US Pat. No. 9,465,529

PLATFORM-INDEPENDENT ENVIRONMENTS FOR CUSTOMIZING USER INTERFACES OF NATIVE APPLICATIONS FOR PORTABLE ELECTRONIC DEVICES

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing a user interface of a native application for a portable electronic device,
comprising:
providing an environment for customizing the user interface using one or more custom views, wherein the one or more custom
views comprise a set of user-interface components, a layout of the user-interface components, and a configuration of a user-interface
component from the set of user-interface components; and

enabling, via a rendering apparatus within the native application, use of the one or more custom views with the native application
through the environment independently of a platform of the native application.

US Pat. No. 9,128,579

SOFTWARE LOCALIZATION THROUGH USER CONTRIBUTION

Intuit Inc., Mountain Vi...

1. A method to adapt a software application for a geographical region, comprising:
selecting a predefined geographical region having a plurality of users that use the software application;
receiving, by a computer processor and from at least one of the plurality of users, a first translation of a localizable item
in a user interface (UI) menu of the software application, wherein the first translation is based on a language of the predefined
geographical region;

generating, by the computer processor, a tally of the first translation from the plurality of users;
presenting, to one or more users from the plurality of users via a plurality of instantiations of the UI menu in response
to the tally exceeding a pre-determined count, one or more requests for feedback regarding the accuracy of the first translation;

receiving, from the one or more users from the plurality of users via the plurality of instantiations of the UI menu, the
feedback;

classifying, based on the feedback, the first translation as an approved translation of the localizable item; and
when the first translation is classified as the approved translation, presenting to the plurality of users the localizable
item in the UI menu using the first translation.

US Pat. No. 9,213,862

SYSTEMS, METHODS AND ARTICLES FOR PROVIDING PERSONALIZED WEB CONTENT BASED ON PORTABLE PERSONAS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for delivering personalized content in a website, the method being performed on a computer
having at least one processor, comprising:
a website server receiving a request from a user for website content at a website, the website server comprising a computer
having at least one processor;

the website server accessing a persona for the user which identifies a generalized profile of personal and financial characteristics
for the user selected from a predetermined, discrete set of personas wherein the set of personas is not different for each
user and each of the personas identifies a different profile of personal and financial characteristics, the persona for the
user determined by analyzing personal and financial data of the user and determining a persona from the predetermined, discrete
set of personas which has a generalized profile of personal and financial characteristics which best matches the personal
and financial data of the user;

the website server transmitting website content to the user wherein the website content is personalized to the user based
on the persona for the user.

US Pat. No. 9,060,248

DYNAMIC PLACING AND UPDATING OF A GEOFENCE FOR A MOBILE BUSINESS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for dynamically updating a geofence of a mobile device on a server, comprising:
establishing a first location and a first geofence for a mobile business device;
receiving a second location of the mobile business device different than the first location of the mobile business device;
generating an updated geofence for the mobile business device based on the second location of the mobile business device;
and

predicting an estimated time of arrival (ETA) of the mobile business device at a third location based at least on the second
location; and

notifying a set of one or more mobile client devices of the ETA of the mobile business device at the third location.

US Pat. No. 9,444,824

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR IMPLEMENTING ADAPTIVE LEVELS OF ASSURANCE IN A FINANCIAL MANAGEMENT SYSTEM

INTUIT INC., Mountain Vi...

1. A computer implemented method for implementing adaptive levels of assurance in a financial management system, the method
being performed by a server and comprising:
the server initiating a flow for a user's request for access to the financial management system residing on the at least one
computing system;

the server monitoring traversal of the flow for the access by a user requesting the access to the financial management system,
wherein the financial management system comprises at least a tax return preparation software product or service operable to
prepare an electronic tax return;

the server providing multiple adaptive levels of assurance corresponding to one or more authentication tokens for the flow
based at least in part upon sensitivity of information involved in the access by the user to provide adequate security;

the server increasing a current level of assurance to a heightened level of assurance associated with one or more heightened
security requirements when the access includes electronic filing of a tax return or accessing information of one or more accounts
of the user; and

the server authenticating or authorizing the user's request for access to different portions with respective sensitivities
of the financial management system that resides on the server at least by generating one or more authenticators with the one
or more authentication tokens according to the respective sensitivities for the multiple adaptive level of assurance.

US Pat. No. 9,088,564

TRANSITIONING A LOGGED-IN STATE FROM A NATIVE APPLICATION TO ANY ASSOCIATED WEB RESOURCE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for granting a user of a native application access to a web resource affiliated with the
native application, the method comprising:
receiving, at the native application that executes on a computer, a username and password from a user of the native application;
using the username and password to make an access token request to a Central Authentication Service (CAS);
receiving the access token from the CAS;
using the access token to make a session token request to the CAS, wherein the session token request identifies the web resource
and wherein the session token request identifies the native application, thereby enabling the CAS to use an application whitelist
to determine that the native application is valid;

receiving the session token from the CAS; and
forwarding the session token to an endpoint server, thereby enabling the endpoint server to initialize an authenticated session
that is scoped to the web resource, wherein doing so comprises:

launching a web browser to pass the session token to an endpoint server, thereby enabling the endpoint server to send Hypertext
Transfer Protocol (HTTP) session cookies to the web browser, wherein the HTTP session cookies are scoped to the web resource;
and
accepting, at the web browser, the HTTP session cookies to obtain access to the web resource.

US Pat. No. 9,659,306

METHOD AND SYSTEM FOR LINKING SOCIAL MEDIA SYSTEMS AND FINANCIAL MANAGEMENT SYSTEMS TO PROVIDE SOCIAL GROUP-BASED MARKETING PROGRAMS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for linking social media systems and financial management systems to provide social
group-based marketing programs comprising the following, which when executed individually or collectively by any set of one
or more processors perform a process including:
obtaining, at a computing system of at least a first consumer, marketing program data associated with a social group-based
marketing program offered by a merchant, the marketing program data including marketing program eligibility criteria data
indicating marketing program eligibility criteria that must be met before consumers are eligible to register to take part
in the marketing program and marketing program requirements data that must be met in order for consumers to receive the benefits
of the social group-based marketing program;

obtaining social group identification data identifying two or more socially connected consumers of a social media system,
the two or more socially connected consumers at least including the first consumer and a second consumer, the social group
identification data being obtained from respective mobile computing systems of the first and second consumers;

continuously monitoring, at a monitoring module of a computing system executing a financial management system common to the
first and second socially connected consumers, financial transaction data of the first and second socially connected consumers,
at least a portion of the monitored financial transaction data originating at a banking system common to the two or more socially
connected consumers;

identifying, through the continuous monitoring performed at the financial management system common to the first and second
socially connected consumers, the first and second socially connected consumers as being consumers whose financial transaction
data collectively includes at least a threshold total discretionary spending budget;

comparing, at the computing system of the first consumer, the financial transaction data of the first and second socially
connected consumers to the marketing program eligibility criteria data;

upon determining, at the computing system of the first consumer, that the financial transaction data of the two or more spending
and socially connected consumers matches the marketing program eligibility criteria data, designating the first and second
socially connected consumers as marketing program eligible spending and socially connected consumers;

inviting, following the determination, at the computing system of the first consumer, that the financial transaction data
associated with the identified marketing program eligible spending and socially connected consumers to register for the social
group-based marketing program;

receiving, from at least the computing system of the first consumer, registration data from two or more of the program eligible
spending and socially connected consumers and designating the program eligible spending and socially connected consumers providing
registration data as registered marketing program eligible spending and socially connected consumers;

further monitoring, at the monitoring module of the computing system executing a financial management system common to the
first and second socially connected consumers, spending data of the registered marketing program eligible spending and socially
connected consumers;

comparing the spending data of the registered marketing program eligible spending and socially connected consumers with the
marketing program requirements data; and

when the spending data associated with the registered marketing program eligible spending and socially connected consumers
indicates the marketing program requirements of the marketing program requirements data have been met, providing, at computing
systems of the first and second consumers, the registered marketing program eligible spending and socially connected consumers
the benefits of the social group-based marketing program.

US Pat. No. 9,047,157

METHOD AND APPARATUS FOR USING UNSPECIALIZED SOFTWARE MICRO-CONTAINERS FOR BUILDING COMPLEX DYNAMIC BUSINESS PROCESSES

INTUIT INC., Mountain Vi...

1. A computer-implemented method for using unspecialized software micro-containers to build complex dynamic business processes,
the method comprising:
receiving, at a computer system, a command to execute a business logic;
in response to the command, initializing an unspecialized software micro container from a pool of unspecialized software micro-containers,
wherein an unspecialized software micro-container has the ability to interpret and execute business logic and perform a business
function, and the ability to proactively search for and interpret specializing configuration and business logic;

retrieving the business logic from a business logic repository;
loading the business logic into the unspecialized software micro-container;
executing the business logic in the unspecialized software micro-container;
unloading the business logic; and
returning the unspecialized software micro-container to the pool of unspecialized software micro-containers.

US Pat. No. 9,392,637

PEER-TO-PEER PROXIMITY PAIRING OF ELECTRONIC DEVICES WITH CAMERAS AND SEE-THROUGH HEADS-UP DISPLAYS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating communication between a first electronic device and a second electronic
device in proximity to the first electronic device, comprising:
using a first optical head-mounted display (OHMD) at the first electronic device to generate a first signal that is detectable
by the second electronic device;

using the first OHMD to detect a second signal from a second OHMD at the second electronic device;
generating, at the first electronic device, a shared secret with the second electronic device using data associated with the
first and second signals, wherein the first and second signals comprise optical signals, and wherein the data associated with
the first and second signals that is used to generate the shared secret comprises at least one of:

a cryptographic key; and
a number; and
using the shared secret to establish a secure connection with the second electronic device without requiring input from a
user of the first electronic device.

US Pat. No. 9,384,362

METHOD AND SYSTEM FOR DISTRIBUTING SECRETS

Intuit Inc., Mountain Vi...

1. A system for distributing credentials comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for distributing credentials, the process for distributing
credentials including:

receiving request data from a requesting virtual asset, the request data including a request for one or more credentials required
in order for the requesting virtual asset to be allowed to access one or more resources, the requested credentials being of
a first type of a plurality of credential types, the one or more resources being cloud-accessible resources;

responsive to receiving the request data, obtaining profile data associated with the requesting virtual asset;
responsive to receiving the request data, authenticating, by a secrets distribution management system, the requesting virtual
asset;

responsive to authenticating the requesting virtual asset and obtaining profile data associated with the requesting virtual
asset, analyzing, by the secrets distribution management system, the profile data using one or more distribution factors to
determine one or more credentials of the first type that the requesting virtual asset is authorized to receive, the determination
being at least partly based on a role assigned to the requesting virtual asset, the requesting virtual asset being assigned
at least two different roles;

determining a first source from which the first type of credential is available, wherein a plurality of credential sources
are available each having different types of credentials, wherein credentials of a first type are only available from a first
source, and credentials of a second type are only available from a second source; and

providing, from the first source, credentials data representing the determined one or more credentials to the requesting virtual
asset, the provided credentials data including data representing one or more of the credentials associated with the request
data, the providing being accomplished through at least:

encrypting set data;
assigning identification data to the encrypted set data;
storing the encrypted set data in a credentials store;
providing the requesting virtual asset the identification data and an encryption key for identifying and decrypting the encrypted
set data; and

providing the requesting virtual asset access to the credentials store.

US Pat. No. 9,286,567

SYSTEMS, METHODS AND ARTICLES FOR PROVIDING SUPPORT INFORMATION FOR A SOFTWARE APPLICATION

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing support information for a software application, the method being performed
on a computer, comprising:
generating a knowledge database regarding a page of the software application displayable on a display, by a method comprising:
a knowledge database computer receiving a notification from a user that an issue exists with the page of the software application,
including a description of the issue;

the knowledge database computer receiving support information as created by a customer support representative related to the
issue in response to the notification from the user;

the knowledge database computer receiving a notification that the support information will be released for publication to
users of the software application;

the knowledge database computer adding the support information to the knowledge database; and
linking the support information to a support button displayable on a page of the software application;
the computer generating the page of the software application, the page including a support button displayed directly on the
page;

in response to a selection of the support button, the computer accessing support information from the knowledge database regarding
the page, the knowledge database not a part of the software application;

the computer generating a support page displayable on the display which includes the information from the knowledge database;
modifying the software application to correct the issue and creating an update to the software application in which the support
button for the defect has been removed;

the computer sending a notification to the user to update the software application in which the support button has been removed.

US Pat. No. 9,245,341

IMAGE ACQUISITION USING A LEVEL-INDICATION ICON

INTUIT INC., Mountain Vi...

1. An electronic-device-implemented method for extracting textual information from a document, comprising:
launching an imaging application that executes on the electronic device;
displaying, in a window associated with the imaging application, visual suitability indicators of a tilt orientation of the
electronic device relative to a plane of the document;

modifying the visual suitability indicators when the tilt orientation falls within a predefined range;
acquiring an image of the document, after the tilt orientation falls within the predefined range for more than a time interval,
using an imaging device, which is integrated into the electronic device; and

extracting the textual information from the image of the document using optical character recognition.

US Pat. No. 9,390,192

DISPLAYING PERSONALIZATION FUNCTIONALITY AND HIGHLIGHTING WORK PERFORMED

Intuit Inc., Mountain Vi...

1. A method for displaying personalization functionality, comprising:
sending, by a processor, a plurality of information for a user to a server;
receiving, by the processor, personalization data from the server comprising a first number of entities similar to the user,
a second number of entities similar to the user, and a first personalization action, wherein the first personalization action
is determined based on user information of the second number of entities similar to the user;

determining, by the processor based on a pre-determined proportional factor, a first time delay and a second time delay that
are proportional to an amount of work performed by the server to provide the first number of entities similar to the user,
the second number of entities similar to the user, and the first personalization action;

displaying, by the processor, the first number of entities similar to the user;
displaying, by the processor and subsequent to the first time delay from displaying the first number of entities similar to
the user, the second number of entities similar to the user;

displaying, by the processor and subsequent to the second time delay from displaying the second number of entities similar
to the user, the first personalization action; and

performing the first personalization action.

US Pat. No. 9,048,963

CONVEYING INFORMATION USING AN AUDIO SIGNAL

INTUIT INC., Mountain Vi...

1. An electronic-device-implemented method comprising:
at the electronic device, receiving a set of audio signals using an audio sensor configured to receive sound, wherein each
audio signal in the set of audio signals is received from a different remote electronic device in a set of remote electronic
devices at a retail establishment, and wherein each audio signal in the set of audio signals includes information specifying
an identifier that identifies a different product in a set of products that are sold at the retail establishment;

for each audio signal in the set of audio signals:
using the electronic device, analyzing the audio signal to extract the identifier specified by the information included with
the audio signal; and

providing the identifier specified by the information included with the audio signal to a pre-defined location via a network;
and

purchasing the set of products by providing payment for the set of products at the retail establishment, wherein the retail
establishment determines an amount for the payment by using the identifiers provided to the pre-defined location.

US Pat. No. 9,356,841

DEFERRED ACCOUNT RECONCILIATION DURING SERVICE ENROLLMENT

INTUIT INC., Mountain Vi...

1. A computer-implemented method for enrolling an individual for a service that is provided to the individual in response
to the individual accessing a first computer, the method comprising:
receiving an enrollment request for an enrollment process for the service, wherein the enrollment request includes an identifier
associated with the individual;

using a computer, identifying a match between the identifier and an existing identifier associated with another service that
is provided to the individual in response to the individual accessing a second computer;

determining if there is a correspondence between the service and the other,
service by determining an overlap between enrollment information from the other service and enrollment information for the
enrollment process for the service;

when there is a correspondence between the service and the other service, using the enrollment information from the other
service in an enrollment process for the service, which allows a subset of the enrollment process to be performed; and

otherwise, when there is not a correspondence between the service and the other service, performing the enrollment process
for the service.

US Pat. No. 9,286,463

SYSTEM AND METHOD FOR TOUCHSCREEN COMBINATION LOCK

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing conditional access to data, the method being performed by a computing device
and comprising:
capturing a gateway combination entered by user manipulating a user interface displayed on a touchscreen, the user interface
comprising a mechanical combination lock simulation including one or more simulated rotating elements, each simulated rotating
element having one or more selectable positions spaced apart about a geometry of the rotating element and comprising respective
data;

interpreting alignment of a touchpath resulting from a dragging or sliding action upon the touchscreen relative to a rotational
plane of a simulated rotating element;

determining the touchpath is misaligned relative to the rotational plane;
resolving the misaligned touchpath based at least in part upon a component of the misaligned touchpath in alignment with the
rotational plane;

executing a comparison of the entered gateway combination including gateway combination data determined based at least in
part upon resolving the misaligned touchpath with at least one value stored upon a storage device of the computing device;
and

determining whether to grant access to further information based at least in part upon the comparison.

US Pat. No. 9,047,387

SECREGATING ANONYMOUS ACCESS TO DYNAMIC CONTENT ON A WEB SERVER, WITH CACHED LOGONS

INTUIT INC., Mountain Vi...

1. Apparatus for serving content from multiple websites, the apparatus comprising:
one or more computer servers executing a plurality of web server instances to serve content of a plurality of websites, wherein
the one or more computer servers comprise a plurality of user accounts;

a single database, external to the one or more computer servers and shared among the plurality of web server instances, for
mapping between a request for a dynamic content item of a website from an anonymous web user and a user account associated
with a customer that owns the requested dynamic content item, to be used to process the request;

wherein the user account is configured with permission to access content of the website associated with the dynamic content
item, but not content of another website that corresponds to another user account; and

wherein the database maps at least two different requests from anonymous users for dynamic content items of two different
websites to two different user accounts.

US Pat. No. 9,471,921

SECURE MOBILE PAYMENT AUTHORIZATION

Intuit Inc., Mountain Vi...

