each virtual machine server includes: means for generating, when a virtual machine is connected to a virtual network via a virtual network management apparatus, local identification information unique per virtual switch and setting the local identification information as a VLAN ID of a port of a virtual switch, the port having been connected to the virtual machine; and means for notifying the virtual network management apparatus of a correspondence relationship between the virtual network to which the virtual machine has been connected and the local identification information. The virtual network management apparatus instructs, on the basis of the notification, the switch control apparatus to control the virtual network by using the local identification information unique per virtual switch as a match condition. | 2015-09-17 |
20150263955 | PACKET PARSING AND CONTROL PACKET CLASSIFICATION - A system may include receiving a packet, of a packet stream, including control tags in a header portion of the packet and classifying each of the control tags into a category selected from a set of possible categories. The set of possible categories may include an unambiguous interposable (UI) category that is assigned to a control tag that corresponds to an unambiguous parsing interpretation and that is interposable within a sequence of the control tags, and an ambiguous interposable (AI) category that is assigned to a control tag in which the control tag has an ambiguous parsing interpretation and in which the control tag is interposable within the sequence of the control tags. The method may further include determining parsing operations to perform for the packet based on the classified categories of the control tags and based on the packet stream of the packet. | 2015-09-17 |
20150263956 | REMOTELY CONTROLLED MESSAGE QUEUE - Embodiments are directed to a computer system for managing data transfer. The computer system includes a memory, a processor communicatively coupled to the memory, a send component and a receive component having a message queue and a controller. A link interface communicatively couples the send component to the receive component. The link interface includes a mainline channel and a sideband channel, and the computer system is configured to perform a method. The method includes transmitting mainline channel messages over the mainline channel from the send component to the receive component. The method further includes transmitting sideband channel messages over the sideband channel from the send component to the message queue of the receive component. The method further includes utilizing the controller to control a flow of the sideband channel messages to the message queue without relying on sending feedback to the send component about the flow. | 2015-09-17 |
20150263957 | PACKET FILTER BASED ACCESS CONTROL - A method, an apparatus, and a computer program product are provided. The apparatus may be a UE configured to receive from a base station access parameters corresponding to respective types of access controls for different types of data services, receive a TFT established at a core network based on mapping a packet filter to access control information for each type of access control, receive a data packet from an application, match the data packet to the packet filter to determine access control information corresponding to the data packet, and establish communication for the data packet based on access parameters for the determined access control information. Alternatively, the apparatus may be policy server configured to receive a request for traffic control regarding data being communicated to an application server, determine a policy update for the application server based on the request, and transmit the policy update to a UE. | 2015-09-17 |
20150263958 | LOAD BALANCING APPARATUS AND METHOD - Disclosed herein is a load balancing apparatus and method. The load balancing apparatus includes a load characteristic analysis unit for analyzing characteristics of a required load upon executing a service requested by a client, a scheduling unit for scheduling the load based on the analyzed characteristics, and a load balancing unit for allocating the load stored in a queue corresponding to the analyzed characteristics to a server group into which servers are grouped for respective characteristics, performing service provisioning, and then allocating the load to an available server. | 2015-09-17 |
20150263959 | PERFORMANCE ENHANCEMENT IN A HETEROGENEOUS NETWORK ENVIRONMENT WITH MULTIPATH TRANSPORT PROTOCOLS - An example method for performance enhancement in a heterogeneous network environment with multipath transport protocols is provided and includes receiving packets according to Transmission Control Protocol (TCP packets) and packets according to multipath TCP (MPTCP packets) in a network environment, determining that TCP packets are experiencing congestion in comparison to the MPTCP packets, and delaying acknowledgement packets (MPTCP ACK packets) corresponding to the MPTCP packets for a pre-determined time interval. In a specific embodiment, a local MPTCP proxy intercepts the TCP packets and forwards underlying data of the TCP packets according to MPTCP. | 2015-09-17 |
20150263960 | METHOD AND APPARATUS FOR CLOUD BURSTING AND CLOUD BALANCING OF INSTANCES ACROSS CLOUDS - A multi-cloud fabric includes a multi-cloud master controller of a first cloud being in communication with one or more other clouds through a respective local cloud controller, the multi-cloud master controller operable to balance traffic across the first cloud and one or more other clouds. | 2015-09-17 |
20150263961 | QUALITY OF EXPERIENCE FOR COMMUNICATION SESSIONS - A computer-implemented method, computer program product, and computing system is provided for managing quality of experience for communication sessions. In an implementation, a method may include analyzing network conditions relative to a plurality of codecs and a plurality of network paths. The method may also include determining a quality of experience associated with each of the plurality of codecs across each of the plurality of network paths. The method may further include transacting communication traffic using a codec-network path combination having a quality of experience above a predetermined threshold. | 2015-09-17 |
20150263962 | METHOD FOR CONTROLLING DATA TRAFFIC BETWEEN A COMMUNICATION DEVICE AND A COMMUNICATIONS NETWORK VIA A COMMUNICATIONS LINK - The invention relates to a method for controlling data communications between a communication device ( | 2015-09-17 |
20150263963 | PACKET TRANSFER SYSTEM AND PACKET TRANSFER METHOD - A packet transfer system includes a transmitter apparatus, a processing apparatus, a first transfer apparatus and a second transfer apparatus. The transmitter apparatus transmits a data packet including data and quality information associated with a transfer rate of the data. The first transfer apparatus performs a transfer process of the data packet received from the transmitter apparatus. The second transfer apparatus is connected to the first transfer apparatus through first and second routes, and transfers a data packet received from the first transfer apparatus. The first route is used for transferring a data packet including first quality information associated with a first transfer rate. The second route is used for transferring a data packet including second quality information associated with a second transfer rate. The second transfer apparatus releases the first route when reception of a data packet including the first quality information has been terminated. | 2015-09-17 |
20150263964 | USER-CONTROLLED NETWORK VIDEO MANAGEMENT - A process and system for user-controlled configuration of an Internet protocol network. The user may supply input for generating a network classification profile, which includes a number of classes of service (COSs) for prioritizing network traffic, including video transmission. A quality of service (QOS) may be measured and compared with a COS for video transmission. Depending on the measured QOS, a network alert may be issued and a priority of packets associated with the COS for video transmission may be increased. | 2015-09-17 |
