39th week of 2017 patent applcation highlights part 66 |
Patent application number | Title | Published |
20170279745 | ENHANCING NETWORK MESSAGING WITH A REAL-TIME, INTERACTIVE REPRESENTATION OF CURRENT MESSAGING ACTIVITY OF A USER'S CONTACTS AND ASSOCIATED CONTACTS - A method, system and software system is disclosed that networks a plurality of client messaging devices to one or more server devices. Each messaging device executes a client portion, and the server executes a server portion of a computer software system product stored therein. Cooperative execution of the software system product of the invention facilitates messaging services between the users, as well as the generation and continuous updating in real-time of a LIVE feed transmission that is transmitted over the network to each user actively logged into the system. The content of the LIVE feed is generated by the server and is customized for each user. When displayed by the user on the user's client messaging device, the LIVE feed information is a visual representation (updated continuously in real-time) of the communications activity of all of the user's contacts. | 2017-09-28 |
20170279746 | MESSAGING SERVICE EXPORT - Method of exporting a message intended for a user and received by a providing device, from a providing device ( | 2017-09-28 |
20170279747 | INTERACTIVE USER INTERFACE BASED ON ANALYSIS OF CHAT MESSAGES CONTENT - A method of adapting a webpage comprising monitoring textual content inputted to a user interface of an IM service by participant(s) of an IM session managed by the IM service, the user interface is displayed on a display of a client device, performing an analysis of the textual content to identify query conditions defining at least one feature of the product or the service, generating an interactive UI according to at least a portion of the query conditions and an identity of the at least one participant, storing the adapted interactive UI to be available to a browser via a link, automatically inputting the link into the IM session so as to allow the participant(s) to access the adapted interactive UI using a browser running on the client device, and submitting an order based on completing data received from the participant(s) via the adapted interactive UI. | 2017-09-28 |
20170279748 | INFORMATION PROCESSING METHOD AND TERMINAL, AND COMPUTER STORAGE MEDIUM - An information processing method includes generating identification information according to a preset manner, and displaying identification information on a multimedia interaction interface, identification information being capable of being scanned by clients so that the clients establish an association relationship with a first event presented on multimedia interaction interface; obtaining identifiers of the clients in association relationship with the first event based on results of clients' scanning of identification information, and establishing a first set of identifiers; when a condition is met, receiving requests from M clients, and identifying identifiers of M clients; screening, based on the first set of identifiers, the identifiers of M clients to obtain N client identifiers matched with any identifier in the first set of identifiers, wherein M and N are both positive integers, and M≧N; and outputting at least one client identifier of N client identifiers according to a preset rule. | 2017-09-28 |
20170279749 | Modular Communications - In one example, a communication device may implement a content-centric approach to communication sessions. The communication device may execute a framing application that supports multiple plug-in modules in multiple panes of a framing template. The communication device may access a content plug-in module in a primary pane in the framing template. The communication device may present a data content item via the content plug-in module in the primary pane of the framing template. The communication device may suggest a communication plug-in module candidate set based upon the data content item. The communication device may select a communication plug-in module of the communication plug-in module candidate set for a secondary pane in the framing template. | 2017-09-28 |
20170279750 | METHOD AND APPARATUS FOR DISPLAYING E-MAIL MESSAGES - A method for displaying e-mail messages to a user of an e-mail message viewer comprises displaying a list of received e-mail messages with a list entry for each received email message and displaying binary information indicating the read/unread status of each received email message in the list. The read/unread status information of each received first email message is switched from “unread” to “read” when the text and/or attachments of this particular first e-mail message have been displayed at least partially to the user when opening this particular first e-mail message. The read/unread status information of each received second email message is switched from “unread” to “read” when the text and/or attachments of this particular second e-mail message have been displayed at least partially to the user when opening a particular first e-mail message. | 2017-09-28 |
20170279751 | SOCIAL PLATFORM FOR EVENT CREATION AND COMMUNICATION AND METHOD THEREFOR - A method of event creation and communication comprising: sending an invitation to an event by an individual; displaying the invitation on an event page of the individual, wherein the invitation appears as a bubble on the event page of the individual, information on the event displayed within the bubble; and illuminating a perimeter of the bubble at a predetermined timeframe prior to the event. | 2017-09-28 |
20170279752 | Aircraft Message Management System - Systems and methods for filtering aircraft messages are provided. In one embodiment, the method can include receiving a message including a plurality of data fields containing data associated with the message. The method can include accessing a set of configuration data. The set of configuration data can include a set of data identifying one or more potential message structures and one or more parameters. The parameters can include one or more conditions for processing the data fields. The method can include determining a message structure of the message based at least in part on the data fields and the first set of data identifying one or more potential message structures. The method can include processing the message based at least in part on the message structure and the parameters. The method can include generating a filtered message that is based at least in part on the processed message. | 2017-09-28 |
20170279753 | MAIL SERVER AND MAIL DELIVERY METHOD - A non-transitory computer-readable recording medium stores therein a mail delivery program of a mail server. The mail server includes a processor. The mail delivery program to cause the processor to perform transmitting a mail with a transmission request being accepted after concealing, when the mail contains information indicating being already transmitted and information indicating concealment of a content of a description at a forwarding, the content of the description designated by the information indicating the concealment. | 2017-09-28 |
20170279754 | SYSTEM OF ADVANCED FEATURES FOR EMAIL - An email system incorporating a disable “reply to all” functionality; said system presenting an email preparation screen including options to “send” the contents of an email template and “reply to all” to an email previously received and displayed; the system permitting a user to invoke an email preparation template which includes at least a Sender field, a Cc field, and a Subject field; said email preparation screen further including a “disable reply to all” option which, if invoked by a user, disables the “reply to all” option on that screen for so long as that option remains invoked. | 2017-09-28 |
20170279755 | AUGMENTING LOCATION OF SOCIAL MEDIA POSTS BASED ON PROXIMITY OF OTHER POSTS - A method for augmenting social media posts with location information includes a processor generating a social media message without location information marking. Scanning is performed for one or more electronic devices within vicinity of the processor. Location of the electronic device is determined. The social media message is marked with location information. | 2017-09-28 |
20170279756 | AGGREGATING EMAIL - Emails may be received, processed, and made available to users in various web feed formats according to embodiments of the present disclosure. | 2017-09-28 |
20170279757 | SYSTEMS AND METHODS FOR IDENTIFYING MATCHING CONTENT - Systems, methods, and non-transitory computer-readable media can determine that a publisher is providing a first live content stream for distribution through the social networking system, the first live content stream including copyrighted content. A determination is made that a broadcaster is providing a second live content stream for distribution through the social networking system. The first live content stream and the second live content stream are exposed to at least some users of the social networking system. While the first live content stream and the second live content stream are being distributed through the social networking system, a determination is made that at least some portions of the second live content stream match copyrighted content included in the first live content stream. At least one notification is provided to the broadcaster of the second live content stream, wherein the notification indicates a potential copyright violation by the broadcaster. | 2017-09-28 |
20170279758 | SYSTEMS AND METHODS FOR ASYNCHRONOUS COMMUNICATION - A system may receive a first message transmitted over a network from a first device. A first invitation to join a text-based communication channel may be transmitted to the first device in response to the first message. A second invitation may be transmitted to a second device to join the text-based communication channel with the server configured to retain context of the text-based communication channel. The system may receive a second message transmitted from the second device and may transmit a third invitation to the first device to join the text-based communication channel in response to the second message. | 2017-09-28 |
