| 52nd week of 2021 patent applcation highlights part 86 |
| Patent application number | Title | Published |
|---|
| 20210409375 | SECURING CONTROL AND USER PLANE SEPARATION IN MOBILE NETWORKS - Techniques for securing control and user plane separation in mobile networks (e.g., service provider networks for mobile subscribers, such as for 4G/5G networks) are disclosed. In some embodiments, a system/process/computer program product for securing control and user plane separation in mobile networks in accordance with some embodiments includes monitoring network traffic on a mobile network at a security platform to identify an Packet Forwarding Control Protocol (PFCP) message associated with a new session, in which the mobile network includes a 4G network or a 5G network; extracting a plurality of parameters from the PFCP message at the security platform; and enforcing a security policy at the security platform on the new session based on one or more of the plurality of parameters to secure control and user plane separation in the mobile network. | 2021-12-30 |
| 20210409376 | FIREWALL RULE STATISTIC MINI-MAPS - Described herein are systems, methods, and software to manage usage statistics associated with firewall rules in a computing network. In one implementation, a method of operating a firewall summary service includes identifying a sequence of firewall rules for a computing environment and monitoring usage associated with each of the firewall rules. The method further includes generating, for display, a summary to indicate the sequence of the firewall rules with the usage associated with each of the firewall rules. | 2021-12-30 |
| 20210409377 | METHOD AND APPARATUS FOR SECURE COMMUNICATION AND ROUTING - An apparatus is provided, comprising: a volatile memory; a non-volatile memory; a first electronic circuit that is configured to operate as a wireless access point, the first electronic circuit including a wireless controller for accessing a wireless network; and a second electronic circuit that is operatively coupled to the first electronic circuit, the second electronic circuit including at least one processor configured to execute: (i) a first virtual machine that includes a wireless network authentication server, and (ii) a second virtual machine that includes a virtual private network (VPN) server, wherein the wireless network authentication server is configured to authenticate devices that attempt to join the wireless network; wherein the VPN server is arranged to encrypt data that is received at the apparatus to produce encrypted data, and forward the encrypted data to the wireless controller for transmission over the wireless network. | 2021-12-30 |
| 20210409378 | Method and System of Securing VPN Communications - A method of and system for utilizing an access token to authenticate a client device for accessing a resource server include generating a session key for a communication session between the device and a resource server, deriving a nonce from the session key, and transmitting a request to an identity platform for authenticating the device to access the resource server, where the request includes the nonce. Upon confirmation of authentication, the method and system may include receiving an access token from the identity platform, the access token including information that confirms authentication of the device, and transmitting the access token to the resource server to enable access to the resource server, where the access token includes the nonce. | 2021-12-30 |
| 20210409379 | METHOD OF SHARING AND USING SENSOR DATA - Sharing sensor data of a first device with a second device includes obtaining a set of point data from at least one of a sensors located in the first device, generating a first property data of the first subset of point data based on the first subset of point data, generating a sharing data including at least a portion of the first subset of point data and the first property data, and transmitting the sharing data to the second device. If a class of a first object included in the class information a class in which personal information must be protected, a content of the sharing data includes a privacy protection data in which the first subset of point data is processed such that personal information of the first object does not identified by the second device. | 2021-12-30 |
| 20210409380 | COGNITIVE MULTI-ENCRYPTED MAIL PLATFORM - An apparatus configured to construct an email message addressed to a plurality of recipients. The apparatus is further configured to apply a cipher and a first encryption key to a first portion of the email message, which will be viewable by each of the recipients. The apparatus applies the cipher and a second encryption key to a second portion of the email message, which will be viewable by a first recipient from among the recipients. The apparatus further applies the cipher and a third encryption key to a third portion of the mail message, which will be viewable by a second recipient from among the recipients. The apparatus then transmits the email message to a server. | 2021-12-30 |
| 20210409381 | DATA TRANSMISSION WITH ENCRYPTION OF PROTECTED DATA - Aspects of the disclosure relate to data transmission with encryption of protected data. A computing platform may separate, via a computing device and in electronic data associated with a user, protected data from non-protected attribute data. Subsequently, the computing platform may generate, for the protected data, an encryption key. Then, the computing platform may modify the electronic data by replacing the protected data with the encryption key. Then, the computing platform may store, in a database, an association between the user, the protected data, and the encryption key. Subsequently, the computing platform may provide, via a network and to an external vendor, the modified electronic data comprising the encryption key and the non-protected attribute data. | 2021-12-30 |
| 20210409382 | SYSTEMS AND METHODS FOR WEB TRACKER CLASSIFICATION AND MITIGATION - Embodiments described herein are directed to intelligently classifying Web trackers in a privacy preserving manner and mitigating the effects of such Web trackers. As users browse the Web and encounter various Web sites, tracker-related metrics are determined. The metrics are obfuscated to protect the privacy of the user. The obfuscated metrics are provided as inputs to a machine learning model, which is configured to output a classification for the Web trackers associated with the Web sites visited by the user. Depending on the classification, the effects of the Web trackers are mitigated by placing restrictions on the Web trackers. The restrictions for a particular Web tracker may be relaxed based on a level of user engagement a user has with respect to the tracker's associated Web site. By doing so, the compatibility risks associated with tracking prevention are mitigated for Web sites that are relatively important to the user. | 2021-12-30 |
| 20210409383 | SYSTEM FOR TRANSMITTING AND RECEIVING DATA BASED ON VEHICLE NETWORK AND METHOD THEREFOR - A system for transmitting and receiving data based on a vehicle network and a method therefor are provided. The method includes generating, by a first hardware security module (HSM), a first session key using a first random number and a first fixed key and, encrypting, by a first electric control unit (ECU), a message using the first session. The method also includes generating, by a second HSM, a second session key using a second random number and a second fixed key, and decrypting, by a second ECU, the message using the second session key. | 2021-12-30 |
| 20210409384 | PORT LEVEL POLICY ISOLATION IN OVERLAY NETWORKS - Embodiments are directed to managing communication over one or more networks. An underlay network that couples a source gateway and a target gateway using underlay protocols may be provided such that the target gateway includes two or more port groups that may each be associated with a separate target node. An overlay network may be provided on the underlay network based on policy information such that the source gateway and the target gateway may each be assigned separate gateway identifiers (GIDs) that are associated with the overlay network. In response to the source gateway authorizing a source node to employ the overlay network to communicate one or more encrypted payloads to a target node, the one or more encrypted payloads may be provided to the target node based on the overlay network and the policy information. | 2021-12-30 |
| 20210409385 | METHOD AND APPARATUS FOR AUTHENTICATING A DEVICE OR USER - Methods and apparatus are disclosed for authenticating a device. A method may comprise: receiving from a server, a private key of a public-private key pair and a related certificate, wherein the certificate comprises a public key of the public-private key pair; authenticating the first device to the second device through a first Secure Shell session; transmitting to the second device, the certificate in response to a successful authentication of the first Secure Shell session; and authenticating the first device to the second device through a second Secure Shell session by using the public key. | 2021-12-30 |
| 20210409386 | IoT PCR FOR DISEASE AND VACCINATION DETECTION AND ITS SPREAD MONITORING USING SECURE BLOCKCHAIN DATA PROTOCOL - A system allows a data to be automatically uploaded via a Bluetooth interface to an Android or Apple-based smartphone and then wirelessly sent to a secure blockchain powered global network, instantly making the test results available anywhere in the world. The IoT system presented here could become an essential tool for healthcare centers to tackle infectious disease outbreaks identified either by DNA or ribonucleic acid. | 2021-12-30 |
| 20210409387 | SYSTEMS AND METHODS FOR INTER-SYSTEM ACCOUNT IDENTIFICATION - Described herein is a computer implemented method. A computer system receives a first request to generate a first inter-system account identifier that is associated with a first external system and a first internal account. In response, a first inter-system account identifier corresponding to the first external system and the first internal account is generated. The system also receives a second request to generate a second inter-system account identifier that is associated with a second external system and the first internal account. In response, a second inter-system account corresponding to the second external system and the first internal account is generated, the second inter-system account identifier being different to the first inter-system account identifier. | 2021-12-30 |
