45th week of 2019 patent applcation highlights part 67 |
Patent application number | Title | Published |
20190342259 | CONTENT DELIVERY OPTIMIZATION USING ADAPTIVE AND DYNAMIC DNS - Systems, methods, and computer program products for determining network characteristics are provided. The network characteristics may be used to facilitate changes to how content is delivered over a network, such as to avoid network congestion, to provide improved throughput, or to provide a good (or better) user experience, such as when streaming media. For example, the network characteristics may be determined, in part, by tracking domain name resolution requests by using specially formulated domain names that require resolution at an authoritative name server. | 2019-11-07 |
20190342260 | ROBUST DOMAIN NAME RESOLUTION - A recursive DNS nameserver system and related domain name resolution techniques are disclosed. The DNS nameservers utilize a local cache having previously retrieved domain name resolution to avoid recursive resolution processes and the attendant DNS requests. If a matching record is found with a valid (not expired) TTL field, the nameserver returns the cached domain name information to the client. If the TTL for the record in the cache has expired and the nameserver is unable to resolve the domain name information using DNS requests to authoritative servers, the recursive DNS nameserver returns to the cache and accesses the resource record having an expired TTL. The nameserver generates a DNS response to the client device that includes the domain name information from the cached resource record. In various embodiments, subscriber information is utilized to resolve the requested domain name information in accordance with user-defined preferences. | 2019-11-07 |
20190342261 | GENERATING UNIQUE RANDOM STRINGS AS ELEMENT IDENTIFIERS - A method, node and identifier authorizing entity for generating a unique identifier at a node in a hierarchal tree having a plurality of nodes, the hierarchical tree arranged in a plurality of levels. The method includes obtaining a first limit condition from a higher level node of the plurality of nodes in the hierarchal tree, generating the identifier, applying a function to the generated identifier, verifying that an output of the function satisfies the limit condition, determining a second limit condition for at least one lower level node of the plurality of nodes in the hierarchal tree, and sending the second limit condition to the at least one lower level node of the plurality of nodes in the hierarchal tree. | 2019-11-07 |
20190342262 | Zero touch provisioning of a network element through a Network Address Translation gateway - Systems and methods for low or zero touch provisioning of a network element through a Network Address Translation (NAT) gateway are implemented via a Dynamic Host Configuration Protocol (DHCP) Relay Agent operating at the NAT gateway. The process includes receiving a DHCP packet with option | 2019-11-07 |
20190342263 | ROUTE REPLY BACK INTERFACE FOR CLOUD INTERNAL COMMUNICATION - A method, system, and computer-usable medium are disclosed for responsive to a connection from a client to a server for establishing communications between the client and the server, store information regarding state of the connection and responsive to receiving a reply from the server to the client, route the reply to the client based on the information regarding the state of the connection. | 2019-11-07 |
20190342264 | ASSIGNMENT OF TENANCY TO DEVICES - A method of assigning tenancy to a device during bootstrapping between a device and a server in a network includes transmitting a device identifier to a bootstrap server. The method further includes receiving, at the device, a device server address to enable the device to register with the device server. The tenancy is assigned to the device with the device server address. | 2019-11-07 |
20190342265 | RULE SWAPPING IN A PACKET NETWORK - In some variations, first and second rule sets may be received by a network protection device. The first and second rule sets may be preprocessed. The network protection device may be configured to process packets in accordance with the first rule set. Packets may be received by the network protection device. A first portion of the packets may be processed in accordance with the first rule set. The network protection device may be reconfigured to process packets in accordance with the second rule set. A second portion of the packets may be processed in accordance with the second rule set. | 2019-11-07 |
20190342266 | GLOBALLY DEPLOYABLE CONTEXT AWARE VPN HEADENDS IN SCALE THROUGH NAMESPACES - The present technology is directed to a system and method for implementing scalable namespace based VPN headends with context awareness to facilitate targeted and granular provision of security services within the cloud. The scalability aspect involves the creation or allocation of one or more namespaces as direct termination points for inbound VPN connections to the cloud. The namespace are created dynamically upon discovery of context information (metadata) associated with deployment of a new customer traffic/connection onto the cloud. This information will be attached to the namespace to implement context awareness so that customer traffic may be attached into upstream services in a service-discoverable way. In this way, upon deployment, upstream services will automatically know about the new customer traffic and can implement security enforcement in an isolated fashion. The disclosed technology also involves dynamic propagation of the customer traffic metadata to other datacenters across the cloud environment. | 2019-11-07 |
20190342267 | STREAMING ONE TIME PAD VIRTUAL PRIVATE NETWORK - A streaming one time Pad cipher using rotating ports for data encryption uses a One Time Pad (OTP) to establish multiple secure point-to-point connections. This can be used to implement a streaming OTP point-to-point firewall, virtual private network or other communications facility for communicating secure information across one or more insecure networks. | 2019-11-07 |
20190342268 | RPC CALL INTERCEPTION - A service proxy is described herein. The service proxy is configured to act as an intermediary between a client and a service. The service proxy may observe communications, modify communications, log communications, or the like, particularly so as to enhance the security and reliability of the host device. In some implementations, the service proxy may cooperate with an operating system to take over a named port object. In some implementations, the service proxy may receive messages as an intermediary between the client and the server. In some implementations, the service proxy may attach to a shared memory to intercept communications. In some implementations, the service proxy may be injected into a client process to appear to be the client itself. | 2019-11-07 |
20190342269 | FABRIC-BASED ANONYMITY MANAGEMENT, SYSTEMS AND METHODS - Based on a hidden service address table stored in a memory, a virtual circuit related to a hidden service is mapped to a corresponding port-level channel based on the hidden service's address. Data associated with the hidden service is routed between the virtual circuit and the port-level channel. This enables binding of high level anonymity protocols to low level communication services of a network fabric and ensures that other nodes in the network fabric can leverage fabric-hosted hidden services without requiring updates to an existing anonymity protocol. | 2019-11-07 |
20190342270 | COMPUTING A PRIVATE SET INTERSECTION - Systems and methods for computing a private set intersection are disclosed. A method includes storing, at a sender device, a first set of values. The method includes receiving, from a receiver device, a homomorphic encryption of a receiver device value. The method includes computing a homomorphically encrypted number based on a difference between the homomorphic encryption of the receiver device value and each value in the first set of values, and based on a hash function of the encryption of the receiver device value. The method includes transmitting the homomorphically encrypted number to the receiver device for determination, at the receiver device, whether the receiver device value is in the first set of values. | 2019-11-07 |
20190342271 | SECURE DELIVERY AND STORAGE OF CONTENT - A content item service enables users to upload media for content items to be given to others. The content item service performs operations on uploaded media content, such as transcoding. A transformed instance of content is encrypted using a cryptographic key, and an identifier for the encrypted transformed instance of content is generated. The encrypted transformed instance of content and an encrypted version of the cryptographic key are stored in association with the identifier. | 2019-11-07 |
20190342272 | SELECTIVE ENCRYPTION CONFIGURATION - Encoding a partially encrypted data stream may include receiving, at an edge encryption proxy, an unencrypted data stream, evaluating the unencrypted data stream using communication encryption rules including rule conditions and content mappings, determining whether the rule conditions match on the unencrypted data stream, and on a condition that the rule condition matches on the unencrypted data stream, and identifying a portion of the unencrypted data stream corresponding to the content mapping as a candidate sensitive portion. On a condition that the data encryption configuration information indicates that a data storage container corresponding to a matching content mapping is configured for storing sensitive information, generating an encrypted portion by encrypting the candidate sensitive portion, generating a partially encrypted data stream, including the encrypted portion, and unencrypted insensitive portions of the unencrypted data stream, and omitting the candidate sensitive portion, and transmitting or storing the partially encrypted data stream. | 2019-11-07 |
