| Patent application number | Description | Published |
|---|
| 20080198045 | Transmission of a Digital Message Interspersed Throughout a Compressed Information Signal - A method is disclosed that enables the transmission of a digital message along with a corresponding media information signal, such as audio or video. A telecommunications device that is processing the information signal from its user, such as a speech signal, encodes the information signal by using a model-based compression coder. One such device is a telecommunications endpoint. Then, based on an evaluation of the perceptual significance of each encoded bit, or on some other meaningful characteristic of the signal, the endpoint's processor: (i) determines which encoded bits can be overwritten; and (ii) intersperses the digital message bits throughout the encoded signal in place of the overwritten bits. The endpoint then transmits those digital message bits as part of the encoded information signal. In this way, no additional bits are appended to the packet to be transmitted, thereby addressing the issue of compatibility with existing protocols and firewalls. | 08-21-2008 |
| 20080199009 | Signal Watermarking in the Presence of Encryption - A method is disclosed that enables the transmission of a digital message along with a corresponding information signal, such as audio or video. The supplemental information contained in digital messages can be used for a variety of purposes, such as enabling or enhancing packet authentication. In particular, a telecommunications device that is processing an information signal from its user, such as a speech signal, encrypts the information signal by performing a bitwise exclusive-or of an encryption key stream with the information signal stream. The device, such as a telecommunications endpoint, then intersperses the bits of the digital message throughout the encrypted signal in place of those bits overwritten, in a process referred to as “watermarking.” The endpoint then transmits the interspersed digital message bits as part of a composite signal that also comprises the encrypted information bits. No additional bits are appended to the packet to be transmitted, thereby addressing compatibility issues. | 08-21-2008 |
| 20080313737 | Stateful and Cross-Protocol Intrusion Detection for Voice Over IP - A method for detecting intrusions that employ messages of two or more protocols is disclosed. Such intrusions might occur in Voice over Internet Protocol (VoIP) systems, as well as in systems in which two or more protocols support some service other than VoIP. In the illustrative embodiment of the present invention, a stateful intrusion-detection system is capable of employing rules that have cross-protocol pre-conditions. The illustrative embodiment can use such rules to recognize a variety of VoIP-based intrusion attempts, such as call hijacking, BYE attacks, etc. In addition, the illustrative embodiment is capable of using such rules to recognize other kinds of intrusion attempts in which two or more protocols support a service other than VoIP. The illustrative embodiment also comprises a stateful firewall that is capable of employing rules with cross-protocol pre-conditions. | 12-18-2008 |
| 20080319940 | Message Log Analysis for System Behavior Evaluation - A technique is disclosed that enables the run-time behavior of a data-processing system to be analyzed and, in many cases, to be predicted. In particular, the illustrative embodiment of the present invention comprises i) transforming the messages that constitute an unstructured log into a numerical series and ii) applying a time-series analysis on the resultant series for the purpose of pattern detection. Indeed, it is recognized in the illustrative embodiment that the problem really is to detect patterns that depict aspects of system behavior, regardless of the textual content of the individual log messages. In other words, by analyzing the totality of the messages in the log or logs—as opposed to looking for pre-defined patterns of the individual messages—system behavior can be mapped and understood. The mapping helps in characterizing the system for the purposes of predicting failure, determining the time required to reach stability during failure recovery, and so forth. | 12-25-2008 |
| 20090024989 | Security Vulnerability Monitor - A method and apparatus for automatically determining whether a security vulnerability alert is relevant to a device (e.g., personal computer, server, personal digital assistant [PDA], etc.), and automatically retrieving the associated software patches for relevant alerts, are disclosed. The illustrative embodiment intelligently determines whether the software application specified by a security vulnerability alert is resident on the device, whether the version of the software application on the device matches that of the security vulnerability alert, and whether the device's hardware platform and operating system match those of the security vulnerability alert. | 01-22-2009 |
| 20090024990 | Security Vulnerability Monitor - A method and apparatus for automatically determining whether a security vulnerability alert is relevant to a device (e.g., personal computer, server, personal digital assistant [PDA], etc.), and automatically retrieving the associated software patches for relevant alerts, are disclosed. The illustrative embodiment intelligently determines whether the software application specified by a security vulnerability alert is resident on the device, whether the version of the software application on the device matches that of the security vulnerability alert, and whether the device's hardware platform and operating system match those of the security vulnerability alert. | 01-22-2009 |
| 20090070874 | Signature-Free Intrusion Detection - An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems, without the use of an attack signature database. In particular, the illustrative embodiment is based on the observation that some VoIP-related protocols (e.g., the Session Initiation Protocol [SIP], etc.) are simple enough to be represented by a finite-state machine (FSM) of compact size. A finite-state machine is maintained for each session/node/protocol combination, and any illegal state or state transition—which might be the result of a malicious attack—is flagged as a potential intrusion. | 03-12-2009 |
| 20090070875 | Distributed Stateful Intrusion Detection for Voice Over IP - An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems without an attack signature database. The illustrative embodiment is based on two observations: (1) various VoIP-related protocols are simple enough to be represented by a finite-state machine (FSM) of compact size, thereby avoiding the disadvantages inherent in signature-based intrusion-detection systems.; and (2) there exist intrusions that might not be detectable locally by the individual finite-state machines (FSMs) but that can be detected with a global (or distributed) view of all the FSMs. The illustrative embodiment maintains a FSM for each session/node/protocol combination representing the allowed (or “legal”) states and state transitions for the protocol at that node in that session, as well as a “global” FSM for the entire session that enforces constraints on the individual FSMs and is capable of detecting intrusions that elude the individual FSMs. | 03-12-2009 |