20170279759 | Cross-Mode Communication - The techniques described herein are directed to cross-channel communication. The techniques can employ a central method, system, or mode (“Cross-Mode Manager” or “CMM” herein), which is enabled to send and/or receive messages over a multiplicity of modes. Users can enable the CMM through a variety of methods described herein on modes which the user uses to communicates. Once enabled on at least one channel which the user uses to communicate, the presence of the CMM across a multiplicity of modes allows a user to create and/or join a cross-channel communication session maintained by the CMM and to communicate between the user's communication mode and any of the multiplicity of modes for which the CMM has a presence. In other words, the techniques permit users to communicate across disparate channels from within a channel of their choosing. | 2017-09-28 |
20170279760 | Service Defined Network for Hybrid Unified Communications - A service defined network for hybrid unified communications receives high-level service requests for communication between geographic regions and/or enterprises. The service requests are processed by a resource provisioning system to provision uniform communication resources of the service defined network for fulfilling the service request. An order is issued to a network communication manager for reserving a specified network bandwidth for fulfilling the service request. The network communication manager allocates data flows for the specified network bandwidth between the regions and/or enterprises. QoS provisioning and monitoring are provided using a unified communications region-based service level API of the service defined network (not a SDN flow-level API). | 2017-09-28 |
20170279761 | INTEGRATING COMMUNICATION MODES IN PERSISTENT CONVERSATIONS - Systems, methods and computer readable media for persistent conversations are described. In some implementations, a method can include receiving a communication message sent from a first user to at least one other user and generating a persistent conversation object having a conversation content section and conversation state information. The method can also include storing the communication message in the conversation content section of the persistent conversation object and forwarding the communication message to the at least one other user. The method can further include updating the conversation state information to reflect the receiving, storing and forwarding of the communication message. | 2017-09-28 |
20170279762 | SYSTEMS AND METHODS FOR PRESERVING PRIVACY OF A REGISTRANT IN A DOMAIN NAME SYSTEM ("DNS") - Provided is a method of provisioning a named resource in a domain name system (“DNS”) with a registrar while preserving privacy of a registrant. The method includes obtaining, by a server of the registrar over a network, a request, from the registrant, to provision the named resource; determining, by at least one hardware processor of the server of the registrar, that the request requires additional handling by a privacy provider based on information in the request or information from the registrar; determining, by at least one hardware processor of the server of the registrar, a privacy provider from one or more privacy providers located in different geographic locations to service the request based on a location of the registrant; forwarding the request to the privacy provider; obtaining a cloaked identifier from the privacy provider; and provisioning the named resource in a database of a DNS registry using the cloaked identifier. | 2017-09-28 |
20170279763 | SYSTEMS AND METHODS FOR RESOLVING DATA INCONSISTENCIES BETWEEN DOMAIN NAME SYSTEMS - In one aspect, a computer-implemented method for managing Domain Name System (DNS) information is provided. The method uses a computing device having a processor and a memory. The method includes receiving, in the memory, source DNS data from a plurality of DNS systems including at least first source data from a first source system and second source data from a second source system. The method also includes identifying, by the processor, an inconsistency between the first source data and the second source data. The inconsistency includes an inconsistency type. The method further includes determining a solution to the inconsistency by applying one or more rules from a plurality of inconsistency rules based at least in part on the inconsistency type associated with the inconsistency. The method also includes resolving the inconsistency using the determined solution including generating resultant DNS data. | 2017-09-28 |
20170279764 | COMMUNICATION CONTROL APPARATUS, METHOD, AND RECORDING MEDIUM FOR DHCP - A communication control apparatus of the present invention includes a receiver that receives a dynamic host configuration protocol (DHCP) discover message from a communication apparatus arranged in a subscriber network, and a processor that selects an IP address for the communication apparatus on the basis of vendor-related information included in the DHCP discover message. | 2017-09-28 |
20170279765 | EXTENDING NETWORK ADDRESS LIFETIME WHEN ADDRESS SYSTEM IS UNAVAILABLE - Embodiments disclosed herein provide systems, methods, and computer readable media for extending the lifetime of a network address when an address system is unavailable. In a particular embodiment, a method provides, upon determining that a first network address for a network element has reached a preferred lifetime for the first network address, transitioning the network element to an extended rebind state that allows the first network address to remain in the preferred state. While the network element is in the extended rebind state, the method provides attempting to contact an address system and determining whether a second network element is assigned the first network address. The method further provides maintaining the first network address in the preferred state and the network element in the extended rebind state until contact is made with the address system or the second network element is determined to be assigned the first network address. | 2017-09-28 |
20170279766 | GROUP ADDRESSES IN WIRELESS NETWORKS - Apparatuses, methods, and computer readable media are disclosed for group addresses in wireless networks. An apparatus of an access point comprising memory and processing circuitry coupled to the memory is disclosed. The processing circuitry may be configured to: allocate one or more association identification (AIDs) to one or more stations, and allocate a group association identification (GAI) for the one or more stations and associate the GAI with the one or more AIDs. The processing circuitry may be further configured to: encode one or more first packets with the GAI for the one or more stations, and configure the access point to transmit the one or more first packets to the one or more stations. The processing circuitry may be further configured to: encode a second packet with a media access control (MAC) address of the GAI, and transmit the second packet to the one or more stations. | 2017-09-28 |
20170279767 | SECURING APPLICATIONS ON PUBLIC FACING SYSTEMS - Techniques are disclosed for configuring a virtual machine instance accessed over a publically routable network address to host intranet applications. A virtual (or “dummy”) interface on the virtual machine instance is assigned an IP address that is inaccessible from the public interface. An application executed on the virtual machine instance is bound to a port on the network address assigned to this dummy interface. A virtual private network server assigns client's IP addresses that can be routed to the dummy interface. When a client computing system connects to the VPN server over the virtual machine instance's public interface, the client forwards traffic destined for the dummy interface's inaccessible network over the VPN connection. | 2017-09-28 |
20170279768 | Method and Apparatus for Registering Web Domain Sections - Method and apparatus for converting sections of registered absolute domain names (pages or paths or sub-domains) into marketable assets within a legal, technological and operational framework enabled through a web-hosted system. Within the framework, owners of well-established, reputable domain names having a particular web structure can offer to share with third-party licensees selected sections of the domain that are otherwise unused by the domain owner. The result is an expanded domain that facilitates a variety of monetizable ownership structures, including geographical regionalization of the domain, while exploiting for the mutual benefit of all the established public reputation and search engine ranking of the shared domain. | 2017-09-28 |
20170279769 | AUTOMATED CREATION AND USE OF VPN CONFIGURATION PROFILES - Systems and methods for automatically obtaining virtual private network (VPN) connection profile data from a barcode are provided. According to one embodiment, a client security application obtains a barcode, wherein the client security application is installed on a client machine and is used for managing the security of the client machine. The client security application identifies a configuration profile of a virtual private network (VPN) that is encoded by the barcode and creates the configuration profile of the VPN at the client machine. | 2017-09-28 |
20170279770 | Security Policy Generation Using Container Metadata - Methods, systems, and media for producing a firewall rule set are provided herein. Exemplary methods may include: receiving metadata about a deployed container from a container orchestration layer; determining an application or service associated with the deployed container from the received metadata; retrieving at least one model using the determined application or service, the at least one model identifying expected network communications behavior of the deployed container; and generating a high-level declarative security policy associated with the deployed container using the at least one model, the high-level declarative security policy indicating at least an application or service with which the deployed container can communicate. | 2017-09-28 |