20190342273 | NON-TRANSITORY COMPUTER READABLE MEDIUM AND INFORMATION PROCESSING APPARATUS - A non-transitory computer readable medium stores a program causing a computer to execute a process that includes, for example, receiving an entry of information from a requesting user who has requested a clue about user information, specifying, from registered users, at least one candidate corresponding to the requesting user in accordance with the received entry of information, and controlling a display to display, on a same screen, (i) user information of the specified at least one candidate that is partially masked and (ii) a button for calling up an authentication screen. The authentication screen is a screen on which a password corresponding to the user information of the specified at least one candidate is entered. | 2019-11-07 |
20190342274 | SYSTEMS AND METHODS FOR A SECURE SUBSCRIPTION BASED VEHICLE DATA SERVICE - Secure subscription based vehicle data services are provided. In one embodiment, a device comprises: a non-volatile memory comprising an embedded public key (EPK) that comprises a public key of a public-private key pair associated with a data service system not onboard the vehicle; a protocol that initiates a communication session that includes a session validation sequence that causes a processor to transmit a session request message and validate an authenticity of a session reply request using the EPK; the protocol includes a session initiation sequence that causes the processor to: transmit an initiation request message to the data service system that includes a key derivation key, and apply the key derivation key to a key derivation function to generate a message authentication key. The processor authenticates uplink messages exchanged with a host data service using the message authentication key. | 2019-11-07 |
20190342275 | SYSTEMS AND METHODS FOR ENCRYPTED VEHICLE DATA SERVICE EXCHANGES - Encrypted vehicle data service exchanges are provided. In one embodiment, a vehicle communication manager comprises memory storing an embedded public key (EPK) for a data service; a processor executing a vehicle data service protocol to initiate a session with the data service. The protocol causes the processor to: transmit a session request to the data service and receive a session reply, the reply indicates if the manager is authorized for encrypted service, the processor validates authenticity of the session reply using the EPK; determine whether to enable message encryption, and transmit an initialization request indicating whether encryption is elected; generate a key derivation key (KDK) and transmit the KDK to the data service; receive an initiation response confirming whether message encryption is elected; and when elected generate at least one Message Encryption Key (MEK) from the KDK; encrypt data service uplink and downlink messages using the at least one MFK. | 2019-11-07 |
20190342276 | METHODS AND PROCESSES FOR UTILIZING INFORMATION COLLECTED FOR ENHANCED VERIFICATION - A system for verifying a user identity. The system comprises one or more memory devices storing instructions and one or more processors configured to execute the instructions. The processors are configured to receive information associated with an account of a user. The processors are further configured to generate a first profile, where the first profile being related to the user. The processors also receives an indication that the account is accessed by an accessor through an accessor device; and receive, from the accessor device, identity data comprising a plurality of data subsets associated with the accessor. The processors are configured to store the data subsets in respective clusters. The processors are further configured generate cluster analyses by analyzing the data subsets in respective clusters; and output the cluster analyses to node instances that weighs the cluster analyses outputs. The processors also generate a second profile, the second profile related to the accessor and being based on the received identity data and weighted cluster analysis. And the processors are configured to determine a likelihood factor that the accessor is the user based on a comparison of the first profile and the second profile. | 2019-11-07 |
20190342277 | OUT OF BOX EXPERIENCE APPLICATION API INTEGRATION - Disclosed are systems, methods, and non-transitory computer-readable storage media for providing an original equipment manufacturer with application program interface (API) for registering an account and creating a custom uniform resource locator (URL) on a content management system, from which the out-of-box experience application can download and install a pre-authorized version of a client application for the content management system. | 2019-11-07 |
20190342278 | PASSWORD SECURITY - The description relates to password reset security. One example can receive a login request and a password for a cloud-based user account. The example can also retrieve stored authenticated user information associated with the password. The example can further send a notification of the login request to a contact address associated with the cloud-based user account. The notification can contain at least some of the stored authenticated user information. | 2019-11-07 |
20190342279 | DEVICE VERIFICATION OF AN INSTALLATION OF AN EMAIL CLIENT - Disclosed are various examples for single-sign on by way of managed mobile devices. For example, an identity provider service can receive a request for an identity assertion from an email client executed in a client device. The identity provider service can then detect a platform associated with the client device. The device and the user's identity can be authenticated so that an IT administrator can specify that only authorized devices can access email using the email client. | 2019-11-07 |
20190342280 | AUTHENTICATION SERVICE - Disclosed are various approaches for relaying and caching authentication credentials. A single sign-on (SSO) token is received, the SSO token representing a user account authenticated with an identity manager. An authentication request is then sent to a service that is federated with the identity manager in response to receipt of the SSO token, the authentication request including the SSO token. An access token is received in response to the authentication request, the access token providing access to the service for the user account authenticated with the identity manager for a predefined period of time. The access token and a link between the access token and the SSO token are then cached. | 2019-11-07 |
20190342281 | POLLING SERVICE - Disclosed are various approaches for polling federated services for notifications. A request for an access token for a federated service is sent to an authentication service. The access token for the federated service is received from the authentication service. A query is sent to the federated service for a notification, the query comprising the access token. The notification is received from the federated service. | 2019-11-07 |
20190342282 | Multi-User Login Session - An example method includes establishing a single-user login session associated with a first user-account such that the single-user login session has read and/or write access to first user data associated with the first user-account. The method further includes accepting, within the single-user login session, a further login associated with a second user-account to convert the single-user login session to a multi-user login session having read and/or write access to second user data associated with the second user-account in addition to having read and/or write access to the first user data. Computer readable media and computing devices related to the example method are disclosed herein as well. | 2019-11-07 |
20190342283 | DEVICE AUTHENTICATION BASED UPON TUNNEL CLIENT NETWORK REQUESTS - Disclosed are various approaches for providing authentication of a user and a client device. A user's credentials can be authenticated by an identity provider. In addition, a device posture assessment that analyzes the device from which the authentication request originates is also performed. An authentication request can be authenticated based upon whether the device posture assessment reveals that device to be a managed device that is in compliance with compliance rules. | 2019-11-07 |
20190342284 | SECURE GATEWAY ONBOARDING VIA MOBILE DEVICES FOR INTERNET OF THINGS DEVICE MANAGEMENT - Disclosed are various examples for enrollment of gateway enrollment for Internet-of-Things (IoT) device management using a client device. In one example, an onboarding token is retrieved using a request for the onboarding token. The request is authenticated based on user credentials. A gateway account is created using a request to create the gateway account that is transmitted to the management service. The request to create the gateway account includes a gateway identifier. The request is authenticated based on the onboarding token. Gateway credentials for the gateway account are relayed from the management service to the gateway. The gateway credentials authenticate communications between the gateway and the management service. The gateway credentials are concealed from users of the client device. | 2019-11-07 |
20190342285 | SYSTEM, METHOD AND COMPUTER PROGRAMS FOR USER AUTHENTICATION AND/OR AUTHORIZATION - The system includes a passive card ( | 2019-11-07 |