20150263965 | Quality of Service in Packet Networks - Methods and systems for providing quality of service over IP networks are disclosed. In one aspect, a flow label field of a header may be divided into first and second portions. The first portion defines a quality of service. The second portion identifies a message flow. Once the first portion defining the quality of service is established by the sending node, no nodes in the transmission path may change the quality of service value. Each node may route packets based on the quality of service field, or may modify the traffic class field of the header based on the quality of service and then route the packet based on the traffic class field. The QoS field can be used to complement a DSCP/traffic class field and provide a better mechanism for end-to-end QoS using IPv6. A service provider can use DSCP within its own administrative domain(s), and end users can set and maintain QoS using the methods described herein, thereby providing a framework for end-to-end QoS using IP packets. | 2015-09-17 |
20150263966 | Methods and apparatus for cycle accurate time stamping at line rate throughput - Methods and apparatus may be used to provide cycle accurate time stamping at line rate throughput. This may be done, for example, to allow a NTP processing device to process timing requests at line rate throughput without packets being dropped and/or without overflowing a buffer. The NTP processing device may be able to handle timing request such as ARP request, NTP request, a combination thereof, or the like. The NTP processing device may be able to receive and process timing requests, such as NTP requests or ARP requests, at a line rate throughput. The NTP processing device may be able to generate timing responses, such as NTP responses or ARP responses, at line rate throughput. | 2015-09-17 |
20150263967 | INSTANTANEOUS RANDOM EARLY DETECTION PACKET DROPPING - A device that receives a packet descriptor and a queue number that indicates a queue stored within a memory unit, and in response determines an instantaneous queue depth of the queue. The instantaneous queue depth is used to determine a drop probability. The drop probability is used to randomly determine if the packet descriptor should be stored in the queue. The queue has a first queue depth range and a second queue depth range that do not overlap. A first drop probability is associated with the first queue depth range and a second drop probability is associated with the second queue depth range. The first drop probability is used when the queue depth is within the first queue depth range. The second drop probability is used with the queue depth is within the second queue depth range. The device includes a random value generator and a drop indicator generator. | 2015-09-17 |
20150263968 | SNOOPING FORWARDED PACKETS BY A VIRTUAL MACHINE - A method for performing LRO aggregation on packets being forwarded by a VM is provided. The method segments the LRO aggregated packet according to the Maximum Segment Size (MSS) of the TCP protocol before forwarding the segmented packets to their destination. The method snoops the packets being forwarded for its MSS parameter before using the snooped MSS parameter to perform Transmit Segmentation Offload (TSO) operation. The PNIC performs both the aggregation operation (LRO) and the segmentation (TSO) within its own hardware without consuming CPU cycles at the host machine. The PNIC receives the MSS parameter from the network stack as a metadata that accompanies a LRO aggregated packet. | 2015-09-17 |
20150263969 | TRANSMISSION DEVICE AND TRANSMISSION METHOD - A transmission device includes: a first counter; a counter control unit configured to increment the first counter at a specified rate; a frame buffer configured to store a received frame; and a buffer control unit configured to read a frame from the frame buffer when a value of the first counter is larger than a specified threshold and output the frame. When a length of an output frame read from the frame buffer by the buffer control unit is shorter than a specified reference frame length, the counter control unit decrements the first counter by a value indicating the reference frame length. When the length of the output frame is longer than or equal to the reference frame length, the counter control unit decrements the first counter by a value indicating the length of the output frame. | 2015-09-17 |
20150263970 | TAKE-OVER OF NETWORK FRAME HANDLING IN A COMPUTING ENVIRONMENT - A first component of a computing environment receives, from a physical network adapter of the computing environment, a request that the first component take over processing of network frames directed to network frame address(es) associated with a second component of the computing environment. The first component register the network frame address(es) for processing of network frames directed to the network frame address(es). Based on the first component receiving from the physical network adapter a network frame directed to a network frame address of the network frame address(es) associated with the second component, the first component processes the received network frame, in which the network frame is provided to the second component via an inter-component link between the first component and the second component. | 2015-09-17 |
20150263971 | PHYSICAL PORT SHARING IN A LINK AGGREGATION GROUP - Virtual switches are established in a host system of a computing environment. Each virtual switch of the virtual switches includes a respective virtual switch port grouped within a shared port group of virtual switch ports. The virtual switch ports of the shared port group are in communication with a common physical network adapter of the host system. The virtual switch ports of the shared port group share a single physical port of the physical network adapter as part of a common physical link aggregation group (LAG). | 2015-09-17 |
20150263972 | Fault and Variation Tolerant Energy and Area Efficient Links for Network-on-Chips - The present invention provides methods for detecting and correcting transmission errors in inter-router links of Network-on-Chip (NoC) architectures. A NoC has repeaters along its bus lines. The output of a main repeater is compared and multiplexed with the output of a shadow repeater. If these outputs are the same the multiplexer outputs the output of the main repeater, otherwise an error is detected and the multiplexer outputs the output of the shadow repeater. | 2015-09-17 |
20150263973 | Method and Device for Scheduling Data Traffic - A method for scheduling data traffic in a network node involves dividing the data traffic into a plurality of data traffic classes. The method includes detecting to which data traffic class an incoming data packet belongs; storing the incoming data packet in a memory and adjusting a single queue associated with the memory to rank the incoming data packet in the single queue between a head of the queue and a tail of the queue; and taking a data packet referred to at the position closest to the head of the queue for transmission. The method further including the step of determining the number of reserved positions of the at least one data traffic class according to a given Quality-of-Service requirement relating to a queueing delay distribution of data packets of the at least one data traffic class having reserved positions in the single queue. | 2015-09-17 |
20150263974 | LARGE RECEIVE OFFLOAD FOR VIRTUAL MACHINES - A network interface controller (NIC) that includes a set of receive NIC queues capable of performing large receive offload (LRO) operations by aggregating incoming receive packets is provided. Each NIC queue turns on or off its LRO operation based a set of LRO enabling rules or parameters, whereby only packets that meet the set of rules or parameters will be aggregated in the NIC queue. Each NIC queue is controlled by its own set of LRO enabling rules such that the LRO operations of the different NIC queues can be individually controlled. | 2015-09-17 |
