42nd week of 2017 patent applcation highlights part 70 |
Patent application number | Title | Published |
20170302636 | SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key. | 2017-10-19 |
20170302637 | SYSTEM, RELAY CLIENT, CONTROL METHOD, AND STORAGE MEDIUM - A server stores first verification information corresponding to a relay client, and transmits information for displaying a resetting screen of a password to be used for second authentication for using a second management screen provided by the relay client when authentication for using a first management screen provided by the server has succeeded. The relay client verifies validity of the first verification information included in information included in a request accepted from the information processing apparatus, and provides the resetting screen for changing the password to the information processing apparatus when the validity of the first verification information is verified. | 2017-10-19 |
20170302638 | MANAGED DEVICE SCATTERNET ADMINISTRATION - Managed device scatternet administration is described herein. In one example, to form a scatternet of managed devices, a network entry request including a unique device identifier and a public key is received from a client device. The public key is validated and the structure of the scatternet is examined to find an opening for the client device. After validation of the public key, network access data and a session key are encrypted by the public key and forwarded to the client device. The client device can use the network access data to find a network sublayer having the opening in the scatternet. At the same time, client admission data and the session key can also be sent to a sublayer propagator device of the network sublayer. After the client device enters the scatternet, management configuration data can be dispatched to it for device management. | 2017-10-19 |
20170302639 | AUTHENTICATING MESSAGES - Systems, methods, and software can be used to share content. In some aspects, a message is received at an electronic device from a sender. A first type 0 short message service (SMS) message is sent, from the electronic device to the sender. The first type 0 SMS message indicates an authentication request for the message. A second type 0 SMS message is received at the electronic device. The second type 0 SMS message indicates that the message is authenticated. | 2017-10-19 |
20170302640 | MESSAGE AUTHENTICATION WITH SECURE CODE VERIFICATION - Systems, methods, circuits and computer-readable mediums for message authentication with secure code verification are provided. In one aspect, a system includes a client device storing a code and a security device coupled to the client device. The security device is configured to receive a property of the code generated by the client device, verify correctness of the property of the code based on information associated with the code to determine that the code is an authorized code, the information being stored within the security device. In response to determining that the code is the authorized code, the security device enables to access data stored within the security device and generate a property of a message based on the data. | 2017-10-19 |
20170302641 | Secure and Anonymized Authentication - An embodiment may involve receiving, by a computing system, a message from a wireless service provider system. The computing system may include one or more computing devices located, e.g., in the trusted cloud. The message may contain a service-provider-based identity of a client device, an indication that the service-provider-based identity has been authenticated by the wireless service provider, and a code that the client device obtained from a remote machine proximate to the client device. The computing system may generate an anonymized identity of the client device based on the service-provider-based identity. The computing system may verify that a task associated with the code is within the authorized capabilities of the anonymized identity. Possibly based on the code (and perhaps other information as well), the computing system may transmit an instruction to the remote machine. The instruction may direct the remote machine to perform the task. | 2017-10-19 |
20170302642 | METHOD FOR PROVIDING INFORMATION FROM AN ELECTRONIC DEVICE TO A CENTRAL SERVER - Method for providing information to a central server ( | 2017-10-19 |
20170302643 | USING CREDENTIALS STORED IN DIFFERENT DIRECTORIES TO ACCESS A COMMON ENDPOINT - A global endpoint may be associated with an organization name and a plurality of directories located in different geographic regions. The global endpoint may be a computing system that hosts a page used by users to access an application or service. A user may be able to access the application or service using already existing credentials. For example, the user may access the application or service using credentials stored and maintained by an entity with which the user is affiliated. Users having credentials stored in different geographic regions may be able to access the application or service via the same global endpoint. | 2017-10-19 |
20170302644 | NETWORK USER IDENTIFICATION AND AUTHENTICATION - A method of identifying and authenticating a network user includes receiving a first network layer packet from a first user entity. The first network layer packet may include first unique identification information unique to the first user entity and independent of a first network address associated with the first network layer packet. The method further includes verifying, at a network layer of a network, that the first network layer packet is from the first user entity based on the first unique identification information. | 2017-10-19 |
20170302645 | Authentication Mechanism - A system and method including: receiving, from a client device, an authorization request originating from an authorization module of an application executing on the client device, where the authorization request includes an identifier identifying the client device; causing transmission, based on the identifier, of a verification message to the client device, where the verification message includes a verification code; receiving a confirmation of the verification code from the authorization module of the application executing on the client device; authenticating the application based on the receiving the confirmation of the verification code; determining that the client device identified by the identifier corresponds to a user account including secure user data associated with a user; and transmitting a unique token verifying that the application is authorized to sign into the user account, where: the unique token uniquely identifies the user account to the application, and the secure user data is not shared with the application. | 2017-10-19 |
20170302646 | IDENTITY AUTHENTICATION METHOD AND APPARATUS - Embodiments of the present invention disclose an identity authentication method and apparatus. The NFV system includes a VNF including a first virtual network function component VNFC and a second VNFC. The method includes: generating a public key and a private key of the first VNFC and a public key and a private key of the second VNFC; writing or sending the private key of the first VNFC and the public key of the second VNFC to the first VNFC; and writing or sending the public key of the first VNFC and the private key of the second VNFC to the second VNFC, where the public key and the private key of the first VNFC and the public key and the private key of the second VNFC are used for identity authentication of the first VNFC and the second VNFC. | 2017-10-19 |
20170302647 | DYNAMIC PHRASE BASE AUTHENTICATION SYSTEM - Techniques are disclosed for authenticating a user. One technique includes receiving a passphrase at a server. The technique further includes parsing the passphrase using one or more parsing requests to create one or more parsings. The technique includes storing the one or more parsings on the server. The technique also includes receiving, at the server, a request from a user to authenticate the user. Finally, the technique includes transmitting a first parsing request to authenticate the user. | 2017-10-19 |
20170302648 | Web Service Picture Passwords - A picture password interface is displayed to generate a password for a web service that accepts text passwords to help users more easily remember their passwords. In response to receiving user input at a picture displayed in the picture password interface, values from an associated cipher key are identified. These identified values are then combined into a user key based on an order and location at which the user input was received. The user key is then combined with a web service key to generate a password that is specific to the user and specific to the web service that the user is attempting to access. The generated password can be verified to ensure that it complies with any password complexity rules for the web service. | 2017-10-19 |
20170302649 | SYSTEMS AND METHODS FOR SEGMENTING INDUSTRIAL ASSET SERVICES - Systems and methods are presented for receiving, at a server computer associated with an industrial asset cloud computing system, a request from a user device for industrial asset application development services, the request including a username and password, and verifying, by the server computer, the username and password. The systems and methods further comprise determining, by the server computer, a user profile based on the username, the user profile comprising at least one of an industry, a region of operation, a negotiated contract term, an identity of the user associated with the username as an individual developer or an enterprise, and a role associated with the user; determining, by the server computer, a subset of a plurality of industrial asset application development services based on the user profile, and sending the subset of the plurality of industrial asset development services to the user device to be displayed on the user device. | 2017-10-19 |
