41st week of 2020 patent applcation highlights part 73 |
Patent application number | Title | Published |
20200322303 | Methods and devices for facilitating and monetizing merges of targets with stalkers - Methods and devices facilitate and monetize merges of stalkers and targets. Responsive to an invitation from an entity of interest (target), a request is received for a real-time location of the entity of interest (target) via a user interface of at least one mobile communication device associated with a user (stalker). The request may be received responsive to an invite from the entity of interest. Responsive to the request for the location, the real-time location of the entity of interest is provided via the user interface. When the mobile communication device associated with the stalker comes within a predetermined proximity of the target, a recording of a meeting between the stalker and the target is initiated. The target is provided with a reward responsive to a first recorded meeting between a stalker and the target. | 2020-10-08 |
20200322304 | MULTI-USER MEDIA PRESENTATION SYSTEM - One or more embodiments of the disclosure provide systems and methods for providing media presentations to users of a media presentation system. A media presentation generally includes a plurality of media segments provided by multiple users of the media presentation system. In one or more embodiments, a user of the media presentation system may share a media presentation with a co-user. The media presentation system can provide a number of features to assist a user in sharing, filtering, and accessing media presentations. | 2020-10-08 |
20200322305 | SOCIAL PLATFORM WITH ENHANCED PRIVACY AND INTEGRATED CUSTOMIZATION FEATURES - The present invention provides a social networking platform offering various services, such as, facilitating aggregation and management of a user's interaction on one or more social networking platforms, offering enhanced control over the level of privacy associated with the flow of user data, offering tools to customize the user's exposure to advertisement-related content on the social networking platform(s), integrating features to control aspects of how data/content is presented to and visualized by the user, empowering the user to multicast direct messages to other users without the other users having to meet certain constraints, empowering the user to create and/or join a group based on messaging threads, and the like. One or more of these enhanced services/features are associated with a powerful framework of authentication/permission model for access control. | 2020-10-08 |
20200322306 | SHARED VIDEO CONTENT EMPLOYING SOCIAL NETWORK GRAPH INFERENCE - A video content sharing network functions as an inferred digital social network. Consent is obtained from a plurality of users of at least one digital social network to participation in the video content sharing network. Information is automatically obtained from the digital social network for the users, through a plurality of respective communication channels, which can be application program interfaces or covert or subliminal channels. The information includes link information between each of the users and other individuals in the digital social network. Each of the users is enabled to share content including video content, to send and receive message information with other users, to view profile information of other users, and to view social contact information of other users, through the video content sharing network. | 2020-10-08 |
20200322307 | DATA PROCESSING FOR MULTI-OBJECTIVE COMMUNICATION ENGAGEMENT - A cloud platform supports a digital communication system that identifies recommended communication frequencies based on past communication data. The cloud platform may support blending of weights applied to different engagement rates. Based on the weights, the system identifies recommended frequency ranges to maximize engagement rates, including the blended engagement rate using a redistribution simulation process. | 2020-10-08 |
20200322308 | METHOD AND APPARATUS FOR DYNAMIC DISCOVERY OF A BLOCKCHAIN COMPONENT IN A CLOUD COMPUTING SYSTEM - A method and a network device in a cloud computing system, including a first blockchain component that is one of a plurality of blockchain components forming a blockchain system, of dynamic discovery of another blockchain component of the blockchain system are described. A multicast address including a multicast group identifier is generated. The multicast group identifier is generated at least in part based on a genesis block identifier that uniquely identifies a blockchain serviced by the blockchain system. The network device joins a multicast group identified by the multicast group identifier; and transmits a message destined to the multicast address, where the message includes a request for a unicast address of another component of the blockchain system. | 2020-10-08 |
20200322309 | Virtual Point of Presence in a Country to Allow for Local Web Content - A method, system and computer-usable medium are disclosed for establishing a virtual point of presence or VPoP in a country or locale by registering an internet protocol (IP) prefix range for communication specific to the locale in a physical data center; implementing proxy servers on the data center that support the IP prefix range; geolocating users in the locale to the IP prefix range; network address translating inbound connections to the IP prefix range with IP addresses on the proxy servers to provide extended IP network addresses; and providing content to the users by the proxy servers on using the extended IP network addresses. | 2020-10-08 |
20200322310 | Applying Attestation to the Border Gateway Protocol (BGP) - In one embodiment, a method by an apparatus of a Border Gateway Protocol (BGP) network includes accessing an attestation token for the apparatus. The method further includes encoding the attestation token in a BGP signaling message. The method further includes sending the BGP signaling message with the encoded attestation token to a second apparatus of the BGP network. | 2020-10-08 |
20200322311 | PREMISES MANAGEMENT CONFIGURATION AND CONTROL - Disclosed are methods, systems, and devices for management of a premises. The premises may comprise one or more devices, such as a gateway device, a control device, or a premises device. A computing device, such as a server external to the premises, may receive data indicative of the premises device. The computing device may determine to update a configuration of one or more devices at the premises, such as the gateway device or the control device. Configuration data may be sent to the gateway device to update the configuration. | 2020-10-08 |
20200322312 | Applying Attestation Tokens to The Open Shortest Path First (OSPF) Routing Protocol - In one embodiment, a method includes receiving an OSPF hello message including an attestation token from a second network apparatus, determining that the attestation token is valid for the second network apparatus at a current time, establishing an adjacency to the second network apparatus in response to the determination, computing, based at least on the attestation token, a trust level for a first link from the first network apparatus to the second network apparatus and a trust level for first prefixes associated with the first link, and sending an LSA comprising the trust level for the first link and the trust level for the first prefixes to neighboring network apparatuses, where the trust level for the first link and the trust level for the prefixes are used by the network apparatuses in the network to compute a routing table of the network. | 2020-10-08 |
20200322313 | Data Transfer Method and Virtual Switch - A data transfer method and a virtual switch, where when receiving a data packet, the virtual switch extracts characteristic information of the data packet, and determines, based on the extracted characteristic information of the data packet, whether an expedited forwarding rule is configured for a data stream to which the data packet belongs. If the expedited forwarding rule is configured for the data stream to which the data packet belongs, the virtual switch bypasses a LINUX bridge to directly send the data packet to a receive end, thereby reducing times of data packet switching between a kernel mode and a user mode, and improving data packet forwarding efficiency. | 2020-10-08 |
20200322314 | GATEWAY WITH ACCESS CHECKPOINT - There is disclosed in one example a gateway apparatus to operate on an intranet, including: a hardware platform; and an access proxy engine to operate on the hardware platform and configured to: intercept an incoming packet; determine that the incoming packet is an access request directed to an access interface of a resource of the intranet; present an access checkpoint interface; receive an authentication input response; validate the authentication input response; and provide a redirection to the access interface of the device. | 2020-10-08 |
20200322315 | METHODS AND SYSTEMS FOR COMMUNICATING WITH AN M2M DEVICE - Method, apparatus and system for communicating between a machine to machine, M2M, device | 2020-10-08 |
20200322316 | GENERATING AND LINKING PRIVATE TRANSACTION IDENTIFIERS TO DISTRIBUTED DATA REPOSITORIES - Techniques are described for generating semi-random private transaction identifiers for users that are meaningful to data providers and can be used by data providers to perform internal queries for user data. A user provides input to an identity management service indicating the user's consent to link their user account at the identity management service to one or more data providers. The identity management service stores a group blinded transaction identifier (GBTI) based on transaction identifiers generated by one or more data providers. When the user desires to obtain a service from a service provider, the user obtains GBTI-derived value from the identity management service and sends it to the service provider. The service provider sends the GBTI-derived value (and possibly other information) to the data provider to prove that it has the user's consent to obtain desired data or insights about the user but without infringing the user's privacy. | 2020-10-08 |