20190342286 | BIOMETRIC CYBERSECURITY AND WORKFLOW MANAGEMENT - A system, method, and media for providing web-based security to a workflow process is presented. Data may be processed in a web-based workflow management system. The system may detect the transfer of high-level security data through the workflow. Upon detection of the data transfers the system may request review and approval in the form of a biometric input from an approved user to allow the data to be transferred. | 2019-11-07 |
20190342287 | BEHAVIOR-BASED PHOTO IDENTIFICATION - A computing system may generate and/or use a behavior photographic identification (“behavior photo ID”) that is based, at least in part, on anonymized parameters related to the behavior of a person. The behavior can include a history of phone calls, texts, or internet browsing. The behavior photo ID, which may be used to uniquely identify the person, may digitally modify a digital photo to encode behaviors or activities of the person. In some implementations, the behavior photo ID may be modified periodically, or from time to time, to produce an updated behavior photo ID that reflects new external events as well as relatively recent behaviors or activities of the person. | 2019-11-07 |
20190342288 | QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION - A method performed by a user device may include obtaining biometric information relating to a user of the user device using a biometric sensor of the user device; determining that the biometric information is valid; generating a biometric indicator indicating that the biometric information is valid; providing a request for a callback from an entity, wherein the request includes the biometric information indicating that the biometric information is valid; and receiving the callback from the entity, wherein the callback is received based on the biometric information indicating that the biometric information is valid, and wherein the callback is associated with an entity identifier that is not provided to the user. | 2019-11-07 |
20190342289 | Network Authentication Method and Apparatus - Network authentication method and apparatus are provided. The method may include: receiving, by a server of a preset mobile enterprise work platform, an authentication request sent by a network device, the authentication request including a unique device identifier of a user device; determining, by the server, an authentication result of the unique device identifier of the user device, based on a preset group having a binding relationship with the network device, a mapping relationship between identity information of associated users of the preset group and unique device identifiers that is pre-recorded in the server, and a respective network access permission corresponding to each piece of identity information; and returning, by the server, the authentication result to the network device, to instruct the network device to control a network access operation of the user device according to the authentication result, thus simplifying a process of network authentication of the user device. | 2019-11-07 |
20190342290 | METHOD AND SYSTEM FOR ENHANCED LOGIN CREDENTIAL SECURITY VIA BLOCKCHAIN - A method for secure storage and distribution of account tokens includes: storing blockchain data comprised of a plurality of blocks, each block including at least a block header and one or more data values, where each data value includes at least an identification value, an account token, and one or more usage rules; receiving a login request including at least a specific identification value and a set of credentials; identifying a specific data value included in the blockchain data where the included identification value corresponds to the received specific identification value; validating the set of credentials based on the identified specific data value and access to the account token included in the specific data value based on the included one or more usage rules; and transmitting the account token included in the identified specific data value in response to the login request upon successful validation. | 2019-11-07 |
20190342291 | DISTRIBUTED AUTHENTICATION WITH THRESHOLDS IN IOT DEVICES - Managing authentication of a child device includes receiving, by a host device, sensor data from a child device, deriving simplified authentication data from the sensor data based on a capability of the child device, storing the simplified authentication data in an authentication profile for the child device, and transmitting the simplified authentication data to the child device, wherein the simplified authentication data is sufficient to allow the child device to authenticate a user without the host device. | 2019-11-07 |
20190342292 | SECURE ONLINE GAMING REGISTRATION SYSTEM WITH PRIVACY CONTROLS - An online gaming registration system allows online gaming patrons to register once and use this registration to create online gaming accounts with gaming Web sites, thereby avoiding having to show proof of residency, age and other requirements set by regulatory entities multiple times. Residency rules and other requirements vary from one jurisdiction to another and the present invention addresses some of the issues that arise from this. An online gaming Web site receives a login from an online player over the Internet. The site determines that the player has an account with the online gaming site and that the account is linked to an online gaming registration system account. The online gaming site receives claims-based data relating to the online player and accepts the player as verified for online gaming at the gaming Web site. | 2019-11-07 |
20190342293 | Secure Zone for Secure Purchases - An apparatus according to the present disclosure may comprise a secure zone configured to execute a task having a subtask. The task and subtask may have respective executable code and may be digitally signed by respective code providers. The secure zone may be further configured to apply respective sets of permissions while the respective executable code of the task and subtask are executed. The respective set of permissions for the task may be based on at least one of information associated with the signed task and information in a digital certificate of the respective code provider for the task. The respective set of permissions for the subtask may be based on at least one of information associated with the signed subtask and information in a digital certificate of the respective code provider for the subtask. | 2019-11-07 |
20190342294 | HANDLING POTENTIAL SERVICE LOAD INTERRUPTIONS BY PRESENTING ACTION ITEMS FOR SERVICE REQUESTER TO COMPLETE TO INCREASE TIME TO ADDRESS POTENTIAL SERVICE LOAD INTERRUPTION - A method, system and computer program product for handling potential service load interruptions. The utilization of resources, such as servers in a service infrastructure of a SaaS provider, are monitored. If the utilization of a resource exceeds a threshold, then the resource is identified as having an excessive service load leading to a potential service load interruption. When a request is received from a user requesting to access such a resource, one or more action items to be completed by the user are generated and presented to the user. “Action items” refer to any activity that is required by the user to be performed thereby providing the SaaS provider additional time to address the potential service load interruption in an appropriate manner. Additional action item(s) will be presented to the user until the SaaS provider addresses the potential service load interruption, at which point, the request will be serviced. | 2019-11-07 |
20190342295 | SYSTEMS AND METHODS FOR THIRD-PARTY INTEROPERABILITY IN SECURE NETWORK TRANSACTIONS USING TOKENIZED DATA - Embodiments include methods and systems for enabling third-party data service interoperability, comprising receiving, from an electronic data server, a request for a low-value token, the low-value token being associated with a subset of sensitive data associated with a user; providing the low-value token to the electronic data server; receiving a request for the subset of sensitive data, from a third-party data service server, the request comprising the low-value token; de-tokenizing the low-value token to obtain the subset of sensitive data; providing the subset of sensitive data to the third-party data service server; receiving, from an electronic data server, the low-value token and a transaction authorization request; determining, based on the low-value token and authorization request, an authorization response; and providing the authorization response to the electronic data server. | 2019-11-07 |
20190342296 | AUTOMATED COMPLIANCE WITH SECURITY, AUDIT AND NETWORK CONFIGURATION POLICIES - Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list. | 2019-11-07 |
20190342297 | SECURING INTERNET-OF-THINGS WITH SMART-AGENT TECHNOLOGY - An Internet-of-things (IoT) mechanizes, computerizes, automates, instruments, includes, and connects a broadly dispersed and extensively diverse universe of unrelated “things” to the Internet, e.g., credit cards, home appliances, industrial machinery, airplanes, cars, municipal water pumps, mobile devices, rain gauges, etc. Each thing is assigned a resident local “smart agent”. Or an entity, manifesting remotely only as transaction records and reports, is assigned a virtual smart agent in a network server. These data structures follow, track, record, chart, monitor, characterize, describe, render, and otherwise provide a label and handle on independent things and entities. | 2019-11-07 |
