45th week of 2015 patent applcation highlights part 61 |
Patent application number | Title | Published |
20150319091 | WI-FI OFFLOAD OF CELLULAR DATA - A security gateway system offloads cellular data from user equipment (“UE”). The system receives a dynamic host configuration protocol (“DHCP”) message from a Wi-Fi access point (“AP”) in communication with the UE. The system converts the DHCP message into an authentication, authorization and accounting (“AAA”) access request and sends the AAA access request to an AAA server. The system receives an AAA access accept from the AAA server and initiates a gateway general packet radio service tunneling protocol tunnel setup with a setup node. | 2015-11-05 |
20150319092 | CONTENT AWARE WI-FI QoS - Described herein are techniques for providing content aware quality of service (QoS) metadata for a Wi-Fi connection to nodes in a network by incorporating the QoS metadata into a packet header so that the nodes in the network can access the QoS metadata. The Wi-Fi access gateway receives a data packet for an internet protocol (IP) connection with a radio node across the network, wherein the radio node is configured to connect to one or more Wi-Fi devices located near the radio node The Wi-Fi access gateway classifies underlying data content of the IP connection to determine QoS metadata for the IP connection based on the underlying data content. The Wi-Fi access gateway incorporates the QoS metadata into a packet header of the data packet so that nodes in the network can access the QoS metadata for the IP connection. | 2015-11-05 |
20150319093 | PROVIDING DYNAMIC ROUTING ALTERNATIVES BASED ON DETERMINED TRAFFIC CONDITIONS - Methods, devices, and systems are provided to determine traffic conditions along a traffic path and dynamically present one or more entities with at least one alternate route. The alternate route is determined based on a number of entities along the traffic path and available routing points adjacent to the traffic conditions. The alternate route may be configured to optimize traffic for an entire traffic system rather than only optimizing traffic for receivers of the alternate routes. Data relating to the alternate routes presented to the entities can be tracked. This data may be used to evaluate an effectiveness of the routing decisions made. Effectiveness can be measured in cost and time saved or spent. Information, such as the data, determinations of the data, and/or even effectiveness of alternate routes, can be distributed to one or more parties. Distribution of the information may be associated with a tiered cost structure. | 2015-11-05 |
20150319094 | FLOW SYNCHRONIZATION - A controller node receives a list of a first plurality of flows programmed on a network switch. The controller node extracts a flow cookie value from a flow cookie data field of each flow in the first plurality of flows on the received list and calculates a session identifier on the basis of the extracted cookie values. At least one add flow command is transmitted from the controller node to the network switch to program a second plurality of flows on the network switch. The at least one add flow command comprises flow cookie values in the flow cookie data fields of each of the flows in the second plurality of flows which are set equal to the calculated session identifier. At least one delete flow command is transmitted from the controller node to the network switch to delete programming of the first plurality of flows on the network switch. | 2015-11-05 |
20150319095 | SYSTEMS AND METHODS FOR PRIORITIZATION OF DATA FOR INTELLIGENT DISCARD IN A COMMUNICATION NETWORK - Systems and methods for optimizing system performance of capacity and spectrum constrained, multiple-access communication systems by selectively discarding packets are provided. The systems and methods provided herein can drive changes in the communication system using control responses. One such control responses includes the optimal discard (also referred to herein as “intelligent discard”) of network packets under capacity constrained conditions. The systems and methods prioritize packets and make discard decisions based upon the prioritization. Some embodiments provide an interactive response by selectively discarding packets to enhance perceived and actual system throughput, other embodiments provide a reactive response by selectively discarding data packets based on their relative impact to service quality to mitigate oversubscription, others provide a proactive response by discarding packets based on predicted oversubscription, and others provide a combination thereof. | 2015-11-05 |
20150319096 | SECONDARY INPUT QUEUES FOR MAINTAINING A CONSISTENT NETWORK STATE - Some embodiments provide a novel network control system that uses secondary input queues to receive and store inputs from multiple input sources prior to moving the inputs to a primary input queue for processing. The secondary input queues provide a separate storage for each input source so that the inputs from the different sources do not get mixed with each other to ensure that fixed points and barriers sent to the controller maintain their integrity. | 2015-11-05 |
20150319097 | METHODS AND SYSTEMS FOR PRIORITIZING NAMESERVERS - Methods, devices and systems are disclosed for dynamically adjusting the load priority of a backup nameserver in a computer network based on the health and responsiveness of primary and backup nameservers. | 2015-11-05 |
20150319098 | METHODS AND APPARATUSES FOR IMPLEMENTING NETWORK PACKET BROKERS AND TAPS - Arrangements and methods for improving data communication in a network are disclosed. The method includes receiving data packets and segregating the data packets into at least original packets and replicated packets. The method also includes prioritizing original packets having service level agreement (SLA) requirements, the prioritizing is performed with respect to at least one of queuing and de-queuing such that SL parameters for the original packets met. | 2015-11-05 |
20150319099 | STORAGE AREA NETWORK SYSTEM, CONTROLLER, ACCESS CONTROL METHOD AND PROGRAM - A storage area network system includes a storage apparatus, a plurality of hosts, a switch arranged between the storage apparatus and the hosts, a controller and an access control apparatus. The controller sets the control information in the switch so as to control the communication between the hosts and the storage apparatus, and the access control apparatus provides the controller with information on whether or not accessing between the hosts and the storage apparatus is allowable. The controller sets, in the switch, the control information corresponding to an access accept/deny that is delivered by the access control apparatus. | 2015-11-05 |
20150319100 | COMMUNICATION MANAGEMENT SYSTEM, COMMUNICATION MANAGEMENT METHOD, AND RECORDING MEDIUM STORING COMMUNICATION MANAGEMENT PROGRAM - A communication management system receives, from a first communication terminal, an addition request for adding a second communication terminal as a candidate counterpart terminal of the first communication terminal, obtains information that associates provider identification information for identifying a provider with application identification information for identifying each one of applications that are provided by the provider, and controls not to transmit an addition approval request when first application identification information for identifying an application used by the first communication terminal and second application identification information for identifying an application used by the second communication terminal are not associated with the same provider identification information. | 2015-11-05 |
20150319101 | Concurrent Web Based Multitasking Support For Computing System - Supporting multiple users concurrent login and providing each user to be able to perform multiple concurrent tasks in his/her computer work environment are very critical to modem computer user working environment, which is running on top of modem operating system, due to it greatly improved machine efficiency and user's productivities. Therefore, supporting multiple users concurrent login CCDSVM through each user's web-browser and providing each user to be able to perform multiple concurrent tasks in his/her single login web-browser over resources of CCDSVM will qualify the conventional web-browser to be a new means of a computer user working environment at the Internet era. | 2015-11-05 |
20150319102 | Tiered Network Access Based on User Action - The present disclosure discloses a method and network device for providing tiered network access based on user actions. Specifically, a network device can identify a social action performed by a user, where the social action is performed while the user is logged into a social network application. Furthermore, the network device can select a network access level of a plurality of network access levels based on the social action. Accordingly, the network device grants a client device corresponding to the user access to a network based on the selected network access level. Note that the network access level is selected from the plurality of network access levels based on a plurality of social actions performed by the user. | 2015-11-05 |
20150319103 | User Access in a Multi-Tenant Cloud Environment - Systems and methods for allowing one or more users to access a number of tenant systems in a multi-tenant cloud environment are disclosed. The method includes registering a user to the tenant systems based on an identity information received from the user. The same identity information is associated with each of the tenant systems. The method also includes creating an account corresponding to each of the tenant systems for the user. The method further includes allowing the user to access one or more of the tenant systems based on the identity information entered by the user. The user accesses the tenant systems by entering the same identity information. Further, the same identity information is used for identifying the user in each of the tenant systems. | 2015-11-05 |