| 20210409388 | Method and Apparatus for Managing Reception of Secure Data Packets - A logic circuit for managing reception of secure data packets in an industrial controller snoops data being transferred by a Media Access Controller (MAC) between a network port and a shared memory location within the industrial controller. The logic circuit is configured to perform authentication and/or decryption on the data packet as the data packet is being transferred between the port and the shared memory location. The logic circuit performs authentication as the data is being transferred and completes authentication shortly after the MAC has completed transferring the data to the shared memory. The logic circuit coordinates operation with the MAC and signals a Software Packet Processing (SPP) module when authentication is complete. The logic circuit is further configured to decrypt the data packet, if necessary, and to similarly coordinate operation with the MAC and delay signaling the SPP module that data is ready until decryption is complete. | 2021-12-30 |
| 20210409389 | SYSTEMS AND METHODS FOR DETERMINING KNOWLEDGE-BASED AUTHENTICATION QUESTIONS - Systems and methods for authenticating a user may include transmitting a request for a first set of information after validation of authentication information; receiving a response comprising the first set of information; parsing the first set of information using one or more template-based algorithms by scanning one or more websites to determine publicly available information associated with a user; comparing compare one or more results of the parsing with a second set of information to yield compromised information associated with the user; eliminating one or more portions of the second set of information based on the comparison; presenting a third set of information to authenticate the user based on the elimination and by supplementing the first set of information with a fourth set of information; and presenting a fifth set of information to authenticate the user if the third set of information fails to reach a predetermined threshold number. | 2021-12-30 |
| 20210409390 | MULTIFACTOR AUTHENTICATION FROM MESSAGING SYSTEMS - A user is assigned an initial risk score during a session with a messaging platform. During the session, the user attempts an operation with an external service. One or more additional authentication factors are requested from the user to dynamically lower the initial risk score. The lowered risk score is processed with the external service to perform the operation on behalf of the user during the session. | 2021-12-30 |
| 20210409391 | METHOD AND APPARATUS FOR AN IDENTITY ASSURANCE SCORE WITH TIES TO AN ID-LESS AND PASSWORD-LESS AUTHENTICATION SYSTEM - A technique is provided by which a user goes to a site and instead of the authentication system of the site going to their own databases to match an ID and password given by the user, because doing so is not secure, the site companies makes a call to an identity assurance score server (with ties to the ID-less and password-less system) and send a parameter such as a number. Then, based on that parameter (e.g., number or score), the identity assurance score server (with ties to the ID-less and password-less system, such as described hereinabove) sends a corresponding login protocol or factors to be satisfied to authenticate the user. | 2021-12-30 |
| 20210409392 | METHOD FOR PROVIDING MESSAGE HIDDEN SERVICES IN CHATTING WINDOWS - A method for providing a message hidden service in a chatting window, including: A) confirming whether a received message is a message set as a hidden message from a transmitter when the message is received from a chatting server; (B) confirming whether the received message is set in a hidden setting mode from the receiver when the confirmed result is confirmed as the hidden message; (C) displaying the received hidden message on an independent position separately from a region of the display unit of the device by instructing the received message to be processed by a hidden message processing unit when the received message is the hidden message set by the transmitter and set in the hidden mode state set by the receiver, and (D) hiding the hidden message displayed on the display unit after a predetermined constant time. | 2021-12-30 |
| 20210409393 | ACCESS MANAGEMENT OF PUBLISHER NODES FOR SECURE ACCESS TO MAAS NETWORK - A system including a server and a first publisher node device is provided. The first publisher node device transmits a request including an authentication credential associated with the first publisher node device to the server and receives a response including authentication of the first publisher node device as a ticket processing client for a first transportation service. The first publisher node device captures, as the ticket processing client, an event associated with the first transportation service based on the received response and transmits, based on the captured event, a transaction request to a broker node device. The transaction request includes a transaction message and an authorization request to route the transaction message to a first subscriber node device of the MaaS network. The server receives the authorization request from the broker node device and authorizes the broker node device to route the transaction message based on the received authorization request. | 2021-12-30 |
| 20210409394 | CONTACT CONSOLIDATION ACROSS MULTIPLE SERVICES - Disclosed are various approaches for retrieving contacts from a plurality of federated services. In one example, an authentication notification is received from an identity manager. The authentication notification can include an identifier for a user account and a single sign-on token for the user account. A federated service to authenticate on behalf of the user account is identified. The single sign-on token is transmitted to the federated service for authentication. An authentication token and a refresh token is received from the federated service. The authentication token is determined to expire within a threshold time period. The refresh token is has not expired. The refresh token is transmitted to the federated service for a replacement authentication token. | 2021-12-30 |
| 20210409395 | PROXIMITY BASED SECURITY - In accordance with this disclosure, a system and method for remotely enabling proximity-based authentication is provided. A computing device initiates a secure server based on proximity-based communication when the computing device is in a vicinity of the secure server. The computer device then prompts proximity-based authentication to establish a secure connection with the secure server. As a result of the proximity-based authentication, the computing device is authenticated and locally stores a secure token sent from the secure server in response to the proximity-based authentication. Once the authenticated computing device communicates with the secure server, remote authentication is initiated to the secure server and the authenticated computing device is remotely connected to the secure server if the stored secure token is properly accepted by the secure server for authentication. | 2021-12-30 |
| 20210409396 | INFORMATION PROVISION SYSTEM, INFORMATION PROVISION METHOD, AND STORAGE MEDIUM - Provided are a system, a method, and the like which contribute to more reliably and smoothly providing information relating to an authentication result to a person who has been subjected to authentication. An information provision system according to an embodiment of the present invention comprises: an authentication unit which authenticates an authentication subject, who is to be subjected to authentication, using a captured image of the authentication subject; a determination unit which, in accordance with information about the authentication subject or the conditions of the authentication subject, determines the transmission destination to which information relating to the authentication result is to be transmitted in order to notify the authentication subject of the authentication result; and a transmission unit which transmits the information to the determined transmission destination. | 2021-12-30 |
| 20210409397 | SYSTEMS AND METHODS FOR MANAGING DIGITAL IDENTITIES ASSOCIATED WITH MOBILE DEVICES - Systems and methods are provided for enabling, providing, and managing digital identities in association with mobile devices. One example method includes determining, by a mobile device, that identity data of a user is changed, and prompting the user to identify a third party separate from the mobile device to authenticate the user. The method also includes requesting the third party to authenticate the user, and causing an authentication interface of the third party to be displayed at the mobile device where the authentication interface solicits login credentials for an account of the user at the third party. The method then includes granting, by the mobile device, access to one or more aspects of a mobile application installed at the mobile device, in response to an indication of a successful authentication of the user from the third party. | 2021-12-30 |
| 20210409398 | Using receipts for Multifactor Authentication - Multifactor authentication techniques described herein may allow a user to submit a recent proof of purchase as a part of a multifactor authentication process to access an account associated with a financial institution. As part of the login process, the user may submit a proof of purchase associated with a transaction. The financial institution may determine information associated with the transaction, such as a merchant associated with the proof of purchase, a time of the transaction, the last four numbers of the transaction card used, a dollar amount, or any combination thereof. If the information matches one or more records in the transaction history of the user's account, the financial institution may authenticate the user and provide access to the account. In this way, the financial institution may leverage transaction history known to the financial institution and the user to authenticate the user. | 2021-12-30 |
| 20210409399 | METHOD FOR CLOUD ASSISTED AUTHORIZATION OF IOT IDENTITY BOOTSTRAPPING - A method for authorization of internet of things (“IoT”) identity bootstrapping includes receiving from a device, at a network access server (“NAS”) of a user and in response to an attestation request sent to the device, a vendor network address of a vendor server of a vendor and a device identifier for the device. The method includes authenticating the vendor using the vendor network address and, in response to authenticating the vendor, sending the device identifier to the vendor server. The method includes communicating device attestation packets between the vendor server and the device. The device attestation packets validate the device to the vendor server. The method includes receiving device attestation from the vendor server. The device attestation indicating validity status of the device to the NAS. The method includes, in response to the device attestation indicating validity of the device, transmitting a new device identity to the device. | 2021-12-30 |