20170279771 | PACKET PROCESSING METHOD, NETWORK SERVER, AND VIRTUAL PRIVATE NETWORK SYSTEM - Embodiments of the present application relate to the communications field, and disclose a packet processing method, a network server, and a virtual private network system. The method includes: receiving, by a network server, a first packet sent by an access device, where the first packet includes an identifier of a first user, and the identifier of the first user is used to identify the first user; searching, by the network server, an already stored first list for a suppressed state identifier of the first user according to the identifier of the first user; and discarding, by the network server, the first packet when the first list includes the suppressed state identifier of the first user, where the suppressed state identifier of the first user is used to indicate not to provide services to the first user. | 2017-09-28 |
20170279772 | SYNDICATING DEVICE AND APPLICATION MANAGEMENT - Techniques to provide syndicated device and application management are disclosed. In various embodiments, a request associated with accessing a third party service is received, for example, at a device management server or other management system. A third party service configuration data is used to configure the managed device to access the third party service directly from the third party service. | 2017-09-28 |
20170279773 | DYNAMIC PRIORITIZATION OF NETWORK TRAFFIC BASED ON REPUTATION - A network device may determine a plurality of reputation indicators that indicate a measure of reputation associated with the flow. A first reputation indicator, of the plurality of reputation indicators, may be determined based on applying a first reputation analysis technique in association with the flow. A second reputation indicator, of the plurality of reputation indicators, may be determined based on applying a second reputation analysis technique in association with the flow. The second reputation analysis technique may be different from the first reputation analysis technique. The network device may determine a reputation score for the flow based on the plurality of reputation indicators. The network device may prioritize the flow based on the reputation score. | 2017-09-28 |
20170279774 | Decentralized Autonomous Edge Compute Coordinated by Smart Contract On A Blockchain - The systems, apparatus, methods, and computer program products described herein provide the capability for an entity to identify and autonomously contract via a blockchain database with an unknown and anonymous host device for access rights to a high volume raw data stream generated by a sensor of the host device. The systems, apparatus, methods, and computer program products further provide the capability for the entity to push or upload a software module to the host device to allow the entity to process the high volume raw data stream into a low volume data stream directly on the host device, i.e., at the source of the high volume raw data stream. | 2017-09-28 |
20170279775 | METHOD AND APPARATUS FOR ANONYMOUS ACCESS AND CONTROL OF A SERVICE NODE - A method, apparatus and computer program product are provided for anonymous access and control of a service node. In the context of a method, the method includes causing the transmission of a privacy proxy URI in response to the privacy proxy URI request, and establishing a privacy connection with user equipment in response to receiving a request to connect including the URI. The URI is a portion of the privacy enabled URI based at least in part on the privacy proxy URI. The method further includes causing the transmission of a request message to a service node in response to receiving a request message from the user equipment through the privacy connection. | 2017-09-28 |
20170279776 | ENCRYPTING METHOD AND DECRYPTING METHOD OF SECURITY SHORT MESSAGE AND RECEIVING APPARATUS FOR RECEIVING SECURITY SHORT MESSAGE - An encrypting method of a security short message includes performing a first encryption computation according to a short message content and a deadline code to generate a verification code, performing a second encryption computation according to the short message content, deadline code and verification code to generate an encrypting field, and combining a non-encrypting field and the encrypting field to create the security short message. | 2017-09-28 |
20170279777 | File signature system and method - Embodiments of the present disclosure relate to the field of data security, and a file signature system and method are disclosed. The system includes: an encryption server, configured to store an encryption key; and a signature client, configured to: generate an encrypted message according to a to-be-encrypted file, and send the generated encrypted message to the encryption server, where the encryption server is configured to: after receiving the encrypted message, generate a hash according to the encryption key, and send the hash back to the signature client; and the signature client is configured to sign the to-be-encrypted file according to the hash. By means of the foregoing solution, key exposure can be effectively avoided by storing an encryption key through an encryption server, thereby improving signature safety. | 2017-09-28 |
20170279778 | DOWNLINK CONTROL CHANNEL ENCRYPTION FOR JAMMING RESILIENCE - Methods, systems, and devices for wireless communication are described. The methods, systems, and devices may employ mechanisms for encrypting downlink control channels for jamming resilience. The methods, systems, and devices may include or may be configured to generate and receive a security configuration, obtain a downlink control channel encryption key, transmit a control channel message, and decrypt the transmitted messaged based on the encryption key. | 2017-09-28 |
20170279779 | COMMUNICATION DEVICE, COMMUNICATION SYSTEM, AND COMMUNICATION METHOD - A communication device includes: an encryption unit configured to encrypt a stream into encrypted data using a common key; a communication unit configured to transmit the encrypted data encrypted using the common key to a communication device; a common key update unit configured to update, after an update timing of the common key is reached, the common key using an unencrypted stream of the encrypted data started to be transmitted after the update timing; and a control unit configured to control the encryption unit so that the encryption unit does not start encryption of the stream and control the communication unit so that the communication unit does not start transmission of the encrypted data, in a case where a time when the stream to be transmitted to the communication unit is generated is within a predetermined period before and after the update timing. | 2017-09-28 |
20170279780 | METHOD AND SYSTEM FOR SECURING COMMUNICATION - A method for generating one or more secrets for use by members. The method includes sending a first request for connection with a second member, and sending a second request to connection with a third member. The method further includes receiving, by the first member from the second member, a second input after the first request is sent and after communication is initiated between the first member and the second member and receiving, by the first member from the third member, a third input after the second request is sent and after communication is initiated between the first member and the third member. The method further includes generating, using an n-bit generator executing on the first member, a message digest using a first input, the second input, and the third input, extracting a secret from the message digest, and storing the secret in a secrets repository on the first member. | 2017-09-28 |
20170279781 | SYSTEM AND METHOD FOR SECURE CLOUD COMPUTING - In a method for secure cloud computing, a virtual machine (VM) associated with a client is executed at a computer within a trusted computing cloud. An image including state information of the VM is obtained; storage of the image is arranged; a freshness hash of the image is determined; and the freshness hash is sent to the client. Subsequently, at the same computer or at a different computer within the trusted computing cloud, the stored image may be retrieved; a freshness hash of the retrieved image may be determined; the freshness hash of the retrieved image may be sent to the client; and an indication may be received from the client verifying the integrity of the freshness hash of the stored image. | 2017-09-28 |
20170279782 | MANAGE ENCRYPTED NETWORK TRAFFIC USING SPOOFED ADDRESSES - Methods and systems for managing encrypted network traffic using spoofed addresses. One example method includes receiving a request to resolve a domain name; determining that the domain name is included in a predetermined set of domain names; associating a spoofed address with the domain name; sending a response to the request to resolve the domain name, the response including the spoofed address; receiving a secure request for a resource, the secure request directed to the spoofed address; determining that the secure request is directed to the domain name based on the association between the spoofed address and the domain name; and selectively decrypting the secure request based at least in part on determining that the secure request is directed to the domain name. | 2017-09-28 |
20170279783 | SECURE 3D MODEL SHARING USING DISTRIBUTED LEDGER - This document generally describes systems, methods, devices, and other techniques for using distributed ledgers, such as a blockchain database, to facilitate secure distribution and use of 3D model files to 3D printers over a computing network. A 3D printer controller may access an electronic ledger that identifies a plurality of 3D model files that have been made available for distribution. A particular 3D model file and a secret key may be obtained by the printer, where the 3D model file is encrypted based on the secret key. The secret key can be decrypted using a private key associated with the computing device that corresponds to the public key. After decrypting the secret key, the particular 3D model file can be decrypted using the secret key, and after decrypting the particular 3D model file, the particular 3D model file can be executed on the printer to print a physical 3D object. | 2017-09-28 |
