46th week of 2018 patent applcation highlights part 70 |
Patent application number | Title | Published |
20180331919 | Obtain network address of one or more network device for use in authentication - In one embodiment, the present invention relates to obtaining the network address of the network device such as an IP from a laptop, that it is stored in a system. This system then combines these IP addresses and IP address ranges from one or more network devices into groups. Each group has a list of these IP addresses and IP address ranges which can be downloaded and used within authentication device such as a firewall to only allow a specific group of laptops access to the network accessible resource such as a website or an email service. | 2018-11-15 |
20180331920 | DEVICE ABSTRACTION PROXY - Described are systems and methods for implementing and operating a Device Abstraction Proxy (DAP). In one embodiment, the DAP includes a communications interface to connect the DAP to one or more access aggregation devices, each having a plurality of physical ports to provide Digital Subscriber Line (DSL) communication services to a plurality of remote DSL terminals via the plurality of physical ports. The DAP may further include a memory and processor to execute a virtual access aggregation device, in which a subset of the plurality of physical ports are allocated and linked to corresponding logical ports. The DAP may further include a global rule-set module to define operational constraints for the DSL communication services, and a management interface to allow at least one broadband access management system to manage the subset of physical ports allocated to the virtual access aggregation device subject to the operational constraints. | 2018-11-15 |
20180331921 | Packet Processing Method, Forwarding Plane Device and Network Device - A packet processing method, a forwarding plane device and a network device, where the method includes receiving, by a forwarding plane device, a first packet transmitted by a user, where an identity of the user is comprised in the first packet, and a forwarding table is comprised in the forwarding plane device, determining, by the forwarding plane device, an identity of a service according to a corresponding relationship between the identity of the user and the identity of the service as well as the identity of the user in the first packet, generating, by the forwarding plane device, a second packet by encapsulating the first packet with the identity of the service, and transmitting the second packet to a network device to enable the network device to manage the service according to the identity of the service in the second packet. | 2018-11-15 |
20180331922 | METHODS AND SYSTEMS FOR TIME-BASED BINNING OF NETWORK TRAFFIC - In various embodiments, network-traffic records overlapping multiple binning windows are prorated such that partial records are stored in each binning window of overlap. In addition, the full, non-prorated record is stored in at least one of the binning windows. | 2018-11-15 |
20180331923 | VISUALIZATION OF CYCLICAL PATTERNS IN METRIC DATA - In a method for visualizing cyclical patterns in metric data, receiving, by one or more processors, data relating to a computer environment. The method further includes creating, by one or more processors, a visualization, wherein the visualization presents the data in a first format. The method further includes causing, by one or more processors, the visualization to be displayed in a user interface. The method further includes receiving, by one or more processors, an indication of a user interaction in the user interface, wherein the user interaction indicates an alternative visualization of the data, wherein the alternative visualization presents the data in a second format that includes a fragment of the received data. The method further includes creating, by one or more processors, the alternative visualization. | 2018-11-15 |
20180331924 | SYSTEM MONITORING DEVICE - A device may select an enterprise content management (ECM) system for monitoring. The ECM system may include a set of subsystems. The device may monitor the set of subsystems of the ECM system based on selecting the ECM system for monitoring. The device may perform a set of health checks on the set of subsystems based on monitoring the set of subsystems. The set of health checks may include a validation of a set of network addresses associated with the set of subsystems, an analysis of a set of log files associated with the set of subsystems, and a determination of a set of metrics associated with the set of subsystems. The device may generate a health check report based on the set of health checks. The device may provide the health check report. | 2018-11-15 |
20180331925 | INTEGRATED ADAPTIVE ANYCAST FOR CONTENT DISTRIBUTION - A system includes first and second cache servers a domain name server, and a route controller. The cache servers are each configured to respond to an anycast address. Additionally, the first cache server is configured to respond to a first unicast address, and the second cache server is configured to respond to a second unicast address. The router controller configured to determine wither the status of the first cache server is non-overloaded, overloaded, or offline. The route controller is further configured to instruct the domain name server to provide the second unicast address when the status is overloaded or offline, and modify routing of the anycast address to direct a content request sent to the anycast address to the second cache server when the status is offline. The domain name server is configured to receive a request from a requestor for a cache server address. Additionally, the domain name server is configured to provide an anycast address to the requestor when the status of the first cache server is non-overloaded, and provide the second unicast address to the requestor when the status of the first cache server is offline or overloaded. | 2018-11-15 |
20180331926 | SYSTEM AND METHODS FOR DETERMINING CHANNEL CHARACTERISTICS - A system for determining communication channel characteristics includes a transmitter comprising a bit sequence generator and a frame processing and modulator unit, where the frame processing and modulator unit is configured to generate a transmission frame comprising an embedded bit sequence generated by the bit sequence generator and at least one embedded side channel field, the transmitter further configured to transmit the transmission frame over a communications channel, a receiver in communication with the transmitter over the communications channel and configured to receive the transmission frame, and a data processor, in communication with the receiver through a data processor interface, configured to receive the transmission frame from the receiver, the processor further configured to process the transmission frame to detect and analyze distortions in a waveform corresponding to the transmission frame generated during the transmission over the communications channel based on the embedded bit sequence and the at least one embedded side channel field. | 2018-11-15 |
20180331927 | Resource Coordinate System for Data Centers - Embodiments allow identifying unique locations, proximity, and constraints of various individualization resource units in a data center. A plurality of processes may compete for available resources (e.g., CPU, network bandwidth, memory) in a shared environment, which may be virtualized (e.g., comprising host, VM, container, application server instance resource units). A scheduling infrastructure determines individualization unit locations according to an identifier reflecting resource hierarchies. For each process, the data sending infrastructure sends location data as an ID stack to a central monitoring instance for analysis. That central monitoring instance can reference the resource location information to identify process proximity and competition for resources constraining process performance. Resource location information in the form of coordinates provided by the ID stack, offer valuable information regarding resource consumption and other information relevant for process monitoring. Embodiments may be particularly useful in diagnosing bottlenecks arising from processes sharing resource units in virtualized environments. | 2018-11-15 |
20180331928 | ANALYZING RESOURCE UTILIZATION OF A CLOUD COMPUTING RESOURCE IN A CLOUD COMPUTING ENVIRONMENT - A device may receive information that identifies a resource utilization, by another device, of a cloud computing resource. The device may determine a current score based on the information that identifies the resource utilization and information that identifies a threshold. The current score may be indicative of the resource utilization relative to the threshold. The device may determine a prediction of a future score related to the resource utilization based on the current score and based on the threshold. The prediction of the future score may relate to satisfaction of the threshold. The device may determine a set of recommendations. The set of recommendations may be related to the resource utilization. The device may provide information that identifies the current score, the prediction of the future score, or the set of recommendations to permit or cause an action to be performed. The action may be related to the resource utilization. | 2018-11-15 |
20180331929 | METHODS, SYSTEMS AND DEVICES FOR MONITORING AND MANAGING NETWORK-CONNECTED DEVICE USAGE - The present application provides monitoring and managing usage of one or more network-connected devices over a network. The network-connected devices may include devices connected to the Internet of Things (IoT). Some aspects provide systems, methods and computing devices for: receiving usage and rate data associated with network-connected device(s); determining device expenditure data based on the usage and rate data; obtaining allocation information pertaining to a time period; updating information associated with one or more data files with the device expenditure data; comparing the updated information to the allocation information; and determining whether an allocation indicated by the allocation information for the time period is feasible. | 2018-11-15 |