| 20210409400 | POLICY-BASED GENOMIC DATA SHARING FOR SOFTWARE-AS-A-SERVICE TENANTS - Policy-based genomic digital data sharing facilitates a variety of sharing scenarios, including public access, tenant-to-tenant sharing, workgroup sharing, and access by external service providers. Genomic digital data can be published to the platform and controlled by access tokens that are generated based on access policies. The policies can support conditions that are evaluated at execution time and effectively place control of access to information in hands of the owning tenant. Sharing conditions can be easily specified to support various use cases, relieving administrators from excessive access control configuration. | 2021-12-30 |
| 20210409401 | SYSTEM AND METHOD FOR SELECTING AN ELECTRONIC COMMUNICATION PATHWAY FROM A POOL OF POTENTIAL PATHWAYS - A system for selecting an electronic communication pathway from a pool of potential pathways. The system includes a network communication routing hub operating on at least a server wherein the network communication routing hub selects an electronic communication pathway from a plurality of electronic communication pathways. The at least a server is configured to include an authorization module wherein the authorization module is configured to authenticate each device of the plurality of remote devices. The system includes a pathway selection module operating on the at least a server wherein the pathway selection module is configured to select based on a pathway probability variable a pathway from the plurality of electronic communication pathways. | 2021-12-30 |
| 20210409402 | Shared Resource Identification - A method for sharing resource identification includes receiving, at a lookup service, from a first application executing on a particular device associated with a user, a resource identifier (ID) request requesting the lookup service to provide the first application access to a resource ID that identifies the particular device. The method also includes determining, by the lookup service, whether the first application executing on the particular device is authorized to access the resource ID. When the first application is authorized to access the resource ID, the method includes obtaining, by the lookup service, the resource ID and transmitting, by the lookup service, to the first application executing on the particular device, the resource ID. | 2021-12-30 |
| 20210409403 | SERVICE TO SERVICE SSH WITH AUTHENTICATION AND SSH SESSION REAUTHENTICATION - Methods, systems and computer program products are provided for service to service SSH with authentication and SSH session reauthentication. A client service initiates an SSH session by automatically providing authentication information to an authentication provider service, which returns access information. The client service uses an SSH client to automatically provide the access information to an SSH server, which receives and validates the access information. A service-to-service SSH session is created between the SSH client and SSH server. The client service and a server service may communicate securely via the service-to-service SSH session. Security may be maintained for any type of SSH connection (e.g., user to service, service to service) by periodically and automatically providing and validating reauthentication and refresh information. AN SSH connection/session is maintained if periodic access information is validated. AN SSH connection/session is terminated if periodic access information is not provided in a refresh interval or is invalid. | 2021-12-30 |
| 20210409404 | ATTESTATION FORWARDING - There is provided a data processing system and method. The system includes challenge circuitry for issuing a challenge to a service device and for receiving a response to the challenge. Forwarding circuitry forwards at least part of the response to a selected one of a plurality of attestation systems and receives a success indication from the selected one of the plurality of attestation systems regarding whether the service device has been attested by the selected one of the plurality of attestation systems. Request circuitry receives a request to provide an attestation of the service device, and to provide the attestation in dependence on the success indication. | 2021-12-30 |
| 20210409405 | COLLABORATIVE RISK AWARE AUTHENTICATION - An initiator device can broadcast a witness request to one or more authentication devices. The one or more authentication devices can then determine an assurance level from a range of assurance levels and determine a token share corresponding to the assurance level. The initiator device can then receive, from the one or more authentication devices, at least one witness response comprising the token share corresponding to the assurance level. The initiator device can generate an authentication token using a set of token shares. The initiator device can then transmit the authentication token to an authentication server, wherein the authentication server verifies the authentication token. | 2021-12-30 |
| 20210409406 | INTEGRATED HOSTED DIRECTORY - Methods, systems, and devices for enterprise-wide management of disparate devices, applications, and users are described. A cloud-based central server may maintain an integrated hosted directory, which may allow user authentication, authorization, and management of information technology (IT) resources and/or user account information across device types, operating systems, and software-as-a-service (SaaS) and on-premises applications. User account information for multiple and separate customers may be managed from a single, central directory, and servers may be brought online to allow access to the directory according to system loading. | 2021-12-30 |
| 20210409407 | ACCESS AUTHENTICATING - A method and an apparatus for authenticating an access are provided. When a first interface of a BRAS device does not find a user entry corresponding to a user terminal, the first interface sends an authentication request packet including terminal information of the user terminal to an AAA server. The AAA server notifies a second interface already accessed by the user terminal to delete a user entry corresponding to the user terminal when determining that the user terminal is an authenticated terminal and a roaming terminal, and sends an authentication success packet to the first interface when determining the deletion is completed, so that the first interface allows access of the user terminal and records the user entry corresponding to the user terminal in the first interface. | 2021-12-30 |
| 20210409408 | METHOD AND APPARATUS FOR MoCA NETWORK WITH PROTECTED SET-UP - Systems and methods for securing a network, for admitting new nodes into an existing network, and/or securely forming a new network. As a non-limiting example, an existing node may be triggered by a user, in response to which the existing node communicates with a network controller node. Thereafter, if a new node attempts to enter the network, and also for example has been triggered by a user, the network controller may determine, based at least in part on parameters within the new node and the network controller, whether the new node can enter the network. | 2021-12-30 |
| 20210409409 | TEMPORARY CLOUD PROVIDER CREDENTIALS VIA SECURE DISCOVERY FRAMEWORK - Cloud provider accounts can be integrated into a software-as-a-service platform. Configuration options can be provided to support various levels of granularity so that different cloud provider accounts can be provided to different tenants, workgroups, users, applications, and the like. From a user perspective, the fact that data is being stored at a cloud provider account can be transparent in that the same features and authentication process can be supported across different cloud provider types. In practice, limited temporary derived credentials can be generated from underlying credentials to provide fine-grained control of access to cloud provider account resources while avoiding administrative overhead. | 2021-12-30 |
| 20210409410 | Controlling Access to Secure Information Resources Using Rotational Datasets and Dynamically Configurable Data Containers - Aspects of the disclosure relate to controlling access to secure information resources using rotational datasets and dynamically configurable data containers. A computing platform may receive, from a requesting system, a data access request. After authenticating the requesting system, the computing platform may load, using a first data container, first source data from a data track. The computing platform may send the first source data to a second data container. Then, the computing platform may load, using the second data container, second source data from the data track and may produce a first combined dataset. The computing platform may send the first combined dataset to a third data container. Subsequently, the computing platform may load, using the third data container, third source data from the data track and may produce a second combined dataset. Thereafter, the computing platform may send, to the requesting system, the second combined dataset. | 2021-12-30 |
| 20210409411 | DYNAMIC IP ADDRESS WHITELISTING - Systems and methods for dynamic IP address whitelisting are disclosed. These techniques allow for better management of IP addresses and improve computer system and network security. In one embodiment, a system may execute a first task, at a first frequency, that includes determining, based on registered account activities corresponding to registered accounts with a service provider, at least one IP address associated with at least one registered account with the service provider. The first task may further include adding the at least one IP address to a dynamic whitelist (e.g., allowlist) of IP addresses. The system may execute a second task, at a second frequency, that includes removing, from the dynamic whitelist, at least one existing IP address identified as inactive. Thus, in various embodiments, inactive IP addresses can be removed from a whitelist while active IP addresses are periodically re-verified. | 2021-12-30 |
