52nd week of 2018 patent applcation highlights part 76 |
Patent application number | Title | Published |
20180375818 | DNS-BASED METHOD OF TRANSMITTING DATA - The DNS-based method of transmitting data provides a telecommunication method for transmitting user-selectable data through the Domain Name System (DNS). Selected data is encoded as an alphanumeric character string on a user device. A uniform resource locator (URL) having a domain part and a host part is generated, where the host part is constructed from the alphanumeric character string. The URL is transmitted from the user device to a local DNS server. The URL is forwarded from the local DNS server to an authoritative DNS server associated with a domain name of the domain part. A set of response bytes, which are responsive to the user-selectable data encoded as the alphanumeric character string of the host part, is generated at the domain and transmitted from the authoritative DNS server to the local DNS server. The set of response bytes are transmitted from the local DNS server to the user device. | 2018-12-27 |
20180375819 | DOMAIN NAME SYSTEM CNAME RECORD MANAGEMENT - A method and apparatus for managing CNAME records such that CNAME records at the root domain are supported while complying with the RFC specification (an IP address is returned for any Address query for the root record). The authoritative DNS infrastructure acts as a DNS resolver where if there is a CNAME at the root record, rather than returning that record directly, a recursive lookup is used to follow the CNAME chain until an A record is located. The address associated with the A record is then returned. This effectively “flattens” the CNAME chain. This complies with the requirements of the DNS specification and is invisible to any service that interacts with the DNS server. | 2018-12-27 |
20180375820 | Data Management Profile for a Fabric Network - Method and systems for controlling data remotely that includes connecting to a remote device within a fabric of smart devices. The remote device stores data locally. Controlling the data includes remotely controlling the data stored in the remote device from another device connected to the fabric by transmitting a message to the remote device. Moreover, the transmitted message includes a profile identifier that causes a data management entity of the remote device to perform an indicated data management action. Furthermore, the profile identifier identifies a data management profile, and the message includes a command tag that indicates the data management action to be performed. | 2018-12-27 |
20180375821 | METHOD FOR IDENTIFYING IP CAMERA AND ENHANCING TRANSMISSION QUALITY BY PACKET TRANSMISSION BASED ON ONVIF SPECIFICATIONS - A method for identifying an IP camera and enhancing transmission quality by packet transmission based on the ONVIF specifications is applied to a gateway device configured for data transmission to and from at least one IP camera and a network video recorder according to the ONVIF specifications. The gateway device sends a Probe packet to the IP camera after receiving therefrom a Hello packet, analyzes a ProbeMatch packet from the IP camera to identify the IP camera, relays a Resolve packet from the network video recorder to the IP camera in order to receive audiovisual data from the IP camera, and adds an exclusive group code (e.g., VLAN ID) and the highest transmission speed classification (e.g., Quality of Service) to the received audiovisual data to distinguish the audiovisual data from other network packets and give higher priority of transmission to the audiovisual data. | 2018-12-27 |
20180375822 | METHODS FOR MAPPING IP ADDRESSES AND DOMAINS TO ORGANIZATIONS USING USER ACTIVITY DATA - A computer-implemented method is provided for mapping IP addresses and domain names to organizations. The method includes receiving, by a mapping system from an data provider, a dataset related to a plurality of users of the data provider. The dataset includes (a) an IP address for a user device of each user of the plurality of users, and (b) a domain name for a user account of each user of the plurality of users; enriching, by an analytics engine of the mapping system, the received dataset with enrichment data from an enrichment source; receiving, by the analytics engine from a storage medium, historical data relevant to the enriched dataset; and mapping, by the analytics engine, (i) the IP address and/or (ii) the domain name of each user of a portion of the plurality of users to an organization based on the enriched dataset and the historical data. | 2018-12-27 |
20180375823 | SYSTEMS AND METHODS FOR RESOLVING DOUBLE ADDRESS FAULTS DURING THE COMMISSIONING OF A CONNECTED SYSTEM - Systems and methods for resolving double address faults during the commissioning of a connected system are provided. Some methods can include identifying a subset of a plurality of devices in a region with a double address fault, displaying a first list of the subset, receiving user input selecting one of the subset, identifying a current location of a user, generating a map of the region, wherein the map identifies a respective location of each of the subset and includes visual signs to guide the user from the current location of the user to the respective location of the one of the subset, displaying the map, generating a second list of valid addresses assignable to the one of the subset to address the double address fault, and displaying the second list. | 2018-12-27 |
20180375824 | METHOD AND SYSTEM OF RESILIENCY IN CLOUD-DELIVERED SD-WAN - In one aspect, a computerized method includes the step of providing process monitor in a Gateway. The method includes the step of, with the process monitor, launching a Gateway. Daemon (GWD). The GWD runs a GWD process that implements a Network Address Translation (NAT) process. The NAT process includes receiving a set of data packets from one or more Edge devices and forwarding the set of data packets to a public Internet. The method includes the step of receiving another set of data packets from the public Internet and forwarding the other set of data packets to the one or more Edge devices. The method includes the step of launching a Network Address Translation daemon (NATD). The method includes the step of detecting that the GWD process is interrupted; moving the NAT process to the NATD. | 2018-12-27 |
20180375825 | CONTAINER NETWORKING FOR CONNECTING NETWORK CONTROLLER APPLICATIONS TO A SWITCH FABRIC - A network controller deploys network management applications to containers hosted on compute nodes. For each container on each compute node, the controller determines the network connectivity required by the application; assigns to the container one or more Internet Protocol (IP) addresses that satisfy the network connectivity, and provides the one or more IP addresses to the container; upon detecting the container is lost, blocks the one or more IP addresses so that the they cannot be re-assigned to any other container; and upon detecting that the application has been re-deployed to a new container on a new compute node, unblock the blocked one or more IP addresses, and assign and send the one or more IP addresses to the new container to enable the new container to establish the network connectivity required by the application without network address translation. | 2018-12-27 |
20180375826 | ACTIVE NETWORK BACKUP DEVICE - An active network backup device includes at least a mainframe and a hardware. The mainframe and other network devices cannot log in, create settings and access data of the hardware. Hence, the hardware can practically prevent and block viruses, ransomware and attacks by hackers; moreover, the device has a physical security switch design for switching on and off a port to ensure personal operation of the administrator and prevent the hardware from being hacked by robot program. Most importantly, the hardware cannot execute destructive instructions and thereby viruses cannot be executed or run in the hardware, which also prevents accidental deletion due to setting errors, or any ransomware or malicious programs in the disguise of setting programs being downloaded and executed by careless users. | 2018-12-27 |
20180375827 | DATA PROCESSING METHOD, APPARATUS, SYSTEM, AND STORAGE MEDIUM - The present disclosure provides a data processing method, a data processing apparatus, a data processing system and a non-volatile storage medium. The method comprises: an acquisition step of acquiring data from at least one data provider and acquiring an algorithm from an algorithm provider via an access gateway; a calculation step of calculating the data according to the algorithm, so as to obtain a calculation result; and a review step of reviewing the calculation result by the at least one data provider via the access gateway, so as to determine whether the calculation result is allowed to be output to at least one result data owner. | 2018-12-27 |
20180375828 | SYSTEMS AND METHODS FOR PROVIDING COMMUNICATIONS BETWEEN ON-PREMISES SERVERS AND REMOTE DEVICES - A system having an off-premises proxy server residing in a cloud computing environment and backend servers residing in an enterprise computing environment are provided. Requests received by the off-premises proxy server for access to a first, non-publicly accessible backend server are routed to a tunnel server which stores the request and waits to be polled by a tunnel agent connected to the first backend server. When the tunnel server is polled, the request is forwarded through an HTTP tunnel to the tunnel agent, which forwards it to the backend server for processing. Responsive information is returned to the tunnel agent, which forwards it through the HTTP tunnel to the tunnel server and returned through the off-premises proxy server to the remote application. Requests for access to a first, publicly accessible backend server are routed by the off-premises proxy server directly to the backend server for processing and return of responsive information. | 2018-12-27 |
