52nd week of 2015 patent applcation highlights part 69 |
Patent application number | Title | Published |
20150372936 | SYSTEM AND METHOD FOR SUPPORTING CONFIGURATION OF DYNAMIC CLUSTERS IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - A system and method for supporting configuration of dynamic clusters in an application server environment. The method can begin with providing, at one or more computers, including an application server environment executing thereon, a plurality of deployable resources which can be used within the application server environment, and one or more partitions, wherein each partition provides an administrative and runtime subdivision of the domain, wherein the system can associate one or more partitions with a tenant, for use by the tenant. The method can further provide a dynamic cluster for use by the one or more partitions, the dynamic cluster comprising an initial number of servers running within the dynamic cluster. The method can then receive, at an administration server to receive, a command; and then configure, via an API, the dynamic cluster. | 2015-12-24 |
20150372937 | SYSTEM AND METHOD FOR PROVIDING A WORK MANAGER IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for providing a work manager for use in an application server environment. In accordance with an embodiment, a system administrator can configure a partition work manager to provide partition work request prioritization (fair share value) to each partition within a multitenant application server environment. The system administrator can additionally configure the partition work manager to impose a minimum threads constraint limit, a partition capacity constraint, and/or a partition maximum threads constraint, all of which restrict the use of thread resources by the partitions within the environment. | 2015-12-24 |
20150372938 | SYSTEM AND METHOD FOR PARTITION MIGRATION IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for partition migration in a multitenant application server environment. Each resource group, or partition which includes that resource group, can be associated with a virtual target (e.g., virtual host) information that defines a target to which that resource group or partition should be targeted and deployed. A web tier component (e.g., Oracle Traffic Director) includes a routing information, which maps the virtual target for a partition to a corresponding target such as a server or cluster, so that requests for that partition are directed to the appropriate target, for example as part of one or more sessions. When a partition is migrated, session information is replicated between an original target and a new target, and the web tier component provided with a revised routing information, so that subsequent requests for that partition are directed to the new target. | 2015-12-24 |
20150372939 | MOBILE SUPERCLOUD COMPUTING SYSTEM AND METHOD - A mobile supercloud system and method are provided that can improve upon the complexity regarding synchronization and sharing of data with others over the cloud. Embodiments can provide systems that can be quickly responsive to changes made to data on the client device, and which can automatically propagate those changes wherever needed. The system can combine the resources of multiple cloud services together with the computational and storage resources resident on the mobile device, and a system whereby the user's device can participate in completing the restoration of state on the server after catastrophic failure on the server-side. | 2015-12-24 |
20150372940 | Data Flow Node Provisioning - Data flow node validation and provisioning techniques are described. In one or more implementations, a system is described that supports visual design and deployment of data flow pipelines to process streaming data flows. The system may be configured to include nodes and connections between the nodes to represent an arbitrary execution graph of data science algorithms (as algorithm action components) that are used to process the streaming data flows. The system may also support validation techniques to verify that the data flow pipeline may operate as intended. Further, the system may also support implementation and provisioning techniques that involve estimation and adjustment of runtime resource provisioning of a deployed data flow pipeline without preemption or starvation occurring for nodes within the pipeline. | 2015-12-24 |
20150372941 | SYSTEM AND METHOD FOR PORTABLE PARTITIONS IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for providing portable partitions in a multitenant application server environment. In accordance with an embodiment, the system enables a partition to be exported from first or source domain (e.g., a test domain), and imported into another second or target domain (e.g., a production domain). During creation or export of a partition archive, the partition archive is created which includes a partition configuration, resource group or resource group template information, and optionally application binaries. The partition archive can also include an interface that allows access to exportable or configurable values associated with the partition. During deployment or import of the partition archive to the target domain, the information in the partition archive, including the exportable or configurable values associated with the partition, are used to configure the partition for use in the target domain. | 2015-12-24 |
20150372942 | Method for Constructing Optimal Time-Controlled Paths in a Large Computer Network - Embodiments of the invention relate to the dynamic creation of TT paths in a large computer network having computer nodes, communication channels, and distribution modules (DMs), which all have access to a global time base, wherein a scheduling instance, aimed at establishing a time-controlled path with specified path time characteristics from a transmitting to a receiving node along an existing virtual connection (VC), requests from each DM in the VC all the TT path descriptor lists (TTPDLs) confirmed by said DMs, then transmits the specified path time characteristics and all confirmed TTPDLs to a dynamic scheduler that creates a new TTPDL for each DM in the VC, the existing reserved TTPDLs of the DMs affected remaining unchanged, wherein the corresponding new TTPDLs are transmitted to each DM in the VC, and wherein each DM in the VC reserves the TT path requested and confirms the reservation to the scheduling instance. | 2015-12-24 |
20150372943 | FRAMEWORK FOR NETWORK TECHNOLOGY AGNOSTIC MULTI-CLOUD ELASTIC EXTENSION AND ISOLATION - Establishing an MCEE logical structure relating tenant resources of a tenant site, first non-tenant cloud resources at a first non-tenant cloud site, and second non-tenant cloud resources at a second non-tenant site. Mapping the MCEE logical structure nodes to a segmented end-to-end virtual network structure (E2E-VNS) such that the resources at each node of the MCEE logical structure is in a separate virtual network of the E2E-VNS. Establishing an extension and isolation (EXI) domain in the MCEE logical structure associating at least one node of the tenant resources with at least one node of the first non-tenant cloud and at least one node of the second non-tenant cloud. Connecting for network communications, the E2E-VNS virtual networks of the nodes of the EXI domain for isolation of the resources of the nodes of the EXI domain from the other resources of the MCEE logical structure in an EXI virtual network. | 2015-12-24 |
20150372944 | PROVISIONING LEGACY SYSTEMS NETWORK ARCHITECTURE RESOURCE COMMUNICATIONS THROUGH A GROUP OF SERVERS IN A DATA CENTER - Methods for managing communications between client computers and distributed resources. Distributed resources are identified that each of a set of client computers is configured to communicate with, based on configuration information stored on each of the set of client computers. A group of servers are configured to host communications between each of the set of client computers and the distributed resources, based on server capabilities of each server in the group of servers and a policy for load balancing communications through the group of servers. Then the configuration information stored on each of the set of client computers is modified to use the group of servers for communicating with the distributed resources. | 2015-12-24 |
20150372945 | MAPPING COMPUTER RESOURCES TO CONSUMERS IN A COMPUTER SYSTEM - Mapping computer resources to consumers in a computer system is described. In an example, a method of mapping computer resources to consumers in a computer system includes: receiving tags assigned to the computer resources at a resource manager executing in the computer system, where the resource manager: identifies a first tag assigned to a first computer resource; determines whether a first consumer is associated with the first tag; enables the first consumer to access the first computer resource if the first consumer is associated with the first tag; and prevents the first consumer from accessing the first computer resource if the first consumer is not associated with the first tag. | 2015-12-24 |
20150372946 | ACQUIRING RESOURCE LEASE USING MULTIPLE LEASE SERVERS - The obtaining of a lease on a resource in a circumstance in which multiple lease servers are capable of granting a lease to the resource. A computing entity attempts to obtain the lease on the resource by causing a lease request to be sent to each of at least most (and perhaps all) of the lease servers. In response, the computing entity receives one or more responses to the lease requests. If the computing entity receives grants of a lease from a majority of the lease servers that are capable of granting a lease to the resource, then it is determined that the computing entity acquired a lease on the resource. On the other hand, if the computing entity receives grants of a lease from less than a majority of the lease servers, it is determined that the computing entity failed to acquire the lease on the resource. | 2015-12-24 |