| 20210409412 | SYSTEMS AND METHODS FOR DATA ACCESS NOTIFICATION ALERTS - There are provided systems and methods for a data access notification alert mechanism that monitors for any data access request at a user database of the service provider and sends an electronic notification message to the user when such data access request is detected. Specifically, the data access notification alert mechanism may be implemented with a server, which in turn provides an application programming interface (API) to be integrated with the service provider server, and the API may be called by the service provider database to send a message to the user when a database query to the user information is received at the database. | 2021-12-30 |
| 20210409413 | ACCESSING SHARED PARTITIONS ON A STORAGE DRIVE OF A REMOTE DEVICE - Systems and methods are disclosed that enable shared partitions to be created on devices owned and operated by trusted persons (e.g., family or friends). The disclosed devices and methods provide for partitioning of stored devices and designating one or more of the partitions for sharing with other devices. Access to the shared partitions is managed using coded images thereby requiring the devices to be physically close to one another. Consequently, people sharing the storage partitions are required to meet in person to grant access, increasing the chances that the persons know and trust one another. | 2021-12-30 |
| 20210409414 | DISTRIBUTED DIRECTORY CACHING TECHNIQUES FOR SECURE AND EFFICIENT RESOURCE ACCESS - The disclosed embodiments relate to systems and methods for secure and efficient resource access using distributed directory caching techniques. Techniques include obtaining, from a directory service, client directory data associated with a client; providing the client directory data to a computing device associated with the client for caching on the computing device; identifying a request from the client; receiving, from the computing device, the client directory data that was cached on the computing device; and evaluating the request based on the received client directory data. | 2021-12-30 |
| 20210409415 | CLOUD PLATFORM ACCESS SYSTEM - receive, at an application routing platform, an API call for an application platform comprising a signed tenant token. The processor is configured to determine that the signed tenant token is valid; determine an application platform token for the application platform; associate a root certificate with the application platform token; determine routing information to the application platform based at least in part on the API call; and provide the application platform the API call and the application platform token using the routing information to enable access to the application platform, wherein the application platform determines whether the application platform token is valid using the root certificate and executes the API call in response to a determination that the application platform token is valid. | 2021-12-30 |
| 20210409416 | EXPERIENCE FOR SHARING COMPUTER RESOURCES AND MODIFYING ACCESS CONTROL RULES USING MENTIONS - Various methods and systems for sharing computer resources and modifying access control rules for computer resources are described. An access control gesture may be defined using a command indicator comprising one or more identifying characters, symbols, or glyphs. For example, an access control gesture may be defined using an @-sign in combination with a modifier that indicates a particular security command to execute and/or a corresponding permission to add/modify/revoke. For example, an input string comprising a plus sign in combination with an @-sign (e.g., “+@”) may indicate a command to add a mentioned user to an access control list. An input string comprising a minus sign, hyphen, or dash in combination with an @-sign (e.g., “−@”) may indicate a command to remove a mentioned user from an access control list. As such, access control gestures can provide a simple and intuitive mechanism to grant temporary access to a designated resource. | 2021-12-30 |
| 20210409417 | Role-Based Access Control with Complete Sets of Granular Roles - According to one aspect of the concepts and technologies disclosed herein, a role-based access control (“RBAC”) system can mark all granular roles in a granular role group as non-tested to create a non-tested granular role set. The RBAC system can randomly select a granular role from the non-tested granular role set. The RBAC system can assign both the non-tested granular role set and a tested-keep granular role set to the granular role group. Each granular role in the tested-keep granular role set has been tested an approved for inclusion in the complete granular role set. The RBAC system can determine whether a user assigned to the granular role group has access to a protected function. In response to determining that the user does not have access to the protected function, the RBAC system can mark the granular role for inclusion in the tested-keep granular role set. | 2021-12-30 |
| 20210409418 | USING SMART GROUPS FOR COMPUTER-BASED SECURITY AWARENESS TRAINING SYSTEMS - This disclosure describes embodiments of an improvement to the static group solution because all the administrator needs to do is specify the criteria they care about. Unlike static groups, where the administrator needs to keep track of the status of individual users and move them between static groups as their status changes, smart groups allows for automatic identification of the relevant users at the moment that action needs to be taken. This feature automates user management for the purposes of enrollment in either phishing and training campaigns. Because the smart group membership is determined as the group is about to be used for something, the smart group membership is always accurate and never outdated. The query that determines the smart group membership gets run at the time when you are about to do a campaign or perform some other action that needs to know the membership of the smart group. | 2021-12-30 |
| 20210409419 | MODIFY ASSIGNED PRIVILEGE LEVELS AND LIMIT ACCESS TO RESOURCES - According to examples, an apparatus may include a memory on which is stored machine-readable instructions that may cause a processor to identify a privilege level assigned to a principal over a resource and determine whether the assigned privilege level is to be maintained or modified for the principal over the resource. Based on a determination that the assigned privilege level is to be maintained for the principal, the processor may determine whether access by the principal over the resource is to be limited and based on a determination that access to the resource is to be limited, apply a limited access by the principal over the resource. | 2021-12-30 |
| 20210409420 | METHOD OF PROVIDING GAME BASED ON SECURITY LEVEL OF TERMINAL, AND APPARATUS FOR PERFORMING THE SAME - Disclosed herein are a method of providing a game based on the security level of a terminal and an apparatus for performing the same. The method of providing a game based on the security level of a terminal includes: when a user accesses a game using a terminal, checking the security level of the terminal for the account of the user; and determining whether to allow the disposal of in-game goods according to the found security level, but providing the game so that the game can be played regardless of the found security level. | 2021-12-30 |
| 20210409421 | AUTOMATIC LEAST-PRIVILEGE ACCESS AND CONTROL FOR TARGET RESOURCES - The disclosed embodiments include systems and methods for performing operations using least-privilege access to and control of target network resources. Operations may include identifying a prompt associated with a least-privilege requesting identity to initiate an action on a target network resource; executing, in response to the prompt, a first set of executable code; initiating, based on the first set of executable code, execution of a second set of executable code on the target network resource, wherein the second set of executable code executes using a least-privilege credential or using least-privilege permissions, the least-privilege credential and the least-privilege permissions being determined according to a least-privilege security policy associated with a type of activity expected to be performed on the target network resource; and instructing the second set of executable code to perform the action remotely on the target network resource through a remote session. | 2021-12-30 |
| 20210409422 | CONDITIONALLY PROVIDING NETWORK ACCESS TO ALLOW A NETWORK SESSION TO REACH COMPLETION - A computer program product and a networking device, such as a router or firewall, including a processor for executing the computer program product to cause the processor to perform various operations. The operations may include providing network access to a computing device, establishing a default rule to change the network access at a first time-of-day, and establishing a conditional rule that the network access will remain unchanged in response an ongoing network session at the first time-of-day that will reach completion before the second time-of-day. The operations may further include obtaining session progress data for the ongoing session, continue providing the network access until completing the session in response to determining that the ongoing session can reach completion before the second time-of-day, and changing the network access before the session reaches completion in response to determining that the ongoing session will not reach completion before the second time-of-day. | 2021-12-30 |
| 20210409423 | VERIFICATION OF IN-SITU NETWORK TELEMETRY DATA IN A PACKET-SWITCHED NETWORK - Techniques to facilitate verification of in-situ network telemetry data of data packet of data traffic of packet-switched networks are described herein. A technique described herein includes a network node obtaining a data packet of data traffic of a packet-switched network. The data packet includes an in-situ network telemetry block. The network node obtains telemetry data and cryptographic key. The cryptographic key confidentially identifies the network node. The node encrypts at least a portion of the telemetry data based on the cryptographic key to produce signed telemetry data and updates telemetry-data entry of the in-situ network telemetry block. The telemetry data and signed telemetry data is inserted into the telemetry-data entry. The node forwards the data packet with the updated telemetry-data entry to another network node of the packet-switched network. | 2021-12-30 |