20170302650 | METHOD OF SENDING A DATA FROM A SECURE TOKEN TO A SERVER - The invention is a method for managing a response generated by an application embedded in a secure token in response to a command requesting opening a proactive session. An applicative server relies on an OTA server to securely send the command to the application. The method comprises the steps of: the application retrieves a data from the command and derives a key using a preset function, the application generates the response to the command, builds a secured response packet comprising the response secured with the derived key and sends the secured response packet to the applicative server. | 2017-10-19 |
20170302651 | Managing and Securing Manageable Resources in Stateless Web Server Architecture Using Servlet Filters - Access is controlled to managed resources in a stateless web server architecture including a stateless web server computing platform; a resource locator map portion of the stateless web server computing platform providing a unique resource locator code representing each managed resource in a stateless web server architecture, wherein the managed resource is assigned to a plurality of application program components; a set of servlet filters disposed in a portion of the stateless web server computing platform, each servlet filter associated with one of the application program components; a resource locator matcher portion of the stateless web server computing platform, responsive to a user request to a unique resource locator, matching a pattern in the user request to one or more of the application program components using a corresponding servlet filter; and a request dispatcher portion of the stateless web server computing platform sending the user request to the matched application program component, wherein the application program component receives and processes the user request. | 2017-10-19 |
20170302652 | Data Backup and Transfer System, Method and Computer Program Product - A backup system having a plurality of accounts for copying selected data between one or more account user computers and a system computer where an account user's computer connects to the system computer via the Internet. Selected data is copied between the account user's computer and the system computer including, documents, media files, and email in any file type or format. Additionally, the system is compatible with all types of computers, including personal data assistants and mobile telephones, and all types of operating systems. All of the software to operate the system is resident on the system computer with no hardware or to software required on the account user computer beyond a conventional web browser. The system also includes a scheduler, a contacts manager, a reminder generator and file transfer system for third-party users. | 2017-10-19 |
20170302653 | PORTABLE ENCRYPTION FORMAT - A portable encryption format wraps encrypted files in a self-executing container that facilitates transparent, identity-based decryption for properly authenticated users while also providing local password access to wrapped files when identity-based decryption is not available. | 2017-10-19 |
20170302654 | INFORMATION PROCESSOR, METHOD FOR CONTROLLING LOGGING ON, AND NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM HAVING STORED THEREIN PROGRAM FOR CONTROLLING LOGGING ON - An information processor includes an authentication processor that authenticates a user during a logging-on process of the user; a confirmer that confirms whether a second information processor that the user has already logged on is present within a predetermined range from the information processor; and an authentication simplifier that simplifies, when the second information processor that the user has already logged on by the user is present, the logging-on process carried out by the authentication processor. This configuration allows the user to abate the load of inputting that the user makes for a logging-on authentication. | 2017-10-19 |
20170302655 | BUNDLED AUTHORIZATION REQUESTS - A framework, which conforms to the OAuth standard, involves a generic OAuth authorization server that can be used by multiple resource servers in order to ensure that access to resources stored on those resource servers is limited to access to which the resource owner consents. Each resource server registers, with the OAuth authorization server, metadata for that resource server, indicating scopes that are recognized by the resource server. The OAuth authorization server refers to this metadata when requesting consent from a resource owner on behalf of a client application, so that the consent will be of an appropriate scope. The OAuth authorization server refers to this metadata when constructing an access token to provide to the client application for use in accessing the resources on the resource server. The OAuth authorization server uses this metadata to map issued access tokens to the scopes to which those access tokens grant access. | 2017-10-19 |
20170302656 | Device-Level Authentication with Unique Device Identifiers - An embodiment may include transmitting a manufacturer security certificate to a provisioning server device, and establishing, with the provisioning server device, a secure connection based on the manufacturer security certificate. The embodiment may also involve transmitting, over the secure connection, device data that characterizes the client device, and receiving, over the secure connection, a server security certificate. The embodiment may further include obtaining a unique client device identifier. The embodiment may additionally include, possibly based on the server security certificate and the unique client device identifier, accessing protected information available to a particular pre-validated server device. | 2017-10-19 |
20170302657 | DIGITAL CERTIFICATE WITH SOFTWARE ENABLING INDICATOR - A system and method of enabling software features on apheresis machines and/or infusion pumps uses a license server disposed outside of a medical facility and a local server disposed at the medical facility. The method includes generating a software enabling indicator at the license server, the software enabling indicator comprising multiple letters and a numerical code, the numerical code representing a number of licenses to be allocated for a software feature. The method includes transmitting the software enabling indicator and a certificate signing request to a third party certificate authority. The method includes transmitting the electronic document from the license server to the local server, authenticating the license server at the local server, generating a plurality of second digital certificates, transmitting the second digital certificates to each of a plurality of the medical devices and enabling a software feature on the medical devices based on the second digital certificates. | 2017-10-19 |
20170302658 | HIGH-SAFETY USER MULTI-AUTHENTICATION SYSTEM AND METHOD - A high-safety user multi-authentication system, comprising: a server having a user habit information and a key generator for generating a real key corresponding to the user habit information and at least one bait key; and a user application unit disposed on a communication device having a user interface, a key receiving unit for receiving the real key and the at least one bait key from the server, an OTP (one time password) generator for generating a real OTP based on the real key and at least one bait OTP based on the at least one bait key; wherein the real OTP is provided to the user interface when the communication device is operated according to the user habit information. | 2017-10-19 |
20170302659 | TWO-FACTOR AUTHENTICATION - Systems, methods, and computer-readable storage media are provided for authenticating users to secure services or apps utilizing reversed, hands-free and/or continuous two-factor authentication. When a user desires to access a secure service or app for which s/he is already registered, the user, having a registered mobile computing device in proximity to his or her presence, comes within a threshold distance of a computing device that includes the desired secure service or app. The computing device authenticates the particular mobile computing device as associated with the particular registered user that utilized that mobile device during registration. Subsequent to such device authentication, the user is able to login to the service or app by simply providing his or her user credentials at a login form associated therewith. Two-factor authentication in accordance with embodiments hereof is more secure and more efficient that traditional authentication methodologies. | 2017-10-19 |
20170302660 | FORWARDING METHOD, FORWARDING APPARATUS, AND FORWARDER FOR AUTHENTICATION INFORMATION IN INTERNET OF THINGS - Embodiments of the present application disclose a forwarding method, a forwarding apparatus, and a forwarder for authentication information in the Internet of Things. The method is applied to a constrained node and includes: receiving authentication information; determining whether the authentication information is received for the first time; and if the authentication information is received not for the first time, forwarding the authentication information; or if the authentication information is received for the first time, determining whether the authentication information is valid authentication information, and if the authentication information is not valid authentication information, discarding the authentication information, or if the authentication information is valid authentication information, verifying the valid authentication information, and forwarding the valid authentication information after the verification succeeds. The embodiments of the present application can reduce resources of the constrained node, and improve performance of the Internet of Things. | 2017-10-19 |
20170302661 | ANONYMIZING BIOMETRIC DATA FOR USE IN A SECURITY SYSTEM - An anonymized biometric representation of a target individual is used in a computer based security system. A detailed input biometric signal associated with a target individual is obtained. A weakened biometric representation of the detailed biometric signal is constructed such that the weakened biometric representation is designed to identify a plurality of individuals including the target individual. The target individual is enrolled in a data store associated with the computer based security system wherein the weakened biometric representation is included in a record for the target individual. In another aspect of the invention, a detailed input biometric signal from a screening candidate individual is obtained. The detailed biometric signal of the screening candidate is matched against the weakened biometric representation included in the record for the target individual. | 2017-10-19 |