20150263975 | VIRTUAL PORT MAPPINGS FOR NON-BLOCKING BEHAVIOR AMONG PHYSICAL PORTS - The disclosed embodiments provide a system that operates a switch fabric. During operation, the system creates a set of virtual links for a first set of physical ports in the switch fabric. Next, the system uses a set of virtual port numbers to create a set of mappings between the set of virtual links and a second set of physical ports in the switch fabric, wherein the second set of physical ports is connected to the first set of physical ports using a single physical link. The system then uses the mappings to provide non-blocking behavior in traffic from the first set of physical ports to the second set of physical ports. | 2015-09-17 |
20150263976 | ALLOCATING SHAPING RESOURCES FOR A CLOUD COMPUTING ENVIRONMENT BASED ON TRANSFER SPEEDS ASSOCIATED WITH THE SHAPING RESOURCES - A device stores shaping resource information in a data structure, where the shaping resource information includes identifiers associated with shaping resources of the device, information indicating whether the shaping resources are available, and information indicating transfer speeds associated with the shaping resources. The device defines a group of available shaping resources based on the shaping resource information stored in the data structure, and receives a packet requesting a particular transfer speed associated with transmitting the packet. The device performs a search of the group of available shaping resources based on the particular transfer speed requested by the packet, and identifies, based on the search, a list of one or more available shaping resources with transfer speeds that match the particular transfer speed requested by the packet. The device transmits the packet toward a destination via one of the one or more available shaping resources provided in the list. | 2015-09-17 |
20150263977 | PROFILE-BASED CACHE MANAGEMENT - A system and method for profile-based cache management is disclosed. A cache management service can obtain a plurality of requests for network resource and corresponding responses, group the requests based, at least in part, on various criterion or technique, determine and cache content parts of the responses corresponding to each group of requests. Cache profiles corresponding to each group of requests and identifying corresponding cached content parts can be built, maintained or updated by the cache management service. A subsequent request for network resource can be matched to one or more cache profiles for retrieval of applicable cached content and for generation of a partial response to the request therefrom. Non-cached content or updates to cached content can be further retrieved for generation of updating data to the partial response, and thus completing a full response to the request for network resource. | 2015-09-17 |
20150263978 | COORDINATED ADMISSION CONTROL FOR NETWORK-ACCESSIBLE BLOCK STORAGE - The estimated rate of work requests expected during a time period at a first block storage device, implemented at a particular server of a storage service, exceeds a provisioned rate of the first device. At a client-side component of the storage service, a different storage server is identified, at which the rate of work requests directed during the time period to a second block storage device is anticipated to be less than the provisioned rate of the second device. At least one admission control parameter of the first device is modified to enable the first storage server to accept work requests at a rate that exceeds the provisioned rate of the first device. | 2015-09-17 |
20150263979 | METHOD AND APPARATUS FOR A HIGHLY SCALABLE, MULTI-CLOUD SERVICE DEPLOYMENT, ORCHESTRATION AND DELIVERY - A Multi-cloud fabric includes an application management unit responsive to one or more applications from an application layer. The Multi-cloud fabric further includes a controller that is in communication with resources of a cloud. The controller is responsive to the received application and includes a processor operable to analyze the received application relative to the resources to cause delivery of the one or more applications to the resources dynamically and automatically. | 2015-09-17 |
20150263980 | METHOD AND APPARATUS FOR RAPID INSTANCE DEPLOYMENT ON A CLOUD USING A MULTI-CLOUD CONTROLLER - A multi-cloud fabric includes an application management unit responsive to one or more applications from an application layer. The multi-cloud fabric further includes a controller that is in communication with resources of a cloud. The controller is responsive to the received application and includes a processor operable to analyze the received application relative to the resources to cause delivery of the one or more applications to the resources dynamically and automatically. | 2015-09-17 |
20150263981 | RUN-TIME EXPERIMENTATION WITH USER INTERFACE CONFIGURATIONS - Disclosed herein are systems, methods, and software for implementing runtime experiments with user interface configurations. In at least one implementation, an online application service receives access requests associated with various client applications attempting to access the online application service. In response to the access requests, the online application service communicates with an experiment control service to identify an experimental configuration in accordance with which to present a user interface to the online application service. The experiment control service selects the experimental configuration from various experimental configurations. The user interface is then presented in accordance with the experimental configuration identified for each of the client applications. | 2015-09-17 |
20150263982 | SOFTWARE DEFINED INFRASTRUCTURES THAT ENCAPSULATE PHYSICAL SERVER RESOURCES INTO LOGICAL RESOURCE POOLS - A software defined infrastructure (SDI) makes available a subset of a computer server's resources to a cloud solution or workload. Multiple subsets of resources can be combined in a SDI to provide a logical resource pool. This allows cloud administrators to create software defined infrastructures derived from the partial capacity of a collection of systems. The resources defined across the physical boundaries of a computer server can then be made available to host deployment of cloud workloads. The infrastructure resource pool can be selected upon deployment of a cloud workload. | 2015-09-17 |
20150263983 | System and Method for Allocating Resources and Managing a Cloud Based Computer System - A method of provisioning a computer application in a cloud environment having hardware. In one embodiment, the method includes the steps of: providing the computer application; defining the processing requirements of the computer application; defining the storage requirements of the computer application; defining the network requirements of the computer application; defining the policies for the computer application; defining a Container comprising the computer application, the processing requirements of the computer application, the storage requirements of the computer application, the network requirements of the computer application; and selecting cloud hardware in response to the components of the Container. | 2015-09-17 |
20150263984 | COMMUNICATION METHOD AND SYSTEM FOR ACCESSING MEDIA DATA - Providing access to media data shared by multiple users. A predefined edge weight is assigned to each edge of a linked data structure based on a dependency category of the edge. A first access rating value is assigned to each node. A rating residue value is calculated as the difference between the two first access rating values of the nodes connected by each edge. The data structure is traversed from a seed node, and for each edge traversed, calculating a second access rating value using an edge weight value and the first access rating value. Repeating until the rating residue values meet a predefined convergence criterion. The nodes having access rating values meeting a predefined data removal criterion are selected from the nodes of the linked data structure. The data entities corresponding to the selected nodes are then removed. | 2015-09-17 |
