Patent application number | Description | Published |
20080222134 | SYSTEM AND METHOD OF PROCESSING DATABASE QUERIES - Systems and methods of processing database search queries are provided. A method of processing database search queries includes receiving a database query from a query source. The method also includes determining location information associated with the query source based at least partially on an Internet Protocol (IP) address associated with the database query. The method further includes determining, based at least partially on the location information, whether the query source satisfies a required source attribute. The method also includes withholding information requested by the database query when the required source attribute is not satisfied. | 09-11-2008 |
20090046589 | Method and apparatus for compensating for performance degradation of an application session - Disclosed is a method and apparatus for compensating for a performance degradation of an application session in a plurality of application sessions associated with a network link. The performance of each application session in the plurality of application sessions associated with the network link is determined. The performance of each application session in the plurality is then compared. From this comparison, a lowest performance application session in the plurality of application sessions is identified. Corrective action is performed on packets scheduled to be transmitted over the lowest performance application session. | 02-19-2009 |
20090083418 | METHOD AND APPARATUS FOR PROVIDING REAL FRIENDS COUNT - A method and apparatus for tracking communications in a network are disclosed. For example, the method receives a subscription from a customer for a service to track at least one variable associated with a plurality of communicants of the customer. The method identifies a plurality of members of a social network of the customer, and gathers communication data associated with the plurality of members for tracking the at least one variable. The method then displays at least one result derived from the communication data to the customer. | 03-26-2009 |
20090094000 | System and method for profiling resource constraints of web servers - Disclosed is a method and system for determining one or more performance characteristics of a target server. A command is transmitted from a coordinator to a plurality of clients. The command instructs the plurality of clients to each transmit a request targeting a sub-system of said target server. A response time is then received from each client and a performance characteristic is determined from the received response times. | 04-09-2009 |
20090271209 | System and Method for Tailoring Privacy in Online Social Networks - In accordance with an exemplary embodiment of the present invention, a method is provided that includes maintaining a plurality of identification bits associated with a user and a minimum personal privacy level identifying if any of the plurality of identification bits are authorized for disclosure, and receiving a request for one or more identification bits of the plurality of identification bits. The method also includes determining whether the identification bits of the request exceed the minimum personal privacy level, and if the identification bits of the request exceed the minimum personal privacy level, identifying to the user the identification bits of the request that exceed the minimum personal privacy level. A computer-readable recording medium having stored thereon computer-executable instructions is provided, and an exemplary system is provided. | 10-29-2009 |
20090299994 | Automatic generation of embedded signatures for duplicate detection on a public network - In accordance with an aspect of the invention, a method and system are disclosed for constructing an embedded signature in order to facilitate post-facto detection of leakage of sensitive data. The leakage detection mechanism involves: 1) identifying at least one set of words in an electronic document containing sensitive data, the set of words having a low frequency of occurrence in a first collection of electronic documents; and, 2) transmitting a query to search a second collection of electronic documents for any electronic document that contains the set of words having a low frequency of occurrence. This leakage detection mechanism has at least the following advantages: a) it is tamper-resistant; b) it avoids the need to add a watermark to the sensitive data, c) it can be used to locate the sensitive data even if the leakage occurred before the embedded signature was ever identified; and, d) it can be used to detect an embedded signature regardless of whether the data is being presented statically or dynamically. | 12-03-2009 |
20090300751 | Unique packet identifiers for preventing leakage of sensitive information - In accordance with an aspect of the invention, leakage prevention is implemented by: a) associating—within a network—a unique identifier with a packet transmitted by a process which has previously accessed data containing sensitive information, and b) searching a packet before it exits a network for the unique identifier. This mechanism provides a strong guarantee against leakage of sensitive data out of a network by facilitating the monitoring of packets which potentially contain the sensitive information. The unique identifier may be located in the header of the packet, which is detectable without requiring a heavy investment of network resources. Additionally, a packet's movement within a network may be tracked by analyzing trapped system calls. Furthermore, an exiting packet may be analyzed by a network firewall, the firewall utilizing various policies to determine how to proceed when a packet containing a unique identifier is located. | 12-03-2009 |