20170302662 | ACCOUNT INFORMATION OBTAINING METHOD, TERMINAL, SERVER AND SYSTEM - An account information obtaining method performed at a terminal includes the following steps: in response to a request of a current user of the terminal, invoking a social networking application running on the terminal to obtain biological information of a target user; extracting biological feature data from the biological information, and sending the biological feature data to a server; receiving, from the server, account information of the target user whose at least one associated biological feature data sample matches the biological feature data, and displaying the account information on the terminal; and in response to a selection of the account information by the current user of the terminal, adding the account information to a contact list of the current user's account at the social networking application so that the current user can communicate with the target user directly. | 2017-10-19 |
20170302663 | BLOCK CHAIN BASED IoT DEVICE IDENTITY VERIFICATION AND ANOMALY DETECTION - In one embodiment, a device in a network receives a network registration request from a particular node. The network registration request comprises information about the particular node. The device causes performance of a validation of the information about the particular node via comparison of the information about the particular node to a distributed block chain that includes information regarding the particular node and one or more other nodes. The device causes an update to the block chain based on the information about the particular node and the validation of the information about the particular node. The device uses the updated block chain to control behavior of the particular node and the one or more other nodes. | 2017-10-19 |
20170302664 | USING CLOCK DRIFT, CLOCK SKEW, AND NETWORK LATENCY TO ENHANCE MACHINE IDENTIFICATION - Methods and systems for authenticating a user device employ a database of global network latencies categorized and searchable by location and calendar date-time of day usage, providing network latency by geography and by time. The database is constructed using voluminous daily data collected from a world-wide clientele of users who sign in to a particular website. Accuracy of the latency data and clock skew machine identification is made practical and useful for authentications using a service provider-proprietary, stable reference clock, such as an atomic clock, so that internal clock jitter of a service provider performing authentications does not affect the network latency time and clock skew identification of user devices. Increased authentication confidence results from using the database for correcting network latency times and user device signatures generated from the clock skew identifications and for cross checking the authentication using comparisons of initial registration to current sign in data. | 2017-10-19 |
20170302665 | NETWORK HOLOGRAM FOR ENTERPRISE SECURITY - The disclosed teachings include a computer-implemented method for discovering and building relationships between users, user devices, software applications, and data of a computer network in real-time. The method includes identifying a network session of a user device accessing a software application, and retrieving information of the network session including source and destination information, as well as a network protocol. The method includes identifying the software application based on the destination information and the network protocol, retrieving a media access control (MAC) address table or a dynamic host configuration protocol (DHCP) log from the network device, identifying a MAC address associated with the source information based on the MAC address table or the DHCP log. The method further includes determining an identity of the user device based on the identified MAC address, and recording the network session associating an identity of the user device with an identity of the software application. | 2017-10-19 |
20170302666 | ESTABLISHING TRUST BETWEEN TWO DEVICES - Techniques described herein leverage a trusted entity within a domain to enable devices to establish trust with one another so they can securely discover each other and connect to one another. In various examples discussed herein, a device is configured to provide trust information to, and/or receive trust information from, the trusted entity. The trust information may include, for example, a public key of an encryption key pair, a certificate signed by the trusted entity proving authenticity, and/or a hash function and a hash seed used to compute a series of results that form a hash chain. The device may use the trust information to discover another device and to connect to the other device securely and automatically (e.g., with no user involvement or limited user involvement). Moreover, the device may use the trust information to dynamically change a MAC address being used to communicate with the other device. | 2017-10-19 |
20170302667 | SECURITY ARCHITECTURE FOR AUTHENTICATION AND AUDIT - A mechanism for consolidating communications between a computer tenant and a web services layer is provided. The mechanism may include a web services layer. The web services layer may be configured to receive communications, via an authentication validation module, from an authentication service. The authentication service may be in communication with the computer tenant and/or the web services layer. The web services layer may be configured to receive authorization data, via an authorization module, from an authorization data store. The web services layer may also receive and transmit logged calls from a log database. The logged calls may store calls from the computer tenant to the web services layer and calls from the web services layer to the authentication server. The computer tenant may initiate communication with the web services layer. Included in the communications may be a token. | 2017-10-19 |
20170302668 | MODEL FRAMEWORK AND SYSTEM FOR CYBER SECURITY SERVICES - Systems, computer program products, and methods are described herein for a model framework and system for cyber security services. The present invention is configured to determine one or more access paths to the internal computing device from an external computing device; determine one or more controls associated with each access path; determine one or more types of access that may be made via one or more of the access paths by the external computing device to access the internal computing device; determine whether the one or more controls associated with the at least one of the one or more access paths is capable of detecting the access; determine one or more tools configured to regulate the one or more controls; and incorporate the one or more tools within the network to regulate the one or more controls to detect and monitor the access. | 2017-10-19 |
20170302669 | USING MOBILE DEVICES AS GATEWAYS FOR INTERNET OF THINGS DEVICES - A mobile device may include first and second communication interfaces. The mobile device may receive, from another device, a dispatch message to receive data from an Internet of Things (IoT) device. The mobile device may send, to the other device and based on the dispatch message, a device key. The mobile device may receive, from the other device, a session ticket generated by the other device. The IoT device may have previously received a copy of the session ticket. The mobile device may send the session ticket to the IoT device. The mobile device may receive data, from the IoT device and via the first communication interface, based on the session ticket matching the copy of the session ticket. The mobile device may format the data for transmission via the second communication interface. The mobile device may send, via the second communication interface, the data to a network device. | 2017-10-19 |
20170302670 | METHOD, DEVICE, AND SYSTEM FOR EXECUTING NETWORK SERVICE - A method for executing a network service includes: receiving a network service request sent by a first terminal, the network service request including a target identification; determining a second terminal corresponding to the target identification according to a pre-stored corresponding relationship between identification information and verification terminals, and sending a verification request to the second terminal; and when receiving a verification confirmation message from the second terminal, executing a network service corresponding to the network service request. | 2017-10-19 |
20170302671 | TECHNOLOGY FOR MANAGING ELECTRONIC COMMUNICATIONS HAVING CERTAIN DESIGNATIONS - Systems and methods for managing and storing electronic communications are disclosed. According to certain aspects, the systems and methods may receive an electronic communication intended for a recipient user who is not registered to receive the electronic communication. The systems and methods may modify content of the electronic communication, and may transmit the modified electronic communication to the recipient user and enable the recipient user to access any removed content. The systems and methods may store the electronic communication appropriately for later analysis and retrieval. | 2017-10-19 |
20170302672 | SANDBOX TECHNOLOGY BASED WEBPAGE BROWSING METHOD AND DEVICE - The disclosure includes a sandbox technology based webpage browsing method and device. A method comprises receiving an instruction for webpage browsing in a sandbox. Upon receiving the instruction, a framework process is started outside the sandbox to process an operation incurred in the framework process outside the sandbox, wherein the framework process is a first part implemented by a browser. A browser process created by the framework process is intercepted, wherein the browser process is a second part implemented by the browser. The browser process is put into the sandbox to save a webpage access result in a specified directory in the sandbox or to run a script in the webpage in a virtual environment of the sandbox. | 2017-10-19 |