20200322317 | SYSTEMS AND METHODS FOR ESTABLISHING SECURE REMOTE CONNECTIONS TO MEDIA DEVICES - Systems and methods for establishing secure remote connections to media devices establish a secure shell (SSH) connection between two machines which are located in two different private networks, such as between a remote debugging computer and a receiving device. The receiving device has a persistent outbound connection with a message server. The remote debugging computer connects to a relay manager and obtains a relay instance IP address and port. The relay manager then forwards the relay instance IP address and port to the receiving device via the message server. After receiving the connection request from the message server, the receiving device connects to the relay instance IP and port and waits for the input data. The remote debugging computer performs an SSH handshake and the receiving device directly authenticates the SSH connection. | 2020-10-08 |
20200322318 | Security System And Method - A security system and method for improving the security of a file/data transmitted from a special purpose user computer to a recipient special purpose computer. A special purpose computer having an individualized encryption software application server that runs individualized encryption software is provided, along with an amino acid database generator having an amino acid database storing natural and/or synthetic amino data. The individualized encryption software applicant server sends a request to the secure amino acid database generator producing the mathematical characteristics of the natural and synthetic amino acids. This is used to construct an amino acid base layer. The amino acid base layer is folded into two or three dimensional shapes and have values assigned to them, and a secret key is provided such that the transmission cannot be opened by a recipient unless he or she has the key and the values associated with the folded amino acids. | 2020-10-08 |
20200322319 | HOSTED PAYLOAD OPERATIONS WITH PRIVATE TELEMETRY AND COMMAND - A method for hosted payload operations comprises transmitting, by a hosted payload (HoP) operation center (HOC), encrypted hosted commands to a host spacecraft operations center (SOC). The method further comprises transmitting, by the host SOC, encrypted host commands and the encrypted hosted commands to a vehicle. Also, the method comprises reconfiguring a host payload according to unencrypted host commands, and reconfiguring a hosted payload according to unencrypted hosted commands. Additionally, the method comprises transmitting host payload data to a host receiving antenna. Also, the method comprises transmitting hosted payload data to a hosted receiving antenna and/or the host receiving antenna. Additionally, the method comprises transmitting, by a host telemetry transmitter, encrypted host telemetry to the host SOC; and transmitting, by a hosted telemetry transmitter, encrypted hosted telemetry to the host SOC. Further, the method comprises transmitting, by the host SOC, the encrypted hosted telemetry to the HOC. | 2020-10-08 |
20200322320 | DYNAMIC AND CRYPTOGRAPHICALLY SECURE AUGMENTATION OF PARTICIPANTS IN PROGRAMMATICALLY ESTABLISHED CHATBOT SESSIONS - The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that dynamically and securely augment participants in programmatically established chatbot sessions. For example, an apparatus may obtain messaging data generated during a first communications session involving a first device and based on the messaging data, detecting an occurrence of an event that triggers an establishment of a second communications session involving the first device and a second device. The apparatus may generate and transmit, to the second device, notification data causing the second device to validate one or more authentication credentials, and may receive confirmation data indicative of the one or more validated authentication credentials from the second device. Based on the confirmation data, the apparatus may perform operations that establish the second communications session in accordance with at least a portion of the messaging data. | 2020-10-08 |
20200322321 | CONTINUOUS TRUST SCORE - The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session. | 2020-10-08 |
20200322322 | SYSTEMS AND METHODS OF SHARING INFORMATION THROUGH A TAG-BASED CONSORTIUM - The invention provides one or more consortia of networks that identify and share information about users and/or user devices interacting with the consortia. User devices may be identified, at least in part, by tag-based computer information. Computers and other devices accessing the Web carry device tags with date and time information describing when they were issued by a security tag server. A server time stamp may be inserted into time based computer tags such as a cookies indicating when they were created. Such time stamp information can be encrypted and analyzed during future attempts to access a secure network such as a customer attempting to log into an online banking account. When the time stamp information from the tag is compared to other selected information about the user, device and/or account, including but not limited to last account log-in date/time or account creation date, the invention may be used to detect suspicious activity. The invention may be use for identity-based applications such as network security, the detection of fraudulent transactions, identity theft, reputation-based communities, and law enforcement. | 2020-10-08 |
20200322323 | SMART EDGE CO-PROCESSOR - A system of smart edge sensors, wherein security and encryption is pushed to the edge of the network. In one example, an electronic device includes several sensors. The device is operated by a microprocessor. A plurality of smart edge devices are each interposed between a respective sensor and the microprocessor and intercepts communication between the sensor and the microprocessor. The smart edge device encrypt any data output by the sensor, and decrypt any data received from the microprocessor. A JTAG access is connected to a co-processor where executes a JTAG dongle to authenticate the sensor and an interface with the sensor. | 2020-10-08 |
20200322324 | Authenticating API Service Invocations - A computer-implemented method and system for authenticating API is provided. An API invocation request associated with a user is received. An API operation and the shareable API key includes validating API key credentials of the shareable API key associated with the API invocation request. There is an additional validation of user credentials of the user associated with the API invocation request. It is determined whether the user having the validated user credentials is authorized to use the shareable API key to invoke the API operation. The API operation is executed in response to determining the user having validated user credentials is authorized to use the shareable API key to invoke the API operation. The authentication integrates validation of the user and the shareable API key, and determines whether a user is a subscriber of a multi-tenant subscription service. | 2020-10-08 |
20200322325 | SYSTEMS AND METHODS FOR APPLYING ATTESTATION TOKENS TO LISP MESSAGES - In one embodiment, an apparatus of a LISP environment includes one or more processors and computer-readable non-transitory storage media coupled to the one or more processors. The computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the one or more processors to perform operations including receiving an attestation token from a first component of the LISP environment. The operations also include encoding the attestation token using a LISP message format. The operations further include distributing the encoded attestation token with a LISP signaling message to a third component of the LISP environment. | 2020-10-08 |
20200322326 | REGISTRATION PROCESS USING MULTIPLE DEVICES - A server includes a processor, memory, and a communications interface. During a registration process the communications interface receives a phone number associated with a client mobile device, from a client computer system. In response to receiving the phone number, the processor generates a password and associates it with the client computer system. The password is transmitted to the client mobile device using the received phone number, and a password interface is transmitted to the client computer system. The processor waits up to a predetermined amount of time for the password transmitted to the client mobile device to be returned to the server device via the password interface transmitted to the client computer system. In response to the predetermined amount of time expiring without receiving the password, a message allowing the registration process to be completed using the client mobile device is transmitted to the client mobile device. | 2020-10-08 |
20200322327 | RDP PROXY SUPPORT IN PRESENCE OF RDP SERVER FARM WITH SESSION DIRECTORY OR BROKER - Described embodiments provide systems and methods for connecting to a server of a plurality of servers. The system may include a device intermediary between a client and a plurality of servers. The device may receive a remote desktop protocol (RDP) request from the client to connect to one of the plurality of servers. The RDP request may include a token. The device may cause a load-balancer of the plurality of servers to modify or remove the token of the RDP request, responsive to presence of a session directory/broker. The device may receive a server redirect packet that indicates a target server identified from the plurality of servers by the session directory, to which the client is to connect. The device may cause the server redirect packet to be modified to cause the client to send a redirected connection request packet for connecting with the target server. | 2020-10-08 |
20200322328 | MOBILE ENROLLMENT USING A KNOWN BIOMETRIC - A system performs mobile biometric identification system enrollment using a known biometric. The system receives a digital representation of a first biometric for a person. Prior to using the digital representation of the first biometric to identify the person, the system compares a received digital representation of a second biometric for the person to known biometric data for the person. When the digital representation of the first biometric has been thus verified, the system is operative to identify the person using the digital representation of the first biometric. | 2020-10-08 |