20150263985 | SYSTEMS AND METHODS FOR INTELLIGENT WORKLOAD ROUTING - Systems and methods for intelligent workload routing are disclosed. According to one embodiment, a system for intelligent workload routing may include a first processing platform having a first characteristic; a second processing platform having a second characteristic; and a workload router in communication with the first processing platform and the second processing platform the workload router receiving a message comprising a workload request and routing the workload request to one of the first processing platform and the second processing platform based on at least one of a workload request characteristic, the first characteristic and the second characteristic. | 2015-09-17 |
20150263986 | Relationship-Based Resource-Contention Analysis System and Method - Contention for a resource in a computer system resource is managed by measuring a resource performance metric and, for each of a selected plurality of clients (for example, virtual machines), a client performance metric. For each of the selected clients, a relationship measure, such as correlation, is determined as a function of the resource performance metric and the respective client performance metric. A degree of resource contention effect is determined for each of the selected clients as a function of the respective relationship measure, and a resource-related action is taken according to the respective relationship measures. Clients may include virtualized components contending for storage. Example metrics include functions of I/O operation counts, latency or throughput measurements, pending I/O request counts, I/O throughput relative to I/O latency, a degree of change of the respective clients' I/O behavior, etc. Possible actions include changing resource allocations, access throttling, and reporting, etc. | 2015-09-17 |
20150263987 | CLIENT-ALLOCATABLE BANDWIDTH POOLS - Methods and apparatus for client-allocatable bandwidth pools are disclosed. A system includes a plurality of resources of a provider network and a resource manager. In response to a determination to accept a bandwidth pool creation request from a client for a resource group, where the resource group comprises a plurality of resources allocated to the client, the resource manager stores an indication of a total network traffic rate limit of the resource group. In response to a bandwidth allocation request from the client to allocate a specified portion of the total network traffic rate limit to a particular resource of the resource group, the resource manager initiates one or more configuration changes to allow network transmissions within one or more network links of the provider network accessible from the particular resource at a rate up to the specified portion. | 2015-09-17 |
20150263988 | MANAGEMENT DEVICE AND INFORMATION PROCESSING SYSTEM - A management device includes a processor. The processor is configured to acquire availability of a resource in a second site that holds data used for restoration of a system operating in a first site. The processor is configured to identify a level to which the availability conforms, from among a plurality of levels corresponding to respective sizes of resource to be reserved for rehearsal processing for the restoration. The processor is configured to start the rehearsal processing corresponding to the identified level. | 2015-09-17 |
20150263989 | METHOD AND SYSTEM FOR HANDLING SUBSCRIBERS' NETWORK TRAFFIC - A method for handling subscribers' network traffic between a CPE (customer premises equipment) and a broadband access network includes establishing a subscriber session between the CPE and a BNG (broadband network gateway, an entity within the broadband access network), to set up a network route between the CPE and the BNG. Data transmitted within the subscriber session are encapsulated into protocol frames. A NCE (network control entity) acquires a state of the subscriber session and updates network policies in at least one network entity on the network route based on the state of the subscriber session. A DEM (dynamic encapsulation module) decides, based on a DEM configuration, whether data sent to the broadband access network are encapsulated data within the subscriber session or are non-encapsulated data outside the subscriber session. The data are transmitted on a part of the network route and are handled according to the network policies. | 2015-09-17 |
20150263990 | NETWORK DEVICE, CONTROL METHOD, AND PROGRAM - A network device ( | 2015-09-17 |
20150263991 | PHYSICAL PORT SHARING IN A LINK AGGREGATION GROUP - Virtual switches are established in a host system of a computing environment. Each virtual switch of the virtual switches includes a respective virtual switch port grouped within a shared port group of virtual switch ports. The virtual switch ports of the shared port group are in communication with a common physical network adapter of the host system. The virtual switch ports of the shared port group share a single physical port of the physical network adapter as part of a common physical link aggregation group (LAG). | 2015-09-17 |
20150263992 | DETERMINING VIRTUAL ADAPTER ACCESS CONTROLS IN A COMPUTING ENVIRONMENT - A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s). | 2015-09-17 |
20150263993 | DETERMINING VIRTUAL ADAPTER ACCESS CONTROLS IN A COMPUTING ENVIRONMENT - A control component of a computing environment initiates sending of request(s) over a network of the computing environment by an activated virtual adapter. The activated virtual adapter is hosted on a physical adapter of a host system coupled to the network, and is for use by a guest, hosted by the host system, in performing data input and output. The request(s) retrieve access control information from the network indicative of access control(s) enforced in controlling access by the activated virtual adapter to network component(s). The initiating provides indication(s) to the physical adapter, absent involvement of the guest, that the request(s) be sent by the virtual adapter. Based on the initiating, the control component obtains the access control information from the physical adapter, and determines, based on that information, the access control(s) being enforced by the network in controlling access by the activated virtual adapter to the network component(s). | 2015-09-17 |
20150263994 | BUFFERING SCHEMES FOR COMMUNICATION OVER LONG HAUL LINKS - A switching apparatus includes multiple ports, each including a respective buffer, and a switch controller. The switch controller is configured to concatenate the buffers of at least an input port and an output port selected from among the multiple ports for buffering traffic of a long-haul link, which is connected to the input port and whose delay exceeds buffering capacity of the buffer of the input port alone, and to carry out end-to-end flow control for the long haul link between the output port and the input port. | 2015-09-17 |
20150263995 | IDENTIFYING RELATIONSHIPS BETWEEN MESSAGE THREADS - A message related to a first thread is received, and a fork in the conversation is identified. The received message is placed in a second thread and a display shows the fork and that the two threads are related. | 2015-09-17 |
20150263996 | Instant Messaging - Disclosed is a user device comprising a display having an available display area, a network interface, and one or more processors. The network interface is configured to transmit and receive messages between the user device and a communication network in an instant messaging communication session. A client application executed on the one or more processors has a user interface capable of operating in a conversation mode or in an engagement mode. The client application is configured to detect a condition indicative of the level of engagement of the user by analyzing the user's activity at the user device and responsive to the detected condition to modify the client user interface, when configured to operate in one of said modes, to operate in the other of said modes instead. | 2015-09-17 |
20150263997 | Instant Messaging - Disclosed is a user device comprising a display having an available display area, a network interface, and one or more processors. The network interface is configured to transmit and receive messages between the user device and a communication network in an instant messaging communication session. A client application executed on the one or more processors has a user interface configured to operate in a conversation mode. Responsive to a mode switch instruction, the client accesses the computer storage to automatically identify the most recently received message of the stored messages and to modify the client user interface to operate in an engagement mode to display at least the identified message, whereby each displayed message in the engagement mode occupies a larger respective proportion of the available display area than in the conversation mode. | 2015-09-17 |