20190342298 | SYSTEM AND METHOD FOR RESOURCE ACCESS AUTHENTICATION - A method of providing continuous user authentication for resource access control includes launching a continuous authentication service at a boot time of a first device, wherein the first device includes a processor, a memory, and one or more sensors configured to collect authentication information. Additionally, the method includes receiving authentication information comprising one or more of explicit authentication information or implicit authentication information, and receiving a request for access to a resource of the first device. Further, the method includes the operations of determining, by the continuous authentication service, a current value of a security state, the current value of the security state based in part on a time interval between a receipt time of the authentication information and a current time and controlling access to the resource based on the current value of the security state. | 2019-11-07 |
20190342299 | EVENT PROCESSING VIA INDUSTRIAL ASSET CLOUD COMPUTING SYSTEM - Systems and methods are presented for receiving, at a server computer associated with an industrial asset cloud computing system, a command representing an event, from a mobile device of a plurality of mobile devices, the command comprising instructions for changing a data object in a data domain, determining, a command processor responsible for processing the command, and routing the command to the command processor responsible for processing the command, wherein the command processor accesses the data domain associated with the command to change the data object in the data domain according to the instructions of the command. Systems and methods are further presented for detecting, by the server computer, a state change in the data domain indicating that the data object has been changed, and preparing the changed data object to be consumed by mobile devices operated by users authorized to access the data object. | 2019-11-07 |
20190342300 | Method and Device for Controlling Access to Data in Network Service Provider System - Embodiments disclose a method and a device for controlling access to data in a network service provider system. In the embodiments, when a received access request of accessing data in the network service provider system is a user access instruction, data requested by the user access instruction may be acquired from network service provider-usable data or network service provider-unusable data in the network service provider system, or when a received access request of accessing data in the network service provider system is a non-user access instruction sent by the network service provider system, data requested by the non-user access instruction is acquired from only network service provider-usable data in the network service provider system. | 2019-11-07 |
20190342301 | Local Authentication of Devices Arranged as a Trust Family - Apparatus and method for establishing trust among processing devices arranged into a trust family. In some embodiments, each processing device in a group of devices has an internal token value as a unique ID value associated with the corresponding device. The internal token values are distributed among the various devices so that each device stores the internal token value of another device as an external token value. A host controller circuit authenticates the trust family by querying the devices and receiving responses therefrom. Each response is generated by a device using the external token value stored by the device. In this way, the trust family is authenticated by matching each of the external token values to each of the devices in the group. The devices may be data storage devices such as solid state drives (SSDs) in a multi-device storage environment. | 2019-11-07 |
20190342302 | METHOD FOR SETTING UP A REMOTE TERMINAL UNIT FOR SOCIAL NETWORKING - The invention relates to a method for setting up a Remote Terminal Unit for social networking and to a Remote Terminal Unit. The Remote Terminal Unit having a configuration set ( | 2019-11-07 |
20190342303 | Synthetic Identification Protocol Apparatus and Method - A control circuit receives personally identifiable information that corresponds to a particular entity. The control circuit uses that personally identifiable information to access a block chain ledger that serves as an identity block chain ledger. The control circuit then receives a synthetic identifier from the block chain ledger. This synthetic identifier correlates to the aforementioned personally identifiable information and also correlates to other data that corresponds to the particular entity and which other data is stored in a data storage element other than the block chain ledger. | 2019-11-07 |
20190342304 | POLICY MANAGEMENT, ENFORCEMENT, AND AUDIT FOR DATA SECURITY - Methods, systems, and apparatus, including computer programs encoded on computer storage media, for managing, and enforcing policies on data security. A policy appliance includes a policy administration point, a policy decision point, a policy enforcement point and, optionally, an auditing module. The policy appliance can execute in a self-contained environment, e.g., a single virtual machine, a single physical machine, or a cluster of virtual machines or physical machines identically configured. The self-contained policy appliance can receive, manage, enforce and audit multiple policies that specify access privileges of multiple users on multiple databases. The databases can include heterogeneous databases that are configured separately and differently from one another. A single configuration of the policy appliance centralizes and unifies policy management of the heterogeneous database in the self-contained environment. | 2019-11-07 |
20190342305 | MALICIOUS DATA SCAN SERVICE - A communication network may scan data to identify and prevent the spread of malicious data, such as viruses, worms, trojans, malware, and the like, transmitted through the communication network. As scanning content for malicious data within an application program or an application node hosted on the communication network may limit the performance of the application program, a server in a load balanced datacenter environment may host a malicious data scan as a service. Accordingly, the malicious data scan service may scale effectively to accommodate an increasing number of application nodes in the network, and by retrieving updated definitions of malicious data at suitable times, the server may identify malicious data with increasing reliability. | 2019-11-07 |
20190342306 | METHOD AND APPARATUS FOR CALIBRATING A SYSTEM FOR RECOGNIZING ATTEMPTS TO PENETRATE A COMPUTER NETWORK - An apparatus and a method for calibrating a system for recognizing attempts to penetrate into a computer network, in particular of a motor vehicle, at least one parameter being estimated on the basis of a data set, the data set encompassing values that characterize a detected occurrence of messages in the computer network; a distribution function being determined on the basis of the at least one parameter; an inverse of the distribution function being determined; and at least one limit for the values being calibrated, on the basis of the inverse, in a rule for rule-based recognition of attempts to penetrate into the computer network. | 2019-11-07 |
20190342307 | SYSTEM AND METHOD FOR MONITORING SECURITY ATTACK CHAINS - A cybersecurity platform is described that processes collected data using a data model to identify and link anomalies and in order to identify generate security events and intrusions. The platform generates graph data structures using the security anomalies extended using additional data. The graph data structures represent links between nodes, the links being events, the nodes being machines and user accounts. The platform processes the graph data structures by combining similar nodes or grouping security events with common features to behaviour indicative of a single or multiple security events to identify chains of events which together represent an attack. | 2019-11-07 |
20190342308 | METHOD OF MALWARE CHARACTERIZATION AND PREDICTION - A method, apparatus and system for malware characterization includes receiving data identifying a presence of at least one anomaly of a respective portion of a processing function captured by at least one of each of at least two different sensor payloads and one sensor payload at two different times, determining a correlation between the at least two anomalies identified by the data captured by the at least one sensor payloads, and determining a presence of malware in the processing function based on the determined correlation. The method, apparatus and system can further include predicting an occurrence of at least one anomaly in the network based on at least one of current sensor payload data or previously observed and stored sensor payload data, recommending and/or initiating a remediation action and reporting a result of the malware characterization to a user. | 2019-11-07 |
20190342309 | DATA PROTECTION IN A NETWORKED COMPUTING ENVIRONMENT - Approaches for providing data protection in a networked computing environment are provided. A method includes detecting, by at least one computer device, a breach of a first system in the networked computing environment. The method also includes generating, by the at least one computer device, a second system in the networked computing environment, wherein the second system includes a patch based on the breach. The method additionally includes converting, by the at least one computer device, the first system to a decoy system. The method further includes generating, by the at least one computer device, a third system in the networked computing environment, wherein the third system has reduced security relative to the first system. | 2019-11-07 |
20190342310 | Detection of Forbidden Software through Analysis of GUI Components - A mechanism is provided for controlling execution of a computer program. An execution of unallowed software may be prohibited. Structural elements of a graphical user interface of the computer program are detected. The detected structural elements are compared with a stored signature, each signature comprising structural elements of a graphical user interface of allowed computer programs. Upon not finding a matching signature among the stored signatures when comparing, further executing of the computer program is inhibited. | 2019-11-07 |