20170302673 | SYSTEM AND METHOD FOR PROVIDING AN INTEGRATED FIREWALL FOR SECURE NETWORK COMMUNICATION IN A MULTI-TENANT ENVIRONMENT - An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node. | 2017-10-19 |
20170302674 | MANAGING SECURITY RESTRICTIONS ON A RESOURCE IN A DEFINED ENVIRONMENT - Approaches described herein manage security restrictions on a resource in a defined environment to provide authorization and access. Specifically, a security system maintains a security restriction on the resource (e.g., an information technology (IT) account of a user, or an apparatus) in a defined environment. The presence of a plurality of users is continuously monitored throughout the defined environment and, based on a detection of a pre-specified set of users from the plurality of users in the defined environment, the security restriction is managed (e.g., removed or maintained). In one embodiment, the system allows access to the resource by removing the security restriction on the resource. The security restriction on the resource may be reinstated in the case that the pre-specified set of users from the plurality of users is no longer present in the defined environment. | 2017-10-19 |
20170302675 | ENABLER FOR EDITING A PREVIOUSLY RATIFIED TRANSMISSION - Methods for editing a previously approved transmission are provided. Methods may include allocating a portion of memory on a first platform. The allocating may include allocating a details sub-portion for transmission details and allocating an approvals sub-portion for approval details. The method may include writing the transmission details into the details sub-portion. Methods may include writing a plurality of approver identifications into the approval sub-portion. Methods may include transmitting the computer-readable packet to a first approver email address. Methods may include enabling a first approver, associated with the first approver email address, to set an approval bit to one. Methods may include locking the details sub-portion and the approvals sub-portion when the first approver sets the approval bit to one. Methods may include unlocking the details sub-portion and the approvals sub-portion and setting the approval bit to zero when an edit command is received. | 2017-10-19 |
20170302676 | Resource Feature Transfer - Resource feature transfer is described. In one or more embodiments, information is collected about interaction of an unauthenticated user of a computing device with a resource, such as content (e.g., a web page) or an application. The information may identify the user, a device or application used to interact with the resource, and so on. This information is communicated to an identity management service (IMS) to determine features to make accessible to the unauthenticated user when interacting with the resource. During the interaction, the user initiates authentication to a corresponding user profile. To achieve a consistent user experience, the features made accessible to the user when unauthenticated are transferred so they are also accessible when authenticated. To do this, authentication information is communicated to the IMS with a token indicating the features determined for the unauthenticated user. The IMS then merges these features with features indicated by the user profile. | 2017-10-19 |
20170302677 | TENANT LOCKBOX - Tenant approval for operator access to tenant data is provided. In order to grant service personnel operators access to a tenant's data for performing a requested action, a lockbox determines a security group role to which an operator needs to be elevated to perform a requested action, computes a set of internal administrators and tenant administrators authorized to grant a temporary role elevation, and sends an access control request to the administrators. Upon receiving approval of the access control request from an internal administrator and a tenant administrator, the lockbox elevates the operator to the security group role, granting the operator a set of permissions needed in order to allow the operator to perform the requested action. Accordingly, tenants are enabled to control access to their data and scrutinize access requests per their company procedures and compliance needs. | 2017-10-19 |
20170302678 | METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR PROVIDING SECURITY AND RESPONSIVENESS IN CLOUD BASED DATA STORAGE AND APPLICATION EXECUTION - A storage controller that is coupled to a plurality of storage clouds is maintained. The storage controller determines security requirements for performing a selected operation in the plurality of storage cloud. A subset of storage clouds of the plurality of storage clouds that are able to satisfy the security requirements are determined. A determination is made as to which storage cloud of the subset of storage clouds is most responsive for performing the selected operation. The selected operation is performed in the determined storage cloud that is most responsive. | 2017-10-19 |
20170302679 | METHODS AND SYSTEMS OF DUAL-LAYER COMPUTER-SYSTEM SECURITY - In one aspect, a computerized method for implementing dual-layer computer-system security in a private enterprise computer network includes the step of generating a user profile, wherein the user has access to the private enterprise computer network, wherein the wherein the user profile comprises an information comprises a specified user usage of the private enterprise computer network. The computerized method includes the step of setting a specified trigger value with respect to the specified user usage of the private enterprise computer network. The computerized method includes the step of detecting that the user usage exceeds the trigger value. The computerized method includes the step of modifying an access privilege of the user to the private enterprise computer network. | 2017-10-19 |
20170302680 | LOCAL AUTHENTICATION - In accordance with an example aspect of the present invention, there is provided an apparatus comprising at least one processing core and at least one memory including computer program code, the at least one memory and the computer program code being configured to, with the at least one processing core, cause the apparatus at least to obtain a first sensor output from a first sensor, receive from a second apparatus a first received sensor output and compare the first sensor output to the first received sensor output, and responsive to the outputs matching, grant a first level of access to the second apparatus. | 2017-10-19 |
20170302681 | SYSTEM AND METHOD FOR PARALLEL SECURE CONTENT BOOTSTRAPPING IN CONTENT-CENTRIC NETWORKS - One embodiment of the present invention provides a system for retrieving a content collection over a network. During operation, the system determines additional information associated with the piece of content that is needed for consumption of the content collection; generates a plurality of Interests, which includes at least one Interest for a catalog of the content collection and at least one Interest for the additional information; and forwards, concurrently, the plurality of Interests, thereby facilitating parallel retrieval of the content collection and the additional information. | 2017-10-19 |
20170302682 | DEVICE AND METHOD FOR ANALYZING MALWARE - A device for analyzing malware includes a memory and a processor coupled to the memory. The memory is configured to store therein an instruction assumed to be transmitted to an operating system from malware. The processor is configured to hook a first instruction transmitted to the operating system from an application. The processor is configured to determine whether the first instruction is stored in the memory. The processor is configured to copy data stored in first hardware to second hardware different from the first hardware upon determining that the first instruction is stored in the memory. The first hardware is accessed by the operating system. | 2017-10-19 |
20170302683 | ATTACK OBSERVATION APPARATUS AND ATTACK OBSERVATION METHOD - The present invention relates to an attack observation apparatus being a simulation environment where a malicious program such as malware created by an attacker is run, the simulation environment being built for observing the behavior and attack scheme of the malicious program. | 2017-10-19 |
20170302684 | SECURITY ARCHITECTURE FOR THE CONNECTED AIRCRAFT - Systems and methods of a security architecture for a connected aircraft are disclosed. In at least one embodiment, an avionics server comprises a plurality of device ports, wherein each of the plurality of device ports is coupled to a respective one of a plurality of device network interface cards and dedicated to a respective one of a plurality of avionics domains which corresponds to the respective device network interface card. Further, at least one processing device is configured to identify one or more signals from a respective user received at one or more of the plurality of device ports and to verify whether the user has access to the respective avionics domains that are dedicated to the one or more device ports over which the one or more signals are received. | 2017-10-19 |
20170302685 | FORENSIC ANALYSIS OF COMPUTING ACTIVITY - A data recorder stores endpoint activity on an ongoing basis as sequences of events that causally relate computer objects such as processes and files. When a security event is detected, an event graph may be generated based on these causal relationships among the computing objects. For a root cause analysis, the event graph may be traversed in a reverse order from the point of an identified security event (e.g., a malware detection event) to preceding computing objects, while applying one or more cause identification rules to identify a root cause of the security event. Once a root cause is identified, the event graph may be traversed forward from the root cause to identify other computing objects that are potentially compromised by the root cause. | 2017-10-19 |
20170302686 | SYSTEM AND METHOD FOR REAL-TIME TUNING OF INFERENCE SYSTEMS - A system and method for real-time tuning of inference systems based on quality of incoming data. The method comprises: periodically receiving traffic data collected by a plurality of collectors deployed in a network; determining at least a normalized variance of a current sample of the received traffic data; estimating, based in part on the normalized variance, a standard deviation of the received traffic data and a fading coefficient of a baseline filter; determining a current baseline value based on a previous baseline value, the fading coefficient, and the current sample of the traffic data; and dynamically setting at least one membership function of the inference system based in part on the current baseline value and the standard deviation. | 2017-10-19 |