20150372947 | PACKET PROCESSING METHOD AND DEVICE - Embodiments of the present invention provide a packet processing method and a device. The method includes: receiving a data packet that is generated and sent by a destination device after the destination device receives a first interest packet that is forwarded by a source device via the forwarding node, where the data packet carries a content name that is the same as a content name of content requested by using the first interest packet; when forwarding the first interest packet, generating, a PIT entry corresponding to the first interest packet in the PIT; and when determining that the data packet carries a second interest packet, matching the content name carried in the data packet with a content name in the PIT entry, and forwarding the data packet to the source device according to a port in the matched PIT entry. | 2015-12-24 |
20150372948 | PARALLEL PATH TRAIN COMMUNICATION NETWORK - A communication access point is disclosed for use with a mobile consist having at least a first vehicle and a second vehicle. The communication access point may have an intra-consist router configured to receive signals from a first plurality of vehicle control components located onboard the first vehicle and to generate data packets for transmission to a second plurality of vehicle control components located onboard the second vehicle. The communication access point may also have a wired Ethernet bridge configured to transmit data packets to and from the intra-consist router, and a wireless Ethernet bridge configured to transmit data packets to and from the intra-consist router in parallel with the wired Ethernet bridge. | 2015-12-24 |
20150372949 | SIGNALLING CONGESTION - Methods and apparatus for signalling congestion are described, in respect of a network element ( | 2015-12-24 |
20150372950 | METHOD AND SYSTEM FOR AUTOMATED VERIFICATION OF SENTIENCE USING AN ELECTRONIC COMMUNICATION PROTOCOL - A method and system for automatically verifying that a user is still sentient and alive by implementing a user-specified protocol of timed electronic communications is disclosed. In use, a user is previously assigned or themselves sets up a protocol of electronic communications to be sent at specified timed intervals. These sent timed electronic communications may be in the form of a “ping” or some sort of telecommunication alert that requires a user response. More specifically, for each “ping” or alert, the user must respond within a specified period of time. If the user responds, the protocol is terminated and starts over at the beginning. If the user does not respond within the specified time, the protocol proceeds to the next communication. If the protocol completes without any response from the user, a user designated person or guardian is alerted. | 2015-12-24 |
20150372951 | Retrieval Of Stored Transmissions - An instant messaging client application is executed on a first terminal, to participate in threads of instant messaging between user terminals over a packet-based network, each thread comprising exchanging text-based messages between the user terminals of a selected group of contacts comprising the first user and at least one second user. A digital record of the messages is maintained in a data storage medium. A further text-based message is received from one of the second terminals over the packet-based network, comprising a citation of a cited one of the text-based messages previously transmitted over the packet-based communication network and stored in the storage medium. The further message is processed at the first terminal so as, by reference to the storage medium, to recover a context of the cited message in relation to others of the text-based messages in the respective thread. | 2015-12-24 |
20150372952 | METHOD AND SYSTEM FOR ENHANCED CONTENT MESSAGING - Methods and system for integrating a media file within a text message on a user device are provided herein. In some embodiment, a method for integrating a media file within a text message may include sending a request to determine whether one or more text message terms included in a text message matches a predetermined list of terms, wherein each term in the predetermined list is associated with at least one media file, and receiving an indication of a match between the one or more text message terms and at least one term in the predetermined list, and tagging each of the matched text message terms with the at least one media file associated with the corresponding matched term in the predetermined list. | 2015-12-24 |
20150372953 | STATEFUL NOTIFICATION - An apparatus can include a processor; memory operatively coupled to the processor wherein the memory stores identifier information; a network interface; notification circuitry; and policy engine circuitry that, responsive to receipt of identifier information via the network interface, activates the notification circuitry if, according to a match criterion, a match exists between at least a portion of the received identifier information and at least a portion of identifier information previously transmitted via the network interface and stored in the memory. | 2015-12-24 |
20150372954 | Rule-Based Rate Limiting - Methods, devices, and machine-readable media are provided to perform rule-based rate limiting. As provided in this disclosure, this may include receiving a message en route to a destination, determining one or more parameters of the message, and determining whether the parameters of the message match parameters of a rule that specifies taking a first action when more than some number of messages having those parameters are received within a specific amount of time. When the one or more parameters of the message match the one or more parameters of the first restriction rule, a sliding window counter that indicates a total number of corresponding messages received within the amount of time may be incremented. When the first sliding window counter exceeds the first number of messages, the specified action may be taken. | 2015-12-24 |
20150372955 | SORTING ELECTRONIC MAIL - Emails are received and parsed for a set of dates. A set of words surrounding the set of dates are identified and contextual information is correlated with the set of dates based on the set of words. It is then determined whether the dates are promotional expiration dates based on the contextual information. The emails that have promotional dates are placed in a list having a chronological order that is based on the promotional expiration dates. The current calendar date is checked and emails are excluded from the list in response to the current calendar date being chronologically after the promotional expiration date. The list is then displayed based on the exclusion of the email. | 2015-12-24 |
20150372956 | MESSAGE PROCESSING SYSTEM - A message processing system is disclosed herein. A client computing device may receive an electronic message from a server via a network and via a forwarding operation on a condition that the electronic message is approved to be forwarded to a recipient. The client computing device may then receive from the server a message that the electronic message is unapproved, wherein the message includes a URL to view the unapproved electronic message and the electronic message is stored on the server with an indication that the electronic message is unapproved. The client computing device may then receive a list of unapproved electronic messages to display, wherein associated with the list are selectable options including to send the unapproved electronic message, to add a sender of the unapproved electronic message to an approved sender list, and to delete the unapproved electronic message. | 2015-12-24 |
20150372957 | REAL-TIME MESSAGING METHOD AND APPARATUS - A system and method for the late-biding of time-based media in real-time With late binding, the sender may create time-based media before or at the same time an active delivery route to the recipient is discovered. As soon as the route becomes available, the media is transmitted. The existing DNS and email infrastructure is possibly used for route discovery, while any real-time transmission protocol may be used for the actual delivery of the media. “Progressive” emails may also be used for the real-time delivery of time-based media. | 2015-12-24 |
20150372958 | MAIL SENDING/RECEIVING APPARATUS, METHOD, AND RECORDING MEDIUM RECORDING PROGRAM - A vehicle-mounted apparatus includes a mail receiving processing unit configured to receive an electronic mail, a received mail determination unit configured to determine, after a first electronic mail is received by the mail receiving processing unit, whether a second electronic mail associated with the first electronic mail is received by the mail receiving processing unit, and a notification processing unit configured to perform, when it is determined by the received mail determination unit that the first electronic mail and the second electronic mail are associated with each other, notification of these two electronic mails simultaneously. | 2015-12-24 |
20150372959 | SOFTWARE INTEGRATED ELECTRONIC MESSAGING CARDS - A method and a device are disclosed including software components that are executed on a computing device to enable multimedia communications. A message card constituting an integrated messaging unit is used to transmit and receive multimedia data between two or more computing devices. The card may contain text, picture, animation, sound, video, metadata, and other messaging data and information, some of which may be encapsulated in software stickers embedded in the message card. The cards may be stacked, stored, searched for, modified, augmented with stickers, and the like. The stickers may have various looks and functions including providing a message, animation, video, picture, hologram, be peeled off, be scratched to reveal content, detect movement of the computing device, detect finger tapping, show emotions, provide quick reply to messages, and the like. The looks, contents, and behaviors of the message cards and/or the stickers may be programmable by the user. | 2015-12-24 |