20150263998 | METHOD AND APPARATUS FOR UPLOADING AN ATTACHMENT - The examples of the present disclosure disclose a method and apparatus for uploading an attachment, relate to the internet technologies, and solve problems in the traditional art that a user device cannot completely show all the content to upload and that some touch screen devices cannot obtain information inputted by the user properly. The method comprises: uploading an attachment uploading interface, the attachment uploading interface including at least one attachment uploading option; determining an attachment to upload when an attachment uploading option is activated; and generating attachment information corresponding to the attachment to upload and displaying the attachment information on a location where the at least one attachment uploading option is displayed. | 2015-09-17 |
20150263999 | RECIPIENT EPISTEMOLOGICAL EVALUATION - A method comprising using at least one hardware processor for constructing an index of corpora of multiple users, wherein each corpus of said corpora is associated with a single user of said multiple users, analyzing an electronic message addressed at least to one of said multiple users, to identify an expression which, based on the index, is likely to be unfamiliar or ambiguous to said one of the multiple users, and marking the expression in the electronic message. | 2015-09-17 |
20150264000 | METHOD AND SYSTEM FOR HANDLING AN ELECTRONIC MESSAGE - A method and a system for handling an electronic message from a sender to a recipient. With the method according to the invention, when the electronic message has been transmitted to a message management system of the recipient, it is examined whether the electronic message shall be delivered to the recipient. The said examination is made by a filter as a function of the sender and/or a content of the electronic message. According to the invention, at least two different filters are provided, of which at least one filter is active, i.e., is being used. | 2015-09-17 |
20150264001 | SYSTEM AND METHOD FOR CONTACT MANAGEMENT - A system and method for contact management. The system comprises a contact management application or service. Each user is responsible for updating her own contact information locally, using a contact management application on a computing device, or via a contact management service available as a cloud service. The updated contact information is disseminated to one or more contacts that have previously requested to receive contact updates from the particular user and have been approved by the user to receive such updates. Contacts that have not received such approval are not provided with the updated contact information. | 2015-09-17 |
20150264002 | ALERTING ON DUAL-QUEUE SYSTEMS - A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. The entity may be, for example, a customer of the data service. The method may then route the live data to a dual-queue system of the data service. The live data may be loaded into a live data queue of the dual queue system for processing. Processing may entail generating summary statistics from the live data. An alert may then be transmitted to the customer in response to detecting the occurrence of one or more alert events. In embodiments, the alert events may include events identified in the summary statistics. Additional embodiments are described and/or claimed. | 2015-09-17 |
20150264003 | RETRIEVING AND REUSING STORED MESSAGE CONTENT - In an approach to storing message content, one or more computer processors receive a selection of message content. The one or more computer processors receive a selection of a category associated with the selected message content. The one or more computer processors store the selected message content associated with the selected category. | 2015-09-17 |
20150264004 | SYSTEM AND METHOD FOR MANAGING EMAILS - The embodiment of the present invention allows for a simple and intuitive system and method to manage email by applying time-elapsed rules to emails matching specific criteria (i.e. emails coming from specific email addresses): Time-elapsed rules are rules that will execute an action on an email message after the email has been in the inbox for a certain period of time. These actions may include, but are not limited to, moving the email to another folder, copying the email to another folder, and deleting the email. | 2015-09-17 |
20150264005 | Method of Facilitating Object Oriented Ephemeral Conversations - A method of facilitating an ephemeral conversation surrounding an object, including presenting a user interface proximate to the object, to permit interaction with an ephemeral conversation widget; presenting a user interface for providing credentials to the ephemeral conversation widget; presenting a user interface for beginning a conversation with at least one contact, such that the conversation is displayed as associated with the object; and removing the conversation from the display proximate to the object after an expiration period. | 2015-09-17 |
20150264006 | SYSTEM AND METHOD FOR LOCATION AND TIME BASED SOCIAL NETWORKING - The present application is directed to a system and method for creating on-line comments of a point of interest. The system and method creates a moment having a piece of digital content showing the point of interest, wherein the moment has a time stamp and a location stamp; and shares the moment with a predetermined group of members. The sharing of the moment is limited to members that meet the time stamp and the location stamp, and the system and method refuse accepting comments from members that do not meet the time stamp and location stamp. | 2015-09-17 |
20150264007 | INTEGRATED INFORMATION COMMUNICATION SYSTEM - A communication system, for functioning without the use of dedicated lines or the Internet so as to ensure communication speed, communication quality, and communication trouble countermeasures, including a communication network and domain name server. The domain name server includes a domain name tree with a country number of a telephone number as a level 2 domain name of the domain name tree, and the domain name server receives, from a terminal, a telephone number of a destination terminal. Furthermore, based on the telephone number of the destination terminal, the domain name server (i) seeks out, in the domain name tree, an Integrated Information Communication System (ICS) user address of the destination terminal, and (ii) sends the ICS user address to the terminal, such that the communication system receives, from the terminal, the ICS user address as a destination address, and sends the ICS user frame to the destination terminal. | 2015-09-17 |
20150264008 | METHOD, APPARATUS, AND SYSTEM FOR DETERMINING A LOCATION CORRESPONDING TO AN IP ADDRESS - Determining a location corresponding to an Internet Protocol (IP) address includes collecting an IP address and location information corresponding to the IP address, wherein the location information corresponding to the IP address includes information identifying a location from which a terminal associated with the IP address accesses a network, obtaining one or more pieces of IP address geographic coordinate data for the IP address using the IP address and the location information corresponding to the IP address, determining geographic coordinates corresponding to the IP address based at least in part on the one or more pieces of IP address geographic coordinate data, determining an IP address field based at least in part on the geographic coordinates corresponding to the IP address, and determining a location corresponding to the IP address field. | 2015-09-17 |
20150264009 | CLIENT-SELECTABLE ROUTING USING DNS REQUESTS - This disclosure provides for passing policies in a DNS record (e.g., NAPTR record) that allows a client to make decisions, such as on network paths, servers to request content from, and/or protocols to use. In some embodiments, the client makes the decisions at the application level. And in some embodiments, the client is another server in a CDN. | 2015-09-17 |