20170302687 | CELL CONTROL DEVICE THAT CONTROLS MANUFACTURING CELL IN RESPONSE TO COMMAND FROM PRODUCTION MANAGEMENT DEVICE - A cell control device able to prevent unauthorized communication in which a third party makes an unauthorized access to the apparatus. The cell control device includes a communication section that communicates with a production management device or plural machines, a communication controller that executes communication by the communication section, and a communication determination section that monitors an actual communication traffic and compares the actual communication traffic with a planned communication traffic of a communication planned to be executed by the communication controller to determine whether the actual communication traffic is more than the planned communication traffic. | 2017-10-19 |
20170302688 | METHOD FOR PROCESSING AN INTRUSION INTO A WIRELESS COMMUNICATION NETWORK, RELATED DEVICE AND COMPUTER PROGRAM - A method for processing an intrusion in a communication network including a plurality of node equipment, including a current node, which: discovers of a neighbourhood of the current node, including assigning a resilience group to the neighbouring node, according to at least one piece of information representative of a resilience level of the neighbouring node to at least one type of attack; detecting an intrusion affecting at least one suspect node of the neighbourhood of the current node; establishing a consensus concerning the at least one suspect node in a neighbourhood by counting a number of resilience groups having detected the intrusion in the neighbourhood of the suspect node and a total number of resilience groups represented in the neighbourhood of the suspect node; and deciding to change a status of the suspect node based on a result of the consensus by comparison of both numbers. | 2017-10-19 |
20170302689 | Network Security Protection Method and Apparatus - A network security protection method and apparatus are provided. The method is executed by a network security protection device, and includes obtaining at least one of network environment data or threat detection data of a host that is in a protected network and that is connected to the network security protection device, where the network environment data includes an identifier of an operating system, a parameter of the operating system, an identifier of software with a network port access function, or a parameter of the software; and the threat detection data includes a threat type or a threat identifier, where the threat type includes a vulnerability or a malicious program; searching, according to the obtained at least one of network environment data or threat detection data, for corresponding information used to eliminate a security threat in the host; and sending the found information to the host. | 2017-10-19 |
20170302690 | Method and Apparatus for Improving Network Security - A method and an apparatus for improving network security. The method includes obtaining, by a control node, alarm information, where the alarm information includes address information of an attack source that attacks a subnet of at least two subnets and identification information of the attacked subnet of the at least two subnets, using, by the control node, the alarm information to sort the attack sources in descending order of threat levels, and using a sorting result as a blacklist, and sending, by the control node, the obtained blacklist to at least one subnet that is not attacked yet in the network system. The method and apparatus are applicable to collaborative defense among multiple subnets. | 2017-10-19 |
20170302691 | Systems and Methods for Detecting and Tracking Adversary Trajectory - This disclosure is related to using network flow information of a network to determine the trajectory of an attack. In some examples, an adjacency data structure is generated for a network. The adjacency data structure can include a machine of the network that has interacted with another machine of the network. The network can further include one or more deception mechanisms. The deception mechanisms can indicate that an attack is occurring when a machine interacts with one of the deception mechanisms. When the attack is occurring, attack trajectory information can be generated by locating in the adjacency data structure the machine that interacted with the deception mechanism. The attack trajectory information can correlate the information from the interaction with the deception mechanism, the interaction information of the network, and machine information for each machine to determine a possible trajectory of an adversary. | 2017-10-19 |
20170302692 | METHODS AND APPARATUS FOR APPLICATION ISOLATION - Processor(s) for detecting malicious software. A hardware virtual machine monitor (HVMM) operates under a host OS. Container(s) initialized with network application template(s) operate under a guest OS VM. A detection module operates under the guest OS VM includes a trigger detection module, a logging module and a container command module. The trigger detection module monitors activity on container(s) for a trigger event. The logging module writes activity report(s) in response to trigger event(s). The container command module issues command(s) in response to trigger event(s). The command(s) include a container start, stop and revert commands. A virtual machine control console operates under the host OS and starts/stops the HVMM. A container control module operates under the guest OSVM and controls container(s) in response to the command(s). The server communication module sends activity report(s) to a central collection network appliance that maintains a repository of activities for infected devices. | 2017-10-19 |
20170302693 | REWRITE DETECTION SYSTEM AND INFORMATION PROCESSING DEVICE - Provided are a rewrite detection system and an information processing device capable of reducing communication traffic between devices and processing time in each device. A rewrite detecting device generates a random seed and transmits the random seed to an ECU, the ECU calculates a hash value using a predetermined hash function, and transmits the hash value to a rewrite detecting device. The ECU decides a storage region serving among storage regions of the storage unit, and calculates the hash value. The rewrite detecting device determines whether the hash value received from the ECU is right or wrong, and determines whether or not fraudulent rewrite has been performed. The ECU designates a storage region which is apart from a storage region used as a previous hash value calculation target by a predetermined address as a storage region of a current processing target. | 2017-10-19 |
20170302694 | Discovering and provisioning Computing devices in a security enhanced environment - Systems and methods for discovering and provisioning computing devices within a computing environment. An example method may comprise: loading a first kernel from a removable storage, wherein the first kernel identifies device information of the computing device when executed; transmitting a provisioning request comprising the device information to a provisioning device over a network; receiving provisioning data and a second kernel over a network, the second kernel comprising an operating system installer; and overwriting the first kernel with the second kernel. | 2017-10-19 |
20170302695 | Automatic Detection and Mitigation of Security Weaknesses With a Self-Configuring Firewall - Some embodiments provide a self-configuring firewall for automatic detection and mitigation of security weaknesses. The self-configuring firewall performs passive and active vulnerability detection. Passive detection involves scanning software resources and configurations under firewall protection for vulnerabilities present in the software and software configurations. Active detection identifies vulnerabilities by subjecting the software resources and configurations to simulated malicious traffic. The identified vulnerabilities are mapped to attack signatures. The self-configuring firewall enables the attack signatures which in turn allow the firewall to detect traffic containing attacks directed to exploiting the vulnerabilities. | 2017-10-19 |
20170302696 | INTERMEDIATE ENCRYPTION FOR EXPOSED CONTENT - An endpoint encrypts local files with a key to protect file contents. If the endpoint or processes on the endpoint becomes exposed to potentially harmful locations or resources, the key can be revoked to prevent access to encrypted files on the endpoint. In order to facilitate continued operation of the endpoint, files that are currently open can be encrypted with a second key so that the corresponding data is isolated from the other encrypted files while remaining accessible to current users. | 2017-10-19 |
20170302697 | Method And System For Dynamic Platform Security In A Device Operating System - A system and method is provided for implementing platform security on a consumer electronic device having an open development platform. The device is of the type which includes an abstraction layer operable between device hardware and application software. A secure software agent is provided for embedding within the abstraction layer forming the operating system. A secure store is provided for storing security information unique to one or more instances of the application software. The secure software agent uses the security information for continuous runtime assurance of ongoing operational integrity of the operating system and application software and thus operational integrity of the device. | 2017-10-19 |