20190342311 | PROCESSING ANOMALY DATA TO IDENTIFY THREATS TO NETWORK SECURITY - A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected or threat, and to take action promptly. | 2019-11-07 |
20190342312 | CONTEXT-DEPENDENT TIMEOUT FOR REMOTE SECURITY SERVICES - A threat management facility that remotely stores global reputation information for network content can be used in combination with a recognition engine such as a machine learning classifier that is locally deployed on endpoints within an enterprise network. More specifically, the recognition engine can locally evaluate reputation for a network address being accessed by an endpoint, and this reputation information can be used to dynamically establish a timeout for a request from the endpoint to the threat management facility for corresponding global reputation information. | 2019-11-07 |
20190342313 | METHOD FOR CONDITIONALLY HOOKING ENDPOINT PROCESSES WITH A SECURITY AGENT - A security agent conditionally hooks a process for malware monitoring based on a persistent hook state for the process that may be stored, for example, in a process cache. When a process launches in a backoff state indicating that the process previously crashed after hooking, the security agent may further conditionally hook the process based on a reputation of the process or any other relevant contextual information. | 2019-11-07 |
20190342314 | SYSTEMS AND METHODS FOR AN EMBEDDED BROWSER - The present disclosure is related to systems and methods of monitoring data of a network application. An embedded browser of a client application on a client device may initiate a request to access a network application hosted on a server. The client application may, responsive to the request, establish a secure session to communicate data of the network application to the client application for rendering in a display region of the embedded browser. The client application may decrypt the data communicated via the established secure session to monitor the network application. | 2019-11-07 |
20190342315 | SYSTEMS AND METHODS FOR TRAFFIC INSPECTION VIA AN EMBEDDED BROWSER - Described embodiments provide systems and methods for traffic inspection via embedded browsers. An application inspector module of an embedded browser executable on a client may intercept network traffic for an application. The network traffic may include packets exchanged between the application and the server via a channel. The application inspector module may identify a computing resource usage on the client in providing a user with access to the application via the embedded browser. The application inspector module may generate analytics data based on the intercepted network traffic and the computing resource usage. The application inspector module may maintain a user behavior profile based on the analytics data. The application inspector module may determine that a portion of the network traffic directed to the remote server contains sensitive information. Responsive to the determination, the application inspector module may block or remove the portion of the network traffic. | 2019-11-07 |
20190342316 | AGGREGATING NETWORK SECURITY DATA FOR EXPORT - Systems and methods are disclosed for computing network operations. For example, methods may include receiving, at a computing device located within a private network, a message sent from a server located outside of the private network, the message including an observable; invoking, within the private network, a search of data associated with the private network to obtain a search result that includes data matching the observable; aggregating, within the private network, data from the search result that matches the observable to obtain a report that includes an indication of the observable, a count of occurrences of the observable, and identification of one or more components associated with the observable; and transmitting the report to the server. | 2019-11-07 |
20190342317 | NETWORKING SYSTEM - In a networking system including a plurality of nodes connected with each other by a communication network, each node includes an abnormality discrimination unit configured, when a cumulative consumption current at the time of processing the data received from other node is out of a range (of current values estimated in advance based on an event at the other node, to discriminate the other node as an abnormal. By the networking system, the abnormality of the nodes on the network may be detected with a simple configuration. | 2019-11-07 |
20190342318 | MULTI-MODE BOUNDARY SELECTION FOR THREAT DETECTION IN INDUSTRIAL ASSET CONTROL SYSTEM - According to some embodiments, streams of monitoring node signal values may be received over time that represent a current operation of an industrial asset control system. A current operating mode of the industrial asset control system may be received and used to determine a current operating mode group from a set of potential operating mode groups. For each stream of monitoring node signal values, a current monitoring node feature vector may be determined. Based on the current operating mode group, an appropriate decision boundary may be selected for each monitoring node, the appropriate decision boundary separating a normal state from an abnormal state for that monitoring node in the current operating mode. Each generated current monitoring node feature vector may be compared with the selected corresponding appropriate decision boundary, and a threat alert signal may be automatically transmitted based on results of said comparisons. | 2019-11-07 |
20190342319 | CONTINUOUS LEARNING FOR INTRUSION DETECTION - Balancing the observed signals used to train network intrusion detection models allows for a more accurate allocation of computing resources to defend the network from malicious parties. The models are trained against live data defined within a rolling window and historic data to detect user-defined features in the data. Automated attacks ensure that various kinds of attacks are always present in the rolling training window. The set of models are constantly trained to determine which model to place into production, to alert analysts of intrusions, and/or to automatically deploy countermeasures. The models are continually updated as the features are redefined and as the data in the rolling window changes, and the content of the rolling window is balanced to provide sufficient data of each observed type by which to train the models. When balancing the dataset, low-population signals are overlaid onto high-population signals to balance their relative numbers. | 2019-11-07 |
20190342320 | SYSTEMS AND METHODS FOR PROVIDING USER INTERFACES BASED ON ACTIONS ASSOCIATED WITH UNTRUSTED EMAILS - The present disclosure describes a system that notifies users regarding specific user decisions with respect to solution phishing emails. The system notifies users when users perform specific actions with respect to the untrusted phishing emails. The system pauses execution of these actions and prompts the user to confirm whether to take the actions or to revert back to review the actions. In contrast from anti-ransomware technologies which are entirely in control, the system gives the user autonomy in deciding actions relating to untrusted phishing emails. The system interrupts execution of actions related to untrusted phishing emails in order to give users a choice on whether to proceed with actions. | 2019-11-07 |
20190342321 | LEARNING INTERNAL RANGES FROM NETWORK TRAFFIC DATA TO AUGMENT ANOMALY DETECTION SYSTEMS - In one embodiment, a device in a network receives traffic records indicative of network traffic between different sets of host address pairs. The device identifies one or more address grouping constraints for the sets of host address pairs. The device determines address groups for the host addresses in the sets of host address pairs based on the one or more address grouping constraints. The device provides an indication of the address groups to an anomaly detector. | 2019-11-07 |
20190342322 | PROVIDING SECURE SENSOR DATA TO AUTOMATED MACHINES - Systems, methods, and software can be used to provide secure sensor data. In some aspects, a computer-implemented method includes: receiving, at a sensor security evaluation application executing on a device, sensor data from a sensor on the device; determining, by the sensor security evaluation application, a security confidence score associated with the sensor data; and transmitting, from the sensor security evaluation application, the security confidence score and the sensor data to a smart machine processor on the device. | 2019-11-07 |
20190342323 | RULE-BASED REMEDIATION OF VULNERABILITIES IN A MANAGED NETWORK - A computing system may include a database disposed within a computational instance of a remote network management platform that manages a managed network. Additionally, the computing system may include server device(s) disposed within the computational instance. The server device(s) may be configured to: compare, in order of priorities of assignment rules, a particular configuration item to the assignment rules until a matching condition is found, where the comparison includes consideration of one or more of: (i) particular item attributes of the particular configuration item or (ii) particular vulnerability attributes that apply to the particular configuration item; determine a particular remediator identifier related to the matching condition; based on a key and the particular remediator identifier, determine a particular group for the particular configuration item according to grouping rules; and store, in the database, a reference to the particular configuration item in the particular group. | 2019-11-07 |