20150319104 | OPERATION CONTENT EVALUATION SYSTEM AND STORAGE MEDIUM - An operation content evaluation system for evaluating an operation content for controlling computer resources, the operation content evaluation system including: a content site including a content management server for distributing operation contents for controlling computer resources; and a user site including a content evaluation server for evaluating one of the operation contents and computer resources, wherein the content management server holds catalogs associated one-to-one with the operation contents and each of the catalogs includes prerequisites for executing an operation content and evaluation elements for the operation content, wherein the content evaluation server holds configuration information collected from the computer resources in resource management information, and wherein the content evaluation server acquires the catalogs from the content management server, selects a catalog associated with the operation content to be evaluated from the catalogs, and evaluates the operation content by comparing the selected catalog with the resource management information. | 2015-11-05 |
20150319105 | Method and Apparatus for Allocating Client Resources to Multiple Applications - A quota management system for Personal Video Recorders (PVRs) in which the storage space available on connected storage devices is shared between multiple content providers or multiple software programs. | 2015-11-05 |
20150319106 | NETWORK INTERFACE FOR A SoC COMPRISING AN IMPROVED COMMUNICATION CONTROLLER - A network interface for a first network on chip resource capable of interfacing a data processing unit in the first resource with the network, the network interface including an output communication controller including a mechanism detecting an indicator marking an end of communication between the first resource and at least one second resource with which a communication link is set up, and a mechanism outputting a signal indicating closure of the link to be sent to the second resource, after detection of an end of communication indicator. | 2015-11-05 |
20150319107 | INTERNET PROTOCOL BROADCASTING - Methods, apparatuses, and systems are provided for improving utilization of a communications system through various atom-based techniques for enhancing the viewing experience for Internet protocol content. Some embodiments exploit atom-based processing to determine which content atoms to broadcast (e.g., multicast) over which channels to which subscribers. Other embodiments make atom-based filtering, caching, and/or other determinations at the user terminal. For example, low-level (e.g., physical layer) filtering may be used to limit the amount of user-layer processing needed, and to facilitate delivery of content to those users most likely to desire that content. Still other embodiments allow users to create customized channels of cached content for viewing as a shared channel. Embodiments include techniques for addressing synchronization of channel content and viewing, and social networking, for subscribers to the shared channel. The shared channels may be further used to facilitate social networking among subscribers. | 2015-11-05 |
20150319108 | RE-DRIVER FOR BIDRIECTIONAL UNIDRECTIONAL HIGH SPEED SIGNALING WHILE PERMITTING LOW SPEED BIDIRECTIONAL SIGNALING - A re-driver circuit includes a first channel comprising a receiver to receive an input signal from a first port to the re-driver circuit and a driver to receive a signal from the receiver and drive an output signal of the re-driver circuit through a second port. A second channel is also provided and is in parallel with the first channel and includes a bidirectional path switch. A channel control unit determines whether the input signal is indicative of a higher speed mode or of a lower speed mode and enables one of the first and second channels while disabling the other of the channels based on the determined mode. The first and second channels share the first and second ports. | 2015-11-05 |
20150319109 | LINK-FAULT TOLERANCE IN A DISTRIBUTED ANTENNA SYSTEM - Certain features relate to improving the link-fault tolerance in a distributed antenna system (DAS) by utilizing a series of synchronous Ethernet frames. A receiving remote unit or a head-end unit in the DAS can predict the start of incoming Ethernet frames based on frame information extracted from previously received Ethernet frames. For example, a remote unit can be configured to receive one or more Ethernet frames, each of the one or more Ethernet frames including a start-of-frame field. After a period of time corresponding to the frame repetition rate, the remote unit can search for an additional start-of-frame field, indicating the receipt of the next Ethernet frame. The remote unit can extract the payload data from the next Ethernet frame based on the predicted value for the additional start-of-frame field. | 2015-11-05 |
20150319110 | APPARATUS AND METHOD FOR PROVIDING MESSAGE BASED ON OBJECT - An apparatus and method for providing a message based on an object are disclosed. The apparatus includes an object management unit, a message management unit, a notification processing unit, and a reading processing unit. The object management unit performs the registration, authentication and deletion of an object based on object identification information and object authentication information transmitted from a message generation terminal. The message management unit connects a first message and message control information, transmitted from the message generation terminal, to the corresponding object. The notification processing unit provides notification of the arrival of the first message to a message reception terminal based on a message notification condition included in the message control information. The reading processing unit processes the reading of the first message of the message reception terminal based on object authentication information and a message reading condition included in the message control information. | 2015-11-05 |
20150319111 | BILATERAL CHAT FOR INSTANT MESSAGING - Systems and technologies for providing an electronic bilateral chat room are disclosed. Users of the system may be screened against a database of organizations having hierarchal information relating to parent organization for which the user is associated, including parent subsidiaries, joint ventures and affiliates. While a bilateral chat room is limited to users in only two organizations, the present disclosure also allows other users that are associated with the structure of the parent organization to be included in the chat room. | 2015-11-05 |
20150319112 | SUBSCRIPTION MANAGEMENT - The invention relates to a method and apparatus for allowing presence information from multiple platforms to be synchronised to provide a single master presence status. This is achieved by a client monitoring the status on one platform and then updating the status on a different platform in response to changes. | 2015-11-05 |
20150319113 | MANAGING MODALITY VIEWS ON CONVERSATION CANVAS - A communication application displays a modality view that may be one of a collaboration, a gallery, or a messaging view on a conversation canvas. The application may display an initial view according a modality selection by the user. A user is enabled to select a next view from the set by providing a user action such as a tap, swipe action, etc. The application dynamically generates the next modality view according to the initial view. Common participants and common contexts are used to configure the next view. Subsequent to configuration, the application displays the next modality view on the conversation canvas by transitioning from the initial view. The application retains session information from the initial view to restore the initial view session if the user selects to return to the initial view. | 2015-11-05 |
20150319114 | METHOD AND SYSTEM FOR MESSAGE CONVERSATION VIEW CUSTOMIZATION - A method and apparatus for anchoring and controlling objects in messages across multiple devices are provided herein. The method includes displaying one or more messaging objects in a scrollable portion of a first messaging conversation display screen on a first participant device, the one or more messaging objects comprising at least one message conveyed between the first participant device and at least a second participant device; receiving an instruction to perform a first action on a first messaging object of the one or more messaging objects; performing the first action on the first messaging object; and sending a first object instruction message to at least the second participant device to perform a second action on a second messaging object in a second messaging conversation display screen on the second participant device, the second action associated with the first action and the first messaging object associated with the second messaging object. | 2015-11-05 |
20150319115 | DETERMINING A TIME BEFORE A POST IS VIEWED BY A RECIPIENT - In an approach to determining a time before a recipient views a communication, a computer receives a communication from a sender in a collaboration application. The computer determines one or more attributes of the communication, the attributes including at least a recipient of the communication, and a plurality of viewing data for the recipient of the communication. The computer determines, based, at least in part, on the one or more attributes of the communication and the plurality of viewing data for the recipient, a time before the recipient views the communication in the collaboration application. | 2015-11-05 |