20170279784 | SYNCHRONIZED ISSUANCE OF PUBLIC X.509 DIGITAL CERTIFICATES - A method includes receiving, from a certificate requestor: a request for a public key certificate and a list of a plurality of distribution addresses. The request may include a public key for the certificate requestor. The plurality of distribution addresses may belong to a plurality of third parties. The method further includes verifying an identity of the certificate requestor, and, in response to verifying the identity of the certificate requestor, retrieving a public key from the request for the public key certificate. The method may also include, in response to verifying the identity of the certificate requestor, generating the public key certificate and signing the public key certificate. The public key certificate may include the public key. The method may also include transmitting the signed public key certificate to the certificate requestor and the plurality of distribution addresses. | 2017-09-28 |
20170279785 | SYNCHRONIZED ISSUANCE OF PUBLIC X.509 DIGITAL CERTIFICATES - A method includes generating, using a processor, a private key-public key pair. The private key-public key pair may include a private key and a public key. The method also includes generating a request for a public key certificate. The request may include the public key. The method further includes sending the request for the public key certificate to a Certificate Authority (CA) and receiving the public key certificate from the CA. The public key certificate may be signed by the CA. The method also includes using the public key certificate received from the CA and transmitting the public key certificate received from the CA to a plurality of distribution addresses. The plurality of distribution addresses belong to a plurality of third parties. | 2017-09-28 |
20170279786 | SYSTEMS AND METHODS TO PROTECT SENSITIVE INFORMATION IN DATA EXCHANGE AND AGGREGATION - Systems and methods to store, exchange, and aggregate data in association tokens representative of personally identifiable information (PII) without revealing the PII to users of the data. The PII is secured in a centralized location for association with the tokens but without the associated data. Data records are stored in data sources in association with tokens representing the PII but without the PII. Before providing a set of data records from the data sources to a user, a master token is identified based on the data stored in the centralized location to represent a plurality of tokens used in the data records to represent a same person/entity; and the plurality of tokens are replaced with the master token for the data records to link together the data records of the same person/entity. | 2017-09-28 |
20170279787 | SUPPRESSION OF AUTHORIZATION RISK FEEDBACK TO MITIGATE RISK FACTOR MANIPULATION IN AN AUTHORIZATION SYSTEM - Dynamic risk communication associated with a computer device may include automatically detecting one or more security risk factors for the computer device based on current context information associated with the computer device. Whether an attempt is being made via the computer device to manipulate the one or more risk factors in an attempt to reduce a security level of a computer-implemented authentication procedure may be determined. Responsive to determining that the attempt is being made to manipulate the one or more risk factors, a new challenge for additional identification may be communicated for presentation on a user interface device of the computer device while suppressing one or more security risk factors from being presented on the user interface device. Responsive to determining that an attempt is not being made to manipulate the one or more risk factors, the new challenge and one or more security risk factors may be communicated. | 2017-09-28 |
20170279788 | SECURE REMOTE PASSWORD RETRIEVAL - A non-transitory storage medium having stored thereon instructions, the instructions being executable by one or more processors to perform operations including responsive to receiving notification of completion of creation of a secure remote password (SRP) account, prompting a user for a first input corresponding to a username and a second input corresponding to a personal identification number, responsive to receiving the first input and the second input, verifying that the first input and the second input meet all predetermined requirements, responsive to verifying the first input and the second input meet all predetermined requirements and that the first input is not already stored by the non-transitory storage medium, prompting the user for a third input, the third input being a password corresponding to the SRP account, and storing the third input in the non-transitory storage medium is shown. | 2017-09-28 |
20170279789 | INFORMATION PROCESSING METHOD AND SYSTEM, ELECTRONIC DEVICE, AND SERVER - One embodiment provides a method, including: identifying an attempt to access an application installed on an information handling device, a request; receiving, in response to the attempt to access the application, a coded data set at the information handling device; identifying a target application associated with the coded data set; and causing the target application to access the coded data set. Other aspects are described and claimed. | 2017-09-28 |
20170279790 | AUTHENTICATION SYSTEM, REMINDER TERMINAL, AND INFORMATION RECORDING MEDIUM - At a reminder terminal ( | 2017-09-28 |
20170279791 | COMMUNICATION APPARATUS, REMINDER APPARATUS, AND INFORMATION RECORDING MEDIUM - Provided is a communication apparatus ( | 2017-09-28 |
20170279792 | APPLICATION AUTHENTICATION WRAPPER - Disclosed are various approaches for implementing an application authentication wrapper. An authentication request, such as a Kerberos request, is created for authenticating the computing device. The authentication request is encrypted to generate an encrypted authentication request. The encrypted authentication request is then forwarded to a reverse proxy server. An encrypted authentication response is received from the reverse proxy server. The encrypted authentication response, such as a Kerberos response, is then decrypted to generate a corresponding authentication response, which is then forwarded to the computing device that generated the authentication request. | 2017-09-28 |
20170279793 | IDENTITY MANAGEMENT OVER MULTIPLE IDENTITY PROVIDERS - Systems and processes of advanced identity management over multiple identity providers deployable through mobile applications are provided. The process, e.g., method, includes requesting a backend service from multiple backend services by a requesting device. The method further includes exposing the requested backend service though a call in by a gateway service using a token mapped to the requested backend service, without exposing any of the backend services directly to the requesting device. | 2017-09-28 |
20170279794 | USER INFORMATION OBTAINING METHOD AND APPARATUS, AND SERVER - The present disclosure provides a user information obtaining method and apparatus, and a server. The method includes: sending, after detecting an operation of a terminal for browsing a specified webpage using an Internet application, an authorization page for obtaining user information, the specified webpage being a webpage associated with a specified public identity, the authorization page including an option enabling the terminal to jump to a callback page; obtaining a first authorization credential from address information of the callback page after receiving an authorization confirmation instruction sent by the terminal, the authorization confirmation instruction being sent by the terminal after the terminal detects a trigger operation corresponding to the option, and the first authorization credential being added by a first server to the address information; and obtaining user information from the first server according to the first authorization credential, and providing the user information to the specified public identity. | 2017-09-28 |
20170279795 | SECURE, AUTOMATIC SECOND FACTOR USER AUTHENTICATION USING PUSH SERVICES - A network-based multi-factor authentication approach is provided. A request to access a protected network resource and user credentials are received from a client by an application server hosting the resource. Attributes associated with the request are obtained. After determining the credentials are valid, the access attributes are provided to an authentication server. A first OTP is generated by the authentication server. The client is caused to seek confirmation from the user regarding the request and the associated attributes, by sending a push notification to the client. Responsive to authentication of the user to an OTP generator application running on the client via a biometric sensor or a PIN associated with the client: (i) a second OTP is generated by the OTP generator; and (ii) the application server is caused to grant the request by the OTP generator sending the second OTP to the application server or to the authentication server. | 2017-09-28 |
20170279796 | TOKEN DEVICE RE-SYNCHRONIZATION THROUGH A NETWORK SOLUTION - Example embodiments provide a method that includes generating, at an authentication server, a first token value. The authentication server receives a request for the first token value from a server of the site being accessed by a device of a user. The first token value is transmitted to the server of the site, causing the server of the site to transmit a list of token values including the first token value to the device. The list is presented on the device, and used to compare to a first token value generated by a password device to determine whether the first token value of the password device is presented in the list. The authentication server receives a second token value from the server of the site, whereby the second token value is used to authenticate the user accessing the site, and verifies the second token value to authenticate the user. | 2017-09-28 |