| 20210409424 | Method and apparatus for trusted branded email - A trusted branded email method and apparatus in one aspect detects branded electronic messages and performs validation before it is sent to a recipient. In another aspect, an electronic messages is branded by embedding branding assets and validation signatures. Algorithms that generate validation signatures are dynamically selected to further strengthen the security aspects. Branding assets are presented to a user using a distinct indicia that represents to the user that the branding assets are secure. | 2021-12-30 |
| 20210409425 | SYSTEMS AND METHODS FOR DETECTING MALWARE ATTACKS - A method, a computing device, and a non-transitory machine-readable medium for detecting malware attacks. In one example, an agent implemented in an operating system detects an overwrite in which an original data component is overwritten with a new data component. The agent computes a plurality of features associated with the overwrite, the plurality of features including an original entropy corresponding to the original data component, a new entropy corresponding to the new data component, an overwrite fraction, and a set of divergence features. The agent determines whether the new data component is encrypted using the plurality of features. | 2021-12-30 |
| 20210409426 | EXTRACTING PROCESS AWARE ANALYTICAL ATTACK GRAPHS THROUGH LOGICAL NETWORK ANALYSIS - Methods, systems, and computer-readable storage media for receiving a AAG from computer-readable memory, generating from logical network ontology data, asset inventory data, and asset communication data, a logical topology of the enterprise network as a computer-readable data structure, defining, at least partially by executing community detection over the logical topology, a sub-set of groups within the enterprise network, each group representing a process of a plurality of process, each process being at least partially executed by one or more assets within the enterprise network, processing the AAG based on the sub-set of groups and data from one or more contextual data sources to provide the process aware AAG, the process aware AAG defining a mapping between an infrastructure-layer of the enterprise network and a process-layer of the enterprise network, and executing one or more remedial actions in the enterprise network in response to analytics executed on the process aware AAG. | 2021-12-30 |
| 20210409427 | Reconstructing a Dataset After Detection of a Network Security Threat in a Network - The present disclosure concerns a computer-implemented method for reconstructing a dataset after detection of a network security threat in a network. The method comprises: determining a maximum flow for returning data associated with the network security threat to a source dataset via each of a plurality of paths through which the data has passed from the source dataset to the destination dataset; starting from the destination dataset, determining the data to be transferred to each dataset in the plurality of paths between the destination dataset and the one or more source datasets such that the data can be returned to the one or more source datasets, the data transferred in each path not exceeding the determined maximum flow for the path; adding the details of the determined amount of data to be transferred to a forensic report; and outputting the forensic report. | 2021-12-30 |
| 20210409428 | Forensically Analysing and Determining a Network Associated with a Network Security Threat - The present disclosure concerns a computer-implemented method for forensically analysing and determining a network associated with a network security threat. The method comprises: obtaining details of a flagged network event comprising data associated with a network security threat, the network event being between a first dataset and a destination dataset; tracing the data associated with the network security threat from the first dataset to a further dataset, the tracing involving obtaining details of at least one past network event between the first dataset and the further dataset; comparing details of the further dataset to predefined criteria to identify whether the further dataset is an intermediate dataset or a source dataset from which the data originated and adding the details of the further dataset to a forensic report; outputting the forensic report. | 2021-12-30 |
| 20210409429 | THREAT CONTROL METHOD AND SYSTEM - A system and a method for distributing components of a threat detection model for a threat control network, the threat control network comprising interconnected network nodes. The threat control network comprises security agent modules which collect data related to the respective network node of the security agent module, share information based on the collected data in the established internal network and use the collected data and information received from the internal network for generating and adapting threat detection models related to the respective network node. At least part of the nodes comprise at least the following components of the threat detection model: detection logic part comprising detection rules, detection logic parameter part comprising parameter values, core data primitive part comprising a set of key primitives. The method comprises distributing the said components of a threat detection model to a node independently from the other said components of the same node. | 2021-12-30 |
| 20210409430 | SYSTEMS AND METHODS RELATING TO NEURAL NETWORK-BASED API REQUEST PATTERN ANALYSIS FOR REAL-TIME INSIDER THREAT DETECTION - A method of neural network-based pattern analysis for real-time threat detection according to an embodiment includes receiving a real-time request for a system resource from a user of the system, determining a user identifier associated with the user of the system, retrieving a set of recent requests associated with the user identifier from a short-term buffer, analyzing, using machine learning, the real-time request based on the set of recent requests and a neural network model to determine whether the real-time request is suspicious, and flagging the real-time request as a suspicious request in response to a determination that the real-time request is suspicious. | 2021-12-30 |
| 20210409431 | CONTEXT FOR MALWARE FORENSICS AND DETECTION - A malware profile is received. The malware profile comprises a set of n-tuples of attributes that describe one or more activities associated with executing a copy of a known malicious application that is associated with the malware profile. A set of one or more log entries is analyzed for a set of entries that matches the malware profile. Based at least in part on identifying the set of entries matching the malware profile, a determination is made that a host was compromised. In response to determining that the host has been compromised, a remedial action is taken with respect to the host. | 2021-12-30 |
| 20210409432 | AUTOMATIC IDENTIFICATION OF APPLICATIONS THAT CIRCUMVENT PERMISSIONS AND/OR OBFUSCATE DATA FLOWS - A method for automatically identifying applications that circumvent permissions. The method includes logging network traffic transmitted by one or more computing devices while the one or more computing devices execute one or more applications, identifying, based on analyzing the logged network traffic and permissions granted to the one or more applications, those of the one or more applications that caused permission-protected data to be transmitted without having permission to access that data as circumventing permissions, and generating a report indicating the applications that were identified as circumventing permissions. | 2021-12-30 |
| 20210409433 | NETWORK ATTACK IDENTIFICATION, DEFENSE, AND PREVENTION - The disclosure provides an approach for detecting and preventing attacks in a network. Embodiments include receiving network traffic statistics of a system. Embodiments include determining a set of features of the system based on the network traffic statistics. Embodiments include inputting the set of features to a classification model that has been trained using historical features associated with labels indicating whether the historical features correspond to attacks. Embodiments include receiving, as output from the classification model, an indication of whether the system is a target of an attack. Embodiments include receiving additional statistics related to the system. Embodiments include analyzing, in response to the indication that the system is the target of the attack, the additional statistics to identify a source of the attack. Embodiments include performing an action to prevent the attack based on the source of the attack. | 2021-12-30 |
| 20210409434 | INFORMATION PROCESSING APPARATUS, ANOMALY ANALYSIS METHOD AND PROGRAM - A storage processing unit configured to store, in a storage unit, first data output by a device or any one of multiple devices in association with a first feature context related to the first data, and an analyzing unit configured to obtain a second feature context related to second data in a case where the second data is received from the device or any one of the multiple devices, and analyze an anomaly of the received second data based on the received second data and the obtained second feature context and based on the first data and the first feature context stored in the storage unit, are provided. | 2021-12-30 |
| 20210409435 | DETECTING SECURITY THREATS IN STORAGE SYSTEMS USING ARTIFICIAL INTELLIGENCE TECHNIQUES - Methods, apparatus, and processor-readable storage media for detecting security threats in storage systems using AI techniques are provided herein. An example computer-implemented method includes obtaining historical performance data and historical capacity data pertaining to one or more storage objects within a storage system; determining supervised datasets pertaining to security threat-related data and non-security threat-related data by processing at least a portion of the obtained data using a first set of AI techniques; configuring a second set of AI techniques based at least in part on the determined supervised datasets; detecting one or more security threats in connection with at least one storage object within the storage system by processing input data from the at least one storage object using the second set of AI techniques; and performing at least one automated action based at least in part on the one or more detected security threats. | 2021-12-30 |
| 20210409436 | VARIABLE DCF SECURITY SCORES AND DATA THREAT PORTFOLIO VIEWS - One example method includes detecting a threat in a data confidence fabric, assigning a data confidence score to data implicated by the threat, generating trust insertion metadata concerning the threat, creating a ledger entry based on the data confidence score and the trust insertion metadata, and using the ledger entry to determine an overall data confidence score for the data confidence fabric. A data threat portfolio view is generated based on the data confidence score and the trust insertion metadata, and the data threat portfolio view is presented to a user. | 2021-12-30 |