20190342324 | COMPUTER VULNERABILITY ASSESSMENT AND REMEDIATION - Technology for detecting and remediating security vulnerabilities in view of one or more computing policies. An example method may involve receiving environment data of a computing environment, the environment data comprising a configuration value of a computing device in the computing environment; accessing an index data structure derived from a computing policy, wherein the index data structure associates an entry of the computing policy with one or more computing features of the computing environment; determining, by a processing device, whether a security vulnerability exists based on the environment data and the index data structure; and providing feedback regarding the security vulnerability and the computing policy. | 2019-11-07 |
20190342325 | SYSTEMS AND METHODS FOR MANAGING NETWORK VULNERABILITY SCANNING TO AVOID DISRUPTION OF OPERATIONS - There are provided systems and methods for managing network vulnerability scanning to avoid interference and disruption of network operations. In one form, the system includes: a network of computing devices; a network vulnerability scanner for evaluating insecurity and vulnerability of the network; a network traffic monitor for measuring the volume of network traffic at a certain time; and a scanning scheduler that includes scanning blackout events limiting operation of the scanner. Each blackout event includes an event name, a country or region for the blackout, a blackout start time and end time, and a blackout type that may include a level of the blackout and an authorization required for the network scan to proceed. In the system, a control circuit controls operation of the scanner; interrupts, delays, or cancels a network scan when the network traffic exceeds a certain threshold; and enforces blackout events according to the scanning scheduler. | 2019-11-07 |
20190342326 | CYBERATTACK PREVENTION SYSTEM - A self-updating system for defending against a cyberattack requests connected devices to solve a problem that is created in a random manner. The problems are created in a manner such that the system can determine whether the client device is being used as part of a cyberattack based on how the client device responds to the problems. | 2019-11-07 |
20190342327 | FRONT-END PROTOCOL FOR SERVER PROTECTION - A method and technique for protecting against denial of service attacks includes maintaining a session count indicating a quantity of active client sessions a server is maintaining and a session threshold specifying a maximum quantity of concurrent client sessions the server can maintain. Responsive to receiving a request from a client, a request count maintained by the server is verified to be less than the session threshold and, if so, a challenge message is sent to the client and the request count is incremented. Responsive to receiving a response message to the challenge message from the client, the response message is verified, a session with the client is established, and the session count is incremented. Responsive to terminating the session with the client, the session count and the request count are decremented. | 2019-11-07 |
20190342328 | Method, Device, and System of Back-Coloring, Forward-Coloring, and Fraud Detection - System, device, and method for behaviorally validated link analysis, session linking, transaction linking, transaction back-coloring, transaction forward-coloring, fraud detection, and fraud mitigation. A method includes: receiving an indicator of a seed transaction known to be fraudulent; selecting, from a database of transactions, multiple transactions that share at least one common property with the seed transaction; generating a list of candidate fraudulent transactions; filtering the candidate fraudulent transactions, by applying a transaction filtering rule that is based on one or more behavioral characteristics; and generating a filtered list of candidate fraudulent transactions. | 2019-11-07 |
20190342329 | System, Method, and Device of Authenticating a User based on Selfie Image or Selfie Video - System, method, and device of detecting identity of a user and authenticating a user; as well as detecting a possible attacker or impostor, and differentiating among users of an electronic device or of a computerized service. A mobile or portable electronic device is utilized to capture a self-taken image or video of a user, which is utilized as a user-authentication factor. The accelerometer and gyroscope or device-orientation sensor of the mobile device, sense and measure spatial and physical device properties during, before or after the submission of the self-taken image or video. Based on such spatial and physical device properties, in combination with computer-vision analysis of the content shown in the self-taken image or video, the system determines liveness of the user and freshness of the submitted self-taken image or video, and differentiates between a legitimate user and an attacker. | 2019-11-07 |
20190342330 | USER-ADDED-VALUE-BASED RANSOMWARE DETECTION AND PREVENTION - A method for ransomware detection and prevention includes receiving an event stream associated with one or more computer system events, generating user-added-value knowledge data for one or more digital assets by modeling digital asset interactions based on the event stream, including accumulating user-added-values of each of the one or more digital assets, and detecting ransomware behavior based at least in part on the user-added-value knowledge, including analyzing destruction of the user-added values for the one or more digital assets. | 2019-11-07 |
20190342331 | CLOAKING AUTHORITY SYSTEM - Disclosed herein are systems, methods and devices system for identifying a misbehaving computerized device. In some implementations, the system includes a cloaking authority device for identifying a misbehaving computerized device, wherein the cloaking authority device includes a processor that can receive a request for a cloak index, wherein the request for the cloak index comprises a linkage value retrieved from a pseudonym certificate. In some examples, the processor can also request, from a pseudonym certificate authority device, first information that is used to produce the cloak index, wherein the first information is associated with the linkage value. Additionally, the processor can process, by the cloaking authority device, the linkage value to produce the cloak index based in part on the first information, wherein the cloak index identifies a misbehaving computerized device. Furthermore, the processor can transmit, by the cloaking authority device, the cloak index to a misbehavior authority device. | 2019-11-07 |
20190342332 | DATABASE QUERY INJECTION DETECTION AND PREVENTION - Computer systems, devices, and associated methods of detecting and/or preventing injection attacks in databases are disclosed herein. In one embodiment, a method includes determining whether parsing a database statement received from an application on the application server cause a syntax error in a database. In response to determining that parsing the received database statement does not cause a syntax error, determining whether an identical syntactic pattern already exists. In response to determining that an identical syntactic pattern already exists in the database, the method includes indicating that the received database statement does not involve an injection attack. | 2019-11-07 |
20190342333 | SYSTEMS AND METHODS FOR SITUATIONAL LOCALIZATION OF AIDA - The present disclosure describes systems and methods for using for a simulated phishing campaign, information about one or more situations of a user determined from an electronic calendar of the user, A campaign controller may identify an electronic calendar of a user for which to direct a simulated phishing campaign, determine one or more situations of the user from information stored in the electronic calendar and select either a template from a plurality of templates or a starting action from a plurality of starting actions for the simulated phishing campaign based at least on the one or more situations of the user. The campaign controller may communicate to one or more devices of the user a simulated phishing communication based at least on the respective template or starting action. | 2019-11-07 |
20190342334 | METHOD, CLIENT, AND SERVER FOR PREVENTING WEB PAGE HIJACKING - A method for preventing hijacking of a web page is provided. A HyperText Markup Language (HTML) source file is received from a web server in response to a HyperText Transfer Protocol (HTTP) access request, the HTML source file being embedded with a script tag corresponding to script code for preventing HTTP hijacking. The script code for preventing HTTP hijacking is pulled from an antihijacking server according to the script tag. It is detected, based on the script code for preventing HTTP hijacking, whether a document object model (DOM) node used for HTTP hijacking exists in a DOM tree. The DOM node used for HTTP hijacking is hidden from a web page of a browser in response to detecting that the DOM node used for HTTP hijacking. | 2019-11-07 |
20190342335 | CREATION OF SECURITY POLICIES USING A VISUAL APPROACH - A request to create a set of security policies for an application is received at a graphical user interface. Information identifying a set of source VMs, a set of destination VMs, and a set of target VMs also are received, wherein the target VMs are executing the application and are supported by (a) node(s) in a clustered virtualization environment. A set of inbound rules identifying (a) category(ies) of source VMs permitted to initiate connections with a subset of target VMs and a set of outbound rules identifying (a) category(ies) of destination VMs to which the subset of target VMs are permitted to initiate connections are received at the graphical user interface. Upon receiving a request to apply the security policies, the policies are configured based at least in part on the inbound and outbound rules and a visual representation of the security policies is presented in the graphical user interface. | 2019-11-07 |