20150264010 | INTERNET PROTOCOL VERSION 6 ADDRESS CONFIGURATION METHOD - Disclosed herein is an IPv6 address configuration method, provide an IPv6 address configuration method, which assigns IPv6 addresses to a plurality of users who use an Internet service in a smart stadium network. The presented method includes, in a network including a router and an access point, sending, by the router, a router advertisement message including IPv6 prefix information to a user device equipped with a reader through the access point; acquiring, by the user device, unique information of the user from an object including the unique information of the user; and configuring, by the user device, a unique IPv6 address by combining the IPv6 prefix information with the unique information of the user. | 2015-09-17 |
20150264011 | SECURITY INFORMATION AND EVENT MANAGEMENT - Systems and methods are described for conducting work flows by an SIEM device to carry out a complex task automatically. According to one embodiment, an SIEM device may create a work flow that includes multiple security tasks that are performed by one or more security devices. When a security event is captured or the work flow is scheduled to be executed, the SIEM device starts the work flow by scheduling the security tasks defined in the work flow. The SIEM device then collects results of security tasks performed by the one or more security devices. | 2015-09-17 |
20150264012 | SYSTEMS AND METHODS FOR DYNAMIC NETWORK SECURITY CONTROL AND CONFIGURATION - A computer-implemented method according to one embodiment of the present disclosure includes identifying, by a computer system, an asset associated with a logical zone; detecting a change in an attribute of the asset; and in response to detecting the change in the attribute of the asset, modifying, by the computer system, a configuration setting for a firewall. Among other things, the embodiments of the present disclosure can perform dynamically configure and control security features in response to changes in the computing environment, including asset attribute changes, security events, operational events, user input and environmental changes. Embodiments of the present disclosure thereby help to quickly maintain or change the security posture of a system and maintain the level of compliance with set of predefined security benchmarks or codified best practices. | 2015-09-17 |
20150264013 | METHOD AND APPARATUS FOR PROVIDING SECURITY IN AN INTRANET NETWORK - A method and an apparatus for providing security in an intranet network are disclosed. For example, the method receives a packet at a customer edge router, and applies an inbound access control list by the customer edge router to the packet if the packet is destined to a server in a protected server group, wherein said protected server group identifies one or more servers within the intranet network to be protected. The method applies an outbound access control list by the customer edge router to the packet if the packet is from a server in the protected server group. | 2015-09-17 |
20150264014 | SECURE SCALABLE MULTI-TENANT APPLICATION DELIVERY SYSTEM AND ASSOCIATED METHOD - A system is provided to deliver applications over a network to user devices comprising: an application delivery system that includes, a first network interface that includes a plurality of first network interface instances, a network security interface that includes a plurality of security network interface instances, and a second network interface that includes a plurality of second network interface instances; a plurality of application agents are disposed within one or more private application provider systems; respective security network interface instances are configured to receive one or more user or device requests from respective first interface instances, and in response to each received user or device request, to determine whether the received user or device request is valid, and in response to determining that the received user or device request is valid, to send the received user or device request to a respective second network interface instance for delivery to the agent. | 2015-09-17 |
20150264015 | IMAGE SHARING SYSTEM - A server system for distributing information securely includes a network interface for receiving, over a network, an information object accompanied by metadata. A repository stores the information object. Metadata is mapped to electronic addresses of trusted recipients. A processor is configured to generate a link for accessing the information object in the repository, acquire an electronic address of a trusted recipient based on the metadata accompanying the information object, insert the link into an electronic message addressed to the electronic address of the trusted recipient, and send the electronic message with the link to the trusted recipient. The processor is further configured to receive, over a second network, a request for the information object sent from a user device in response to an activation of the link, retrieve the information object from the repository, and transmit the information object to a browser of the user device over the second network. | 2015-09-17 |
20150264016 | SECURE APPLICATION DELIVERY SYSTEM WITH DYNAMIC STITCHING OF NETWORK CONNECTIONS IN THE CLOUD - A system is provided to deliver an application, hosted by a private application provider, over a network to a user device comprising: an application delivery system that includes a plurality of first network interface instances, a plurality of security interface instances, a plurality of second network interface instances; multiple application agents, disposed within one or more private application provider systems; a first information structure associates first network interface instances with one or more security interface instances; a second information structure associates second network interface instances with one or more security interface instances; wherein first network interface instances are configured to create a network connections with associated security interface instances and to send requests to the associated security interface instances; wherein second network interface instances are configured to have pools of network connections with one or more agents and to have corresponding connections with associated security interface instances; and wherein security interface instance are configured to validate requests received from first network interface instances and to send the validated requests to associated second network interface instances for delivery to agents. | 2015-09-17 |
20150264017 | SECURE VEHICLE DATA COMMUNICATIONS - A method for performing a remote control operation in a vehicle is provided. The method includes receiving, at telematics electronics of a vehicle, versions of a remote control command sent wirelessly to the vehicle by a dispatcher service. The versions of the remote control command are text-based messages encrypted by the dispatcher service using a first encryption mechanism. The method also includes decrypting the versions of the remote control command received from the dispatcher service into a plain text command. The method further includes encrypting the plain text command using a second encryption mechanism for use within the vehicle. The method additionally includes providing the command encrypted using the second encryption mechanism to another controller within the vehicle. | 2015-09-17 |
20150264018 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for securing communication between members. The method includes a first member obtaining a secret. An n-bit generator executing on the first member generates a message digest using the first secret. The first member extracts algorithm selector bits and an encryption key from the message digest, and selects an encryption algorithm identified by the algorithm selector bits. The method further includes the first member encrypting a communication using the encryption algorithm and the encryption key to obtain an encrypted communication, and the first member sending, to a second member of the group, the first encrypted communication. | 2015-09-17 |