20150319116 | SYSTEM AND METHOD FOR MULTI-CHANNEL DELIVERY OF TRANSFORMED AND AUGMENTED MESSAGES IN REAL-TIME - In a system of interconnected enterprise apps, a business data object maintained by a server undergoes a life cycle event which triggers a message notification. All messages between client applications and the server are intercepted, and a configurable rules engine and message processing filters govern the transformation and delivery of each message according to each recipient's role, application, and login state. Messages can be enhanced by adding contextual information and details from other messages and/or information retrieved from enterprise back-end systems according to the rules. The transformation and delivery of messages occurs in real-time across multiple channels, platforms, and users. | 2015-11-05 |
20150319117 | Computer System and Computer-Implemented Method for Service and Application Load Testing - A computer system for use in load testing a service-oriented architecture (SOA) service has a processor and a memory storage device in communication with the processor. The processor is adapted to receive an XML message, an address for a service to be tested, an action compliant with a protocol for exchanging structured information in a decentralized, distributed environment and associated with the service; create and store in memory a template message package compliant with the protocol; create a populated message package compliant with the protocol by incorporating in the template message package the XML message, the address and the action; establish a connection to the service and furnish one or more documents and attachments to the service; and receive a response from the service. | 2015-11-05 |
20150319118 | METHOD AND SYSTEM FOR REMOTE DIAGNOSTIC, CONTROL, AND INFORMATION COLLECTION BASED UPON A CONNECTION OR CONNECTIONLESS COMMUNICATION METHOD FOR SENDING MESSAGES TO THE RESOURCE MANAGER - A method, system, and program product for communicating with machines connected to a network. Information sent to or from the machines is transmitted using electronic mail or via a direct connection. The electronic mail may be transmitted over the Internet to a service center or from a service center to a resource administrator, but also may remain within a local or wide area network for transmission between a machine and a resource administrator. E-mail messages may be transmitted from a computer which is attached to a device that is being monitored or controlled and include information regarding the status, usage, or capabilities of the attached device. The device may send status messages and usage information of the device to either a resource administrator or to a service center on the Internet through a firewall. | 2015-11-05 |
20150319119 | DATA PROCESSING DEVICE AND DATA PROCESSING METHOD BASED ON USER EMOTION ACTIVITY - A data processing device and a data processing method are provided. The data processing device includes a collection storage unit configured to collect and store emotion icon log data for an emotion icon activity of a user with respect to one or more services and an analysis processing unit configured to analyze the emotion icon activity of the user by using the emotion icon log data, and to provide, to a service server, a result obtained by analyzing the emotion icon activity of the user, to allow the service server to apply the result obtained by analyzing the emotion icon activity of the user, to the services. | 2015-11-05 |
20150319120 | EXECUTING COMMANDS EMBEDDED IN MESSAGES - A communication server, computer-readable storage medium, and computer-implemented method for executing commands embedded in messages are provided. The method may include accessing a message that is being routed through a communication server. The message may include a command operator that is operative to execute an action performed by a network-based service executing on an application server. The method may further include identifying the command operator included in the message, and transmitting a request to the application server to perform the action corresponding thereto. | 2015-11-05 |
20150319121 | COMMUNICATING A MESSAGE TO USERS IN A GEOGRAPHIC AREA - In a method for communicating a message to users in a geographic area, a request for emotion data for users of an emotion tracking application within the geographic area is received, the request defining the geographic area and received at a user interface of a client device, the emotion tracking application for receiving the emotion data of the users and for transmitting the emotion data of the users to a remote emotion data server, wherein the emotion data is an indication of a mood of the user at a time of entry of the emotion data. The request for the emotion data for users of the emotion tracking application within the geographic area is transmitted to the remote emotion data server. The emotion data for users of the emotion tracking application within the geographic area is received from the remote emotion data server. A map including the emotion data for users of the emotion tracking application within the geographic area is rendered at the user interface of the client device. | 2015-11-05 |
20150319122 | Synchronization of Preferred Perishable Content - A user can specify particular news, weather, traffic, or other perishable content received on a particular Internet radio station or other media channel. The user can customize the station so that wherever the user is currently located, he can receive perishable content related to a preferred geographic location or other category. In some embodiments, a user can specify that a customized station plays local news from one city at the top of the hour, traffic from another city at 10 minutes past the hour, and music or other content at other times. The user can also customize the station to select the perishable content, or other original content, from the personal libraries of specified users. Thus, a user can customize not only the genre of content or select a particular local station, but can also modify the perishable content provided by the customized station. | 2015-11-05 |
20150319123 | Method and System for Exchanging Emails - A communication system and method for organization, preparation and viewing of emails, including a graphical user interface operating on a display of a computing device. The graphical user interface includes: a writing interface with writing functions; a reading interface with a plurality of reading functions; and an organizing interface with a plurality of organizing functions. The writing functions including a recipient action identifier indicating what is expected of the recipient with regard to the sent email, what folder the writer has designated the email is to be stored in on the recipient computing device, a read date identifying a date on which the writer wishes the recipient to read the email, and a writing block for text associated with a message being sent in accordance with the email. The recipient action identifier and the read date are appended to the email and by a computer system of a recipient upon receipt of the email by the recipient. | 2015-11-05 |
20150319124 | SORTING ELECTRONIC MESSAGES USING ATTRIBUTES OF THE SENDER ADDRESS - Systems and methods for sorting electronic messages using attributes of senders or of sender addresses. An electronic messaging server sorts electronic messages using attributes associated with the senders or sender addresses of the electronic messages. The sender addresses and associated attributes are stored in an accept list. A sorting module uses the accept list to sort the electronic messages into various folders. The sorting module can also access other data sources, such as a contact list, to assist in sorting the electronic messages. The attributes can be determined independently of the user or can be set directly by the user. The attributes can also identify a status of a sender such as whether the sender is authorized, unauthorized, or unconfirmed. | 2015-11-05 |
20150319125 | VIRAL INVITATIONS FOR SOCIAL NETWORKS - A system and method for virally growing a social network. The social network system receives a member account sign-up message for a first social network from a first member. The social network system then posts a member sign-up notification to the first member's event wall on a second social network; wherein the first member has one or more social contacts through the second social network. For at least a second respective member in the one or more social contacts, the social network system posts a personalized invitation message as a comment to the member sign-up notification on the first member's event wall, wherein the comment is initially hidden from all members other than the second respective member of the one or more member contacts. | 2015-11-05 |
20150319126 | AD HOC MESSAGE SHARING BETWEEN EMAIL AND SOCIAL NETWORKS - There are provided a system, a method and a computer program product for sharing messages between an email client and a social network. The system prepares, based on an input from a sender, an email message by using the email client. The system identifies a portion of the email message to be shared with one or more users in the social network. The system tags the portion of the email message with identities of the one or more users in the social network. The system accesses the social network with credential of the sender. The system posts the portion of the email message on social network pages of the one or more users under a name of the sender. | 2015-11-05 |