20180331930 | NON-TRANSITORY COMPUTER-READABLE RECORDING MEDIUM RECORDING BURST DETECTION PROGRAM, BURST DETECTION METHOD AND INFORMATION PROCESSING APPARATUS - A non-transitory computer-readable recording medium having stored therein a program for causing a computer to execute a burst detection process, the burst detection process includes: setting a virtual switch to notify passage information indicating a passage of a segment of a specific flow when the segment of the specific flow passes through the virtual switch; recording notification time of the passage information in a storage when the passage information is notified from the virtual switch; and determining whether a burst occurs in the virtual switch, based on the notification time of the passage information recorded in the storage. | 2018-11-15 |
20180331931 | PACKET THROUGHPUT AND LOSS RATIO MEASUREMENTS OF A SERVICE FUNCTION CHAIN - A method for monitoring a network includes generating a first receiving sequence number representing a first location within a first ordered sequence of a number of data packets as received by a receiving device, and extracting a first transmission sequence number representing a second location within a second ordered sequence of the number of data packets as transmitted by a transmitting device. The method further includes generating a second receiving sequence number representing a third location within the first ordered sequence of the number of data packets, extracting a second transmission sequence number representing a fourth location within the second ordered sequence of the number of data packets. The method further includes generating a measurement of network transmission based at least on the first receiving sequence number, the first transmission sequence number, the second receiving sequence number, and the second transmission sequence number. | 2018-11-15 |
20180331932 | METHOD AND SYSTEM FOR INCREASING THROUGHPUT OF A TCP/IP CONNECTION - A technique to increase the throughput (TP) of transmission of IP packets over a cellular connection between a mobile device (MD) and a network element (NE) is disclosed. An example embodiment of the disclosed technique starches the time period of the slow start phase of a TCP/IP connection between the MD and the NE. Another example embodiment divides the slow-start phase into two or more slow-start-sub phases. Yet, another disclosed embodiment is configured to add, during the slow-start phase, an extra number of bytes that are embedded in extra-number-of packets (ENoP) wherein the value of the ENoP is decreased when the RTT is increased. | 2018-11-15 |
20180331933 | IN-SITU OAM SAMPLING AND DATA VALIDATION - The disclosure relates to technology for sending network management information in a network. A source edge node modifies data packets by encapsulating an operations, administration and maintenance (OAM) header in a select number of the data packets. The OAM header includes a data type bitmap and a node data list. A valid node bitmap is inserted into the OAM header prior to the node data list, and each bit in the valid node bitmap identifies whether one or more nodes in the network add data to the OAM header. A valid data bitmap is then added into the OAM header for each of the one or more nodes identified as adding data to the OAM header. The valid data bitmap indicates types of data items available at the node. Subsequently, the edge node issues the select data packets to the one or more nodes identified in the OAM header. | 2018-11-15 |
20180331934 | STATE SYNCHRONIZATION FOR GLOBAL CONTROL IN A DISTRIBUTED SECURITY SYSTEM - A device may comprise security processing units (SPUs) including a SPU to receive a session request. The SPU may identify global counter information and update counter information. The global counter information may include a global counter identifier and a global counter value. The update counter information may include an update counter identifier and an update counter value. The SPU may identify a global limit associated with the global counter, may determine that the global limit has not been met, and may cause the session to be created. The SPU may create a modified global counter value. The SPU may create a modified update counter value. The SPU may determine that a local update message is required based on the modified update counter value, and may provide the local update message to another SPU. The local update message may include the global counter identifier and the modified global counter value. | 2018-11-15 |
20180331935 | LOAD BALANCING IN MULTIPLE-INPUT MULTIPLE-OUTPUT SYSTEMS USING A MESH NETWORK - Techniques are described for enhancing wireless communication using millimeter wave (mmW) communication and mesh network topology. One method includes transmitting data to a first wireless device via a first mmW communication beam from a base station, determining that a performance level of the first mmW communication beam is below a threshold value based on transmitting the data, and communicating with the first wireless device over a transmission route based on a performance level of a second mmW communication beam. In some examples, the transmission route includes a first segment that includes the second mmW communication beam and a second segment that includes a wireless mesh network. | 2018-11-15 |
20180331936 | DEVICE FOR SIMULATING A COMMUNICATION RELAY - A device for simulating a communication relay for at least one device for processing tactical data, includes a data storage system; a first connection interface for connection with the device for processing tactical data; a second communication interface; a processor connected to the storage system and to the interfaces, the processor being configured so as to: divide a temporal cycle having a first predetermined duration into time slots of a second predetermined duration, each time slot being identified by an index in the temporal cycle; monitor the network traffic over the second communication interface; emit a message via the first interface for all the indices of slots except for slots identified by a list of at least one excluded index; broadcast a message via the second interface for the slots identified by the list of at least one excluded index. | 2018-11-15 |
20180331937 | SYSTEM SIMULATOR AND SIMULATION METHOD - The present invention provides a system simulator ( | 2018-11-15 |
20180331938 | METHOD AND APPARATUS FOR INITIATING INTERNET CONNECTION SPEED TESTING ON A RESIDENTIAL GATEWAY - In one example, a method and apparatus for initiating internet connection speed tests in residential gateways are disclosed. In one example, the method initiates, by a residential gateway of a subscriber premises, a test of an internet connection speed associated with the subscriber premises, such that the residential gateway and a test server are endpoints for an exchange of test data. A speed of the exchange of the test data is then measured. | 2018-11-15 |
20180331939 | Network Proxying Technology - A network device including a first network interface adapted to communicate with at least one further network device within a sub-network, and a proxy module adapted to provide control and information retrieval functionality relating to the at least one further network device to network devices outside the sub-network. | 2018-11-15 |
20180331940 | DEVICE AND METHOD FOR BALANCED AD-HOC NETWORK FORMATION - In one implementation, the present invention provides a mechanism for balanced ad-hoc network formation. To achieve the for balanced ad-hoc network formation, the present invention sends the metric information with DIO control message. A new metric container type is introduced in RPL to hold the metric information, and select the parent with minimum path cost, and switch the parent with minimum path cost, as per the defined logic. A stateless metric considers that the average traffic flow from each node is approximately same. The stateless metric directly uses the number of routing table entries (RT | 2018-11-15 |
20180331941 | VARYING A PER-HOP-BANDWIDTH CONSTRAINT IN MULTI-PATH LABEL SWITCHED PATHS - Techniques are described for varying a bandwidth constraint at one or more hops along a path of a sub-label-switched path (sub-LSP) of a multi-path label-switched path (MP-LSP). The techniques include computing, by an ingress router, a plurality of paths for a plurality of sub-LSPs of a MP-LSP and outputting, by the ingress router, for each path of the plurality of paths, a respective resource reservation request message to establish a respective sub-LSP of the plurality of sub-LSPs, each respective resource reservation request message including an indication of an explicit route, a tunnel identifier indicating the MP-LSP, an identifier for the respective sub-LSP, an indication of a per-hop bandwidth constraint that corresponds to a respective incoming per-hop bandwidth constraint of the plurality of incoming per-hop bandwidth constraints, and one or more instructions to modify the indication of the per-hop bandwidth constraint. | 2018-11-15 |
20180331942 | METHOD FOR DATA EXCHANGE BETWEEN WEB BROWSERS, AND ROUTING DEVICE, TERMINAL, COMPUTER PROGRAM AND STORAGE MEDIUM THEREFOR - A method for exchanging data between a first web browser and a second web browser of a communications network. The method includes a phase of initialization, implementing the following acts in a routing device of the network placed on a default communications path between the first and second browsers: receiving a message for verifying connectivity between the browsers, the message carrying a specific attribute authorizing data exchanges between the browsers; and verifying an authorization of data exchanges between the browsers, from the specific attribute; and in the event of positive verification, modifying at least one routing table for routing data between the first browser and the second browser so as to define a replacement communications path between the browsers, passing through the routing device. | 2018-11-15 |