20200322329 | MULTIFACTOR DERIVED IDENTIFICATION - The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session. | 2020-10-08 |
20200322330 | CONTINUOUS MULTI-FACTOR AUTHENTICATION SYSTEM - The present technology pertains to a system that authenticates the identity of a user trying to access a service. The system comprises an authentication provider configured to communicate authentication requirements to a continuous multifactor authentication device and the continuous multifactor authentication device configured to receive authentication requirements, to fuse multiple identification factors into an identification credential for a user according to the authentication requirements, and to send the authentication credential to the authentication provider. After receiving the identification credential meeting the authentication requirements, the authentication provider is configured to instruct a service provider to initiate a session. | 2020-10-08 |
20200322331 | METHODS AND SYSTEMS OF AUTHENTICATING OF PERSONAL COMMUNICATIONS - A system for authenticating an individual's location activity includes a mobile communications device connected to a network and in electronic communication with at least one other computer. The mobile communications device is configured to authenticate the individual's presence at a location using biometric data entered by the individual. The mobile communications device has applications stored thereon to access location information for the mobile communications device using a GPS application stored on the mobile communications device and to access time information for the mobile communications device from a clock application stored on the mobile communications device. The mobile communications devices creates a digital signature that authenticates an individual's location activity by storing an encrypted digital certificate comprising a hash calculation using the biometric data, a validation key generated by authenticating the biometric data, the location information, and the time information. | 2020-10-08 |
20200322332 | Mutual Secure Communications - A sending device may send data intended for a target device. An intermediate device may intercept the data sent from the sending device and forward the communications to the target device. Security data (e.g., a security certificate for authentication) along with an encrypted version of the security data may be sent at the application layer such that it passes from the sending device, through the intermediate device, and to the target device without being analyzed or modified by the intermediate device. The target device may use the encrypted security data and the security data to verify the identity of the sending device | 2020-10-08 |
20200322333 | PERSONALIZED SECURITY SYSTEM - A method for providing improved personalized security mechanisms for transferring electronic data is disclosed. In an embodiment, the method comprises generating, at a client computer, a user key pair, wherein the user key pair comprises a user private key and a user public key; transmitting the user public key from the client computer to a server computer; receiving, at the client computer, from the server computer, a user account public key; generating a virtual memory stick (“VMS”) file and including, in the VMS file, one or more keys and one or more passphrases; encrypting the VMS file with a protection passphrase to generate an encrypted VMS file; and transmitting the encrypted VMS file to the server computer. | 2020-10-08 |
20200322334 | AUTHENTICATION OF NETWORK DEVICES BASED ON EXTENSIBLE ACCESS CONTROL PROTOCOLS - Systems, methods, and computer-readable media for authenticating extensible authentication protocol (EAP) messages include receiving, at a first node, EAP messages from a second node. The first node and the second node including network devices and the EAP messages can be based on Diameter protocol or other. The first node can obtain attestation information from one or more EAP messages to determine whether the second node is authentic and trustworthy based on the attestation information. The EAP messages can include a Capabilities Exchange Request (CER) or a Capabilities Exchange Answer (CEA) whose fields or combination of fields can include the attestation information. The EAP messages can also include a Trust Information Request (TIR) or a Trust Information Answer (TIA) which include the authentication information. The attestation information can include Proof of Integrity based on a hardware fingerprint, device identifier, or Canary Stamp. | 2020-10-08 |
20200322335 | FRICTION-LESS IDENTITY PROOFING DURING EMPLOYEE SELF-SERVICE REGISTRATION - A method for proving identity when registering for a service includes presenting by the entity a user with options for registering for the service, wherein the options comprise validating an identity of the user through a trusted partner. The method includes receiving, by the entity, user data from the trusted partner responsive to the user logging into a page on the trusted partner. The method includes validating the user identity for the service responsive to a determination that a user identifier from the trusted partner matches a user identifier on record with the entity. The method includes populating entity user data for the service according to the user data received from the trusted partner responsive to successfully validation of the user identity. In embodiments, a risk analysis score is determined for the user and registration steps for registering are selected based on comparison of the registration score with a threshold. | 2020-10-08 |
20200322336 | AUTHENTICATION BROKER APPARATUS AND NON-TRANSITORY COMPUTER READABLE MEDIUM STORING AUTHENTICATION BROKER PROGRAM - An authentication broker apparatus includes an extracting unit and a transmitting unit. In response to an authentication request from a service providing apparatus that provides a service, the extracting unit extracts, from identification managing apparatuses that manage user ID codes used by users to access a service, at least one ID managing apparatus that fulfills an authentication condition relating to authentication of the service providing apparatus that has requested authentication. The transmitting unit transmits, to the service providing apparatus, link information to access the at least one ID managing apparatus extracted by the extracting unit. | 2020-10-08 |
20200322337 | VEHICLE, SERVER, AND METHOD FOR CONTROLLING THE SAME - A server assigns a vehicle to be provided with a vehicle sharing service to a user based on the received at least one piece of schedule information and position information of a plurality of the vehicles when at least one of schedule information of the user and use information of a vehicle sharing service is received by a terminal for the user. The server operates a communication device to transmit identification information of the assigned vehicle to the terminal for the user, and operates the communication device to transmit user information to the assigned vehicle. | 2020-10-08 |
20200322338 | Cloud-Based Coordination of Remote Service Appliances - Systems, and methods are provided to provide cloud-based coordination of customer premise service appliances. A system can include a cloud-based service platform, which includes a coordination server and a cloud-based service appliance, and an on-premise service appliance. The coordination server is configured to establish a service session, select a service appliance, and control a sequence of operations on the selected service appliance. Establishing the service session can include establishing a service session with a first client in response to a service request received from the first client, the first client associated with an account including a service policy. Selecting the service appliance can include selecting the cloud-based service appliance or the on-premise service appliance, based on the service policy, to handle the service request. Upon selection of the on-premise service appliance, the coordination server controls a sequence of operations performed by the on-premise service appliance to satisfy the service request. | 2020-10-08 |
20200322339 | HIERARCHICAL PERMISSIONS MODEL WITHIN A DOCUMENT - Case management systems and techniques are disclosed. In various embodiments, a hierarchical document permission model is received, the model describing a document hierarchy comprising a plurality of hierarchically related document nodes and defining for each of at least a subset of said document nodes one or more document roles and for each such role one or more document permissions with respect to that document node. The hierarchical document permission model is used to determine and enforce permissions with respect to case management instances to which the hierarchical document permission model applies. | 2020-10-08 |
20200322340 | Method and System to Enable Controlled Safe Internet Browsing - Various embodiments provide an approach to controlled access of websites based on website content, and profile for the person consuming the data. In operation, machine learning techniques are used to classify the websites based on community and social media inputs, crowdsourced data, as well as access rules implemented by parents or system administrators. Feedback from users/admins of the system, including the instances of allowed or denied access to websites, in conjunction with other relevant parameters, is used for iterative machine learning techniques. | 2020-10-08 |
20200322341 | NETWORK-BASED PARTIAL AND FULL USER IDENTIFICATION TECHNIQUES - Methods and systems for network-based user authentication are provided. In one embodiment, a method is provided that include receiving a request to connect to a local network. The request may be received from a user device and may include a user device identifier. The method may then include allowing the user device to connect to the local network and create a partial identity of a user of the user device. The partial identity may include a plurality of identification factors associated with the user. The method may then include monitoring network activities of the user device and updating the partial identity based on the monitored network activities. | 2020-10-08 |