20180375829 | LOCKED DOWN NETWORK INTERFACE - A logic device and method are provided for intercepting a data flow from a network source to a network destination. A data store holds a set of compliance rules and corresponding actions. A packet inspector is configured to inspect the intercepted data flow and identify from the data store a compliance rule associated with the inspected data flow. A packet filter is configured to, when the data flow is identified as being associated with a compliance rule, carry out an action with respect to the data flow corresponding to the compliance rule. | 2018-12-27 |
20180375830 | SYSTEMS AND METHODS FOR DYNAMICALLY VARYING WEB APPLICATION FIREWALL SECURITY PROCESSES BASED ON CACHE HIT RESULTS - A computer-implemented method for dynamically varying web application firewall security processes based on cache hit results may include (i) identifying, at a computing device, a request directed to a web application resource protected by the computing device, (ii) determining, in response to identifying the request, whether a response to the request will be served from a cache stored on the computing device, (iii) determining, based at least in part on whether the response to the request will be served from the cache, a level of security processing to apply to the request, and (iv) applying the determined level of security processing to the request. Various other methods, systems, and computer-readable media are also disclosed. | 2018-12-27 |
20180375831 | FIREWALL CONFIGURATION MANAGER - A security configuration for a firewall is generated. Network traffic data, network reputation data, and endpoint protection data are received from a network environment. A reputation score for a network address is generated from the network traffic data and the network reputation data. An endpoint protection configuration is generated from a routine based on the network traffic data and the endpoint protection data. A set of security rules is provided from the endpoint configuration and the reputation score. | 2018-12-27 |
20180375832 | USING HEADERSPACE ANALYSIS TO IDENTIFY UNNEEDED DISTRIBUTED FIREWALL RULES - Some embodiments provide a method for identifying unnecessary firewall rules for a distributed firewall of a logical network. The method identifies a firewall policy for network traffic of the logical network. The firewall policy includes a set of firewall rules. The method generates a set of data for implementing the firewall policy on a set of managed forwarding elements that implement the logical network. The method analyzes potential network traffic based on the generated set of data to identify a subset of unnecessary data. The method identifies a subset of unnecessary firewall rules of the set of firewall rules that corresponds to the subset of unnecessary data. | 2018-12-27 |
20180375833 | TECHNIQUES FOR COMMUNICATION IN HYBRID CLOUD SYSTEM - Aspects of communication of a client device with a private or hybrid cloud are described. In some aspects, a private host computer is determined as being connected to a private network. The private network differs from a network to which the client device is connected. A virtual private network is established between the client device and the private host computer. The virtual private network being established using a virtual private network server that includes a connection to the private host computer through the private network. A request is transmitted to the private host computer through the virtual private network. The request includes an origin value, wherein instructions associated with the origin value are allowed to access resources of the private host computer. | 2018-12-27 |
20180375834 | SYSTEM AND METHOD FOR SECURING COMMUNICATIONS IN A DISTRIBUTED COMPUTING SYSTEM - A computing device for secure communications includes a communication interface, a transceiver, and a processor. The processor identifies an action to be completed by a third computing device operably connected to the computing device via the communication interface. The action is associated with data stored in the third computing device. In response to identifying the action, the processor transmits an identifier, obtained from the third computing device, to a second computing device using the transceiver; receives a second identifier from the second computing device using the transceiver; transmits the second identifier to the third computing device via the communication interface; and receives a confirmation of completion of the action from the third computing device via the communication interface. | 2018-12-27 |
20180375835 | METHOD AND SYSTEM FOR DATA PROCESSING - A method for data processing comprises: S | 2018-12-27 |
20180375836 | SEMANTICALLY AWARE NETWORK METHOD AND APPARATUS - A method and apparatus where network-layer devices use host-provided, detailed, per-packet, semantic information (DPPS information), which describes the content, meaning, importance, and/or other attributes of particular application data and is associated with each packet, to provide enhanced network services. In some embodiments of the above method, network-layer devices use DPPS information that includes QoS-related information to provide fine-grained, content-aware, and/or complex QoS assurances or similar services. In some embodiments, network-layer devices use DPPS information to provide network-based, application-protocol-independent, rate-adaptation services. In some embodiments, network-layer devices use DPPS information to provide highly efficient, application-protocol-independent, publish/subscribe dissemination services. | 2018-12-27 |
20180375837 | INTERFACES TO MANAGE DIRECT NETWORK PEERINGS - Methods and apparatus for interfaces to manage direct network peerings. A system may include a data center, endpoint routers and a connectivity coordinator. The coordinator implements a programmatic interface defining connectivity operations. The coordinator receives a request for dedicated connectivity to data center resources, formatted according to the interface. The coordinator selects a target endpoint router at which to establish a physical link to implement the dedicated connectivity, and transmits a response identifying the target endpoint router and including configuration instructions for setting up a physical link for the dedicated connectivity. | 2018-12-27 |
20180375838 | FILTERING AND UNICITY WITH DETERMINISTIC ENCRYPTION - Some database systems may implement encryption services to improve the security of data stored in databases. Certain functionality may or may not be supported depending on the implemented encryption scheme. For example, the encryption service may perform deterministic encryption, which may support filtering and unicity on the resulting ciphertexts. To handle case insensitive filtering, the encryption service may encrypt both a plaintext value and a normalized (e.g., lowercased) plaintext value. A database may perform the case insensitive filtering on the stored ciphertexts corresponding to the normalized plaintext values, but may retrieve the ciphertexts corresponding to the standard plaintext values. To handle a unicity requirement, the database may generate additional unique identifiers to distinguish between duplicate ciphertexts. For example, during a key rotation process, potential duplicates may pass the unicity check based on the unique identifiers, and the database may later fix these potential duplicates. | 2018-12-27 |
20180375839 | System and Method for Secure Remote Control of a Medical Device - A system and method for secure wireless control of a device including, but not limited to, replay attack protection, man-in-the-middle protection, data obfuscation, and challenge-response authentication. The system includes a control device, a controlled device interface, a controlled device, a control device interface, and a wireless link. The controlled device interface and the control device interface manage secure communications between the control device and the controlled device over the wireless link. The controlled device can include a medical device such as, for example, but not limited to, an insulin pump and a wheelchair. | 2018-12-27 |
20180375840 | SYSTEM AND METHOD FOR USING A DISTRIBUTED LEDGER GATEWAY - System and method for using a distributed ledger gateway are disclosed. In one embodiment, in an information processing apparatus comprising at least one computer processor, a method for interacting with a plurality of distributed ledgers may include: (1) receiving a client request comprising a payload to be written to one of a plurality of distributed ledgers and metadata extracted from the client request; (2) identifying a destination distributed ledger of the plurality of distributed ledgers; (3) logging a source of the request and the destination distributed ledger; (4) encrypting the payload; and (5) routing the encrypted payload to the destination distributed ledger. | 2018-12-27 |
20180375841 | SYSTEMS AND METHODS FOR ENTERPRISE COMMUNICATIONS - This disclosure relates to systems and methods for protecting enterprise communications and data associated therewith. According to embodiments, systems and methods are disclosed for protecting communications between at least two nodes to protect the identity of a node requesting information, provide content of communications being sent and/or obscuring a type of communications being sent. Varying degrees of protection options, including encryption, intermediate node termination and direct node communications, are provided. | 2018-12-27 |
