51st week of 2017 patent applcation highlights part 66 |
Patent application number | Title | Published |
20170366448 | GENERATING AND TRANSMITTING BACK-TO-SOURCE ROUTING INFORMATION - A method including acquiring, by a first CDN cache server, a first network distance, a second network distance and a third network distance; determining, by the first CDN cache server, that the first network distance is greater than the sum of the second network distance and the third network distance, generating back-to-source routing information, and sending the back-to-source routing information to a second CDN cache server; a back-to-source routing path indicated by the back-to-source routing information including: passing through the first CDN cache server, the second CDN cache server and a source station. The techniques of the present disclosure employ an indirect back-to-source route when determining, according to a network distance between the source station and the CDN cache server, that a back-to-source route of indirect back-to-source is better than that of direct back-to-source, thus increasing a back-to-source speed and reducing a back-to-source error rate. | 2017-12-21 |
20170366449 | FINANCAL NETWORK - A network system that facilitates financial transactions. A software defined network may operate to provide a variety of trading related services to a variety of customers with a low latency. Core or processor affinity for routing processes may improve speeds of routing. Data capture through a shared memory space may allow for a variety of analytics without introducing unacceptable delay. | 2017-12-21 |
20170366450 | METHOD AND SYSTEM FOR PROGRAMMING EQUAL-COST MULTI-PATH ROUTES ON NETWORK DEVICES - A method for configuring a network device. The method includes writing a route for a destination IP prefix to the forwarding information base (FIB), and after writing the route, obtaining a set of routes and Writing the set of routes to a routing information base (RIB). The method further includes, after writing the set of routes to the RIB and after the expiration of a timer: identifying, in the RIB, a set of ECMP routes from the plurality of routes for the destination IP prefix, processing the set of ECMP routes for the destination IP prefix, and updating the FIB of the network device based on set of processed ECMP routes. | 2017-12-21 |
20170366451 | MODIFIED CONSENSUS PROTOCOL FOR ELIMINATING HEARTBEAT NETWORK TRAFFIC - A computing system in data communication with a plurality of nodes that make up a distributed computing cluster can detect an absence of communication from a node of the plurality of nodes over a time period that exceeds a predefined threshold time period. The computing system can query an instance of a central topology manager for the plurality of nodes regarding liveness of the node from which the absence of communication was detected and can attempting to re-initiate communication with the node when the instance of the central topology manager indicates that the node is live. | 2017-12-21 |
20170366452 | SERVICE CHAINING WITHIN COMPUTER NETWORKS - Techniques are described for providing session-aware, stateful network services to subscriber packet flows. Devices within a service provider network direct subscriber packets along service chains. Each tunnel is established to direct traffic according a particular ordered set of network services for the corresponding service chain. An ingress device for the tunnels encapsulate the subscriber packets and embed opaque session cookies that each uniquely identifies a collection of packet flows of a subscriber session amongst other packet flows transported by a given service tunnel. Each service node need only identify the tunnel on which a tunnel packet was received and the session cookie embedded within the tunnel packet to uniquely associate the encapsulated subscriber packet with a subscriber session, without needing to further inspect the encapsulated subscriber packet, and to index or otherwise retrieve state and statistics required to enforce the network service the service nod is programmed to deliver. | 2017-12-21 |
20170366453 | SEGMENT ROUTING USING A REMOTE FORWARDING ADJACENCY IDENTIFIER - Disclosed is an apparatus and method for segment routing using a remote forwarding adjacency identifier. In one embodiment, a first node in a network receives a packet, wherein the packet is received with a first segment-ID and another segment ID attached thereto. The first node detaches the first and the other segment IDs from the packet. Then the first node attaches a first label to the packet. Eventually, the first node forwards the packet with the attached first label directly to a second node in the network. In one embodiment, the other segment ID corresponds to a forwarding adjacency or tunnel label switched path between the first node and another node. | 2017-12-21 |
20170366454 | ROUTING IPV6 PACKETS BETWEEN AUTONOMOUS SYSTEMS - Systems, methods, architectures, mechanisms or apparatus for routing packets between source and destination endpoints associated with different autonomous systems without requiring public advertising of the addresses of the source and destination endpoints to other autonomous systems (ASN). | 2017-12-21 |
20170366455 | DYNAMIC LOOKUP OPTIMIZATION FOR PACKET CLASSIFICATION - A method is implemented by a network device to dynamically optimize lookup speed in a packet processing table maintained at the network device while the network device is in operation. The method includes determining one or more runtime metrics of the packet processing table, selecting a lookup algorithm for the packet processing table from a set of lookup algorithms supported by the network device based on the one or more runtime metrics of the packet processing table, and configuring the network device to match incoming packets against rules in the packet processing table using the selected lookup algorithm for the packet processing table. | 2017-12-21 |
20170366456 | PACKET PATH RECORDING WITH FIXED HEADER SIZE - Aspects of the embodiments are directed to systems, apparatuses and methods performed at a network element. Embodiments include receiving a packet; identifying a hop number for the network element; identifying a unique identifier for the network element; determining a path identifier based on the hop number and the unique identifier; augmenting the packet metadata with the path identifier; and transmitting the packet to a next network element. | 2017-12-21 |
20170366457 | METHOD OF FORWARDING DATA PACKETS, METHOD OF CREATING MERGED FIB KEY ENTRY AND METHOD OF CREATING A SEARCH KEY - The method of creating a key entry includes inserting a routing instance identifier (RII) after at least a portion of a key entry of a routing instance (RI) FIB, in accordance with an encoding scheme. In other words, at least a portion of bits of the RI FIB key entry is located before bit(s) of the RII in the resulting, merged FIB key entry. Depending on the encoding scheme, the RII can be inserted at the end of the RI FIB key entry, or at an intermediary location within the RI FIB key entry (after a given number of bits). To form the merged FIB, the method is repeated multiple times on corresponding key entries of the RI FIB. There is also provided a method of creating a search key to lookup the merged FIB. | 2017-12-21 |
20170366458 | SOFTWARE INTERFACE LAYER OF A MESH NETWORK DEVICE - Network hardware devices organized in a wireless mesh network (WMN) in which one network hardware devices includes a first radio and a second radio coupled to a processing device. The processing device receives a request from a client consumption device via the first radio and determines a destination for the request as a second mesh network device. The processing device access a master routing table to determine that the second radio is to forward the request and forwards the request to the second radio. The second radio accesses a local routing table at the second radio to determine that a radio of a third mesh network device is a next-hop mesh network device in a first path to the second mesh network device. The second radio sends the request to the radio of the third mesh network device. | 2017-12-21 |
20170366459 | Jump on a Match Optimization for Longest Prefix Match using a Binary Search Tree - A routing table is represented as a binary search tree ordered by prefix lengths. Markers are placed to guide accessing nodes in designated subtrees to search for a longest prefix match with destination addresses of data packet. Destination descendant nodes in remote hierarchical levels of the tree are associated with the markers. The traversal of the binary search tree is conducted by accessing the respective destination descendant nodes while avoiding accessing nodes in intermediate hierarchical levels. The packet is processed using the longest prefix match. | 2017-12-21 |
20170366460 | RDMA-OVER-ETHERNET STORAGE SYSTEM WITH CONGESTION AVOIDANCE WITHOUT ETHERNET FLOW CONTROL - An apparatus for data storage management includes one or more processors, and an interface for connecting to a communication network that connects one or more servers and one or more storage devices. The one or more processors are configured to receive a configuration of the communication network, including a definition of multiple network connections that are used by the servers to access the storage devices using a remote direct memory access protocol transported over a lossy layer-2 protocol, to calculate, based on the configuration, respective maximum bandwidths for allocation to the network connections, and to reduce a likelihood of congestion in the communication network, notwithstanding the lossy layer-2 protocol, by instructing the servers and the storage devices to comply with the maximum bandwidths. | 2017-12-21 |
20170366461 | TECHNIQUES FOR DECREASING MULTIPROTOCOL LABEL SWITCHING ENTROPY LABEL OVERHEAD - A method is provided in one embodiment and includes receiving at a network element an encapsulated packet and determining whether both an ECMP/LAG Existing (“ele”) flag and an Entropy Label Capability (“elc”) flag are set for an egress node of the packet in a Label Distribution Protocol (“LDP”) database of the network element. If both the ele and elc flags are set for the egress node of the packet in the LDP database, the method further includes determining whether the network element is an ingress node for the packet and, if the network element is the ingress node for the packet, pushing an Entropy Label (“EL”) and an Entropy Label Indicator (“ELI”) onto an MPLS stack of the packet. | 2017-12-21 |