20200322342 | Identity attribute confidence scoring while certifying authorization claims - An identity management system is augmented to compute a time-varying confidence score for an asserted attribute value, typically a value that is received from a third party identity issuer. In this approach, an identity provider (IdP) computes a time-varying confidence score for an asserted attribute that the IdP includes in a security assertion returned to a service provider. The confidence score typically is “deteriorating” (i.e., diminishes over time) for an attribute value. The degree to which the score deteriorates, however, may be altered by one or more qualified attribute verification event(s). Preferably, the IdP maintains a profile of the service provider, and that profile may also include other information, such as a threshold for an attribute confidence score that the SP deems acceptable (to enable access to the service). Based on the SP profiling, the IdP also can recommend use of a given identity issuer for a specific attribute. | 2020-10-08 |
20200322343 | SYSTEMS AND METHODS FOR CONNECTING A PUBLIC DEVICE TO A PRIVATE DEVICE WITHOUT PRE-INSTALLED CONTENT MANAGEMENT APPLICATIONS - Systems and methods for providing access to media content by connecting, to a public device, a private device that does not have an installed application associated with the media content. A media guidance application may receive a communication from a private device requesting to access content using the public device. In response, the media guidance application may retrieve, at the public device, a public interface application and private interface application from a content provider of the content. The private interface application, which may be configured to control a graphical user interface of the public interface application, may then be transmitted to the private device. Accordingly, the user may be able to access content via the public device when the private device is within a predetermined proximity to the public device. | 2020-10-08 |
20200322344 | METHOD FOR AUTOMATICALLY APPLYING ACCESS CONTROL POLICIES BASED ON DEVICE TYPES OF NETWORKED COMPUTING DEVICES - Techniques for managing access control policies are described herein. According to one embodiment, access control policies (ACPs) and access control rules (ACRs) are downloaded from a management server to a network access device (NAD) over the Internet, where the network access device is one of a plurality of network access devices managed by the management server over the Internet. In response to a request from a network client device for entering a network, a device type of the network client device is detected and an ACP identifier is determined based on the device type using the ACRs An ACP is selected from the ACPs based on the ACP identifier and enforced against the network client device. At least the selected ACP is reported to the management server to distribute the selected ACP to other network access devices. | 2020-10-08 |
20200322345 | SYSTEM FOR CONTROLLING ACCESS TO TARGET SYSTEMS AND APPLICATIONS - A method for controlling access to one or more of a plurality of target systems includes receiving profile data that defines one or more features associated with a plurality of individuals with one or more entitlements of those individuals. Each entitlement is indicative of target system access. The method further includes generating a model that relates the one or more features and the one or more entitlements of the plurality of individuals. Profile data that defines one or more features associated with a target individual is received from a first user management system. A listing that includes one or more entitlements associated with the target individual, and confidence values associated with the one or more entitlements is generated based on the profile data and the model. Each confidence value is indicative of whether the target individual should be granted a corresponding entitlement. For each entitlement having a corresponding confidence value higher than a predetermined threshold, an instruction is communicated to a target system associated with the entitlement to allow the target individual access to the target system. | 2020-10-08 |
20200322346 | COLLABORATIVE COMMUNICATIONS ENVIRONMENT AND PRIVACY SETTING ASSOCIATED THEREWITH - A method includes receiving a user indication to create an online collaborative team within an online chat environment. The method further includes receiving a user selection of members for the online collaborative team. The online collaborative team enables the selected members of the online collaborative team to communicate with one another. The online chat environment maintains communication of the members and activities of the members of the online collaborative team. The online chat environment makes the activities and the communication available to the members when the members are within the online chat environment. The method further includes accessing attributes associated with the members of the online collaborative team. The method, responsive to the accessing the attributes associated with the members, determines a privacy setting of the online collaborative team. | 2020-10-08 |
20200322347 | SYSTEM AND METHOD FOR DIRECTORY DECENTRALIZATION - Techniques for enrolling a user in an organization directory include receiving a first request from a first user for inclusion in the directory configured to facilitate access to a collaboration application, the first request including a least a first user profile item for the first user; generating a first user account for the user assigned a first set of permissions and including a first user profile listing the first user profile item; providing a first level of access to the directory; receiving a second request from a second user transitioning the first user account from the first set of permissions to a second, broader set of permissions; verifying a first user identity for the first user based on the second request; assigning the first user account the second set of permissions; automatically updating the directory; and providing a second level of access to the directory to the first user. | 2020-10-08 |
20200322348 | TRUSTWORTHINESS EVALUATION OF NETWORK DEVICES - Systems, methods, and computer-readable media for evaluation of trustworthiness of network devices are proposed. In one aspect, a first network device can determine a first determine a first probability of a security compromise of a second network device based on visible indicators. The first network device can also determine a second probability of the security compromise of the second device based on invisible indicators. The first network device also determines a trust degradation score for the second network device and establishes, based on the trust degradation score, a specified type of communication session with the second network device. | 2020-10-08 |
20200322349 | MANAGED NETWORK CONTENT MONITORING AND FILTERING SYSTEM AND METHOD - A system and method for content request monitoring and filtering for a plurality of managed devices in a managed network uses a smart PAC file that is uniquely associated with a particular user using a particular managed device and a DNS look up to perform both the logging/monitoring of the content request and the filtering without a hardware appliance or partial proxying. | 2020-10-08 |
20200322350 | DYNAMIC AUTHORIZATION OF PRE-STAGED DATA EXCHANGES BASED ON CONTEXTUAL DATA - The disclosed exemplary embodiments include computer-implemented systems, apparatuses, and processes that, among other things, dynamically authorize pre-stages data exchanges based on contextual data. For example, an apparatus may receive first data characterizing an initiation of a first exchange of data between a client device and a terminal device. Based on the first data, the apparatus may obtain second data that characterizes an expected initiation of a second exchange of data during a corresponding temporal interval, which may be specified relative to an initiation time of the first data exchange. The apparatus may generate and transmit, to a computing system, pre-authorization data that requests a pre-authorization of the second data exchange to a computing system. The pre-authorization data may include a portion of the second data and may instruct the computing system to pre-authorize the second data exchange in accordance with the second data. | 2020-10-08 |
20200322351 | Mobile Multi-Party Digitally Signed Documents and Techniques for Using These Allowing Detection of Tamper - Authenticated base digital document(s) are issued to client(s) by an issuing party, and aggregate digital document(s) are received. An aggregate digital document includes base digital document(s) and attachment(s). Authenticity of the aggregate digital document(s) is verified, resulting in authenticated aggregate digital document(s), which are stored and/or redistributed. Authentication challenge(s) are sent by a verifying party to a client requesting part or all of an aggregate digital document from the client be verified. The part or all of the aggregate digital document is received and authenticity and integrity are verified, resulting in an authenticated aggregate digital document. The client verifies authenticity of a base digital document and receives the authentication challenge(s) for an authenticated aggregate digital document and sends part or all of the authenticated aggregate digital document to the verifying party for verification by the verifying party. | 2020-10-08 |
20200322352 | Enhancement to the IS-IS protocol for eliminating unwanted network traffic - Systems and methods for enhancing a routing protocol of a telecommunications network are provided. In one embodiment, a method for enhancing the Intermediate System to Intermediate System (IS-IS) routing protocol is provided. The method includes the steps of determining if a password on a received Link State Protocol data unit (LSP) is authenticated and determining if the LSP is generated by an authenticated node. If the LSP password is not authenticated or the LSP is not generated by an authenticated node, the method further includes the step of setting a lifetime expiration timer of the LSP to zero. | 2020-10-08 |