20180375842 | METHODS AND SECURITY CONTROL APPARATUSES FOR TRANSMITTING AND RECEIVING CRYPTOGRAPHICALLY PROTECTED NETWORK PACKETS - A modular security control apparatus for the protected transfer of network packets is provided. In particular, an exchange of network data (e.g. network packets) between a first internal source network and a second internal network (e.g. second destination network) via a non-trustworthy internal and/or external network (first destination network) is made possible. | 2018-12-27 |
20180375843 | VEHICLE WIRELESS INTERNET SECURITY - Methods, systems, and computer program products for vehicle wireless internet security are provided. A connection request is received from a mobile device. A data request is transmitted to the mobile device. The data request includes a request for location-based data of the mobile device. A first data is received from the mobile device that corresponds to the data request. A vehicle data is generated that comprises location-based data of the vehicle. A match between the first data and the vehicle data is determined. A match is determined where the location based data of the mobile device is with a pre-determined threshold of the location-based data of the vehicle. | 2018-12-27 |
20180375844 | SECURE CALL ANSWERING - In currently available mobile devices (e.g., a user equipment (UE)), no authentication occurs at the mobile device to answer an incoming call at the mobile device. In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus for secure call answering are provided. The apparatus is a first UE. The apparatus receives an incoming call originated from a second UE. The apparatus determines whether the incoming call originated from the second UE is a secure incoming call. The apparatus also receives a secure authentication input upon determining that the incoming call is a secure incoming call. Further, the apparatus determines whether the secure authentication input matches with authentication information upon receiving the secure authentication input. Additionally, the apparatus answers the received secure incoming call originated from the second UE when the received secure authentication input matches the authentication information. | 2018-12-27 |
20180375845 | SYSTEMS AND METHODS FOR TWO-FACTOR LOCATION-BASED DEVICE VERIFICATION - A system for two-factor location-based device verification includes a processor and a non-transitory, tangible, computer-readable storage medium having instructions stored thereon that, in response to execution by the processor, cause the processor to perform operations including: (i) receiving, from a client device, a first location factor; (ii) receiving, from the client device, a second location factor; (iii) determining, based upon the first location factor and the second location factor, that the client device is within a predefined area; and (iv) creating, in response to the determining, a new wagering account in association with a user of the client device. | 2018-12-27 |
20180375846 | TRANSMISSION-ONLY MESH NODES - In an aspect of the disclosure, a method, a computer-readable medium, and an apparatus are provided. In certain implementations, the apparatus may determine a static security key associated with the Tx-only mesh node. In one aspect, the static security key may include a MIC. The apparatus may transmit the static security key to at least one mesh node using a first frequency channel. The apparatus may transmit at least one PDU to the at least one mesh node using a second frequency channel that is different than the first frequency channel. | 2018-12-27 |
20180375847 | STORED VALUE USER IDENTIFICATION SYSTEM USING BLOCKCHAIN OR MATH-BASED FUNCTION - Systems and methods for creating a numeric value for a present certainty of a user's identity, recording and ‘storing’ that numeric value on a distributed ledger system (including but not limited to blockchain), automatically modifying the numeric value using math-based assets (including but not limited to algorithms) and allowing multiple computer systems to debit the numeric value as part of an authentication or other process. | 2018-12-27 |
20180375848 | UN-PASSWORD: RISK AWARE END-TO-END MULTI-FACTOR AUTHENTICATION VIA DYNAMIC PAIRING - A method for determining a dynamic pairing code for use in exchanging information between a first and a second communications entity. At the at the first communications entity, determining a first authentication score associated with a first information exchange session between the first and second communications entities, determining a second authentication score associated with a second information exchange session between the first and second communications entities, (the second information exchange spaced apart in time from the first information exchange), combining the first and second authentication scores to create a cumulative risk analysis score, and responsive to the cumulative risk analysis score, generating a dynamic pairing code for use in governing exchange of information during subsequent communications between the first and second communications entities. | 2018-12-27 |
20180375849 | ACCESS MANAGEMENT - According to an example aspect of the present invention, there is provided an apparatus comprising a memory configured to store an encryption key and a list of access tokens and at least one processing core configured to select a first access token from the list of access tokens based, at least partly, on at least one of a current time and a sequence number, decide, based at least partly on the first access token, whether to grant a user device access to the apparatus, and cause the apparatus to receive a second list of access tokens from at least one of the user device and a second user device. | 2018-12-27 |
20180375850 | SECURE COMMUNICATION NETWORK - Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission. | 2018-12-27 |
20180375851 | AUTHENTICATION ON A COMPUTING DEVICE - Systems and/or methods provide a user of a first computing device with the ability to authenticate themselves on a remotely provided process or service using a second computing device on which the user is already authenticated. For example, the techniques of this disclosure provide a user with the ability to securely log into a remotely provided service or application (such as e-mail, cloud computing service, etc.) on a first computing device (e.g., a desktop computer, laptop, tablet, etc.) using a second computing device (e.g., mobile phone) on which the user is already logged into the service or application, without requiring manual entry of authentication information on the first computing device. | 2018-12-27 |
20180375852 | DEVICE WITH EMBEDDED CERTIFICATE AUTHORITY - A smart device, connected device, Internet of Things (IoT) device, etc. is configured with an embedded certificate authority. The embedded certificate authority generates a compound certificate that is signed at least by a manufacturer certificate securely stored on the device. The compound certificate includes a representation of a state of the device, which is based on one or more measurements of code executable on the device. The compound certificate may be used by an external device communicating with the smart device to determine whether the device is in a trusted state. Because the compound certificate is chained to a manufacturer certificate, the external device can communicate with the manufacturer (or an employed party) to determine whether the state of the device should be trusted. | 2018-12-27 |
20180375853 | METHOD FOR IMPROVING INFORMATION SECURITY FOR VEHICLE-TO-X COMMUNICATION, AND COMMUNICATION APPARATUS (AS AMENDED) - A method for improving information security for vehicle-to-X communication, wherein the vehicle-to-X communication is protectable by at least one certificate, wherein the certificate for protecting the vehicle-to-X communication has a validity period of defined length and is provided for storage in a memory of a vehicle, wherein the method is additionally distinguished in that the vehicle uses a communication link for wireless data interchange between the vehicle and a backend system, before expiry of the validity period of the certificate and a change to a validity period of defined length for an updated certificate, to ask the backend system to provide an up-to-date piece of time information for the vehicle. In addition, the invention relates to a corresponding communication apparatus for vehicle-to-X communication. | 2018-12-27 |
20180375854 | AUTHENTICATING TO A NETWORK VIA A DEVICE-SPECIFIC ONE TIME PASSWORD - Generally, this disclosure describes a method and system for authenticating to a network via a device-specific one-time password. A method in an embodiment may include generating a first one-time password (OTP) based at least in part on a plurality of client device attributes; and providing the first OTP to an authenticator associated with a private network during a first session, wherein the authenticator is configured to authenticate the client device to at least one of the private network and protected content included in the private network for a second session following the first session based on the provided first OTP. | 2018-12-27 |
20180375855 | METHOD FOR AUTHENTICATING A USER - The present invention relates to a method and a system for authentication of a user for granting access to a service, the method comprising: receiving, by a vehicle control unit comprised in a vehicle, an authentication token based on a request for authentication for access to the service, the vehicle being in communicative connection with a remote server. A token sequence is sent by flashing with a light-emitting device comprised in the vehicle, the token sequence is based on the authentication token. The token sequence is received by a light detecting device. The token is compared by the server with the authentication token. When the token sequence is determined to match the authentication token, access is granted to the service. The invention also relates to a vehicle implementing the method. | 2018-12-27 |