1. A method to authorize a mobile payment for a transaction, comprising:
receiving, from a financial institution, a facial image of a consumer and account information of an account at the financial
institution, wherein the account information is linked with the facial image, and the facial image and the account information
are first sent to the financial institution from a point-of-sale (POS) device,

wherein the consumer requests the mobile payment for the transaction using the account information stored in a mobile device
of the consumer, and

wherein the facial image is captured using the mobile device by at least:
receiving, by the mobile device, a facial image request from the POS device, wherein the facial image request is sent by the
POS device in response to receiving a signal from the mobile device while initiating the transaction on behalf of the consumer,
and

displaying, by the mobile device in response to receiving the facial image request, a first message prompting the consumer
to capture the facial image within a pre-determined time window using a camera of the mobile device;

requesting, in response to receiving the account information and based on the account information, a verified facial image
from the financial institution;

receiving the verified facial image of an account holder of the account from the financial institution, wherein the account
is identified at the financial institution based on the account information;

comparing the facial image of the consumer and the verified facial image of the account holder based on a pre-determined criterion
to verify the consumer as the account holder;

generating, in response to verifying the consumer as the account holder, an authorization of the mobile payment based on the
account information; and

sending the authorization to the POS device,
wherein the POS device completes the transaction based on the authorization,
wherein the mobile device displays a second message informing the consumer regarding the authorization, and
wherein the financial institution shares, with a merchant of the transaction, a saving due to reduced risk of the transaction
based on verifying the consumer using the facial image.

US Pat. No. 9,253,011

SESSION-SERVER AFFINITY FOR CLIENTS THAT LACK SESSION IDENTIFIERS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating interaction between a client and a web application via an intermediary device,
comprising:
receiving, at a device, a request from a client, wherein the request is directed to a web application executing on a plurality
of servers, wherein the request lacks a session identifier, and wherein the client lacks the ability to provide session identifiers;

obtaining a client identifier associated with the client from a Uniform Resource Locator (URL) associated the request;
querying a cache with the client identifier to determine if a session identifier associated with the client identifier exists
in the cache;

if so, adding the session identifier to the request, wherein the device maintains the session identifier on behalf of the
client, and wherein the session identifier is a separate identifier from the client identifier;

forwarding the request to the web application.

US Pat. No. 9,135,089

METHOD AND APPARATUS FOR FACILITATING A PERSISTENCE APPLICATION PROGRAMMING INTERFACE

INTUIT INC., Mountain Vi...

1. A method for implementing a persistence application programming interface (API) that is platform independent and can make
up-calls to business logic, the method comprising:
receiving a request at the API to execute a command at a persistence tier of an n-tier distributed application;
in response to the request, determining an entity type for an entity affected by the command;
identifying a function at a middle tier of the n-tier distributed application that is associated with the entity type and
the command, wherein the middle tier includes the business logic;

sending an instruction from the API at the persistence tier to the middle tier to execute the function, wherein the instruction
specifies the function, and wherein the function already exists at the middle tier, whereby the persistence tier is directing
the execution of the function at the middle tier by making an up-call to the middle tier; and

upon receiving a confirmation at the API that the function executed, executing the command at the persistence tier.

US Pat. No. 9,451,006

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR CONFIGURATION-BASED CLIENT-SIDE RESOURCE RESOLUTION FRAMEWORK FOR CUSTOMIZABLE USER EXPERIENCE

INTUIT INC., Mountain Vi...

1. A machine implemented method for implementing a configuration-based client-side resource resolution framework residing
on a client computing device for customizable user experience, the method comprising:
a client-side framework residing on the client computing device receiving a request for a reference to a resource for a flow
node for a webpage hosted on a remote host computer, wherein the client-side framework is initialized on the client computing
device by processing a file located on the client computing device and obtained from the remote host computer, and identifies
or determines an actual location of the reference to the resource by using a resource resolver that accesses a resolver configuration
file located on the remote host computer;

the resource resolver in the client-side framework obtaining an actual implementation of the resource from the remote host
computer by using at least the actual location of the reference to the resource;

the client-side framework identifying an A/B test configuration file located on the remote host computer, determining at least
one test case having multiple test recipes, identifying an active recipe from the multiple test recipes by referencing at
least the A/B test configuration file, and identifying and setting at least one value for at least one variable in the active
recipe by referencing at least the A/B test configuration file;

the resource resolver obtaining a corresponding resource from the remote host computer based at least in part upon the A/B
test configuration file; and

the client-side framework creating a view for the flow node by using at least the corresponding resource obtained by the resource
resolver.

US Pat. No. 9,124,934

RULE-BASED CLASSIFICATION OF ELECTRONIC DEVICES

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating interaction between an electronic device and a content provider, comprising:
receiving, from the content provider, a set of device classification rules that identify a set of device classes;
populating a rules repository with the received set of device classification rules, wherein the rules repository is separate
from the content provider;

updating, by the content provider, the device classification rules in the rules repository, wherein the updating involves:
modifying one or more device classes in the set of device classes; and
adding one or more new device classes to the set of device classes;
dynamically creating new device classes by identifying groups of similar devices based on properties relevant to the content
served by the content provider using a clustering technique;

obtaining a device profile comprising a set of properties for the electronic device;
identifying, from the set of device classes, a device class of the electronic device based on the device profile and the device
classification rules in the rules repository, wherein the identifying involves:

evaluating conditions based on properties associated with the device classification rules;
determining that at least one of the device classification rules are met, obtaining the device class from an outcome associated
with the classification rule; and

in response to determining that none of the device classification rules are met, identifying the device class as a default
device class; and

providing the identified device class to the content provider, wherein the content provider selects content to transmit to
the electronic device based on the identified device class.

US Pat. No. 9,129,197

HIGHLIGHT-BASED BILL PROCESSING

INTUIT INC., Mountain Vi...

1. A computer-implemented bill processing method, the method being performed by a computing apparatus and comprising:
the computing apparatus receiving an image of a printed bill or invoice of a payer that is a recipient of the printed bill
or invoice, the printed bill or invoice reflecting an amount owed by the payer recipient to a payee, the received image comprising
at least one section manually highlighted by the payer recipient and at least one unhighlighted section;

the computing apparatus determining bill or invoice data within the at least one section that was manually highlighted by
the payer recipient based at least in part upon identifying a pre-determined number of contiguous pixels in the image having
a color that differs from a background color of the image; and

the computing apparatus processing the bill or invoice for electronic payment by the payer recipient to the payee based at
least in part upon the determined bill or invoice data within the at least one section that was manually highlighted by the
payer recipient.

US Pat. No. 9,369,456

SINGLE SIGN-ON IN MULTI-TENANT ENVIRONMENTS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for authenticating a user in a hosted, multi-tenant computing environment, comprising:
receiving a request for access to a first resource from a user, wherein the user has an account with a first plurality of
tenants in the multi-tenant computing environment;

identifying a first tenant associated with the first request, wherein the first tenant is in the first plurality of tenants;
obtaining an authentication policy of the first tenant;
using an authentication mechanism associated with the authentication policy of the first tenant to authenticate the user;
upon authenticating the user, providing a first security token for enabling access to the first resource by the user, wherein
the first tenant provides access to the first resource;

storing a representation of authenticating the user with respect to the first tenant;
receiving a second request from the user for a second resource, wherein a second tenant provides access to the second resource,
wherein the second tenant belongs to the first plurality of tenants, wherein the second tenant is different from the first
tenant, and wherein the second tenant has an authentication policy that is different from the authentication policy of the
first tenant;

subsequent to receiving the second request from the user for the second resource from the second tenant, automatically detecting,
by computer, that the user has been previously authenticated with respect to the first tenant by accessing the stored representation
of the authentication of the user with respect to the first tenant;

using the detected previous authentication of the user with respect to the first tenant to authenticate the user with respect
to the authentication policy of the second tenant; and

upon authenticating the user with respect to the authentication policy of the second tenant, providing, by the computer, a
second security token for enabling access to the second resource by the user without requiring additional authentication credentials
from the user.

US Pat. No. 9,127,962

METHOD OF CONFIGURING A PERSONALIZED CONSUMER RATING AREA

INTUIT INC., Mountain Vi...

1. A computer-implemented method of defining a user's personalized geographical area, the method comprising:
defining, by a computer, a plurality of discrete and non-overlapping locations based at least in part on data captured from
activity of the user, wherein each location comprises a location of the user or a location identified by the user;

generating, by the computer, a plurality of areas for the plurality of locations, the defined areas having a size and shape,
the size being based at least in part on an amount of activity of the user associated with each location, wherein the amount
is determined from the captured data;

configuring, by the computer, a personalized geographical area comprising a union of the plurality of generated areas, the
personalized geographic area comprising the defined areas but not including locations between the generated areas;

receiving from the user a first request for:
a consumer rating of an establishment; or
a location of an establishment matching one or more criteria specified by the user; and
generating an interface for display to the user, wherein the interface identifies only one or more establishments within said
personalized geographical area.

US Pat. No. 9,087,035

WEBSITE CREATION AND MANAGEMENT BASED ON WEB ANALYTICS DATA

Intuit Inc., Mountain Vi...

1. A method for managing websites, comprising:
identifying an industry of a business related to a user;
obtaining a plurality of website analytics data items from a plurality of websites related to a plurality of businesses,
wherein each of the plurality of businesses are in the industry, and
wherein the plurality of website analytics data items comprise a conversion rate;
evaluating the plurality of website analytics data items to generate a plurality of website templates for the user based on
historical patterns in the web analytics data;

providing the plurality of website templates to the user;
receiving a selection from the user of a website template from the plurality of website templates;
receiving website content for a user website from the user;
evaluating the plurality of website analytics data items and the website content to generate a plurality of recommendations
for the user website, wherein the plurality of recommendations are based on a plurality of modifications to a subset of the
plurality of websites that resulted in an increase of the conversion rate;

determining, for each of the plurality of recommendations, an estimated performance impact of the recommendation;
providing the plurality of recommendations and the estimated performance impact for the user website to the user;
receiving a plurality of recommendation approvals of the plurality of recommendations for the user website from the user;
and

generating the user website based on the website content, the website template, and the plurality of recommendation approvals,
wherein the user website is separate from the plurality of websites.

US Pat. No. 9,459,987

METHOD AND SYSTEM FOR COMPARING DIFFERENT VERSIONS OF A CLOUD BASED APPLICATION IN A PRODUCTION ENVIRONMENT USING SEGREGATED BACKEND SYSTEMS

Intuit Inc., Mountain Vi...

1. A system for comparing two versions of a cloud based application in a production environment using segregated backend systems
comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for comparing two versions of a cloud based application
in a production environment using segregated backend systems including:

implementing a first version of an application in a production environment;
implementing a second version of an application in the production environment, the second version differing from the first
version;

providing two or more backend systems associated with the respective implementations of the first and second versions of the
application in the production environment;

receiving actual user data of a plurality of users;
determining a first portion of the actual user data based on one or more routing factors, the first portion including a subset
of the received actual user data, the first portion including actual user data of a first group of users;

routing the first portion of the actual user data to be processed by the first version of the application using a first backend
system of the two or more backend systems;

determining a second portion of the actual user data based on one or more routing factors, wherein the second portion of the
actual user data is distinct from the first portion of the actual user data, the second portion including a subset of the
received actual user data, the second portion including actual user data of a second group of users;

routing the second portion to be processed by the second version of the application using a second backend system of the two
or more backend systems;

processing the first portion using the first version of the application in the production environment and the first backend
system of the two or more backend systems to transform the first portion into first portion of actual users' results data;

processing the second portion using the second version of the application in the production environment and the second backend
system of the two or more backend systems to transform the second portion into second portion of actual users' results data;
and

analyzing the first portion of actual users results data and the second portion of actual users results data to evaluate the
production environment and/or operation of the first and second versions of the application in the production environment.

US Pat. No. 9,372,687

PRODUCT CUSTOMIZATION BASED ON USER CONTRIBUTIONS

Intuit Inc., Mountain Vi...

1. A method to customize an online software application, comprising:
displaying, using a user interface of the online software application, a message inviting user contribution to a customizable
component of the online software application;

receiving, from an initial seed user via a network connection and in response to displaying the message, a structural specification
of the customizable component suggested by the initial seed user according to a requirement based on an attribute of the initial
seed user;

determining that a new user of the online software application matches the attribute of the initial seed user;
configuring, based on the structural specification of the customizable component suggested by the initial seed user, a first
instantiation of a plurality of instantiations of the online software application for the new user to perform a pre-determined
task according to the requirement;

configuring, based on the structural specification of the customizable component, the plurality of instantiations of the online
software application for a plurality of users to perform the pre-determined task;

extracting, from the customizable component in each of the plurality of instantiations, a plurality of structured contents
used by the plurality of users to further configure the plurality of instantiations for performing the pre-determined task;

generating a statistical measure of the plurality of users using the plurality of instantiations to perform the pre-determined
task, wherein the statistical measure comprises:

a number of registered users, among the plurality of users, who have paid for the online software application;
a number of users, among the plurality of users, who have performed the pre-determined task based on a same structured content;
a number of users, among the plurality of users, who have performed the pre-determined task based on a shared pattern of the
plurality of structured contents; and

a number of times that the plurality of users have performed the pre-determined task based on the shared pattern;
generating, in response to the statistical measure exceeding a pre-determined threshold, a suggested structured content to
represent a portion of the plurality of structured contents that is qualified based on the statistical measure, wherein configuring
the instantiation of the online software application for the new user is further based on the suggested structured content;
and

performing, using the first instantiation of the online software application and via the network connection, the pre-determined
task for the new user.

US Pat. No. 9,286,639

SYSTEM AND METHOD FOR PROVIDING PRICE INFORMATION

INTUIT INC., Mountain Vi...

1. A method of providing pricing information at a client device regarding a plurality of merchant transactions, comprising:
receiving, at a transmission server, from a user at the client device, a request for pricing of a product, wherein the request
is received over the Internet, and wherein the transmission server comprises a microprocessor and a memory;

storing, in the memory of the transmission server, an IP address associated with the client device;
triggering, using the stored IP address associated with the device, a display of a user-interface at the client device, wherein
the user-interface facilitates specification of a merchant name by the user;

receiving, using the displayed user-interface, from the user at the client device, a specification of a primary merchant and
a specification of a correlation threshold;

receiving, over the Internet, at the transmission server, transaction data from data sources associated with a plurality of
merchants, wherein the transaction data comprises transactions between customers and the plurality of merchants, wherein the
server stores the received transaction data;

identifying, using the transaction data, one or more merchants such that a threshold percentage of customers of each of the
identified one or more merchants are also customers of the specified primary merchant, wherein the threshold percentage is
based on the specified correlation threshold;

determining, from the transaction data, a subset of transaction data that involves transactions at the primary merchant as
well as at the identified one or more merchants;

providing, using the displayed user-interface at the client device, summary information associated with the determined subset
of the transaction data;

identifying a competitor merchant from the summary information; and
displaying, at the client device, one or more web pages having one or more links to the identified competitor merchant; and
upon activation of a link at a displayed web page, enabling the user to communicate with the identified competitor merchant
over pricing information for the product.

US Pat. No. 9,266,473

REMOTE HANDS-FREE BACKSEAT DRIVER

Intuit Inc., Mountain Vi...

14. A telecommunication device to communicate driving status from a vehicle, comprising:
a processor; and
memory storing instructions when executed by the processor comprising functionality to:
establish a phone call connection with a mobile device used by a driver who is travelling in the vehicle;
receive, from the mobile device travelling in the vehicle, driving status data of the vehicle; and
present, in response to establishing the phone call connection for a telephone conversation between the driver using the mobile
device and a remote user using the telecommunication device and away from the vehicle, the driving status data to the remote
user, and

stop, in response to the phone call connection for the telephone conversation being terminated, presentation of the driving
status data to the remote user,

wherein the mobile device is held in a holder in the vehicle for obtaining movement data of the vehicle, and
wherein the driving status data is generated by analyzing, using a computer processor of the mobile device and in response
to detecting the phone call connection for the telephone conversation being established, the movement data based on a specified
criterion to determine that the vehicle is in motion.

US Pat. No. 9,454,390

EXECUTABLE CODE GENERATED FROM COMMON SOURCE CODE

INTUIT INC., Mountain Vi...

1. A method for generating a software application for use at multiple locations in a client-server environment, comprising:
receiving, at a server computer, a common source code that encodes an entire logic for a software application;
generating, at the server computer, a first executable code from the received common source code, wherein the generated first
executable code includes instructions for generating relational objects for execution on a client computer;

receiving a request from a user at a client computer, via a user-interface associated with the software application;
receiving, from the user at the client computer, via the user-interface, user information relevant to the request, wherein
the user information is received from a form of a web page sent to the client computer and includes tax information entered
into the form,

in response to receiving the request and the tax information from the user, executing, at the server computer, the first executable
code to produce a set of relational objects, wherein the generated relational objects are based on the received tax information
relevant to the request, and wherein the generated relational objects represent a subset of the entire logic of the software
application relevant to the received user request;

creating, at runtime using the server computer:
a second executable code from the generated set of relational objects,
wherein the second executable code is an interpreted code executed by an interpreter application to process tax information
entered into the form;

a user interface page based on the generated set of relational objects, and
sending the second executable code and the user interface page to the client computer, wherein the second executable code
is configured to execute on the client computer, and wherein the created user interface page is configured for display at
the client computer.

US Pat. No. 9,449,056

METHOD AND SYSTEM FOR CREATING AND UPDATING AN ENTITY NAME ALIAS TABLE

Intuit Inc., Mountain Vi...