20090300768 | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 12-03-2009 |
20100031365 | Method and apparatus for providing network access privacy - A method for providing network access privacy by classifying filter parameters of a group of users who are accessing one or more network destinations. The system includes a means for collecting information from both users, and about network destinations, generating suggestions for a user regarding filter parameters, and filtering network communications of users going to network destinations. In operation, users who are accessing network destinations are prompted to choose from a selection of filter parameters. The information provided by these users is then analyzed and used to generate suggested filter parameters for other users. As users provide more information to the system about various network destinations the system is able to provide more information to users about more network destinations and thus generate more accurate filter parameter suggestions. After a user selects their filter parameters the system filters a range of information coming from the user and going out to the network destination. | 02-04-2010 |
20100036947 | METHOD AND APPARATUS FOR REDUCING UNWANTED TRAFFIC BETWEEN PEER NETWORKS - A method and apparatus for enabling peer networks to reduce the exchange of unwanted traffic are disclosed. For example, the method receives at least one of: a source Internet Protocol (IP) address or a source IP address prefix that has been identified as a source of the unwanted traffic, by an originating peer network from a terminating peer network. The method then blocks the unwanted traffic destined to the terminating peer network by the originating peer network. | 02-11-2010 |
20100067378 | Method and Apparatus for Improving End to End Performance of a Data Network - A request is received at a resource server for a first resource, the request accompanied by a proxy filter. A second resource is identified based on the proxy filter and based on a relationship between the first resource and the second resource. The first resource and information regarding the second resource is provided to a network interface for communication to a proxy server. | 03-18-2010 |
20100082811 | Filtering unwanted data traffic via a per-customer blacklist - Traffic flow from a traffic source with a source IP address to a customer system with a destination IP address is filtered by comparing the source IP address to a customer blacklist. If the source IP address is on the customer blacklist, then traffic to the customer system is blocked; else, traffic to the customer system is allowed. The customer blacklist is generated from a network blacklist, comprising IP addresses of unwanted traffic sources, and a customer whitelist, comprising IP addresses of wanted traffic sources. The customer blacklist is generated by removing from the network blacklist any IP address also on the customer whitelist. The network blacklist is generated by acquiring raw blacklists from reputation systems. IP addresses on the raw blacklists are sorted by prefix groups, which are rank ordered by traffic frequency. Top prefix groups are selected for the network blacklist. | 04-01-2010 |
20100095375 | Method for locating fraudulent replicas of web sites - A method for detecting Web sites used for phishing, including preselecting one or more Web sites to be examined for duplication, selecting at least one or more elements that are present in the preselected Web site and that relate to characteristic identifying features of the preselected Web site, forming at least one search query using the one or more elements, and submitting the at least one search query to an indexed public search engine. The elements illustratively may be URL substrings, content identification substrings, or tree structure-related substrings. A report of Web sites using the selected one or more search terms is received from the public search engine in response to the query, and the preselected Web site is eliminated from the Web sites found in the search. The remaining Web sites retrieved in the search are further analyzed, by additional focused searching of the retrieved pages, by comparing header or tree structure information, or other techniques to compare them with the preselected Web site to identify unauthorized near-replicas of the known legitimate Web site for responsive action. | 04-15-2010 |
20100114839 | Identifying and remedying secondary privacy leakage - Secondary leakage of private information is identified and remedied. Internet activity of a first party can result in such secondary leakage of private information of a second party. Information about the second party that would not otherwise be known becomes public based simply on related information that has been placed on a public site of a third party by the first party. Such disclosure is detected and the victim may be notified about the location. The victim can then decide if such secondary leakage is acceptable. If not, the first party or the third party may be notified, the activity may be stopped and the offending information can be removed. | 05-06-2010 |
20100114989 | Automatic gleaning of semantic information in social networks - Disclosed are method and apparatus for identifying members of a social network who have a high likelihood of providing a useful response to a query. A query engine examines the personal pages of a set of members and automatically gleans semantic information relevant to the query. From the automatically-gleaned semantic information, a score indicative of the likelihood that the member may provide a useful response is calculated. | 05-06-2010 |
20100115622 | System and method for monitoring network traffic - Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic. | 05-06-2010 |