20150264019 | SYSTEMS AND METHODS FOR MANAGED DATA TRANSFER - Systems and methods are provided for managed file transfer. An enterprise server may receive a request from a sender to send a file to a recipient and may determine a location server that is closest to the location of the recipient. A server-to-server transfer can be automatically initiated to move the file to the location server that is closest to the location of the recipient. | 2015-09-17 |
20150264020 | METHODS AND SYSTEMS FOR DECRYPTING AN ENCRYPTED PORTION OF A UNIFORM RESOURCE IDENTIFIER - A computer-implemented method for decrypting, by a browser application, an encrypted portion of a fragment identifier within a uniform resource identifier includes receiving, by a browser application executing on a computing device, from a user, a uniform resource identifier including a delimiter and a fragment identifier, the fragment identifier comprising an encrypted portion. The method includes requesting, by the browser application, from an access control manager, decryption information associated with the fragment identifier. The method includes receiving, by the browser application, from the access control manager, the requested decryption information. The method includes decrypting, by the browser application, the encrypted portion of the fragment identifier with the requested decryption information. | 2015-09-17 |
20150264021 | PSEUDONYMOUS REMOTE ATTESTATION UTILIZING A CHAIN-OF-TRUST - The present application is directed to pseudonymous attestation utilizing a chain of trust. An example prover device may include a chain-of-trust based on keys derived cryptographically from a shared symmetric key and pseudonymous identification data. The chain-of-trust may be used to cryptographically generate a pseudonymous public key and private key. The prover device may provide at least pseudonymous identification data and the pseudonymous public key to a verifier device. The verifier device may access pseudonymous data published by a certifier determine whether the prover device is authentic and includes known-good versions of software (e.g., sourced from the certifier). In this manner, the verifier device may be assured that the prover device is authentic without knowing the actual identity of the prover device. In at least one embodiment, the prover device may also include a trusted execution environment (TEE). | 2015-09-17 |
20150264022 | SECURELY TRACKING ELECTRONIC MESSAGES - Techniques are disclosed herein for systematically tracking the entire forwarding flow of an electronic message, such as an email. A determination is made to track an electronic message prior to it being relayed to an intended recipient. When the electronic message is forwarded by the intended recipient, a feedback message is sent by the forwarder to the originator of the electronic message. This may be used to allow the original author to review and authorize recipients of the forwarded message. The original author need not know up front to whom the message might be forwarded. Note that this not only provides security, but also provides for fine grained system for tracking the flow of messages, such as sensitive emails. The system can automatically assess the risk of authorizing the recipient to whom the message was forwarded to have access to the content based on machine learning, rules, etc. | 2015-09-17 |
20150264023 | IDENTITY VERIFICATION SERVICES USING PRIVATE DATA - A method includes receiving a request, from a client, to verify that an operator of the client is a purported individual. The request includes a personal identifier associated with the purported individual. The personal identifier corresponds to an account established by the purported individual. The account is provided by a cloud service provider. The method also includes transmitting the personal identifier to the cloud service provider. The method further includes, in response to transmitting the personal identifier, receiving private data indicative of the purported individual's usage of the account. The method still further includes creating an identity assessment based on the private data; The method even further includes receiving an evaluation of the identity assessment from the operator of the client. The method additionally includes determining, based on the evaluation of the identity assessment, whether the operator of the client is the purported individual. | 2015-09-17 |
20150264024 | SYSTEM AND METHOD FOR CONFIDENTIAL REMOTE COMPUTING - A system, method, device and protocols are disclosed. Each and combined they protect computation and data hosted on remote computing resources from first party attacks. | 2015-09-17 |
20150264025 | PERSISTENT BOOKMARKLET AUTHORIZATION - A browser application may provide one or more bookmarklets, or bookmarklets may be imported to the browser upon user action. Upon first time activation of the bookmarklet, the user may be authenticated and the bookmarklet authorized for that user and the client device. Using a bookmarklet identifier, the bookmarklet functionality may be persisted on the same client device without re-authorization indefinitely, for a predefined period, for a random period, or for a predefined number of uses allowing enhanced protection against malware that may attempt to access user resources through the bookmarklet. | 2015-09-17 |
20150264026 | METHOD AND SYSTEM FOR SECURELY TRANSMITTING VOLUMES INTO CLOUD - A first computing device is provided for transmitting one or more volumes via a secured connection. The first computing device includes a controller that is executable by one or more processors and is configured to instruct a cloud computing device to generate a worker virtual machine. The controller is also configured to provide authentication information to facilitate establishing of the secured connection between the controller and the worker virtual machine. The controller is further configured to instruct the cloud computing device to generate one or more target volumes associated with the cloud computing service and to associate the one or more target volumes with the worker virtual machine. The controller is further instructed to provide, irrespective of the content type of the volumes and the size of the volumes, the one or more volumes to the worker virtual machine via the secured connection. | 2015-09-17 |
20150264027 | Remote Access Manager for Virtual Computing Services - A remote access manager in a virtual computing services environment negotiates a time limited NAT routing rule to establish a connection between a remote device and virtual desktop resource providing user computing services. A series of NAT connection rules are revised in a dynamic manner such that a pool of ports is available to connect a plurality of remote users to local virtual compute resources over one or more public IP addresses. Once a connection is established, an entry is made in a firewall state table such that the firewall state table allows uninterrupted use of the established connection. After an entry has been made in the state table, or the routing rule has timed out, the port associated with the original NAT routing rule is removed and the same port can be re-used to establish another connection without disrupting active connections. | 2015-09-17 |
20150264028 | METHOD FOR DETERMINING DATA SOURCE - A method for determining a data source is provided. The method includes recognizing, by an electronic device, at least one external device communicating with the electronic device, determining at least one device from of the electronic device and the at least one external device on the basis of at least one of a user's wearing state and authentication information corresponding to the at least one external device, and obtaining, by the electronic device, data relating to the electronic device through the at least one determined device. | 2015-09-17 |