20180375856 | INFORMATION PROCESSING APPARATUS AND INFORMATION PROCESSING SYSTEM - An information processing apparatus includes a memory, a request unit, an authenticating unit, and a determination unit. The memory stores authentication information for performing user authentication. When authentication information of a user who is a target of the user authentication is not stored in the memory, the request unit requests the authentication information from a different information processing apparatus. The authenticating unit performs the user authentication by using the authentication information stored in the memory or obtained from the different apparatus in response to the request from the request unit. The determination unit determines whether the apparatus or the different apparatus is to store the authentication information. When the authentication information is not stored in the apparatus, if it is determined that the apparatus is to store the authentication information, the memory stores the authentication information obtained in response to the request from the request unit. | 2018-12-27 |
20180375857 | COMPUTER SECURITY BASED ON MOUSE DEVICE SPEED SETTING AUTHENTICATION - A method of performing operations by a processor of a computer terminal, includes determining an operation system (OS) speed scaling gain used by the OS to transform mouse movement data, which is received from a mouse device via a device interface circuit, into mouse speed data that controls positioning of a mouse pointer relative to pixel locations on a display device. A computer terminal identifier is generated based on the OS speed scaling gain. A computer identification message containing the computer terminal identifier is communicated through a network interface circuit. Related computer terminals and computer authentication nodes are disclosed. | 2018-12-27 |
20180375858 | SYSTEM, IMAGE PROCESSING APPARATUS, AND METHOD OF AUTHENTICATION - A system includes a communication device to perform wireless communication with a terminal carried by a user, a biometric authentication device to acquire biometric information of the user, an information processing apparatus, connected to the communication device and the biometric authentication device, including circuitry to activate the information processing apparatus and the biometric authentication device in response to a detection of the terminal by the communication device during a power saving mode, perform wireless authentication processing for the user based on authentication information received by the communication device from the terminal, perform the biometric authentication processing for the user using first biometric feature information of the user registered in advance, and second biometric feature information of the user acquired by the biometric authentication device, and allow the user to use an execution apparatus in response to authentication of the user by the wireless authentication processing and the biometric authentication processing. | 2018-12-27 |
20180375859 | METHOD AND APPARATUS FOR AUTHENTICATION OF USER USING BIOMETRIC - A method and an apparatus for authenticating user using biometric information. The apparatus authenticates the user by performing: generating a first feature vector from first biometric information of the user obtained by the biometric sensor and multiplying the first feature vector by a plurality of pseudo-random number (PRN) matrices, respectively; generating a query template based on an index of an element having a maximum value among elements of a result vector of the multiplication between the first feature vector and the plurality of PRN matrices; and performing authentication for the user by comparing the query template with a pre-stored reference template of a subscribed user. | 2018-12-27 |
20180375860 | ENTROPY-BASED AUTHENTICATION OF MOBILE FINANCIAL TRANSACTION - A method for leveraging a secure communication channel between a first agent and a second agent to authenticate an activity outside of the secure communication channel. The method includes receiving with the first agent a communication request through an insecure channel from the second agent. The method further includes receiving with the first agent an indicator of a relative identity relationship from the second agent. The method further includes sending with the first agent a request to authenticate the activity outside of the secure communication channel to the second agent. The method further includes authenticating the activity outside of the secure communication channel using the secure communication channel. | 2018-12-27 |
20180375861 | Network Device Removal For Access Control and Information Security - A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in the device log file using the device identifier. The threat management server determines the number of times the device has failed authentication exceeds a first threshold value within a first time period and determines the number of times the device has passed authentication is less than a second threshold value within a second time period. The threat management engine determines the device does not have a lease for the port on the switch and blocks the device from accessing the network via the port on the switch in response to identifying the device for removal. | 2018-12-27 |
20180375862 | Network Switch Port Access Control and Information Security - A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server determines the endpoint device is present in a blacklist based on the device identifier in response to receiving the device identifier. The threat management server determines the endpoint device is blocked from one or more second ports on the switch. The threat management server blocks the endpoint device from accessing the network via the first port on the switch in response to determining the endpoint device is blocked from the one or more other ports on the switch. | 2018-12-27 |
20180375863 | WEBSITE LOGIN METHOD AND APPARATUS - The present application provides example website login methods and apparatuses. One example method includes identifying a website jump trigger indication to jump from a first website to a second website. A first token is then obtained from a cookie store of the web browser, the first token associated with a website identifier of the second website and a device fingerprint indicating a running environment at a time when the password-free proxy login was previously set. In response to determining that a current running environment corresponds to the device fingerprint, a second token corresponding to the first token is obtained, wherein the second token comprises an access token indicating that the second website grants password-free login permissions. A password-free login request is sent to the second website including the second token. In response to the second website verifying the second token, the second website is logged into without a password. | 2018-12-27 |
20180375864 | ID ACQUISITION TERMINAL APPARATUS AND METHOD, INFORMATION PROCESSING APPARATUS AND METHOD, AND PROGRAM - The present technology relates to an ID acquisition terminal apparatus and method, an information processing apparatus and method, and a program by which the convenience can be improved. | 2018-12-27 |
20180375865 | Inter-Application Delegated Authentication - Disclosed is a system for delegating authentication of an untrusted application executing on a client device. For delegated authentication, an untrusted application relies on a trusted application executing in the same environment for authentication purposes. The delegated authentication process avoids requiring the user of the untrusted application to provide authentication credentials. The disclosed system for delegating authentication enables any trusted application executing in the same computing environment to authenticate the untrusted application. | 2018-12-27 |
20180375866 | SECURE COMMUNICATION NETWORK - Secure network communications are described. In one aspect, a secure network can include a passbuilder that provides policy information related to performance characteristics of the secure network. A sender can receive the policy information and transmit packets to a receiver if the policy information is complied with by the potential packet transmission. | 2018-12-27 |
20180375867 | Untrusted Network Device Identification and Removal For Access Control and Information Security - A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the endpoint device connecting to a port on the switch. The threat management server identifies the endpoint device for removal in response to receiving the device identifier. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period. The threat management server blocks the endpoint device from accessing the network via the port on the switch in response to identifying the endpoint device for removal. | 2018-12-27 |
20180375868 | Equipment Control System - The invention disclosed herein includes an equipment management system. The equipment management system can include an ignition control device for connecting to a vehicle, a network for transmitting data between the ignition control device and a computer device. The equipment management system can also include an administrator portal to access and manage the ignition control device, manage the equipment management system, and have the capability to grant access and control to branch offices and customers. | 2018-12-27 |
20180375869 | MULTI-BLOCKCHAIN NETWORK DATA PROCESSING - A data processing request is obtained containing blockchain data and an identifier used to identify a blockchain network to which the data processing request belongs. The identifier is extracted from the data processing request. Based on the identifier, corresponding processing logic associated with the data processing request is executed. The blockchain data is stored to a blockchain storage area corresponding to the identifier. | 2018-12-27 |