20150372960 | Method and system for sending messages per channel - Techniques for electronically engaging customers across all different platforms are disclosed. Based on unique device identifiers captured together with interactions by users with one or more applications provided by a business, a message prepared in a first format is automatically converted to a corresponding message in a second format according to what the devices the user have been interacting with can support. Depending on implementation, the message may be a response by the business to an inquiry from a user or a promotion by the business to be distributed to a group of selected users maintained by the business. The interactions include activities a user has had with one or more of the applications provided by the business and provide the statistical or actual data for the business to determine the group of users to receive the message. | 2015-12-24 |
20150372961 | NOTIFICATION GENERATION SYSTEM FOR MESSAGES - A method for generating a notification about a recipient of a message. The recipient of the message is identified while the message is being composed. Whether information is present about the recipient for use in composing the message is determined. The notification is presented to the sender based on the information identified about the recipient while the message is being composed when the information about the recipient is present for the message. | 2015-12-24 |
20150372962 | MANAGING AND ACCESSING DATA STORAGE SYSTEMS - Systems and methods are disclosed for managing and/or accessing distributed data storage. A server computing device or network attached storage (NAS) device may include a message processing module to send and receive electronic-mail (email) messages. The message processing module is configured to cause the NAS device to perform NAS operations based on messages (e.g., email messages from users) and to send email messages with the results of the NAS operations to users. | 2015-12-24 |
20150372963 | SYSTEMS AND METHODS FOR CATEGORIZING MESSAGES - Systems and methods of the present disclosure are directed to categorizing messages. A first server can receive, from a second server maintaining a plurality of social media messages, a message. The first server can categorize the message under a first category or a second category. The first server can process the message and determine a frequency of each of the words included in the processed message. The first server determines, using a probabilistic engine executing on the first server, a relevancy score of the modified message indicating a level of relevance between the message and the first category based on the determined frequency of each of the words. The first server, responsive to determining that the relevancy score satisfies a threshold, can categorize the message under the first category. | 2015-12-24 |
20150372964 | METHODS AND SYSTEMS FOR RECIPIENT MANAGEMENT WITH ELECTRONIC MESSAGES - There is provided a method of recipient management with electronic messages having time defined actions, comprising: defining for an electronic message to a recipient, according to data inputted by a user at a user client terminal, one or more actions for the recipient to perform and a time frame for performance of the one or more actions; sending the electronic message to a recipient client terminal of a recipient to trigger a monitoring of performance of the one or more actions by the recipient at the client terminal during the time frame; receiving an indication of the performance of the one or more actions based on the monitoring from the recipient client terminal; and presenting on the user client terminal a notification in response to the indication. | 2015-12-24 |
20150372965 | METHOD OF INVITING OTHER ELECTRONIC DEVICES TO CHAT ROOM BY USING INFORMATION ON ACCESS POINT AND ELECTRONIC DEVICE THEREFOR - A first electronic device is provided. The first electronic device includes a user input reception device configured to receive a user input to request the first electronic device to generate a chat room. The first electronic device also includes a processor configured to generate the chat room for use by a plurality of electronic devices. The first electronic device further includes a transmitter configured to broadcast information to provide a notification that the chat room is generated and to transmit the information to notify that the chat room is generated to an access point (AP) connected with the first electronic device. | 2015-12-24 |
20150372966 | SYSTEM AND METHOD FOR ADDRESS BASED LOCATIONS - Techniques are provided for identifying a locations of application users based on originating address. Techniques to generate a set of address-to-location mappings include a system configured to receive information about a plurality of location-known requests that originated from an address, wherein the information indicates a plurality of locations for the originating address. The system is further configured to identify a geographical area based, at least in part, on the plurality of distinct locations; map the geographical area to a corresponding geographical locality; and associate the address to the geographical area and the corresponding geographical locality generating an address-to-location mapping. Address-to-location mappings may be further clustered into address-range-to-location mappings and stored as a data pack. Using these techniques, location information may be determined for a received location-unknown request that originated from a particular address. | 2015-12-24 |
20150372967 | PROVIDING NETWORK ADDRESSES FOR NETWORK NODES - Methods, systems, and apparatus for providing network addresses are disclosed. In one aspect, a network element device in a telecommunication network includes a chassis coupled with a passive Radio Frequency Identification (RFID) device and a network line module coupled to the chassis. The passive RFID device stores a network node identifier that is used to communicate with a second network element device communicatively coupled with the network element device. The network line module includes a RFID reader that is configured to obtain the network node identifier from the passive RFID device when the network line module is initialized. | 2015-12-24 |
20150372968 | A Method of and a Processing Device Handling a Protocol Address in a Network - The invention relates to a method of handling a protocol address (IP_x) in a network ( | 2015-12-24 |
20150372969 | DNS RENDEZVOUS LOCALIZATION - A method of generating a routing table containing information as to the weighted distance between client's that use a resolver and each rack gateway, taking into account how traffic to each client can egress from the CDN AS. The routing table is generated from matrix multiplication of two matrices. One matrix contains information as to the proportion of each client's use of each resolver in a first autonomous system. The second matrix contains information as to the distance between each client and each rack, with respect to an egress gateway, in a second autonomous system. The resulting routing table is used to identify a gateway from which to serve content to a client. | 2015-12-24 |
20150372970 | ADDRESS MANAGEMENT IN AN OVERLAY NETWORK ENVIRONMENT - Embodiments of the invention relate to overlay network address management. One embodiment includes an overlay gateway including an overlay network manager associated with a physical network. The overlay network manager prevents duplicate address assignment for overlay domains having a first sharing status and performs address translation for overlay domains having a second sharing status. Address translation is avoided for overlay domains having the first sharing status. | 2015-12-24 |
20150372971 | INFORMATION PROCESSING APPARATUS, INFORMATION PROCESSING METHOD AND RECORDING MEDIUM - An information processing apparatus connected with one or more apparatuses through a network, comprises: a first acquiring unit configured to acquire first address information for indicating one of addresses in the network among addresses of the apparatuses and first apparatus specific information for identifying the apparatuses; a second acquiring unit configured to acquire second apparatus specific information for identifying an apparatus indicated by the first address information acquired by the first acquiring unit; a determining unit configured to determine whether the first apparatus specific information acquired by the first acquiring unit is the same as the second apparatus specific information acquired by the second acquiring unit or not; and a process requesting unit configured to request the apparatus indicated by the first address information to perform a certain process upon the determining unit determining the first apparatus specific information to be the same as the second apparatus specific information. | 2015-12-24 |
20150372972 | USER DEVICE TO DOMAIN NAME RESOLVER MAPPING - A method of selecting an edge proxy server to serve web contents to user devices is disclosed. Domain name system (DNS) queries from a domain name resolver are received. A mapping between the domain name resolver and a corresponding list of user devices served by the domain name resolver are created based on the received DNS queries. A transformed geographical location representing the domain name resolver is determined based on the mapping. An edge proxy server is selected in response to a future DNS query received from the domain name resolver based at least in part on the transformed geographical location of the domain name resolver. | 2015-12-24 |