20170366462 | TUNABLE LOW COST NETWORK - Aspects of the subject disclosure may include, for example, a method comprising providing services over a network to a device, and constructing device capability and usage profiles. A level of service quality for the device is adjusted by adjusting a latency criterion regarding connection of the device to the network; adjusting a speed of transmissions to or from the device; and altering a routing of transmissions to or from the device. The network can be partitioned so that the adjusted service quality level is provided by a network portion having a predetermined level of resources. The adjusted service quality level can comprise a first level while the device is active and a second level while the device is inactive; the first level is higher than the second level. The first and second levels are lower than a service quality level provided by another network portion. Other embodiments are disclosed. | 2017-12-21 |
20170366463 | SLOTTED MESSAGE ACCESS PROTOCOL FOR POWERLINE COMMUNICATION NETWORKS - This disclosure provides systems, methods and apparatus, including computer programs encoded on computer storage media, for communication time slot allocation in a communication network. In one aspect, a first network device may determine that a second network device will transmit one or more packets associated with a first latency, and determine that a third network device will transmit one or more packets associated with a second latency. The first network device may determine to allocate a greater quantity of communication time slots to the second network device than to the third network device based, at least in part, on the first latency being less than the second latency. The first network device may allocate a first plurality of communication time slots of a beacon period to the second network device, and allocate a second plurality of communication time slots of the beacon period to the third network device. | 2017-12-21 |
20170366464 | INFORMATION PROCESSING METHOD AND INFORMATION PROCESSING DEVICE - An information processing method executed by a processor included in a computer, the computer including a memory that stores a plurality of flow entries in each of which a packet condition for choosing a packet, a processing content corresponding to the packet, and a type of the processing content are associated with one another, the information processing method includes choosing, from the flow entries, one or more candidate flow entries respectively including a type different from the type included in a new flow entry, when storing the new flow entry; detecting, from among the one or more candidate flow entries, a competitive flow entry having the processing content different from that of the new flow entry based on the packet condition; and notifying another information processing device coupled to the information processing device of a result of the detecting. | 2017-12-21 |
20170366465 | COMMUNICATION CONTROL PROGRAM, COMMUNICATION CONTROL METHOD, AND COMMUNICATION CONTROL APPARATUS - A non-transitory computer-readable storage medium storing therein a communication control program for causing a computer to execute processing includes, executing a prescribed command at a specified transmission cycle, acquiring a start time at which the execution is started and an end time at which the execution is ended, performing the execution and the acquisition while changing the transmission cycle, and specifying a transmission cycle at which an error between a difference between the end time and the start time and the specified transmission cycle is within a prescribed range. | 2017-12-21 |
20170366466 | Method of Reducing Transmission Control Protocol Acknowledgement and Wireless Device Using The Same - A method for a wireless device of a wireless system is disclosed. The method utilizes a byte-in-flight (BIF) value as an indicator to determine whether to drop the transmission control protocol acknowledgement (TCP ACK) packet according to the BIF value, where the BIF value is an amount of data of the wireless connection which is sent by the first device but not acknowledged yet when obtaining the TCP ACK packet. The wireless device establishes a wireless connection with a first device. | 2017-12-21 |
20170366467 | DATA TRAFFIC CONTROL - As an example, a method includes storing, in non-transitory memory, prioritization rules that establish a priority preference for egress of data traffic for a first location. The first location includes a first location apparatus to control egress of data traffic for the first location apparatus and a second location apparatus at a second location, which is different from the first location, to receive data traffic and cooperate with the first apparatus to measure bandwidth with respect to the first location. The first location apparatus is coupled with the second location apparatus via at least one bidirectional network connection. The method also includes estimating capacity of the at least one network connection for the egress of data traffic with respect to the first location. The method also includes categorizing each packet in egress data traffic from the first location based on an evaluation of each packet with respect to the prioritization rules. The method also includes placing each packet in one of a plurality of egress queues associated with the at least one network connection at the first location apparatus according to the categorization of each respective packet and the estimated capacity. The method also includes sending the packets from the first location apparatus to the second location apparatus via a respective network connection according to a priority of the respective egress queue into which each packet is placed, such that the first location apparatus transmits at the estimated capacity for the egress of data traffic. | 2017-12-21 |
20170366468 | LOW LATENCY RE-TIMER - Described is a low latency re-timer for systems supporting spread spectrum clocking. The re-timer comprises: a first clock frequency estimator to estimate a frequency of a receive clock (RX CLK) and to provide a first timestamp associated with a first clock that underwent spread spectrum; a second clock frequency estimator to estimate a frequency of a transmit clock (TX CLK) and to provide a second timestamp associated with a second clock that underwent spread spectrum; and a comparator to compare the first timestamp with the second timestamp. | 2017-12-21 |
20170366469 | LOW-REDISTRIBUTION LOAD BALANCING - A load-balancing computing device receives a load-balance request for a processing of a workload request associated with a workload. The load-balancing computing device selects a member node of a distributed computing system to process the workload request. The member node is selected from amongst a pool of member nodes of the distributed computing system. The selecting includes: determining a member node for a baseline assignment for the workload; and selecting a member node based on an outcome of a mathematical operation performed on an identifier of the workload, the baseline cardinality of member nodes, and on the cardinality of member nodes in the pool. Next, the processing of the workload request is assigned to the selected member node. | 2017-12-21 |
20170366470 | RESOLVING INFORMATION IN A DATABASE ENVIRONMENT - Disclosed herein are techniques for identifying computing resources specified by a representation of a computing service. In some implementations, a request to analyze a computing service provided via a computing environment may be received. The computing service may have an activated state in which the computing service is available for use and a deactivated state in which the computing service is not available for use. The computing environment may comprise a plurality of computing resources each defining a variable unit of computing functionality within the computing environment. Each computing resource may be associated with a respective parameter corresponding with a respective parameter value that specifies a level of the variable unit of computing functionality defined by the computing resource. The computing service may be represented by a metadata model comprising a plurality of nodes, at least some of which specify a respective one or more of the parameter values. | 2017-12-21 |
20170366471 | AUTOMATICALLY CONFIGURING COMPUTER NETWORK AT HOSPITALITY ESTABLISHMENT WITH RESERVATION-SPECIFIC SETTINGS - A system includes a storage device for storing details of a plurality of reservations of a hospitality establishment. A particular reservation includes a set of reservation-specific settings affecting behavior of the computer network at the hospitality establishment during the reservation. The settings may include a registered device setting for affecting behavior of a computer network at the hospitality establishment toward a user device having a specified device identifier. The system further includes a clock unit for tracking time, and a system controller coupled to the computer network and having access to the storage device and the clock unit. The system controller automatically configures one or more network components of the computer network when a start time of the particular reservation is reached in order to activate the reservation-specific settings. | 2017-12-21 |
20170366472 | Fog Computing Network Resource Partitioning - Various implementations disclosed herein enable improved allocation of fog node resources, which supports performance driven partitioning of competing client applications. In various implementations, methods are performed by a fog orchestrator configured to determine allocations of fog resources for competing client applications and partition the competing client applications based on the fog resource allocations. Methods include receiving reservation priority values (RPVs) associated with a plurality of client applications competing for a contested fog node resource, transmitting, to a subset of client devices, a request to provide updated RPVs, and awarding the contested fog node resource to one of the plurality of client applications based on the received RPVs and any updated RPVs. In various implementations, methods also include determining, for each of the plurality of client applications, a respective mapping for a respective plurality of separable components of the client application based on the awarded contested fog node resource. | 2017-12-21 |