| 20210409437 | Automated Security Assessment Systems - The federal government requires organizations it partners with to comply with a higher level of security requirements and issues guideline detailing vulnerabilities within computer systems, assessments to be conducted, and security requirements. Previously, the security assessments required to be in compliance with the government's security requirements were mostly conducted manually, creating a labor and time intensive process. The present disclosure provides computerized systems and methods that intelligently and dynamically conduct automatic security assessments to determine security compliance for one or more applications. These systems and methods significantly improve the security assessment process and result in significant savings of time, labor, and money. The system receives the security requirements, identifies one or more applications to undergo a security assessment, generates a script comprising commands for conducting an automatic assessment of the one or more applications, conducts the security assessments on the one or more applications, determines whether the one or more application are in compliance with the security requirements and generates a report comprising the security assessment findings. | 2021-12-30 |
| 20210409438 | METHOD AND SYSTEM FOR AUTOMATED PROTECTION AGAINST VULNERABILITY AND NOTIFICATION TO SERVICE PROVIDER - A method and system are disclosed for automated utilization of vulnerability databases for consumer electronic (CE) devices. The method includes deploying one or more customer-premise equipment or customer-provided equipment (CPE) broadband devices, each of the one or more broadband devices having one or more software components; loading a database of software component on each of the one or more broadband devices, the database of software components having a functional use case associated with each software component; periodically performing an automated reading of one or more published vulnerability databases; and comparing a list of vulnerabilities from the one or more published vulnerability databases against the database of software components for each of the one or more broadband devices. | 2021-12-30 |
| 20210409439 | EXECUTING ENTERPRISE PROCESS ABSTRACTION USING PROCESS AWARE ANALYTICAL ATTACK GRAPHS - Methods, systems, and computer-readable storage media for receiving a process aware AAG from computer-readable memory, the process aware AAG having been generated from the AAG, processing the process aware AAG to consolidate asset nodes to group nodes at least partially by providing metadata describing an asset node to a set of properties of a group node and pruning the asset node and any child nodes of the asset node from the process aware AAG, providing the aggregation graph by identifying relationships between group nodes and, for each relationship, inserting an edge between group nodes, and aggregating one or more of a set of node properties and a set of edge properties for each group node or edge, respectively, storing the aggregation graph to computer-readable memory, and executing one or more remedial actions in the enterprise network in response to analytics executed on the aggregation graph. | 2021-12-30 |
| 20210409440 | CYBERSECURITY COMPLIANCE ENGINE FOR NETWORKED SYSTEMS - A method of cybersecurity performance analyzing for customer site(s) including assets in a networked system including different asset types, and a virtual security engine (VSE) server. The customer site is coupled to a Security Center (SC) including a SC server, and a cybersecurity hardening compliance engine (CHCE). The VSE server collects identification data and security configuration data from the asset types, and transfers the data to a SC database. Responsive to a user request to generate a cybersecurity hardening compliance report, the CHCE sends a query to the SC database to retrieve at least a portion of the data, uploads a cybersecurity benchmark including cybersecurity configuration rules (CCRs) for least a selected asset type, compares the data of the assets to the CCRs, and generates from results of the comparing a cybersecurity report including a quantitative measure of cybersecurity performance for the assets of the selected asset type. | 2021-12-30 |
| 20210409441 | Cloud access security broker determining risk score of cloud applications based on security attributes - Systems and methods include identifying a cloud application; performing one or more automated scripts to determine a first set of attributes of the cloud application; obtaining a second set of attributes of the cloud application based on a manual analysis; obtaining weighting factors for the first set of attributes and the second set of attributes; determining a risk score of the cloud application based on the first set of attributes and the second set of attributes and the associated weighting factors; and displaying the risk score of the cloud application. The steps can further include enforcing security policies for the cloud application based on the risk score, such as via one of a cloud-based system and a Cloud Access Security Broker (CASB) system. | 2021-12-30 |
| 20210409442 | MOVING TARGET DEFENSE SYSTEMS AND METHODS - Systems and methods are provided to implement a moving target defense for a server computer. The server computer can be provided both a permanent IP address and a temporary IP address. The temporary IP address can be used when communicating with client computers connected to the server computer. The temporary IP address can be dynamically changed at a predetermined interval that can be varied based on conditions at the server computer. An intrusion detection system can be used with the moving target defense systems and methods to identify attacks on the server computer based on the temporary IP address(es) provided by the server computer. When an attack is identified, the corresponding client computer is determined based on the temporary IP address and the client computer is placed on a blacklist that is not provided with new temporary IP addresses when the server computer changes temporary IP address. | 2021-12-30 |
| 20210409443 | Method and Apparatus for Out of Path Border Gateway Protocol Validation - Methods and systems for service integrated domain name servers are described. A method for out of path border gateway protocol (BGP) validation includes receiving, at a network component, a prefix announcement. The network component denies acceptance of the prefix announcement. A BGP monitor at the network component sends the prefix announcement to an out of path validation controller. The out of path validation controller evaluates the prefix announcement against one or more validation tests, sends a validation notification based on the one or more validation tests, and programs the network component for a validated prefix announcement. | 2021-12-30 |
| 20210409444 | EDGE DEVICE ASSISTED MITIGATION OF PUBLISH-SUBSCRIBE DENIAL OF SERVICE (DoS) ATTACKS - Methods, apparatuses, and computer program products for edge device assisted mitigation of publish-subscribe denial of service (DoS) attacks are disclosed. An edge device hosts a virtualized copy of an Internet-of-Things (IoT) device subscribed to one or more publish-subscribe topics. When the edge device receives an indication to activate the virtualized copy of the IoT device, for example, during a DoS attack on the IoT device, the edge device activates the virtualized copy of the IoT device, which receives traffic from the publish-subscribe topic. The virtualized copy of the IoT device applies security policies to incoming traffic received from the subscription topics and transmits to the IoT device sanitized traffic obtained from the received incoming subscription content traffic. | 2021-12-30 |
| 20210409445 | MACHINE LEARNING-BASED SENSITIVE RESOURCE COLLECTION AGENT DETECTION - Obtaining one or more metrics associated with a network location. Determining, based on the one or more metrics and one or more prefatory check conditions, a prefatory status of the network location, the prefatory status indicating a benign status, malicious status, or a suspicious status. If the prefatory status of the network location indicates the benign status or the malicious status, providing a notification of the prefatory status in response to the prefatory status being determined. If the prefatory status of the network location indicates a suspicious status, obtaining a document object model of the network location. Obtaining a screenshot of an entire page of content at the network location. Generating a null hypothesis based on the document object model, the null hypothesis including a potential brand list, the potential brand list including one or more potential brands. Obtaining a set of reference images for each of the one or more potential brands of the potential brand list. Extracting one or more globally invariant visual features from the screenshot of the entire page of the content. Generating, based on a machine learning model using the one or more globally invariant visual features, an alternate hypothesis, the alternate hypothesis indicating a list of potentially malicious content brands. Determining, based on the null hypothesis and the alternate hypothesis and the machine learning model, a classification result. Performing one or more responsive actions in response to determining the classification result. | 2021-12-30 |
| 20210409446 | LEVERAGING NETWORK SECURITY SCANNING TO OBTAIN ENHANCED INFORMATION REGARDING AN ATTACK CHAIN INVOLVING A DECOY FILE - Systems and methods for identifying a source of an attack chain based on network security scanning events triggered by movement of a decoy file are provided. A decoy file is stored on a deception host deployed by a deception-based intrusion detection system (IDS) within a private network. The decoy file contains therein a traceable object that is detectable by network security scanning performed by multiple network security devices protecting the private network. Information regarding an attack chain associated with an access to the decoy file or a transmission of the decoy file through the one or more network security devices is received by the deception-based IDS from the one or more network security devices. The information is created responsive to detection of a security incident by the network security scanning. Finally, an Internet Protocol (IP) address of a computer system that originated the attack chain is determined. | 2021-12-30 |