20150319127 | AD HOC MESSAGE SHARING BETWEEN EMAIL AND SOCIAL NETWORKS - There are provided a system, a method and a computer program product for sharing messages between an email client and a social network. The system prepares, based on an input from a sender, an email message by using the email client. The system identifies a portion of the email message to be shared with one or more users in the social network. The system tags the portion of the email message with identities of the one or more users in the social network. The system accesses the social network with credential of the sender. The system posts the portion of the email message on social network pages of the one or more users under a name of the sender. | 2015-11-05 |
20150319128 | VOICE COMMUNICATION SERVICE FROM A SOCIAL NETWORK - For the purpose of managing a voice communication service in a communication network between a first and at least a second communication terminal, the first and second communication terminals have respective communication identifiers in the communication network. The first and second communication identifiers are associated, at least at a server, with first and second social network identifiers of a social network. A communication request is received, indicating at least the first and second social network identifiers; subsequently, the second communication identifier is identified from the second social network identifier received in the communication request; and, finally, an application notification is transmitted to the second communication terminal on the basis of the second communication identifier. The application notification indicates the first social network identifier. | 2015-11-05 |
20150319129 | Method of Providing a Location-Based Social Media and Networking Application by Executing Computer-Executable Instructions Stored On a Non-Transitory Computer-Readable Medium - A location-based social media and networking application provides the ability to connect users within and across geographical locations by organizing user messages by location identifier code, such as a zip code. | 2015-11-05 |
20150319130 | ELECTRONIC MESSAGE RECIPIENT DISPOSITION CHARACTERISTICS - A computer implemented method for determining recipient disposition characteristics of an electronic message that was acted upon by an electronic message reader is described. The method includes receiving by a computer system message requests in response to the electronic message reader acting on the electronic message and executing by the computer system one or more rules that compare a value of one or more fields included in the one or more message requests to one or more field values included in the one or more rules. | 2015-11-05 |
20150319131 | METHOD FOR ADDRESSING NODE ADDRESS FOR DEVICE MANAGEMENT AND APPARATUS THEREFOR - The present invention relates to a method for resolving, for device management, a uniform resource identifier (URI) indicating a particular node and an apparatus therefor, the method comprising the steps of: finding one or more MO instances in accordance with a management object identifier (MOID) and MO instance information comprised in the URI; and finding the particular node within the one or more MO instances by means of a path, comprised in the URI, from the MO instance root node to the particular node, wherein if the MO instance information comprises a management object instance identifier (MIID), then the step for finding one or more MO instances comprises finding a unique MO instance having the MOID and MIID, and, if an MO instance having the MOID and MIID does not exist or exists in multiples, then returning an error. | 2015-11-05 |
20150319132 | METHOD, TERMINAL, AND SERVER FOR PROVIDING COMMUNICATION SERVICE - A method, a terminal, and a server for providing a communication service are provided. The terminal includes a communication unit which transmits a server a first message requesting for mapping a virtual address and a first Internet Protocol (IP) address and receives an IP packet including a first IP address from the server through a first communication network and a control unit which converts the first IP address to the virtual address mapped to the first IP address in the IP packet. | 2015-11-05 |
20150319133 | METHOD AND DEVICE FOR MANAGING IDENTIFIER OF EUICC - A method and device for managing an identifier of an embedded universal integrated circuit card (eUICC) is disclosed. The eUICC receives an identifier information request, determines whether there is a network carrier profile in an enabled state, and provides a response with identifier information corresponding to the identifier information request based on the results of the determination. According to the method, it is possible to separately manage the unique identifier of the eUICC and a network carrier ICCID and to dynamically manage the identifier of the eUICC according to the state of the network carrier profile of the eUICC. | 2015-11-05 |
20150319134 | Method And Apparatus For Accessing Demilitarized Zone Host On Local Area Network - A method for accessing a demilitarized zone (DMZ) host in a local access network (LAN) includes: configuring a mapping relationship between public IP addresses obtained from a wide area network (WAN) side and private IP addresses of demilitarized zone hosts at a LAN side; after receiving an access request sent by a client at the WAN side, modifying a destination IP address in the access request to the private IP address of a corresponding demilitarized zone host at the LAN side according to the configured mapping relationship, and sending the modified access request to the demilitarized zone host; receiving a reply message returned by the demilitarized zone host, modifying a source IP address contained in the reply message to a public IP address of a client at the WAN side, and sending the modified reply message to the WAN side. The present document also discloses a corresponding apparatus. | 2015-11-05 |
20150319135 | TRANSFER OF A DOMAIN NAME THROUGH MOBILE DEVICES - A domain name may be transferred from a donor account to a recipient account at a registrar using a donor mobile device and a recipient mobile device that may be in close proximity to each other. An application on the donor mobile device may send a donor request to an application on the recipient mobile device identifying the domain name. The application on the recipient mobile device may send either an accept or a reject of the donor request to the application on the donor mobile device. If accepted by the application on the recipient mobile device, the application on the donor mobile device may send a request to the registrar to move the domain name from the donor account to the recipient account. The registrar, after verifying or confirming the domain name transfer request, may transfer the domain name from the donor account to the recipient account. | 2015-11-05 |
20150319136 | MALWARE ANALYSIS SYSTEM - In some embodiments, a malware analysis system includes receiving a potential malware sample from a firewall; analyzing the potential malware sample using a virtual machine to determine if the potential malware sample is malware; and automatically generating a signature if the potential malware sample is determined to be malware. In some embodiments, the potential malware sample does not match a preexisting signature, and the malware is a zero-day attack. | 2015-11-05 |
20150319137 | TECHNIQUES TO MONITOR CONNECTION PATHS ON NETWORKED DEVICES - Techniques for managing network connections are described. An apparatus may comprise a communications component operative to manage a connection for a client, the connection routed over a network and a traffic analysis component operative to determine one or more characteristics of the routing of the connection. Other embodiments are described and claimed. | 2015-11-05 |
20150319138 | FILTERING HIDDEN DATA EMBEDDED IN MEDIA FILES - Systems and methods for filtering unsafe content at a network security appliance are provided. According to one embodiment, a network security appliance captures network traffic and extracts a media file from the network traffic. The network security appliance then determines the presence of a hidden data item embedded in the media file in a machine-readable form. When such a hidden data item is identified, the network security appliance performs one or more actions on the media file based on a predefined security policy. | 2015-11-05 |
20150319139 | METHOD AND DEVICE FOR PROCESSING SOURCE ROLE INFORMATION - A method and device for processing source role information in which a source role tag is inserted into a packet as an inner VLAN tag of the packet and used to perform role based access control processing for the packet. | 2015-11-05 |
20150319140 | Encryption/decryption method, system and device - An encryption/decryption method are described, which includes that a terminal performs an encryption operation according to information of an encryption sub-node of an Encrypt And Decrypt Management Object (EADMO) node of a local Device Management (DM) tree and reports to a DM server encrypted data state information generated after the encryption succeeds; and the terminal performs a decryption operation according to the encrypted data state information sent from the DM server. An encryption/decryption system and device are also described. By means of technical solutions of embodiments of the disclosure, operations are simple without causing data loss, and a problem that data of a non-local terminal cannot be encrypted is solved. | 2015-11-05 |
20150319141 | UNSEND FEATURE IN MESSAGING APPLICATIONS - A message generated at a sender device is received at a messaging server via a network. The message is transmitted to a recipient device, where it is displayed in a modified format at least partly obscuring content of the message. A command is received from the sender device to unsend the transmitted message after transmitting the message to the recipient device. The messaging server determines whether the message has been displayed in an unobscured form at the recipient device, and, responsive to the message not having been displayed in the unobscured form at the recipient device, transmits a command to the recipient device to delete the message at the recipient device. | 2015-11-05 |