20170366473 | MULTIPLEXING DATA PACKETS OVER GENERAL PACKET RADIO SERVICE TUNNELING PROTOCOL - Systems, methods, and software described herein provide enhancements for data communications between a wireless access node and a wireless network gateway. In one implementation, a method of operating a wireless network includes, in the wireless access node, wirelessly receiving data packets for wireless communication devices, and encapsulating the data packets in GPRS Tunneling Protocol (GTP) packets of a shared GTP tunnel for the plurality of wireless communication devices, wherein the GTP packets comprise GTP extension headers to multiplex the data packets in the GTP packets. The method further provides, in the wireless access node, transferring the GTP packets for delivery to a wireless network gateway, wherein the network gateway separates the data packets from the GTP packets based on the GTP extension headers. | 2017-12-21 |
20170366474 | Joint Quality Management Across Multiple Streams - Various implementations disclosed herein enable a more efficient allocation of one or more shared network resources amongst a plurality of client devices based on media content complexity and client device resource status in order to better manage perceptual playback quality. In some implementations, a method includes obtaining a plurality of resource constraint values associated with a plurality of client devices sharing a network resource, and jointly determining a respective encoding rate level selection and a corresponding resource allocation for each of the plurality of client devices based on a combination of one or more resource constraint values and the assessment of the respective perceptual quality level values, such that a combination of resulting quality levels satisfies a joint quality criterion. | 2017-12-21 |
20170366475 | SYSTEM INCLUDING MANAGEMENT SYSTEM TO DETERMINE CONFIGURATION FOR INTER-NETWORKING DEVICE BASED ON PHYSICAL LAYER INFORMATION OF A NETWORK - One exemplary embodiment is directed to a system comprising a switch used in a network and a central function configured to receive physical layer information related to the network. The physical layer information includes information associating media access control (MAC) addresses of devices on the network with ports of the switch. The switch is configured to use information about a spanning tree determined by the central function to configure the switch to carry out a switching function performed by the switch. The central function is configured to use at least some physical layer information about patching equipment in the network and end devices in the network in associating MAC addresses of devices on the network with the ports of the switch. Other embodiments are disclosed. | 2017-12-21 |
20170366476 | SYSTEM AND METHOD OF A HIGH BUFFERED HIGH BANDWIDTH NETWORK ELEMENT - A method and apparatus of a network element that processes a packet in the network element is described. In an exemplary embodiment, the network element receives a data packet that includes a destination address. The network element receives a packet, with a packet switch unit, wherein the packet was received by the network element on an ingress interface. The network element further determines if the packet is to be stored in an external queue. In addition, the network element identifies the external queue for the packet based on one or more characteristics of the packet. The network element additionally forwards the packet to a packet storage unit, wherein the packet storage unit includes storage for the external queue. Furthermore, the network element receives the packet from the packet storage unit and forwards the packet to an egress interface corresponding to the external queue. | 2017-12-21 |
20170366477 | TECHNOLOGIES FOR COORDINATING ACCESS TO DATA PACKETS IN A MEMORY - Technologies for coordinating access to packets include a network device. The network device is to establish a ring in a memory of the network device. The ring includes a plurality of slots. The network device is also to allocate cores to each of an input stage, an output stage, and a worker stage. The worker stage is to process data in a data packet with an associated worker function. The network device is also to add, with the input stage, an entry to a slot in the ring representative of a data packet received with a network interface controller of the network device, access, with the worker stage, the entry in the ring to process at least a portion of the data packet, and provide, with the output stage, the processed data packet to the network interface controller for transmission. | 2017-12-21 |
20170366478 | Communication System - A computer system comprises computer storage holding a plurality of code modules, one or more processors and a communication system. The one or more processors are configured to execute the code modules and thereby implement the bots. The communication system comprises a message relay and an anonymized identifier generator. The message relay is configured to receive a message comprising an identifier of a user and an identifier of a target one of the bots. The anonymized identifier generator is configured to generate an anonymized identifier of the user unique to the target bot, by applying an anonymization function to the user identifier and the bot identifier in the message. The message relay is configured to transmit to the target bot a version of the message, which comprises the anonymized user identifier and does not include the user identifier, wherein the user identifier is not rendered accessible to the target bot. | 2017-12-21 |
20170366479 | Communication System - A computer system comprises computer storage holding at least one code module configured to implement a bot, and at least one processor configured to execute the code module. The computer system also comprises a communication system for effecting communication events between users of the communication system; a bot interface for exchanging messages between the communication system and the bot; and a dialogue manager. The communication system transmits, to the dialogue manager directly, content of a first message received at a processor of the communication system from a user of the communication system. The dialogue applies an intent recognition process to the content to generate at least one intent identifier, and transmits a second message comprising the intent identifier to the bot using the bot interface. The bot automatically generates a response using the intent identifier received in the second message, and transmits the generated response to at least the user. | 2017-12-21 |
20170366480 | INTERNET CLOUD-HOSTED NATURAL LANGUAGE INTERACTIVE MESSAGING SYSTEM SESSIONIZER - Provided are methods, systems, and computer-program products for providing a bot server to communicate with users using messaging applications. In some implementations, a method, system, and computer-program product for associating a message received by a bot server using a messaging application is provided. For example, a method can include receiving a hypertext transfer protocol (HTTP) post call message from a messaging application server. The method can further include parsing content of the message to identify a keyword. The method can further include identifying an existing session from a plurality of sessions based on a context of the message and the keyword. The method can further include associating information from the HTTP post call message with the existing session. The method can further include generating and sending a response to the HTTP post call message based on the existing session. | 2017-12-21 |
20170366481 | INTERNET CLOUD-HOSTED NATURAL LANGUAGE INTERACTIVE MESSAGING SYSTEM USER RESOLVER - Provided are methods, systems, and computer-program products for associating a plurality of messages with a user. For example, a method can include receiving two hypertext transfer protocol (HTTP) post call messages. The method can further include parsing content of the post call messages to identify keywords, identifying existing users from a plurality of users based on context of the post call messages and the keywords, and associating information from the post call messages with the existing users. In some examples, the existing users can be the same between the messages. The method can further include responding to a second HTTP post call message based on information from at least one or more of a first HTTP post call message, the second HTTP post call message, and an existing user. | 2017-12-21 |
20170366482 | INITIATING INSTANT MESSAGING (IM) CHAT SESSIONS FROM EMAIL MESSAGES - Systems and methods for integrating instant messaging (IM) services and email services are described. In one embodiment, email messages and IM chat session transcripts are threaded to each other so that an email thread history may be traced back to an IM chat session transcript and, conversely, an IM thread history may be traced back to an email message. | 2017-12-21 |
20170366483 | Instant Simultaneous Messaging - The present invention relates to a process that enables nearly real-time exchange of instant simultaneous messages between the users of a digital communication network. Instant Simultaneous Messaging enables “real” simultaneous exchange of contents between the users over a subject. This simultaneous exchange ensures that each user can access other users' contents with exactly the same order, e.g. privilege. Therefore, none of the users within a simultaneous conversion can be affected by other users' messages. The purpose of instant simultaneous messaging is to heal herd mentality by enforcing novelty/originality to the contents that are exchanged between the users. Therefore, while users are communicating over a subject simultaneously, a given user can not learn or get affected by other users' opinions before disclosing its own. The present invention provides a method and its apparatus for Instant Simultaneous Messaging between a sending user and a target user over a digital communication network. | 2017-12-21 |
20170366484 | IN-LINE COLLABORATION IN E-MAIL - An electronic mail (e-mail) system detects when a user is replying to a particular portion of content in a received message. The reply is automatically formatted to visually distinguish it over replies from other recipients to the same portion of content. | 2017-12-21 |
20170366485 | CONTACT MATCHING METHOD AND APPARATUS - Examples of the present disclosure provide a contact matching method. The method includes: obtaining a first interest label corresponding to a contact waiting for match and a second interest label corresponding to respective contact other than the contact waiting for match in a matching interface displayed on the client device; comparing the first interest label and the second interest label to obtain at least one contact matching with the contact waiting for match; and displaying a first contact identifier corresponding to the contact waiting for match and a second contact identifier corresponding to respective matching contact or a second contact identifier corresponding to respective matching contact in the matching interface according to a predefined first displaying manner. Examples of the present disclosure also provide a contact matching apparatus. The solution of the present disclosure improves contact matching efficiency and accuracy. | 2017-12-21 |