20100122335 | System and Method for Filtering Unwanted Internet Protocol Traffic Based on Blacklists - A system and method for filtering unwanted Internet Protocol traffic based on blacklists receives a first blacklist containing a first plurality of Internet protocol addresses associated with unwanted Internet traffic. The system also operates a first plurality of access control lists adapted to block the unwanted Internet traffic from one of the first Internet protocol addresses listed in the first blacklist. The system also assigns a first weight to each of the first Internet protocol addresses based on a reliability of Internet traffic from each of the first Internet protocol addresses. Additionally, the system reduces a first number of the first access control lists to optimally trade off a number of desirable Internet protocol addresses blocked with a number of bad Internet protocol addresses blocked based on the first weight of each of the first Internet protocol addresses. | 05-13-2010 |
20100125630 | Method and Device to Provide Trusted Recommendations of Websites - In embodiments of the disclosed technology, a plurality of ratings of, for example, websites is received, wherein each rating is associated with a category and a rater, and each rater is associated with at least one group. A selection of a category is received from the user, wherein the user is associated with at least one group. One website location, or a plurality of website locations, is provided in the category to the user, based on at least one rating of the plurality of ratings provided by at least one of the raters, wherein at least one group associated with the rater and at least one group associated with the user are the same group. | 05-20-2010 |
20100128633 | Reverse engineering peering at Internet Exchange Point - A technique for examining the relationships of autonomous systems (ASes) participating in an Internet Exchange Point (IXP) utilizes packet tracing servers proximate the IXPs. Where such packet tracing servers cannot be found in the participating ASes, the methodology identifies additional vantage points by looking at a list of ASes that are one hop away from the ASes at the IXP. The choice of one-hop away ASes is made judiciously by picking ones that have better connectivity, based on past-data. Plural-hop ASes may also be used where necessary. | 05-27-2010 |
20100153316 | SYSTEMS AND METHODS FOR RULE-BASED ANOMALY DETECTION ON IP NETWORK FLOW - A system to detect anomalies in internet protocol (IP) flows uses a set of machine-learning (ML) rules that can be applied in real time at the IP flow level. A communication network has a large number of routers that can be equipped with flow monitoring capability. A flow collector collects flow data from the routers throughout the communication network and provides them to a flow classifier. At the same time, a limited number of locations in the network monitor data packets and generate alerts based on packet data properties. The packet alerts and the flow data are provided to a machine learning system that detects correlations between the packet-based alerts and the flow data to thereby generate a series of flow-level alerts. These rules are provided to the flow time classifier. Over time, the new packet alerts and flow data are used to provide updated rules generated by the machine learning system. | 06-17-2010 |
20100199356 | METHOD AND APPARATUS FOR PROVIDING WEB PRIVACY - A method and an apparatus for providing privacy in a network are disclosed. For example, the method receives a request, e.g., an HTTP request, from a user for information, wherein the information includes at least a Uniform Resource Locator (URL) of at least an aggregator. The method identifies all personally identifiable information of the user. The method then masks the personally identifiable information from the browser in the endpoint device of the user, while responding to the request. | 08-05-2010 |
20100268719 | METHOD AND APPARATUS FOR PROVIDING ANONYMIZATION OF DATA - A method and apparatus for providing an anonymization of data are disclosed. For example, the method receives a communications graph that encodes a plurality of types of interactions between two or more entities. The method partitions the two or more entities into a plurality of classes, and applies a type of anonymization to the communications graph. | 10-21-2010 |
20100318438 | METHOD AND APPARATUS FOR PROVIDING AN ELECTRONIC COMMERCE WEBSITE - A method and an apparatus for providing an electronic commerce website over a network are disclosed. For example, the method receives a request for a product or a service from a customer via an electronic commerce website, and identifies internal information pertaining to the request, wherein the internal information is information known by a business enterprise of the electronic commerce website. The method also identifies external information pertaining to the request, wherein the external information is information obtained by the business enterprise from another entity, and sends the internal information and the external information pertaining to the request to the customer. | 12-16-2010 |
20110078306 | METHOD AND APPARATUS TO IDENTIFY OUTLIERS IN SOCIAL NETWORKS - A system that incorporates teachings of the present disclosure may include, for example, a computing device having an interface for receiving seed information, and a controller to identify one or more outliers from a reduced sampling of a total population of on-line social network (OSN) users according to the seed information and at least one of a social graph or a generalization of portions of the total population of OSN users. Additional embodiments are disclosed. | 03-31-2011 |