20150372973 | METHOD AND SYSTEM FOR THE CREATION, MODIFICATION AND REMOVAL OF A DISTRIBUTED VIRTUAL CUSTOMER HOME GATEWAY - The at least one distributed virtual CPE comprising at least one IP Edge node, at least one Carrier Grade NAT node, at least one User Configuration Server and at least one Line Configuration Server, the method creating said at least one distributed virtual CPE upon the reception of traffic from a home in the access line corresponding to said home; modifying said at least one distributed virtual CPE upon a customer request; removing said at least one distributed virtual CPE, upon a traffic inactivity timeout detected in said access line or upon an administrative command; and associating a line identifier and a customer identifier to said at least one distributed virtual CPE, wherein said association, termed vCPE context, is known partially or totally by the at least one IP Edge node, the at least one Carrier Grade NAT, the at least one User Configuration Server and the at least one Line Configuration Server, and is kept active during the whole life cycle of said distributed virtual CPE from the creation to the removal. | 2015-12-24 |
20150372974 | Method for Setting Functional Module Name of Mobile Terminal, and Mobile Terminal - The embodiment of the present document discloses a method for setting functional module names of a mobile terminal, which includes: setting the name of a mobile terminal; according to the set name of the mobile terminal, generating functional module names corresponding to functional modules in the mobile terminal. The embodiment of the present document further discloses a mobile terminal. The solution disclosed in the embodiment of the present document can be used to automatically modify the names of various functional modules in a mobile terminal by setting the name of the mobile terminal, thus reducing the user's operation steps and also improving the user experience. | 2015-12-24 |
20150372975 | INFORMATION PROCESSING DEVICE AND INFORMATION PROCESSING METHOD - An information processing device is connected to a plurality of networks and performs information processing. The networks include a control network connected to a control device in a mobile object, an information network connected to an information device in the mobile object, and an external network connected to an external device outside of the mobile object. The information processing device includes firewalls each connected to one of the networks, and a processor connected to each network via the corresponding firewall. The information processing device isolates at least the control network from the other networks. | 2015-12-24 |
20150372976 | NETWORK THREAT PREDICTION AND BLOCKING - A firewall monitors network activity and stores information about that network activity in a network activity log. The network activity is analyzed to identify a potential threat. The potential threat is further analyzed to identify other potential threats that are related to the potential threat, and are likely to pose a future risk to a protected network. A block list is updated to include the potential threat and the other potential threats to protect the protected network from the potential threat and the other potential threats. | 2015-12-24 |
20150372977 | FIREWALL POLICY MANAGEMENT - Methods and systems are provided for creation and implementation of firewall policies. Method of the present invention includes enabling a firewall device to maintain a log of network traffic flow observed by the device. The method further includes enabling firewall device to receive an administrator request for a customized report to be generated based on log of network traffic and generating the report by extracting information from the log based on report parameters, where the report includes desired network traffic items that are associated with one or more action objects. The method further provides for firewall device to receive a directive to implement an appropriate firewall policy on one or more network traffic items responsive to interaction of administrator with one or more action objects corresponding to the network traffic items. Based on the directive and information from log, the firewall then defines and/or establishes appropriate firewall policy. | 2015-12-24 |
20150372978 | METHODS AND APPARATUS FOR DENIAL OF SERVICE RESISTANT POLICING OF PACKETS - Methods and apparatus for supporting secure packet communications, e.g., sRTP/sRTCP, which are resistant to denial of service attacks are described. A received packet is identified to correspond to a particular stream being received, the stream having a current expected set of packet sequence numbers, e.g., a current window including a next expected packet sequence number and at least one packet sequence number in the expected packet window on each side of the expected packet sequence number. Unencrypted information from the received packet, e.g., a received packet sequence number, is used to determine at least one of: to drop the received packet, or to assign the packet to one of a plurality of policing levels. If the packet passes policing at its assigned policing level, the packet may undergo authentication and decryption to determine if it is a valid packet. | 2015-12-24 |
20150372979 | Packet Filtering at an Application-Processor-to-Modem Interface - An application processor circuit comprises an interface circuit configured to communicate with a separate modem device, a user application module configured to execute one or more user-installed applications, and a core application module configured to execute one or more core applications and to access one or more modem services on the modem device, using the interface circuit and an IP socket application protocol interface (API), wherein packets sent to the modem device for accessing the one or more modem services include a destination IP address corresponding to the modem device. The application processor circuit further comprises an IP filter module configured to identify and discard outbound packets that include a destination IP address corresponding to the modem device and that originate from any of one or more disallowed applications in the application processor, without sending the identified packets to the modem device. | 2015-12-24 |
20150372980 | INTRUSION PREVENTION AND REMEDY SYSTEM - According to one embodiment, a computerized method is directed to neutralizing callback malware. This method involves intercepting an incoming message from a remote source directed to a compromised endpoint device. Next, a first portion of information within the incoming message is substituted with a second portion of information. The second portion of information is designed to mitigate operability of the callback malware. Thereafter, the modified incoming message, which includes the second portion of the information, is returned to the compromised endpoint device. | 2015-12-24 |
20150372981 | System and Method for Automatic Data Security, Back-up and Control for Mobile Devices - Systems and methods for providing security, monitoring, and control of mobile communications device activity including at least one mobile communication device with software operable thereon for receiving rules provided by an authorized user of the device(s) and in accordance with those rules administering actions to provide for controlling, monitoring, and security data stored or generated on the device(s), including logging data and activities related to the mobile communications device, blocking and filtering calls, messages, websites, emails, and combinations thereof, via wireless communication with a remote server computer having a corresponding software module operable thereon for managing and implementing the rules. | 2015-12-24 |
20150372982 | INTELLIGENT, CLOUD-BASED GLOBAL VIRTUAL PRIVATE NETWORK SYSTEMS AND METHODS - A method includes connecting to a client at a Virtual Private Network (VPN) device in a cloud system; forwarding requests from the client for the Internet or public clouds accordingly; and, for requests for an enterprise associated with the client, contacting a topology controller to fetch a topology of the enterprise, causing a tunnel to be established from the enterprise to the VPN device, and forwarding the requests for the enterprise through the tunnel. A cloud system and VPN system are also described. Advantageously, connections between the cloud and on-premises proxy are dynamic, on-demand and orchestrated by the cloud. Security is provided at the edge—there is no need to punch any holes in the existing on-premises firewalls. | 2015-12-24 |
20150372983 | METHOD AND APPARATUS FOR RESOURCE LOCATOR IDENTIFIER REWRITE - A method and apparatus for resource locator identifier rewrite have been presented. A security device receives from a resource host over a non-secure hypertext transfer protocol (HTTP) session a response to a request received from a client over a secure HTTP session. The response includes a uniform resource locator (URL) that is supposed to be for a resource host, but the URL does not designate a secure resource access protocol and the resource host requires the secure resource access protocol. The URL is located in the response and modified to designate the secure resource access protocol. After modification, the response is transmitted via the secure resource access protocol session to the client. | 2015-12-24 |
20150372984 | PROTECTING AGAINST SNIFFING BASED ON INTERVALS BETWEEN USER INPUT SIGNALS - Various example embodiments are disclosed. According to an example embodiment, a non-transitory computer-readable storage medium may include instructions stored thereon. When executed, the instructions may cause a client computing device to perform at least establishing a peer-to-peer connection with a host computing device, receiving multiple user input signals from a user of the client computing device, generating a packet, the packet including representations based on at least two of the user input signals, and sending the packet to the host computing device via the peer-to-peer connection. | 2015-12-24 |