20150319142 | DEVICE CONFIGURATION FOR SECURE COMMUNICATION - A method including generating a mapping in response to an enrollment message received from a customer device. The enrollment message includes a device identification number (device ID) of the customer device. The mapping includes a one-time password (OTP) encrypted using the device ID. The method includes generating a quick response (QR) code including a uniform resource locator (URL), a provider certificate (CRT), and certificate signing request (CSR) content. The method includes receiving a confirmation message at a website identified by the URL. The confirmation message includes a generated public key, a CSR, and a decrypted OTP. The method includes verifying the decrypted OTP against the mapping and communicating one or more application configuration settings. The method includes securely communicating information using the one or more application configuration settings, a provider public key, a provider private key, the generated public key, and a generated private key. | 2015-11-05 |
20150319143 | SECURE MOBILE APP CONNECTION BUS - A secure mobile application connection bus is disclosed. First encryption information and an identifier associated with a data storage location on a mobile device are provided from a first application to a second application. Second encryption information associated with the second mobile application is retrieved from the data storage location. The second mobile application is configured to provide data to the data storage location. Data is transferred securely between the first mobile application and the second mobile application via the data storage location. | 2015-11-05 |
20150319144 | Facilitating Communication Between Mobile Applications - Methods and systems for communicating information between mobile applications are presented. In some embodiments, a mobile device may determine that a plurality of applications are running on the mobile device. The mobile device may determine that each application of the plurality of applications uses a shared passcode to encrypt information about a persistent state. The mobile device may generate a beacon that includes encrypted state information. The mobile device may maintain state information across the plurality of applications beyond the lifetime of any one of the plurality of applications by transmitting the beacon from a first application to a second application before the first application's lifetime is completed. | 2015-11-05 |
20150319145 | Logical Partition Media Access Control Impostor Detector - Provided are techniques to enable a virtual input/output server (VIOS) to establish cryptographically secure signals with target LPARs to detect an imposter or spooling LPAR. The secure signal, or “heartbeat,” may be configured as an Internet Key Exchange/Internet Protocol Security (IKE/IPSec) encapsulated packet (ESP) connection or tunnel. Within the tunnel, the VIOS pings each target LPAR and, if a heartbeat is interrupted, the VIOS makes a determination as to Whether the tunnel is broken, the corresponding LPAR is down or a media access control (MAC) spoofing attach is occurring. The determination is made by sending as heartbeat that is designed to fail unless the heartbeat is received by as spooling device. | 2015-11-05 |
20150319146 | System and Method for Security Key Transmission With Strong Pairing to Destination Client - Systems and methods for security key transmission with strong pairing to a destination client are disclosed. A security key may be generated by an on-chip key generator, an off-chip device, and/or software. A rule may then be paired with the security key and an address associated with the security key. The rule may define permissible usage by a destination module, which is defined by the associated address. The rule may comprise a command word, which may be implemented using a data structure associated with a permissible algorithm type, a security key size, and/or a security key source. | 2015-11-05 |
20150319147 | SYSTEM AND METHOD FOR FILE ENCRYPTING AND DECRYPTING - A system and method of file encrypting/decrypting is disclosed. The system comprises an external device and a host comprising a communication port, a processor, a storage module and an agent module. The processor connects to the communication port and the storage module. The communication port connects to the external device. The storage module stores an operation system, and is configured to have an encryption partition, in which a plurality of encrypted files is stored. The processor executes the operation system and the agent module. The agent module verifies the identification information in order to determine whether to mount the encryption partition. When the encryption partition is mounted into the operation system, the agent module encrypts the plaintext file stored in the encryption partition as an encrypted file, or accesses an encrypted file from the encryption partition. The agent module decrypts the encrypted file and outputs a corresponding plaintext file. | 2015-11-05 |
20150319148 | NETWORK INFORMATION SYSTEM WITH LICENSE REGISTRATION AND METHOD OF OPERATION THEREOF - A network information system, and a method of operation thereof, includes: an extraction module for extracting a unique device identification for sending to an e-commerce server, wherein the unique device identification is extracted from a network-connected device with a software application installed and not activated on the network-connected device; a settlement process module, coupled to the extraction module, for generating a notification based on the unique device identification for sending to a license server; and a key generation module, coupled to the settlement process module, for generating a product key for the unique device identification based on the notification for activating the software application to run on a computing device. | 2015-11-05 |
20150319149 | CRYPTOGRAPHIC METHOD AND SYSTEM FOR SECURE AUTHENTICATION AND KEY EXCHANGE - A method and algorithm of authentication between parties includes receiving a randomly generated binary string. A shared secret of the parties is combined with the randomly generated binary string to form a new binary string. A binary pair (A, B) is initiated; a first bit of the new binary string is read. A current value of B is added to A when the read bit is zero, and a current value of A is added to B when the read bit is one. A next bit of the new binary string is read. The steps of adding the current values and reading a next bit are repeated until all bits have been read. A resulting binary pair (A, B) is returned after all of the bits have been read. Ephemeral Diffie-Hellman public keys are securely exchanged between the parties. Challenge responses are exchanged and a session key is agreed upon. | 2015-11-05 |
20150319150 | DEVICE, METHOD, AND SYSTEM FOR SECURE TRUST ANCHOR PROVISIONING AND PROTECTION USING TAMPER-RESISTANT HARDWARE - A method and device for securely provisioning trust anchors includes generating a database wrapper key as a function of computing device hardware. The database wrapper key encrypts a key database when it is not in use by a trusted execution environment and may be generated using a Physical Unclonable Function (PUF). A local computing device establishes a secure connection and security protocols with a remote computing device. In establishing the secure connection, the local computing device and remote computing device may exchange and/or authenticate cryptographic keys, including Enhanced Privacy Identification (EPID) keys, and establish a session key and device identifier(s). One or more trust anchors are then provisioned depending on whether unilateral, bilateral, or multilateral trust is established. The local computing device may act as a group or domain controller in establishing multilateral trust. Any of the devices may also require user presence to be verified. | 2015-11-05 |
20150319151 | APPARATUS AND METHOD FOR SECURE DELIVERY OF DATA UTILIZING ENCRYPTION KEY MANAGEMENT - A device that incorporates the subject disclosure may perform, for example, receiving a derived encryption key from a remote management server without receiving a master key from which the derived encryption key was generated, applying a one-way function to the derived encryption key and a nonce to generate a temporary encryption key, obtaining data for transmission to a recipient device, encrypting the data using the temporary encryption key to generate encrypted data, and providing the encrypted data over a network to the recipient device. Other embodiments are disclosed. | 2015-11-05 |
20150319152 | APPARATUS AND METHOD FOR MANAGING SECURITY DOMAINS FOR A UNIVERSAL INTEGRATED CIRCUIT CARD - A device that incorporates the subject disclosure may perform, for example, generating a security domain root structure for a universal integrated circuit card of an end user device, where the security domain root structure includes a hierarchy of a link provider operator security domain above a mobile network operator trusted security domain, where the link provider operator security domain enables transport management by a link provider operator, and where the mobile network operator trusted security domain enables card content management and subscription eligibility verification by a mobile network operator trusted service manager. Other embodiments are disclosed. | 2015-11-05 |