20180375870 | NETWORK SYSTEM FOR SECURE COMMUNICATION - In a network system ( | 2018-12-27 |
20180375871 | THIRD PARTY PROGRAM INTEGRITY AND INTEGRATION CONTROL IN WEB BASED APPLICATIONS - Disclosed herein are a resource control service, system, method and architecture. A client device's resource access is limited to an approved resource, or resources. A request for a resource is directed to a resource control service that determines whether or not to grant access to the requested resource. Where a determination is made to grant access to the resource, a response is transmitted to the client device, the response redirecting the client device to a second URI for the approved version of the requested resource. The response can be used by the client device request the resource from the location identified in the response. | 2018-12-27 |
20180375872 | EPHEMERAL APPLICATIONS - A method of executing an application in a direct launch mode includes receiving a user input to download an application from a remote server to a client computing device and to launch the application on the client computing device. Permissions requested by the application to utilize local resources of the client computing device during execution of the application by the client computing device are determined, and the determined permissions are compared to a list of predetermined permissions requiring modification of the execution of the application when the application is executed in a direct launch mode. The application is launched without additional input from the user, and the application is executed on the client computing device with at least one of the requested permissions not being granted in its entirety. | 2018-12-27 |
20180375873 | Network Device Isolation For Access Control and Information Security - A system that includes a switch, a network authentication server (NAS), and a threat management server. The NAS sends a device identifier for an endpoint device to the threat management server in response to the device connecting to a port on the switch. The threat management server determines the endpoint device is present in a device log file. The threat management server determines the number of times the endpoint device has failed authentication exceeds a first threshold value within a first time period and the number of times the endpoint device has passed authentication is less than a second threshold value within a second time period. The threat management server determines the endpoint device does not have a lease for the port on the switch and sends a reroute command to the switch to transform the destination of traffic associated with the endpoint device to a safe zone. | 2018-12-27 |
20180375874 | SYSTEM AND METHOD FOR MODIFYING PERMISSIONS ASSOCIATED WITH NETWORK-BASED RESOURCES VIA FINGERPRINT ENTRY ON COMMUNICATION DEVICES - A method and apparatus for adjusting permission settings associated with one or more network-based resources on a communication device. A graphical user interface is associated with a first user profile and is displayed on the communication device. A fingerprint entry is received on the communication device. The fingerprint entry is identified as associated with a second user profile that is authorized to change permission settings for the one or more network-based resources. The permission settings of the communication device are changed for the one or more network-based resources after identifying the fingerprint entry as associated with the second user profile. | 2018-12-27 |
20180375875 | ACCESS CONTROL FOR DATABASE - In an embodiment of the present invention, a command for performing a database operation with respect to a table of a database is received, whereby the table has a visible key column for identification information and one or more invisible token columns for token information. The user's role from the command is obtained. A record is identified in the table based on a combination of the identification information and the token information corresponding to the user's role. The database operation is performed on the identified record. | 2018-12-27 |
20180375876 | METHOD AND ARRANGEMENT FOR DECOUPLED TRANSMISSION OF DATA BETWEEN NETWORKS - Provided is a method for decoupled transmission of data between networks having different security requirements, in which, in a first network having high security requirements, first data from a first application are transmitted in a communication exclusively between components within the first network via multiple communication links, data being captured in the first network by at least one monitoring device per communication link in a decoupled manner and being transmitted to a second network having lower security requirements. Also, a corresponding arrangement is also provided. | 2018-12-27 |
20180375877 | USING MESSAGE CONTEXT TO EVALUATE SECURITY OF REQUESTED DATA - Information of an electronic message to be delivered to an intended recipient is received. For an original resource identifier included in the electronic message, a corresponding alternative resource identifier that can be at least in part used to obtain the original resource identifier and obtain context information associated with the electronic message is determined. The original resource identifier included in the electronic message is replaced with the alternative resource identifier to generate a modified electronic message. The modified electronic message with the alternative resource identifier is allowed to be delivered to the intended recipient instead of the electronic message with the original resource identifier. A request made using the alternative resource identifier in the modified message triggers a security action based at least in part on the context information associated with the electronic message. | 2018-12-27 |
20180375878 | SYSTEM, METHOD AND COMPUTER READABLE MEDIUM FOR PROCESSING UNSOLICITED ELECTRONIC MAIL - An internet service provider (ISP) is configured to analyze a subscriber's sent e-mail packets to determine a subscriber identity associated with the e-mail packets. A database is then queried to determine a current sending rate of e-mails by the subscriber. A sending rate above an allowed threshold causes the upstream transmission of the e-mail packets to be blocked by injecting connection destroying packets. A subscriber remains blocked from upstream transmission of e-mails until the sending rate as determined by the ISP drops below a second, more stringent threshold. This automatic process is also accompanied by automated messaging to the subscriber with information as to the measures taken and remedial options. | 2018-12-27 |
20180375879 | VEHICLE NETWORK OPERATING PROTOCOL AND METHOD - A communication network includes a plurality of nodes, wherein each of the nodes is operably connected to a bus. A transmitting node sends a data communication to a receiving node in accordance with a protocol. Each data communication contains information to be communicated within a data frame structure. The receiving node is configured to determine a compromised state of the transmitting node from data communication and to initiate a response method. The transmitting node disassociates from the bus in accordance with the detection trigger and coordinated response strategy. | 2018-12-27 |
20180375880 | MALICIOUS INDUSTRIAL INTERNET OF THINGS NODE ACTIVITY DETECTION FOR CONNECTED PLANTS - A method and apparatus for identifying malicious activity. At least one memory is configured to store historical communication data. At least one processor is configured to retrieve the historical communication data related to communications between a server and a plurality of clients in a system. The processor is further configured to cluster the historical communication data to group communications of the historical communication data. The processor is further configured to identify a plurality of patterns that indicate malicious activity based on the grouped communications. The processor is further configured to receive current communication data. The processor is further configured to determine whether the current communication data matches the one of the plurality of patterns. The processor is further configured to, responsive to a grouped element of the grouped communications matching the pattern, identifying a group of communications between the server and the plurality of clients as the malicious activity. | 2018-12-27 |
20180375881 | INFORMATION PROCESSING DEVICE, INFORMATION PROCESSING METHOD, AND NON-TRANSITORY COMPUTER READABLE RECORDING MEDIUM - An information processing device is connected to a network where a plurality of electronic control units perform communication. The information processing device includes a receiver that receives a frame containing data over the network, an acquisition unit that acquires sensor information obtained by sensing of a first sensor, and a determination unit that determines whether the data is illegal based on the sensor information. | 2018-12-27 |
20180375882 | MALICIOUS SOFTWARE IDENTIFICATION - A computer implemented method to identify malicious software in a computer system includes receiving an indication of a detection of malicious network traffic communicated via a computer network accessed by the computer system; identifying a software component involved in the malicious network traffic at the computer system; evaluating a measure of a correlation fractal dimension (CFD) for at least a portion of the software component; and storing the measure of CFD for subsequent comparison with a second measure of CFD for a corresponding portion of a second software component in the computer system to identify the second software component as a software component involved in malicious network communication. | 2018-12-27 |