| 20090103701 | Call Screening Via Observing Called-Party Behavior - A method is disclosed that enables the screening of unwanted telephone calls, such as voice or video calls, for one or more called parties. In accordance with the illustrative embodiment of the present invention, an anti-SPAM system receives signaling information for one or more telephone calls made to one or more called parties by a calling party. Although the calling party can be a human caller, in a SPAM-over-Internet-Telephony context the calling party can alternatively be a server or other network element that originates SPAM voice calls for advertising purposes; both possibilities are accounted for in the illustrative embodiment. The anti-SPAM system then observes the behavior of the called party or parties that is exhibited in response to receiving the telephone calls. Based on the observed behavior, the anti-SPAM system then updates one or more rules for handling future telephone calls made to the protected called parties. | 04-23-2009 |
| 20090254970 | MULTI-TIER SECURITY EVENT CORRELATION AND MITIGATION - The present invention is directed to the use of a multi-tiered security architecture that includes vendor-operated global security services and policy servers able to exchange security events and mitigation measures. | 10-08-2009 |
| 20090274143 | State Machine Profiling for Voice Over IP Calls - An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of a communications protocol at a node during a Voice over Internet Protocol (VoIP) call. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior is maintained. When there is a match between the behavior of a finite-state machine during a call and an execution profile in the library, an alert is generated. | 11-05-2009 |
| 20090274144 | Multi-Node and Multi-Call State Machine Profiling for Detecting SPIT - An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated. | 11-05-2009 |
| 20100278325 | Annoying Telephone-Call Prediction and Prevention - A method for predicting whether a telephone call that is being set up will be considered annoying by the called party and, if so, for preventing it from being established. The illustrative embodiment predicts whether a telephone call will be considered annoying by the called party based on temporal characteristics of previous calls from the same caller. For example, when a called party receives an unwanted telephone solicitation, he or she will usually hang up within the first minute. If many telephone calls are made from the same caller, and all of these calls last under a minute, then it is reasonable to predict that future calls from this caller will be considered annoying. | 11-04-2010 |
| 20100290601 | Method for Characterizing System State Using Message Logs - A method that enables the run-time behavior of a system to be analyzed is disclosed. By analyzing the totality of the messages in the log or logs system behavior can be better understood. The illustrative embodiment of the present invention detects patterns in message logs, clusters similar messages, and determines system behavior based on the clustering of messages. | 11-18-2010 |
| 20110035749 | Credit Scheduler for Ordering the Execution of Tasks - A method for scheduling the execution of tasks on a processor is disclosed. The purpose of the method is in part to serve the special needs of soft real-time tasks, which are time-sensitive. A parameter Δ is an estimate of the amount of time required to execute the task. Another parameter Γ is the maximum amount of time that the task is to spend in a queue before being executed. In the illustrative embodiment, the preferred wait time Γ | 02-10-2011 |
| 20110035751 | Soft Real-Time Load Balancer - The present disclosure is based on a multi-core or multi-processor virtualized environment that comprises both time-sensitive and non-time-sensitive tasks. The present disclosure describes techniques that use a plurality of criteria to choose a processing resource that is to execute tasks. The present disclosure further describes techniques to re-schedule queued tasks from one processing resource to another processing resource, based on a number of criteria. Through load balancing techniques, the present invention both (i) favors the processing of soft real-time tasks arising from media servers and applications, and (ii) prevents “starvation” of the non-real-time general computing applications that co-exist with the media applications in a virtualized environment. These techniques, in the aggregate, favor the processing of soft real-time tasks while also reserving resources for non-real-time tasks. These techniques manage multiple processing resources to balance the competing demands of soft real-time tasks and of non-real-time tasks. | 02-10-2011 |
| 20110035752 | Dynamic Techniques for Optimizing Soft Real-Time Task Performance in Virtual Machines - Methods are disclosed that dynamically improve soft real-time task performance in virtualized computing environments under the management of an enhanced hypervisor comprising a credit scheduler. The enhanced hypervisor analyzes the on-going performance of the domains of interest and of the virtualized data-processing system. Based on the performance metrics disclosed herein, some of the governing parameters of the credit scheduler are adjusted. Adjustments are typically performed cyclically, wherein the performance metrics of an execution cycle are analyzed and, if need be, adjustments are applied in a later execution cycle. In alternative embodiments, some of the analysis and tuning functions are in a separate application that resides outside the hypervisor. The performance metrics disclosed herein include: a “total-time” metric; a “timeslice” metric; a number of “latency” metrics; and a “count” metric. In contrast to prior art, the present invention enables on-going monitoring of a virtualized data-processing system accompanied by dynamic adjustments based on objective metrics. | 02-10-2011 |
| 20110078383 | Cache Management for Increasing Performance of High-Availability Multi-Core Systems - An apparatus and method for improving performance in high-availability systems are disclosed. In accordance with the illustrative embodiment, pages of memory of a primary system that are to be shadowed are initially copied to a backup system's memory, as well as to a cache in the primary system. A duplication manager process maintains the cache in an intelligent manner that significantly reduces the overhead required to keep the backup system in sync with the primary system, as well as the cache size needed to achieve a given level of performance. Advantageously, the duplication manager is executed on a different processor core than the application process executing transactions, further improving performance. | 03-31-2011 |