20170279797 | Container Independent Secure File System for Security Application Containers - Embodiments include method, systems and computer program products for a container independent secure file system for security application containers. In some embodiments, a request for a virtualized application container may be received. A passphrase may be obtained from a user. A key may be obtained. A files system of the virtualized application container may be prepared for a specified mount point using the passphrase and key. The file system may be initiated in response to the request. | 2017-09-28 |
20170279798 | MULTI-FACTOR AUTHENTICATION SYSTEM AND METHOD - To authorize a client device to access a secure resource hosted on a web server, the present methods and systems may provide executable instructions including a challenge token to the client device, which, in turn, may cause the client device to provide executable instructions, including the challenge token, to a mobile client device via a persona area network. The executable instructions provided to the mobile client device may request the mobile client device to return a verification token. The mobile client device may compare the provided challenge token to a challenge token stored locally. If the challenge tokens match, the mobile client device may provide a verification token to the client device via the personal area network, which may in turn provide the verification token to the web server. The web server may compare the verification token provided by the client device to a verification token provided by the present methods and systems. If the verification tokens match, the web server may authorize the access to the secure resource. | 2017-09-28 |
20170279799 | BIOMETRIC METADATA BUREAU - Biometric markers are seen as a secure and convenient way to control an individual's access to systems. The data that comprise these access controls, however, can be spoofed by nefarious third parties. Therefore, systems and methods are provided that track metadata related to the usage of biometric markers as access control devices to improve the security of systems using biometric markers for access control and to improve the speed and efficiency for systems when re-granting access for an individual in the event that access was revoked or suspended. A bureau collects metadata related to the authentication of individuals via biometric markers and the activities of the individual and the systems accessed. These metadata are used by the bureau to alert affected parties of potential misuse of biometric data and to reduce the processing requirements, storage requirements, and number of communications to on-board or re-authenticate an individual. | 2017-09-28 |
20170279800 | ENHANCING AUTHENTICATION AND SOURCE OF PROOF THROUGH A DYNAMICALLY UPDATABLE BIOMETRICS DATABASE - The present invention provides for biometric authentication of users using current, updatable biometric data/standards. In this regard, the present invention provides for creation of a registry of authentication information that dynamically, over time, receives biometric authentication-related information (e.g., photographs, voice samples, fingerprints, signatures and the like) from diverse devices configured to capture/sense such. The devices may be devices associated with the user, such as mobile communication devices, devices locate in the user's residence or the like, or the devices may be public devices, such as security cameras, point-of-sale devices or the like, which are configured to capture and electronically communicate biometric authentication-related information. In response to invoking a biometric authentication application and receiving a user's biometric credentials/identifier, the registry is accessed so that a comparison may be made between the user's current biometric credentials and the biometric data stored within the registry. | 2017-09-28 |
20170279801 | SYSTEMS AND METHODS FOR PROVIDING BLOCK CHAIN-BASED MULTIFACTOR PERSONAL IDENTITY VERIFICATION - Block chain-based multifactor personal identity verification may be provided. Verification addresses may be established on a block chain by: associating identifiers with individuals having previously verified personal identities, assigning verification addresses on a block chain to the individuals, and recording identifiers and biometric data associated with the individuals at corresponding verification addresses. Block chain-based multifactor personal identity verification using the verification addresses may be performed by: receiving one or more identifiers in connection with one or more requests to verify an identity of one or more individuals, extracting the biometric data associated with the one or more individuals from the corresponding verification addresses, and verifying the identity of the one or more individuals upon receiving matching biometric data and private keys. | 2017-09-28 |
20170279802 | BI-DIRECTIONAL AUTHENTICATION BETWEEN A MEDIA REPOSITORY AND A HOSTING PROVIDER - A hosting provider may be bi-directionally authenticated with one or more media repositories. The hosting provider preferably has domain name registration and hosting capabilities. The media repositories may collect data (such as pictures and/or files) from one or more users. Once authenticated, the hosting provider and media repositories may cooperate in storing, aggregating and transmitting data to a user. Routes may be hosted by the hosting provider and used to organize and access the data. For example, a user may enter a route into a browser and receive media/data, possibly from a plurality of media repositories, that is associated with that route. In another example, the user may enter a route into the browser and be redirected from the hosting provider to a website of the media repository. | 2017-09-28 |
20170279803 | SYSTEMS AND METHODS FOR CLOUD BASED UNIFIED SERVICE DISCOVERY AND SECURE AVAILABILITY - Systems and methods implemented by a unified agent application executed on a mobile device, for unified service discovery and secure availability include authenticating a user into a plurality of cloud services including a proxy service and a Virtual Private Network (VPN) service, wherein the proxy service is utilized for Internet traffic and the VPN service is for Intranet traffic; creating and operating a link local network at the mobile device with a virtual network interface and multiple listening sockets; and intercepting traffic at the virtual network interface from one or more client applications on the mobile device and splitting the traffic between the proxy service, the VPN service, and the Internet based on a type of the traffic, a destination, and the one or more client applications. | 2017-09-28 |
20170279804 | INTEGRATED HOSTED DIRECTORY - Methods, systems, and devices for enterprise-wide management of disparate devices, applications, and users are described. A cloud-based central server may maintain an integrated hosted directory, which may allow user authentication, authorization, and management of information technology (IT) resources across device types, operating systems, and software-as-a-service (SaaS) and on-premises applications. IT resources for multiple and separate customers may be managed from a single, central directory, and servers may be brought online to allow access to the directory according to system loading. | 2017-09-28 |
20170279805 | SECURE RESOURCE-BASED POLICY - The techniques and systems described herein improve security and improve connection reliability by providing a framework for an application to communicate its intent to an authority service so that the authority service can enforce networking security requirements. In various examples, an intent to access a resource over a network is received and queries are sent to resolve a network connection that enables access to the resource. Information for the resource is then collected and stored together in a trusted and secure environment. For instance, the information can include proxy data or can include hostname data. A ticket can be created based on the information. The ticket can be used to establish and maintain a secure network connection to the resource. | 2017-09-28 |
20170279806 | Authentication in a Computer System - An authentication arrangement comprises a first security protocol server configured to manage authenticators for log in to a first set of hosts managed by the first security protocol server and a second security protocol server. The hosts are adapted to accept access requests based on information on authenticators. The first security protocol server is configured to transfer authenticators used to log in to the first set of hosts to the second security protocol server. The hosts in the first set of hosts then use information stored on the second security protocol server for accepting access requests. | 2017-09-28 |
20170279807 | SAFE METHOD TO SHARE DATA AND CONTROL THE ACCESS TO THESE IN THE CLOUD - The object of the present invention is to create a method for storing data in the cloud that ensures the privacy of the said data even against the administrators of the servers that make up the cloud, without impeding the practical and convenient management of the access permissions to such data. This guarantee is obtained by encrypting the stored data and the distributed and partitioned storage (for example, by the Shamir method) of the keys that allow decrypting the said data. When this method is implemented, an attacker, who wants to access the data in an unauthorized manner, should obtain unauthorized access to at least two different servers, located in different physical locations and administered by different authorities. | 2017-09-28 |
20170279808 | METHOD AND DEVICE FOR CONTROLLING DEVICE BY USING BLUETOOTH LOW ENERGY (LE) TECHNIQUE - Disclosed is a method and device for controlling a connection between a first device and a second device by using Bluetooth LE (Low Energy) technology. The method comprises: receiving from the first device an advertising message including information related to a service for controlling the first device; connecting with the first device based on the advertising message; requesting the connected first device for information on one or more devices included in a Whitelist, which is indicating a list of device the first device can connect to; receiving the information on one or more devices from the first device; and instructing the first device to connect with the second device when the information on one or more devices includes the second device's information. | 2017-09-28 |