20170366486 | DATA PROCESSING METHOD AND SERVER - A data processing method and a server are disclosed. The method includes: receiving, by a server, first service data that is sent by a first client (for example, an instant messaging application based client), and sending the first service data to at least one second client that has a friend association relationship with the first client; detecting one or more second clients responding to the first service data, selecting, according to a preset selection rule, a target second client, and assigning a processing permission to the target second client, so that the target second client generates second service data according to the processing permission and the first service data; and receiving the second service data, using the target second client as a first client, and using the second service data as first service data. The present disclosure can improve utility of an instant messaging application and enhance user stickiness. | 2017-12-21 |
20170366487 | APPARATUS, SYSTEMS, AND METHODS FOR NETWORK INTERACTIONS - A network interaction system may comprise a terminal device, an instant messaging server, and a public account server. The terminal device may be configured to receive information from the public account server via the instant messaging server. The instant messaging server may be configured to receive from the terminal device an information operation request associated with information from the public account server. Then the instant messaging server may send a notification associated with the information operation request to the public account server and send a response to the information operation request to the terminal device. The public account server may be configured to receive from the instant messaging server the notification and determine an information transmission strategy for the terminal device in accordance with the information operation request. | 2017-12-21 |
20170366488 | EXPERIENCE SHARING SYSTEM AND METHOD - A method, computer program product, and computing system for the sharing of experiences is provided. The method may include receiving content associated with a uniform resource locator and determining two or more content items based on the content associated with the uniform resource locator. The method may further include generating, based on the two or more content items, an experience data card and storing the generated experience data card in an experience data store, the experience data store being communicatively coupled to the one or more computing devices. The method may further include receiving a request to view the experience data card and providing for display, using the one or more computing devices, a view of the experience data card based at least in part on the request to view the experience data card. | 2017-12-21 |
20170366489 | System and Method for Alerting a List of Multiple Recipients of a User's Request for Assistance - A request for assistance from a user employing a first user device is received. The request is converted into a plurality of formatted requests. Each formatted request is formatted for receipt by a respective recipient in the list of recipients. Each of the plurality of formatted requests is broadcasted to each respective recipient in the list of recipients. A location of the first user device is provided to each recipient in the list of recipients. An assistance response to the request is received. The assistance response is sent by a particular recipient in the list of recipients. A message is broadcasted to each recipient in the list of recipients, other than the particular recipient, indicating that the particular recipient provided the assistance response. Upon receiving an update message from the particular recipient, the update message is broadcasted to each recipient in the list of recipients other than the particular recipient. | 2017-12-21 |
20170366490 | SYSTEMS AND METHODS FOR ALTERATION OF CONTENT - In one aspect, a device includes a processor and storage accessible to the processor. The storage bears instructions executable by the processor to identify content in a message that is to altered, alter the content in the message, and provide at least a portion of the message to a recipient. | 2017-12-21 |
20170366491 | SIMILAR CONTENT ALERT - Receiving, by a computer, a message from a sender to transmit to one or more recipients, comparing, by a computer, the message to a previous message transmitted to the one or more recipients, wherein the previous message is stored in a memory, determining, by the computer, that the message has a content similarity above a predetermined threshold to the previous message transmitted to one of the one or more recipients, providing, by the computer, the sender an option to prevent the message from being transmitted to one of the one or more recipients, and cancelling, by the computer, the message transmission, as a result of both the determination that the message has content similarity above the predetermined threshold, and as a result of the sender providing confirmation to prevent the message from being transmitted, and notifying, by the computer, the sender that the message transmission has been cancelled. | 2017-12-21 |
20170366492 | System and Method for Messaging Between Operating System Containers - A method for messaging between operating system containers includes receiving, by a first proxy in a first user space container, a first message from a first service in the first user space container, the first message sent to the first proxy using a first messaging mechanism, forwarding, by the first proxy, the first message to a second proxy in a second user space container, the first message sent to the second proxy using a second messaging mechanism that is different than the first messaging mechanism, and delivering, by the second proxy, the first message to a second service in the second user space container. | 2017-12-21 |
20170366493 | SMART CHUNKING LOGIC FOR CHAT PERSISTENCE - Aspects of the present disclosure relate to systems and methods for providing distinct conversations within a file activity feed for display on a user interface of a client computing device. A file created with an application may be rendered on the user interface. The file may include at least a chat pane comprising a plurality of chat messages and a file activity feed including one or more activities associated with the file. It may be determined when a distinct conversation begins and ends within the chat pane. The distinct conversation may include at least some of the plurality of chat messages. In response to determining when the distinct conversation begins and ends, the distinct conversation may be recorded as a distinct conversation activity associated with the file. The distinct conversation activity may be displayed within the file activity feed. | 2017-12-21 |
20170366494 | Message Delivery System and Method - In one embodiment, a method of delivering messages to a user of a user terminal executing a communication client and connected to a packet-based communication network, includes receiving a message at the communication client from the communication network, the message comprising a content portion and a control portion, wherein the content portion comprises information intended for display to the user of the user terminal, and storing the message in a data store at the user terminal. The communication client reads the control portion and extracts data defining a trigger event and a condition. The communication client is monitored to determine whether the communication client state corresponds to the trigger event. Responsive to the communication client state corresponding to the trigger event, the communication client determines whether the condition is met. In the case that the condition is met, the content portion of the message is displayed in the communication client. | 2017-12-21 |
20170366495 | MESSAGE UPDATING METHOD, APPARATUS, AND TERMINAL - A message update method includes: displaying a group message reminding identifier on a session entry of a specified group on a session list interface when it is detected that a message in the specified group is updated; obtaining the updated message of the specified group from a server when it is detected that an operation on either of the group message reminding identifier and the specified group meets a message update condition; and displaying the number of updated messages of the specified group on the session entry when it is detected that the operation on either of the group message reminding identifier and the specified group does not meet the message update condition. | 2017-12-21 |
20170366496 | SYSTEM AND METHOD FOR AUTOMATED EVALUATION SYSTEM ROUTING - Systems and methods for automated evaluation system routing are described herein. The system can include a memory, which can include a model database and a correlation database. The system can include a first user device and a second user device. The system can include at least one server. The at least one server can: receive a response communication from the user device; generate an initial evaluation value according to an AI model; determine a correlation between the initial evaluation value and evaluation range data; accept the initial evaluation value when the correlation exceeds a threshold value; and route the response communication to the second user device for generation of an elevated evaluation value when the correlation does not exceed the threshold value. | 2017-12-21 |
20170366497 | Selection of Service Providers for Message Transmission on Online Social Networks - In one embodiment, a method includes identifying a mobile service provider network (SPN) and a geographic location of an online social network user and accessing a service-provider table associated with the identified mobile SPN and with the geographic location. The service-provider table indexes a reliability score and a sampling amount for multiple messaging-service providers in the geographic location. The method further determines, based on the service-provider table, whether any of the messaging-service providers has a sampling amount below a threshold sampling amount and sends messaging traffic via the determined messaging-service provider until the sampling amount is greater than or equal to the threshold sampling amount. The messaging traffic is used to update the reliability score for the messaging-service provider. The method further includes selecting a messaging-service provider based on the updated reliability scores of the messaging-service providers and sending a message to the user via the selected messaging service-provider. | 2017-12-21 |