20150319153 | SENSORY OUTPUT FOR IMAGE ASSOCIATION - Methods, systems, computer-readable media, and apparatuses for authenticating users using the haptic, aural, and/or olfactory association processing channels that are unique to humans are presented. In some embodiments, a computer-implemented method includes displaying a plurality of images and generating a sensory output, wherein the sensory output includes a tactile sensation that corresponds to one of the plurality of images. The method further includes receiving input corresponding to a selection of an image of the plurality of images and determining whether the selected image matches the one of the plurality of images for which the sensory output corresponds. | 2015-11-05 |
20150319154 | STATE DRIVEN ORCHESTRATION OF AUTHENTICATION COMPONENTS IN AN ACCESS MANAGER - Methods and systems are described for state driven orchestration of authentication components to access a resource protected by an access manager framework. In response to a client request for a protected resource, relevant authentication components and their respective order are determined. Upon successful authentication of the first authentication component, proper state information of the authentication process is stored by the client indicating the next authentication component. In response to a request for additional credential information for the authentication process from the next authentication component, the client provides the stored state information so that the authentication process continues with the second authentication component according to the determined order of the authentication components within an authentication process. | 2015-11-05 |
20150319155 | System for Providing Access to the Internet - A system for providing access to the internet, comprises a network of routers (R) hereinafter designated “new routers”) wherein each new router (R) has a CPU (112) that has, or is associated with, a public area (142) that allows simultaneous access to the new router's CPU by more than one user account. The system is so arranged that a pre-registered user with a user account identified by an identifier, typically a user name and/or password, can access the internet from any new router (R) in the network by connecting to the public area (142) of the new router's CPU (112) and entering the account identifier of the pre-registered user account. | 2015-11-05 |
20150319156 | INDEPENDENT IDENTITY MANAGEMENT SYSTEMS - Systems, methods and apparatus embodiments are described herein for authenticating a user and/or a user equipment (UE). For example, a user and/or UE may request access to a service controlled by a service provider (SP). The user may be authenticated by an identity provider (IdP), producing a result. A user assertion may be provided to the SP, and the user assertion may comprise the user authentication result. The UE may be authenticated with another IdP, producing an associated result. A device assertion may be provided to the SP and may comprise the device authentication result. A master IdP may bind the assertions together and a consolidated assertion may be provided to the SP so that the user/UE can receive access to a service that is provided by the SP. | 2015-11-05 |
20150319157 | SYSTEM AND METHOD FOR DYNAMIC AND SECURE COMMUNICATION AND SYNCHRONIZATION OF PERSONAL DATA RECORDS - A system and method for dynamic and secure communication and synchronization of personal data records through a distributed network. More specifically, a system that receives, stores and secures personal data records for users and then transmits and synchronizes personal data records between users in a distributed network based on rule-based security controls. | 2015-11-05 |
20150319158 | SYSTEM AND METHOD FOR TOKEN DOMAIN CONTROL - A method for providing a token code in conjunction with a value token is disclosed. The token code serves as a shared secret for authenticating the use of the value token. Multiple token holders can possess the same value token, but each token holder may have a different token code for use with the value token. | 2015-11-05 |
20150319159 | System and Method of Generating and Using Bilaterally Generated Variable Instant Passwords - Implementations of a system and method of generating and using bilaterally generated variable instant passwords are provided. In some implementations, the Bilaterally Generated Variable Instant Password System is a Password generation and authentication system that may be used to secure electronic transactions (e.g., a stock market transaction). The system works by authenticating a user at the beginning of a session and at the initiation of any subsequent transactions that occur during the same session. The initial password is entered by the user while additional passwords required to authenticate subsequent transactions are generated by the system without any effort on the part of the user. The passwords are used as encryption keys to encrypt each transaction and may be used to limit a user's access to specific portions of a service providers system. A variety of authentication devices may be used to generate system passwords. | 2015-11-05 |
20150319160 | Secure Management of Operations on Protected Virtual Machines - Deploying an encrypted entity on a trusted entity is illustrated herein. A method includes, at a trusted entity, wherein the trusted entity is trusted by an authority as a result of providing a verifiable indication of certain characteristics of the trusted entity meeting certain requirements, receiving an encrypted entity from an untrusted entity. The untrusted entity is not trusted by the authority. At the trusted entity, a trust credential from the authority is used to obtain a key from a key distribution service. The key distribution service is trusted by the authority. The key is used to decrypt the encrypted entity to allow the encrypted entity to be deployed at the trusted entity. | 2015-11-05 |
20150319161 | Data Verification Using Access Device - An embodiment of the invention is directed to a method comprising receiving, at a server computer, information for a portable device that includes a mobile device identifier and storing, by the server computer, the information for the portable device that includes the mobile device identifier in a database associated with the server computer. The method further comprising receiving, by the server computer, transaction data from an access device for a transaction conducted at the access device, determining, by the server computer, from the transaction data that the transaction is associated with the portable device, determining, by the server computer, a location of the access device, determining, by the server computer, a location of a mobile device associated with the mobile device identifier, determining, by the server computer, that the location of the mobile device matches the location of the access device, and marking, by the server computer, the stored information for the portable device as authentication verified. | 2015-11-05 |
20150319162 | ELECTRONIC ARRANGEMENT AND METHOD FOR ENTITY-SPECIFIC TOKEN SET MANAGEMENT AND RELATED MECHANISM FOR OFFERING PERSONALIZED DIGITAL CONTENT BASED ON INTERACTIONS BETWEEN ENTITIES | 2015-11-05 |
20150319163 | Method for Identifying a Task Authorization - In an ad hoc mesh network, roles are assignment to the different network nodes, for example mesh point or mesh portal. The invention envisages that a network node identifies the certification and thus the permitted roles of another network node before it sends a message to said other network node. This ensures that the roles maintain their integrity and the security in the network is enhanced. | 2015-11-05 |
20150319164 | SYSTEM AND METHOD FOR CONNECTING CLIENT DEVICES TO A NETWORK - A system and method are provided for enabling a client device to connect to a network. The method comprises: obtaining an authorization code via a communication channel different from the network, the authorization code corresponding to the client device; and after detecting initiation of a security negotiation protocol by the client device, using the authorization code in at least one security negotiation operation. | 2015-11-05 |
20150319165 | ASSISTED AUTHENTICATION USING ONE-TIME-PASSCODE - An authentication method implemented on a server for authenticating a user device in a network comprising user devices and a server associated with a resource to be accessed. The server is configured to receive a request for access to a resource from a first user device and identify an entity to be authenticated from the request. A rule information set specifying how to form a one-time-passcode from a random code is defined and the random code is provided to a first device associated with the identified entity. A rule information set is provided to a second device associated with the identified entity and a one-time-passcode from the second device generated from the random code using at least one rule information set and received at the server. | 2015-11-05 |
20150319166 | DUAL-PARTY SESSION KEY DERIVATION - Embodiments relate to negotiating a session key to secure a user session executed in a host computer. An electronic hardware security module (HSM) located in the host computer generates a first session key. A smart card generates a second session key that matches the first session key. An encrypted copy of the second session key is communicated to an electronic host application module installed in the host computer. The electronic host application module decrypts the encrypted session key to obtain a copy of the session key such that the first and second session keys possessed by the smart card, the host application module and the HSM match one another. | 2015-11-05 |