20170302698 | SCALABLE INLINE BEHAVIORAL DDOS ATTACK MITIGATION - Methods and systems for a scalable solution to behavioral Distributed Denial of Service (DDoS) attacks targeting a network are provided. According to one embodiment, a method to determine the scaling treatment is provided for various granular layer parameters of the Open System Interconnection (OSI) model for communication systems. A hardware-based apparatus helps identify packet rates and determine packet rate thresholds through continuous and adaptive learning with multiple DDoS attack mitigation components. The system can be scaled up by stacking multiple DDoS attack mitigation components to provide protection against large scale DDoS attacks by distributing load across these stacked components. | 2017-10-19 |
20170302699 | LIMITING THE EFFICACY OF A DENIAL OF SERVICE ATTACK BY INCREASING CLIENT RESOURCE DEMANDS - A device may detect an attack. The device may receive, from a client device, a request for a resource. The device may determine, based on detecting the attack, a computationally expensive problem to be provided to the client device, where the computationally expensive problem requires a computation by the client device to solve the computationally expensive problem. The device may instruct the client device to provide a solution to the computationally expensive problem. The device may receive, from the client device, the solution to the computationally expensive problem. The device may selectively provide the client device with access to the resource based on the solution. | 2017-10-19 |
20170302700 | Providing forward secrecy in a terminating TLS connection proxy - An infrastructure delivery platform provides a RSA proxy service as an enhancement to the TLS/SSL protocol to off-load, from an edge server to an external cryptographic server, the decryption of an encrypted pre-master secret. The technique provides forward secrecy in the event that the edge server is compromised, preferably through the use of a cryptographically strong hash function that is implemented separately at both the edge server and the cryptographic server. To provide the forward secrecy for this particular leg, the edge server selects an ephemeral value, and applies a cryptographic hash the value to compute a server random value, which is then transmitted back to the requesting client. That server random value is later re-generated at the cryptographic server to enable the cryptographic server to compute a master secret. The forward secrecy is enabled by ensuring that the ephemeral value does not travel on the wire. | 2017-10-19 |
20170302701 | INTEGRATED APPLICATION SCANNING AND MOBILE ENTERPRISE COMPUTING MANAGEMENT SYSTEM - Disclosed are various approaches for integrating application scanning into a mobile enterprise computing management system. A management service can add a first command to a command queue associated with a client device, wherein the first command instructs the client device to provide a unique device identifier associated with the client device to the management service and the unique device identifier uniquely identifies the client device with respect to at least one other client device. Then, the management service can receive a first request from the client device for the first command stored in the command queue. Later, the management service sends the first command to the client device. When the management service receives the unique device identifier from the client device, the management service sends the unique device identifier to a scanning service and a policy linked with the unique device identifier to the scanning service. The policy comprises an identifier of a client application prohibited on the client device. The management service then receives a notification from the scanning service. The notification comprises the unique device identifier and an indication that the client application is present on the client device. Later, the management service adds a second command to the command queue, wherein the second command instructs the client device to perform a remedial action specified by the policy. When the management service receives a second request from the client device for the second command stored in the command queue, the management service sends the second command to the client device. | 2017-10-19 |
20170302702 | ROTATION OF AUTHORIZATION RULES IN MEMORY OF AUTHORIZATION SYSTEM - Embodiments of the invention generally relate to methods and systems for operating authorization rules. An authorization rule has conditions that may be satisfied by an authorization request. A rule is rotated between the first mode and the second mode over a time interval wherein a first set of authorization requests are received. A first subset of the first set of authorization requests may not be rejected. After the first time interval, the authorization requests that were not rejected may be validated through an independent process. An accuracy rate for the rule is determined based on the portion of authorization requests that are valid and satisfied the conditions of the rule. | 2017-10-19 |
20170302703 | DESTINATION DOMAIN EXTRACTION FOR SECURE PROTOCOLS - Techniques for destination domain extraction for secure protocols are disclosed. In some embodiments, destination domain extraction for secure protocols includes monitoring network communications between a client and a remote server; determining if the client sends a request to create a secure connection with the remote server (e.g., in which the network communications are initiating a setup for a secure protocol-based connection); and extracting a destination domain from the request to create the secure connection with the remote server. In some embodiments, the secure protocol is a secure sockets layer (SSL) protocol or transport layer security (TLS) protocol, and the destination domain is extracted from the server name indication (SNI) of a client hello message sent from the client to the remote server. In some embodiments, destination domain extraction for secure protocols further includes applying a policy (e.g., a security policy) based on the destination domain to filter traffic using a security device. | 2017-10-19 |
20170302704 | METHODS AND APPARATUS TO FACILITATE END-USER DEFINED POLICY MANAGEMENT - Methods, apparatus, systems and articles of manufacture are disclosed to facilitate end-user defined policy management. An example apparatus includes an edge node interface to detect addition of a networked user device to a service gateway, and to extract publish information from the networked user device. The example apparatus also includes a device context manager to identify tag parameters based on the publish information from the networked user device, and a tag manager to prohibit unauthorized disclosure of the networked user device by setting values of the tag parameters based on a user profile associated with a type of the networked user device. | 2017-10-19 |
20170302705 | COMPUTERIZED SYSTEM AND METHOD FOR ADVANCED NETWORK CONTENT PROCESSING - A computerized system and method for processing network content in accordance with at least one content processing rule is provided. According to one embodiment, the network content is received at a first interface. A transmission protocol according to which the received network content is formatted is identified and used to intercept at least a portion of the received network content. The intercepted portion of the network content is redirected to a proxy, which buffers the redirected portion of network content. The buffered network content is scanned in accordance with a scanning criterion and processed in accordance with the at least one content processing rule based on the result of the scanning. The processed portion of network content may be forwarded using a second interface. | 2017-10-19 |
20170302706 | ACCESS CHANGE FOR RE-ROUTING A CONNECTION - There is proposed a method and corresponding apparatuses allowing a change from a packet switched communication domain to a circuit switched communication domain. When a user equipment as a connection terminating point receives a connection initialization message with a media flow, such as audio, which cannot be delivered by the packet switched access, it sends a specific response rejecting the connection via the packet switched access to an application server for service centralization and continuity. In the application server, it is checked whether several conditions are met in order to determine whether the communication connection comprising the media flow is allowed to be changed to the circuit switched domain. If yes, the communication connection is changed from the packet switched communication domain to the circuit switched communication domain. | 2017-10-19 |
20170302707 | JOINING EXECUTABLE COMPONENT TO ONLINE CONFERENCE - Online conferencing involving video and audio in which automatic actions such as recording and broadcasting is performed by adding a visualized representation of the action into the online conference area of a user interface. The action appears as a visualization in the contacts portion of the user interface, some of which contacts may represent individuals that may be joined into a conference. Recording or broadcasting the action may thus be efficiently performed in a consistent manner as how individuals are added into an online conference, thereby taking advantage of muscle memory of the participant. | 2017-10-19 |
20170302708 | METHODS AND SYSTEMS FOR COLLABORATIVE REMOTE APPLICATION SHARING AND CONFERENCING - Systems and method for providing a collaborative conferencing capability to an application remotely-accessed by client computing devices. A client media sharing application is provided in a client tier, and the client media sharing application allows at least one of the client computing devices to share media with the client computing devices. A conferencing manager application that receives the shared media is provided to the server tier. The conferencing manager application makes the shared media available to the client computing devices. | 2017-10-19 |
20170302709 | VIRTUAL MEETING PARTICIPANT RESPONSE INDICATION METHOD AND SYSTEM - A method of indicating emotive responses in a virtual meeting, the method comprising creating or select avatar data defining one or more avatars to represent one or more corresponding users in response to input from the one or more corresponding users; receiving one or more user selections of meeting data defining one or more virtual meetings, a user selection comprising an indication that the user is attending the virtual meeting; generating an output for display of a virtual meeting with one or more avatars representing one or more users attending the meeting using the avatar data and the meeting data corresponding to the virtual meeting; receiving emotive input data from one or more users indicative of an emotive response or body language of the one or more users attending the virtual meeting; processing the avatar data using the emotive input data; and updating the output for display of the virtual meeting to render the one or more avatars for the one or more users to display a respective emotive state dependent upon the respective emotive input data. | 2017-10-19 |