| 20210409447 | MULTILAYER TUNNELING OF PROTOCOLS OVER QUIC - A client and a server negotiate a version of a protocol that supports multiplexed connections using a connectionless transport layer protocol, such as a QUIC protocol that is supported for a connection between the client and the server. The connection can support one or more streams. The client embeds a first extension in a cryptographic handshake. The first extension includes a structure that indicates a set of protocols supported by the client at a set of layers. The client and the server then concurrently negotiate a subset of the protocols and a subset of the layers that are supported by the client and the server. Data is tunneled from the subset of the protocols and the subset of the layers over the connection between the client and the server. The data is tunneled using stream frames that include the data, a first field having a value indicating a layer type, and a second field having a value indicating a protocol type. | 2021-12-30 |
| 20210409448 | HOST-BASED NETWORK SOCKET SECURITY CONTROLS AND TELEMETRY - An electronic device includes a network communications interface, a processor, and a memory configured to store instructions that, when executed by the processor, cause the processor to instantiate a set of processes; receive, over a network and via the network communications interface, a policy for network socket creation; receive, from the set of processes, a set of requests to create a first set of network sockets used to communicate over the network via the network communications interface; collect telemetry pertaining to a second set of network sockets used to communicate over the network via the network communications interface; allow or block creation of network sockets in the first set of network sockets, in accordance with the collected telemetry and the policy for network socket creation; and transmit at least part of the collected telemetry to a controller, over the network and via the network communications interface. | 2021-12-30 |
| 20210409449 | PRIVILEGE ASSURANCE OF ENTERPRISE COMPUTER NETWORK ENVIRONMENTS USING LOGON SESSION TRACKING AND LOGGING - A system and method for the prevention, mitigation, and detection of cyberattack attacks on computer networks using logon session tracking and logging. The system uses local session monitors to monitor logon sessions within a network, track session details, and generate an event log for any suspicious sessions or details. Cyber-physical graphs and histograms using persisted time-series data provides critical information, patterns, and alerts about configurations, attack vectors, and vulnerabilities which enable information technology and cybersecurity professionals greater leverage and control over their infrastructure. | 2021-12-30 |
| 20210409450 | ACCESS CONTROL LIST CLONING - A computer may receive editing instructions that specify one or more changes to filters in an existing access control list or a template for an access control list. Then, the computer may dynamically generate the clone access control list by applying the editing instructions to the existing access control list or the template for the access control list. For example, the computer may provide the editing instructions to a computer network device (such as a switch or a router) that are applied to the existing access control list or the template for the access control list while the computer network device is processing data packets. Alternatively, the computer may apply the editing instructions to the existing access control list or the template for the access control list that is not currently installed on the computer network device, and may provide the access control list to the computer network device. | 2021-12-30 |
| 20210409451 | Mobile device security, device management, and policy enforcement in a cloud-based system - Mobile device security, device management, and policy enforcement are described in a cloud-based system where the “cloud” is used to pervasively enforce security and policy and perform device management regardless of device type, platform, location, etc. A method includes receiving one of a mobile profile and an application for an enterprise and a cloud-based system; installing the one of the mobile profile and the application on the mobile device; connecting to a network using the one of the mobile profile and the application; and having traffic content inspected and policy enforced thereon to/from the mobile device and the network via the cloud-based system. | 2021-12-30 |
| 20210409452 | DYNAMICALLY UPDATING RULES FOR DETECTING COMPROMISED DEVICES - Examples for detecting a compromised device are described. A set of threat detection rules can instruct an application on the client device how to detect whether the client device is compromised. The rules can be updated dynamically and without updating the application that is performing the compromise detection. The rules can be encoded in an interpreted scripting language and executed by a runtime environment that is embedded within the application. | 2021-12-30 |
| 20210409453 | METHOD AND APPARATUS FOR DISTRIBUTING FIREWALL RULES - Some embodiments of the invention provide a novel method for specifying firewall rules. In some embodiments, the method provides the ability to specify for a particular firewall rule, a set of network nodes (also called a set of enforcement points below) at which the particular firewall should be enforced. To provide this ability, the method of some embodiments adds an extra tuple (referred to below as the AppliedTo tuple) to a firewall rule. This added AppliedTo tuple lists the set of enforcement points at which the firewall rule has to be applied (i.e., enforced). | 2021-12-30 |
| 20210409454 | DYNAMIC APPLICATION-LEVEL COMPLIANCE ENFORCEMENT - Examples herein describe systems and methods for application-specific compliance enforcement. An example method can include receiving, at a user device, profiles containing application-specific restrictions. When a first application is opened, a management agent compares the corresponding application-specific restrictions with current device settings. This can be done with a checksum comparison where the checksums are created based on a hash with an application- or profile-specific identifier. If they differ, the management agent stores the current device settings and prompts for, or automatically changes, the device settings to new compliant values before allowing the first application to operate in the foreground of the user device screen. If the first application is closed or minimized, the stored device settings can be restored. The management agent can compare those against application-specific restrictions of the second application before allowing the second application to run in the foreground. | 2021-12-30 |
| 20210409455 | DISTRIBUTED CONSISTENCY GROUP AT SPLITTER - One example method includes intercepting an IO that is directed to a volume, writing the IO to a grid-CG that is one of a plurality of grid-CGs that collectively form a distributed CG, adding the IO to a stream journal associated with the grid-CG, receiving a bookmark request, in response to the bookmark request, inserting a bookmark in the stream journal, incrementing a splitter counter and broadcasting a splitter counter value to the grid-CGs in the distributed CG, and inserting the bookmark in respective stream journals of the grid-CGs in the distributed CG. | 2021-12-30 |
| 20210409456 | SYSTEM AND METHOD FOR PROCESSING TELEPHONY SESSIONS - In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource. | 2021-12-30 |
| 20210409457 | SYSTEM AND METHOD FOR PROCESSING TELEPHONY SESSIONS - In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource. | 2021-12-30 |
| 20210409458 | SYSTEM AND METHOD FOR PROCESSING TELEPHONY SESSIONS - In one embodiment, the method of processing telephony sessions includes: communicating with an application server using an application layer protocol; processing telephony instructions with a call router; and creating call router resources accessible through a call router Application Programming Interface (API). In another embodiment, the system for processing telephony sessions includes: a call router, a URI for an application server, a telephony instruction executed by the call router, and a call router API resource. | 2021-12-30 |
| 20210409459 | INITIATING MULTIUSER SESSIONS - A system and method for initiating a multiuser session is provided. A plurality of multiuser activities and a plurality of activities templates may be stored in memory. A user profile for a user and a peer profile for each of one or more peers may be received. The user and the one or more peers may be members of an initial session. A user selection specifying one of the filtered multiuser activities may be received. An activity template associated with the selected activity may be retrieved. Such retrieved activity template may provide activity requirements required to launch the selected activity. A multiuser session may be established that includes session requirements based on at least the activity requirements. The user and at least one peer from the initial session may be added to the multiuser session. The selected activity may be launched in the multiuser session. | 2021-12-30 |
| 20210409460 | MULTIMEDIA DATA PROCESSING METHOD AND APPARATUS, STORAGE MEDIUM, AND ELECTRONIC DEVICE - A multimedia data processing method is provided. The multimedia data processing method includes: establishing, by a signaling processing module deployed on a remote node, a session between a terminal device and a media processing module, and controlling the session; and receiving, by the media processing module deployed on an edge computing node after the session is established with the terminal device, multimedia data transmitted by the terminal device, and processing the multimedia data. | 2021-12-30 |
| 20210409461 | WHITEBOARD AND VIDEO SYNCHRONIZATION METHOD, APPARATUS, COMPUTING DEVICE AND STORAGE MEDIUM - The present disclosure describes a whiteboard and video synchronization method, apparatus, computing device and storage medium. The method includes that: a first terminal device acquires a video stream sent by a server, where each frame of video data in the video stream is provided with a timestamp, and the video stream is sent to the server by a second terminal device after the second terminal device collects each frame of video data and adds a timestamp to each frame of video data; the first terminal device then plays the video stream, and based on the timestamp of a currently played frame of the video stream, acquires a whiteboard content, corresponding to the timestamp of the currently played frame of the video stream, from the cache for synchronous play. | 2021-12-30 |