20150319167 | VIRTUAL SMARTCARD AUTHENTICATION - The invention provides a system and method for signing a user workstation onto an access restricted network utilising a mobile communication device. The method includes receiving a sign-on request from a mobile communication device of a user of the network, looking up a user certificate included in the sign-on request in an enrolment database and retrieving identifiers relating to the user, the workstation and network from the database, and transmitting a sign-on command to an authentication driver operating on the workstation, in response to which the authentication driver negotiates a sign-on operation of the workstation onto the network. | 2015-11-05 |
20150319168 | METHODS AND SYSTEMS FOR ESTABLISHING COMMUNICATION WITH USERS BASED ON BIOMETRIC DATA - Methods and systems are disclosed herein for establishing communication with users based on biometric data. For example, in response to determining that a user has a particular biometric state, the media guidance application may present an option to contact another user that is associated with that biometric state. | 2015-11-05 |
20150319169 | SECURE COMMUNICATIONS SMARTPHONE SYSTEM - Methods, systems, and non-transitory data storage media are provided for secured communications where biometrics are used to secure communications sent over a data communication path. A sender of a secured communication may identify one or more biometrics required from a recipient before the recipient is allowed to interpret, read, view, or listen to the communication. Communications secured by the present invention may include email, text messages, iMessages, files, links, Universal Resource Locators (URLs), videos, photos, attachments, or other forms of electronic data or media communications. | 2015-11-05 |
20150319170 | COMPUTER IMPLEMENTED FRAMEWORKS AND METHODOLOGIES FOR ENABLING IDENTIFICATION VERIFICATION IN AN ONLINE ENVIRONMENT - Described herein are computer implemented frameworks and methodologies for enabling identification verification in an online environment. Embodiments of the invention have been particularly developed to enable Internet users to have their identities verified by a central authority, and use that verification in the context of later online interactions. | 2015-11-05 |
20150319171 | OFF-HOST AUTHENTICATION SYSTEM - An off-host authentication system includes a network. An off-host processing system is coupled to the network and sends an encrypted authentication item through the network in response to validating a user. An authentication information handling system (IHS) is coupled to the network and receives the encrypted authentication item from the off-host processing system through the network, decrypts the encrypted authentication item to produce a decrypted authentication item, validates the decrypted authentication item, and sends an approval message through the network. A directory system is coupled to the network and receives the approval message through the network and, in response, sends a user approval through the network. A host processing system, which is located in a user IHS that includes the off-host processing system and which is coupled to the network, logs a user into the user IHS in response to receiving the user approval through the network. | 2015-11-05 |
20150319172 | GROUP AUTHENTICATION AND KEY MANAGEMENT FOR MTC | 2015-11-05 |
20150319173 | CO-VERIFICATION METHOD, TWO DIMENSIONAL CODE GENERATION METHOD, AND DEVICE AND SYSTEM THEREFOR - A co-verification method, a two-dimensional code generation method, and a device and system therefor are provided. The method includes: performing first-type verification and second-type verification with a verification server, the first-type verification including at least one of user information verification, dynamic verification code verification, network shield verification, and token verification, and the second-type verification including two-dimensional verification; and receiving feedback information from the verification server, the feedback information being information sent by the verification server when the first-type verification and the second-type verification are both successful. By introducing two-dimensional code verification into the existing co-verification method, the problem that a user may encounter great loss once others take advantages of a terminal to complete identity verification with a verification server if the terminal is implanted with Trojan virus or lost is solved, thereby achieving more secure verification. | 2015-11-05 |
20150319174 | Enterprise System Authentication and Authorization via Gateway - Methods and systems are disclosed for providing approaches to authenticating and authorizing client devices in enterprise systems via a gateway device. The methods and systems may include passing, by a computing device to an enterprise device, a request transmitted by a client device for access to an enterprise resource, and transmitting, by the computing device, authentication credentials associated with the client device with a request for authorization information associated with the enterprise resource. The methods and systems may also include receiving, by the computing device, the authorization information associated with the enterprise resource, transmitting, by the computing, the request transmitted by the client device for access to the enterprise resource with the received authorization information associated with the enterprise resource, and passing, by the computing device to the client device, information associated with the requested enterprise resource based on the received authorization information associated with the enterprise resource. | 2015-11-05 |
20150319175 | RETROACTIVE SHARED CONTENT ITEM LINKS - A content management system implementing methodologies providing retroactive shared content item links is disclosed. The content management system and methodologies allow a team administrator of a team to configure a team-wide shared link policy that determines whether non-team members can access content items associated with team accounts using shared links generated for the content items by team members. The team shared link policy has two settings. In a first setting, the content management system allows non-team members to use shared links generated by team members to access content items associated with team accounts. In a second setting, the content management system blocks access to the content items by non-team members. Shared links are retroactive in the sense they do not need to be regenerated after the team shared link policy has been changed from the second setting back to the first setting. | 2015-11-05 |
20150319176 | Client-Side Integration Framework of Services - Systems and methods for providing client-side integration of apps and services is provided. An integration framework execution upon a computing device provides integration of various apps, applications, services, sensors and the like. Upon receiving a request for a service, the integration framework accesses a registry of a plurality of services of a respective plurality of providers registered with the integration framework. Each of the services is registered with the integration framework is associated with a trust level of a hierarchy of trust levels. The integration framework iteratively searches the registry for a provider of the requested service according to the hierarchy of trust levels, beginning with the most trusted level of the trust levels to the less trusted trust level until a provider of the requested service is found or until all levels of the hierarchy are searched without finding a provider of the requested service. | 2015-11-05 |
20150319177 | METHOD AND SYSTEM FOR PROVIDING REFERENCE ARCHITECTURE PATTERN-BASED PERMISSIONS MANAGEMENT - Reference architecture pattern role data representing reference architecture pattern roles to be associated with entities taking part in the development, and/or deployment, and/or operation of an application is generated. Reference architecture pattern tier data representing reference architecture pattern tiers used to create, and/or deploy, and/or operate an application using the reference architecture pattern is generated. For each reference architecture pattern role at least one access and/or operational permission is associated with each reference architecture pattern tier. At least one entity is assigned one of the reference architecture pattern roles and for each reference architecture pattern tier, the at least one entity is automatically provided the at least one access and/or operational permission associated with the reference architecture pattern role assigned to the entity. | 2015-11-05 |
20150319178 | REMOTE ASSISTANCE FOR MANAGED MOBILE DEVICES - According to some aspects disclosed herein, a system for remote assistance and control of user devices subject to one or more remote assistance policies may be provided. In some embodiments, an administrator may request remote control of a managed user device. A managed application launcher may be provided by the user device and may be modified by the user device to remove managed applications or otherwise prevent access to applications that have a policy indicating that remote assistance is not allowed. The administrator may open a managed application included in the launcher and remotely control that application. In other embodiments, a user of the managed user device may initiate a request for remote assistance from within a managed application and/or the managed application launcher. The administrator's control of the user device and access to other applications on the user device may be limited based on the remote assistance policies. | 2015-11-05 |
20150319179 | METHOD AND SYSTEM FOR PROVIDING A PRIVATE NETWORK - A system for providing a private network to a user terminal ( | 2015-11-05 |