20150372985 | SYSTEM AND METHOD FOR OPERATING A SAFETY-CRITICAL DEVICE OVER A NON-SECURE COMMUNICATION NETWORK - A system and method for operating, at a near location, a safety-critical device located at a far location. The system includes a first operating input device to be operated at the near location, providing a first barrier control signal; and a second operating input device to be operated at the near location, providing a second barrier control signal. The first barrier control signal is communicatively connected to a near end of a first secure communication tunnel through the non-secure communication network, and the second barrier control signal is communicatively connected to a near end of a second secure communication tunnel through the non-secure communication network. A far end of the first secure communication tunnel is communicatively connected to an activating input of a first barrier circuit, and a far end of the second secure communication tunnel is communicatively connected to an activating input of a second barrier circuit. | 2015-12-24 |
20150372986 | DATA TRANSFER - A data transfer system includes a set of switch and/or router devices ( | 2015-12-24 |
20150372987 | SECURE END-TO-END TRANSPORT THROUGH INTERMEDIARY NODES - A communication network encrypts a first portion of a transaction associated with point-to-point communications using a point-to-point encryption key. A second portion of the transaction associated with end-to-end communications is encrypted using an end-to-end encryption key. | 2015-12-24 |
20150372988 | SCAN IMAGE AUTHENTICATION - Methods and systems receive an electronic scanned image generated by activity of an application running on a portable computerized device, and calculate a cryptographic digest from data of the electronic scanned image using a second computerized device. Also, such methods and systems encrypt the cryptographic digest using an encryption key stored on the portable computerized device to create a content signature of the cryptographic digest, and send the content signature to the second computerized device. The authenticity of a copy of the electronic scanned image provided by the second computerized device is verified by recalculating the content signature (based on the copy of the electronic scanned image) using the encryption key from the portable device. | 2015-12-24 |
20150372989 | METHOD FOR INTRODUCING DEPENDENCE OF WHITE-BOX IMPLEMENTATION ON A SET OF STRINGS - A method of performing a cryptographic operation using a cryptographic implementation in a cryptographic system, including: receiving, by the cryptographic system, an identifying string value; receiving, by the cryptographic system, an input message; performing, by the cryptographic system, a keyed cryptographic operation mapping the input message into an output message wherein the output message is the correct result when the indentifying string value is one of a set of binding string values, wherein the set includes a plurality of binding string values. | 2015-12-24 |
20150372990 | System and Method for Authorized Digital Content Distribution - A digital content distribution system uses a Digital Rights Management Controller that performs a set of arbitrary tests against the transfer request from one user to another such as user A to user B. Assuming these tests are successful, the DRM sends an encryption key to transferring user A. This encryption key E is taken from a table of encryption key/hash pairs which have been provided to the DRM Controller by an external authority such as the content rights holder. User A encrypts the content using they key provided by the DRM controller and then optionally calculates a hash over the encrypted form of the content E(X) and returns this value to the DRM Controller. On checking the returned hash against the hash from the table the DRM controller knows that user A does indeed have the digital content X in good condition. The DRM Controller then instructs both users A and B that the transfer may proceed. The encrypted form of the content E(X) is transferred from A to B. Once the content transfer has completed B ensures that the received content has been physically written to non-volatile storage (to account for crashes etc. during the next step). B then calculates a hash over the received content and returns this value to the DRM Controller. If this value matches the value previously given then the transfer has been successful and the DRM Controller updates whatever central records are appropriate, while also returning a decrypt key to B to allow it to decrypt the content. | 2015-12-24 |
20150372991 | METHOD AND SYSTEM FOR PROTECTING DATA USING DATA PASSPORTS - A method for transmitting data involves receiving the data, identifying, by a sender system, a first data element in the data to protect, encrypting, by the sender system, the first data element with a sender session key, generating, by the sender system, a combined key using a receiver key value and a sender compartmentalization key (SK). The method also involves encrypting, by the sender system, the sender session key using the combined key to obtain an encrypted session key, generating, by the sender system, a data passport comprising the encrypted session key, a dictionary classification key (DK) index, a SK index, and a receiver compartmentalization key (RK) index, generating, by the sender system, protected data comprising the data passport and the encrypted first data element, and transmitting, by the sender system and across a network, the protected data to a receiver system. | 2015-12-24 |
20150372992 | CONTENT REPRODUCTION SYSTEM, INFORMATION PROCESSING TERMINAL, MEDIA SERVER, SECURE DEVICE, AND SERVER SECURE DEVICE - A content reproduction system includes an information processing terminal ( | 2015-12-24 |
20150372993 | SYSTEM AND METHOD FOR PROCESSING TRANSACTIONS - Embodiments of the invention include methods, systems, and computer-readable media for processing transactions involving sensitive information, such as a credit card number. Embodiments include a first server authenticating a second server based on a security token and determining whether the security token is expired. Based on the results, the first server may request a transaction token associated with sensitive information. The first server may encrypt the transaction token using a public key of the second server. The first server may send the encrypted transaction token as a parameter to a URL, wherein the URL is configured to cause a browser on a client to send, to the second server, a request for the page and the encrypted transaction token. | 2015-12-24 |
20150372994 | Cryptographic Proxy Service - A cryptographic proxy service may be provided. Upon determining that data associated with a network destination comprises at least some sensitive data, a cryptographic service may provide a security certificate associated with the network destination. The plurality of data may be encrypted according to the security certificate associated with the network destination and provided to the cryptographic service for re-encryption and transmission to the network destination. | 2015-12-24 |
20150372995 | ASSET GUARDIAN - An asset guardian system may comprise a server including a processor with memory and a database. The processor may be configured to receive asset information regarding a plurality of assets and update the database with the received asset information. A mobile device may be configured to change at least one of the assets from a disabled condition to an enabled condition in response to an asset code from the server. At least one of the plurality of assets may be configured to authenticate the asset code and register the asset code with the server thereby updating the asset information on the database. At least one of the plurality of assets may further be configured to be operatively paired with a respective socket. | 2015-12-24 |
20150372996 | SLOTTED MESSAGE ACCESS PROTOCOL FOR POWERLINE COMMUNICATION NETWORKS - A slotted message access protocol can be implemented for transmitting messages in a communication network. A beacon period may be divided into multiple communication slots. A master network device may register a first client network device and provide registration information to the first client network device. The registration information may include one or more encryption keys to allow the first client network device to securely transmit messages in the communication network. The client network device may use an encryption key associated with a second client network device to decrypt messages received from the second client network device. Furthermore, the first client network device may use a contention-based communication slot to request allocation of contention-free communication slots for subsequent transmissions. The master network device may temporarily allocate contention-free communication slots to the client network device for a specified duration. | 2015-12-24 |
20150372997 | DEVICE, SYSTEM AND METHOD PROVIDING DATA SECURITY AND ATTRIBUTE BASED DATA ACCESS IN PARTICIPATORY SENSING - Disclosed are devices, systems, and methods for securing data using attribute based data access. The data may correspond to a sensory environment, and the data is secured at the device. The device secures the data by segmenting the data into number of segments and defining an access policy, further submitting the access policy to a PKG of system for generating Access Tree having attributes at different level for accessing the data. These Access Trees are securely stored on the device using IBE mechanism. Further, the data after being secured, is uploaded to a system for analysis. At the system, an access request may be received for accessing the data. The access request further includes a request attribute, whereby the system verifies if the attribute satisfies the Access Policy. If the verification is positive, an access may be provided to the data accessor for accessing the data. | 2015-12-24 |