20170366498 | METHODS AND SYSTEM FOR DISTRIBUTING INFORMATION VIA MULTIPLE FORMS OF DELIVERY SERVICES - A content distribution facilitation system is described comprising configured servers and a network interface configured to interface with a plurality of terminals in a client server relationship and optionally with a cloud-based storage system. A request from a first source for content comprising content criteria is received, the content criteria comprising content subject matter. At least a portion of the content request content criteria is transmitted to a selected content contributor. If recorded content is received from the first content contributor, the first source is provided with access to the received recorded content. The recorded content may be transmitted via one or more networks to one or more destination devices. Optionally, a voice analysis and/or facial recognition engine are utilized to determine if the recorded content is from the first content contributor. | 2017-12-21 |
20170366499 | RELATING TO MESSAGING GATEWAYS - The present disclosure provides a method of routing a short message to a user. According to the method, an SMSC sends a routing request to a HLR or HSS of the terminating user. The HLR or HSS has static provisioning settings for users and relays the request according to these settings. The HLR or HSS relays the request to the IP-SM-GW, which dynamically determines if the terminating user has attached to an IMS network and accordingly decides on onward routing of the message over circuit switched or IMS network elements. The present disclosure also provides a mobile network apparatus that is configured to perform the method. | 2017-12-21 |
20170366500 | INFERRING ADDITIONAL EMAIL ADDRESSES TO MATCH EMAIL ADDRESSES IN A DIGEST LIST - An online system receives third party hashes for a plurality of targeted users and generates local hashes for one or more local users of the online system. The online system identifies as matched users those local users with local hashes that match those of the third party hashes. The online system generates one or more inferred identifiers for each of the one or more local users, the inferred identifiers being of the same type as the local unique identifiers, and the inferred identifiers generated based on characteristics of each corresponding local user. The online system identifies as inferred matched users at least one of the local users that have local hashes of corresponding inferred identifiers that match a third party hash of a third party unique identifier. The online system provides, to a third party system, a selection including the matched users and a selection including the inferred matched users. | 2017-12-21 |
20170366501 | DOMAIN NAME SERVICE INFORMATION PROPAGATION - A computing resource service receives a request from a customer to assign a domain name to a computing resource. The computing resource service may submit a query to a domain name system service to determine whether the domain name has been reserved for the customer. The domain name system service may provide an encrypted alias record corresponding to the requested domain name and specifying one or more identifiers of customers for whom the domain name has been reserved. The computing resource service may decrypt the alias record and determine whether the customer corresponds to one of the one or more identifiers within the alias record. If the customer does correspond to one of the one or more identifiers within the alias record, the computing resource service may assign the domain name to the computing resource. | 2017-12-21 |
20170366502 | IP Route Caching with Two Search Stages on Prefix Length - A data packet is received in a network element. The network element has a cache memory in which cache entries represent a portion of addresses stored in a main memory, The destination address and the cache entries each comprise a binary number. A first determination is made that a number M of the most significant bits of a cache entry and the destination address are identical. A second determination is made that an additional number M+L of the most significant bits of a cache entry and the destination address are identical. Routing information is then retrieved the cache memory, and the packet processed according to the routing information. | 2017-12-21 |
20170366503 | IDENTIFYING THE SOURCE AND DESTINATION SITES FOR A VOIP CALL WITH DYNAMIC-IP ADDRESS END POINTS - In a voice-over-IP communications network, call data records include dynamically assigned IP signaling addresses such as IPv6 signaling addresses used in provisioning communications sessions. Those dynamically assigned IP signaling addresses are computed from customer site identification codes using a reversible algorithm. The algorithm can then be reversed to compute a customer site identification code from an IP signaling address contained in a call data record, allowing the communications network provider to perform quality monitoring and diagnostics based on call data records. | 2017-12-21 |
20170366504 | CONTEXT-AWARE DISTRIBUTED FIREWALL - A context-aware distributed firewall scheme is provided. A firewall engine tasked to provide firewall protection for a set of network addresses applies a reduced set of firewall rules that are relevant to the set of addresses associated with the machine. A hypervisor implements a search structure that allows each virtual machine's filter to quickly identify relevant rules from all of the received rules. The search structure is constructed as a binary prefix tree, each node corresponding to an IP CIDR (Classless Inter-Domain Routing) block. A query for relevant rules traverses nodes of the search structure according to a queried IP address and collect all rules that are associated with the traversed nodes. | 2017-12-21 |
20170366505 | FILTERING OUTBOUND NETWORK TRAFFIC - Obtaining, in association with origination of outbound network traffic to be sent by a system, user account information of a user account on behalf of which the outbound network traffic is generated, and performing filtering of the outbound network traffic based on the obtained user account information of the user account on behalf of which the outbound network traffic is generated, where the filtering is further based on one or more rules, and the filtering includes determining whether to block or allow sending of the outbound network traffic from the system. | 2017-12-21 |
20170366506 | SYMMETRIC BI-DIRECTIONAL POLICY BASED REDIRECT OF TRAFFIC FLOWS - Disclosed are systems, methods, and computer-readable storage media for guaranteeing symmetric bi-directional policy based redirect of traffic flows. A first switch connected to a first endpoint can receive a first data packet transmitted by the first endpoint to a second endpoint connected to a second switch. The first switch can enforce an ingress data policy to the first data packet by applying a hashing algorithm to a Source Internet Protocol (SIP) value and a Destination Internet Protocol (DIP) value of the first data packet, resulting in a hash value of the first data packet. The first switch can then route the first data packet to a first service node based on the hash value of the first data packet. | 2017-12-21 |
20170366507 | DATA LEAK PROTECTION IN UPPER LAYER PROTOCOLS - Methods and systems for Data Leak Prevention (DLP) in a private network are provided. According to one embodiment, a packet is received by a network security device. An upper layer protocol associated with the packet is identified. It is determined whether the identified upper layer protocol is one of multiple candidate upper layer protocols having a potential to carry sensitive information with reference to a database identifying the candidate upper layer protocols, corresponding commands of interest and a corresponding suspect field within each of the commands that is to be subjected to DLP scanning. Responsive to an affirmative determination and when a command represented by the packet is one of the corresponding commands of interest for the identified upper layer protocol, then a DLP scan is performed on content contained within the corresponding suspect field of the packet. Otherwise, performance of the DLP scan for the received packet is skipped. | 2017-12-21 |
20170366508 | TECHNIQUES TO USE OPERATING SYSTEM REDIRECTION FOR NETWORK STREAM TRANSFORMATION OPERATIONS - Techniques to use operating system redirection for network stream transformation operations are described. In one embodiment, an apparatus may comprise a network stream component operative to receive a network stream, the network stream associated with an application on a device; modify the network stream to generate a modified network stream; and send the modified network stream through an operating system for the device; and a local virtual private network component operative on the processor circuit to: receive the modified network stream from the operating system as a plurality of modified network stream packets; determine a network connection policy based on the application; and send the plurality of modified network stream packets to a destination network address via the network interface controller when the network connection policy indicates sending. Other embodiments are described and claimed. | 2017-12-21 |
20170366509 | NETWORK CHANNELS PRIMITIVES - Networks primitives are provided for establishing and maintaining channels and secure channels. In one embodiment, requests to open a new channel are handled only in a listen mode and, after authentication, the channel provides secure communication. In one embodiment, a secure channel is initialized and fixed if broken so that a plurality of threads may share it. In one embodiment, a no listen mode is applied if the number of new channels handled per time period is more than a threshold. | 2017-12-21 |
20170366510 | COGNITIVE CONFIDENTIALITY GUARDIAN - Protecting secure information in computer communications may include detecting by a computer process running on a server an initiation of an action if executed transmits data to a destination domain. Whether the destination domain is a permissible destination for sending the secure information may be determined. If it is determined that the destination domain is not a permissible destination, whether the data contains secure information may be determined. Responsive to determining that the data contains secure information, an alert signal may be generated to alert an initiator of the action. Responsive to determining that the action is executed even after the alert signal, the computer process may be trained to learn that the destination domain is permissible destination. | 2017-12-21 |