20170279809 | METHODS AND SYSTEMS FOR DETECTING, VERIFYING, PREVENTING AND CORRECTING OR RESOLVING UNAUTHORIZED USE OF ELECTRONIC MEDIA CONTENT - A method of detecting, verifying, preventing and correcting or resolving unauthorized use of electronic media content. In one embodiment, the method comprises providing an electronic system that allows auditors to register to audit the use of electronic media content, providing the auditors with information through the electronic system regarding a unique identifier that identifies one or more items of electronic media content, owners of electronic media content or other intellectual property or users who have subscribed to the use of electronic media content, obtaining information from auditors through the electronic system regarding unauthorized use of the electronic media content and verifying that the information received from auditors is complete. | 2017-09-28 |
20170279810 | METHOD OF, AND APPARATUS FOR, SECURE ONLINE ELECTRONIC COMMUNICATION - A method for secure electronic communication between one or more clients on one or more client computing devices. The method includes establishing a networked secure exchange server, where the networked secure exchange server comprises one or more secure electronic data exchange environments for communication between one or more clients. The method also includes providing, on one or more client computing devices, a client authentication interface operable to enable one or more authorized clients to access one or more of the secure electronic data exchange environments across a network, and enabling one or more of the authorized clients to exchange electronic communications through one or more secure electronic data exchange environments. | 2017-09-28 |
20170279811 | USER IDENTIFICATION MARKING METHOD, APPARATUS, AND SYSTEM - The present disclosure provides a user identification marking method. The method includes determining a user identification that needs a classification analysis; obtaining classification basis information of the user identification; analyzing the user identification according to the classification basis information, to obtain possible classifications of the user identification and a ranking thereof in each of the possible classifications; and providing the possible classifications and the rankings to a client. | 2017-09-28 |
20170279812 | ENCRYPTION AND DECRYPTION OF DATA IN A CLOUD STORAGE BASED ON INDICATIONS IN METADATA - Provided are a method, a system, and a computer program product in which metadata associated with encrypted data is maintained in a cloud computing environment, wherein the metadata indicates whether reading of information in the encrypted data is restricted geographically. A controller provides a decryption code for decrypting the encrypted data to a cloud server located in a geographical location, based on whether the metadata indicates whether the reading of information in the encrypted data is restricted geographically. | 2017-09-28 |
20170279813 | CONTEXT-BASED RESOURCE ACCESS MEDIATION - Apparatuses, methods, and computer-readable media for a context-based access mediator (“CAM”) are described. The CAM may be configured to mediate access to computer-accessible resources by a user using a computing device after receiving a request from the computing device for the computing device to access a computer-accessible resource. The computer-accessible resource may be local or remote to the computing device. The CAM may be configured to receive the request and to mediate access to the requested resource. Such mediation may be performed through the CAM determining whether the resource may be accessed by the computing device and/or through the CAM determining which resources are available to the be accessed by the computing device. The CAM may be configured to mediate access to computer-accessible resources based on information about a context for the computing device and/or computer-accessible resource. Other embodiments are described and claimed. | 2017-09-28 |
20170279814 | DOUBLE WRITE DATA EXCHANGE IN A DEAD DROP NETWORK ARCHITECTURE - A sender uses a double-write protocol to pass data to a recipient using a dead drop network architecture. The sender sends, to a dead drop domain, a data payload to store at the dead drop domain, and receives payload access information corresponding to a payload dead drop where the payload data is stored. The sender sends, to the dead drop domain, one or more instances of metadata including the payload access information to store at the dead drop domain, and receives metadata access information corresponding to one or more metadata dead drops where the metadata is stored. The sender provides the metadata access information to one or more recipients. A recipient uses the metadata access information to read the corresponding metadata dead drop. The recipient then uses the payload access information from the metadata to read the payload dead drop and receive the payload data. | 2017-09-28 |
20170279815 | Systems and Methods for Using Video for User and Message Authentication - Aspects of the disclosed technology include a method including identifying, by a computer device, a message; encoding, by the computer device, the message; receiving, by the computer device, a video of a user reciting the encoded message; and providing, by the computer device, the message and the video for verification an authenticity of the message. | 2017-09-28 |
20170279816 | REMEDIATING COMPUTER SECURITY THREATS USING DISTRIBUTED SENSOR COMPUTERS - A data processing system comprising: a sensor computer that is coupled to and co-located with a compromised computer, the compromised computer comprising at least one malware item that is configured to direct unauthorized network activity toward one or more enterprise networks or enterprise computers, wherein the compromised computer is coupled to a firewall that is configured to control ingress of packets to the compromised computer and is logically between one or more attacker computers and the one or more enterprise networks or enterprise computers; a security control computer that is coupled to the sensor computer; one or more non-transitory data storage media in the security control computer storing security logic comprising one or more sequences of instructions which when executed cause the security control computer to perform: obtaining, from the sensor computer, detection data relating to network messages that the compromised computer emits, as the compromised computer emits the network messages; using the detection data, identifying one or more security threats that are indicated by the network messages; determining a specified remediation measure to remediate one or more of the security threats; providing the specified remediation measure to one or more of the compromised computer, the sensor computer, the firewall, and an enterprise computer. | 2017-09-28 |
20170279817 | SYSTEM AND METHOD FOR RETROSPECTIVE NETWORK TRAFFIC ANALYSIS - A method is provided to monitor network traffic, including reserving a portion of a system memory for short-term storage of copied network traffic, wherein the system memory is volatile, receiving copied packets of intercepted network traffic traversing a network, wherein the packets are associated with a plurality of respective traffic streams included in the network traffic, storing the copied packets in the portion of the system memory, maintaining an ordered list per traffic stream of copied packets that are stored, removing copied packets selected, based on their positions in their respective ordered lists, from the portion of the system memory based on a storage constraint, receiving an attack alert identifying a packet that is involved in a network attack, identifying the traffic stream that includes the packet identified, and transferring stored copied packets that are included in the identified traffic stream from the portion of the system memory to a long-term storage device. | 2017-09-28 |
20170279818 | ANTIVIRUS SIGNATURE DISTRIBUTION WITH DISTRIBUTED LEDGER - This document generally describes techniques for using a distributed ledger to implement a framework for the validation and distribution of virus signatures, which may be used by antivirus engines on computing devices to detect and remove malware. Some implementations can include accessing, by a computing system, data that identifies a plurality of virus signatures. A signature score associated with a first virus signature can be identified that is determined based on a number of signature authorities that have submitted or endorsed the first virus signature. The computing system may determine whether the first virus signature is valid based on whether the signature score satisfies a threshold score. In response to determining that the first virus signature is valid, the first virus signature can be used by the computing system to perform virus scans of one or more files maintained by the computing system. | 2017-09-28 |
20170279819 | SYSTEMS AND METHODS FOR OBTAINING INFORMATION ABOUT SECURITY THREATS ON ENDPOINT DEVICES - The disclosed computer-implemented method for obtaining information about security threats on endpoint devices may include (1) detecting, by a security program on a computing device, an attempt to access at least one suspicious file, (2) before permitting the computing device to access the suspicious file, identifying, by the security program, at least one third-party resource not associated with the security program that contains information potentially indicative of the trustworthiness of the suspicious file, (3) obtaining, by the security program from the third-party resource, the information potentially indicative of the trustworthiness of the suspicious file, and then (4) determining, by the security program based at least in part on the information potentially indicative of the trustworthiness of the suspicious file, whether the suspicious file represents a security threat to the computing device. Various other methods, systems, and computer-readable media are also disclosed. | 2017-09-28 |