20150372998 | SECURING COMMUNICATIONS WITH ENHANCED MEDIA PLATFORMS - Various methods and systems for securing communications with enhanced media platforms, are provided. In particular, an enhanced media platform is authenticated using a trusted location. The authenticated enhanced media platform establishes a bidirectional trust with an enhanced remote location, the enhanced media platform being stored in the enhanced remote location. Upon authentication and establishing the bidirectional trust, the enhanced media platform may securely communicate media content in a media content distribution service infrastructure while supporting custom functionality. The method for securing communications with enhanced media platforms includes communicating authentication credentials to an internal security component at the trusted location. The method further includes receiving validation credentials from the internal security component. The method also includes authenticating the enhanced remote location based on at least a portion of the validation credentials received. The method further includes establishing the bidirectional trust relationship with the enhanced remote location using the validation credentials. | 2015-12-24 |
20150372999 | METHODS AND APPARATUS FOR USING SMART ENVIRONMENT DEVICES VIA APPLICATION PROGRAM INTERFACES - In one embodiments, a method for authorizing access for an application programming interface (API) client or API client device to data of one or more data models of one or more smart devices includes retrieving a number of access tokens from an authorization server, and providing, via a single connection, the number of access tokens in a request made by the API client or the API client device to the API, wherein the number of access tokens are used to verify access rights of the API client or the API client device to read data for a number of users associated with the one or more data models of the one or more smart devices. | 2015-12-24 |
20150373000 | SYSTEM AND METHOD FOR CONNECTING TO SECURITY DEVICE BY MEANS OF PEER-TO-PEER (P2P) RELAY DEMON - A system and method for connecting to a security device by means of a Peer-to-Peer (P2P) relay demon. In the present disclosure, a P2P technology is applied to a technology for connecting to a security device, such as a Network Video Recorder (NVR), Digital Video | 2015-12-24 |
20150373001 | METHODS AND SYSTEMS FOR ONBOARDING NETWORK EQUIPMENT - Methods are systems are provided for onboarding network equipment to managed networks. An onboarding controller may be used in authenticating the to-be-onboarded network equipment. The onboarding controller may issue a challenge, which may comprise instructions for making configuration changes to the network equipment. The configuration changes may comprise adding, removing, and/or changing connections within and/or to the network equipment within a local network comprising the network equipment. The onboarding controller may determine whether or not the configuration changes have been made to the network equipment. The determination of configuration changes may be used in verifying the identity and/or location of the network equipment, and/or in determining determine to which managed network the network equipment should be onboarded. | 2015-12-24 |
20150373002 | Participation Thresholding for Extending Communication Security Functionality - Systems and methods can support change management thresholds within human machine interfaces. An operation or feature may be introduced into a multi-user information system where a benefit is conveyed to specific benefited instances of events. A user indication associated with the specific benefited instances may be initially disabled. A quantity of the specific benefited instances may be calculated or counted. The calculated quantity may be compared to a threshold quantity. The user indication associated with the specific benefited instances may be enabled in response to the comparison indicating that the threshold has been exceeded. The user indication may be presented via a user interface mechanism associated with the multi-user information system. According to certain examples, sender authentication may be added to an email system such that instances of authentication are not displayed until a certain number or percentage of messages is being authenticated. | 2015-12-24 |
20150373003 | SIMPLE IMAGE LOCK AND KEY - A system for and method of securely controlling access to files on a server are disclosed herein. The method may include receiving an upload of a file to the server, receiving an upload of a first image of an object, using computer vision algorithms to extract first information about the object from the first image, associating the first information with the file, and restricting access to the file. The method may further include receiving an upload of a second image of the object, using the computer vision algorithms to extract second information about the object from the second image, determining that the second information and the first information match within a threshold, and providing access to the file. | 2015-12-24 |
20150373004 | SYSTEM AND METHOD FOR SUPPORTING SECURITY IN A MULTITENANT APPLICATION SERVER ENVIRONMENT - In accordance with an embodiment, described herein is a system and method for providing security in a multitenant application server environment. In accordance with an embodiment, per-partition security configuration includes: per-partition security realm (including configuration for authentication, authorization, credential mapping, auditing, password validation, certificate validation, and user lockout); SSL configuration, including keys, certificates, and other configuration attributes; and access control for partition and global resources. An administrator can designate one or more partition users as partition administrators, via grant of roles. | 2015-12-24 |
20150373005 | BROWSER PLUG-IN FOR SECURE CREDENTIAL SUBMISSION - Described is a technology by which a plug-in (e.g., an ActiveX® control) instantiated by a web browser calls functions of a credential service to use a set of credential data (e.g., a card file) for logging into a website. If the credential service determines that a previously used card file for the website exists, a representation of that card file is displayed in the browser, and the data of that card file is used to obtain a token for logging in the user. If not found, an icon is presented instead, by which the user can select a user interface that allows selection of another card file that meets that meet the website's requirements. | 2015-12-24 |
20150373006 | Secure Non-Geospatially Derived Device Presence Information - This invention includes a system and method to enable a device to determine the presence information of another device over a secure communication network. First, the device and a presence server establish a secure connection. Next, while the initial secure connection with the presence server is established, the device generates a randomly created token and provides it to the presence server. The token is used as a shared-secret by the device and the presence server to secure future presence communications over a non-secure connection. Next, without the need to again enter a password or establish a secure connection with the presence server, the device uses the shared-secret to sign, encrypt and convey presence information to the presence server over an arbitrary connection. Finally, the presence server may share the first device's presence information with another device. | 2015-12-24 |
20150373007 | Continuous Authentication Confidence Module - Generally, this disclosure describes a continuous authentication confidence module. A system may include user device including processor circuitry configured to determine presence data; a confidence factor including at least one of a sensor configured to capture sensor input and a system monitoring module configured to monitor activity of the user device; memory configured to store a confidence score and an operating system; and a continuous authentication confidence module configured to determine the confidence score in response to an initial authentication of a specific user, update the confidence score based, at least in part, an expectation of user presence and/or selected presence data, and notify the operating system that the authentication is no longer valid if the updated confidence score is within a tolerance of a session close threshold; the initial authentication configured to open a session, the confidence score configured to indicate a current strength of authentication during the session. | 2015-12-24 |
20150373008 | METHODS, APPARATUSES & COMPUTER PROGRAM PRODUCTS FOR UTILIZING VISUAL AUTHENTICATION TOKENS AS CROSS-PLATFORM CREDENTIALS - An apparatus is provided for facilitating cross-platform authentication. The apparatus may include at least one memory and at least one processor configured to detect that a visual token includes data indicating one or more authentication credentials for accessing a communication device in response to scanning the visual token. The computer program code may further cause the apparatus to communicate the authentication credentials of the detected visual token to the communication device to request the communication device to determine whether the authentication credentials are valid for a user. The computer program code may further cause the apparatus to enable access to the communication device in response to receiving an indication from the communication device that the authentication credentials of the detected visual token are valid. Corresponding computer program products and methods are also provided. | 2015-12-24 |
20150373009 | Proxy Bypass Login for Applications on Mobile Devices - In one embodiment, an intermediate server receives a request with a secure ID to authorize a software application, transmits the secure ID to a system, receives an access token from the system indicating that the software application has been authorized, evaluates the access token for validity, and transmits a response to the mobile device indicating the software application is authorized. | 2015-12-24 |