20170366511 | METHOD AND SYSTEM FOR THE SUPPLY OF DATA, TRANSACTIONS AND ELECTRONIC VOTING - A method and system for supply of data, including generating a first digital certificate referred (empowerment certificate) signed with a first signing entity's electronic signature. The empowerment certificate includes attributes of the described entity, information identifying the first signing entity, indication of data relating to the described entity, indication of a source of the data, and identification of a relying entity to which the data can be supplied. The relying entity forwards the empowerment certificate to a source supplying the data indicated in the empowerment certificate. The data may be supplied to the relying entity by a second digital certificate (custom certificate), signed with a second signing entity's electronic signature. Custom certificates may appear in custom certificate revocation lists. A system and method for transfer of ownership of electronic property from a first entity to a second entity, and a method and system for electronic voting are also provided. | 2017-12-21 |
20170366512 | System and Method for Machine-to-Machine Privacy and Security Brokered Transactions - A machine-to-machine secure messaging system permits a first machine to send a message to a second machine, despite not knowing the addressing information (e.g., telephone number, IP address or other identifier) associated with the second machine. The system comprises an intermediary server with access to a database with information linking addressing information with other information related to the device, e.g., owner name, operator name and job title, etc., and facilitates a secure communication without the need for either party to the communication to know the other party's addressing information. | 2017-12-21 |
20170366513 | Data Anonymization for Distributed Hierarchical Networks - Various implementations disclosed herein provide a method for anonymizing data in a distributed hierarchical network. In various implementations, the method includes determining a first set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes that are stored at the first network node and have not been transmitted upstream towards the hub. In various implementations, the method includes receiving, from a second network node, a second set of attribute hierarchy counts that indicate a number of occurrences of corresponding attributes at the second network node. In various implementations, the method includes determining whether a sum based on the first and second set of attribute hierarchy counts satisfies an anonymization criterion. In some implementations, the sum indicates a total number of occurrences for a corresponding attribute that are stored at the first and second network nodes and have not been transmitted upstream towards the hub. | 2017-12-21 |
20170366514 | CODE OBFUSCATION AND ASSOCIATED OBJECTS - Obfuscation transforms original code into an obfuscated code that is less intelligible, but behaves like the original. In one embodiment, a data sequence describing an obfuscator is processed by a reader who outputs an obfuscator. The data sequence may be stored or transmitted and the obfuscator may be used for code obfuscation. In one embodiment, additional readers are used to create objects associated with the obfuscated code. In one embodiment, a generator produces encrypted files and obfuscated code that can decrypt and encrypt the files. | 2017-12-21 |
20170366515 | PERMUTATION-BASED CONTENT ENCRYPTION WITH MANIFESTS IN A CONTENT CENTRIC NETWORK - One embodiment provides a system that facilitates encryption of manifest content based on permutation. During operation, the system partitions, by a computer system, a collection of data into a first set of content objects, wherein a content object is a chunk comprised of a plurality of bytes. The system performs a first permutation function on the first set of content objects to obtain a first set of permuted content objects. The system creates a manifest based on the permuted content objects, wherein a manifest is a content object which indicates a second set of content objects, wherein a respective content object of the second set is a data object or another manifest. The system encodes the first permutation function and the permuted content objects in the manifest, thereby facilitating an authorized entity that receives the manifest to reassemble the manifest contents based on the permutation function. | 2017-12-21 |
20170366516 | MANAGING VERIFIABLE, CRYPTOGRAPHICALLY STRONG TRANSACTIONS - A central service provider manages verifiable and cryptographically strong transactions in a block chain network. For each transaction, the central service provider maintains and updates one or more directed graphs that describe the traceable positions of an asset held by parties of the block chain network. Therefore, transactions can be reconciled by tracing along the directed graphs. The central service provider also leverages crypto-hashing to enforce the immutability of each executed transaction. For example, each transaction is cryptographically hashed and written into a block in the block chain. Each transaction refers to a cryptographic hash of a prior transaction and each block refers to a cryptographic hash of a prior block. Therefore, the executed transactions are cryptographically strong in that if a single transaction is altered, then the entire block of transactions including the transaction is invalidated. | 2017-12-21 |
20170366517 | Providing Load Balanced Secure Media Content and Data Delivery in a Distributed Computing Environment - A system and method for providing load balanced secure media content and data delivery in a distributed computing environment is disclosed. Media content is segmented and encrypted into a set of individual encrypted segments on a centralized control center. Each individual encrypted segment has the same fixed size. The complete set of individual encrypted segments is staged to a plurality of intermediate control nodes. Individual encrypted segments are mirrored from the staged complete set to a plurality of intermediate servers. Requests are received from clients for the media content at the centralized control center. Each individual encrypted segment in the set is received from one of an intermediate control node and an intermediate server optimally sited from the requesting client. The individual encrypted segments are reassembled into the media content for media playback. | 2017-12-21 |
20170366518 | SYSTEM AND METHOD FOR ACCELERATING CRYPTOGRAPHY OPERATIONS ON A PORTABLE COMPUTING DEVICE - Systems, methods, and computer programs are disclosed for accelerating cryptography operations on a portable computing device. One such method comprises receiving a request for a processor on a portable computing device to execute a cryptography algorithm. Prior to executing the cryptography algorithm, a performance of the portable computing device is increased from a current performance setting to an increased performance setting. The processor executes the cryptography algorithm at the increased performance setting. After completion of the cryptography algorithm, the portable computing device is reverted to the current performance setting. | 2017-12-21 |
20170366519 | COMPUTER-IMPLEMENTED SYSTEM AND METHOD FOR PROTECTING SENSITIVE DATA VIA DATA RE-ENCRYPTION - A computer-implemented method for protecting sensitive data via data re-encryption is provided. Encrypted data is maintained. A data query is received from a user associated with a public key and a secret key. Results of the query are computed by identifying at least a portion of the encrypted data and by adding plaintext for the identified portion of the encrypted data as the results. A re-encryption key is generated for the results using the public key of the user and the results are re-encrypted using the re-encryption key. The re-encrypted results are then transmitted to the user. | 2017-12-21 |
20170366520 | SECURED DATA TRANSMISSION USING IDENTITY-BASED CRYPTOGRAPHY - A system is provided for secure data transmission. The system stores a public master key, private decryption key and secure messaging module for securely transmitting and receiving a digital model data file for transmission via a work order message. For transmitting and receiving the work order message, the system generate public encryption keys using a key generation algorithm in which each of the public encryption keys are unique to a designated message recipient and generated using an input including the public master key, a validity period, and an identifier of the designated message recipient. The system may also store a revocation list that includes identifiers of message recipients that have revoked access to the public master key or private decryption key, and based thereon determine whether or not to encrypt and transmit the work order message, or receive and decrypt the work order message. | 2017-12-21 |
20170366521 | REMOTE FIREWALL UPDATE FOR ON-BOARD WEB SERVER TELEMATICS SYSTEM - A mobile device includes a processor, a transceiver, and a storage maintaining vehicle associations including phone numbers of telematics control units of vehicles. The device is programmed to identify a change in network address of the transceiver; encrypt the changed network address; and send the encrypted network address to the telematics control units using short message service messages addressed to the phone numbers of the telematics control units. A vehicle includes a storage including paired device data having phone numbers and network addresses of mobile devices and a telematics control unit including a firewall and web server. The firewall is programmed to, in response to receipt of a message from one of the phone numbers including a network address of the mobile device, update the storage to indicate the network address as an originating address authorized to use the web server. | 2017-12-21 |