20170279820 | SYSTEM AND METHOD FOR DETECTING COMPUTER ATTACKS - One embodiment of the invention is a system that stores a characteristic “modus operandi” for each type of computer attack that has historically been encountered or that could potentially be encountered on a computer network. In this embodiment, the system uses criteria derived from a modus operandi to query an event data store, identifying entities (host computers, user credentials, or malicious software objects) on the network that meet those criteria. The system also queries a flow data store to identify network connections among the identified entities that meet the criteria for the modus operandi. The identified entities and network connections are then analyzed to determine whether an attack matching the modus operandi is underway. If so, the system transmits a notification to permit the attack to be thwarted before it is completed (i.e., before exfiltration of sensitive stolen data occurs). | 2017-09-28 |
20170279821 | SYSTEM AND METHOD FOR DETECTING INSTRUCTION SEQUENCES OF INTEREST - An instruction sequence detection system is trained to detect instruction sequences of interest, such as threats by malicious computer data. Training includes distilling the characteristics of known instruction sequences of interest (e.g., intrusion by computer viruses, exploits, worms, or the like) into a set of meta-expressions. At run-time, the instruction sequence detection system combines the minimal set of meta-expressions with efficient computer algorithms for evaluating meta-expressions to detect known instruction sequences of interest, as well as their unknown variants, among an unknown set of instruction sequences. The instruction sequence detection system may provide an appropriate response upon the detection of instruction sequences of interest. | 2017-09-28 |
20170279822 | SYSTEMS AND TECHNIQUES FOR GUIDING A RESPONSE TO A CYBERSECURITY INCIDENT - A cybersecurity engine can guide a forensic investigation of a security incident by estimating the utility of investigating events associated with the security incident, selecting a subset of such events based on the estimated utilities, and presenting data associated with the selected events to the investigator. A method for guiding a response to a security incident may include estimating, for each of a plurality of security events associated with the security incident, a utility of investigating the security event. The method may further include selecting a subset of the security events based, at least in part, on the estimated utilities of investigating the security events. The method may further include guiding the response to the security incident by presenting, to a user, data corresponding to the selected security events. | 2017-09-28 |
20170279823 | NETWORK ATTACK DETERMINATION METHOD, SECURE NETWORK DATA TRANSMISSION METHOD, AND CORRESPONDING APPARATUS - This application discloses a network attack determination method, a secure network data transmission method, and a corresponding apparatus. In this application, a browser client terminal obtains attack rules formulated by a rule configuration server, and after obtaining feedback information that is returned by a network according to a webpage browsing request, determines, according to a comparison result between the attack rules and the feedback information, whether the webpage browsing request encounters a network attack, thereby resolving a problem in the prior art that a network attack cannot be identified. In addition, after determining that a network attack is encountered, the browser client terminal performs network data transmission in a secure manner, which can avoid impact from the network attack, and improve security of network data transmission. | 2017-09-28 |
20170279824 | TECHNIQUES FOR SHARING NETWORK SECURITY EVENT INFORMATION - This disclosure provides an architecture for sharing information between network security administrators. Events converted to a normalized data format (CCF) are stored in a manner that can be queried by a third party (e.g., an administrator of another, trusted network). Optionally made available as a service, stored event records can be sanitized for third party queries (e.g., by clients of a service maintaining such a repository). In one embodiment, each contributing network encrypts or signs its (sanitized) records using a symmetric key architecture, the key being unique to the contributing network. This key is used (e.g., by the repository) to index a set of permissions or conditions of the contributing network in servicing any query, e.g., by matching a stored hash of the event record or by decrypting the record. The information sharing service can optionally be provided by a hosted information security service or on a peer-to-peer basis. | 2017-09-28 |
20170279825 | TRACKING CLOUD WORKLOADS TO ISOLATE SECURITY BREACH EXPOSURE - A computer-implemented method includes receiving, by a computing device within a networking environment, a workload for execution within the networking environment; initiating, by the computing device, transfers of the workload to a plurality of network elements within the cloud networking environment; providing, by the computing device, tracking information of the workload as the workload traverses through the plurality of network elements; and storing or outputting, by the computing device, the tracking information regarding of the workload. | 2017-09-28 |
20170279826 | PROTECTING DYNAMIC AND SHORT-LIVED VIRTUAL MACHINE INSTANCES IN CLOUD ENVIRONMENTS - The present disclosure relates to protecting temporary virtual machine instances in a cloud computing platform from security risks. An example method generally includes monitoring a cloud platform for the assignment of a temporary virtual machine instance to a workload. A security system obtains information about a configuration of the temporary virtual machine instance and applications deployed on the temporary virtual machine instance. Based on the configuration of the temporary virtual machine instance and applications deployed on the temporary virtual machine instance, the security system generates a security policy to apply to the temporary virtual machine instance. | 2017-09-28 |
20170279827 | EDGE-BASED DETECTION OF NEW AND UNEXPECTED FLOWS - In one embodiment, a device in a network identifies a new interaction between two or more nodes in the network. The device forms a feature vector using contextual information associated with the new interaction between the two or more nodes. The device causes generation of an anomaly detection model for new node interactions using the feature vector. The device uses the anomaly detection model to determine whether a particular node interaction in the network is anomalous. | 2017-09-28 |
20170279828 | HIERARCHICAL MODELS USING SELF ORGANIZING LEARNING TOPOLOGIES - In one embodiment, a device in a network maintains a plurality of anomaly detection models for different sets of aggregated traffic data regarding traffic in the network. The device determines a measure of confidence in a particular one of the anomaly detection models that evaluates a particular set of aggregated traffic data. The device dynamically replaces the particular anomaly detection model with a second anomaly detection model configured to evaluate the particular set of aggregated traffic data and has a different model capacity than that of the particular anomaly detection model. The device provides an anomaly event notification to a supervisory controller based on a combined output of the second anomaly detection model and of one or more of the anomaly detection models in the plurality of anomaly detection models. | 2017-09-28 |
20170279829 | DYNAMIC DEVICE CLUSTERING USING DEVICE PROFILE INFORMATION - In one embodiment, a networking device in a network causes formation of device clusters of devices in the network. The devices in a particular cluster exhibit similar characteristics. The networking device receives feedback from a device identity service regarding the device clusters. The feedback is based in part on the device identity service probing the devices. The networking device adjusts the device clusters based on the feedback from the device identity service. The networking device performs anomaly detection in the network using the adjusted device clusters. | 2017-09-28 |
20170279830 | MECHANISMS TO PREVENT ANOMALY DETECTORS FROM LEARNING ANOMALOUS PATTERNS - In one embodiment, a device in a network detects an anomaly in the network by analyzing a set of sample data regarding one or more conditions of the network using a behavioral analytics model. The device receives feedback regarding the detected anomaly. The device determines that the anomaly was a true positive based on the received feedback. The device excludes the set of sample data from a training set for the behavioral analytics model, in response to determining that the anomaly was a true positive. | 2017-09-28 |
20170279831 | USE OF URL REPUTATION SCORES IN DISTRIBUTED BEHAVIORAL ANALYTICS SYSTEMS - In one embodiment, a device in a network identifies a universal resource locator (URL) from traffic destined for the URL that triggered a first anomaly detected by an anomaly detector. The device reports the first anomaly and the identified URL to a supervisory device in the network. The device receives a URL filter rule for the URL. The URL filter rule is configured to affect anomaly scores generated by the anomaly detector for traffic destined for the URL or a domain associated with the URL. The device uses the URL filter rule to adjust an anomaly score for a second anomaly detected by the anomaly detector based on the second anomaly involving traffic destined for the URL or the domain associated with the URL. | 2017-09-28 |