20150373010 | Authentication to a Remote Server from a Computing Device Having Stored Credentials - Authentication to a remote-server from a computing device having stored credentials for the remote server is described. In one example, a method of authenticating a user to a remote server through a client application executing on a computing device includes: receiving, by the client application, a request to authenticate the user to the remote server using credentials stored on the computing device; prompting, by the client application, the user for gesture-based password; authenticating, by the client application, the gesture-based password; and sending, by the client application, the stored credentials to the remote server for authentication in response to successful authentication of the gesture-based password. | 2015-12-24 |
20150373011 | CREDENTIAL COLLECTION IN AN AUTHENTICATION SERVER EMPLOYING DIVERSE AUTHENTICATION SCHEMES - An aspect of the present invention facilitates flexible credential collection in an authentication server employing diverse authentication schemes. In an embodiment, an access manager in the authentication server determines that an authentication scheme is to be used for allowing access to a resource requested by a user. A custom module (implementing the authentication scheme) in the authentication server then sends to the access manager commands indicating corresponding sets of credentials to be collected. The access manager, in response to receiving each command, collects the corresponding credentials from the user and checks whether the collected credentials authenticates the user. The custom module sends each command after the checking of the previously collected credentials. Accordingly, a developer of the custom module is enabled to request for and to perform the authentication of the user based on different sets of credentials. | 2015-12-24 |
20150373012 | Integrated APIs and UIs for Consuming Services across Different Distributed Networks - User interface integration across multiple clouds is achieved by hosting UI extensions for different services in the same browser window. The UI extensions are initialized by a shell with any necessary security context for the corresponding cloud. The shell provides versioning so that the newest version of the UI is presented to users for all versions of a service. A connector in a local cloud provides translation between APIs across different clouds. | 2015-12-24 |
20150373013 | METHOD AND APPARATUS FOR VERIFYING AN APPLICATION TO AUTHORIZE CONTENT REPOSITORY ACCESS USING SSL CERTIFICATES - A computer implemented method and apparatus for verifying an application to authorize content repository access using SSL certificates. The method comprises receiving a request for accessing a content repository from an application wherein the request is to perform one or more transactions on the content repository; and establishing a user identifier and one or more rules for accessing the content repository wherein the one or more rules are established using an authenticated SSL certificate to verify the application. | 2015-12-24 |
20150373014 | METHOD FOR ASSEMBLING AUTHORIZATION CERTIFICATE CHAINS - A method for assembling authorization certificate chains among an authorizer, a client, and a third party allows the client to retain control over third party access. The client stores a first certificate from the authorizer providing access to a protected resource and delegates some or all of the privileges in the first certificate to the third party in a second certificate. The client stores a universal resource identifier (URI) associated with both the first certificate and the third party and provides the second certificate and the URI to the third party. The third party requests access to the protected resource by providing the second certificate and the URI, without knowledge or possession of the first certificate. When the authorizer accesses the URI, the client provides the first certificate to the authorizer, so that the client retains control over the third party's access. | 2015-12-24 |
20150373015 | AUTHENTICATION AND AUTHORIZATION USING DEVICE-BASED VALIDATION - A method includes authenticating a user of a client device and sending a response to the client device. The response includes browser code configured to retrieve respective first values for a plurality of device properties from the client device. The method also includes storing session information for the user in a memory. The session information includes the first values and criteria for triggering validation of the client device. The method further includes receiving a request, sent from a requesting device, to access a protected resource and determining whether the request is authenticated by determining that the request is associated with the session information and determining that the criteria has been met. Determining whether the request is authenticated also includes retrieving respective second values for the plurality of device properties from the requesting device, and determining whether the second values match the first values to authenticate the request. | 2015-12-24 |
20150373016 | SHARING CONTENT USING A DONGLE DEVICE - A content sharing device may receive, from a content providing device, information that identifies content to be shared with a dongle device via a content sharing service. The content sharing device may receive, from the content providing device, information that identifies a contact with which the content is to be shared. The content sharing device may determine, based on the information that identifies the contact, a dongle device identifier. The dongle device identifier may include a network address associated with the dongle device. The content sharing device may provide, to the dongle device and based on determining the dongle device identifier, information that identifies the content. The information that identifies the content may cause the content to be accessible by a content receiving device connected to the dongle device. | 2015-12-24 |
20150373017 | SHAPING I/O TRAFFIC BY MANAGING QUEUE DEPTH IN FRACTIONAL INCREMENTS - A method for managing input/output (I/O) traffic in an information handling system. The method may include receiving electronic I/O requests from a network-attached server, determining a queue depth limit, monitoring latency of processed electronic I/O requests, and processing received electronic I/O requests. The number of electronic I/O requests permitted to be processed over a period of time may be based on a mathematical combination of the queue depth limit and a latency of processed electronic I/O requests. The determined queue depth limit may be a fractional value. | 2015-12-24 |
20150373018 | Biometric identification device - A biometric identification device comprising a computer unit ( | 2015-12-24 |
20150373019 | ELECTROCARDIOGRAM (ECG) BIOMETRIC AUTHENTICATION - Electrocardiogram, better known as ECG or EKG, is a method used to measure and record the electrical potential generated by the heart on the skin. ECG data is unique to a user and can be used for authentication systems such as access or financial cards or for granting access to computing devices such as mobile devices. Electrode contact on a card or device are used to received ECG data which is processed to extract features of the ECG which are compared to a template for a user. | 2015-12-24 |
20150373020 | Secure Communications Methods for Use with Entrepreneurial Prediction Systems and Methods - Secure communications methods for use with entrepreneurial prediction systems and methods are provided herein. An example method can include a two factor authentication of both a communications channel used by the entrepreneur (either by device or message attributes) and an identification of an identity of the entrepreneur from biometric parameters. This allows for secure communication with an entrepreneur when the entrepreneur is communicating from a geographical location of low trust, such as where device or identity theft is common. | 2015-12-24 |
20150373021 | Methods and Systems for Exchanging Private Messages - A method and server are provided for sending a secure message from a first computing device to a second computing device. A first computing device sends an encrypted, secure message a message server. The message server processes the secure message to unencrypt and separate the secure message contents into two or more separately downloadable message parts. The server sends a complex link to the second computing device, or sends a complex link to the first computing device for sending to the second computing device. When the complex link is selected by a user of the second computing device the server transmits a first part of the message to the second computing device. After transmitting the first part, the server then separately transmits a second part of the message to the second computing device. | 2015-12-24 |
20150373022 | Selectively Restricting Communications from Third Party Applications/Devices to Electronic Devices - A method for providing access to a target electronic device through a first service running on a different electronic device may include receiving in the first service a command directed to the target electronic device from a command sender and receiving in the service device operation status parameters of the target electronic device. The device operation status parameters may include properties of the target electronic device such as a battery level, a battery charging rate, an age, a planned lifespan, a recent wireless usage, an internal temperature, or any of the above in relation to an intervening electronic device over which communication to the target electronic device travels, or any combination thereof. The method may also include using the device operation status parameters to determine, using the service, whether to provide or not to provide an update signal incorporating the command or information to the target electronic device. | 2015-12-24 |