20180331943 | ROUTING NETWORK TRAFFIC BASED ON DESTINATION - A method may include identifying an address within a packet of a traffic flow associated with a network device. The method may also include comparing the address within the packet with a stored address, the stored address associated with a route for an alternative traffic path, where the alternative traffic path may be different from a default route of traffic passing through the network device. The method may additionally include, based on the address within the packet matching the stored address, routing the packet along the alternative traffic path instead of the default route of traffic. | 2018-11-15 |
20180331944 | DATA FLOWS OVER MULTIPLE ACCESS NETWORKS - Apparatuses, methods, and systems are disclosed for utilizing multiple access network for data flows. One apparatus includes a network interface that communicates with a remote unit and a processor. The apparatus establishes a control connection with the remote unit and receives a plurality of network addresses used by the remote unit to communicate over different access networks. The apparatus receives a first set of data flows transmitted by the remote unit over a first access network. The processor determines that a subset of the first set of data flows is to utilize both the first access network and the second access network and sends a command to the remote unit over the control connection to utilize the second access network for at least some of the traffic of each data flow in the subset of the first set of data flows. | 2018-11-15 |
20180331945 | ROUTING NETWORK TRAFFIC - A method of routing network traffic may include routing traffic from a local network device, through a remote network location, to a third party network resource along a first path. The method may also include determining a first ranking for the first path, and determining a second ranking for a second path from the local network device to the third party network resource along a second path, the second path excluding the remote network location. The method may additionally include, based on the second ranking exceeding the first ranking by a threshold amount, rerouting the traffic along the second path. | 2018-11-15 |
20180331946 | ROUTING NETWORK TRAFFIC BASED ON PERFORMANCE - A method may include selecting a destination of a traffic flow in a second network domain outside of a first network domain, and determining multiple paths from an origin of the traffic flow to the destination, where each of the multiple paths may include a first network domain path through the first network domain and a second network domain path through the second network domain. The method may also include, for each of the multiple paths, combining a first performance score for the first network domain path with a second performance score for the second network domain path. The method may additionally include selecting one of the plurality of paths with a combined first and second performance score below a threshold, and routing the traffic flow along the selected one of the plurality of paths. | 2018-11-15 |
20180331947 | ROUTING NETWORK TRAFFIC BASED ON DNS - A method may include receiving a domain name system (DNS) query at a network device, where the DNS query may be associated with a traffic flow identified for rerouting through an alternative path utilizing an alternative network device instead of a default path. The method may also include rewriting the DNS query such that the DNS query is routed through the alternative network device along the alternative path and to a DNS server associated with the alternative path. The method may additionally include receiving a DNS response from the DNS server, where a resource identified in the DNS response may be based on the DNS query coming through the alternative network device. | 2018-11-15 |
20180331948 | DEFINING ROUTING DOMAIN FOR DISTRIBUTED PACKET PROCESSING - For a managed network including multiple host machines implementing multiple logical networks, some embodiments provide a method that reduces the memory and traffic load required to implement the multiple logical networks. The method generates configuration data for each of multiple host machines including (i) data to configure a host machine to implement a set of logical forwarding elements that belong to a set of routing domains and (ii) identifiers for each routing domain in the set of routing domains. The method then receives data regarding tunnels endpoints operating on each of the host machines and an association with the routing identifiers sent to the host machines. The method then generates a routing domain tunnel endpoint list for each routing domain based on the data received from each of the host machines including a list of the tunnel endpoints associated with the routing domain which the host machines can use to facilitate packet processing. | 2018-11-15 |
20180331949 | SECURING LAYER-3 VIRTUAL PRIVATE NETWORK - A data packet from a sub-virtual routing and forwarding (sub-VRF) in a virtual routing and forwarding (VRF) is received. The VRF includes more than one sub-VRF. A value in a Border Gateway Protocol (BGP) attribute attached to the data packet is determined. Based on the value in the BGP attribute, whether to route the data packet to a different sub-VRF in the VRF is determined. | 2018-11-15 |
20180331950 | IP Address and Routing Schemes for Overlay Network - A communication system includes multiple Point-of-Presence (POP) interfaces distributed in a Wide-Area Network (WAN), and one or more processors coupled to the POP interfaces. The processors are configured to assign to an initiator in the communication system a client Internet Protocol (IP) address, including embedding in the client IP address an affiliation of the initiator with a group of initiators, to assign to a responder in the communication system a service IP address, including embedding in the service IP address an affiliation of the service with a group of responders, and to route traffic between the initiator and the responder, over the WAN via one or more of the POP interfaces, in a stateless manner, based on the affiliation of the initiator and the affiliation of the service, as embedded in the client and service IP addresses. | 2018-11-15 |
20180331951 | DYNAMIC CHAIN OF SERVICE FUNCTIONS FOR PROCESSING NETWORK TRAFFIC IN A VIRTUAL COMPUTING ENVIRONMENT - The technology disclosed herein enables a dynamic chain of virtual service functions for processing network traffic in a virtual computing environment. In a particular embodiment, a method includes providing a service chain policy to a virtual routing element connecting the respective service functions and determining an initial classification of a network packet entering the dynamic service chain. The initial classification indicates at least a first service function in a sequence of the service functions for processing the network packet. The method further includes providing a service chain policy to a virtual routing element connecting the respective service functions. After the network packet has been processed by a one service function in the sequence and before the virtual routing element passes the network packet to a next service function in the sequence, the method provides applying the service chain policy to the network packet in the virtual routing element to determine the next service function and directing the network packet from the virtual routing element to the next service function. The process continues till the packet passes through all service functions till it reaches its destination. | 2018-11-15 |
20180331952 | Mapping selective DSCP values to GTP-U - An apparatus and a method are provided by which a packet is received, a service identification in the packet is detected, it is decided based on the detected service identification whether a tunnel protocol extension header is to be generated or not, and, when the tunnel protocol extension header is to be generated, the tunnel protocol extension header is generated, the received packet is encapsulated with the generated tunnel protocol extension header and the encapsulated packet is forwarded. | 2018-11-15 |
20180331953 | ROUTE SIGNALING AND CONVERGENCE IN EVPN OF PORT EXTENDERS - Techniques are described for forwarding traffic within an Ethernet Virtual Private Network (EVPN) fabric of port-extenders by modeling a port-extender as a port-extender Ethernet segment. For example, a method includes receiving, by a provider edge (PE) device of a plurality of PE devices configured with an EVPN instance reachable by a port-extender Ethernet segment connecting the plurality of PE devices to a port-extender device, an EVPN route including information identifying an extended-port of the port-extender device associated with the port-extender Ethernet segment; storing, by the PE device, the information identifying the extended-port of the port-extender device associated with the port-extender Ethernet segment; and generating, by the PE device, a packet header of a data packet to be forwarded toward the extended-port of the port-extender device, the packet header including the information identifying the extended-port of the port-extender device. | 2018-11-15 |
20180331954 | HYBRID PACKET PROCESSING - Some embodiments provide a method of processing an incoming packet for a managed forwarding element that executes in a host to forward packets in a network. The method performs a lookup into a forwarding table to identify a flow entry matched by the incoming packet. The flow entry specifies a high-level action to perform on the incoming packet. The method provides packet data to a module executing separately from the managed forwarding element in the host. The module performs a set of processes in order to identify a set of low-level actions for the managed forwarding element to perform on the incoming packet without additional lookups into the forwarding table. The method receives data from the separate module specifying the set of low-level actions. The method performs the set of low-level actions on the incoming packet in order to further process the packet. | 2018-11-15 |