20190342336 | UNIVERSAL DATA PRIVACY CONTROL MANAGEMENT SYSTEM - A universal opt-in/opt-out client allows a user to connect to the APIs for various different sites which have the user's data. The universal client orchestrates opting out on any of the site lists provided by default, or sites which the user selects. The universal client enables the user to select total or partial opt-ins or opt-outs with granular control, on one or more web or decentralized sites, where the user may wish to allow some uses of data and access to data but would also like to restrict others. When a user is calibrating their privacy and data settings, a company or site may provide reasons and incentives for the user to allow access to certain data. This allows users to have simultaneous global control over their personal data while enabling the user to receive compensation for the use of their personal data, and allowing companies to have access to better data. | 2019-11-07 |
20190342337 | Reputation-based Policy in Enterprise Fabric Architectures - In accordance with various embodiments, a method is performed including determining a plurality of network reputation scores for a respective plurality of network subsets of a fabric network environment and determining a reputation policy for traffic traversing the fabric network environment. The method includes routing traffic traversing the fabric network environment according to the reputation policy and the plurality of network reputation scores. | 2019-11-07 |
20190342338 | AUTOMATED COMPLIANCE WITH SECURITY, AUDIT AND NETWORK CONFIGURATION POLICIES - Systems and methods are provided for facilitating automated compliance with security, audit and network configuration policies. In some instances, new runtime configuration files are iteratively generated and compared to a baseline configuration file to determine whether a threshold variance exists between the baseline configuration file and each separate and new runtime configuration file. If the threshold variance exists, remedial actions are triggered. In some instances, runtime configuration files are scanned for blacklist configuration settings. When blacklist configuration settings are found, remedial actions can also be triggered. In some instances, configuration files are scrubbed by omitting detected blacklist items from the configuration files. In some instances, changes are only made to configuration files when they match changes on an approved change list and are absent from an open incident list. | 2019-11-07 |
20190342339 | Security for IoT Home Voice Assistants - A method for implementing security of Internet of Things (IoT) home voice assistants is described. In one embodiment, a computer-implemented method for implementing a security policy with a voice assistant includes obtaining, by one or more computing devices, encrypted traffic from a voice assistant; identifying, by the one or more computing devices, a user voice command in the encrypted traffic based at least in part on one or more identifiable attributes of the encrypted traffic; determining, by the one or more computing devices, the user voice command triggers at least one security policy; and upon determining the user voice command triggers the at least one security policy, performing, by the one or more computing devices, a security action that implements the at least one security policy. In some cases, the method may include obtaining an audio recording of the user voice command with a microphone built into the router. | 2019-11-07 |
20190342340 | CUSTOM NODE AND PROFILE CLASSIFICATIONS FOR ENTERPRISE SECURITY MANAGEMENT TOOL - Methods and systems for configuring a security policy for an enterprise within an enterprise security management tool are disclosed. In some aspects, such systems receive a definition of at least one custom classification within a user interface of the enterprise security management configuration tool, including a name of a profile and network activity associated with one or more nodes to be included within the profile. Such systems also generate a security settings file to be applied within the enterprise, the security settings file including, for each profile, a common security policy to each of the nodes included in the profile. The profiles to which the security settings file is applied include the profile defined by the at least one custom classification. | 2019-11-07 |
20190342341 | INFORMATION TECHNOLOGY GOVERNANCE AND CONTROLS METHODS AND APPARATUSES - Embodiments of the present invention provide methods and systems for automated change audit of an enterprise's IT infrastructure, including independent detection of changes, reconciliation of detected changes and independent reporting, to effectuate a triad of controls on managing changes within the IT infrastructure, preventive controls, detective controls and corrective controls. | 2019-11-07 |
20190342342 | PERSONAL DEVICE NETWORK FOR USER IDENTIFICATION AND AUTHENTICATION - Established user habits in carrying multiple wirelessly detectable devices are used to provide or substantiate authentication. In some embodiments, simply detecting that expected devices are co-located within a limited spatial region is sufficient to establish that the devices are being carried by a single individual. In other embodiments, particularly where the potential for spoofing by multiple individuals is a concern, single-user possession of the devices may be confirmed by various corroborative techniques. This approach affords convenience to users, who may be working at a device that lacks the necessary modality (e.g., a fingerprint or vein reader) for strong authentication. | 2019-11-07 |
20190342343 | CYBER RISK ANALYSIS AND REMEDIATION USING NETWORK MONITORED SENSORS AND METHODS OF USE - Systems and methods for cyber risk analysis and remediation using network monitored sensors are provided herein. An example system includes one or more data collecting devices deployed within a network that collect entity information and monitor network traffic of the network that is related to security information. The network includes computing systems that are subject to a cyber risk policy having breach parameters defining one or more events that are indicative of a cyber security breach. A cyber security risk assessment and management system is used to automatically detect occurrence of one or more of the events that are indicative of a cyber security breach, automatically determine the breach parameters that apply for the one or more events that occurred, and generates a remediation of cyber security parameters for the network. | 2019-11-07 |
20190342344 | CONTROLLING PERMISSIBLE ACTIONS A COMPUTING DEVICE CAN PERFORM ON A DATA RESOURCE BASED ON A USE POLICY EVALUATING AN AUTHORIZED CONTEXT OF THE DEVICE - Disclosed is a method, a device, and/or a system of controlling permissible actions a computing device can perform on a data resource based on a use policy evaluating an authorized context of the device. In one embodiment, a request is received from a device to use a protected resource stored in a non-hierarchical data structure. A use policy defining an authorized context for which the device can use the protected resource based on contextual value(s) is extracted from a data node. A use transaction is initiated that gathers the contextual values to determine whether the use request satisfies the authorized context. A set of use terms is generated and returned to the device. The protected resource is then streamed to the device, where the device includes a process to enforce ephemerality of the protected resource by maintaining the protected resource in association with the set of use terms. | 2019-11-07 |
20190342345 | PICTURE/GESTURE PASSWORD PROTECTION - A method is provided for identifying a strength of an input picture password formed by performing a sequence of gestures relative to a picture. The method includes storing, in a memory device, a crowdsource history of picture passwords each of which include a picture and a sequence of gestures on the picture. The method further includes generating, by a processor-based demography-based pattern usage assessment generator, a demography-based pattern usage assessment by analyzing the crowd source history. The method also includes providing, by a user-perceptible indication device, an indication of the strength of the input picture password in accordance with the demography-based pattern usage assessment. | 2019-11-07 |
20190342346 | CREATING AND USING REMOTE DEVICE MANAGEMENT ATTRIBUTE RULE DATA STORE - Some embodiments provide novel methods for processing remote-device data messages in a network based on data-message attributes from a remote device management (RDM) system. For instance, the method of some embodiments identifies a set of RDM attributes associated with a data message, and then performs one or more service operations based on identified RDM attribute set. | 2019-11-07 |