20150373023 | Enabling User Entropy Encryption in Non-Compliant Mobile Applications - Methods and systems for preventing unsecured mobile applications from accessing encrypted resources are presented. In some embodiments, a mobile device may determine that a background process associated with a mobile application is requesting to access an encrypted resource. The mobile device may further determine whether the mobile application has been secured with authentication information. In response to determining that the mobile application has not been secured, the mobile device may suspend the background process until the mobile application has been secured and transmit a request to a mobile application management agent to secure the mobile application using authentication information. | 2015-12-24 |
20150373024 | METHODS, DEVICES AND SYSTEMS FOR MANAGING AUTHORITY - A method for a device to connect to a wireless network is provided. The method includes: acquiring authority use data of a user; processing the authority use data to obtain an authority result; and sending the authority result to a terminal device. | 2015-12-24 |
20150373025 | Communication Network Structure, Method of Interconnecting Autonomous Communication Networks and Computer Program Implementing Said Method - A communication network structure, in particular data communication network structure, includes a plurality of autonomous communication networks. Each autonomous communication network has at least one network node. The node is connected to a common gateway. The common gateway is designed to selectively connect at least two of the nodes in order to provide intercommunication ability between the related communication networks. A method of interconnecting autonomous communication networks includes: selecting networks or network nodes to be interconnected from a list of available networks or network nodes or selecting a preset configuration of inter-node connections; activating an interconnection between the selected networks or network nodes by creating an access-list using the IP-addresses defined for each node; and applying the access-list on a router element provided in said gateway, thus connecting the nodes/networks to each other. | 2015-12-24 |
20150373026 | PERMISSION MANAGEMENT METHOD, DEVICE AND SYSTEM FOR CLOUD PLATFORM SERVICE - A permission management method, a permission management device, and a permission management system for a cloud platform service are disclosed. The method includes: obtaining an operation/access request of a calling party, wherein the operation/access request includes operation information, target information and session information of the calling party, and the target information of the calling party includes an ongoing session information; determining that the session information includes an initial session information of the calling party and the initial session information is valid; and conducting an permission check for the operation/access request. Thus, the legitimacy of an operation/access request for a cloud platform service can be ensured, and the security of a cloud platform service can be guaranteed. | 2015-12-24 |
20150373027 | MANAGING ACCESS TO A NETWORK - An example method for managing access to a network includes presenting, in a user interface of a computer on the network, options to designate by device class, one or more classes of device to which network access will be allowed; and, with a dynamic host configuration protocol (DHCP) server on the network, allowing or denying access to the network based, at least in part, on whether a device requesting access belongs to the one or more classes designated. | 2015-12-24 |
20150373028 | Entitlement Predictions - Systems, methods, and devices for predicting entitlements to computing resources are described. An entitlement associated with a user of a computer system may be identified. The entitlement may indicate a computing resource of the computer system that is accessible to the user. A set of attributes associated with the user may be selected, and an entitlement probability value may be obtained. The entitlement probability value may be based on the set of attributes and indicate a probability that the user is authorized to have the entitlement. The entitlement probability value may be used to determine whether to include the entitlement in an access review. Depending on the entitlement probability value the entitlement may be included in the access review or excluded from the access review. | 2015-12-24 |
20150373029 | METHOD AND DEVICE FOR SECURE NETWORK ACCESS - In a hotspot Wi-Fi network, users can access the Internet from a variety of access points. The users' credentials are centrally authenticated within the network core to ensure they are allowed on the hotspot network. To improve security and provide selective access, a further authenticator function in the network manages access to private and/or restricted network resources. | 2015-12-24 |
20150373030 | Mobile Device Storage Volume Encryption with Geography Correlated Key Management and Mount Operations - A method, system and computer-usable medium are disclosed for protecting data stored on a mobile device, based upon its location. Data stored on a mobile device is encrypted with a network-stored secret key that is unknown to the user of the mobile device. The secret key is provided directly to the mobile device once the user is authenticated and it has been determined that the mobile device is located within a predetermined geographical area. The provided secret key is then used to decrypt the encrypted data stored on the mobile device such that it can then be accessed by the user. The user is then prevented from accessing the encrypted data when it is determined that the mobile device is no longer located within the predetermined geographical area. | 2015-12-24 |
20150373031 | DETERMINING EMAIL AUTHENTICITY - Monitoring across multiple-channels, used by multiple devices, to determine which email messages being sent to a user are solicited by the user. A broad spectrum of network and telephony access records are analyzed to determine whether an email message is likely being sent as a result of legitimate services access by the user. | 2015-12-24 |
20150373032 | VOICE AND VIDEO WATERMARK FOR EXFILTRATION PREVENTION - A legitimate voice or video communication application modifies data in a communication session to produce a watermark. The watermark is a piece of information that is part of a communication session that is not readily observable, but can be verified later on. The purpose of a watermark is to verify that the communication session is a legitimate communication session and does not pose a security breach. The video or audio communication session is monitored for a watermark. In response to determining that the communication session contains the watermark, the communication session is allowed continue. In response to determining that the communication session does not contain the watermark, the communication session is identified as a potential security breach. If the communication session is identified as a potential security breach, the communication session can be dropped and a user can be notified of the potential security breach. | 2015-12-24 |
20150373033 | SYSTEM AND METHOD FOR MALWARE AND NETWORK REPUTATION CORRELATION - A method is provided in one example embodiment and includes receiving a reputation value based on a hash of a file making a network connection and on a network address of a remote end of the network connection. The network connection may be blocked if the reputation value indicates the hash or the network address is associated with malicious activity. In more specific embodiments, the method may also include sending a query to a threat analysis host to request the reputation value. Additionally or alternatively the reputation value may be based on query patterns in particular embodiments. In yet more specific embodiments, the network connection may be an inbound connection and/or an outbound connection, and the reputation value may be based on a file reputation associated with the hash and a connection reputation associated with the network address of the remote end of the network connection. | 2015-12-24 |
20150373034 | INTELLIGENT WEB PAGE CONTENT BLOCKING - Systems and methods for efficient downloading and rendering of a web page on a network connected processing device are provided. A per-page manifest specifies a list of blocked resources specific to the web page is provided. When a page is requested by the network connected processing device, blocked resources defined in the manifest are not retrieved via the network and hence not rendered by the processing device. Manifests are defined on a per-page basis. In one embodiment, manifests are created or retrieved with each request | 2015-12-24 |
20150373035 | Methods and Systems for Thwarting Side Channel Attacks - A computing device may use machine learning techniques to determine the level, degree, and severity of its vulnerability to side channel attacks. The computing device may intelligently and selectively perform obfuscation operations (e.g., operations to raise the noise floor) to prevent side channel attacks based on the determined level, degree, or severity of its current vulnerability to such attacks. The computing device may also monitor the current level of natural obfuscation produced by the device, determining whether there is sufficient natural obfuscation to prevent a side channel attack during an ongoing critical activity, and perform the obfuscation operation during the ongoing critical activity and in response to determining that there is not sufficient natural obfuscation to adequately protect the computing device against side channel attacks. | 2015-12-24 |