20180331955 | Service Traffic Allocation Method and Apparatus - A service traffic allocation method and apparatus, where first leaf node repeatedly sends a probe packet through each physical link of multiple physical links of the first leaf node coupled to a backbone node, for each physical link, the first leaf node receives a returned response packet through the physical link, where each response packet is returned by a second leaf node after a probe packet that is sent through a physical link arrives at the second leaf node, for each path, the first leaf node calculates a transmission parameter of the path according to multiple response packets received on the path to obtain the transmission parameter of each path, and the first leaf node allocates to-be-transmitted service traffic to the physical links according to the transmission parameter of each path. | 2018-11-15 |
20180331956 | Optimized Routing in Connected Environments - Geographic proximity and network congestion are used to determine efficient routing of data in networks. If two devices are geographically close, then device-to-device communication may be possible. Data may thus be routed using device-to-device communication, which avoids consuming bandwidth in wide area networks and in cellular networks. | 2018-11-15 |
20180331957 | Policy Enforcement Based on Host Value Classification - Examples disclosed herein relate to enforcing a policy to a packet stream based on a classification and a determination that a proxy connection is associated with the packet stream. In the example, the packet stream is received. In this example, a host value is determined for the packet stream. Also, in the example, it is determined whether the packet stream is associated with the proxy connection. Further, in the example, a classification is determined based on the host value. In this example, the policy is enforced for the packet stream based on the classification and the determination that the proxy connection is associated with the packet stream. | 2018-11-15 |
20180331958 | QOS INFORMATION CONTROL METHOD AND APPARATUS - A method of a terminal for controlling quality of service (QoS) information is provided. The method includes acquiring a data packet, identifying a traffic type of the data packet, when QoS control is required for a service flow according to the traffic type, transmitting, to a network device, an uplink (UL) data packet, first QoS support information of the terminal, and a QoS support or non-support display request of the network device, receiving a downlink (DL) data packet from a service providing server, determining whether the DL data packet corresponds to the UL data packet and includes second QoS support information of at least one network device connecting the terminal and the service providing server, and identifying the second QoS support information based on a result of the determining. | 2018-11-15 |
20180331959 | SYSTEMS AND METHODS FOR PROVIDING QUALITY OF SERVICE TO RFID - Embodiments of the present invention include systems and methods for providing Quality of service to RFID. In one embodiment the present invention includes a method of providing quality of service in an RFID network comprising storing RFID priority information corresponding to the RFID network, wherein the RFID network comprises one or more tags and one or more readers mapping the RFID priority information into priority information corresponding to a second network. | 2018-11-15 |
20180331960 | OVERLOAD PROTECTION ENGINE - A fabric interface, including: an ingress port to receive incoming network traffic; a host interface to forward the incoming network traffic to a host; and a virtualization-aware overload protection engine including: an overload detector to detect an overload condition on the incoming network traffic; a packet inspector to inspect packets of the incoming network traffic; and a prioritizer to identify low priority packets to be dropped, and high priority packets to be forwarded to the host. | 2018-11-15 |
20180331961 | INSPECTING OPERATIONS OF A MACHINE TO DETECT ELEPHANT FLOWS - Some embodiments provide a system that detects whether a data flow is an elephant flow; and if so, the system treats it differently than a mouse flow. The system of some embodiments detects an elephant flow by examining, among other items, the operations of a machine. In detecting, the system identifies an initiation of a new data flow associated with the machine. The new data flow can be an outbound data flow or an inbound data flow. The system then determines, based on the amount of data being sent or received, if the data flow is an elephant flow. The system of some embodiments identifies the initiation of a new data flow by intercepting a socket call or request to transfer a file. | 2018-11-15 |
20180331962 | SYSTEM AND METHOD FOR REDUCING BANDWIDTH USAGE OF A NETWORK - A method of reducing the bandwidth usage of a network comprises intercepting traffic between a TCP server and a TCP client using TCP protocols that use client acknowledgements; identifying client acknowledgements from the TCP protocols; identifying the sequence number of a last received client acknowledgements from the intercepted traffic; identifying the sequence number of a last sent client acknowledgement from the intercepted traffic; calculating an unacknowledged byte value based on the difference between the last received client acknowledgement sequence number and the last sent client acknowledgement sequence number; comparing the calculated unacknowledged byte value with a predetermined threshold value, to determine whether the calculated unacknowledged byte value is at least as great as the predetermined threshold value; and transmitting the identified client acknowledgements into the network when the compared unacknowledged byte value is at least as great as the predetermined threshold value. | 2018-11-15 |
20180331963 | DETERMINING DATA FLOWS TO AN INGRESS ROUTER WITH DATA FLOWS RECEIVED AT AN EGRESS ROUTER - A method for identifying an ingress router with collected IP network traffic data captured at an egress router is described. The method includes receiving, at a learning database, an ingress network traffic data flow exported from the ingress router and an ingress interface. The method then proceeds to receive, at a flow processing module, an egress network traffic data flow exported from the egress router and an egress interface. The method then enables the flow processing module to query the learning database with the egress network traffic data flow. The method determines the ingress router corresponding to the egress network traffic data flow, when the learning database matches the egress network traffic data flow with the ingress network traffic data flow. | 2018-11-15 |
20180331964 | Scheduling Mechanism for Ultra-Reliable Low-Latency Communication Data Transmissions - One or more of multiple UEs with a pending payload are assigned to individual sets of PRBs. The allocating assigns X of N total PRBs to be transmitted, X2018-11-15 | |
20180331965 | CONTROL CHANNEL USAGE MONITORING IN A SOFTWARE-DEFINED NETWORK - In some examples, a Software-Defined Network (SDN) controller includes a processing resource a memory resource including machine readable instructions to: (1) run a first SDN application to monitor usage of a control channel between the SDN controller and a device in the control domain of the SDN controller, (2) run a second SDN application that uses the control channel to communicate with the device, (3) and throttle the use of the control channel by the second SDN application when it is determined, by monitoring usage of the control channel with the first SDN application, that control channel usage satisfies a usage criteria. | 2018-11-15 |
20180331966 | APPARATUS FOR SCHEDULING CONTENTION-BASED DATATRANSFER AND METHOD THEREOF - Provided are an apparatus and a method for scheduling contention-based data transmission in a network system including an access point (AP) and a plurality of terminals. The method includes determining a contention window (CW) size based on the number of terminals connected to the access point, and transmitting information about the contention window size to any one of the plurality of terminals. The apparatus includes a processor and an RF unit. Here, the processor is configured to determine a contention window (CW) size based on the number of terminals connected to the access point, and transmit information on the contention window size to any one of the plurality of terminals through the RF unit. | 2018-11-15 |
20180331967 | ERROR CORRECTION OPTIMIZATION - A method for data communication between a first node and a second node over a data path coupling the first node and the second node includes transmitting a segment of data from the first node to the second node over the data path as a number of messages, the number of messages being transmitted according to a transmission order. A degree of redundancy associated with each message of the number of messages is determined based on a position of said message in the transmission order. | 2018-11-15 |
20180331968 | CONTROL METHOD AND APPARATUS, AND NETWORK CONTROLLER - The invention provide a control method, including: obtaining a time division scheme of a STA in a next cruise monitoring period, where the next cruise monitoring period includes N adjustment periods and N monitoring periods determined by means of division according to N preset points; configuring control information according to the time division scheme, where the control information is for controlling an operating status of the STA in each adjustment period in the next cruise monitoring period; and sending the control information to the STA. | 2018-11-15 |