| 20210409462 | CONFERENCING APPLICATION WITH INSTANT MESSAGING PERSONA - Not every person can or should join an electronic conference (herein, “conference”) where they may contribute content to the conference. While a first set of participants are communicating, a question may arise to be addressed to an additional participant not participating in the conference. Rather than executing the overhead of joining the conference, a separate communication channel is established, such as via an instant messaging application of the additional participant. The additional participant is presented with a message, such as a question, which may indicate the sender is the conference itself. The additional participant replies via their IM application which is delivered to each of the conference participants and optionally included in a recording of the conference. | 2021-12-30 |
| 20210409463 | COMPUTER-IMPLEMENTED METHOD OF SHARING A SCREEN, MEDIA SERVER, AND APPLICATION FOR CONTROLLING A REAL-TIME COMMUNICATION AND COLLABORATION SESSION - A computer-implemented method of sharing a screen amongst at least two users participating in a real-time communication and collaboration session via a communication network can be configured so that a screen displaying a first content can be shared by a user of a first client so as to be displayed at at least a second client used by a second user. Embodiments of the method can include receiving, at a control unit for controlling the communication and collaboration session, coordinates specifying the position of an intended item of the first content of the shared screen and receiving, at the control unit, a screenshot of the intended item and a predetermined surrounding area as a sample picture or as sample pixels. | 2021-12-30 |
| 20210409464 | Visit Via Taker Method and System - The present invention provides method and system for integration of virtualization within real life, in which an interaction between two persons enables a customer to remotely and proactively visit, experience, participate, explore, find, verify, preview, plan, share, and get assistance with various goals, by using a specialized software application. | 2021-12-30 |
| 20210409465 | VIDEO CONFERENCE TELEPRESENCE CONTROLLER - A video conference telepresence controller includes a first set of instructions commanding a server to create and maintain a queue structure for clients of a video conference telepresence session, a second set of instructions commanding the server to monitor audio/video feeds of the clients of the video conference telepresence sessions and identify the clients of those feeds, a third set of instructions commanding the server to detect precursor events to a session disturbance or flow interruption in one or more of the monitored feeds and flagging the feeds harboring the events for action, and a fourth set of instructions commanding the server to perform an interruption, redirect, or deletion of the one or more feeds and for providing notification thereof to one or more clients. | 2021-12-30 |
| 20210409466 | Audio Stem Access and Delivery Solution - A system and method for streaming delivery of audio Stems along with Metadata, and related music content. System includes user-interaction with a Playback Device to interact with streamed Stems. The system may also include on-demand streaming delivery of Stems. This platform can be used by any service or application wishing to stream Stems to end-users, for example, DSPs (i.e., streaming music platforms), radio stations, music/audio/audio-visual applications, software developers, et al (a Requesting Entity). Storage, encoding, and processing of Stems may be completed via server-side solution which enables on-demand delivery of Stems, in any combination, in response to instructions from the client-side Requesting Entity. | 2021-12-30 |
| 20210409467 | METHODS FOR DICTIONARY-BASED COMPRESSION AND DEVICES THEREOF - Methods, non-transitory machine readable media, and computing devices that provide improved dictionary-based compression are disclosed. With this technology, a first portion of an input data stream is compressed using a first dictionary. A second dictionary is trained when the first dictionary is determined to be stale. The dictionary can be determined to be stale based on a size of the input data stream compressed using the first dictionary or a compression ratio decreasing by a threshold, for example. The first dictionary can be stored with metadata associated with the compressed first portion of the input data stream. Accordingly, this technology improves compression ratios, eliminates the need for reference counting, and facilitates improved reclamation of orphan dictionaries, among other advantages. | 2021-12-30 |
| 20210409468 | METHOD FOR PROVIDING MULTICAST DNS SERVICES ACROSS IP SUBNET BOUNDARIES USING TCP PROXY OR SOURCE AND DESTINATION NETWORK ADDRESS TRANSLATION - A network address translation (NAT) gateway intercepts packets and determines whether they contain multicast domain name server (mDNS) query or response messages. Upon receiving an mDNS message, the NAT gateway performs address translation to assign a new source address and stores the original source address in a translation table. The NAT gateway then forwards the message to all adjacent networks in order to expand the reach of the packet. If the mDNS messages establish a new client-server connection, the NAT gateway brokers the connection by either acting as a proxy or continuing to perform network address translation. | 2021-12-30 |
| 20210409469 | VIDEO STREAMING SYSTEM USER INTERFACE WITH INDICATIONS OF PAST TIME SLOT CONTENT - Systems, devices and processes are provided to facilitate the streaming of video content in a video streaming system. Specifically, the various embodiments provide an improved user interface for a video streaming system. In general, this user interface displays indications of program content of past time slots along with current and future time slots in a way that give the user an intuitive understanding of the percentage of remaining time in the current program. Thus, a user can immediately ascertain the percentage of the current program that has already been streamed relative to the percentage of the current program remaining. This information allows a user to more quickly decide if they would like to start viewing a program that has already been streaming for some period of time. | 2021-12-30 |
| 20210409470 | METHOD FOR TRANSMITTING MULTIMEDIA RESOURCE AND TERMINAL - A method for transmitting a multimedia resource, including: determining target address information based on a media presentation description of a multimedia resource, where the media presentation description includes address information of the multimedia resource having different code rates, and the target address information is address information of the multimedia resource having a target code rate; and sending a frame acquiring request carrying the target address information to a server, where the frame acquiring request is configured to instruct the server to return media frames of the multimedia resource at the target code rate. | 2021-12-30 |
| 20210409471 | NEAR REAL-TIME COLLABORATION FOR MEDIA PRODUCTION - Near real-time collaborative media production by parties located remotely from each other is facilitated by the described methods. Automated dialog replacement with voice talent, editing system operator, and director located remotely from each other is supported by generating synchronized near real-time feeds for the operator and director. Pre-recorded media played back from the editing system is streamed without delay to the talent. A pre-recorded media feed is also delayed to synchronize it with the incoming talent stream, which was recorded in sync with the pre-recorded media stream when received by the talent. The synchronized feed is output to the operator and streamed to the director. Talkback channels and webcam video with appropriate synchronization delays support communication among the parties. Other methods support automatic punch-in and punch-out of remotely recorded dialog replacement, and automatic contextual switching and overlaying of inter-party communication video based on the state of the media editing application. | 2021-12-30 |
| 20210409472 | Streaming and Downloading of Content - Methods, apparatuses, systems, and software are described for providing content to a device comprising streaming content and sending content in a non-streaming manner (e.g., by downloading a file containing the content). In some aspects, switching between streaming and downloading may be performed in a dynamic manner during presentation of the content, and may be seamless to the user's viewing experience. | 2021-12-30 |
| 20210409473 | FRAME-ACCURATE VIDEO SEEKING VIA WEB BROWSERS - Various embodiments of the invention disclosed herein provide techniques for frame-accurate navigation of a media file. A multi-pass encoding application executing on a media content server encodes a set of file-based images associated with a media file using a first set of encoding parameters to generate a first encoded media file. The multi-pass encoding application encodes the first encoded media file using a second set of encoding parameters to generate a second encoded media file. The first encoded media file and second encoded media file are stored on the media content server and/or or other media content servers. Content delivery applications executing on these media content servers receive a request associated with the media file from a web browsing application, determine a type of the web browsing application, and transmit either the first encoded media file or the second encoded media file based on the type of web browsing application. | 2021-12-30 |
| 20210409474 | Packaging Content for Delivery - Systems and methods for delivering content to user equipment are described. The content may be delivered using Internet Protocol (IP) delivery, Quadrature Amplitude Modulation (QAM) delivery, or another delivery format. For example, the system may receive content including a plurality of segments. The system may use manifest data to identify each of the plurality of segments. The system may also use the manifest data to generate index data for the plurality of segments, and the index data may be delivered to user devices with the plurality of segments. In some aspects, the system may use location information (e.g., timestamps, such as program clock references) for one or more data packet of the one of the plurality of segments to generate location information for other data packets. | 2021-12-30 |