1. A computing system implemented method for creating an entity name alias table comprising the following, which when executed
individually or collectively by any set of one or more processors perform a process including:
obtaining initial identification data including data representing known entity names associated with one or more entities;
defining a search time window;
obtaining historical entity name search data indicating entity name searches entered by a searching party in the defined search
time window;

analyzing the historical entity name search data to identify a pair of potentially related entity name searches, each pair
of potentially related entity name searches including two associated entity names, wherein analyzing the historical entity
name search data to identify a pair of potentially related entity name searches includes:

transforming at least part of the historical entity name search data into entity name search data strings representing entity
names associated with entity name searches;

determining a raw string distance between entity name search data strings;
determining a normalized string distance between entity name search data strings, wherein the raw string distance between
a first entity name search data string and a second entity name search data string is determined as the number of characters
in the first entity name search data string that are different from the characters in the second entity name search data string,
wherein the normalized string distance between the first and second entity name search data strings is equal to the raw string
distance between the first and second entity name search data strings divided by the square root of the length of the first
entity name search data string multiplied by the length of the second entity name search data string;

defining a threshold normalized string distance;
identifying a pair of entity name searches as potentially related entity name searches if the entity name search data strings
representing the entity names of the pair of entity name searches have a normalized string distance less than the threshold
normalized string distance;

identifying a matched known entity name in the initial identification data that matches a first entity name of the two associated
entity names; and

adding the second entity name of the two associated entity names to an entity name alias table associated with the matched
known entity name.

US Pat. No. 9,430,227

AUTOMATIC CUSTOMIZATION OF A SOFTWARE APPLICATION

Intuit Inc., Mountain Vi...

1. A method for identifying a configuration setting of a software application, comprising:
obtaining a plurality of profiles of a plurality of users of the software application,
wherein each of the plurality of profiles comprises a plurality of attribute values corresponding to a portion of an attribute
list of the software application,

wherein the plurality of attribute values describe a first business entity associated with a user of the plurality of users,
and

wherein at least two of the plurality of profiles correspond to two different portions of the attribute list;
identifying, by a computer processor, a first subset of the plurality of users having the plurality of attribute values for
a particular portion of the attribute list;

forming, using the plurality of attribute values, a first attribute signature of the first subset of the plurality of users
corresponding to different portions of the attribute list, and a second attribute signature of a second subset of the plurality
of users corresponding to different portions of the attribute list;

analyzing, by the computer processor, the software application configuration setting used by each user in the first subset
of the plurality of users to generate a first statistical measure representing the first subset of the plurality of users
configuring the software application, and the first attribute signature of the first subset of the plurality of users;

analyzing, by the computer processor, the software application configuration setting used by each user in the second subset
of the plurality of users to generate a second statistical measure representing the second subset of the plurality of users
configuring the software application, and the second attribute signature of the second subset of the plurality of users;

obtaining a new user profile of a new user;
matching the new user profile to the second attribute signature of a second subset of the plurality of users, wherein the
new user profile describes a second business entity associated with the new user;

presenting, to the new user and in response to matching the new user profile to the second attribute signature, the second
statistical measure representing the second subset of the plurality of users configuring the software application; and

receiving, in response to presenting the second statistical measure, an approval from the new user to customize the software
application, wherein the software application is automatically customized based on the second statistical measure representing
the second subset of the plurality of users configuring the software application.

US Pat. No. 9,406,089

VIDEO-VOICE PREPARATION OF ELECTRONIC TAX RETURN

INTUIT INC., Mountain Vi...

1. A computer-implemented method for populating an electronic tax return, the computer-implemented method being executed by
a mobile communication device comprising a data store comprising a tax return preparation application operable to prepare
an electronic tax return, a first camera that is a front facing camera, a second camera that is a rear facing camera, a microphone
and a video/voice processor, each of the data store, the first camera, the second camera and the microphone being in communication
with the video/voice processor, the method comprising:
the mobile communication device, by the first camera, recording a video of a tax document, the recorded video comprising a
plurality of video frames and voice data generated based on a user of the mobile communication device speaking into the microphone
during recording of the video, the voice data comprising a user-spoken description of how the tax document is relevant to
the electronic tax return;

converting, by the video/voice processor of the mobile communication device, the voice data from a voice format into a text
format;

analyzing, by the video/voice processor, at least one video frame of the video and the voice data in the text format to determine
a document type and tax data contained within the at least one video frame;

identifying, by the tax return preparation application executed by a processor of the mobile communication device, a field
of the electronic tax return to be populated with determined tax data of the determined document type;

populating, by the tax return preparation application, the field of the electronic tax return with the determined tax data
to prepare at least a portion of the electronic tax return without the user typing tax data of the tax document that was captured
in the video into the field of the electronic tax return;

detecting, by the second camera, a facial expression or gesture of the user during preparation of the electronic tax return;
determining, by the video/voice processor, a first response based at least in part on the detected facial expression or gesture;
and

presenting, by the tax return preparation application, the first response to the user during preparation of the electronic
tax return.

US Pat. No. 9,374,389

METHOD AND SYSTEM FOR ENSURING AN APPLICATION CONFORMS WITH SECURITY AND REGULATORY CONTROLS PRIOR TO DEPLOYMENT

Intuit Inc., Mountain Vi...

1. A system for ensuring an application conforms with security and regulatory controls prior to deployment comprising:
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for ensuring an application conforms with security
and regulatory controls prior to deployment, the process for ensuring an application conforms with security and regulatory
controls prior to deployment including:

defining one or more virtual asset security policies to be applied to the creation and instantiation of virtual assets to
be used in a cloud computing environment;

generating virtual asset security compliance data representing instructions for ensuring compliance with the one or more virtual
asset security policies;

applying the generated virtual asset security data to a virtual asset template configured to determine one or more operational
parameters of a virtual asset during instantiation of that virtual asset;

instantiating, using the generated virtual asset security data of the virtual asset template, at least one virtual asset complying
with the virtual asset security policies;

defining one or more application deployment security policies associated with the deployment and operational coupling and
interconnectivity of virtual assets used to implement an application in the cloud computing environment, the application deployment
security policies including at least an application deployment security policy requiring that all virtual assets used to implement
an application are deployed within a network container that isolates them from other applications;

generating application deployment security compliance data representing instructions for ensuring compliance with the one
or more application deployment security policies, the generated application deployment security compliance data representing
codified machine readable instructions and data for scanning and otherwise ensuring implementation of the application deployment
security policies;

providing the generated application deployment security compliance data to the virtual asset; and
implementing and deploying, using at least one virtual asset including the virtual asset, an application that complies with
the one or more application deployment security policies.

US Pat. No. 9,154,472

METHOD AND APPARATUS FOR IMPROVING SECURITY DURING WEB-BROWSING

INTUIT INC., Mountain Vi...

1. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer
to perform a method for improving security during web-browsing, the method comprising:
receiving a Universal Resource Locator (URL) from a user;
determining an Internet Protocol (IP) address for the URL by querying a Domain Name Server (DNS) server;
determining a public key associated with the URL;
encrypting a string using the public key to obtain an encrypted string;
sending the encrypted string to a remote system which is associated with the IP address;
receiving a response from the remote system;
determining that the DNS server has been compromised when the response from the remote system does not match an expected response;
and

responsive to determining that the DNS server has been compromised, alerting the user, thereby improving security during web-browsing.

US Pat. No. 9,471,833

CHARACTER RECOGNITION USING IMAGES AT DIFFERENT ANGLES

INTUIT INC., Mountain Vi...

1. An electronic-device-implemented method for extracting information from a document, comprising:
providing an instruction to a user to point an imaging device, which is integrated into the electronic device, at a location
on the document;

after providing the instruction and before the user activates an image-activation mechanism associated with the imaging device,
capturing multiple images of the document at an image capture rate, wherein the image capture rate is determined based on
a stability measure associated with spatial-position information, the spatial-position information provided by a sensor integrated
with the electronic device, and wherein the spatial-position information is stable when remaining within a specified range
for a specified time duration;

storing the images with associated timestamps and the spatial-position information;
receiving a signal indicating that the user activated the image-activation mechanism; and
in response to the signal, analyzing optical character recognition (OCR) results for two or more of the multiple images to
extract the information proximate to the location on the document, wherein the analyzing comprises comparing an OCR result
for a first image of at least a portion of the document to OCR results for each of multiple adjacent images from the two or
more of the images, wherein the adjacent images are taken from different angles; and

when the OCR result for the first image differs from one or more of the OCR results for the adjacent images:
selecting a set of images of the document captured by the imaging device by determining that a range of linear and angular
data for the set of images is smaller than a range of linear and angular data for the adjacent images; and

determining a correct OCR result for the information based on the OCR results for the set of images.

US Pat. No. 9,319,415

METHOD AND SYSTEM FOR PROVIDING REFERENCE ARCHITECTURE PATTERN-BASED PERMISSIONS MANAGEMENT

Intuit Inc., Mountain Vi...

1. A method for providing reference architecture pattern-based permissions management comprising:
identifying, using a first computing system configured to perform the method for providing reference architecture pattern-based
permissions management, one or more roles available to be associated with an individual taking part in the development, and/or
deployment, and/or operation of two or more computing system applications using a reference architecture pattern;

generating, using the first computing system, role data representing the identified roles;
identifying, using the first computing system, a plurality of reference tiers used to create, and/or deploy, and/or operate
a computing system application using the reference architecture pattern, wherein the plurality of identified reference tiers
include at least two selected from a development tier, a pre-production tier, a production tier, a staging tier, an integration
tier, a security tier, and an external tier;

generating, using the first computing system, reference tier data representing the identified reference tiers;
for each role represented by the role data, associating, using the first computing system, at least one permission with each
reference tier represented in the reference tier data;

assigning, using the first computing system, to the individual one of the roles represented by the role data;
for a first one of the reference tiers associated with a first of the one or more computing system applications and represented
in the reference tier data, automatically granting the individual a first permission associated with the role assigned to
the individual; and

for a second one of the reference tiers associated with a second of the one or more computing system applications and represented
in the reference tier data, automatically granting the individual a second permission associated with the role assigned to
the individual, wherein the second permission is different from the first permission.

US Pat. No. 9,104,797

EFFICIENT CLOUD-BASED ANNOTATION OF CRASH REPORTS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for annotating crash reports originating from one or more instances of an application, the
method comprising:
at a first server, prior to deploying a version of the application:
receiving a file that stores debugging information associated with the version, wherein the debugging information comprises
relative addresses of method invocations within the application and symbols associated with each relative address, wherein
the symbols comprise a line number, a class name, and a method name;

parsing the debugging information from the file;
converting the debugging information into an object representation in memory; and
storing the object representation in a database; and
at a second server, in response to an instance of the version crashing on a client device:
receiving a stack trace originating from an instance of the version of the application executing on the client device; and
for each item in the stack trace:
determining whether the item needs to be annotated; and
if so, determining a relative address that is associated with the item and annotating the item with at least one of a line
number associated with the relative address, a class name associated with the relative address, and a method name associated
with the relative address;

wherein the second server is one of the first server and a different server.

US Pat. No. 9,349,135

METHOD AND SYSTEM FOR CLUSTERING SIMILAR ITEMS

Intuit Inc., Mountain Vi...

1. A system comprising:
a computer processor;
a clustering engine, executing on the computer processor, configured to:
receive an advertisement request from an application;
generate, in response to the request, a plurality of nodes corresponding to a plurality of user-entered text strings received
from a user by the application;

send, to a marketplace system, a plurality of search queries for the plurality of user-entered text strings;
receive a plurality of product identifiers in response to the plurality of search queries, the plurality of product identifiers
comprising one or more shared product identifiers, wherein each shared product identifier is shared by one or more nodes;

determine, for the plurality of nodes, a plurality of direct edges between pairs of nodes, each direct edge in the plurality
of direct edges comprising a first node, a second node, one or more shared product identifiers shared by the first node and
the second node, and an edge value indicating the number of the one or more shared product identifiers shared by the first
node and the second node;

generate a cluster using the plurality of nodes and the plurality of direct edges, wherein generating the cluster further
comprises deleting a direct edge based on the edge value of the direct edge;

select, from a direct edge of the plurality of direct edges in the cluster, a product identifier of the plurality of product
identifiers to obtain a selected product identifier; and

provide, to the application, the selected product identifier, wherein the selected product identifier identifies a product;
and

the application, executing on the computer processor, configured to:
send the advertisement request to the clustering engine;
receive, in response to the advertisement request, the selected product identifier; and
display, to the user, an advertisement for the product identified by the product identifier.

US Pat. No. 9,262,621

METHODS SYSTEMS AND ARTICLES OF MANUFACTURE FOR IMPLEMENTING USER ACCESS TO REMOTE RESOURCES

INTUIT INC., Mountain Vi...

1. A computer implemented method for implementing user access to a remote resource, comprising:
receiving, at a first computer, a request from a user computing device through a first network to access the remote resource,
wherein the remote resource resides on a second computer accessible by the first computer through a second network;

performing, at the first computer:
identification of stored user credentials by identifying and retrieving the stored user credentials from a central store remote
from the user computing device;

automatic logon for the user using at least a thin-client architecture to transmit, to the second computer, stored user credentials
that are used to authenticate or authorize the user to access the remote resource on the second computer, wherein the stored
user credentials are centrally stored in the central store, and the user computing device is authenticated or authorized to
access the remote resource on the second computer without transmitting the stored user credentials from the user computing
device;

initiation or identification of a new session between the first computer and the second computer through the second network
without using a single-sign-on mechanism in which one or more tickets are passed between the first computer and the second
computer to service the remote resource to the user, and

authentication of the user on the first computer grants the user access to the remote resource on the second computer; and
enabling, by the first computer, the user to access the remote resource by using the new session.

US Pat. No. 9,342,624

DETERMINING INFLUENCE ACROSS SOCIAL NETWORKS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating user interaction between users in an online social network, comprising:
obtaining, at a server, user data for a first user and a second user connected to the first user in a social network, wherein
the server comprises a processor and a memory;

storing the obtained user data in a partitioned user-data portion of the memory;
accessing the user data from the partitioned user-data portion of the memory;
using the accessed user data to calculate, using the processor, one or more influence scores between the first and second
users, wherein an influence score between a first user and a second user is based on:

first determining an influence vector for each user based on their activities within the social network in association with
a topic, and

subsequently determining a similarity between the first user's activities and the second user's activities with respect to
the topic based on the angle between the two influence vectors;

constructing, using the processor, an influence graph of a set of users comprising the first and second users by:
creating a first node representing the first user;
creating a second node representing the second user; and
using the one or more influence scores as edge weights of directed edges between the first and second nodes;
storing the constructed influence-graph in a partitioned influence-graph portion of the memory;
accessing the influence-graph from the partitioned influence-graph portion of the memory; and
using the influence graph to facilitate interaction among the users, wherein the interaction involves communication between
the users of the online social network using the Internet.

US Pat. No. 9,173,098

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR WIRELESSLY PAIRING PERIPHERALS WITH CONNECTED DEVICES

INTUIT INC., Mountain Vi...

7. A system for wirelessly pairing a wireless peripheral with a connected device, the system comprising a connected device
comprising a processor and that is configured to:
identify an identifier of the wireless peripheral,
determine whether or not the identifier is an authorized identifier by examining a set of authorized identifiers stored on
the connected device to determine whether or not the identifier of the wireless peripheral exists in the set of authorized
identifiers;

establish a wireless connection with the wireless peripheral to exchange information between the connected device and the
wireless peripheral, without having to perform a wireless discovery protocol that requires user interaction or intervention
for discovery or pairing of the connected device with the wireless peripheral; and

forward the identifier of the wireless peripheral to a remote computing system when the identifier does not belong to the
set of authorized identifiers,

wherein the remote computing system stores the identifier in a non-transitory computer accessible medium, and
wherein the remote computing system associates the identifier with the information related to an entity acquiring the wireless
peripheral by using a link structure.

US Pat. No. 9,418,236

METHOD AND SYSTEM FOR DYNAMICALLY AND AUTOMATICALLY MANAGING RESOURCE ACCESS PERMISSIONS

Intuit Inc., Mountain Vi...

1. A system for dynamically and automatically managing resource access permissions comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for dynamically and automatically managing resource
access permissions, the process for dynamically and automatically managing resource access permissions including:

automatically obtaining and monitoring employment role data associated with a party, the employment role data associated with
the party including data indicating the party's role and/or job description within an organization;

automatically obtaining and monitoring trust data associated with the party, the trust data associated with the party including
data indicating the party's trust related activities and a trust level/trust score assigned to the party,

wherein the trust data includes internal trust data associated with the party and that is obtained by monitoring interactions
of the party with one or more resources within the organization,

wherein the trust data includes external trust data associated with the party and that is obtained by monitoring interactions
of the party with one or more resources outside of the organization;

automatically obtaining and monitoring special permissions data associated with the party, the special permissions data associated
with the party indicating any special resource access permissions granted to the party, the special resource access permissions
being resource access permissions granted on a temporary basis to the party and that are outside a scope of the other permissions
granted to the party based on the employment role of the party and/or the trust level/trust score assigned to the party;

automatically analyzing the employment role data associated with the party, the trust data associated with the party, and
the special permissions data associated with the party, to determine a set of allowed access permissions data to be associated
with the party;

applying the set of allowed access permissions data to an account associated with the party, the allowed access permissions
data indicating the party is allowed access to one or more resources that provide services for the organization, the one or
more resources that provide services for the organization including one or more virtual assets configured to host services
for the organization, the one or more virtual assets including one or more virtual server instances that provide the services
for the organization to customers of the organization from an untrusted cloud computing environment, the set of allowed access
permissions data enabling the party to instantiate the one or more virtual server instances that provide the services for
the organization to customers of the organization from the untrusted cloud computing environment, the untrusted cloud computing
environment including hardware infrastructure that is allocated under the control of a cloud environment service provider
for use by the organization and that is not allocated under the control of the organization, to provide the services to the
customers of the organization; and

automatically providing the party access to the one or more resources that provide services for the organization at least
partially based on the set of allowed access permissions data, to enable the party to instantiate the one or more virtual
server instances in the untrusted cloud computing environment, to securely migrate the services for the organization to the
untrusted cloud computing environment.

US Pat. No. 9,412,017

METHODS SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR MOTION INITIATED DOCUMENT CAPTURE

INTUIT INC., Mountain Vi...

1. A computer implemented method for determining data of a tax document, the method being performed by a computing device
and comprising:
the computing device acquiring a video utilizing a video camera and detecting a first motion of the tax document in the video,
wherein the computing device is prompted by a user of the computing device for acquisition of an image of the tax document
based at least in part upon the detected first motion satisfying first pre-determined criteria;

the computing device detecting a second motion of the tax document in the video;
the computing device acquiring an image of the tax document based at least in part upon the detected second motion satisfying
second pre-determined criteria different from the first pre-determined criteria; and

the computing device processing the acquired image to extract data of the tax document from the acquired image.