20180331969 | REDUCING OVERLAY NETWORK OVERHEAD ACROSS CONTAINER HOSTS - A system for reducing overlay network overhead includes a memory, a processor in communication with the memory, a first container and a second container running on a first host, and a container scheduler executing on the processor. Each of the first container and second container expose a network service port(s). The container scheduler executes on the processor to assign a network complexity weight to the first host. The network complexity weight is based on a quantity of network service ports that the first container and the second container expose. The container scheduler also filters hosts based on resource availability corresponding to each host and ranks the hosts based on a respective network complexity weight corresponding to each host. Additionally, the container scheduler dispatches a third container to a second host based on the resource availability and network complexity weight corresponding to the second host. | 2018-11-15 |
20180331970 | SYSTEMS, DEVICES AND METHODS OF DECOMPOSING SERVICE REQUESTS INTO DOMAIN-SPECIFIC SERVICE REQUESTS - The various embodiments include methods, computers and communication systems that enable decomposing abstract service requests into resources rules, which may include receiving an abstract service request (e.g., a request specifying a functional requirement) via an exposed public interface, generating domain-specific resource rules based on the received abstract service request, identifying relevant components in a telecommunications domain for enforcing the generated domain-specific resource rules, and send the domain-specific resource rules to the identified components (e.g., online charging server, policy management server, etc.) for enforcement. Generating domain-specific resource rules based on the received abstract service request may include generating the rules consistent with the existing resource rules of the domain. | 2018-11-15 |
20180331971 | ADAPTIVE THROTTLING FOR SHARED RESOURCES - Customers of shared resources in a multi-tenant environment can have token buckets allocated that have an associated depth and fill rate, with each token enabling the customer to obtain an amount of work from a shared resource. A resource management system can monitor one or more system or output metrics, and can adjust a global fill rate based at least in part upon values of the monitored metrics. Such an approach can provide a fair distribution of work among the customers, while ensuring that the metrics stay within acceptable ranges and there are no drastic changes in performance levels of the system. The fill rate can update dynamically with changes in the monitored parameters, such that the system can float near an equilibrium point. Commitments for specific minimum service levels also can be met. | 2018-11-15 |
20180331972 | GENERATING AUTOMATIC BANDWIDTH ADJUSTMENT POLICIES PER LABEL-SWITCHED PATH - A device may identify a plurality of first values associated with network traffic of a label-switched path of a plurality of label-switched paths. The device may determine an adjustment policy based on the plurality of first values. The adjustment policy may include one or more factors associated with a plurality of second values. The plurality of second values may be determined based on the plurality of first values. The device may implement the adjustment policy in association with the label-switched path. A bandwidth reservation of the label-switched path may be adjusted based on the adjustment policy. The adjustment policy may be implemented for fewer than all of the plurality of label-switched paths. | 2018-11-15 |
20180331973 | INCREASING VIRTUAL MACHINE AVAILABILITY DURING SERVER UPDATES - Methods, systems, and apparatuses increase virtual machine availability during server updates. A first resource set is designated to include one or more servers needing an update. A first set of virtual machines running on the one or servers in a live manner is migrated from the first resource set to a second resource set to convert the first resource set to an empty resource set, and such that the first set of virtual machines runs in a live manner on the second resource set. The update is performed on the one or more servers of the empty resource set to create an updated empty resource set. | 2018-11-15 |
20180331974 | METHOD AND APPARATUS FOR CONTROLLING AND FACILITATING CONTROL OF DATA STREAM OF USER IN SDN NETWORK - A method for controlling a user data flow in an SDN controller of an SDN network includes retrieving user profile information from a user information database via an Ss interface with the user information database; controlling a data flow of a user based on the user profile information. The SDN controller is enabled to have a capability of obtaining user profile information through a newly added interface between the SDN controller and the user information database, such that the SDN controller may control a user data flow based on the user profile information. | 2018-11-15 |
20180331975 | POLICY BASED SELECTION OF RESOURCES FOR A CLOUD SERVICE - Selecting resources for a cloud service can include defining a specific resource provider constraint parameter, determining a parameter value for the specific resource provider constraint parameter, analyzing a plurality of specific resource providers and selecting a specific resource provider from the plurality of available specific resource providers based on the analysis and using a best-fit model. | 2018-11-15 |
20180331976 | DATA PROCESSING SYSTEM - A data processing system has a poll mode driver and a library supporting protocol processing. The poll mode driver and the library are non-operating system functionalities. An application is provided. An operation system is configured while executing in kernel mode and in response to the application being determined to be unresponsive, use a helper process being an operating system functionality executing at user-mode to cause a receive or transmit mode of the application to continue. | 2018-11-15 |
20180331977 | ETHERNET AGGREGATION BETWEEN AN EDGE DEVICE AND A SWITCH - In one example, a Fibre Channel over Ethernet (FCoE) network is described, which includes an edge device and a logical link to connect the edge device to an FCoE switch. The edge device includes an edge device FCoE link aggregation sub-layer. The logical link includes multiple FCoE links connected to multiple ports of the edge device. The edge device FCoE link aggregation sub-layer to enable transmission and reception of FCoE frames from/to the edge device via the logical link. | 2018-11-15 |
20180331978 | ASYNCHRONOUS SWITCHING SYSTEM AND METHOD - An asynchronous switching system and method for processing SDI data streams, the system and method utilizing one or more buffers for cleaning up an output of a dirty IP switch. | 2018-11-15 |
20180331979 | SYSTEM AND METHOD FOR CREATING CONVERSATIONS TO LAUNCH WITHIN APPLICATIONS - A system and method of creating interactions in the form of conversations for launch within applications, and generating analytics based on the data received by users of the applications in response to the conversations, are described. Application developers can be supported in creating the conversations using software development tools to create one or more conversations and to configure the conversations for launch to one or more applications. Application users can respond to the conversations and the responses can be assessed by the processors associated with the software development tools to produce analytics for a number of uses, including for creating subsequent conversations and for communicating with third-party platforms. | 2018-11-15 |
20180331980 | METHODS AND APPARATUSES FOR CROSS PLATFORMS CONVERSATIONS THROUGH A BOT FRAMEWORK - Embodiments herein relate to methods, a chatbot capable framework and a system for allowing a dialogue between user devices using the chatbot framework. A first user device establishes a session with the chatbot framework and starts a dialogue with the framework. The first user devices invites a second user device via the chatbot framework, the second user devices connects to the chatbot framework and accepts the invitation and the chatbot framework allows the dialogue between the user devices and stores a session state in a database. | 2018-11-15 |
20180331981 | SYSTEM AND METHOD FOR PERFORMING FOLLOW UP BASED ON USER INTERACTIONS - A system and method for follow up management comprising determining if a user has a repository record, extracting information from the repository record associated with the user, and acting on information stored in the repository record. The method may be practiced on a system for managing online interaction comprising a business rules engine a follow up repository, and a follow up engine. | 2018-11-15 |
20180331982 | Messaging System Apparatuses Circuits and Methods of Operation Thereof - A method for managing a messaging system for receiving at a messaging server a message addressed, storing the message, transmitting a notification of the presence of the message at the messaging server, receiving a request to retrieve the message, validating the first mobile messaging client device, transmitting the message and a message attribute from the messaging server to the first mobile messaging client device, and receiving at the messaging server from the first mobile messaging client device a message management notification generated by the first mobile messaging client device in connection with managing the message in accordance with the message attribute at the first mobile messaging client device. | 2018-11-15 |
20180331983 | MESSAGE DELIVERY MANAGEMENT BASED ON DEVICE ACCESSIBILITY - A processor may receive an electronic message sent to a first device associated with a user. The electronic message may have a first format. The processor may receive usage information about the first device and a second device associated with the user. The processor may determine whether to send the electronic message to the second device based on the received usage information. The second device may be capable of receiving messages having a second format. The processor may determine, in response to determining to send the electronic message to the second device, whether to transform the electronic message from the first format to the second format. The processor may transform, in response to determining to transform the electronic message to the second format, the electronic message. The processor may transmit the transformed electronic message to the second device. | 2018-11-15 |