20170302710 | SCALABLE EVENT STREAM DATA PROCESSING USING A MESSAGING SYSTEM - A system processes streaming data and includes at least one processor. The system may write streaming data received from a data source as messages in queues at a queuing cluster. The queuing cluster includes a coordinator node to direct the messages to non-coordinator nodes of the queuing cluster. The system may retrieve the data from the queues based on subscription of topics and store the retrieved data in a consumable repository. | 2017-10-19 |
20170302711 | CONTINUING ELECTRONIC MEDIA ENTERTAINMENT AFTER COMPLETION OF TRAVEL SEGMENT - Continuing electronic media entertainment on a personal electronic device (PED) after completion of a travel segment. Streaming characteristics for streaming of an electronic media item to a PED on board an aircraft via a first connection may be monitored and, if streaming of the remaining portion of the electronic media item will exceed the remaining travel time, trigger some or all of an excess portion of the electronic media item to be sent to the PED. The PED may store the excess potion in an access-controlled media file. After completion of the travel segment (e.g., at the destination location), the PED may resume playback of the electronic media item by obtaining a playback control code via a second, different connection. The second connection may be a different type of connection, or may be an indirect connection, in some cases. | 2017-10-19 |
20170302712 | SYSTEM AND METHODS FOR DYNAMIC TRANSCODER RATE ADAPTION FOR ADAPTIVE BIT RATE STREAMING - A system and methods for providing dynamic transcoder rate adaption for an adaptive bit streaming function is described. In a first embodiment, a client may select from all available bit rates during the encoding session, wherein the bit rates are provided to the client via a manifest file from a media gateway. In a second embodiment, a subset of the bit rates are provided to the client, from which a client chooses a selected bit rate. The encoding session continues until a request for a new bit rate is received from the client, at which time a new subset of bit rates are generated. This new subset of bit rates is presented to the client, and this loop continues until the termination of the encoding session. | 2017-10-19 |
20170302713 | DELIVERY OF CONTENT ASSOCIATED WITH A BROADCAST WORK - A processing system provides works associated with a unified number system (UNS) identifier, and the UNS identifier itself, for broadcast. The system receives a request for content associated with a broadcast work, where the request includes the UNS identifier included in the broadcast. In response to the request, the system obtains the requested content using the UNS identifier included in the request, and delivers the requested content to an end user associated with the end-user device. The type of requested content can be identified based on previously obtained user preferences, so that even if two user-devices send requests including the same UNS identifier, the content provided to each end user or end-user device can be different. | 2017-10-19 |
20170302714 | METHODS AND SYSTEMS FOR CONVERSION, PLAYBACK AND TAGGING AND STREAMING OF SPHERICAL IMAGES AND VIDEO - Methods and systems for the conversion, playback, tagging and streaming of spherical images or spherical image sequences are provided. High field of view images and videos can be converted into spherical images and spherical images sequences. These images and image sequences can be viewed on a display devices and hyperlinked tags and objects can be placed on the sphere within the video and linked to additional content. | 2017-10-19 |
20170302715 | SWITCHING MEDIA STREAMS IN A CLIENT SYSTEM BASED ON ENVIRONMENTAL CHANGES - A method and system for switching media streams of a video in a client system. A first media stream of the video is played in a SHOW mode in the client system as the first media stream is received. During play of the first media stream, an environmental change is detected within or adjacent to the client system and in response, a switch is made from playing the first media stream to playing a second media stream of the video in the SHOW mode as the second media stream is being received. The switch preserves video content continuity of the video and includes pausing play of the first media stream. A pausing rank is associated with each timecode in the first and second media streams. The pausing occurs at a timecode in the first media stream at which the associated pausing rank is not less than a predesignated threshold. | 2017-10-19 |
20170302716 | RETRIEVAL AND DISPLAY OF RELATED CONTENT USING TEXT STREAM DATA FEEDS - Mechanisms are provided for retrieving and presenting related content using text stream data feeds. Text stream data feeds such as caption information associated with media content or conversations associated with social networking applications are aggregated and used to retrieve related media content, text documents, and advertisements. Text stream data feeds that a user is exposed to may indicate that the user is interested or at least primed for particular types of related content. In particular examples, an inverse vector space search engine is used to determine particular pieces of related content and categories of interest. Post filtering may also be applied to the results. | 2017-10-19 |
20170302717 | CONTEXTUALLY AWARE CLIENT BUFFER THRESHOLDS - Client buffer thresholds are dynamically adjusted to provide quick start up and smooth playback in a variety of network conditions. In some examples, multiple buffer configurations are available. An initial buffer configuration may be used in typical circumstances and will yield good behavior in most cases. A modified buffer configuration can be used when limited available network resources prevent smooth playback. In some embodiments, a client buffer configuration is continuously adapted based on network throughput and data transfer rates. | 2017-10-19 |
20170302718 | DYNAMIC RECORDING OF ONLINE CONFERENCE - An online conferencing system that provides fine-grained control over recording of the online conference. A participant manager component detects current participants in an online conference. A video gathering component gathers video streams for each of at least some of the current participants in the online conference. A triggering component allows one or more of the participants to trigger operation of a recording component. The recording component identifies one or more of the gather video streams to record, and records the identified one or more video streams. The recording component may have fine-grained control over the recording process. If a participant joins the conference, that video from the new participant may be automatically recorded also. If a participant leaves a conference, the recording of that video may be stopped. | 2017-10-19 |
20170302719 | METHODS AND SYSTEMS FOR AUTO-ZOOM BASED ADAPTIVE VIDEO STREAMING - Systems, methods, and computer readable media are described for providing automatic zoom based adaptive video streaming. In some examples, a tracking video stream and a target video stream are obtained and are processed. The tracking video stream has a first resolution, and the target video stream has a second resolution that is higher than the first resolution. The tracking video stream is processed to define regions of interest for frames of the tracking video stream. The target video stream is processed to generate zoomed-in regions of frames of the target video stream. A zoomed-in region of the target video stream corresponds to a region of interest defined using the tracking video stream. The zoomed-in regions of the frames of the target video stream are then provided for display on a client device. | 2017-10-19 |
20170302720 | TRANSITION POINTS IN AN IMAGE SEQUENCE - Techniques are proposed for embedding transition points in media content. A transition point system retrieves a time marker associated with a point of interest in the media content. The transition point system identifies a first position within the media content corresponding to the point of interest. The transition point system embeds data associated with the time marker into the media content at a second position that is no later in time than the first position. The transition point system causes a client media player to transition from a first image quality level to a second quality level based on the time marker. | 2017-10-19 |
20170302721 | Cloud streaming service system, cloud streaming service method using optimal GPU, and apparatus for same - A cloud streaming service system, a cloud streaming service method using an optimal GPU, and an apparatus for the same are disclosed. A cloud streaming service can be provided by determining whether a video is played on a browser, when a playback of the video is sensed, decoding the video by using a video decoding entity determined on the basis of system resource conditions, and performing a streaming procedure corresponding to capturing, encoding and sending the decoded video. When a video is provided through the cloud streaming service, it is possible to effectively use the resources of a cloud streaming system by efficiently distributing a plurality of GPUs equipped in the cloud streaming system. | 2017-10-19 |