20110126259 | Gated Network Service - A method includes identifying at a gateway device of a network a plurality of devices connected to the network. The method includes monitoring network traffic at the gateway device and determining that a particular traffic flow associated with one of the plurality of devices violates a privacy constraint. The method also includes providing a risk assessment associated with the privacy constraint violation. The risk assessment is at least partially based on terms and conditions associated with a particular device of the plurality of devices. | 05-26-2011 |
20110126290 | Tailored Protection of Personally Identifiable Information - The disclosed technology provides a negotiation-based mechanism for a user to share personally identifiable information with a requesting website, for example, a third party website such as an aggregator website that might be gathering information about the user. The user, rather than being limited to a pre-set collection of privacy options, is free to agree to share more or less of their privacy with any website or subset of websites based on the user's trust of the requesting website. | 05-26-2011 |
20110134800 | Reverse Engineering Peering At Internet Exchange Points - A technique for examining the relationships of autonomous systems (ASes) participating in an Internet Exchange Point (IXP) utilizes packet tracing servers proximate the IXPs. Where such packet tracing servers cannot be found in the participating ASes, the methodology identifies additional vantage points by looking at a list of ASes that are one hop away from the ASes at the IXP. The choice of one-hop away ASes is made judiciously by picking ones that have better connectivity, based on past-data. Plural-hop ASes may also be used where necessary. | 06-09-2011 |
20110208850 | SYSTEMS FOR AND METHODS OF WEB PRIVACY PROTECTION - A disclosed method for implementing anti-tracking measures for a web browser includes refreshing anti-tracking data structure responsive to satisfying at least one of a set of anti-tracking refresh criteria. The anti-tracking data structure may include opt-out cookie data indicative of a set of opt-out cookies, uniform resource locator (URL) anti-tracking data indicative of a set of URLs associated with URL tracking, and Referer header field anti-tracking data indicative of a set of URLs susceptible to Referer header field tracking. Responsive to a web browser of a user device generating a request for a third-party web page specified by a browser URL, at least a portion of the browser URL is compared against the anti-tracking data structure. If a match in the URL anti-tracking data or the Referer header field anti-tracking data is detected, the browser URL may be modified. The refreshing of anti-tracking data may include pulling a current anti-tracking data structure from an anti-tracking server. Alternatively, the current anti-tracking data structure may be pushed from the anti-tracking server. | 08-25-2011 |
20120011591 | Anonymization of Data Over Multiple Temporal Releases - The present disclosure is directed to systems, methods, and computer-readable storage media for anonymizing data over multiple temporal releases. Data is received, and nodes and connections in the data are identified. The data also is analyzed to identify predicted connections. The nodes, the connections, and the predicted connections are analyzed to determine how to group the nodes in the data. The data is published, and the grouping of the nodes is extended to subsequent temporal releases of the data, the nodes of which are grouped in accordance with the grouping used with the data. | 01-12-2012 |
20120124672 | Multi-Dimensional User-Specified Extensible Narrowcasting System - Narrowcast communication to one or more narrowcast communication recipients is provided through the use of an extensible method and apparatus. A narrowcast communication sender determines a set of attributes that define who will be eligible to receive a narrowcast communication. The set of attributes characterize potential recipients according to qualities such as interests, location, or another descriptor of a potential narrowcast communication recipient. Through the use of a privacy sphere, attributes associated with the narrowcast communication are matched to the qualities of potential recipients to identify the network addresses of the narrowcast communication recipients. The narrowcast communication is then transmitted to those network addresses. The narrowcast communication can be then expired from recipients who are no longer eligible to receive it and transmitted to recipients who become eligible to receive the narrowcast communication. | 05-17-2012 |
20130031630 | Method and Apparatus for Identifying Phishing Websites in Network Traffic Using Generated Regular Expressions - According to an aspect of this invention, a method to detect phishing URLs involves: creating a whitelist of URLs using a first regular expression; creating a blacklist of URLs using a second regular expression; comparing a URL to the whitelist; and if the URL is not on the whitelist, comparing the URL to the blacklist. False negatives and positives may be avoided by classifying Internet domain names for the target organization as “legitimate”. This classification leaves a filtered set of URLs with unknown domain names which may be more closely examined to detect a potential phishing URL. Valid domain names may be classified without end-user participation. | 01-31-2013 |
20130097046 | System and Method of Providing Transactional Privacy - A user is prevented from being identified at each of a plurality of sites. An indication to sell access to the user at one of the plurality of sites is received. A personal information marketplace is provided to run an auction to sell the access to the user at the one of the plurality of sites. In response to a sale of the access to the user at the one of the plurality of sites to an aggregator, access to track the user at the one of the plurality of sites while maintaining anonymity of the user is provided to the aggregator. | 04-18-2013 |