US Pat. No. 9,262,755

MOBILE PAYMENT SYSTEM

INTUIT INC., Mountain Vi...

1. A point-of-sale-terminal-implemented method for conducting a financial transaction, the method comprising:
receiving a one-time payment credential token associated with a customer from a portable electronic device via a peripheral
device coupled to the point-of-sale terminal and a service object executing on the point-of-sale terminal, wherein the service
object acts as a driver for the peripheral device, wherein the peripheral device includes a barcode scanner that scans a barcode
that includes the one-time payment credential token, wherein the barcode represents a sequence of 11 digits,

wherein the one-time payment credential token is generated by a trusted execution environment executing a technique known
to a third party on the portable electronic device, and wherein said technique does not need to connect to the third party
prior to the financial transaction, and

wherein the one-time payment credential token includes financial information of the customer, wherein the financial information
includes a 6-digit bank identification number, a virtual account number, an expiration date, and a card verification code;

performing one or more operations based on at least the one-time payment credential token to obtain the financial information;
using the point-of-sale terminal, providing the financial information and transaction information associated with the financial
transaction to a financial institution specified in the financial information; and

receiving a confirmation that the financial transaction has been completed.

US Pat. No. 9,240,003

SYSTEM AND METHOD FOR SUPPORTING A PRODUCT VIA A USER-BASED COMMUNITY

Intuit Inc., Mountain Vi...

1. A method to provide online product support, comprising:
receiving mentor information from a first user of a product via an interface device in response to the first user volunteering
to assist a plurality of users with the product, wherein mentor information comprises a reported expertise of the first user
with the product and a first profession of the first user, wherein the first user volunteers to provide online product support;

tracking, by a processor, a status of the first user to determine current online availability of the first user to provide
product support to the plurality of users;

detecting, in real time, that a second user of the plurality of users is currently using a module of the product, wherein
the module is identified without user intervention from a computing device of the second user by real time monitoring an activity
of the second user using the computing device as a user interface to access the module of the product;

obtaining, by the processor, user data comprising information identifying the module of the product currently used by the
second user;

selecting the first user as an applicable mentor by comparing, by the processor and in response to determining that the first
user is currently available to provide online product support, mentor information and user data to determine a first match
between the reported expertise of the first user and the module of the product currently used by the second user;

using the computing device, within a pre-determined time period from detecting that the second user is currently using the
module of the product and prior to any request from the second user, and in response to the first match, displaying to the
second user applicable mentor information via the computing device identifying at least the first user, wherein the applicable
mentor information is displayed using a display field generated by the product, wherein the applicable mentor information
is displayed prior to the second user switching to using a different module of the product; and

selecting, in response to displaying the applicable mentor information and an indication from the second user entered via
the computing device that the second user needs assistance, the first user as a mentor by further comparing mentor information
and user data to determine a second match between the first profession of the first user and the second profession of the
second user.

US Pat. No. 9,380,413

DYNAMICALLY FORMING THE CONTENT OF A MESSAGE TO A USER BASED ON A PERCEIVED EMOTION

INTUIT INC., Mountain Vi...

1. A computer-implemented method for dynamically forming the content of a message to a user based on a perceived emotion state
of the user, the method comprising:
determining, by computer, a geo-location of a user which includes determining a granularity of the geo-location;
analyzing, by computer, a news feed associated with the geo-location of the user to determine a perceived emotion state of
the user;

analyzing, by computer, current financial laws for the geo-location of the user;
forming, by computer, a content for a message to the user based on the perceived emotional state of the user, and the current
financial laws for the geo-location of the user; and

delivering, by computer, the message.

US Pat. No. 9,286,332

METHOD AND SYSTEM FOR IDENTIFYING ENTITIES AND OBTAINING FINANCIAL PROFILE DATA FOR THE ENTITIES USING DE-DUPLICATED DATA FROM TWO OR MORE TYPES OF FINANCIAL MANAGEMENT SYSTEMS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for identifying entities and obtaining financial profile data for the entities using
de-duplicated data from two or more types of financial management systems comprising the following, which when executed individually
or collectively by any set of one or more processors perform a process including:
obtaining financial data from two or more types of financial management systems;
analyzing the financial data to obtain initial potential entities data identifying one or more initial potential entities
and one or more entity attributes associated with each initial potential entity of the initial potential entities;

obtaining external reference entities data from a third party source identifying one or more external reference entities and
one or more entity attributes associated with each external reference entity of the external reference entities;

analyzing the initial potential entities data and the external reference entities data to identify initial potential entities
in the potential entities data having one or more entity attributes that match, to at least a threshold degree, entity attributes
associated with an external reference entity;

designating each initial potential entity of the initial potential entities having one or more entity attributes that match,
to at least a threshold degree, entity attributes associated with an external reference entity as duplicate entities with
respect to the matched external reference entity and replacing the designated duplicate entities in the initial potential
entities data with the matched external reference entity to generate revised potential entities data identifying one or more
revised potential entities and one or more entity attributes associated with each of the revised potential entities;

comparing data representing each revised potential entity of the revised potential entities in the revised potential entities
data with data representing all of the other revised potential entities in the revised potential entities data to identify
revised potential entities that have one or more entity attributes that match, to at least a threshold degree;

designating each revised potential entity of the revised potential entities in the revised potential entities data having
one or more entity attributes that match, to at least a threshold degree, as duplicate entities with respect to each other;

selecting one of the duplicate entities as the revised potential entity and eliminating all the other identified duplicate
entities in the revised potential entities data; and

designating all the remaining revised potential entities as identified entities in the revised potential entities data to
transform the revised potential entities data into a master entity list including data indicating the identified entities
and their respective attributes data;

analyzing the financial data to identify commercial transaction data and one or more attributes associated with the commercial
transaction data, including data indicating commercial transactions and parties associated with the commercial transactions;

analyzing the commercial transaction data using the master entity list to match one or more entities listed in the master
entity list with the parties associated with the commercial transactions of the commercial transaction data;

substituting the matched entities listed in the master entity list for the respectively matched parties associated with the
commercial transactions in the commercial transaction data to create a master commercial transaction list; and

storing data representing the master entity list and the master commercial transaction list.

US Pat. No. 9,894,069

METHOD AND SYSTEM FOR AUTOMATICALLY MANAGING SECRET APPLICATION AND MAINTENANCE

Intuit Inc., Mountain Vi...

1. A system for automatically managing secrets application and maintenance comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the at least one processors, perform a process for automatically managing secrets application
and maintenance, the process for automatically managing secrets application and maintenance including:

generating data classification data defining one or more classes of data;
for each class of data, generating secret application and maintenance policy data including required secrets application data
indicating required secret types to be applied to each class of data and secrets maintenance policy data indicating secret
maintenance procedures for required secrets to be applied to each class of data;

obtaining access to data to be protected;
determining the class of the data to be protected;
obtaining the secret application and maintenance policy data for the determined class of the data to be protected;
analyzing the required secrets application data of the secret application and maintenance policy data for the determined class
of the data to be protected to identify the required secret types to be applied to the data to be protected, and to also identify
a class of secrets associated with the determined class of data, wherein each different class of secrets associated with different
levels of protection are each stored in different data stores;

obtaining required secrets data representing one or more secrets of the required secret types to be applied to the data to
be protected, the one or more secrets of the required secrets types including at least multifactor authentication data;

automatically scheduling the application of the one or more secrets of the required secret types to the data to be protected
in accordance with the required secrets application data of the secret application and maintenance policy data for the determined
class of the data to be protected; and

automatically scheduling the reapplication, rotation or change of the one or more secrets of the required secrets data in
accordance with the secrets maintenance policy data of the secret application and maintenance policy data for the determined
class of the data to be protected, wherein each different secret type is governed by a different secrets maintenance policy
data, and a period of rotation, change, or expiration of secrets of a given type depends on a level of security associated
with the secret application and maintenance policy.

US Pat. No. 9,282,107

SECURE VERIFICATION OF WEBSITE CLAIMS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating use of a website, comprising:
enrolling, by computer, a claim comprising an assertion of a characteristic of the website with a central authority by:
obtaining the claim from an issuer of the claim; and
including a first secure attribute with the claim, wherein the first secure attribute is signed with a first private key of
the central authority; and

enabling, by computer, verification of the claim using the first secure attribute and a first public key of the central authority.

US Pat. No. 10,565,986

EXTRACTING DOMAIN-SPECIFIC ACTIONS AND ENTITIES IN NATURAL LANGUAGE COMMANDS

INTUIT INC., Mountain Vi...

1. A method for processing natural language commands, comprising:receiving a natural language command;
identifying a probable matching command in a corpus of known commands based on the received natural language command by attempting to identify an exact match between the received natural language command and a command in the corpus of known commands, wherein:
the corpus of known commands comprises a plurality of domain-specific commands representing commands having a specific meaning in a software application, and
each of the plurality of domain-specific commands are mapped to a function in the software application invoked by a respective domain-specific command of the plurality of domain-specific command;
upon failing to identify an exact match between the received natural language command and a command in the corpus of known commands:
generating a number, edition error, and recognition error (NER) scores between at least a portion of the received natural language command and each known command in the corpus of known commands, and
identifying the probable matching command in the corpus of known commands based on the generated NER scores, wherein the probable matching command in the corpus of known commands comprises a command having a highest generated NER score;
identifying a function to execute in the software application in response to the received natural language command based on the identified probable matching command; and
executing the identified function to perform a domain-specific action in the software application.

US Pat. No. 9,047,637

METHOD AND SYSTEM FOR CONVERTING PRINTED CHECKS INTO PRE-PAID DEBIT CARD FUNDS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for converting paper checks into pre-paid debit or credit card funds comprising the
following, which when executed individually or collectively by any set of one or more processors perform a process comprising:
providing a consumer a pre-paid debit or credit card account;
providing a consumer a pre-paid debit or credit card associated with the pre-paid debit or credit card account, the pre-paid
debit or credit card having an associated pre-paid debit or credit card balance stored on the pre-paid debit or credit card,
the pre-paid debit or credit card balance representing funds that can be used via the pre-paid debit or credit card;

providing a check conversion station, the check conversion station including a card reader and a paper check scanning capability;
the consumer providing the pre-paid debit or credit card to the check conversion station card reader and the check conversion
station obtaining consumer account data from the pre-paid debit or credit card;

the consumer providing a paper check to the check conversion station paper check scanning capability, the paper check representing
paper check funds transferred from a payer listed on the paper check to the consumer via the paper check;

the check conversion station obtaining check data from the provided paper check, the check data including data indicating
the paper check funds;

the check conversion station providing at least part of the consumer account data and check data to one or more processors;
the one or more processors analyzing, and/or verifying, at least part of the consumer account data and check data;
accessing first historical transaction data of the consumer and second historical transaction data of the payer and analyzing
the first and second historical transaction data to assess the reliability of the consumer and the payer;

approving, based on the analysis of the first and second historical transaction data for reliability of the consumer and the
payer, a virtual transfer of less than the full amount of the paper check funds to the pre-paid debit or credit card, and
updating the pre-paid debit or credit card balance stored on the pre-paid debit or credit card;

virtually transferring the approved amount of the paper check funds to the pre-paid debit or credit card;
offering at least one card-linked offer to the consumer, the offer being linked to the purchase of at least one specific item,
the offer including an offer term indicating that a balance of the pre-paid debit or credit card will be increased by a certain
predefined percentage upon purchase of the specific item by the consumer using the pre-paid debit or credit card; and

tracking, using information stored on the pre-paid debit or credit card, any progress made by the consumer towards satisfaction
of the card-linked offer.

US Pat. No. 9,189,355

METHOD AND SYSTEM FOR PROCESSING A SERVICE REQUEST

Intuit Inc., Mountain Vi...

1. A method for processing a service request, comprising:
receiving, from a client application, the service request comprising a header comprising transmission metadata and a client
trace ID, wherein the client application is executing on virtual resources provided by a client host system, including a virtual
network interface;

appending, to the service request, an internal trace ID;
generating a request trace log comprising the client trace ID, the internal trace ID, and a time stamp corresponding to receiving
the service request;

selecting a cloud server configured to process the service request;
determining, by the cloud server, a dedicated computing cluster of a plurality of distributed cloud computing clusters to
handle the service request;

sending, by the cloud server, the service request to the dedicated computing cluster; and
recording, in the request trace log, an interaction of the dedicated computing cluster with the service request, and an identity
of a server in the client host system from which the service request was issued.

US Pat. No. 9,338,432

MOBILE DEVICE WITH 3-DIMENSIONAL USER INTERFACE

INTUIT INC., Mountain Vi...

1. A portable electronic device, comprising:
a display comprising a surface that facilitates a viewer perceiving 3-dimensional (3-D) depth;
a display driver, coupled to the display, configured to provide signals corresponding to information to the display for producing
a 3-D user interface, wherein:

the information includes multiple icons that are arranged in 2-dimensional (2-D) fields in the 3-D user interface, wherein
each of the 2-D fields comprises a different subset of the multiple icons;

the 3-D user interface presents each of the 2-D fields as being in a separate plane that is parallel to the surface of the
display and is at a different spatial offset from the display along a direction orthogonal to the surface of the display,
wherein the 3-D user interface facilitates the viewer perceiving the multiple icons as being offset along the orthogonal direction;

at least two image sensors that are spatially offset from each other;
a displacement sensor configured to capture spatial-position information associated with at least a digit of the viewer by:
using the at least two image sensors to capture images from different perspectives; and
comparing the images to determine a distance of the digit of the viewer with respect to the surface of the display; and
control logic, coupled to the displacement sensor, configured to:
use the displacement sensor to determine the distance of the digit of the viewer at a given time;
use the displacement sensor to determine the distance of the digit of the viewer at a current time, wherein the current time
is different from the given time;

determine, from the distance of the digit of the viewer at the given time and the distance of the digit of the viewer at the
current time, that a change in a 3-D spatial position of the digit of the viewer with the respect to the display exceeds a
predefined numerical threshold;

associate the change in the 3-D spatial position with at least one of the icons; and
perform an operation based on the change in the 3-D spatial position;
wherein the displacement sensor and the display are coplanar on a surface of the portable electronic device.

US Pat. No. 9,276,945

METHOD AND SYSTEM FOR PROVIDING SECURITY AWARE APPLICATIONS

Intuit Inc., Mountain Vi...

1. A system for providing security aware applications comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for providing security aware applications, the process
for providing security aware applications including:

defining one or more trigger events that when detected in an asset used to implement an application require at least one responsive
action;

defining at least one responsive action to be associated with each of the one or more trigger events, wherein one of the one
or more defined responsive actions includes notifying a party or entity of the detected trigger event;

generating data representing instructions for monitoring and detecting the one or more trigger events in an asset used to
implement the application;

generating data representing instructions for implementing the at least one responsive action associated with each of the
one or more trigger events;

providing at least part of the data representing instructions for monitoring and detecting the one or more trigger events
in an asset to at least one asset used to implement the application;

using the at least part of the data representing instructions for monitoring and detecting the one or more trigger events
in an asset to detect a trigger event involving the at least one asset; and

using the data representing instructions for implementing the at least one responsive action associated with each of the one
or more trigger events to automatically implement the at least one responsive action associated with the detected trigger
event.

US Pat. No. 9,418,385

ASSEMBLING A TAX-INFORMATION DATA STRUCTURE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for assembling a tax-information data structure, comprising:
receiving a plurality of income-tax documents, wherein the documents comprise tax-forms, instructions, and publications issued
by an income-tax authority to be used for subsequent income-tax preparation by users;

extracting, by a computer, information about taxes from the received income-tax documents, wherein the information about taxes
comprises tax phrases;

extracting context information related to the extracted tax information, wherein the context information comprises location
information associated with the extracted tax information, and wherein the location information comprises at least one of
a title or version of an income-tax document, a page number in an income-tax document, and a page index associated with an
income-tax document;

identifying a first set of tax phrases in the extracted tax information, wherein the identifying involves using semantic and
structural heuristics;

identifying a second set of tax phrases in the extracted tax information using a statistical identification technique;
constructing, by the computer, the tax-information data structure, wherein the constructing involves building an association
between the first and second sets of tax phrases with the extracted context information;

storing, in a memory of the computer, the constructed tax-information data structure;
receiving, at the computer, a tax-related query from a user, wherein the user is executing an income tax-preparation software;
processing the received query using the stored tax-information data structure to generate an answer; and
displaying the generated answer to the user.

US Pat. No. 9,330,402

METHOD AND SYSTEM FOR PROVIDING A PAYROLL PREPARATION PLATFORM WITH USER CONTRIBUTION-BASED PLUG-INS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing a payroll preparation platform with user contribution-based plug-ins
comprising-the following, which when executed individually or collectively by any set of one or more processors perform a
process including:
receiving, at a first computing system implementing a first payroll preparation and management system executing on the first
computing system, user input representing a first user-created customization of a payroll configuration;

receiving user input designating a first portion of the first user-created customization as being sharable;
receiving user input designating a second portion of the first user-created customization as not being sharable;
receiving, at a second computing system from the first computing system, payroll modification data representing only the first
portion of the first user-created customization of a payroll configuration;

receiving, at a third computing system implementing a second payroll preparation and management system executing on the third
computing system, user input representing a second user-created customization of a payroll configuration;

receiving, at the second computing system from the third computing system, payroll modification data representing the second
user-created customization of a payroll configuration;

transforming, at a transformation module at the third computing system, the received payroll modification data into two or
more payroll optimization plug-ins categorized according to a region associated with the payroll optimization plug-ins, wherein
a plug-in is at least one software component that provides a specific payroll configuration;

aggregating, at a data storage mechanism, sharable payroll optimization plug-ins of the same category into regional sharable
payroll optimization plug-in sets;

implementing, through an implementing individual selecting a first plug-in from the data storage mechanism, the first plug-in
in a payroll preparation and management system of the implementing individual, the selected first plug-in being one of the
transformed plug-ins originating as the first user-created customization of a payroll configuration; and

generating a rating of the first plug-in, the rating being at least partly based on a reputation and/or history of an individual
who provided the user input creating the first user-created customization of a payroll configuration, the rating being further
at least partly based on a rating provided by the implementing individual.