20150319180 | METHOD, DEVICE AND SYSTEM FOR ACCESSING A SERVER - A method for accessing a first server, wherein a first device is coupled or connected to a first server. The first device captures, at at least one predetermined time and/or during at least one predetermined time period, at least one signal, the at least one signal being emitted at a place where the first device is located. The first device, the first server or a second server compares each of the at least one captured signal to each of at least one predetermined signal respectively. And if each of the at least one captured signal does or does not match each of the at least one predetermined signal respectively, then the first device, the first server or the second server authorizes or forbids to access the first server respectively. | 2015-11-05 |
20150319181 | Application Graph Builder - Disclosed is a system for recommending content of a predefined category to an account holder, detecting spam applications, or account holders based on the account holder application graphs. The system receives information corresponding to applications executing on the client device of the account holders and generates an application graph for each account holder that includes a list of predefined application categories that are preferred by the account holder. For each predefined category, a list of account holders preferring content relevant to that category is predicted based on the set of generated application graphs. Some application graphs may be detected as spam application graphs by comparing the generated application graphs with a set of predefined spam application graphs. Alternatively, if the generated application graph does not match the predefined spam application graphs, they are compared to a set of application graphs from a database to find similar application graphs. | 2015-11-05 |
20150319182 | SYSTEMS AND METHODS FOR DYNAMIC CLOUD-BASED MALWARE BEHAVIOR ANALYSIS - A cloud-based method, a behavioral analysis system, and a cloud-based security system can include a plurality of nodes communicatively coupled to one or more users, wherein the plurality of nodes each perform inline monitoring for one of the one or more users for security comprising malware detection and preclusion; and a behavioral analysis system communicatively coupled to the plurality of nodes, wherein the behavioral analysis system performs offline analysis for any suspicious content from the one or more users which is flagged by the plurality of nodes; wherein the plurality of nodes each comprise a set of known malware signatures for the inline monitoring that is periodically updated by the behavioral analysis system based on the offline analysis for the suspicious content. | 2015-11-05 |
20150319183 | SYSTEM AND METHOD FOR PROTECTING AGAINST POINT OF SALE MALWAREUSING MEMORY SCRAPING - A software, system and methodology for protecting against malware Point-of-Sale attacks that utilize, for example, memory scraping techniques. The application protects Point-of-sale hardware and its software against memory scraping malware attacks, and the loss of critical user credit card and confidential information often swiped at a terminal or stored in point of sale application databases. An embodiment of a method for blocking memory scraping attacks includes the following steps. Upon detecting a credit card swipe submission event from local hardware or comport event specific memory table events are flagged as unreadable, and immediately after allowing the data to be properly submitted, the system memory tables are cleared of data and specific memory processes are flagged as readable again. The method prevents memory scraping or point of sale malware from capturing swiped credit card data or input data, thereby protecting the user from theft of credit card data or other credentials. | 2015-11-05 |
20150319184 | APPARATUS AND METHOD FOR COLLECTING HARMFUL WEBSITE INFORMATION - Provided are a harmful site collection device and method for determining a harmful site by analyzing a connection between harmful sites. The harmful site collection device includes a harmful site database configured to store a URL of a harmful site; a web page collection and extraction unit configured to collect a web page indicated by the URL of the harmful site and extract a linked URL; and a harmful site connection analysis unit configured to calculate a connection with other web pages referenced within a web page of the linked URL to determine whether the web page is a harmful site. Accordingly, the harmful site collection device can determine a harmful site more easily only with information regarding the URL linked to the web page. | 2015-11-05 |
20150319185 | Systems and Methods for Contextual and Cross Application Threat Detection and Prediction in Cloud Applications - Systems and methods for contextual and cross application threat detection in cloud applications in accordance with embodiments of the invention are disclosed. In one embodiment, a method for detecting threat activity in a cloud application using past activity data from cloud applications includes receiving activity data concerning actions performed by a user account associated with a user within a monitored cloud application, receiving external contextual data about the user that does not concern actions performed using the user account within the monitored cloud application, where the external contextual data is retrieved from outside of the monitored cloud application, deriving a baseline user profile using the activity data and external contextual data and associating the baseline user profile with the user account, and determining the likelihood of anomalous activity using the baseline user profile. | 2015-11-05 |
20150319186 | METHOD AND SYSTEM FOR DETECTING IRREGULARITIES AND VULNERABILITIES IN DEDICATED HOSTING ENVIRONMENTS - A dedicated hosting environment is provided and a requirement is imposed that each virtual asset deployed in the dedicated hosting environment include one or more required virtual asset characteristics. Each virtual asset deployed in the dedicated hosting environment is then provided virtual asset characteristic certification data indicating that the virtual asset includes the one or more required virtual asset characteristics. A virtual asset monitoring system then monitors each virtual asset deployed in the dedicated hosting environment to ensure that each virtual asset in the dedicated hosting environment includes the required virtual asset characteristic certification data. If a virtual asset is identified in the dedicated hosting environment that does not include the required virtual asset characteristic certification data, an alert is provided to one or more entities of the non-compliant virtual asset. | 2015-11-05 |
20150319187 | METHOD, ELECTRONIC DEVICE, AND USER INTERFACE FOR ON-DEMAND DETECTING MALWARE - A method, an electronic device, and a user interface for on-demand detecting a malware are provided and adapted for estimating whether an application has vulnerabilities or malicious behaviors. The method includes the following steps. Firstly, evaluating a risk level and a test time of the application which has vulnerabilities or malicious behaviors. Next, detecting the application by selection of user to estimate the risk level of the application which has vulnerabilities or malicious behaviors and then correspondingly generating a detection result. Therefore, the method, the electronic device, and the user interface for on-demand detecting the malware can detect the risk level of the application which has vulnerabilities or malicious behaviors before getting virus pattern of the variant or new malware. | 2015-11-05 |
20150319188 | Canonical Network Isolator Component - A method for isolating a computer platform includes receiving a service request from an external requestor via a network at processing circuitry associated with a hardware barrier between the computer platform and the network, causing the service request to be loaded into a first buffer having a dual port connection to a corresponding second buffer of the computer platform, providing an indication to the computer platform to indicate the service request is loaded into the first buffer to be pulled into the second buffer of the computer platform, responsive to processing of the service request by the computer platform, receiving a message indicating a response loaded in the second buffer has been pushed to the first buffer, and communicating the response to the external requestor. The buffers form the only access point to the computer platform. The indication is the only communication initiated from the external requestor that crosses the hardware barrier without control by the computer platform. | 2015-11-05 |
20150319189 | PROTECTING WEBSITES FROM CROSS-SITE SCRIPTING - Methods and systems for protecting websites from cross-site scripting are disclosed. A request for a web page comprising a web page element is received from a client. It is determined if the web page comprises a data integrity token for the web page element. It is also determined if a value of the data integrity token matches an expected value. If the web page comprises the data integrity token and if the value matches the expected value, the web page comprising the web page element is sent to the client. If the web page does not comprise the data integrity token or if the value does not match the expected value, a protective operation is performed. | 2015-11-05 |
20150319190 | PREVENTING NETWORK TOMOGRAPHY IN SOFTWARE DEFINED DATACENTER NETWORKS - Technologies are provided for preventing abuse of software-defined datacenter networks. In some examples, an SDN abuse prevention module within a control layer of an SDN may use graph analysis rules and monitor network paths over time to detect and prevent abusive network conformation change command series. Instance-generated network paths may be analyzed to determine if the paths attempt to repeatedly traverse one or more sensitive network paths. If so, the paths may be implemented or denied based on, among other things, the time scale within which they attempt to repeatedly traverse the sensitive network paths. | 2015-11-05 |