20180375883 | AUTOMATICALLY DETECTING INSIDER THREATS USING USER COLLABORATION PATTERNS - Automatically detecting insider threats using user collaboration patterns. In one embodiment, a method may include identifying collaborative access of one or more network resources in a network between a target user using a target network device and other users using other network devices in the network during multiple prior time periods and during a current time period, generating prior collaboration graphs for the prior time periods, generating an average collaboration graph by combining the prior collaboration graphs, generating a current collaboration graph for the current time period, generating an anomaly score by comparing the current collaboration graph to the average collaboration graph, determining that the collaborative access of the one or more network resources during the current time period is anomalous by determining that the anomaly score exceeds a threshold, and, in response to the anomaly score exceeding the threshold, performing a security action on the target network device. | 2018-12-27 |
20180375884 | DETECTING USER BEHAVIOR ACTIVITIES OF INTEREST IN A NETWORK - A user behavior activity detection method is provided in which network traffic relating to user behavior activities in a network is monitored. Data is stored representing network traffic within a plurality of time periods, each of the time periods serving as a transaction. Subsets of the network traffic in the transactions are identified as traffic suspected of relating to certain user behavior activities. The subsets of the network traffic in the transactions are assigned into one or more groups. A determination is made of one or more detection rules for each of the one or more groups based on identifying, for each of the groups, a number of user behavior activities common to each of the subsets of the network traffic. The one or more detection rules are used to monitor future network traffic in the network to detect occurrence of the certain user behavior activities. | 2018-12-27 |
20180375885 | MALWARE DETECTION SYSTEM ATTACK PREVENTION - Systems and methods may be used to prevent attacks on a malware detection system. A method may include modeling a time series of directed graphs using incoming binary files during training of a machine learning system and detecting, during a time-window of the dine series, an anomaly based on a directed graph of the time series of directed graphs. The method may include providing an alert that the anomaly has corrupted the machine learning system. The method may include preventing or remedying corruption of the machine learning system. | 2018-12-27 |
20180375886 | TECHNIQUES FOR MONITORING PRIVILEGED USERS AND DETECTING ANOMALOUS ACTIVITIES IN A COMPUTING ENVIRONMENT - In various implementations, a security management and control system for monitoring and management of security for cloud services can include automated techniques for identifying the privileged users of a given cloud service. In various examples, the security management and control system can obtain activity logs from the cloud service, where the activity logs record actions performed by users of an organization in using the cloud service. In various examples, the security management and control system can identify actions in the activity logs that are privileged with respect to the cloud service. In these and other examples, the security management and control system can use the actions in the activity log to identify privileged users. Once the privileged users are identified, the security management and control system can monitor the privileged users with a higher degree of scrutiny. | 2018-12-27 |
20180375887 | SYSTEM, DEVICE, AND METHOD OF ADAPTIVE NETWORK PROTECTION FOR MANAGED INTERNET-OF-THINGS SERVICES - System, device, and method of adaptive network protection for managed Internet-of-Things (IoT) services. A network traffic monitoring unit monitors data traffic, operations-and-management traffic, and control messages, that relate to cellular communication between an IoT device and a core cellular network. An IoT grouping unit groups multiple IoT devices into a particular IoT group. A baseline behavior determination unit determines a Regular Baseline Cellular Communication Behavior (RBCCB) profile that characterizes the cellular communications that are outgoing from and incoming to each member of the particular IoT group. An outlier detector subsequently detects that a particular IoT device of that particular IoT group, exhibits cellular traffic characteristics that are abnormal relative to the RBCCB profile that was characterized for that particular IoT group. An enforcement actions generator is triggered to selectively perform one or more enforcement operations, notification operations, and quarantine operations. | 2018-12-27 |
20180375888 | Data Surveillance System with Contextual Information - Data surveillance techniques are presented for the detection of security issues, especially of the kind where privileged data may be stolen by steganographic, data manipulation or any form of exfiltration attempts. Such attempts may be made by rogue users or admins from the inside of a network, or from outside hackers who are able to intrude into the network and impersonate themselves as legitimate users. The system and methods use a triangulation process whereby analytical results pertaining to data protocol, user-behavior and packet content are combined to establish a baseline for the data. Subsequent incoming data is then scored and compared against the baseline to detect any security anomalies. A centroid representing the normal population of the data packets is identified. The design allows establishing the context of various events of interest in the organization, thus enabling dynamic management of security policies. | 2018-12-27 |
20180375889 | MITIGATING SECURITY RISKS UTILIZING CONTINUOUS DEVICE IMAGE RELOAD WITH DATA INTEGRITY - Provided are techniques for mitigating security risks utilizing continuous device image reload with data integrity. Continuous reload of a first image on a device in an Internet of Things (IoT) group of devices coupled to an IoT service is performed based on triggers. A trigger from the triggers is received that indicates one of that a period of time has expired, that notification of a known infection has been received, and that there has been failure of an internal onboard security check. A second image is obtained that is not infected from the IoT service. The device is reloaded with the second image to replace the first image with the second image. | 2018-12-27 |
20180375890 | SYSTEMS AND METHODS FOR CYBER SECURITY RISK ASSESSMENT - The present invention is directed to methods, systems, and non-transitory computer readable mediums which can evaluate cyber readiness of an organization. The methods can include: presenting a plurality of objective questions to a user; receiving answers to said plurality of objective questions from said user; determining based on said answers a risk rating for a threat origin of a cyber-attack; determining based on said answers a strength rating for an organizational safeguard against said threat origin; comparing said risk rating of said threat origin to said strength rating of said organizational safeguard; determining based on said comparison a cyber readiness of said organizational safeguard from said cyber-attack by said threat origin; and presenting the cyber readiness of said organizational safeguard. Systems and non-transitory computer readable mediums operating in a similar fashion as such systems are disclosed herein. | 2018-12-27 |
20180375891 | SYSTEMS AND METHODS FOR CONTEXT-BASED MITIGATION OF COMPUTER SECURITY RISKS - An apparatus includes a processor operatively coupled to a memory. The processor receives a first set of risk assessment rules including first user privilege criteria and first device criteria. The first device criteria includes a computing device patch level, a network type, and/or a password policy. The processor identifies a user-specific security risk based on the first set of risk assessment rules and applies a privilege mitigation measure based on the user-specific security risk without being in communication with a management server. The processor later receives a second, updated set of risk assessment rules at the computing device. Upon detecting another login of the user, the processor identifies an updated user-specific security risk based on the updated set of risk assessment rules, and applies a modified privilege mitigation measure based on the updated user-specific security risk, again without being in communication with the management server. | 2018-12-27 |
20180375892 | ENTERPRISE CYBER SECURITY RISK MANAGEMENT AND RESOURCE PLANNING - A system includes a memory to store network-related security policies and procedures associated with an enterprise, a display and at least one device. The device is configured to monitor enterprise activity associated the enterprise's networked and determine, based on the enterprise activity, whether the enterprise is complying with the security policies and procedures. The device is also configured to calculate a risk exposure metric for an asset of the enterprise based on the enterprise activity and whether the enterprise is complying with the security policies and procedures, and output, to the display, a graphical user interface (GUI) identifying the risk exposure metric. The device may also be configured to receive, via the GUI, an input to initiate a change with respect to at least one of the enterprise's networked devices or initiate the generation of a plan to make a change to at least one of the networked devices. | 2018-12-27 |
20180375893 | System and Method for Assigning Threat Valuations to Network Events and Security Events - A method including receiving a record in a first timeframe; establishing a plurality of threat vectors for the record; merging the plurality of threat vectors to the record; generating a risk valuation for the record based on the plurality of threat vectors; merging the risk valuation to the record to form a risk event; and storing the risk event in a computer-readable data store. | 2018-12-27 |