US Pat. No. 9,282,122

METHOD AND APPARATUS FOR MULTI-TENANCY SECRETS MANAGEMENT

Intuit Inc., Mountain Vi...

1. A computing system implemented method for managing secrets of tenants of a multi-tenant computing environment, comprising:
maintaining, by a service provider computing system, a service provider secrets policy,
wherein the service provider secrets policy includes security requirements associated with the secrets of tenants within the
multi-tenant computing environment;

receiving, by the service provider computing system, a first tenant secrets policy from a first tenant computing system for
a first tenant of the multi-tenant computing environment;

receiving a request from the first tenant computing system to apply the first tenant secrets policy to at least one multi-tenant
asset in the multi-tenant computing environment;

in response to receiving the request from the first tenant computing system, comparing the first tenant secrets policy with
the security requirements of the service provider secrets policy;

if the first tenant secrets policy satisfies the security requirements, authorizing, with the service provider computing system,
the request from the first tenant computing system to apply the first tenant secrets policy to the at least one multi-tenant
asset;

if the first tenant secrets policy fails the security requirements, rejecting the request from the first tenant computing
system to apply the first tenant secrets policy to the at least one multi-tenant asset; and

applying the first tenant secrets policy to the at least one multi-tenant asset if the request from the first tenant computing
system is authorized.

US Pat. No. 10,572,594

EXTRACTING DOMAIN-SPECIFIC ACTIONS AND ENTITIES IN NATURAL LANGUAGE COMMANDS RECOGNIZED BASED ON EDITION AND RECOGNITION SCORES

INTUIT INC., Mountain Vi...

1. A method for processing natural language commands by a processor, comprising:receiving, by the processor, a natural language command from a client device;
identifying a probable matching command in a corpus of known commands by attempting to identify an exact match between the received natural language command and a command in the corpus of known commands, wherein:
the corpus of known commands comprises a plurality of domain-specific commands representing commands having a specific meaning in a software application, and
each respective domain-specific command of the plurality of domain-specific commands is:
annotated with location information of one or more domain-specific entities in the respective domain-specific command, wherein the one or more domain-specific entities represent entities having a specific meaning in the software application, and
mapped to a function in the software application invoked by the respective domain-specific command;
generating number, edition error, and recognition error (NER) scores between at least a portion of the received natural language command and each known command in the corpus of known commands;
upon failing to identify an exact match between the received natural language command and a command in the corpus of known commands based on the generated NER scores:
identifying the probable matching command in the corpus of known commands based on the generated NER scores, wherein the probable matching command in the corpus of known commands comprises a command having a highest generated NER score;
identifying, by the processor, one or more entities in the received natural language command to perform an action on based on the location information of the one or more domain-specific entities in the probable matching command; and
invoking, by the processor on an application server, the function in the software application to which the natural language command is mapped to execute a domain-specific action in the software application on the identified one or more entities.

US Pat. No. 9,412,101

SYSTEMS METHODS AND COMPUTER PROGRAM PRODUCTS FOR DIRECTING CONSUMER FROM DIGITAL RECEIPT TO SOURCE OF SPECIFIC ITEM FOR REPEAT ITEM PURCHASE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for directing a consumer to a source offering for sale a specific item previously purchased
by the consumer, the method being performed by a computer and comprising the computer:
receiving electronic receipt data generated by a transaction processing device of a merchant, the electronic receipt data
identifying the specific item purchased by the consumer from the merchant;

identifying a plurality of merchants offering the specific item for sale;
selecting a merchant of the plurality of merchants based at least in part upon pre-determined prioritization criteria involving
prior purchases by the consumer;

encoding an input element based at least in part upon the selected merchant and the specific item; and
generating a digital receipt, the digital receipt comprising: item-level data identifying the specific item purchased and
the input element selectable by the consumer to direct the consumer from the digital receipt to the selected merchant offering
the specific item for sale.

US Pat. No. 9,467,477

METHOD AND SYSTEM FOR AUTOMATICALLY MANAGING SECRETS IN MULTIPLE DATA SECURITY JURISDICTION ZONES

Intuit Inc., Mountain Vi...

1. A system for automatically managing secrets in a plurality of data security jurisdiction zones comprising:
at least one memory coupled to one or more processors, the at least one memory having stored therein instructions which when
executed by any set of the one or more processors, perform a process for automatically managing secrets in the plurality of
data security jurisdiction zones, the process for automatically managing secrets in the plurality of data security jurisdiction
zones including:

obtaining data security policy data for the plurality of data security jurisdiction zones, the data security policy data for
the plurality of data security jurisdiction zones including data indicating allowed secrets data for each respective data
security jurisdiction zone of the plurality of data security jurisdiction zones and prohibited secrets data for each respective
data security jurisdiction zone of the plurality of data security jurisdiction zones, the allowed secrets data for each respective
data security jurisdiction zone representing one or more secrets allowed to be used to protect data in the respective data
security jurisdiction zone, the prohibited secrets data for each respective data security jurisdiction zone of the plurality
of data security jurisdiction zones representing one or more secrets that are not allowed to be used to protect data in the
respective data security jurisdiction zone;

obtaining secrets request data representing a request that secrets data be transferred to a resource;
automatically determining a data security jurisdiction zone of the resource;
automatically obtaining a portion of the data security policy data corresponding to the data security jurisdiction zone of
the resource;

automatically analyzing the portion of the data security policy data corresponding to the data security jurisdiction zone
of the resource to determine the allowed secrets data with respect to the data security jurisdiction zone of the resource;

identifying one or more secret data classes by classifying the allowed secrets data according to a level of security provided
by the allowed secrets data;

obtaining the allowed secrets data within the one or more secret data classes with respect to the data security jurisdiction
zone of the resource; and

automatically providing the obtained allowed secrets data with respect to the data security jurisdiction zone of the resource
to the resource.

US Pat. No. 9,436,937

HIGHLIGHT-BASED BILL PROCESSING

INTUIT INC., Mountain Vi...

1. A computerized bill processing system, comprising:
a computerized acquisition element configured to generate an image of a printed bill or invoice of a payer that is a recipient
of the printed bill or invoice, the printed bill or invoice reflecting an amount owed by the payer recipient to a payee; and

a bill processing application, in communication with the computerized acquisition element or a data store associated with
the computerized acquisition element, and configured to:

receive the image comprising at least one section manually highlighted by the payer recipient and at least one unhighlighted
section,

determine bill or invoice data within the at least one section that was manually highlighted by the payer recipient based
at least in part upon identifying a pre-determined number of contiguous pixels in the image having a color that differs from
a background color of the image; and

process the bill or invoice for electronic payment by the payer recipient to the payee based at least in part upon the determined
bill or invoice data within the at least one section that was manually highlighted by the payer recipient.

US Pat. No. 9,213,625

METHOD AND APPARATUS FOR PERFORMING AUTOMATED USER-INTERFACE LAYOUT TESTING

INTUIT INC., Mountain Vi...

1. A computer-implemented method for performing automated user-interface layout testing, the method comprising:
executing a pre-defined set of operations for a program;
storing a first representation of a user interface for the program subsequent to executing the operations;
automatically tagging the first representation with a unique tag, wherein the tag identifies an environment, workflow, and
time frame in which the first representation is obtained, which allows identification of multiple images of the same workflow
for comparison;

automatically selecting, based on the unique tag, one or more previously stored valid representations tagged with the same
workflow for comparison with the first representation; and

comparing the first representation against each of the one or more validated representations to determine a difference between
the representations, thereby facilitating detecting changes that affect the user interface, wherein said comparing involves:

receiving a specification that describes an acceptable level of change between the first representation and a validated representation;
and
determining whether the difference between the first representation and any of the one or more validated representations exceeds
the acceptable level of change.

US Pat. No. 9,811,864

AUTOMATIC INVOICING BASED ON BUSINESS ACTIVITY

Intuit Inc., Mountain Vi...

1. A method for generating a service provider invoice, comprising:
obtaining a plurality of documents from a plurality of sources via a mobile device of a service provider, wherein the plurality
of documents are generated for a plurality of customer jobs performed by the service provider at a plurality of jobsites,
and wherein one of the documents comprises an image captured by the mobile device;

analyzing, by a computer processor and based on a pre-determined criterion, the plurality of documents to identify a subset
of the plurality of documents corresponding to a jobsite of the plurality of jobsites, wherein analyzing the plurality of
documents comprises:

retrieving a plurality of global positioning service (GPS) data items associated with the plurality of documents; and
determining, based on the plurality of GPS data items, that the subset of the plurality of documents is related to the jobsite;
extracting, by the computer processor, job data from the subset of the plurality of documents, wherein the job data comprises
time and material information associated with a customer job of the plurality of customer jobs that is performed at the jobsite;
and

generating the service provider invoice, using the job data, by:
identifying, using one or more of the plurality of GPS data items, an address for a location of the jobsite,
identifying a customer at the address,
inserting an identifier of the customer into the service provider invoice,
identifying, using the material information extracted from the subset of the plurality of documents, a type of the customer
job,

determining, based on the type of the customer job, a labor rate of the service provider for the customer job, and
inserting the labor rate into the service provider invoice.

US Pat. No. 9,400,660

CUSTOMIZING USER INTERFACES OF NATIVE APPLICATIONS FOR PORTABLE ELECTRONIC DEVICES

INTUIT INC., Mountain Vi...

1. A computer-implemented method for facilitating use of a native application for a portable electronic device, comprising:
presenting a set of one or more layouts to a user, wherein each layout comprises an arrangement of screens or user-interface
elements within screens;

receiving, from the user, a selection of a layout from the set of one or more layouts for use in a custom view;
creating the custom view, wherein the custom view specifies a configuration for one or more native user-interface components
of the native application within a user-interface corresponding to the custom view and wherein the creating comprises receiving,
from the user, a placement of one or more of the native user-interface components within the selected layout;

selecting the created custom view for use as a user-interface with the native application;
storing the created custom view for subsequent use with the native application; and
enabling use of the created custom view with the native application independently of a platform of the native application,
wherein the native application uses the created custom view to render the native user-interface components within the user-interface
corresponding to the custom view.

US Pat. No. 9,256,418

DYNAMIC APPLICATION IDENTIFIER FOR USE IN AN UPDATE WORKFLOW

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing an update for a plurality of software applications to a plurality of portable
electronic devices, comprising:
receiving, at the computer, the update to the plurality of software applications from a provider of the plurality of software
applications, wherein each software application in the plurality of software applications has a unique application identifier;

after receiving the update, accessing, at the computer, inventory information about each portable electronic device in the
plurality of portable electronic devices;

dynamically generating, at the computer, an identifier for the update for each portable electronic device in the plurality
of portable electronic devices based on the inventory information and on update information that specifies an update relationship
between the update and a previous version of the software application; and

providing the update along with a first dynamically generated identifier to a first portable electronic device in the plurality
of portable electronic devices, wherein the first dynamically generated identifier is used by the first portable electronic
device to determine a selection of workflow tasks to be executed in the first portable electronic device, thereby causing
the first portable electronic device to update a first software application from the plurality of software applications with
the update;

providing the update along with a second dynamically generated identifier to a second portable electronic device in the plurality
of portable electronic devices, wherein the second dynamically generated identifier is used by the second portable electronic
device to determine a selection of workflow tasks to be executed in the second portable electronic device, thereby causing
the second portable electronic device to update a second software application from the plurality of software applications
with the update; and

wherein the second software application has a different identifier from the first software application and wherein the second
software application and the first software application are updated from the same update.

US Pat. No. 9,129,276

INVENTORY MANAGEMENT

Intuit Inc., Mountain Vi...

1. A method for inventory management, comprising:
obtaining a first invoice sent from a supplier to a first merchant;
capturing, by the computer processor, a plurality of labels and a plurality of fields on the first invoice,
wherein the plurality of labels describe a plurality of attributes of a first product purchased from the supplier, and
wherein the plurality of fields on the first invoice comprise a plurality of attributes values of the first product;
defining, by the computer processor, a plurality of field location coordinates of the plurality of fields on the first invoice;
defining, by the computer processor, a plurality of region location coordinates of a region on the first invoice,
wherein the region corresponds to a grouping of a subset of the plurality of fields, and
wherein the region location coordinates specify the edges of the region of the first invoice;
storing, using the plurality of labels, in a template for the supplier, the plurality of region location coordinates and the
plurality of field location coordinates;

obtaining a second invoice sent from the supplier to a second merchant, wherein the second invoice comprises the plurality
of fields;

capturing, from the plurality of fields on the second invoice, after storing in the template, and by the computer processor,
a plurality of attribute values of a second product purchased from the supplier using the template; and

updating an entry, for the second product, in an inventory database of the second merchant with the plurality of attribute
values of the second product captured using the template.

US Pat. No. 9,304,891

LOAD-TEST GENERATOR

INTUIT INC., Mountain Vi...

1. A computer-implemented method for generating a load test, the method comprising:
using the computer, recording a test session that includes web flows associated with a first set of users and a browser;
modifying the test session so that the web flows represent behaviors associated with a second set of users, wherein the second
set of users includes more users than the first set of users, and wherein modifying the test session generalizes the web flows;

filtering the test session using one or more filters in a set of predefined filters; and
incorporating the modified test session into the load test.

US Pat. No. 9,390,288

METHOD AND SYSTEM FOR VALIDATING A VIRTUAL ASSET

Intuit Inc., Mountain Vi...

1. A system for validating a virtual asset comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for validating a virtual asset, the process for
validating a virtual asset including:

generating, by a virtual asset creation system, virtual asset creation data, the virtual asset creation data including primary
virtual asset data associated with the virtual asset itself, and/or the operation of the virtual asset, and/or the operating
environment of the virtual asset;

generating secondary authentication data, the secondary authentication data including personal data regarding the owner of
an account associated with the virtual asset;

transferring, by the virtual asset creation system, primary virtual asset data and the secondary authentication data from
the virtual asset creation template to a virtual asset validation system, via a first communications channel;

launching, by the virtual asset creation system using the virtual asset creation data, the virtual asset of the virtual asset
creation data, the launch process including transferring the secondary authentication data from the virtual asset creation
template to the virtual asset validation system, the launch process further including transferring, by the virtual asset creation
system, via a second communications channel, at the time of the launch of the virtual asset, the secondary authentication
data into the virtual asset;

transferring, via a third communication channel, primary virtual asset data and the secondary authentication data from the
virtual asset to the virtual asset validation system;

processing and analyzing, during a boot-up process for the virtual asset when the virtual asset is first launched, the primary
virtual asset data from the virtual asset creation template and the primary virtual asset data from the virtual asset to determine
if the primary virtual asset data from the two sources match, or have a defined threshold level of similarity;

processing and analyzing, during a boot-up process for the virtual asset when the virtual asset is first launched, the secondary
authentication data from the virtual asset creation template and the secondary authentication data from the virtual asset
to determine if the secondary authentication data from the two sources match, or have a defined threshold level of similarity;

upon determining, during a boot-up process for the virtual asset when the virtual asset is first launched, that the primary
virtual asset data from the virtual asset creation template and the primary virtual asset data from the virtual asset, and/or
one or more sources associated with the virtual asset, match, or have a defined threshold level of similarity and the secondary
authentication data from the virtual asset creation template and the secondary authentication data from the virtual asset
match, or have a defined threshold level of similarity, transforming a status of the virtual asset to a status of validated
virtual asset; and

providing, following the status of the virtual asset being transformed to the status of validated asset, and still during
the boot-up process during a boot-up process for the virtual asset when the virtual asset is first launched, secrets required
for boot-up to the virtual asset.

US Pat. No. 9,230,214

PERSONALIZING AUTO-COMPLETION RESULTS BASED ON USER INTENT

INTUIT INC., Mountain Vi...

1. A method for facilitating use of an auto-completion system, comprising:
receiving an input text string from a user;
determining a set of potential replacement text strings, wherein each potential replacement text string in the set can replace
the input text string, wherein determining the set of potential replacement text strings for the input text string involves:

retrieving, from a database, prior financial transactions conducted with a set of businesses by the user;
analyzing the retrieved prior financial transactions; and
identifying, from the set of businesses, the set of potential replacement text strings, wherein each potential replacement
text string in the set of potential replacement text strings is further based on establishing a level of lexicographic match
of the potential replacement text string with the first text string;

calculating, by computer, a commercial intent score for each potential replacement text string in the set, wherein the commercial
intent score for each potential replacement text string in the set is based on calculating at least one of:

a normalized value Category(u,b) of the category of the business b for the user u;
a normalized value Size(u,b) of the size of the business b for the user u; and
a normalized value Distance(u,b) of the distance of the business b for the user u;
selecting a replacement text string from the set of potential replacement text strings based on the computed commercial intent
score for each text string in the set; and

displaying the replacement text string in place of the input text string to the user.

US Pat. No. 9,477,648

OPTIMIZED WEB APPLICATION USER EXPERIENCE

Intuit Inc., Mountain Vi...

1. A method to select an optimal webpage configuration for a server farm, comprising:
determining, by a first server of the server farm and in response to a recurring trigger event, a first measure of user response
of a first user group to a plurality of webpage configurations as presented by the first server to the first user group;

determining a current selection of the plurality of webpage configurations, wherein the current selection is a first candidate
of the optimal webpage configuration prior to the pre-determined trigger event;

determining, by the first server and in response to determining the first measure of user response, an updated selection from
the plurality of webpage configurations,

wherein the updated selection is determined based on the first measure of user response, and
wherein the updated selection is determined as a target to replace the current selection as the first candidate of the optimal
webpage configuration;

obtaining, by the first server and in response to targeting the updated selection to replace the current selection, a second
measure of user response, a first burden rate of the first server and a second burden rate of the second server,

wherein the second measure of user response is determined by a second server of the server farm,
wherein the second measure of user response represents a response of a second user group to the plurality of webpage configurations
as presented by the second server to the second user group,

wherein the first burden rate represents first relative contribution of the first server to a total workload performed by
the server farm, and

wherein the second burden rate represents second relative contribution of the second server to the total workload performed
by the server farm;

aggregating, by the first server, the first measure of user response and at least the second measure of user response to generate
an aggregate user response measure, wherein the first measure of user response and the second measure of user response are
inversely weighted by the first burden rate and the second burden rate, respectively, in the aggregate user response measure;
and

selecting, by the first server and based on the aggregate user response measure, one of the current selection and the updated
selection as the first candidate of the optimal webpage configuration subsequent to the pre-determined trigger event.