20180331984 | Encrypted Pixilated Color(s) Communication Message Translator - Embodiments can present message to a receiver with a color to reflect a mood and/or an action of the sender of the message. The system can enable the sender to select a mood or action to represent his/her mood or intended action when sending the message to the receiver. The system can enable the receiver to select a personalized color for presenting the message to reflect the mood or intended action of the sender. In some embodiments, the system can analyze a communication between the receiver and the sender to determine what mood(s) or actions(s) were during the communication. A result of the analysis can be presented to an interested party for review. In some embodiments, the system can enable the receiver to select one or more colors such that incoming messages of those colors will be bounced back to the sender(s). | 2018-11-15 |
20180331985 | RESOURCE SHARING METHOD AND TERMINAL - A resource sharing method is performed at a mobile terminal, the method including the following steps: obtaining configured user identifier; obtaining multimedia data; obtaining a resource sharing request, and associating the user identifier with the multimedia data according to the resource sharing request; generating a resource sharing instruction according to an association relationship between the user identifier and the multimedia data; and executing the resource sharing instruction. | 2018-11-15 |
20180331986 | MEDIA INFORMATION RELEASE METHOD, SYSTEM, AND COMPUTER STORAGE MEDIUM - The present disclosure relates to a media information releasing method performed by a mobile terminal. The mobile terminal receives a media information releasing message associated with a second application while running a first application. The mobile terminal generates a media information releasing message interface corresponding to the media information releasing message, the media information releasing message including a corresponding media information releasing configuration, and then presents, by using a floating window, the media information releasing message interface on a current display interface of the first application. After obtaining a first user operation performed on the media information releasing message interface, the mobile terminal submits a media information obtaining request associated with the second application to a remote server, so that the server shares media information according to the media information releasing configuration, thereby improving media information obtaining efficiency. | 2018-11-15 |
20180331987 | SYSTEM AND METHOD FOR INMATE NOTIFICATION AND TRAINING IN A CONTROLLED ENVIRONMENT FACILITY - A messaging system for relaying messages to groups of inmates located in one or more controlled-environment facilities. The system receives a message from a user and a recipient designation identifying those inmates designated for receiving the message. The system performs a content check of the message or requests administrator authorization of the message, and then packages the message in a format designated by the facility. The packaged message includes the message itself, and also recipient information and other delivery information. The message may be packaged uniquely according to facility specifications. At the facility, the received message is unpacked. Recipients are identified from the recipient designation in the message, and delivery methods are retrieved for each of the intended recipients. Delivery of the message is then carried out, at a time designated in the message, according to the retrieved delivery methods. | 2018-11-15 |
20180331988 | DETERMINING A VISIBILITY OF AN ONLINE CONVERSATION FOR A NEW PARTICIPANT - Determining a visibility of an online conversation for a new participant includes presenting a user interface (UI) to a group of users to allow each of the users in the group of users to specify tags, the tags defining relationships between each of the users, determining initial participants from the group of users for an online conversation on a social network, identifying, based on the tags, a subject for the online conversation with respect to each of the initial participants of the online conversation, and determining, based on the subject, a visibility of the online conversation for a new participant from the group of users. | 2018-11-15 |
20180331989 | TECHNOLOGY FOR MULTI-RECIPIENT ELECTRONIC MESSAGE MODIFICATION BASED ON RECIPIENT SUBSET - A computer system detects that a sender is composing a current message designated for delivery to recipients via a computer network once completed as an entire message. At least one of the recipients is designated as an early recipient. While the sender is composing the current message, a computer system determines an emotional reaction of the at least one early recipient to a portion of the message. An indication of the emotional reaction of the at least one early recipient is presented to the sender. After the computer system presents the emotional reaction indication to the sender, a modification is received from the sender for the message portion. The received modification is applied to the message portion and the entire message is sent to all the recipients, wherein the sending of the entire message to the recipients occurs after the received modification is applied. | 2018-11-15 |
20180331990 | TECHNOLOGY FOR MULTI-RECIPIENT ELECTRONIC MESSAGE MODIFICATION BASED ON RECIPIENT SUBSET - A computer system detects that a sender is composing a current message designated for delivery to recipients via a computer network once completed as an entire message. At least one of the recipients is designated as an early recipient. While the sender is composing the current message, a computer system determines an emotional reaction of the at least one early recipient to a portion of the message. An indication of the emotional reaction of the at least one early recipient is presented to the sender. After the computer system presents the emotional reaction indication to the sender, a modification is received from the sender for the message portion. The received modification is applied to the message portion and the entire message is sent to all the recipients, wherein the sending of the entire message to the recipients occurs after the received modification is applied. | 2018-11-15 |
20180331991 | ELECTRONIC DEVICE COMPRISING PLURALITY OF DISPLAYS AND METHOD FOR OPERATING SAME - A method for operating an electronic device, which includes a first body unit, a second body unit which is hinge-coupled to the first body unit such that one side, a first display which is disposed on the other side of the first body unit and faces a first direction, a second display which is disposed on the other side of the second body unit and faces a second direction, a sensor which is for obtaining direction information of the electronic device, and a processor configured to display on the first display an execution screen of a first application, determine whether the electronic device is flipped on the basis of the direction information, determine a second application for displaying an execution screen on the second display among a plurality of applications stored in the electronic device, and display a first execution screen of the second application on the second display. | 2018-11-15 |
20180331992 | SYSTEMS AND METHODS FOR STORING AND TRANSFERRING MESSAGE DATA - A method includes storing, by one or more computer processors, a plurality of blocks in a queue, wherein each block includes at least one received message, and wherein each block is associated with a time that the block was stored in the queue. The method further includes designating, by the one or more computer processors, as inactive one or more blocks having associated storage times that are older than a first time. The method further includes reading, by the one or more computer processors, messages from inactive blocks until a second time that is older than the first time. The method further includes deleting, by the one or more computer processors, one or more inactive blocks from the queue having associated storage times that are older than the second time. | 2018-11-15 |
20180331993 | EMOTICON SENDING METHOD, COMPUTER DEVICE AND COMPUTER-READABLE STORAGE MEDIUM - An emoticon sending method, performed at a computer device, includes obtaining an emoticon identifier selected by a sender corresponding to a sender identifier; obtaining a corresponding allowed receiver identifier according to the sender identifier and the emoticon identifier; obtaining a candidate receiver identifier; comparing the candidate receiver identifier with the allowed receiver identifiers; and sending the selected emoticon identifier to the candidate receiver identifier, if the candidate receiver identifier is one of the allowed receiver identifiers. | 2018-11-15 |
20180331994 | ELECTRONIC MAIL SENDER AND RECIPIENT CORRELATION DETERMINATION SYSTEM - An electronic mail sender and recipient correlation determination system includes: a hardware processor that determines that a first user of a first electronic mail address that is designated as a destination of a sending electronic mail that has been sent and a second user of a second electronic mail address as a sending source of a reply electronic mail that has been sent are identical. The first user and the second user are identical when the hardware processor determines that values indicating identification information that is included in and specific to the sending electronic mail match specific identification information that is included in an electronic mail of a reply source of the reply electronic mail. The reply electronic email is sent, after the sending electronic mail, with a sending source of the sending electronic mail as a destination | 2018-11-15 |