20200322353 | TECHNOLOGIES FOR PROVING PACKET TRANSIT THROUGH UNCOMPROMISED NODES - Technologies for proving packet transit through uncompromised nodes are provided. An example method can include receiving a packet including one or more metadata elements generated based on security measurements from a plurality of nodes along a path of the packet; determining a validity of the one or more metadata elements based on a comparison of one or more values in the one or more metadata elements with one or more expected values calculated for the one or more metadata elements, one or more signatures in the one or more metadata elements, and/or timing information associated with the one or more metadata elements; and based on the one or more metadata elements, determining whether the packet traversed any compromised nodes along the path of the packet. | 2020-10-08 |
20200322354 | Method and apparatuses for authenticating a data stream - Provided is a method for generating a data stream, the transmitter of which is authenticated. The method includes calculating at least one first item of authentication information, wherein the at least one first item of authentication information is generated from a first item of validation information in each case using a cryptographic one-way function. The method includes storing the at least one first item of authentication information in a first data element of the data stream in each case. The method includes transmitting the particular first data element to at least one receiver. The method includes storing the particular first item of validation information in a second data element of the data stream in each case. The method includes transmitting the particular second data element to the at least one receiver. | 2020-10-08 |
20200322355 | FRAUDULENT HOST DEVICE CONNECTION DETECTION - Systems and methods of managing fraudulent devices are provided. The system detects a request for a connection to communicatively couple a technician computing device with a receiver computing device. The system identifies connection data for the connection. The system requests, based on the connection data, a plurality of account values. Each of the plurality of account values is associated with an account that the technician computing device used to establish the connection. The system generates a score indicating a fraudulent level of the account based on the plurality of account values. The system terminates, responsive to a comparison of the score with a fraud threshold, the connection. The system transmits, to a ticketing system, a support ticket generated responsive to the comparison of the score with the fraud threshold. | 2020-10-08 |
20200322356 | SYSTEMS AND METHODS FOR PRE-CONFIGURATION ATTESTATION OF NETWORK DEVICES - Systems, methods, and computer-readable media are disclosed for measurement of trustworthiness of network devices prior to their configuration and deployment in a network. In one aspect of the present disclosure, a method for pre-configuration of network devices includes receiving, at a dynamic host configuration server, a first request from a network device for configuration data, the configuration data including at least an IP address; sending, by the dynamic host configuration server, a second request to the network device for attestation information; verifying, by the dynamic host configuration server, the network device based on the attestation information; and assigning, by the dynamic host configuration server, the configuration data to the network device upon verifying the network device. | 2020-10-08 |
20200322357 | Activation Of Gateway Device - Systems and methods for activating an interface device for use at a premises are described. An interface device may be activated for a security system at the premises. The interface device may communicate with a remote server to request activation. The remote server may also be in communication with a user device. A correspondence of a first address of the interface device and a second address of the user device may be used to authorize the interface device for activation. The interface device may receive an activation message and begin communicating with and controlling a security system and other devices at the premises. | 2020-10-08 |
20200322358 | TRANSACTION AUTHENTICATION AND RISK ANALYSIS - Aspects of the present disclosure relate to techniques for managing transactions, including receiving a first transaction request directed to an account of a first web application. Additionally, initiating, by a rate-limiting engine, a rate-limiting process in response to the first transaction request. The techniques further include obtaining a rate-limiting identifier, where the rate limiting identifier uniquely identifies the first web application, and where the rate-limiting identifier identifies an account owner. The techniques further include determining an alternate notification method exists for the account owner and sending a verification request to the account owner, where the verification request is sent using the alternate notification method. The techniques further include receiving a response to the verification request, performing a risk assessment, and adjusting a first security parameter in response to the risk assessment. | 2020-10-08 |
20200322359 | AUTOMATED ONBOARDING OF DETECTIONS FOR SECURITY OPERATIONS CENTER MONITORING - Methods, systems, apparatuses, and computer program products are provided for evaluating security detections. A detection instance obtainer obtains detection instances from a pool, such as a security detections pool. The detection instances may be obtained for detections that meet a predetermined criterion, such as detections that have not been onboarded or rejected, or detections that have generated detection instances for a threshold time period. The detection may be onboarded or rejected automatically based on a volume thresholder and/or a detection performance evaluator. For instance, the volume thresholder may be configured to automatically onboard the detection if the volume of the detection instances is below a first threshold, and reject the detection if the volume is above a second threshold. The detection performance evaluator may be configured to onboard or reject the detection based on an efficacy of the detection (e.g., based on a true positive rate of the detection instances). | 2020-10-08 |
20200322360 | DEFANGING MALICIOUS ELECTRONIC FILES BASED ON TRUSTED USER REPORTING - A system and a method are disclosed for determining that a first electronic communication, received in a first private repository of a user, has been identified (e.g., flagged) as including a threat, and determining a probability that the first electronic communication includes the threat. In response to determining that the probability exceeds a threshold probability, the system monitors monitoring for a second electronic communication, received in a second private repository, that includes contents that match the contents of the first electronic communication. In response to, based on the monitoring, identification of the second electronic communication, the system generates a copy of the second electronic communication to an administrative private repository of an administrator, edits the copy to remove a portion that is likely to include the threat, inserts the copy of the second electronic communication to the second private repository, and deletes the second electronic communication from the second private repository. | 2020-10-08 |
20200322361 | Inferring temporal relationships for cybersecurity events - A cognitive security analytics platform is enhanced by providing a technique for automatically inferring temporal relationship data for cybersecurity events. In operation, a description of a security event is received, typically as unstructured security content or data. Information such as temporal data or cues, are extracted from the description, along with security entity and relationship data. Extracted temporal information is processing according to a set of temporal markers (heuristics) to determine a time value marker (i.e., an established time) of the security event. This processing typically involves retrieval of information from one or more structured data sources. The established time is linked to the security entities and relationships. The resulting security event, as augmented with the identified temporal data, is then subjected to a management operation. | 2020-10-08 |
20200322362 | DEEP-LEARNING-BASED INTRUSION DETECTION METHOD, SYSTEM AND COMPUTER PROGRAM FOR WEB APPLICATIONS - The present invention relates to a deep-learning-based intrusion detection method, a system and a computer program for web applications, and more particularly, to a method, a system and a computer program for detecting whether the traffic is a hacker attack, based on an output from a deep neural network (DNN) model after setting network traffic flowing into a server farm as an input of the model. The present invention provides an effective intrusion detection system by utilizing deep neural networks in the form of complicated messages of the Web service protocol (hypertext transfer protocol (HTTP)), which is most general and representative for a company, among various application-layered services. In particular, the present invention provides a web application threat detection method, a system and a computer program implementing the same that are configured to determine security threats bypassing and intruding the detection scheme of the signature-based security system. | 2020-10-08 |
20200322363 | Network Data Timeline - A system and a method are disclosed for describing a mechanism for tracking malicious activity detected on a network. For example, based on network data collected from a server, the disclosed system may detect malicious activity originating from a client device directed to the server. To detect the malicious activity, network data may be captured by the server and analyzed. When malicious activity is detected, the system may track the malicious activity, using the network data, to an earliest connection date of a client device from where the malicious activity potentially originated. The earliest connection date may indicate a potential start date of the malicious activity | 2020-10-08 |
20200322364 | PROGRAM VERIFICATION AND MALWARE DETECTION - Software programs are updated and upgraded regularly. This is a cause for infection by malware (or a faulty program). By attaining the statistical relation between the input data to the program and the output data from the program the presence of malware may be detected with high fidelity. The base for this approach is the fact the necessary and sufficient conditions to determine the working of a program is evaluation of input against output. | 2020-10-08 |