US Pat. No. 9,471,756

METHOD AND APPARATUS FOR AUTHORIZING A SOFTWARE PRODUCT TO BE USED ON A COMPUTER SYSTEM

INTUIT INC., Mountain Vi...

1. A method for authorizing a software product to be used on a customer's computer, the method comprising:
in response to a customer request to purchase a software product at a retailer under a licensing scheme, receiving, at a product
database of a manufacturer, a unique serial number for the software product from a point of sale (POS) system at the retailer,
wherein the unique serial number is obtained by scanning the software product at the POS system, and wherein the product database
of the manufacturer includes a first database entry indicating whether the software product is retail-authorized and a second
database entry indicating whether the software product is customer-owned;

upon receiving the unique serial number for the software product from a point of sale (POS) system, identifying, at the product
database, the first database entry for the software product, wherein the identifying of the first database entry is based
on the unique serial number;

upon identifying the first database entry for the software product, modifying, at the product database, the first database
entry for the software product to indicate that the software product is retail-authorized for use, and wherein, after a purchase
of the software product by the customer and prior to installing the software product at the customer's computer, the first
database entry at the product database does not indicate any customer information in association with the software product;
and

subsequent to the purchase,
receiving, from the customer's computer, at the product database, a license number for the software product after installing
the software product, wherein the customer's computer is separate from the POS system, wherein the license number is different
from the unique serial number, and wherein the license number is present in the software product prior to the purchase by
the customer;

identifying, at the product database, the first database entry for the software product, wherein the identifying of the first
database entry subsequent to the purchase is based on the received license number;

upon confirming that the first database entry for the software product at the product database indicates that the software
product is retail-authorized, modifying the second database entry at the product database to indicate that the software product
is customer-owned;

when the first database entry for the software product, at the product database, indicates that the software product is retail-authorized
and the second database entry indicates that the software product is customer-owned, authorizing the purchased functionality
for the software product at the customer's computer;

after the software product becomes retail-authorized, billing the retailer a difference between an initial price paid by the
retailer for the software product prior to the customer purchasing the software product and a final price that the retailer
agreed to pay to an organization that sold the software product to the retailer;

after a time limited under the licensing scheme or upon receiving deactivation information from the POS system when returning
the software product, deactivating the software product by modifying the first database entry for the software product to
indicate that use of the software product is not authorized; and

after modifying the first database entry, rendering the software product inoperable at the customer's computer.

US Pat. No. 9,189,789

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR FULFILLING A LOAN REQUEST OF A BUSINESS ENTITY

INTUIT INC., Mountain Vi...

1. A computer implemented method for fulfilling a request for loan of a business entity, the method comprising:
a loan connect mechanism coupled to at least one micro-processor of an intermediate computer in communication with a computing
device of a business entity via a first computing network and a computer of a lender via a second computing network identifying
or receiving a request for a loan for a loan amount from the computing device of the business entity via the first computing
network;

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer identifying or creating a
borrower's profile for the business entity based at least in part upon the request;

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer identifying or receiving a
lender's profile by fetching or receiving the lender's profile from the computer of the lender via the second computing network;

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer and a financial management
system receiving electronic data from the financial management system that is utilized by the business entity, the financial
management system being linked to at least one financial account of the business entity;

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer enhancing credibility of the
borrower's profile by using at least the electronic data from the financial management system to improve the credibility of
the borrower's profile or other data associated with the borrower's profile based at least in part upon the electronic data
received from the financial management system; and

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer identifying a first compatibility
criterion of a first type of compatibility at least by receiving or identifying the first compatibility criterion included
in or associated with another lender's profile from another computing system of another lender via another computing network,
wherein the first type of compatibility is included in, associated with, or specified in the lender's profile that comprises
a plurality of compatibility criteria of one or more other compatibility types that are used to determine whether or not the
loan is to be granted; and

the loan connect mechanism coupled to at least one micro-processor of the intermediate computer matching the request for the
loan with the lender by at least determining respective compatibility between the business entity and multiple lenders including
the lender based at least in part on respective weights or rankings of multiple compatibility criteria included in or associated
with the lender's profile and further by distributing or scaling the plurality of compatibility criteria specified in or associated
with the lender's profile based in part or in whole upon the first compatibility criterion, the first compatibility criterion
not included in or associated with the lender's profile, and one or more lender compatibility criteria in the borrower's profile.

US Pat. No. 9,152,630

MODIFIED DATABASE TRANSACTION SCOPES DURING SOFTWARE TESTING

INTUIT INC., Mountain Vi...

1. A computer-implemented method for testing a software application associated with a database, the method comprising:
executing, at a computer, a test script that tests the software application by checking a set of test conditions;
receiving, at a second connection to the database that is wrapped around a first connection to the database, a set of database
messages from the software application;

for each database message in the set of database messages:
if, when executed, the database message would cause an operation that defines a transaction scope for a transaction for the
database, providing a return code for the software application to indicate that the operation that would be caused by the
database message completed successfully and ignoring the database message by not passing the database message to the database
via the first connection; and

otherwise, when executed, the database message would not cause an operation that defines a transaction scope for a transaction
for the database, passing the database message to the database via the first connection; and

upon completion of the test script, restoring the database to an initial state prior to the execution of the test script by
instructing the first connection to perform a roll back operation.

US Pat. No. 9,213,893

EXTRACTING DATA FROM SEMI-STRUCTURED ELECTRONIC DOCUMENTS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for processing data, comprising:
obtaining a first electronic document of a given document type from a user, the first electronic document comprising a set
of fields, each field comprising data;

performing a lookup in a template repository for a template for the given document type, wherein, for each field in the set
of fields, the template identifies a location of the field in the first electronic document;

in response to determining that a template repository does not include the template for the given document type:
creating the template in the template repository;
causing a graphical user interface to present an image of the first electronic document;
for each field in the set fields:
using the graphical user interface, receiving a selection of a region of the image from the user, wherein the selection includes
the field;

using the selection of the region to obtain the location of the field;
using the location of the field to extract the data for the field from the first electronic document;
storing, in the template, an identifier for the field and the location of the field;
enabling use, for the first user, with an application, of the data for the set of fields in the first electronic document;
obtaining a second electronic document of the given document type from a second user, the second electronic document comprising
the set of fields, each field of the set of fields for the second electronic document comprising data;

in response to determining that the template repository includes the template:
for each field in the set of fields, using the location of the field from the template to extract data for the field from
the second electronic document; and

enabling, for the second user, use of the data for the set of fields in the second electronic document with the application
without requiring manual input of the data for the set of fields in the second electronic document into the application.

US Pat. No. 9,443,233

PAYMENT USING A FRACTAL IMAGE

Intuit Inc., Mountain Vi...

1. A method for approving a commercial transaction using a fractal image generated by a customer, comprising:
receiving, from a central authority, a seed;
receiving a request for the fractal image for payment of the commercial transaction with a merchant;
obtaining a plurality of payment device information from a data repository on a mobile device;
generating a fractal, using the seed and the plurality of payment device information;
generating a two-dimensional gradient field using an approximation of the fractal;
generating the fractal image using the two-dimensional gradient field;
displaying the fractal image, and customer identity information viewable in a layer above the fractal image, on a display
of the mobile device;

scanning, by the merchant, the display to obtain a scanned fractal image and the customer identity information;
sending, by the merchant, the scanned fractal image to the central authority; and
approving, via the central authority, the commercial transaction by:
generating an expected fractal using a copy of the plurality of payment device information and the seed, and
comparing the scanned fractal image with the expected fractal.

US Pat. No. 9,430,801

METHODS SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR GENERATING FINANCIAL STATEMENT COMPLYING WITH ACCOUNTING STANDARD

INTUIT INC., Mountain Vi...

1. A computer-implemented method for determining how a header or footer of an electronic financial statement that is being
prepared should be configured for compliance with an accounting standard, the method comprising:
before preparation of the electronic financial statement of the entity and on behalf of the entity, a first computer, by a
conversion engine, generating respective rules by receiving text of requirements or guidelines of a specific accounting standard
and transforming respective text into respective rules, and storing respective generated rules to a database; and

during preparation of the electronic financial statement of the entity on behalf of the entity, the first computer, by a compare
engine, determining, content of at least one pre-determined attribute of the electronic financial statement comprising numerical
data describing finances of the entity for which the electronic financial statement is being prepared, accessing the database
comprising the plurality of generated rules, comparing the content of the at least one pre-determined attribute and respective
criteria of the plurality of rules, selecting a generated rule based at least in part upon the comparison, and
determining a configuration of the header or footer of the electronic financial statement specified by the selected generated
rule;
the first computer receiving data for the header or footer; and
the first computer automatically populating or generating the header or footer according to the determined configuration with
the received data for the header or footer without input of a person preparing the electronic financial statement on behalf
of the entity such that the header or footer data and form of the electronic financial statement being prepared comply with
the specific accounting standard based at least in part upon the electronic financial statement content.

US Pat. No. 9,325,726

METHOD AND SYSTEM FOR VIRTUAL ASSET ASSISTED EXTRUSION AND INTRUSION DETECTION IN A CLOUD COMPUTING ENVIRONMENT

Intuit Inc., Mountain Vi...

1. A system for virtual asset assisted extrusion detection in a cloud computing environment comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for virtual asset assisted extrusion detection in
a cloud computing environment, the process for virtual asset assisted extrusion detection in a cloud computing environment
including:

providing a cloud computing environment, the cloud computing environment including one or more virtual assets;
transforming at least one of the one or more of the virtual assets into an extrusion detection capable virtual asset by providing
an analysis trigger monitoring system to the at least one of the one or more of the virtual assets;

defining two or more analysis trigger parameters, the defined two or more trigger parameters at least including an IP address
indicating a designated suspect geographical region and frequency analysis indicating messages arrive at frequency less than
a defined threshold frequency;

generating analysis trigger data representing the analysis trigger parameters;
providing at least part of the analysis trigger data to the analysis trigger monitoring systems of the extrusion detection
capable virtual assets;

using the analysis trigger monitoring systems and the analysis trigger data to monitor at least a portion of message traffic
sent from any of the extrusion detection capable virtual assets to detect any message including one or more of the two or
more analysis trigger parameters;

classifying any detected message including one or more of the two or more analysis trigger parameters as a suspect message;
for each suspect message, generating suspect message copy data representing a copy of at least a portion of the suspect message;
and

transferring the suspect message copy data to one or more analysis systems for further analysis.

US Pat. No. 9,378,664

PROVIDING FINANCIAL DATA THROUGH REAL-TIME VIRTUAL ANIMATION

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing data associated with a financial instrument for a user through real-time virtual
animation anchored to the financial instrument in a video stream, the method comprising:
receiving, at a computer system, from a camera for the computer system, a video stream comprising a video frame, wherein the
video frame includes an image of the financial instrument, wherein the image includes information that identifies at least
one of a financial account for the user and financial data for the user, wherein the financial instrument is a physical object
that includes the information, and wherein the video stream is received from the camera as the user holds the financial instrument
up to the camera;

identifying the financial instrument in the video stream by performing optical character recognition on the image to extract
second data, the second data comprising at least some of the information that identifies the at least one of the financial
account and the financial data;

using the second data to retrieve, from a data source, one or more monetary amounts for the at least one of the financial
account and the financial data;

creating an animation which graphically represents the one or more monetary amounts;
modifying the video frame to include the animation such that, in the modified video frame, the animation is attached to the
image of the financial document;

and displaying the modified video frame to the user at the computer system.

US Pat. No. 9,769,098

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR ANALYZING BEHAVIOR OF INTERNET FORUM PARTICIPANTS

INTUIT INC., Mountain Vi...

1. A system for analyzing on-line behavior patterns within an Internet forum in which a plurality of users using respective
computers post respective on-line messages to a host computer such that participants can view the on-line message posted to
the host computer, the system comprising:
a host computer comprising at least one processor and is communicatively coupled to respective computers of a plurality of
participants of an Internet forum through respective networks, wherein plurality of participants post respective on-line messages
to the host computer for viewing by all of the participants;

a data capture module executing on or associated with the host computer, the data capture module being operable to generate
or identify data associated with an on-line message created by a participant of the Internet forum and posted to the host
computer;

an on-line behavior module executing on or associated with the host computer, the on-line behavior module being operable to
determine an understanding or description of the data at least by analyzing the data generated or identified by the data capture
module based in part or in whole upon a lexicon or a syntax associated with the data relative to one or more pre-determined
on-line behavior criteria;

an intelligent logic subsystem stored at least partially in memory of the host computer, the intelligent logic subsystem being
configured to improve accuracy of determining, at the on-line behavior module executing on or associated with the host computer,
the understanding or description of the data into improved understanding or description at least by increasing independence
or by decreasing inter-dependency of the one or more pre-determined on-line behavior criteria;

an analysis module executing on or associated with the host computer, the analysis module being operable to designate the
on-line message as a helpful message positively contributing to the Internet forum to address an issue related to a product
or service of developers operating the host computer and discussed on the Internet forum based at least in part upon the improved
understanding or description of the data and results of analyzing the data, and to generate one or more recommended actions
in response to the helpful message based in part or in whole upon execution results of the on-line behavior module;

an action module executing on or associated with the host computer, the action module being operable to determine an on-line
behavior of the participant and to report a result generated by the on-line behavior module or the analysis module to a human
moderator of the Internet forum to determine a final action from the one or more recommended actions to award the participant
of the on-line message; and

a post-action module executing on or associated with the host computer, the post-action module being operable to deliver a
public announcement or message to the Internet forum for the final action that awards the participant of the on-line message
to encourage the participant for positive contribution to the Internet forum.

US Pat. No. 9,204,205

VIEWING ADVERTISEMENTS USING AN ADVERTISEMENT QUEUE

Intuit Inc., Mountain Vi...

1. A method to present advertisements, comprising:
identifying a first user queuing selection of a first advertisement, wherein the first user queuing selection is made by a
user while viewing, on a user device, a first webpage comprising a first icon representing media content, the first advertisement
and a first advertisement queue (ADQ) button annotating the first icon;

identifying, subsequent to queuing the first advertisement in an ADQ assigned to the user, a second user queuing selection
of a second advertisement, wherein the second user queuing selection is made by the user while viewing, on the user device,
a second webpage comprising a second icon representing the second advertisement and a second ADQ button annotating the second
icon;

queuing, by a computer processor and in response to the first user queuing selection, the first advertisement in the ADQ;
queuing, by the computer processor and in response to the second user queuing selection, the second advertisement in the ADQ;
detecting, in response to queuing the second advertisement in the ADQ, the ADQ reaching a pre-determined full-status;
presenting, in response to detecting the ADQ reaching the pre-determined full-status, a notification to the user inviting
the user to view one or more advertisements queued in the ADQ;

identifying, in response to detecting the ADQ reaching the pre-determined full-status and presenting the notification, a user
viewing selection to select, from the ADQ, the first advertisement for viewing;

sending, by the computer processor and in response to the user viewing selection, an advertisement presentation request to
present the first advertisement on the user device,

wherein the advertisement presentation request requires payment of an advertising fee by an advertiser; and
identifying, in response to detecting the ADQ reaching the pre-determined full-status and presenting the notification, a user
clearing selection to clear, from the ADQ, the second advertisement,

wherein the second advertisement is prevented from being presented to the user.

US Pat. No. 9,552,245

RESOLVING ERRORS THAT ARISE WHILE ACCESSING ONLINE USER ACCOUNTS

INTUIT INC., Mountain Vi...

1. A method for managing access to an online user account, comprising:
using stored authentication credentials for a user to obtain access to the online user account of the user;
upon obtaining access to the online user account, aggregating financial data for the user from the online user account; and
upon detecting an error associated with aggregating the financial data, processing the error by performing the following operations
on a computer system:

obtaining error information describing the error from a web page associated with the error, and
when the user subsequently accesses the aggregated financial data, displaying the error information to the user to facilitate
resolution of the error by the user.

US Pat. No. 9,323,926

METHOD AND SYSTEM FOR INTRUSION AND EXTRUSION DETECTION

Intuit Inc., Mountain Vi...

1. A system for intrusion and extrusion detection comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for intrusion and extrusion detection, the process
for intrusion and extrusion detection including:

providing a network communications system, the network communications system controlling message traffic sent to, and/or sent
from, a virtual asset;

providing the network communications system an analysis trigger monitoring system;
defining two or more analysis trigger parameters, the two or more analysis trigger parameters at least including an IP address
indicating a designated suspect geographical region and frequency analysis indicating messages arrive at frequency greater
than a defined threshold frequency;

generating analysis trigger data representing the analysis trigger parameters;
providing the analysis trigger data to the analysis trigger monitoring system;
using the analysis trigger monitoring system and the analysis trigger data to monitor at least a portion of the message traffic
sent to, and/or sent from, the virtual asset controlled by the network communications system to detect any message satisfying
one or more of the two or more analysis trigger parameters, wherein all message traffic sent to, and/or sent from, the virtual
asset is relayed by the network communications system using a first communications channel;

classifying any detected message satisfying one or more of the two or more analysis trigger parameters as a suspect message;
for each suspect message generating suspect message copy data representing a copy of at least a portion of the suspect message;
and

transferring the suspect message copy data to one or more analysis systems for further analysis, the suspect message copy
data being transferred to the one or more analysis systems through an analysis communications channel that is distinct from
the first communications channel.