20180375894 | SYSTEMS AND METHODS FOR MAPPING INTERNET PROTOCOL ADDRESSES FOR AN ORGANIZATION - The disclosed computer-implemented method for mapping Internet Protocol addresses for an organization may include (1) receiving information for an organization from an organizational server, (2) extracting data from a plurality of server data sources associated with the information, (3) mapping the data from the plurality of sever data sources to the information, and (4) determining, based at least in part on the mapped data, a list of IP addresses identifying one or more relationships associated with the organization thereby facilitating performing a security posture analysis against a malicious attack. Various other methods, systems, and computer-readable media are also disclosed. | 2018-12-27 |
20180375895 | SINKHOLING BAD NETWORK DOMAINS BY REGISTERING THE BAD NETWORK DOMAINS ON THE INTERNET - Techniques for sinkholing bad network domains by registering the bad network domains on the Internet are provided. In some embodiments, sinkholing bad network domains by registering the bad network domains on the Internet includes determining a network domain is a bad network domain, in which the bad network domain is determined to be associated with an identified malware (e.g., malware that has been identified and has been determined to be associated with the bad domain), and the bad network domain is sinkholed by registering the bad network domain with a sinkholed IP address; and identifying a host that is infected with the identified malware based on an attempt by the host to connect to the sinkholed IP address. | 2018-12-27 |
20180375896 | SYSTEMS AND METHODS FOR DETECTION OF INFECTED WEBSITES - System and method for detecting an infected website are disclosed. A semantic finder receives top-level domains and identifies keywords of the top-level domains representing a predetermined semantics. The keywords are compared with irrelevant bad terms to find at least one irrelevant term. An inconsistency searcher searches the top-level domains and detects at least one fully-qualified domain name carrying the at least one irrelevant term. A context analyzer evaluates context information associated with the irrelevant term, identifies at least one frequently-used term identified in the context information, and determines whether the at least one frequently-used term is unrelated to a generic content of the at least one fully-qualified domain name An irrelevant bad term collector extracts the at least one frequently-used term unrelated to the generic content and adds the extracted frequently-used term to an irrelevant bad term list for detecting the infected website. | 2018-12-27 |
20180375897 | AUTOMATED NETWORK DEVICE CLONER AND DECOY GENERATOR - Methods and systems are provided for emulating devices communicating over a network. In one example, the method includes scanning real network devices by sending a network traffic, recording the network responses from the real network devices, and deploying unikernel-based virtual machines based on the recorded network responses. The unikernel virtual machines may respond to an external network scan based on the fingerprint files and the service files generated from the recorded network responses. | 2018-12-27 |
20180375898 | SYSTEMS AND METHODS FOR SECURE NETWORK COMMUNICATION - A system for secure network communications is provided. The system includes an enforcement switch in communication with a third-party device and an external device and a plurality of core devices in communication with the third-party device and a plurality of access devices. The enforcement switch is configured to receive a secure frame from the external device. The secure frame includes one or more security features. The secure frame is destined for one or more of the plurality of access devices. The enforcement switch is also configured to generate a regular frame based on the secure frame by removing the one or more security features and transmit the regular frame to the third-party device for routing to the one or more of the plurality of access devices through at least one of the plurality of core devices. | 2018-12-27 |
20180375899 | AUTOMATED SECURITY POLICY INFORMATION POINT CONTENT GENERATION - This disclosure provides an apparatus and method for automated security policy information point content generation, including but not limited to in industrial control systems and other systems. A method includes receiving, by a security system, resource information that describes automation device type resources. The method includes receiving, by the security system, a Policy Information Point (PIP) device type template. The method includes creating at least one record, by the security system, in a PIP database according to the resource information and the PIP device type template. | 2018-12-27 |
20180375900 | SECURITY FOR CELLULAR INTERNET OF THINGS IN MOBILE NETWORKS - Techniques for providing security for Cellular Internet of Things (CIoT) in mobile networks (e.g., service provider networks for mobile subscribers) are disclosed. In some embodiments, a system/process/computer program product for enhanced security for CIoT in mobile networks in accordance with some embodiments includes monitoring network traffic on a service provider network at a security platform to identify a subscriber identity for a new session, in which the session is associated with a CIoT device; determining an application identifier for user traffic associated with the new session at the security platform; and determining a security policy to apply at the security platform to the new session based on the subscriber identity and the application identifier. | 2018-12-27 |
20180375901 | METHOD OF COMMUNICATION BETWEEN A CALLING TERMINAL AND A PLURALITY OF CALLED TERMINALS - A method is provided of communication between a first user of an IP (Internet protocol) network and a second user of the IP network, the second user having a plurality of client devices connected to the IP network. A client device of the first user sends a request to the second user, and a proxy server of the second user sends the request to all the client devices of the second user. At least one of the client devices of the second user sends a response to the request from the first user, and each of the responses is intercepted by the proxy server. The proxy server sends each of the responses to the first user, without waiting for other possible responses, after having inserted at least the following information therein: an indication of the total number of client devices of the second user to whom the request was sent, and an indication of the number of responses sent thus far by one or more client devices of the second user. | 2018-12-27 |
20180375902 | INTERNET PROTOCOL (IP) MULTIMEDIA SUBSYSTEM (IMS) LEVEL AWARENESS OF HIGH LATENCY DEVICE - Systems, methods, apparatuses, and computer program products for providing IMS level awareness of high latency device are provided. One method, when a UE attaches to EPC, receiving, at a network node, an indication that the UE is a high latency device. The method may also include assigning, to the UE, an IP address selected from a special IP address range that is designated specifically for high latency devices. When the UE performs IMS registration, the method may include determining that the UE is a high latency UE based on the UE's IP address provided with the IMS registration request and assigned during the EPC attach procedure. | 2018-12-27 |
20180375903 | Telecommunications Network Call Control - Telecommunications network components configured to manage call control of a communication session of user equipment are described herein. An anchoring network device may proxy signaling traffic for the communication session. The anchoring network device may determine a routing identifier based at least in part on which access network, or which type of access network, is carrying the communication session, and may transmit state information of the communication session to a call-control server in association with the routing identifier. The call-control server may provide control information of the communication session to the anchoring network device in response to the state information. The anchoring network device may modify the communication session, e.g., by adding or dropping one or more parties, in response to the control information. The routing identifier may be determined based at least in part on capabilities of a communication session indicated in a session-initiation message. | 2018-12-27 |
20180375904 | VIRTUAL AREA BASED TELEPHONY COMMUNICATIONS - A persistent virtual area that supports establishment of respective presences of communicants operating respective network nodes connected to the virtual area even after all network nodes have disconnected from the virtual area is maintained. A presence in the virtual area is established for a user of a Public Switched Telephone Network (PSTN) terminal device. Transmission of data associated with the virtual area to the PSTN terminal device. | 2018-12-27 |
20180375905 | ESTABLISHING COMMUNICATION SESSIONS - A method and a system for establishing a communication session between a first communication device in a main communication network and a second communication device in a local communication network comprising a wireless network, the second communication device being located in the vicinity of a mobile device, the first communication device contacting an external phone number, wherein the external phone number is assigned to a unique identifier of the mobile device. The method comprises (i) the mobile device sending the unique identifier detectable on the wireless network; (ii) providing the unique identifier of the mobile device) and a local communication identifier to a service provider adapter; (iii) determining the location of the mobile device, associating the mobile device to the second communication device in dependence of its location. | 2018-12-27 |