20130133074 | System And Method For Monitoring Network Traffic - Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic. | 05-23-2013 |
20130138639 | Automatic Gleaning of Semantic Information in Social Networks - Disclosed are method and apparatus for identifying members of a social network who have a high likelihood of providing a useful response to a query. A query engine examines the personal pages of a set of members and automatically gleans semantic information relevant to the query. From the automatically-gleaned semantic information, a score indicative of the likelihood that the member may provide a useful response is calculated. | 05-30-2013 |
20130219059 | Internet-Wide Scheduling of Transactions - A method and system for distributing content on a network through network-wide transactions is disclosed. The method and system monitors the network using triggered measurement of the performance of an element of the network, dynamically computing, based on the monitoring, the regions of the network with available performance capacity for the transaction to proceed at a given time, determining, based on the computing, a scheduled time for the transaction to proceed, and distributing the content according to a schedule related to the scheduled time. | 08-22-2013 |
20130242801 | Reverse Engineering Peering At Internet Exchange Points - A technique for examining the relationships of autonomous systems (ASes) participating in an Internet Exchange Point (IXP) utilizes packet tracing servers proximate the IXPs. Where such packet tracing servers cannot be found in the participating ASes, the methodology identifies additional vantage points by looking at a list of ASes that are one hop away from the ASes at the IXP. The choice of one-hop away ASes is made judiciously by picking ones that have better connectivity, based on past-data. Plural-hop ASes may also be used where necessary. | 09-19-2013 |
20140195606 | IDENTIFYING VALUABLE USERS IN A SOCIAL NETWORK - A method, computer readable medium and apparatus for determining a value of a user of a social network are disclosed. For example, the method measures user influence information of the user on the social network. The method then calculates the value of the user based upon the user influence information. | 07-10-2014 |
20140215063 | METHOD AND APPARATUS TO IDENTIFY OUTLIERS IN SOCIAL NETWORKS - A system that incorporates teachings of the present disclosure may include, for example, a process that obtains seed information including privacy profile settings of on-line social network users. The seed information is compared to a random population of on-line social network users and a sampling size of a total population is reduced according to the comparison. The reduced sampling is compared to one of a social graph, a generalized profile of an on-line user, or a combination thereof. The social graph is determined from a randomized-walk algorithm applied to an on-line social network of the users and an outlier is identified in the reduced sampling based on relationships between the on-line social network users. Additional embodiments are disclosed. | 07-31-2014 |
20140244684 | SYSTEM AND METHOD OF PROCESSING DATABASE QUERIES - A method includes determining, via a database interface system, a first number of database queries received from a query source during a time period. The method includes preventing, via the database interface system, access to requested information by the query source when the first number does not satisfy a first threshold. The method also includes preventing, via the database interface system, access to the requested information by the query source when no click-through commands associated with a second number of consecutive prior search results were received during the time period. | 08-28-2014 |
20140297850 | SYSTEM AND METHOD FOR INFERRING TRAFFIC LEGITIMACY THROUGH SELECTIVE IMPAIRMENT - Described is a system and method for determining a classification of an application that includes initiating a stress test on the application, the stress test including a predetermined number of stress events, wherein the stress events are based on a network impairment. A response by the application to each stress event is identified and the application is classified as a function of the response into one of a first classification and a second classification, the first classification indicative of a normal application and the second classification indicative of an undesired application. If, the application is in the second classification, a network response procedure is executed. | 10-02-2014 |
20140365564 | Network Communication Using Identifiers Mappable To Resource Locators - A technique for providing information via a data network is disclosed. A first server transmits an identifier to a client, where the identifier is mappable to a uniform resource locator (URL) associated with content stored on a second server. The client transmits the identifier to a second server. The second server maps the identifier to its associated URL, retrieves the content associated with the URL, and transmits the content to the client. Various types of mappings are disclosed, including encryption and predetermined mappings. | 12-11-2014 |
20150047047 | System And Method For Monitoring Network Traffic - Described is a method of assigning a network address to a trap, the network address being a dark address of a virtual private network. The network traffic destined for the network address is monitored and a classification of the network traffic is determined. After the classification, a predetermined response is executed based on the classification of the traffic. | 02-12-2015 |