20200322365 | CONTEXT-AWARE NETWORK-BASED MALICIOUS ACTIVITY WARNING SYSTEMS - A computer system is configured to generate alerts related to malicious activity on an audited computing system. The computing system is provided with instructions to receive activity information associated with activity of an entity performed in an audited computing network, access contextual information associated with the entity, determine, based on the contextual information, a set of weights associated with the activity information and combine the weight and the entity activity information to generate a risk score. In response to the risk score satisfying a threshold value, the computer system may generate an alert, and, in response to receiving a user input associated with the alert, update the set of weights. In certain embodiments, the updated weights may be used for determining the risk score of future alerts. | 2020-10-08 |
20200322366 | INTELLIGENT DATA AUGMENTATION FOR SUPERVISED ANOMALY DETECTION ASSOCIATED WITH A CYBER-PHYSICAL SYSTEM - A Cyber-Physical System (“CPS”) may have monitoring nodes that generate a series of current monitoring node values representing current operation of the CPS. A normal space data source may store, for each monitoring node, a series of normal monitoring node values representing normal operation of the CPS. An abnormal data generation platform may utilize information in the normal space data source and a generative model to create generated abnormal to represent abnormal operation of the CPS. An abnormality detection model creation computer may receive the normal monitoring node values (and generate normal feature vectors) and automatically calculate and output an abnormality detection model including information about a decision boundary created via supervised learning based on the normal feature vectors and the generated abnormal data. | 2020-10-08 |
20200322367 | ANOMALY DETECTION AND TROUBLESHOOTING SYSTEM FOR A NETWORK USING MACHINE LEARNING AND/OR ARTIFICIAL INTELLIGENCE - A method for anomaly detection and troubleshooting in a network includes parsing a network service descriptor (NSD) describing a network service (NS) to be deployed in the network. Monitoring data including time series of service-level metrics and resource-level metrics of network functions (NFs) of the NS are received from different domains of the network. Representations of the time series from the different domains are learned with a common dimensionality. An NS signature of the NS is computed as a cross-correlation matrix comprising cross-correlations between the service-level metrics and the resource-level metrics of the NFs. Embeddings of the NS signature are learned using a model and determining a reconstruction error of the model. It is determined whether the NS is anomalous based on the reconstruction error of the model. The NS is identified as a target for the troubleshooting in a case that the NS was determined to be anomalous. | 2020-10-08 |
20200322368 | METHOD AND SYSTEM FOR CLUSTERING DARKNET TRAFFIC STREAMS WITH WORD EMBEDDINGS - A system for analyzing and clustering darknet traffic streams with word embeddings, comprising a data processing module which collects packets that are sent to non-existing IP addresses that belong to darknet's taps (blackholes) that are deployed over the internet; a port embedding module for performing port sequence embeddings by using a word embedding algorithm on the port sequences extracted from the data processing module while transforming the port sequences into a meaningful numerical feature vectors; a clustering module for performing temporal clustering of the feature vectors over time; and an alert logic and visualization module visualizes the data and provides alerts regarding a cluster that an analyst classified as malicious in the past. | 2020-10-08 |
20200322369 | NETWORK PORTION RISK ASSESSMENT - Systems, methods, and related technologies for determining a risk associated with a network portion are described. The determination of risk associated with a network portion may include accessing network traffic from a network and determining an entity type associated with at least one entity communicatively coupled to the network. A network portion associated with the at least one entity can be determined. A risk associated with the at least one entity can be determined. A risk associated with the network portion associated with the at least one entity can be determined based on the risk associated with the at least one entity. The risk associated with the network portion can then be stored. | 2020-10-08 |
20200322370 | System and method for extracting and combining electronic risk information for business continuity management with actionable feedback methodologies - System and method for extracting and combining electronic risk information for business continuity management with actionable feedback methodologies. An example system includes computer agents deployed and configured to collect electronic threat and security information from publicly accessible information and to monitor network data transmitted via public networks, to private networks. | 2020-10-08 |
20200322371 | SCORING THE PERFORMANCE OF SECURITY PRODUCTS - A method and system for scoring performance of a security product are provided. The method includes receiving security product performance data of the security product configured to handle a specific cyber threat; classifying the performance data into a product profile associated with the security product; computing at least one security product performance score for the product profile based on the classified product security performance data; and associating the at least one security performance score with the product profile. In an embodiment, the method also includes selecting the at least one security product from a plurality of security products based on their respective performance scores for the respective cyber threat. | 2020-10-08 |
20200322372 | AUTOMATED ASSET CRITICALITY ASSESSMENT - A set of attributes of a particular asset of a computing environment is identified that are determined from data collected by one or more utilities in the computing environment. A criticality rating is automatically determined for the particular asset based at least in part on the set of attributes. A security activity is caused to be performed relating to the particular asset based on the automatically determined criticality rating of the particular asset. | 2020-10-08 |
20200322373 | SYSTEM AND METHOD FOR PRIVACY PRESERVATION IN CYBER THREAT - A system and method enabling enterprises to engage in cyber threat information sharing in a privacy-enhanced fashion. The invention reduces the enterprise's risk to sensitive information leakage by inducing a state in the information it shares such that, when an enterprise's shared data attributes are interdependent, the sensitive features (those to be kept private to the enterprise) are not deducible by another enterprise. This state is accomplished by employing rough set theory to undermine the deductive route to the data's sensitive features. | 2020-10-08 |
20200322374 | Identifying a Denial-of-Service Attack in a Cloud-Based Proxy Service - A cloud-based proxy service identifies a denial-of-service (DoS) attack including determining that there is a potential DoS attack being directed to an IP address of the cloud-based proxy service; and responsive to determining that there are a plurality of domains that resolve to that IP address, identifying the one of the plurality of domains that is the target of the DoS attack. The domain that is under attack is identified by scattering the plurality of domains to resolve to different IP addresses, where a result of the scattering is that each of those domains resolves to a different IP address, and identifying one of those plurality of domains as the target of the DoS attack by determining that there is an abnormally high amount of traffic being directed to the IP address in which that domain resolves. | 2020-10-08 |
20200322375 | VERIFYING THE TRUST-WORTHINESS OF ARP SENDERS AND RECEIVERS USING ATTESTATION-BASED METHODS - Systems, methods, and computer-readable media for assessing reliability and trustworthiness of devices operating within a network. An ARP responder can receive an ARP request from an ARP requestor for performing address resolution between the ARP requestor and the ARP responder in a network environment. The ARP responder can build an ARP response including attestation information of the ARP responder. Further, the ARP responder can provide, to the ARP requestor, the attestation information for verifying the ARP responder using the ARP response and the attestation information of the ARP responder. | 2020-10-08 |
20200322376 | SYSTEMS AND METHODS THAT PERFORM FILTERING, LINKING, AND RENDERING - A content management system comprising one or more processing devices, a network interface, and a memory system configured to store programmatic instructions configured to cause the one or more processing devices to perform the following operations is described. An electronic document may be generated and rendered, where the content management system may configure the electronic document as a mesh document, with both forward links and backlinks to other electronic resources. The forward links and/or backlinks may be to local electronic resources or remote electronic resources. The mesh document may be transmitted to client device over an encrypted channel, and the client device may render the electronic document. In response to an activation of a forward or backlink, the corresponding resource may be accessed from a data store, transmitted via the encrypted channel to the client device, and the client device may render such resource. | 2020-10-08 |