20150264029 | MOBILE-DEVICE USER AUTHENTICATION - In one embodiment, receiving a notice from a first user associated with a first mobile device indicating that the first user wishes to share information of the first user with one or more second users respectively associated with one or more second mobile devices; accessing information known about one or more users and one or more mobile devices respectively associated with the one or more users; identifying at least one candidate for the first user based on the information known about the one or more users and the one or more mobile devices; and confirming one or more of the at least one candidate as the one or more second users. | 2015-09-17 |
20150264030 | PRINT SYSTEM, IMAGE FORMING APPARATUS, INFORMATION PROCESSING APPARATUS, PRINT SERVICE SYSTEM, AND STORAGE MEDIUM FOR AUTHORIZING ACCESS TO PRINT DATA HELD BY A PRINT SERVICE SYSTEM - A print system includes a print service system, an information processing apparatus, and an image forming apparatus. The print service system includes a holding unit associated with a user and holding print data instructed by the user, a providing unit that provides access authorization information for the holding unit, to the information processing apparatus upon a request thereof, and an access authorizing unit that authorizes an access to the holding unit if receives the access authorization information. The information processing apparatus includes a transmitting unit that transmits the access authorization information to the image forming apparatus by proximity communication. The image forming apparatus includes an authorization information acquiring unit that acquires the access authorization information by the proximity communication, and a print data acquiring unit that sends the acquired access authorization information to the print service system, is authorized to access the holding unit, and acquires the print data. | 2015-09-17 |
20150264031 | METHOD AND APPARATUS FOR USER AUTHENTICATION - A method and apparatus for authenticating a user is provided, the method includes: receiving an authentication request sent from a user device by a user; providing basic information in response to the authentication request, wherein the basic information comprises information related to a social networking service used by the user; generating authentication information based on the basic information, wherein the authentication information comprises a question and a corresponding answer; sending the question to the user device and receiving feedback information from the user device; and generating an authentication result by verifying whether the feedback information is consistent with the answer, and sending the authentication result to the user device. The method and apparatus address the issue of forgotten answers to security questions used in user authentication. | 2015-09-17 |
20150264032 | SYSTEMS AND METHODS FOR PROVIDING MULTIMEDIA CONTENT WITHIN AN APPLICATION AND A SECURITY SOLUTION INTEGRATED THEREIN - A system is provided for downloading, for distribution and for acoustic reproduction of a music album, which includes at least one or several digital music files and/or multimedia content in the form of one or several multimedia files assignable to the music file, wherein the music file and/or multimedia file are provideable as data sets for downloading, wherein the music file and/or multimedia file are as data sets pre-holdable grouped after downloading as a music album in a data memory of an end-user-device, wherein the music file and/or multimedia file is treatable by a treatment means, particularly in dependency to an authorization, and wherein the treated music file and/or multimedia file is transferable to an output device of the end-user-device, especially a speaker device with or without a display device, in such a way, that the music file and/or multimedia file is at least acoustically emittable to one user. | 2015-09-17 |
20150264033 | NETWORK APPARATUS AND METHOD FOR ESTABLISHING NETWORK CONNECTION - A network apparatus includes a first connection module, a data management module and an encoder. The data management module is electrically connected with the first connection module. The data management module is configured for storing at least one connection data. The encoder is electrically connected with the data management module. The encoder is configured for translating the connection data into a connection instruction, and for translating the connection instruction into a code which is configured to be translated by a decoder of an electronic apparatus into the connection instruction, and thus a second connection module of the electronic apparatus is connected to the first connection module according to the connection instruction. Consequently, a network connection is established between the first connection module and the second connection module. | 2015-09-17 |
20150264034 | MULTI-LAYER AUTHENTICATION - The present disclosure relates to an interactive computing system utilizing a multi-layer authentication system having a primary authentication layer and a supplemental authentication layer. The interactive computing system can be a website, web application, a mobile application or other network-based system that provides content or services to a user. Illustratively, an interactive computing system could be a marketplace for purchasing products, a content service for accessing to streaming video content, a system for accessing network-based services of a retail location, such as food service provider, or other type of interactive service. | 2015-09-17 |
20150264035 | METHOD AND SYSTEM FOR SECURELY TRANSMITTING VOLUMES INTO CLOUD - A first computing device is provided for transmitting one or more volumes via a secured connection. The first computing device includes a volume service that is executable by one or more processors and is configured to instruct a cloud computing device to generate a worker virtual machine. The volume service is also configured to provide, via a connection different from the secured connection, a random number to the worker virtual machine. The volume service is further configured to instruct the cloud computing device to generate one or more target volumes associated with the cloud computing service and to associate the one or more target volumes with the worker virtual machine. The volume service is further instructed to provide, irrespective of the content type of the volumes and the size of the volumes, the one or more volumes to the worker virtual machine via the secured connection. | 2015-09-17 |
20150264036 | INTEGRATING OPERATING SYSTEMS WITH CONTENT OFFERED BY WEB BASED ENTITIES - Example embodiments are provided for integrating operating systems with content offered by internet based entities. | 2015-09-17 |
20150264037 | TRUSTED VENDOR ACCESS - A system is provided and facilitates management of a device by a first entity and management of a third entity by a second entity, wherein by way of the system access rights permitting access otherwise prevented by the device are assignable by the first entity to the second entity, the access rights are able to be administrated by the second entity to the third entity, and the access is obtainable by the third entity using a combination of the access rights and personal identification information to affect the device. | 2015-09-17 |
20150264038 | LOGIN METHOD AND APPARATUS, AND OPEN PLATFORM SYSTEM - The present disclosure is applicable to the field of network communications, and provides a login method and apparatus, and an open platform system. The method includes: receiving an Access Token parameter provided by a login platform after a user is authenticated and authorized; acquiring an open digital identity (OpenID) of the user by using the received Access Token parameter; and generating a corresponding command word according to a browser environment of a third-party page, and returning the command word to the third-party page, the command word including the Access Token parameter and the OpenID of the user. In the present disclosure, a login platform provides a unified callback address page for a third-party page, and the third-party page can access an open platform without developing a callback-free address page, thereby reducing development costs of the third-party page; a complete login and an openAPI call JS interface are provided and automatic update is supported, and a JS SDK of the latest version can be automatically applied without adjustment of the third-party page, and therefore can work on various intelligent terminals. | 2015-09-17 |