20180375906 | SELECTIVE INTERNAL FORWARDING IN CONFERENCES WITH DISTRIBUTED MEDIA SERVERS - A computer-implemented method comprises establishing, by media servers, a video conference for client computing devices, each media server receiving audio data and video data from a local subset of the client computing devices, selecting, by each media server, a portion of the local subset for which to send audio data to other media servers, sending, by each media server, audio data associated with the portion to other media servers, after receiving audio data from other media servers, generating, by each media server, ordered global list data that identifies each client computing device for which the media server has received audio data, based on the global list data and by each media server to other media servers, sending video data for each client computing device of the local subset that satisfies a threshold value. | 2018-12-27 |
20180375907 | PARALLEL PEER TO PEER CONNECTION ESTABLISHMENT IN WEBRTC CONFERENCING - A computer-implemented method comprises using a media server, establishing a video conference between a first instance of a media application and a second instance of the media application over a relay connection, in response to determining that the video conference comprises only the first instance and the second instance of the media application, determining by the first instance of the media application candidate addresses for a peer to peer (P2P) connection with the second instance of the media application, the candidate addresses excluding the media server, sending the candidate addresses to the second instance of the media application, establishing the P2P connection using a particular candidate address, in response to establishing the P2P connection, setting the relay connection to an inactive state and sending media data for the video conference over the P2P connection. | 2018-12-27 |
20180375908 | ON DEMAND IN-BAND SIGNALING FOR CONFERENCES - A computer implemented method comprises transmitting initial signaling data for a video conference from a signaling server to a plurality of client computing devices, the initial signaling data omitting identifiers for media data, establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server, sending, by the media server, media data for a subset of the plurality of client computing devices to the plurality of client computing devices, sending, by the media server, identifiers of the media data to the plurality of client computing devices. | 2018-12-27 |
20180375909 | ESTABLISHING COMMUNICATION SESSIONS - A method and a system for establishing a communication session between a first communication device in a main communication network and a second communication device in a local communication network comprising a wireless network, the second communication device being located in the vicinity of a mobile device, the first communication device contacting an external phone number, wherein the external phone number is assigned to a unique identifier of the mobile device. The method comprises (i) the mobile device sending the unique identifier detectable on the wireless network; (ii) providing the unique identifier of the mobile device) and a local communication identifier to a service provider adapter; (iii) determining the location of the mobile device, associating the mobile device to the second communication device in dependence of its location. | 2018-12-27 |
20180375911 | Method for Operating Application Providing Group Call Service Using Mobile Voice Over Internet Protocol - Disclosed is a method for operating an application providing a group call service using mobile voice over internet protocol (mVoIP). According to one embodiment, a request signal for a group call is received, and regardless of participation in the corresponding the group call, meta information for the group chat room corresponding to the group call can be received from a server. The meta information can comprise at least the group call connection status for each member of the group chat room. | 2018-12-27 |
20180375912 | User Notifications for Interaction Information - A content management system creates and modifies user notification queues for shared content items synchronized between a content management system and multiple devices. A user notification queue includes interactions with a shared content item that may be presented to a user to indicate recent interactions with the shared content item by other sharing users. The content management system sends the user notification queue corresponding to a user to the user's device when the user accesses the content item. The client device displays a content item in a window associated with a process on the device. A client application displays an interaction indicator that presents user notification queue content to the user. | 2018-12-27 |
20180375913 | SYSTEM AND METHOD FOR MANAGEMENT OF CONTENT PRESENTATION WITHIN A USER INTERFACE - Methods, systems, computer-readable media, and apparatuses for management of content presentation within a user interface are presented. Certain embodiments are described that allow for the management of content presentation within a user interface. A channel management subsystem may manage the presentation of content to a user from one or more channels within the social network. The channel management subsystem may receive requests from one or more channels to present content to a user within a user interface (UI) of the social network. The channel management subsystem may grant or deny the received requests based on various rules or criteria. The channel management subsystem may help ensure that the user of the social network is not overwhelmed by the presentation of inorganic content or sponsored content within the UI of the social network. | 2018-12-27 |
20180375914 | Utilizing VoIP Coded Negotiation During a Controlled Environment Call - Controlled-environment communication systems are increasingly using voice over internet protocol (VoIP) to serve their users. VoIP allows voice to be sent in packetized form, where audio is encoded using one of several codecs. Because of bandwidth constraints, particularly during peak call times, codecs may be used which sacrifice audio quality for bandwidth efficiency. As a result, several features of communication systems, including critical security features. The present disclosure provides details for systems and methods by which a controlled-environment communication system may shift between codecs to perform security-related features or to alleviate bandwidth considerations. This involves the special formatting of control-signaling messages, including session initiation protocol (SIP) and session description protocol (SDP) messaging. | 2018-12-27 |
20180375915 | QUALITY-OF-EXPERIENCE FOR ADAPTIVE BITRATE STREAMING - The present disclosure generally discloses an adaptive bitrate streaming support capability configured to support adaptive bitrate streaming of content. The adaptive bitrate streaming support capability is configured to support adaptive bitrate streaming of content via a wireless access network including an application scheduler and a wireless access device. The application scheduler receives an adaptive bitrate streaming flow and sends the adaptive bitrate streaming flow toward the wireless access device based on scheduling of the adaptive bitrate streaming flow at the application scheduler. The wireless access device determines feedback information associated with the adaptive bitrate streaming flow and provides the feedback information associated with the adaptive bitrate streaming flow to the application scheduler. The application scheduler determines scheduling of the adaptive bitrate streaming flow, for transmission toward the wireless access device, based on the feedback information associated with the adaptive bitrate streaming flow. | 2018-12-27 |
20180375916 | REMOTE ACCESS TO AN APPLICATION PROGRAM - Systems and methods for providing remote access to an application program. A server remote access program may cooperate with display data interception application to provide display data to a client computing device. The client computing device may connect to the application at a Uniform Resourced Locator (URL) using a client remote access application to receive the display data. The client remote access application may provide user inputs, received at the client computing device, to the application to affect the state of the application. | 2018-12-27 |
20180375917 | SYSTEM FOR PROVIDING AUDIO QUESTIONNAIRES - An multistep guided system for mobile devices that facilitates the creation and dissemination of multistep guided activities from a source computer/device to a plurality of other recipient mobile devices, wherein the multistep guided activities is disseminated to the recipient mobile devices in a form that is compatible with the capabilities of the respective recipient mobile devices. The audio guided system comprises the source computer/device, the plurality of other recipient mobile devices and a server. | 2018-12-27 |
20180375918 | FILE TRANSFER IN A MULTI-NODE NETWORK - Methods, systems, programs, and apparatus for the easy, bi-directional transfer of any number of files or directories of files between computer systems, over a LAN, without the need for an Internet connection, preexistence or presence of special or specific software on more than one computer (the “host”) in the transaction, or prior knowledge of the platforms or operating systems of more than one (the “host”) of the computers constituting an endpoint in the abovementioned transfer. | 2018-12-27 |