US Pat. No. 9,747,631

SYSTEMS AND METHODS FOR PURCHASING PRODUCTS FROM A RETAIL ESTABLISHMENT USING A MOBILE DEVICE

Intuit Inc., Mountain Vi...

1. A method of transacting a user's purchase of a first product from a retail establishment, the method performed, at least
in part, by a computer system comprising at least one hardware processor, the method comprising:
receiving, by the computer system and from a mobile device of the user, location information identifying a current geographic
location of the mobile device and a first identifier identifying the first product, wherein the first identifier is from an
image obtained by an image acquisition component of the mobile device while the user is within the retail establishment and
has physical control of the first product;

identifying, by the computer system, the retail establishment based on the location information specifying that the user is
within the retail establishment;

accessing, using the first identifier, a first product information for the first product;
transmitting the first product information to the mobile device;
receiving an indication from the mobile device to purchase the first product, the indication comprising payment information
for purchasing the first product, wherein the indication is received while the mobile device is within the retail establishment
and while the user has the first product;

processing, by the computer system, at least the payment information to transact the user's purchase of the first product
from the retail establishment;

transmitting, by the computer system and to the mobile device, a first purchase confirmation indicating that the first product
has been purchased from the retail establishment by the user and comprising a first code;

transmitting, by the mobile device using short-range wireless communication, the first code to a loss prevention device of
the retail establishment;

transmitting, by the computer system, a second purchase confirmation comprising a second code to the loss prevention device
of the retail establishment before the user leaves the retail establishment, wherein the first code and the second code are
different; and

preventing, using the loss prevention device of the retail establishment, loss by matching the first code and the second code
without human intervention prior to the user leaving the retail establishment.

US Pat. No. 9,747,595

READYING CUSTOMER DATA BASED ON GEO-LOCATION

Intuit Inc., Mountain Vi...

1. A method for readying client financial data, comprising:
receiving a proximity distance;
identifying, using a Global Positioning System (GPS) of a first mobile device of a financial professional (FP), a first location
of the first mobile device;

receiving, at the first mobile device, first GPS coordinates sent from a second mobile device used by a first client of the
FP;

using the received first GPS coordinates, identifying a first location of the second mobile device;
executing, using a processor of the first mobile device, a first determination that a first distance between the first location
of the first mobile device and the first location of the second mobile device exceeds the proximity distance;

identifying, using the GPS of the first mobile device, a second location of the first mobile device;
receiving, at the first mobile device, second GPS coordinates sent from the second mobile device;
using the received second GPS coordinates, identifying a second location of the second mobile device;
executing, using the processor of the first mobile device, a second determination that a second distance between the second
location of the first mobile device and the second location of the second mobile device is within the proximity distance;

downloading, by the first mobile device of the FP and in response to identifying the second mobile device used by the first
client within the proximity distance, a first financial data item corresponding to the first client, the first financial data
item downloaded from a server connected to the first mobile device of the FP by a wireless network; and

displaying, to the FP by the first mobile device of the FP, the first financial data item.

US Pat. No. 9,648,171

EMOTION RECOGNITION TO MATCH SUPPORT AGENTS WITH CUSTOMERS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for selecting a support agent to interact with a user, comprising:
receiving facial recognition data from a plurality of support agents collected from support calls processed by the support
agents;

inferring one or more emotional states of the support agents from the facial recognition data;
determining an outcome of each of the support calls based on feedback indicating user experience with the support agents during
the support calls;

correlating outcomes of the support calls based on different topics with the one or more emotional states of the support agents;
generating a profile of each available support agent's emotional states responsive to one or more of the topics based on the
facial recognition data collected from the support calls; and

upon receiving a request to initiate a support call, wherein the request identifies at least a topic associated with the support
call:

predicting, from the correlation, an emotional state that increases a likelihood of achieving a specified outcome for the
support call based on the topic;

identifying, based on the generated profiles, an available support agent having the predicted emotional state; and
assigning the identified support agent to interact with the user for the support call.

US Pat. No. 9,152,693

SYSTEM AND METHOD FOR VISUAL REPRESENTATION AND SELECTION OF HIERARCHICAL DATA

Intuit Inc., Mountain Vi...

1. A computing system implemented method for visually representing and selecting hierarchical data comprising the following,
which when executed individually or collectively by any set of one or more processors perform a process comprising:
obtaining access to hierarchical data, the hierarchical data being arranged in a parent/child data structure with two or more
data levels;

assigning a display symbol to each data level, wherein assigned display symbols being symbols, icons, or visual features representing
the data level within the hierarchical data;

grouping the display symbols for data levels associated with a common parent data level into sets of related data level display
symbols;

determining how often each data level display symbol has historically been selected by a group of users;
within each set of related data level display symbols assigning a weighting value to each of the data level display symbols
such that the weighting value assigned to a particular data level display symbol determines one or more visual emphasis parameters
to be associated with that data level display symbol, wherein the weighting value assigned to at least one of the data level
display symbols is determined based on the determination of how often the at least one data level display symbol has historically
been selected by the group of users;

displaying all the sets of related data level display symbols on a single user interface display screen such that all the
data level display symbols in each set of related data level display symbols are visually grouped together and displayed on
the user interface display screen;

providing a capability to activate one or more of the data level display symbols through the user interface display screen;
and

in response to an activation of a data level display symbol, selecting the activated data level display symbol.

US Pat. No. 9,098,290

METHOD AND APPARATUS FOR FACILITATING DIAGNOSTIC LOGGING FOR SOFTWARE COMPONENTS

INTUIT INC., Mountain Vi...

1. A method that facilitates diagnostic logging for software components, comprising:
specifying a key attribute in an object model by using an annotation to flag the key attribute, wherein the object model is
described in a standardized modeling language;

compiling the object model to obtain source code, wherein said compiling comprises generating:
logging code in all methods of the source code where the key attribute is accessed or modified, wherein the logging code writes
current state and execution trace information;

compiling the source code to obtain executable instructions;
executing the executable instructions in a runtime environment; and
appending the state and execution trace information generated by the logging code to a log to facilitate discovering and analyzing
program faults.

US Pat. No. 9,786,015

SYSTEM AND METHOD FOR FRAUD DETECTION USING AGGREGATED FINANCIAL DATA

INTUIT INC., Mountain Vi...

1. A computer-implemented method of detecting suspected financial fraudulent activity comprising:
a computing device running a personal financial management system configured to receive financial data for financial transactions
for financial accounts of a common user at a plurality of different financial service providers;

the personal financial management system running on the computing device aggregating the received financial data for the common
user;

the personal financial management system running on the computing device analyzing the aggregated financial data from the
common user for suspicious financial activity by comparing the financial data for a financial transaction for a financial
account at one of the financial service providers with financial data for one or more financial transactions for one or more
other financial accounts at one or more different ones of the financial service providers in order to detect suspicious financial
activity regarding one or more of the financial transactions according to one or more of the following criteria: respective
geographic locations of the financial transactions being compared are in different geographic regions; respective types of
purchased goods of the financial transactions being compared are similar types of goods; respective types of transaction of
the financial transactions being compared are similar types of transaction; the financial transactions being compared occurred
within a predetermined amount of time; value of the financial transactions being compared exceeds a value threshold; and velocity
of money outflow for the financial transactions being compared exceeds an outflow threshold; wherein the financial transactions
being compared are not determined to be suspicious by means other than the comparison; and

the personal financial management system running on the computing device notifying a user and at least one of the plurality
of different financial service providers when suspicious financial activity is detected.

US Pat. No. 9,128,911

ESTIMATING HIGH LEVEL TAX REFUND RANGE

Intuit Inc., Mountain Vi...

1. A method to estimate a tax refund range, comprising:
receiving, by a computer processor and from a user, a subset portion of tax preparation input data prior to receiving a remainder
portion of the tax preparation input data,

wherein the tax preparation input data comprises the remainder portion and the subset portion, and the tax preparation input
data is used when preparing a tax filing for the user, and

wherein the subset portion comprises less than ten items;
calculating, by the computer processor and prior to receiving the remainder portion, a tax refund range estimate based on
the subset portion and on information retrieved from a tax table;

presenting the tax refund range estimate to the user; and
receiving, in response to presenting the tax refund range estimate to the user, the remainder portion for later use when preparing
the tax filing for the user.

US Pat. No. 9,069,869

STORING ON A CLIENT DEVICE DATA PROVIDED BY A USER TO AN ONLINE APPLICATION

Intuit Inc., Mountain Vi...

1. A method for managing data items, comprising:
initiating, by a client device, a first session of an online application (OA) executing on a server;
receiving, by the client device and in response to initiating the first session, a webpage comprising a plurality of fields
from the OA;

receiving, by the client device, a first data item from a user of the client device;
populating, by the client device, a first field of the plurality of fields with the first data item;
receiving, by the client device and after populating the first field, a request to save the first data item from the user
and a location on the client device selected by the user to save the first data item;

sending, by the client device and in response to the request, the first data item from the client device to the OA executing
on the server, wherein the OA generates an encrypted version of the first data item and embeds the encrypted version of the
first data item in a file;

receiving, by the client device, during the first session, and in response to sending the first data item, the file from the
OA and saving the file at the location on the client device;

receiving, by the client device, a selection of the file from the user after the first session of the OA is terminated;
sending, by the client device and after receiving the selection, the encrypted version from the client device to the OA during
a second session of the OA, wherein the OA restores the first data item by decrypting the encrypted version of the first data
item received from the client device;

receiving, by the client device, from the OA, and in response to sending the encrypted version of the first data item, the
webpage comprising the first field loaded, by the OA, with the first data item during the second session; and

displaying, by the client device and during the second session, the webpage comprising the first field loaded, by the OA,
with the first data item,

wherein the second session is subsequent to the first session.

US Pat. No. 9,516,064

METHOD AND SYSTEM FOR DYNAMIC AND COMPREHENSIVE VULNERABILITY MANAGEMENT

Intuit Inc., Mountain Vi...

1. A system for dynamic and comprehensive vulnerability management comprising:
at least one processor; and
at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions
which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability
management, the process for dynamic and comprehensive vulnerability management including:

obtaining vulnerability management data, the vulnerability management data including one or more levels of security that must
be associated with one or more accounts or assets;

amending, following receiving modifications specified by one or more parties associated with an asset being managed by the
vulnerability management data, the vulnerability management data;

obtaining scanner data representing one or more scanners configured to detect and monitor vulnerabilities and vulnerability
characteristics reflected in the vulnerability management data, at least one scanner of the scanner data including a plurality
of scanner tests configured to detect a plurality of vulnerabilities;

obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the scanners, the two
or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy of automatic
re-setting or changing a response time;

correlating the remedy data with vulnerabilities discoverable by the scanner tests;
obtaining asset data associated with an asset;
analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner
data to be applied to the asset;

determining an ideal time to deploy the relevant scanner test on the asset;
automatically deploying the relevant scanner test on the asset at, or before, the ideal time;
identifying, by the relevant scanner test, a vulnerability of the asset;
identifying a remedy in the remedy data, the identified remedy being associated with the identified vulnerability;
automatically applying the identified remedy to the asset;
automatically re-deploying the relevant scanner on the asset to determine whether the identified vulnerability is still present;
and

upon a determination that the identified vulnerability is present after the identified remedy has been applied, taking protective
action to mitigate the vulnerability.

US Pat. No. 9,430,625

METHOD AND SYSTEM FOR VOICE MATCH BASED DATA ACCESS AUTHORIZATION

Intuit Inc., Mountain Vi...

1. A computing system implemented method for voice match based data access authorization comprising the following, which when
executed individually or collectively by any set of one or more processors perform a process including:
providing a database including protected data;
receiving access request data from an access request computing system associated with a data access requesting party, the
access request data indicating a request to access the protected data by the data access requesting party;

generating random authentication text data, the authentication text data representing one or more words, or symbols, to be
read aloud by the data access requesting party;

transferring the authentication text data to a first computing system associated with the data access requesting party;
displaying the one or more words, or symbols, represented by the authentication text data on a display device associated with
the first computing system;

activating a first audio detection capability on the first computing system associated with the data access requesting party;
activating a second audio detection capability on a second computing system associated with the data access requesting party;
requiring the data access requesting party to read aloud, in a first instance, the one or more words, or symbols, represented
by the authentication text data displayed on the display device associated with the first computing system;

obtaining first audio data from the first audio detection capability on the first computing system representing the data requesting
party's reading, in the first instance, the one or more words, or symbols, represented by the authentication text data aloud;

obtaining second audio data from the second audio detection capability on the second computing system representing the data
requesting party's reading, in the first instance, the one or more words, or symbols, represented by the authentication text
data aloud, the obtaining of the first audio data and the obtaining of the second audio data occurring at the same time as
and as a result of a single reading, in the first instance, of the one or more words or symbols represented by the authentication
text: comparing each of the authentication text data, the first audio data, and the second audio data with each other and
determining that individual ones of the authentication text data, the first audio data, and the second audio data, each match
the other two to a defined threshold tolerance;

providing the access request computing system associated with the data requesting party access to the protected data in the
database; and

wherein at least one of the first computing system or the second computing system is a mobile computing system.

US Pat. No. 10,134,050

METHOD AND SYSTEM FOR FACILITATING THE PRODUCTION OF ANSWER CONTENT FROM A MOBILE DEVICE FOR A QUESTION AND ANSWER BASED CUSTOMER SUPPORT SYSTEM

Intuit Inc., Mountain Vi...

1. A method for facilitating use of mobile devices to respond to questions submitted to a question and answer customer support system, to improve a rate of response to the questions by customer support personnel, the method comprising:training, using a computing system, predictive models using historical question and answer data, the training resulting in at least one predictive model configured to estimate, based on a received question, an expected answer length, determine whether an answer to the question is likely to include a web link, and determine whether a question answerer is more likely than not to have to perform research in order to answer the question;
receiving, with a computing system having a processor and a memory, a first question from a user having a first type;
determining that the received question is a first type of question and forming and sending a response to the user with recommendations for the user to reform the question into a different type;
receiving a reformed first question from the user, the reformed question being the first question transformed into a second type of question;
analyzing, using the one or more predictive models, the reformed first question with a question and answer customer support system of the computing system by
determining one or more attributes of the reformed first question and determining that the reformed first question is a mobile device answerable question, because one or more of the determined one or more attributes of the reformed first question satisfy one or more mobile device question criteria;
prioritizing, using the computing system, the answering of the reformed first question over the answering of questions that are not mobile device answerable questions;
configuring multiple user interface elements, at least partially based on the one or more attributes of the reformed first question by at least prepopulating the user interface elements to include at least one proposed answer to the reformed first question; and
providing the user interface elements with the question and answer customer support system for display in a user interface on the mobile device of a first question answerer.

US Pat. No. 9,473,481

METHOD AND SYSTEM FOR PROVIDING A VIRTUAL ASSET PERIMETER

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing a virtual perimeter for assets, comprising:
maintaining, by a first instance of a virtual perimeter agent installed on a first virtual asset of a first plurality of assets,
a data structure for identifying a first plurality of assets, wherein separate instances of the virtual perimeter agent reside
on each virtual asset of the first plurality of assets, wherein the data structure includes identifiers for each asset of
the first plurality of assets, wherein the first plurality of assets include virtual assets and computing systems configured
to communicate over one or more networks, wherein the first plurality of assets is within a first virtual perimeter and a
second plurality of assets is outside the first virtual perimeter but is inside a second virtual perimeter, at least one virtual
asset of the second plurality of assets being assigned a first set of roles associated with the second virtual perimeter,
wherein a given asset being assigned a role with respect to a given virtual perimeter enables the given asset to perform one
or more virtual asset operations within the given virtual perimeter and restricts the given asset from performing other virtual
asset operations within the given virtual perimeter;

providing services, by the first virtual asset to a second virtual asset of the first plurality of assets, at least partially
based on the identifiers for the first plurality of assets and based on a first role assigned to the first virtual asset,
wherein the first role is enforced on the first of the first plurality of assets by the first instance of the virtual perimeter
agent;

qualifying, by the virtual perimeter agent of the first virtual asset by virtue of the first virtual asset being assigned
a first virtual perimeter role enabling admissions operations, a third virtual asset of the second plurality of assets for
admission into the first virtual perimeter by determining whether the third virtual asset satisfies criteria for admission
into the first virtual perimeter, the qualification of the third virtual asset including:

requesting, by the virtual perimeter agent of the first virtual asset of the third virtual asset, communications history of
the third virtual asset;

receiving, responsive to the request and from the third virtual asset at the first virtual asset, communications history data
of the third virtual asset; and

analyzing, by the virtual perimeter agent of the first virtual asset, the communications history data and comparing the communications
history data against admissions and exclusionary criteria to determine whether to qualify the third virtual asset;

admitting, by the virtual perimeter agent of the first virtual asset, the qualified third virtual asset into the first virtual
perimeter by:

installing, by the virtual perimeter agent of the first virtual asset, an instance of the virtual perimeter agent on the admitted
qualified third virtual asset;

adding, by the virtual perimeter agent of the first virtual asset, an identifier of the one of the second plurality of assets
to the data structure; and

assigning, by the virtual perimeter agent of the first virtual asset, a second role to the one of the second plurality of
assets to determine second access privileges of the one of the second plurality of assets within the virtual perimeter.

US Pat. No. 9,787,664

METHODS SYSTEMS AND ARTICLES OF MANUFACTURE FOR IMPLEMENTING USER ACCESS TO REMOTE RESOURCES

INTUIT INC., Mountain Vi...