20190342347 | REDUCING NETWORK PROTOCOL OVERHEAD - A telecommunications network includes a telephony application server (TAS). In some examples, the TAS receives, from a terminal, a session-initiation request identifying a called party. The TAS sends structured text (e.g., XML or JSON) identifying the called party (e.g., data of an anyTimeInterrogation query payload) to an information server (e.g., an HLR), which responds with structured text of a destination-terminal address dynamically bound to a terminal associated with the called party (e.g., data of a sendRoutingInformation reply payload). In some examples, the TAS receives Unstructured Supplementary Service Data (USSD) request data from a terminal. The TAS sends structured text indicating the USSD string and an identifier of the terminal to a USSD gateway via an Internet-Protocol-based Lightweight Protocol (IPLP), e.g., HTTPS, and receives structured text including USSD answer data. The TAS sends, to the terminal, a report message comprising the USSD answer data. | 2019-11-07 |
20190342348 | Providing Session Initiation Protocol Request Contents Method and System - An embodiment provides a user equipment that includes a processor configured to receive a Session Initiation Protocol (SIP) NOTIFY message transmitted by a network component as a result of a registration event. The SIP NOTIFY message contains at least a portion of information included in a first SIP message sent between a first user equipment and the network component. Another embodiment provides method and apparatus for a network node to determine whether filter criteria include one or more indicators that specify the need for information, and including in a second SIP message the information specified by the one or more indicators. | 2019-11-07 |
20190342349 | H.248 CONTROL FOR MULTISTREAM MULTIMEDIA CONFERENCES - It is provided a method, comprising detecting if a first signaling indicating the desire to send plural first media streams including an audio stream is received from a sender; informing the resource function processor that at least a subgroup of the first media streams including the audio stream originates from the sender if the first signaling is received from the sender; instructing a resource function processor to perform voice activity detection on the audio stream if the first signaling is received from the sender; instructing the resource function processor to apply a policy on the subgroup of the first media streams, wherein the policy includes passing or discarding at least some of the first media streams of the subgroup and/or selecting destinations for the media streams depending on a result of the voice activity detection on the audio stream. | 2019-11-07 |
20190342350 | MULTIPLE-RECIPIENT OPTIONS REQUEST IN SESSION INITIATED PROTOCOL (SIP) - A user device transmits to a server, a SIP OPTIONS request that includes a list of two or more recipients. The server, in turn, sends a SIP OPTIONS request to each of the recipients, receives a response from each of the recipients, and sends an aggregated response to the user device. The user device thereafter participates in a multiparty communications session with the recipients. | 2019-11-07 |
20190342351 | MEDIA FEED PRIORITIZATION FOR MULTI-PARTY CONFERENCING - Techniques presented herein provide an improved relay user experience and improved management of scarce computing and network resources as the number of relay endpoints increases. A sourcing endpoint device may generate a media feed, such as video and/or audio feed, representing contribution from a conference participant. The sourcing endpoint device may generate a priority value for the media feed, and the priority value may be transmitted to other members of the relay along with the input feed. Priority values of the different relay participants may be used by other devices, for example, intermediate servers or receiving endpoint devices, to manage aspects of the relay. For example, a relay server may prune streams from select endpoint devices based on relative priority values received from those devices. Alternatively, receiving endpoint devices may alter presentation of received feeds based on their associated priority values. | 2019-11-07 |
20190342352 | SOCIAL NETWORKING PERMISSIONS - Enabling access to user-specific content includes maintaining data indicating a social network that indicates a first user and a second user that are connected by one or more relationships through zero or more intermediary users. At least one of the relationships that connect the first and second users is categorized. A request for access to content maintained by the second user is received from the first user. One or more of the relationships that connect the first user to the second user are identified using the data indicating the social network. A category of at least one of the identified relationships is identified. A type of access to the content to be provided to the first user is identified based on the identified to category. The first user is enabled to access the content in accordance with the identified type of access. | 2019-11-07 |
20190342353 | SYSTEMS AND METHODS FOR MULTIPLE DEVICE CONTROL AND CONTENT CURATION - Disclosed is a master electronic device configured to create a content capture session executable by a plurality of electronic devices comprising at least one client electronic device. The master electronic device may comprise: a user interface module configured to receive at least one session parameter; a processor configured to create at least one content capture session based on the at least one session parameter; and a communication means configured to communicate data between the master electronic device and at least one client electronic device, wherein the communication comprises transmission of at least one session parameter, wherein the at least one client electronic device is configured to participate in the at least one content capture session according to the at least one session parameter. | 2019-11-07 |
20190342354 | MANAGING MULTICAST SERVICE CHAINS IN A CLOUD ENVIRONMENT - Techniques for provisioning multicast chains in a cloud-based environment are described herein. In an embodiment, an orchestration system sends a particular model of a distributed computer program application comprising one or more sources, destinations, and virtualized appliances for initiation by one or more host computers to a software-defined networking (SDN) controller. The SDN controller determines one or more locations for the virtualized appliances and generates a particular updated model of the distributed computer program application, the updated model comprising the one or more locations for the virtualized appliances. The SDN controller sends the updated model of the distributed computer program application to the orchestration system. The orchestration system uses the particular updated model to generate a mapping of virtualized appliances to available host computers of the one or more host computers based, at least in part, on the particular updated model of the distributed computer program application. Using the mapping of virtualized appliances to available host computers, the orchestration system sends instructions for initiating the virtualized appliances on the available host computers to one or more cloud management systems. | 2019-11-07 |
20190342355 | Public/Private Communications Paths - Access to transactional multimedia content may be based on network routing. Some multimedia content may be best delivered via a private network. Other multimedia content may be best delivered via a public network. A type of the multimedia content may thus determine network routing. | 2019-11-07 |
20190342356 | SELECTIVELY UPDATING A DYNAMIC MANIFEST FILE - A method for selectively updating a dynamic manifest file is described, wherein the method may comprise: selecting one or more metadata elements of a manifest file used by a client, the one or more selected metadata elements being associated with a subset of representations of the set of representations defined in the manifest file; transmitting a request message identifying the selected one or more metadata, and, optionally, said manifest file identifier, to a network node, the request message being configured to trigger the network node to generate a response message on the basis of the information in the request message; and, receiving the response message from the network node, wherein the response message comprises: location information, preferably an URL or a part thereof, for retrieving a selectively updated version of the dynamic manifest file used by the client, wherein the selectively updated version only comprises new segment identifiers associated with the one or more selected metadata elements; or, wherein the response message comprises: update information, preferably a patch, configured to selectively update the dynamic manifest file used by the client apparatus, wherein the update information only comprises new segment identifiers associated with the one or more selected metadata elements. | 2019-11-07 |
20190342357 | CLOUD-BASED PRESET FOR MEDIA CONTENT PLAYBACK - A system is provided for streaming media content in a vehicle. The system includes a personal media streaming appliance system configured to connect to a media delivery system and receive media content from the media delivery system at least via a cellular network. The personal media streaming appliance system includes one or more preset buttons for playing media content associated with the preset buttons. Data about the preset buttons and the media content associated with the preset buttons can be stored in the media delivery system. | 2019-11-07 |
20190342358 | PERSONAL MEDIA STREAMING APPLIANCE SYSTEM - A system is provided for streaming media content in a vehicle. The system includes a personal media streaming appliance system configured to connect to a media delivery system and receive media content from the media delivery system at least via a cellular network. The personal media streaming appliance system operates to transmit a media signal representative to the received media content to a vehicle media playback system so that the vehicle media playback system operates to play the media content in the vehicle. | 2019-11-07 |