20170279832 | SANITY CHECK OF POTENTIAL LEARNED ANOMALIES - In one embodiment, a device in a network receives, from a supervisory device, trace information for one or more traffic flows associated with a particular anomaly. The device remaps network addresses in the trace information to addresses of one or more nodes in the network based on roles of the one or more nodes. The device mixes, using the remapped network addresses, the trace information with traffic information regarding one or more observed traffic flows in the network, to form a set of mixed traffic information. The device analyzes the mixed traffic information using an anomaly detection model. The device provides an indication of a result of the analysis of the mixed traffic information to the supervisory device. | 2017-09-28 |
20170279833 | EDGE-BASED MACHINE LEARNING FOR ENCODING LEGITIMATE SCANNING - In one embodiment, a device in a network receives an indication that a network anomaly detected by an anomaly detector of a first node in the network is associated with scanning activity in the network. The device receives labeled traffic data associated with the detected anomaly that identifies whether the traffic data is associated with legitimate or illegitimate scanning activity. The device trains a machine learning-based classifier using the labeled traffic data to distinguish between legitimate and illegitimate scanning activity in the network. The device deploys the trained classifier to the first node, to distinguish between legitimate and illegitimate scanning activity in the network. | 2017-09-28 |
20170279834 | USER ASSISTANCE COORDINATION IN ANOMALY DETECTION - In one embodiment, a device in a network receives feedback regarding an anomaly reporting mechanism used by the device to report network anomalies detected by a plurality of distributed learning agents to a user interface. The device determines an anomaly assessment rate at which a user of the user interface is expected to assess reported anomalies based in part on the feedback. The device receives an anomaly notification regarding a particular anomaly detected by a particular one of the distributed learning agents. The device reports, via the anomaly reporting mechanism, the particular anomaly to the user interface based on the determined anomaly assessment rate. | 2017-09-28 |
20170279835 | ADAPTIVE CAPTURE OF PACKET TRACES BASED ON USER FEEDBACK LEARNING - In one embodiment, a node in a network detects an anomaly in the network based on a result of a machine learning-based anomaly detector analyzing network traffic. The node determines a packet capture policy for the anomaly by applying a machine learning-based classifier to the result of the anomaly detector. The node selects a set of packets from the analyzed traffic based on the packet capture policy. The node stores the selected set of packets for the detected anomaly. | 2017-09-28 |
20170279836 | DISTRIBUTED FEEDBACK LOOPS FROM THREAT INTELLIGENCE FEEDS TO DISTRIBUTED MACHINE LEARNING SYSTEMS - In one embodiment, a device in a network receives anomaly data regarding an anomaly detected by a machine learning-based anomaly detection mechanism of a first node in the network. The device matches the anomaly data to threat intelligence feed data from one or more threat intelligence services. The device determines whether to provide threat intelligence feedback to the first node based on the matched threat intelligence feed data and one or more policy rules. The device provides threat intelligence feedback to the first node regarding the matched threat intelligence feed data, in response to determining that the device should provide threat intelligence feedback to the first node. | 2017-09-28 |
20170279837 | GATHERING FLOW CHARACTERISTICS FOR ANOMALY DETECTION SYSTEMS IN PRESENCE OF ASYMMETRICAL ROUTING - In one embodiment, a first device in a network identifies a first traffic flow between two endpoints that traverses the first device in a first direction. The first device receives information from a second device in the network regarding a second traffic flow between the two endpoints that traverses the second device in a second direction that is opposite that of the first direction. The first device merges characteristics of the first traffic flow captured by the first device with characteristics of the second traffic flow captured by the second device and included in the information received from the second device, to form an input feature set. The first device detects an anomaly in the network by analyzing the input feature set using a machine learning-based anomaly detector. | 2017-09-28 |
20170279838 | DISTRIBUTED ANOMALY DETECTION MANAGEMENT - In one embodiment, a device in a network performs anomaly detection functions using a machine learning-based anomaly detector to detect anomalous traffic in the network. The device identifies an ability of one or more nodes in the network to perform at least one of the anomaly detection functions. The device selects a particular one of the anomaly detection functions to offload to a particular one of the nodes, based on the ability of the particular node to perform the particular anomaly detection function. The device instructs the particular node to perform the selected anomaly detection function. | 2017-09-28 |
20170279839 | NETWORK-BASED APPROACH FOR TRAINING SUPERVISED LEARNING CLASSIFIERS - In one embodiment, a supervisory device in a network receives traffic data from a security device that uses traffic signatures to assess traffic in the network. The supervisory device receives traffic data from one or more distributed learning agents that use machine learning-based anomaly detection to assess traffic in the network. The supervisory device trains a traffic classifier using the received traffic data from the security device and from the one or more distributed learning agents. The supervisory device deploys the traffic classifier to a selected one of the one or more distributed learning agents. | 2017-09-28 |
20170279840 | AUTOMATED EVENT ID FIELD ANALYSIS ON HETEROGENEOUS LOGS - A system, program, and method for anomaly detection in heterogeneous logs. The system having a processor configured to identify pattern fields comprised of a plurality of event identifiers. The processor is further configured to generate an automata model by profiling event behaviors of the plurality of event sequences, the plurality of event sequences grouped in the automata model by combinations of one or more pattern fields and one or more event identifiers from among the plurality of event identifiers, wherein for a given combination, the one or more event identifiers therein must be respectively comprised in a same one of the one or more pattern fields with which it is combined. The processor is additionally configured to detect an anomaly in one of the plurality of event sequences using the automata model. The processor is also configured to control an anomaly-initiating one of the network devices based on the anomaly. | 2017-09-28 |
20170279841 | METHODS OF DETERMINING A FILE SIMILARITY FINGERPRINT - A similarity fingerprint for a data object such as a file can be automatically determined using one or more anchor values. The one or more anchor values can be provided or determined. For each anchor value, a set of distances between each instance of the anchor value in the data object is determined. The set of distances for the instance of the anchor value is aggregated into a single value. The single value is added as a component of the similarity fingerprint. Thus, if there are N anchor values, there can be N components of the similarity fingerprint. The similarity fingerprints of different data objects can be compared and the results of the comparison can be used to determine how similar the data objects are. | 2017-09-28 |
20170279842 | MALWARE AND ANOMALY DETECTION VIA ACTIVITY RECOGNITION BASED ON SENSOR DATA - A system for malware and anomaly detection via activity recognition based on sensor is disclosed. The system may analyze sensor data collected during a selected time period from one or more sensors that are associated with a device. Once the sensor data is analyzed, the system may determine a context of the device when the device is in a connected state. The system may determine the context of the device based on the sensor data collected during the selected time period. The system may also determine if traffic received or transmitted by the device during the connected state is in a white list. Furthermore, the system may transmit an alert if the traffic is determined to not be in the white list or if the context determined for the device indicates that the context does not correlate with the traffic. | 2017-09-28 |
20170279843 | PROBABILISTIC MODEL FOR CYBER RISK FORECASTING - A system and method are presented for forecasting the risk of cyber-attacks on targeted networks. The described technology quantifies linear and non-linear damages to network-dependent assets by propagating probabilistic distributions of events in sequence and time in order to forecast damages over specified periods. Damage-forecasts are used to estimate probabilistically time-varying financial losses for cyber-attacks. The described technology incorporates quantities and dependencies for pricing insurance, re-insurance, and self-insurance, assessing cost-benefit tradeoffs for sequenced implementation of security control measures, and detecting attacks in the targeted network. | 2017-09-28 |
20170279844 | IDENTIFYING AND REMEDIATING AT-RISK RESOURCES IN A COMPUTING ENVIRONMENT - Methods and systems of identifying and remediating at-risk resources in a computing environment are provided. A method includes periodically determining respective infrastructure topologies of a computing environment that changes over time, wherein the determining is performed by a computer system communicating with the computing environment. The method also includes: identifying, by the computer system, an intrusion event in the computing environment; determining, by the computer system, at-risk resources in the computing environment based on the determined intrusion event and a corresponding one of the infrastructure topologies; and performing, by the computer system, remediation action for the at-risk resources. | 2017-09-28 |