20170366522 | MANAGEMENT OF ENCRYPTION WITHIN PROCESSING ELEMENTS - A streaming environment includes at least a first processing element of a first compute node and a second processing element of a second compute node. A tuple encryption operation is determined of the first processing element and the second processing element. The first processing element includes a first encryption key for encrypting the tuples as the leave the first processing element. An encryption workload is measured of the tuple encryption operation of a processing workload of the use of the first encryption key of a transfer of the stream of tuples. A threshold of the tuple encryption operation is determined. The second processing element is migrated to the first compute node and fused to the first compute node with the first processing element. The tuple encryption operation is removed from the first processing element. | 2017-12-21 |
20170366523 | MANAGEMENT OF ENCRYPTION WITHIN PROCESSING ELEMENTS - A streaming environment includes at least a first processing element of a first compute node and a second processing element of a second compute node. A tuple encryption operation is determined of the first processing element and the second processing element. The first processing element includes a first encryption key for encrypting the tuples as the leave the first processing element. An encryption workload is measured of the tuple encryption operation of a processing workload of the use of the first encryption key of a transfer of the stream of tuples. A threshold of the tuple encryption operation is determined. The second processing element is migrated to the first compute node and fused to the first compute node with the first processing element. The tuple encryption operation is removed from the first processing element. | 2017-12-21 |
20170366524 | SYNCHRONIZING SECURE SESSION KEYS - A first client encryption initiation is intercepted from a client. The first client encryption initiation is intended for a server. Based on the first client encryption initiation, a second client encryption initiation is initiated with the server. Receiving a server response from the server responsive to the initiated second client encryption initiation. A first secure connection is negotiated with the client. The first secure connection is based on the intercepted first client encryption initiation and based on the server response. A session key to perform secure communication with the client is obtained from the first secure connection. A second secure connection is established with the server. The second secure connection is based on the server response and the session key. | 2017-12-21 |
20170366525 | APPARATUS AND METHOD FOR CONTROLLING PROFILE DATA DELIVERY - In a profile data delivery control apparatus, a storage unit stores therein a public key and a private key. A control unit obtains profile data including the identification information of a service provided using a server, and when the profile data satisfies a prescribed validity condition, attaches a signature to the profile data using the private key. The control unit embeds the public key to be used to verify the signature, in a client application that causes a client to perform an authentication process based on the profile data, and delivers the client application with the public key embedded. | 2017-12-21 |
20170366526 | SYSTEM FOR KEY EXCHANGE IN A CONTENT CENTRIC NETWORK - One embodiment provides a system that facilitates secure communication between computing entities. During operation, the system generates, by a content-consuming device, a first key based on a first consumer-share key and a previously received producer-share key. The system constructs a first interest packet that includes the first consumer-share key and a nonce token which is used as a pre-image of a previously generated first nonce, wherein the first interest has a name that includes a first prefix, and wherein the first nonce is used to establish a session between the content-consuming device and a content-producing device. In response to the nonce token being verified by the content-producing device, the system receives a first content-object packet with a payload that includes a first resumption indicator encrypted based on a second key. The system generates the second key based on a second consumer-share key and the first content-object packet. | 2017-12-21 |
20170366527 | Method and System for an Efficient Shared-Derived Secret Provisioning Mechanism - Embodiments of systems and methods disclosed herein include an embedded secret provisioning system that is based on a shared-derivative mechanism. Embodiments of this mechanism use a trusted third-party topology, but only a single instance of a public-private key exchange is required for initialization. Embodiments of the system and methods are secure and any of the derived secret keys are completely renewable in untrusted environments without any reliance on asymmetric cryptography. The derived secrets exhibit zero knowledge attributes and the associated zero knowledge proofs are open and available for review. Embodiments of systems and methods can be implemented in a wide range of previously-deployed devices as well as integrated into a variety of new designs using minimal roots-of-trust. | 2017-12-21 |
20170366528 | SECONDARY SECURE COMMUNICATION CHANNLES - Embodiments are provided for establishing secondary secure channels in any network, including networks that enforce a single channel per neighbor policy. In one embodiment, requests to open a new channel are handled only in a listen mode and identifiers are used to authenticate the first and second secure channels. The channels provide secure communication. In one embodiment, a second channel is provisioned using the primary secure channel. In one embodiment, a method of storing data for provisioning secondary secure channels is provided. | 2017-12-21 |
20170366529 | METHOD AND APPARATUS OF IMPLEMENTING A VPN TUNNEL - The present invention is directed to allowing a more secure initial, and continuous authentication of virtual private network (VPN) tunneling. The device of the present invention contains its own microprocessor and operating system which connects to the host system via a universal serial bus (USB) or another coupling mode. The present invention involves executing and storing of the VPN software, certificates, credentials and sensors on the device, which allows for more security and manageability as opposed to executing the VPN on the host system. The device continuously authenticates the presence of the user via biometrics or the presence of second device, including a smartphone, a smartwatch, an NFC ring or a custom device with a microprocessor, via Quick Response (QR) Codes, Near-Field Communication (NFC) or Bluetooth Low Energy (LE) proximity authentication to activate or deactivate the VPN tunnel. | 2017-12-21 |
20170366530 | Mobile Account Authentication Service - A payment authentication service authenticates the identity of a payer during online transactions. The authentication service allows a card issuer to verify a cardholder's identity using a variety of authentication methods, such as with the use of tokens. Authenticating the identity of a cardholder during an online transaction involves querying an access control server to determine if a cardholder is enrolled in the payment authentication service, requesting a password from the cardholder, verifying the password, and notifying a merchant whether the cardholder's authenticity has been verified. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages via the Internet are described. Systems for implementing the authentication service in which a cardholder uses a mobile device capable of transmitting messages through voice and messaging channels is also described. | 2017-12-21 |
20170366531 | Authenticating Users to Media-Player Devices on Online Social Networks - In one embodiment, a method includes an online social networking system generating an authentication key in response to a request from a media-player device. The media-device player broadcasts the authentication key, which is received by a client system of a user of the online social network that is within range of the broadcast. The user is logged into the online social network via an application running on the client system. The application verifies the authentication key with the online social networking system. Location information of the client system and social-networking information of the user are sent by the application to the media-player device in response to the authentication key being verified. The user may be registered as an owner of the media-player device or a guest user of the media-player device. | 2017-12-21 |
20170366532 | SECURING COMPUTING RESOURCES - Various examples are directed to systems and methods for providing access to computing resources. A resource system may receive an access request from a first user. The access request may comprise resource data describing a computing resource and function data describing a requested function to be performed on the computing resource. The resource system may determine that credential data provided by the first user is valid. The resource system may identify secondary data for the access request and generate an access object based at least in part on access object fragment data and the secondary data. The resource system may execute the access object to enable performance of the requested function on the computing resource. | 2017-12-21 |
20170366533 | ENHANCED MANAGEMENT OF PASSWORDS FOR PRINTING APPLICATIONS AND SERVICES - Techniques described herein provide enhanced management of passwords for applications and services. Generally described, the techniques disclosed herein leverage the strength of existing security measures built into operating systems to generate and communicate encrypted passwords to enable components of a computing system to operate with a heightened level of security. In some configurations, the encryption of a password using strong keys that are associated with an identity improve the security of a computing device as well as improve the security, processing, and communication of secured documents and printing schemas. In some configurations, passwords for accessing documents are encrypted and embedded in printing schemas. The encrypted password is communicated between modules of an operating system in a process for generating PDF files having improved security. The claimed techniques also leverage components of existing systems without the requirement of additional libraries. | 2017-12-21 |
20170366534 | APPLICATION DELIVERY METHOD, COMPUTER-READABLE RECORDING MEDIUM, AND SERVER - An application delivery method includes detecting, by a server, a first terminal present in a specific area and transmitting, by the server, to the detected first terminal, a first application associated with the specific area and a second application having a function of relaying the first application to a second terminal; and invoking, by the first terminal, the second application outside the specific area and transmitting by the first terminal using the second application, the first application to the second terminal that has been detected. | 2017-12-21 |