20170302722 | SYSTEMS AND METHODS FOR IMPROVING MEDIA DATA COMMUNICATIONS OVER A NETWORK - Systems and methods are disclosed for improving transmission of media data contained in data packets in a media session established over a network. According to certain embodiments, a first server can determine that at least one media quality metric associated with the media session is below one or more pre-determined thresholds, the at least one media quality metric being indicative of a media quality. The first server can also obtain identification information associated with the media session, provide the identification information to a second server, receive, from the second server data, related to a transmission of data packets, and media data contained in the data packets. The first server can determine configurations based on the received data related to a transmission of data packets. At least one of the first and second servers can be configured based on the determined configurations to provide a pre-determined media quality. | 2017-10-19 |
20170302723 | METHOD AND APPARATUS FOR COMPUTING THE PERCEIVED QUALITY OF A MULTIPARTY AUDIO OR AUDIOVISUAL TELECOMMUNICATION SERVICE OR SYSTEM - A method for estimating a quality of multiparty telecommunication with a computing device includes: (a) determining individual connection quality scores of individual connections of each participant in a multiparty telecommunication call; and (b) determining a quality score for the multiparty telecommunication call from the perspective of each participant using a function of the individual connection quality scores. | 2017-10-19 |
20170302724 | Virtual Channel Joining - Methods for establishing connection to the Internet using multiple channels. A device takes advantage of several channels available to it internally and/or from neighboring devices to request the various resources of the webpage, and assembles the webpage using the resources arriving from the different channels. When a device has the ability to connect to the Internet using multiple internal channels, the device uses internal heuristics to request the webpage resources using these channels. A cloud exit server may be used to enhance security and to handle requests that may not be handled using multiple channels. | 2017-10-19 |
20170302725 | Systems and Methods for Sharing Context Among Standalone Applications - A system and methods for sharing data among multiple standalone applications include: receiving, by a framework executing on a computing device, at least one keyword based upon a user input on a display of one of a plurality of standalone applications loaded via the framework; and storing the at least one in a context object, wherein the context object is accessible by each of the plurality of standalone applications for sharing the at least one keyword. One or more operations may be further performed based on the shared context object and results including content related or matching with the context object may be gathered from multiple standalone applications loaded in the framework. | 2017-10-19 |
20170302726 | MULTIMEDIA FILE UPLOAD - A method of handling multimedia data in which packets of a multimedia file from a first computer are received by a second computer. In case, a sub-portion of the multimedia file, representative of the multimedia file, was received by the second computer, before the entire file was received by the second computer, that sub portion is handled by the second computer transmitting to the first computer, although the entire file was not received by the second computer at the time of the transmission of the result. Additionally, an image processing server is described comprising: a network interface adapted to receive packets, a communication manager adapted to manage reception of multimedia files through the input interface and to conclude when a sub-portion of a multimedia file, representative of the multimedia file received, and an image handling unit configured to handle said sub-portions. | 2017-10-19 |
20170302727 | METHOD, SYSTEM AND APPARATUS FOR CONTROLLING AN APPLICATION - A method, system and apparatus of controlling at least one application on an electronic device. Interfacing occurs between a context object and the at least one application. Context data is retrieved from the context object. At least one of the following further occurs: the context object is updated with new context data derived from interactions with the at least one application; the behaviour of the at least one application is modulated based on the context data; and at least one data field in the application is populated with the context data. | 2017-10-19 |
20170302728 | EFFICIENT AND RELIABLE HOST DISTRIBUTION OF TOTALLY ORDERED GLOBAL STATE - An asynchronous distributed computing system with a plurality of computing nodes is provided. One of the computing nodes includes a sequencer service that receives updates from the plurality of computing nodes. The sequencer service maintains or annotates messages added to the global state of the system. Updates to the global state are published to the plurality of computing nodes. Monitoring services on the other computing nodes write the updates into a locally maintained copy of the global state that exists in shared memory on each one of the nodes. Client computer processes on the nodes may then subscribe to have updates “delivered” to the respective client computer processes. | 2017-10-19 |
20170302729 | RUNTIME GENERATION OF APPLICATION PROGRAMMING INTERFACES FOR REMOTE PROCEDURE CALL SERVICES - An application specific interface (API) for a service that is accessible by remote procedure calls is generated at run-time from an interface language definitions file. In operation, a client application requests a connection to a server and then a runtime API generator connects to the server and downloads an interface definition language (IDL) file that defines services provided by the server. The runtime API generator parses the IDL file and generates the corresponding service API. Subsequently, upon receiving a client application request, the API generator generates a set of instructions that, when executed, emit one or more remote procedure calls that cause the server to implement the client application request. Because the API is generated at run-time, the runtime API generator enables client applications that are implemented in dynamically typed languages to access the service by providing access to the data type metadata that cannot be expressed in such languages. | 2017-10-19 |
20170302730 | MULTI-LEVEL LOAD BALANCING - Various methods are provided for facilitating the assignment of a DNS name to load balancers in a dynamically partitioned cluster environment. One example method may comprise receiving cluster configuration information from a cluster configuration observer, the cluster configuration information comprising information indicative of each of a plurality of instances of running application and one or more servers and associated ports to which at least one of the plurality of instances is bound, receiving a request from a first level load balancer requiring a call to the first application, determining, based on the cluster configuration information, to which port the instance of the first application is bound, and transmitting the request to the port to which the instance of the first application is bound. | 2017-10-19 |
20170302731 | MECHANISM FOR PROVIDING LOAD BALANCING TO AN EXTERNAL NODE UTILIZING A CLUSTERED ENVIRONMENT FOR STORAGE MANAGEMENT - A method for providing load balancing to a client node external to a clustered environment for storage management, includes deploying a lightweight load balancing component at the client node, receiving I/O requests issued by virtual machines hosted at the client node by the lightweight load balancing component, performing a hashing algorithm on content of the I/O requests by the lightweight load balancing component to identify one or more controller virtual machines at the clustered environment for handling the I/O requests and dynamically distributing the I/O requests from the lightweight load balancing component to the one or more controller virtual machines at the clustered environment for storage management. | 2017-10-19 |
20170302732 | Dynamic Content Packaging - To be accessed on different media players, requested content must be delivered in a format that is supported by the requesting device. A dynamic content packager for encrypting and packaging requested content for different requesting devices at the time of consumption is disclosed. | 2017-10-19 |
20170302733 | STORAGE AND APPLICATION CONTROLLER FOR MIRRORING AND SWITCHOVER OF APPLICATIONS IN A PLURALITY OF CLOUD LOCATIONS VIA A PLURALITY OF CONFIGURABLE SECURITY PROTOCOLS - A storage and application controller that is coupled to a plurality of storage and application execution clouds is maintained. The storage and application controller transmits, via a first communications protocol, an application to a first storage and application execution cloud. The storage and application controller transmits, via a second communications protocol, a copy of the application to a second storage and application execution cloud. In response to a compromise of the first communications protocol, execution of the application is stopped and replaced via execution of the copy of the application. | 2017-10-19 |
20170302734 | Cloud Computing Service Architecture - A service control system manages a set of storage clients operating within one or more computing hosts. Storage clients may access a consistent storage system regardless which cloud provider the computing hosts come from. To provide storage, each logical volume accessed by a container is associated with a microcontroller at the computing host. The microcontroller is managed by the service control system and stores data for the logical volume at two or more replicas on different computing hosts. | 2017-10-19 |
20170302735 | METHOD AND SYSTEM FOR INTEGRATING MULTIPLE MULTI-MEDIA COMPUTER APPLICATIONS INTO A SINGLE MULTI-MEDIA COMPUTER APPLICATION READER - A communications system comprising a computer device connected to a communications network. The computer device having one or more computer-based multimedia applications downloaded from the communications network. The computer-based multimedia applications being connected to respective servers through the communications system and the computer device. The computer device also having a computer-based multimedia application reader downloaded from the communications network that communicates with one or more of the computer-based multimedia applications. The computer-based multimedia application reader capable of copying all multimedia files stored in the computer device and/or the computer-based multimedia applications. | 2017-10-19 |