20180331995 | COMBINING UPDATES OF A SOCIAL NETWORK FEED - Disclosed are examples of systems, apparatus, methods and computer program products for combining updates of a social network feed. In some implementations, a feed of a social networking system can be configured to share feed items associated with an enterprise record. The feed items can include a first update associated with a first user. A first request to share a comment on the first update can be processed. A second request to share a first post in a feed can be processed. The first post can be related to the first update based on a first attribute conforming to a second attribute. A combined update can be generated based on the first post being related to the first update. The combined update can be displayed in a feed. | 2018-11-15 |
20180331996 | DISPLAY METHOD AND DEVICE - Display methods and devices are disclosed. An exemplary display method may comprise: displaying a session list page, the session list page comprising a session page entry corresponding to a communication session in which a local end user participates; determining a read/unread status of a sent communication message by the local end user in the communication session; and displaying, in a display area of the session page entry corresponding to the communication session, a status identifier corresponding to the read/unread status. | 2018-11-15 |
20180331997 | 302 JUMPING METHOD, URL GENERATING METHOD AND SYSTEM, AND DOMAIN-NAME RESOLVING METHOD AND SYSTEM - The present disclosure provides a jumping URL generating method, a jumping URL system, and a jumping server; a resolving method and a system for resolving a domain-name resolution request, and a DNS server; and a 302 jumping method and a network system that support HTTPS. A client terminal sends a first HTTP request. The jumping server specifies a content server, convert an IP address of the content server to a prefix of a jumping domain name, uses a service domain name as a suffix of the jumping domain name, combines the jumping domain name and a URL, in the first HTTP to form the jumping URL, and sends the jumping URL to the client terminal. The client terminal requests for resolving of the jumping domain name. The DNS server recognizes a domain name in the domain-name resolution request and performs an inverse converting on the prefix of the jumping domain name to obtain an IP address of the content server and sends the IP address of the content server to the client terminal. The client terminal sends a second HTTP request containing the jumping URL to the content server; and sends an IP generated by resolving and in correspondence of the first HTTP request to the client terminal. | 2018-11-15 |
20180331998 | CONTROL APPARATUS, COMMUNICATION SYSTEM, COMMUNICATION METHOD, AND PROGRAM - A control apparatus includes: a first control information setting unit configured to set first control information for forwarding packets between predetermined machines in relay apparatuses on a predetermined path on the basis of a first hierarchical address; and a second control information setting unit configured to set, when receiving a packet whose destination address is a second hierarchical address, which is a higher level address than the first hierarchical address, from one of the machines in which the first control information has already been set, via one of the relay apparatuses, second control information for converting a first hierarchical destination address of the packet whose destination address is the second hierarchical address into a first hierarchical address specified in the first control information and forwarding the converted packet, in the relay apparatus. | 2018-11-15 |
20180331999 | DIRECT TRANSMISSION OF DATA BETWEEN APPLICATIONS IN A MULTI-TENANT ENVIRONMENT - Overhead of sending data from one application to another by doing input and output processing can be costly. The present invention provides a method of transmitting data with a low overhead between applications in a multi-tenant runtime environment. The multi-tenant runtime detects a connection between tenants, and then performs low-overhead data transmission mechanisms by cloning data from one tenant space to another tenant space, while keeping the data isolated for two tenants. | 2018-11-15 |
20180332000 | INFORMATION PROCESSING APPARATUS AND ROUTE CONTROLLING METHOD - An information processing apparatus includes a memory and one processor configured to allocate a virtual Internet Protocol address to an application, transmit information including a first metric value and the virtual Internet Protocol address to a network apparatus on a first route through which a first packet destined for the virtual Internet Protocol address is transferred; and transmit information including a second metric value and the virtual Internet Protocol address to another network apparatus on a second route through which a second packet destined for the virtual Internet Protocol address is transferred wherein a certain value is to be added to the first metric value in the network apparatus and another certain value is to be added to the second metric value in the other network apparatus. | 2018-11-15 |
20180332001 | FEDERATED VIRTUAL DATACENTER APPARATUS - Examples of federated virtual datacenter apparatus are described. In an example, at least two virtual datacenter instances are provided in respective different network broadcast domains and an overlay network encompasses the respective different broadcast domains. An Internet Protocol (IP) address manager assigns IP addresses network devices associated with the plurality of virtual datacenter instances so as to avoid IP address conflicts between virtual datacenter instances. | 2018-11-15 |
20180332002 | MANUFACTURING LINE COMPUTER SYSTEM AND NETWORK SETUP METHOD OF THE SAME - Disclosed herein is a manufacturing line computer system including: first and second computers. The first computer includes a storage section adapted to store a template that associates role information of the second computer and a network address of the second computer; and a reply section adapted to return the network address of the second computer associated with the role information to the second computer in response to reception of the role information from the second computer. The second computer includes an input section adapted to input the role information of the second computer; a transmission section adapted to send the input role information of the second computer to the first computer; and a network address setup section adapted to specify the network address, returned from the first computer, for the second computer. | 2018-11-15 |
20180332003 | CERTIFICATE PINNING BY A TUNNEL ENDPOINT - Disclosed are various approaches for implementing certificate pinning in a tunnel client on a client device. A tunnel client receives a connection request from an application executed by the client device to connect to a remote server. The tunnel client determines that the remote server corresponds to a known pinned host and then determines whether the remote server presents a certificate matching a pinned certificate for the known pinned host. If the presented certificate matches the pinned certificate, the tunnel client allows a connection to be established between the application and the remote server through a network tunnel between the tunnel client and a tunnel server. | 2018-11-15 |
20180332004 | Camera and instrument double firewall apparatus and method of operation - A cyber firewall for electronic instruments e.g. cameras isolates embedded controllers from hacking and hijacking. Positioned between a public wide area network and an exclusive private LAN, a bridge blocks emissions to untrusted recipients as well as cyber attacks on other networks. A routing component approves or suppresses traffic across the bridge by transforming IP addresses. A detection component transforms packet content by signing, suppressing, or encrypting according to a profile. The double firewall stops a camera from leaking images or being slaved into an attack bot. A system and architecture isolates image and instrument streams from other network traffic and interrupts, examines, and protects the content from unrecognized recipients. A dual system isolates cameras and other devices from a transaction-type network. When an instrument attempts any “extra” communications with the outside world the sender is disconnected, disabled, repaired and or replaced and the content transformed. | 2018-11-15 |
20180332005 | INTEGRATING A HONEY NETWORK WITH A TARGET NETWORK TO COUNTER IP AND PEER-CHECKING EVASION TECHNIQUES - Techniques for integrating a honey network with a target network environment (e.g., an enterprise network) to counter IP and peer-checking evasion techniques are disclosed. In some embodiments, a system for integrating a honey network with a target network environment includes a device profile data store that includes a plurality of attributes of each of a plurality of devices in the target network environment; a virtual clone manager executed on a processor that instantiates a virtual clone of one or more devices in the target network environment based on one or more attributes for a target device in the device profile data store; and a honey network policy that is configured to route an external network communication from the virtual clone for the target device in the honey network to an external device through the target network environment. | 2018-11-15 |
20180332006 | APPLICATION ATTACHMENT BASED FIREWALL MANAGEMENT - Described herein are systems, methods, and software to enhance network traffic management for virtual machines. In one implementation, a network policy controller may maintain firewall rules at one or more hosts of a computing environment, wherein the firewall rules define network packet forwarding policies for application groups available to virtual machines in the environment. The network policy controller further identifies an application group for attachment to one or more virtual machines, and in response to the identification, adds the one or more virtual machines to a security group for a firewall wall rule corresponding to the application group. | 2018-11-15 |