20200322377 | SYSTEMS AND METHODS FOR END-TO-END ARCHITECTURES FOR VOICE SPOOFING DETECTION - Embodiments described herein provide for automatically detecting whether an audio signal is a spoofed audio signal or a genuine audio signal. A spoof detection system can include an audio signal transforming front end and a classification back end. Both the front end and the back end can include neural networks that can be trained using the same set of labeled audio signals. The audio signal transforming front end can include a one or more neural networks for per-channel energy normalization transformation of the audio signal, and the back end can include a convolution neural network for classification into spoofed or genuine audio signal. In some embodiments, the transforming audio signal front end can include one or more neural networks for bandpass filtering of the audio signals, and the back end can include a residual neural network for audio signal classification into spoofed or genuine audio signal. | 2020-10-08 |
20200322378 | Method for Detecting Brute Force Attack and Related Apparatus - A network device obtains to-be-detected mirrored traffic between a client and a server, obtains a first session information sequence based on the to-be-detected mirrored traffic, where the first session information sequence includes a plurality of pieces of session information, the plurality of pieces of session information have a one-to-one correspondence with a plurality of login sessions, and an arrangement order of the plurality of pieces of session information in the first session information sequence is consistent with a chronological order of the plurality of login sessions, using the first session information sequence as a first Markov chain, and obtains a state chain probability value of the first Markov chain, and determines, based on the state chain probability value of the first Markov chain and a first benchmark probability value, whether the plurality of login sessions are a brute force attack. | 2020-10-08 |
20200322379 | SYSTEMS AND METHODS FOR SUBSCRIPTION MANAGEMENT OF SPECIFIC CLASSIFICATION GROUPS BASED ON USER?S ACTIONS - Embodiments of the disclosure describe systems and methods for selecting a first group of users, which is selected to receive simulated phishing emails as part of a simulated phishing campaign, and adding users to a second group of users based upon those selected users interacting with a simulated phishing email that is part of a simulated phishing campaign; tracking the completion of remediation training related to phishing emails by users in the second group of users and receiving one or more indications that the users in the second group of users have completed remedial training; and automatically adding users, who are members of the second user group, to the first user group, to a third user group, or to a predetermined user group responsive to the one or more indications that the users in the second group of users have completed remedial training. | 2020-10-08 |
20200322380 | DISCOVERING TRUSTWORTHY DEVICES USING ATTESTATION AND MUTUAL ATTESTATION - Systems, methods, and computer-readable media for discovering trustworthy devices through attestation and authenticating devices through mutual attestation. A relying node in a network environment can receive attestation information from an attester node in the network environment as part of a unidirectional push of information from the attester node according to a unidirectional link layer communication scheme. A trustworthiness of the attester node can be verified by identifying a level of trust of the attester node from the attestation information. Further, network service access of the attester node through the relying node in the network environment can be controlled based on the level of trust of the attester node identified from the attestation information. | 2020-10-08 |
20200322381 | SECURE COMMUNICATION SYSTEM AND METHOD FOR TRANSMISSION OF MESSAGES - In a secure communication system and method, a message is transmitted between a first user device and a second user device through a first routing device, a first connection server, the first routing device, a second routing device, a second connection server, and the second routing device. At the first user device, the message is encrypted at three levels. At the first routing device and the second routing device, the message is decrypted at the third and second levels, and encrypted at new second and third levels. At the first connection server and the second connection server, the message is decrypted at the third, second and first levels, and encrypted at new first, second and third levels. At the second user device, the message is decrypted at the third, second and first levels to retrieve the original message. | 2020-10-08 |
20200322382 | COLLABORATIVE SECURITY FOR APPLICATION LAYER ENCRYPTION - A non-transitory computer readable medium comprising instructions stored thereon, the instructions effective to cause at least one processor to: establish trustworthiness of an application installed on a endpoint, the established trustworthiness is sufficient for an enterprise security infrastructure to treat the application installed on the endpoint and the endpoint as a trusted application and a trusted endpoint; negotiate with the trusted endpoint to determine a traffic inspection method for traffic flows originating at the trusted application that is destined for a service, the traffic inspection method is determined based on at least the trusted application, and the service; and instruct the trusted application of the determined traffic inspection method. | 2020-10-08 |
20200322383 | SYSTEMS AND METHODS FOR SECURING NETWORK PATHS - In one embodiment, a method includes determining a secure path through a first plurality of network nodes within a network and determining an alternate secure path through a second plurality of network nodes within the network. The method also includes routing network traffic through the first plurality of network nodes of the secure path and detecting a failure in the secure path using single-hop BFD authentication. The method further includes rerouting the network traffic through the second plurality of network nodes of the alternate secure path. | 2020-10-08 |
20200322384 | IMPLEMENTATION OF SELECTED ENTERPRISE POLICIES - Access is temporarily allowed to selected enterprise resources. A request to carry out an action is received from a private device. The private device is associated with an enterprise device, which has one or more enterprise policies in place. One or more steps for carrying out the requested action are defined, and it is determined that at least one policy from the enterprise policies is required for at least one of the steps. It is also determined that the at least one policy is in place on the private device. The private device is then allowed to carry out the requested action according to the at least one policy. | 2020-10-08 |
20200322385 | IMPLEMENTATION OF SELECTED ENTERPRISE POLICIES - Access is temporarily allowed to selected enterprise resources. A request to carry out an action is received from a private device. The private device is associated with an enterprise device, which has one or more enterprise policies in place. One or more steps for carrying out the requested action are defined, and it is determined that at least one policy from the enterprise policies is required for at least one of the steps. It is also determined that the at least one policy is in place on the private device. The private device is then allowed to carry out the requested action according to the at least one policy. | 2020-10-08 |
20200322386 | VERIFYING SERVICE ADVERTISEMENTS USING ATTESTATION-BASED METHODS - Technologies for attestation techniques, systems, and methods to confirm the integrity of a device for service discovery and more specifically, for proving trustworthiness of particular service devices and/or mDNS controller/network elements with respect to DNS/mDNS service discovery. Such attestation techniques may implement canary stamps (e.g., tokens or metadata elements containing or reflecting security measures taken at the device). | 2020-10-08 |
20200322387 | DATA PROCESSING SYSTEMS FOR DATA-TRANSFER RISK IDENTIFICATION, CROSS-BORDER VISUALIZATION GENERATION, AND RELATED METHODS - In particular embodiments, a Cross-Border Visualization Generation System is configured to: ( | 2020-10-08 |
20200322388 | METHOD FOR HANDLING SECURITY SETTINGS IN A MOBILE END DEVICE - In a procedure for handling security settings of a mobile end device the operating conditions of the end device are determined. Then minimum security requirements are established according to the operating conditions by evaluating contextual data regarding the operating conditions of the end device. Next it is determined whether the security settings on the end device comply with at a least with the minimum security requirements. Access to applications is allowed or denied according to the security settings on the mobile end device. Should the end device not meet minimum security requirements the user may be prompted to change the security settings on the end device. The method may involve locating the end device and issuing of a warning in the end device does not meet minimum security settings. | 2020-10-08 |
20200322389 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD, AND STORAGE MEDIUM STORING PROGRAM - In accordance with a security policy regarding a setting value of an information processing apparatus, restriction information indicating whether to restrict modification of the setting value of information processing apparatus stored in a first storage unit is generated and stored in a second storage unit different to the first storage unit. Based on the restriction information stored in the second storage unit, modification of the setting value of the information processing apparatus is restricted. | 2020-10-08 |
20200322390 | Methods and Systems for Protecting a Secured Network - Methods and systems for protecting a secured network are presented. For example, one or more packet security gateways may be associated with a security policy management server. At each packet security gateway, a dynamic security policy may be received from the security policy management server, packets associated with a network protected by the packet security gateway may be received, and at least one of multiple packet transformation functions specified by the dynamic security policy may be performed on the packets. | 2020-10-08 |