20170366535 | METHOD AND APPARATUS FOR CONNECTING TO ONLINE SERVICE - Disclosed is a method of connecting to an online service, in which first authentication information is received from a terminal, at least one service available to the terminal is detected by using the first authentication information, and an automatic logging into the detected at least one service is performed. | 2017-12-21 |
20170366536 | Credential Translation - Systems and methods for credential translation are described. In some embodiments, an Information Handling System (IHS) may include: a host processor; an embedded controller coupled to the processor; and an off-host authentication processing system coupled to the embedded controller and segregated from the host processor, the off-host authentication processing system further comprising: an off-host processor; and an off-host memory coupled to the off-host processor, the off-host memory having program instructions stored thereon that, upon execution, cause the off-host processor to: receive a certificate from a web-access management server; store the certificate in the off-host memory; and request that a user of the IHS provide a first authentication factor to be associated with the certificate such that, when the first authentication factor is presented to the off-host processor, the certificate is released from the off-host memory. | 2017-12-21 |
20170366537 | SECURE EFFICIENT REGISTRATION OF INDUSTRIAL INTELLIGENT ELECTRONIC DEVICES - A method for registering an intelligent electronic device with a certification authority. The method includes enrolling a configuration tool at the certification authority; generating a one-time password for the intelligent electronic device and storing the one-time password in the certification authority and in the configuration tool; connecting to the intelligent electronic device with the configuration tool, wherein the configuration tool authenticates at the intelligent electronic device; sending the one-time password from the configuration tool to the intelligent electronic device; enrolling the intelligent electronic device at the certification authority with the one-time password and registering the intelligent electronic device with the certification authority; and receiving a device certificate from the certification authority in the intelligent electronic device. | 2017-12-21 |
20170366538 | VALIDATION FOR REQUESTS - A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. The customer can utilize a device for sending a request relating to a specified domain and receiving a request token to be provided to a domain registry associated with the subject domain. Request token creation can entail generating at least one of a random string, a string generated based on information about a customer, a string generated based on information about the application, a password, or a key. After receiving the request token, the domain registry, in turn, will provide the token to the authority, which will verify that the request token received from the domain registry corresponds to the request token originally provided to the customer's device. If the two tokens match, the authority can act in accordance with the request, such as by issuing the certificate. | 2017-12-21 |
20170366539 | VALIDATION FOR REQUESTS - A customer can demonstrate control over an element, such as a domain, by receiving a certificate from a certificate authority. After receiving a request for a certificate for a certain domain name, the certificate authority uses a public key cryptography protocol to generate a request for information regarding the domain name. The request for information is submitted to a domain service which hosts that domain name, and the domain service will provide a response to the certificate authority which includes a public key and data for the domain name, with the data encrypted under an associated private key for the domain name. The certificate authority will issue a certificate specifying the domain name and utilizing the received public key, and the certificate is unable to be validated without access to the associated private key. | 2017-12-21 |
20170366540 | Preventing Unauthorized Access to Secured Information Systems Using Multi-Device Authentication Techniques - A computing platform may receive, from a client portal server, a request to authenticate a user to a user account associated with a client portal provided by the client portal server, as well as device selection input selecting a first registered device and a second registered device to receive one-time passcodes. The computing platform may generate a first one-time passcode for the first registered device and a second one-time passcode for the second registered device, and may send the first one-time passcode to the first registered device and the second one-time passcode to the second registered device. The computing platform may receive and validate one-time passcode input. Based on validating the one-time passcode input, the computing platform may generate a validation message directing the client portal server to provide the user with access to the user account, and may send the validation message to the client portal server. | 2017-12-21 |
20170366541 | OFFLINE ACCESS CONTROL FOR AN APPLICATION - Techniques to facilitate offline access control for an application associated with an industrial automation environment are disclosed herein. In at least one implementation, a a user login prompt for the application is displayed on a display system of a computing system, wherein the user login prompt provides an offline access option for a user to request offline access to the application for a period of time. User login credentials are received along with a selection of the offline access option, which are transferred for delivery to an authentication server, wherein the authentication server authorizes the user for the offline access to the application for the period of time based on the user login credentials. An authentication response is received from the authentication server, wherein the authentication response instructs the application to authorize the user to operate the application for the period of time without requiring authorization from the authentication server. | 2017-12-21 |
20170366542 | Independent biometric identification system - The inventive data processing system and method enable verifiable secure transfer of information between two or more parties, each having access to at least one identity verification system, utilizing a platform-independent architecture to enable verification of identities of parties sending and receiving secured information, and ensuring that only an authorized receiving party gains access to the secured information, regardless of the type, model, ownership and/or quantity of biometric identity verification (BIV) systems being utilized by each party. Parties desiring to securely transfer information between one another register at a central security management system, and each provide at least one biometric enrollment to their unique record configured for storing multiple BIV system enrollments for each party. The inventive system and method also provide an adaptive enrollment feature which enables the system to function automatically and transparently with new BIV systems that have not been previously enrolled by the user. | 2017-12-21 |
20170366543 | Multi-Modal Biometric Identification - At least two biometric measurement signals are generated by contact with a single individual. At least one feature is extracted from each signal of the at least two biometric measurement signals, the extracted features are combined to generate a combined biometric signal. The combined biometric signal is compared with a defined biometric signal associated with a known individual, responsive to the combined biometric signal matching the defined biometric signal, a signal is transmitted indicating that the single individual is the known individual. The biometric measurement signals can be collected by a biometric identification device worn or carried by the single individual. The processing may be done by the biometric identification device or a remote server. | 2017-12-21 |
20170366544 | METHOD FOR ASSOCIATING AN OBJECT WITH A USER, DEVICE, OBJECT, AND CORRESPONDING COMPUTER PROGRAM PRODUCT - A method for associating a communicating object with at least one user. A remote server receives a signal requesting an association between an user identifier and an object identifier. The server verifies an authorization for the association between the object identifier and the user identifier, including verification of whether or not there is pre-existing association of the object identifier with at least one other user identifier. If association is authorized, the object identifier is associated with the user identifier in a database which can be accessed by the remote server. The database includes at least one user identifier list and one object identifier list. | 2017-12-21 |
20170366545 | SEALED NETWORK EXTERNAL APPLICATIONS - Embodiments are provided for external applications in a sealed network. A sealed network does not require administrators and may run on hardware and software that has been stripped of privileged capabilities. External applications connect to the sealed network from devices outside of the network. In one embodiment, an obfuscator generates an external application associated with a user. In one embodiment, an indirect external application provides an application programming interface. In one embodiment, an external party delegates a function to a sealed network. | 2017-12-21 |
20170366546 | COMPUTER ACCESS CONTROL SYSTEM AND METHOD - A computer access control system includes a client electronic device configured to administer an alertness test to a user. A computer access controller is coupled to and configured to be actuated by the client electronic device. | 2017-12-21 |
20170366547 | REMOTELY DEAUTHENTICATING A USER FROM A WEB-BASED APPLICATION USING A CENTRALIZED LOGIN SERVER - Provided is a process including: relaying, with a server at a first domain, at least part of a plurality application-layer messages between a client web browser and one or more destination servers; determining to terminate subsequent authenticated access by the client web browser; and sending, from the server at the first domain, instructions that cause the client web browser to delete or modify an access token stored in memory of the client web browser. | 2017-12-21 |