20180332007 | System and Method for Data and Communications Security - A system and method is provided for secure data and communications. The system including a processor, a data storage device and a first component configured to create a virtual private network (VPN) connection with one or more other devices. The system further including a second component configured to synchronize data stored on the data storage device with data stored remotely, and a graphical user interface (GUI) in communication with the data storage device, the first component, and the second component, the GUI configured, responsive to user input or instructions stored on the storage device, to instruct the first component to create a virtual private network connection with one or more other devices, and further configured to instruct the second component to synchronize data stored on the data storage device with data stored remotely. | 2018-11-15 |
20180332008 | SYSTEMS AND METHODS FOR REGIONAL DATA STORAGE AND DATA ANONYMIZATION - Systems and methods for data localization and anonymization are provided herein. In some embodiments, systems and methods for data localization and anonymization may include receiving a communication request to send a message or establish a call between a first service provider and an end user device associated with an end user, determining that the communication request is associated with a requirement for securing personally identifiable information (PII) of the end user, and processing the communication request based on the requirement for securing the PII of the end user, wherein the requirement includes at least one of (A) localization of the communication request processing or (B) anonymization of any data records associated with the communication request that includes the PII of end user. | 2018-11-15 |
20180332009 | Multimodal Cryptographic Data Communications in a Remote Patient Monitoring Environment - A system provides cryptographic means for securing the transmission of health data from devices of varying processing power and over various network protocols. The system is configured to transmit and receive packets to and from a remote patient monitoring device over multiple types of communication sessions. The system authenticates at least some of the data packet payloads and headers using multiple message authentication codes. The system can, for one type of communication session, the simulate or intercept acknowledgement packets generated for use with another type of communication session. | 2018-11-15 |
20180332010 | NETWORK SECURITY DEVICES AND METHOD - A data communication encrypted system including a first module coupled to a first network member and a second module coupled to a second network member. The first module and the second module are in communication with each other thereby allowing communication between the first network member and the second network member. The first module and the second module each operating with a key hopping encryption/decryption method that changes key sets at irregular intervals of time as determined by the modules. | 2018-11-15 |
20180332011 | SECURE CRYPTLET TUNNEL - The disclosed technology is generally directed to secure transactions. In one example of the technology, a secure encrypted communication tunnel between the enclave and a hardware security module (HSM) may be established and used. Establishing the tunnel includes the following steps. A session public/private enclave key pair, including a session enclave private key and a session enclave public key, may be derived from the public/private key pair of the enclave. The session enclave public key may be sent to the HSM. A session HSM public key may be received from the HSM. Additional information may be encrypted with the session HSM public key. The encrypted additional information may be sent to the HSM. Further encrypted information may be received from the HSM. The further encrypted information may be decrypted with the session enclave private key. | 2018-11-15 |
20180332012 | POST-COMPILATION CONFIGURATION MANAGEMENT - Disclosed aspects relate to post-compilation configuration management in a stream computing environment to process a stream of tuples. An escalation request may be detected pertaining to a post-compilation phase in the stream computing environment. The escalation request may relate to a requested computing configuration for a process in the stream computing environment. An appropriate computing configuration may be determined for the process in the stream computing environment. The appropriate computing configuration may be determined based on the requested computing configuration for the process in the stream computing environment. The appropriate computing configuration may be established using a containerization technique for the process in the stream computing environment. | 2018-11-15 |
20180332013 | DYNAMIC OBJECT PASSWORDS - A construction of a dynamic object password (DOP) is initiated by selecting an object from a set of objects in a step of the construction. A transformation is applied to the object to form a transformed object by altering a dynamic aspect of the object. A placement operation is performed on the transformed object relative to a field position of the DOP. As a part of the step, a triple is generated including an identifier of the selected object, an identifier of the transformation, and an identifier of the placement operation. The triple is transmitted as a part of transmitting an authorization code, the authorization code forming the DOP. | 2018-11-15 |
20180332014 | SYSTEM AND METHOD TO ENABLE PKI- AND PMI-BASED DISTRIBUTED LOCKING OF CONTENT AND DISTRIBUTED UNLOCKING OF PROTECTED CONTENT AND/OR SCORING OF USERS AND/OR SCORING OF END-ENTITY ACCESS MEANS - ADDED - A central server configured with an Attribute Authority (“AA”) acting as a Trusted Third Party mediating service provider and using X.509-compatible PKI and PMI, VPN technology, device-side thin client applications, security hardware (HSM, Network), cloud hosting, authentication, Active Directory and other solutions. This ecosystem results in real time management of credentials, identity profiles, communication lines, and keys. It is not centrally managed, rather distributes rights to users. Using its Inviter-Invitee protocol suite, Inviters vouch for the identity of Invitees who successfully complete the protocol establishing communication lines. Users establish and respond to authorization requests and other real-time verifications pertaining to accessing each communication line (not end point) and sharing encrypted digital files. These are auditable, brokered, trusted-relationships where such relationships/digital agreements can each stand-alone (for privacy) or can leverage build-up of identity confidence levels across relationships. The service is agnostic to how encrypted user content is transported or stored. | 2018-11-15 |
20180332015 | METHOD FOR KEY ROTATION - A method for key rotation includes initiating key rotation for a user account of a multi-factor authentication platform enabling one-time password authentication using a first symmetric cryptographic key; generating, at an authenticating device, a second symmetric cryptographic key; transmitting, at the authenticating device, the second symmetric cryptographic key to the multi-factor authentication platform; configuring the multi-factor authentication platform and the authenticating device to disable authentication that uses the first symmetric cryptographic key; and configuring the multi-factor authentication platform and the authenticating device to enable authentication that uses the second symmetric cryptographic key. | 2018-11-15 |
20180332016 | TOKEN AND DEVICE LOCATION-BASED AUTOMATIC CLIENT DEVICE AUTHENTICATION - A network device receives credentials of a user of a client device, and receives an enrollment request from the client device, wherein the enrollment request includes a network address of the client device. The network device generates a token comprising the network address and an identifier of the user, encrypts the token, and sends the encrypted token to the client device. The network device receives, when the client device attempts to access a protected resource or a network service, the encrypted token from the client device for authenticating the client device without further requiring the credentials of the user. | 2018-11-15 |
20180332017 | AUTHENTICATING A DEVICE BASED ON COMMUNICATION PATTERNS IN A GROUP OF DEVICES - Provided are techniques for authenticating a device. Accepted communication patterns representing accepted modes of communication between devices in an internet of things network are stored. In response to receiving a new communication from a requesting device of the devices, it is determined whether the new communication matches at least one of the accepted communication patterns. In response to determining that the new communication matches, there is a response to the new communication. In response to determining that the new communication does not match, flagging the new communication as an anomaly and determining how to process the new communication based on the flagging. | 2018-11-15 |
20180332018 | SYSTEMS AND METHODS FOR CREDENTIALING OF NON-LOCAL REQUESTORS IN DECOUPLED SYSTEMS UTILIZING A DOMAIN LOCAL AUTHENTICATOR - Embodiments as disclosed provide systems and methods that use a local authenticator within a domain to provide a credential to access a resource of the domain to a non-local requestor. When a request is received from a non-local requestor at the domain the non-local requestor can be authenticated based on the request. The local authenticator can then be accessed to obtain a credential. This credential may be the same type of credential provided to members of the domain when they authenticate using the local authenticator. The credential is provided to the non-local requestor so the non-local requestor can access the resource of the domain using the credential and authentication of the non-local requestor with respect to these accesses can be accomplished using the local domain authenticator and the credential. | 2018-11-15 |