20200322391 | SYSTEMS AND METHODS FOR DETERMINING SECURE NETWORK PATHS - In one embodiment, an apparatus includes one or more processors and one or more computer-readable non-transitory storage media coupled to the one or more processors. The one or more computer-readable non-transitory storage media include instructions that, when executed by the one or more processors, cause the apparatus to perform operations including determining a path through a plurality of provider nodes within a provider network and determining that the path through the plurality of provider nodes within the provider network is secure. The operations also include receiving, from a customer node, a Resource Reservation Protocol (RSVP) path message comprising an attribute for a security request. The operations further include routing the RSVP path message along the path of the plurality of provider nodes. | 2020-10-08 |
20200322392 | IMPROVED HANDLING OF AN IMS CONVERSATIONAL SERVICE OF A USER EQUIPMENT - A user equipment is connected to a telecommunications network comprising or associated to an IMS network. The user equipment comprises a memory for storing request timer information related to a request timeout time interval. A method for handling an Internet Multimedia Subsystem (IMS) conversational service of the user equipment includes: storing, by the user equipment, the request timer information in the memory of the user equipment; and attempting, by the user equipment, to register to the IMS network and/or to initiate the IMS conversational service while the request timeout time interval has not expired. | 2020-10-08 |
20200322393 | TERMINATING CALL HANDLING FOR POWER SAVING ACTIVATED USER EQUIPMENT - The embodiments herein relate to terminating call handling for power saving activated user equipment. In one embodiment, there proposes a method in a IP Multimedia Subsystem Application Server, IMS-AS, for handling a terminating call for a User Equipment, UE, using power saving functionality, comprising: obtaining power saving information of the UE; handling the terminating call based on the power saving information. With the embodiments, the time and network resource for the terminating call can be saved and the user's experience can be enhanced. | 2020-10-08 |
20200322394 | THIRD PARTY IMS SERVICES - A telecommunications service provider provides a telecommunications infrastructure that is based in part on an IP Multimedia Subsystem (IMS). The provider may have various IMS application servers to support different services for subscribers of the provider, such as messaging, voice communications, presence, etc. In addition, third parties may provide their own IMS application servers for the same services or for different services. Subscribers of the provider are routed to the provider-supported application servers, while subscribers of the third parties are routed to application servers of the third parties. This allows third parties to implement and control their own services, while also leveraging the existing infrastructure of the provider. | 2020-10-08 |
20200322395 | MULTIUSER ASYMMETRIC IMMERSIVE TELECONFERENCING - Embodiments described herein enable a teleconference among host-side user(s) at a host site and remotely located client-side user(s), wherein a host device is located at the host site, and wherein each of the client-side user(s) uses a respective client device to participate in the teleconference. A host site audio-visual feed is received from the host device. A client data feed is received from the client device of each client-side user. Orientation information for the respective client-side user using a client device is also received. Each client device is provided with the host site audio-visual feed or a modified version thereof. The host device is provided with, for each client device, the client data feed and the orientation information of the client-side user that is using the client device. This enables host-side and client-side users to display visual representations of one another with their respective orientations. | 2020-10-08 |
20200322396 | MULTIMODAL TRANSMISSION OF PACKETIZED DATA - A system of multi-modal transmission of packetized data in a voice activated data packet based computer network environment is provided. A natural language processor component can parse an input audio signal to identify a request and a trigger keyword. Based on the input audio signal, a direct action application programming interface can generate a first action data structure, and a content selector component can select a content item. An interface management component can identify first and second candidate interfaces, and respective resource utilization values. The interface management component can select, based on the resource utilization values, the first candidate interface to present the content item. The interface management component can provide the first action data structure to the client computing device for rendering as audio output, and can transmit the content item converted for a first modality to deliver the content item for rendering from the selected interface. | 2020-10-08 |
20200322397 | REAL-TIME COLLABORATION PLATFORM AND METHOD FOR OUTPUTTING MEDIA STREAMS VIA A REAL-TIME ANNOUNCEMENT SYSTEM - A real-time collaboration platform can utilize a collaboration application, which is adapted to permit a number of users to communicate with one another in at least one session about a predetermined topic via a network. The real-time collaboration platform can include at least one media server with a selective forwarding unit adapted for selectively forwarding media streams according to a content of a predetermined session. The media server has an interface to a media gateway that is enhanced by a real-time announcement adapter via which interface the media server can be connected to an announcement system with acoustic announcement devices such that the media streams of a predetermined session can be output via the announcement devices. | 2020-10-08 |
20200322398 | PERSISTING STATE OF A STREAMING APPLICATION - Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for persisting state of a streaming application are disclosed. In one aspect, a method includes the actions of receiving data indicating interaction with third-party content that is displayed with first-party content at a client device. The interaction with the third-party content initiates an application request for a streaming version of an application (“streaming application”). The actions further include generating a representation of the streaming application in response to the interaction with the third-party content at the client device. The actions further include receiving data indicating a user interaction with the representation of the streaming application at the client device. The actions further include generating and storing data indicating a first state of the streaming application at a first time based on the user interaction with the representation of the streaming application. | 2020-10-08 |
20200322399 | AUTOMATIC SPEAKER IDENTIFICATION IN CALLS - A speaker identification system (“system”) automatically assigns a speaker to voiced segments in a conversation, without requiring any previously recorded voice sample or any other action by the speaker. The system enables unsupervised learning of speakers' fingerprints and using such fingerprints for identifying a speaker in a recording of a conversation. The system identifies one or more speakers, e.g., representatives of an organization, who are in conversation with other speakers, e.g., customers of the organization. The system processes recordings of conversations between a representative and one or more customers to generate multiple voice segments having a human voice, identifies the voice segments that have the same or a similar feature, and determines the voice in the identified voice segments as the voice of the representative. | 2020-10-08 |
20200322400 | METHOD FOR TRANSMITTING DATA IN A MULTIMEDIA SYSTEM, AND SOFTWARE PRODUCT AND DEVICE FOR CONTROLLING THE TRANSMISSION OF DATA IN A MULTIMEDIA SYSTEM - Method and software product for transferring data, plus equipment for controlling data transfer in a multimedia system that includes a group of participants' terminals , with which multimedia data generated by participants' terminals contained in the group are sent to one or more participants' terminals contained in the group and played back there. A central synchronization unit generates synchronization labels containing time information and sends them to the participants' terminals contained in the group, and the synchronization labels are used to play back information in modified time. | 2020-10-08 |
20200322401 | Method to Re-Synchronize Live Media Streams, Commands, and On-Screen Events Transmitted through Different Internet Pathways - Systems maintain synchronicity among elements intended to be displayed at various points during a live media stream. At a multimedia player, start playback of a live media stream. The systems receive input from a user selecting a new time of the media stream to playback, which is different than the current playback time of the media stream. The systems adjust playback of the media stream to restart at the new selected time, such that the current playback time of the output media stream is updated to the new selected time. The systems monitor the current playback time of the media stream as adjusted. The systems determine a user-initiated command to execute for displaying one or more visual elements at the multimedia player by polling a command manifest file based on the current playback time as adjusted. | 2020-10-08 |
20200322402 | CONTENT SET BASED DELTACASTING - Methods, apparatuses, and systems are provided for improving utilization of the satellite communications system through various “deltacasting” techniques for handling content sets (e.g., feeds or websites). Embodiments operate in a client-server context, including a server optimizer, a client optimizer, and, in some embodiments, a pre-positioning client. Within this client-server context, content sets are multicast (e.g., anticipatorily pre-positioned in a local dictionary) to end users of the communications system and are handled at the content set level, according to set-level metadata and/or user preferences. In some embodiments, when locally stored information from the content sets is requested by a user, deltacasting techniques are used to generate fingerprints for use in identifying and exploit multicasting and/or other opportunities for increased utilization of links of the communications system. | 2020-10-08 |