1. A computer implemented method for implementing user access to a plurality of remote resources, comprising:
receiving, at the first computer, a single click on a user interface element of a user computing device through a first network
for accessing the plurality of remote resources, wherein the plurality of remote resources reside on a second computer accessible
by the first computer through a second network;

performing, at the first computer:
automatic logon for the user, without human intervention other than the single click, using centrally stored user credentials
that are used to authenticate or authorize the user access to the plurality of remote resources each requiring a separate
authentication or authorization on the second computer, wherein

the user computing device includes no login logic for authenticating or authorizing the user access to the plurality of remote
resources and is authenticated or authorized to access the plurality of remote resources on the second computer, without transmitting
the centrally stored user credentials from the user computing device or using a single-sign-on mechanism where at least one
ticket is passed between the first computer and the second computer to service at least one of the plurality of remote resources
to the user;

initiation or identification of a new session between the first computer and the second computer through the second network,
and

authentication or authorization of the user on the first computer granting the user access to the plurality of remote resources
on the second computer; and

enabling, by the first computer, the user to access the plurality of remote resources by using the new session in response
to the single click on the user interface element.

US Pat. No. 9,412,103

METHODS SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR MANAGING ACCESS TO CUSTOMER DATA

INTUIT INC., Mountain Vi...

1. A computer-implemented method for managing access to customer data by a customer service agent of a merchant, the method
comprising:
an intermediate computer, controlled by a host other than the merchant and in communication with a computing device of a customer
through a first network and in communication with a computer of a customer service agent through a second network, storing
customer data received from the customer computing device through the first network;

the customer service agent computer receiving a communication request through a third network and from the customer computing
device, the communication request comprising a request by the customer to communicate with the customer service agent;

the customer service agent computer transmitting a data request to the intermediate computer through the second network, wherein
the data request is transmitted by the customer service provider computer to the intermediate computer in response to selection
by the customer of an item of a call menu of the customer service agent computer before the customer is routed to a live customer
service agent;

the intermediate computer receiving the data request from the customer service agent computer; and
in response to the data request, the intermediate computer providing the customer service agent computer with access through
the second network to the customer data stored by the intermediate computer before the customer is routed to the live customer
service agent, wherein the intermediate computer is responsive to the customer indicating when the customer service agent
computer is permitted to access the customer data,

wherein the customer and the customer service agent engage in a live discussion with each other through the customer computing
device and the customer service agent computer after the customer service agent computer is provided access to the customer
data stored by the intermediate computer.

US Pat. No. 9,330,263

METHOD AND APPARATUS FOR AUTOMATING THE BUILDING OF THREAT MODELS FOR THE PUBLIC CLOUD

Intuit Inc., Mountain Vi...

1. A computing system implemented method for automating threat model generation for an application of an asset of a service
provider, comprising:
identifying, with a first computing environment, components of the application,
wherein the components receive, transfer, and transmit information for the application,
wherein the asset includes a second computing environment provided by the service provider and configured to make the application
publically available through one or more networks;

receiving security information, for at least some of the components, that identifies whether measures were taken within the
application to secure the application against a list of security threats,

wherein the first computing environment maintains the list of security threats within a threat model database;
determining whether the measures sufficiently address security risks associated with the list of security threats, including:
transmitting first queries to a third computing environment that are related to the security information,
wherein the third computing environment is a different computing environment than the first and second computing environments;
receiving responses from the third computing environment to the first queries related to the security information;
transmitting subsequent queries to the third computing environment in response to and based at least in part on content of
the responses to the first queries; and

providing a threat model to the third computing environment, the threat model including a report that identifies components
of the application that have been sufficiently secured, and identifies components of the application that have been insufficiently
secured, from each of the list of security threats, as determined by the first computing environment.

US Pat. No. 9,129,283

ACCESSING CONFIDENTIAL DATA SECURELY USING A TRUSTED NETWORK OF MOBILE DEVICES

Intuit Inc., Mountain Vi...

1. A system comprising:
a keyholding device;
a managing device, communicatively coupled to the keyholding device, comprising:
a processor;
a protected application executing on the processor; and
a memory storing:
encrypted data encrypted using an encryption key, and
a trusted device list comprising a keyholding device identifier identifying the keyholding device; and
a data manager for:
receiving, from the protected application, a request to decrypt the encrypted data sent over a secure wireless communication
protocol, wherein the secure wireless communication protocol requires that a distance between the managing device and the
keyholding device be within a specified proximity;

obtaining the keyholding device identifier from the trusted device list;
sending a connection request to the keyholding device using the keyholding device identifier;
creating, based on the distance, an established connection in response to determining that the keyholding device has accepted
the connection request;

requesting, via the established connection, the encryption key from a keyholding process executing on the keyholding device;
obtaining the encryption key from the keyholding process on the keyholding device;
decrypting the encrypted data using the encryption key to obtain decrypted data; and
sending the decrypted data to the protected application.

US Pat. No. 9,817,679

TECHNIQUE FOR COLLECTING FINANCIAL INFORMATION

INTUIT INC., Mountain Vi...

1. A computer-implemented method for enabling automatic collection of financial information associated with a customer at
a financial institution by a financial software application, comprising:
receiving, at a transmission server for a provider of the financial-software application, an application request from the
financial institution,

wherein the transmission server comprises a microprocessor and a memory,
wherein the application request is in response to a request received initially at a data server of the financial institution
from a customer computer, the received request in the form of a physical click at an icon associated with the financial software
application at a webpage of the financial institution,

wherein the application request includes a token comprising customer information,
wherein the application request does not include password information associated with an account of the customer at the financial
institution,

wherein for all communications between the financial institution and the transmission server password information for the
account of the customer at the financial institution is excluded, and

wherein the transmission server does not receive password information for the account of the customer at the financial institution
from the customer computer;

in response to receiving the application request, sending, by the transmission server of the provider of the financial-software
application, a request for financial information associated with the account of the customer at the financial institution,
wherein the account of the customer at the financial institution including the financial information is password protected,

wherein the sent request comprises customer information,
wherein the request for financial information does not include password information associated with the account of the customer
at the financial institution, and

wherein the transmission server does not have access to password information associated with the account of the customer at
the financial institution;

receiving, at the transmission server of the provider of the financial-software application, the requested financial information
from the data server of the financial institution, wherein the data server accesses the password protected financial information
based on the customer information;

subsequent to receiving the requested financial information:
accessing the memory of the transmission server of the provider of the financial software application, the memory containing
financial information associated with the customer; and

transmitting, over a data channel, from the transmission server of the provider of the financial software application to the
financial institution, a financial document for display at an information-viewing application on the customer computer, wherein
the financial document is generated from the financial information of the customer.

US Pat. No. 9,646,287

DYNAMIC SAMPLE PAYCHECK

Intuit Inc., Mountain Vi...

1. A method for configuring a payroll software application to generate a legal paycheck, comprising:
receiving, by a computer processor and from a user, a reduced portion of employee setup data prior to receiving a remainder
portion of the employee setup data, wherein the reduced portion of employee setup data comprises a plurality of employee set
up data items from partial employee payroll information;

inputting the reduced portion of employee setup data into the payroll software application to configure an employee record,
wherein the plurality of employee set up data items are inputted one at a time in a sequential manner;

dynamically generating, by the computer processor and prior to receiving the remainder portion, a sample paycheck by:
displaying a replica of the legal paycheck, wherein the replica comprises a plurality of blank fields of the legal paycheck;
inserting information into a portion of the plurality of blank fields based on the reduced portion of the employee setup data,
wherein other information related to the remainder portion of the employee setup data is not included in the replica;

presenting, prior to receiving the remainder portion, the replica of the legal paycheck to the user as the sample paycheck,
wherein the sample paycheck is not accepted by any financial institution for cashing; and

updating, in response to inputting each of the plurality of employee set up data items in the sequential manner, the sample
paycheck as a sequence of incrementally revised sample paychecks,

wherein the sequence of incrementally revised sample paychecks presents, to the user, an effect of the user interacting with
the payroll software application;

receiving, in response to presenting and updating the sample paycheck, an input from the user identifying an error in the
employee record;

correcting, in response to the input from the user, the error to update the sample paycheck;
receiving, from the user and in response to updating the sample paycheck, the remainder portion; and
generating, in response to receiving the remainder portion, the legal paycheck for the user, wherein the legal paycheck is
accepted by a financial institution for cashing.

US Pat. No. 9,569,630

METHOD AND SYSTEM FOR PROVIDING AN ENCRYPTION PROXY

Intuit Inc., Mountain Vi...

1. A system for providing an encryption proxy comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for providing an encryption proxy, the process for
providing an encryption proxy including:

securely decentralizing encryption key data and decreasing access latency for encryption key data by providing an encryption
proxy in a cloud computing environment, the encryption proxy being a virtual asset instantiated in the cloud computing environment,
the encryption proxy including encryption proxy authentication data, the encryption proxy authentication data for identifying
the encryption proxy as a trusted virtual asset in the cloud computing environment, the encryption proxy authentication data
including hardware identification data identifying underlying hardware on which the encryption proxy is running;

providing a secrets distribution management system, the secrets distribution management system being in a second computing
environment, the secrets distribution management system having access to the encryption key data representing one or more
encryption keys, the secrets distribution management system controlling the distribution of the one or more encryption keys
in accordance with one or more encryption key distribution policies;

providing, by the encryption proxy, the encryption proxy authentication data to the secrets distribution management system;
authenticating, by the secrets distribution management system, the encryption proxy by comparing the hardware identification
data with data obtained via a cloud provider of the cloud computing environment;

identifying, by the secrets distribution management system, the encryption proxy as a trusted virtual asset eligible to cache
encryption key data in a remote encryption key cache outside the second computing environment;

generating, by the encryption proxy, cache encryption key request data representing a request for data representing one or
more requested encryption keys to be cached in the remote encryption key cache;

providing, by the encryption proxy, the cache encryption key request data to the secrets distribution management system; and
providing, by the secrets distribution management system in response to the cache encryption key request data, data representing
one or more of the requested encryption keys to the remote encryption key cache.

US Pat. No. 9,516,044

METHOD AND SYSTEM FOR CORRELATING SELF-REPORTING VIRTUAL ASSET DATA WITH EXTERNAL EVENTS TO GENERATE AN EXTERNAL EVENT IDENTIFICATION DATABASE

Intuit Inc., Mountain Vi...

1. A computing system implemented method for correlating virtual asset patterns with external events, comprising:
receiving, at a first computing environment, data identifying one or more external events currently occurring, from one or
more electronic sources;

receiving first patterns from one or more first virtual assets providing one or more computing services to one or more users,
each of the one or more first virtual assets including an allocation of one or more hardware and software resources from a
second computing environment, the first patterns representing first operational characteristics of the first virtual assets
and generated by the one or more first virtual assets during the occurrence of the external event;

mapping, by populating a database with the first patterns and the data identifying associated external events, external events
to first patterns;

receiving a second pattern from a second virtual asset, the second pattern representing second operational characteristics
of the second virtual asset, the second patterns being at least partially based on deviations by the one or more second virtual
assets from the predetermined operating parameters;

determining, by comparing the second pattern to the first patterns to determine one or more first patterns similar to the
second pattern, at least one external event associated with the second pattern; and

distributing identifying data of the determined external events to the second virtual assets.

US Pat. No. 9,501,345

METHOD AND SYSTEM FOR CREATING ENRICHED LOG DATA

Intuit Inc., Mountain Vi...

1. A system for creating enriched log data comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the at least one processors, perform a process for creating enriched log data, the process for
creating enriched log data including:

obtaining access to first log data of a first log data source, the first log data source being a first virtual machine instance;
obtaining access to distinct log data of a plurality of distinct log data sources, each of the plurality of log data sources
being of different virtual machine instances distinct from virtual machine instances of each other log data source of the
plurality of log data sources;

defining at least two virtual machine instance trigger events, the defined at least two virtual machine instance trigger events
including a first trigger event being a security requirement setting event and a second trigger event being the creation or
changing of access control lists;

defining, responsive to the at least two virtual machine instance trigger events being defined, trigger event log entry data
associated with the defined at least two virtual machine instance trigger events;

monitoring, responsive to the at least two virtual machine instance trigger event being defined, log data of each log data
source of the plurality of log data sources;

detecting, as a result of the monitoring, trigger event log entry data in log data of a second log data source of the plurality
of log data sources;

inserting, into the first log data of the first log data source, the trigger event log data of the second log data representing
the trigger event of a second virtual machine instance occurring;

detecting, as a result of the monitoring, trigger event log entry data in log data of a third log data source of the plurality
of log data sources; and

inserting, into the first log data of the first log data source, the trigger event log data of the third log data representing
the trigger event of the third virtual machine instance occurring.

US Pat. No. 9,292,579

METHOD AND SYSTEM FOR DOCUMENT DATA EXTRACTION TEMPLATE MANAGEMENT

Intuit Inc., Mountain Vi...

1. A computing system implemented method for document data extraction template management comprising the following, which
when executed individually or collectively by any set of one or more processors perform a process including:
receiving data extraction template data representing a data extraction template associated with a specific source document
type;

determining a field hit count number associated with the data extraction template, the field hit count number indicating the
number of data fields from which data can be extracted from the specific source document type using the data extraction template;

using the data extraction template to extract data from received source documents of the specific source document type;
monitoring the acceptance or rejection of data extracted from received source documents of the specific source document type
using the data extraction template;

determining a data acceptance count to be associated with the data extraction template, the data acceptance count indicating
the number of times the data extracted from received source documents of the specific source document type using the data
extraction template is accepted;

transforming the field hit count number associated with the data extraction template and the data acceptance count associated
with the data extraction template into data extraction template ranking score data for the data extraction template;

saving the data extraction template data and the data extraction template ranking score data for the data extraction template
as ranked data extraction template data; and

aggregating ranked data extraction template data associated with two or more data extraction templates associated with the
specific source document type.

US Pat. No. 9,141,522

VIRTUAL CLUSTER IMMUNE SYSTEM FOR DYNAMIC TESTING

INTUIT INC., Mountain Vi...

1. A computer-system-implemented method for dynamic testing of a software product, the method comprising:
receiving a pre-defined set of tests associated with the software product;
generating virtual environments corresponding to subsets of a group of individuals;
using the computer system, executing the pre-defined set of tests in the virtual environments, wherein, during a given test
in the pre-defined set of tests, individuals in a corresponding subset interact with the software product,

wherein, prior to executing the pre-defined set of tests for a first time, selecting the subsets based on one or more attributes
of individuals in the group of individuals;

analyzing results of the executed pre-defined set of tests;
updating the subsets based on the analysis; and
repeating the executing, analyzing and updating operations until a termination criterion is reached.

US Pat. No. 9,117,247

SYSTEMS METHODS AND COMPUTER PROGRAM PRODUCTS FOR ENCODING AND DECODING TAX RETURN DATA

INTUIT INC., Mountain Vi...

11. A computer-implemented method for preparing a portion of an electronic tax return using a symbolic representation tax
data, a mobile communication device and a tax return preparation application, the method comprising:
a computing apparatus receiving an image of a two-dimensional machine readable representation of tax data acquired by a camera
of the mobile communication device, wherein the tax data is for inclusion in the electronic tax return being prepared using
the tax return preparation application and that is to be filed with a tax authority, the two-dimensional machine readable
representation being encoded according to a pre-determined segmentation;

the computing apparatus decoding the two-dimensional machine readable representation of tax data to determine tax data based
at least in part upon a pre-determined segmentation of the two-dimensional machine readable representation, wherein decoding
does not involve optical character recognition;

the computing apparatus mapping respective segments to respective fields of the electronic tax return to be populated with
respective determined tax data;

before the electronic tax return is filed with the tax authority, the tax return preparation application, executing on the
mobile communication device, preparing at least a portion of the electronic tax return by populating respective fields of
the electronic tax return with respective determined tax data and completing the electronic tax return; and

electronically filing the completed electronic tax return with the tax authority utilizing the tax return preparation application.

US Pat. No. 9,105,019

METHOD AND SYSTEM FOR DEPOSITING FUNDS AT A POINT OF SALE TERMINAL

Intuit Inc., Mountain Vi...

1. A method for depositing funds using a point of sale (POS) terminal by establishing a financial account, the method comprising:
receiving, by the POS terminal of a merchant, a deposit request from a consumer of the merchant to deposit the funds by establishing
the financial account;

automatically generating, by a financial engine (FE) comprising at least one computer processor connected to a memory, the
FE operatively connected to the POS terminal, a merchant account number associated with the consumer in response to the deposit
request;

sending, by the FE and after receiving the deposit request from the customer, an account generation request to a financial
institution (FI) to set up the financial account for the consumer, wherein the deposit request exists before the financial
account exists;

receiving, by the FE, a financial account number for the financial account from the FI in response to the account generation
request;

assigning, by the FE, the merchant account number to the financial account number of the financial account;
receiving, by the POS terminal, the funds from the consumer associated with the merchant account number;
sending, by the FE operatively connected to the POS terminal, the financial account number associated with the merchant account
number and the funds to the FI, wherein the funds are deposited into the financial account corresponding to the financial
account number; and

sending the merchant account number to the customer.

US Pat. No. 9,444,860

METHOD AND SYSTEM FOR DATA DRIVEN CHECKLIST SHARING

Intuit Inc., Mountain Vi...

1. A method for checklist sharing, comprising:
monitoring a plurality of actions of a user on a computer device, the computer device comprising a processor and a global
positioning system (GPS);

identifying, by the processor, an action of the plurality of actions of the user, wherein the action indicates a location
of the user determined by the GPS of the computer device;

identifying a transaction record of a plurality of transaction records based on the action;
identifying a checklist of a plurality of checklists based on the transaction record;
sending a notification of identifying the checklist to the user;
receiving, from the user, a download request to download the checklist;
downloading the checklist to the user in response to the download request;
receiving, from the user, a first upload request to upload a first modified checklist, wherein the first modified checklist
is based on the checklist;

in response to the first upload request:
assigning a first checklist relationship to the first modified checklist, wherein the first checklist relationship defines
the checklist to be a parent of the first modified checklist; and

uploading the first modified checklist to a data repository that shares the first modified checklist with a plurality of users;
receiving, from the user, a second upload request to upload a second modified checklist, wherein the second modified checklist
is based on the first modified checklist; and

in response to the second upload request:
assigning a second checklist relationship to the second modified checklist, wherein the second checklist relationship defines
the first modified checklist to be a parent of the second modified checklist; and

uploading the second modified checklist to the data repository.

US Pat. No. 9,245,117

METHOD AND SYSTEM FOR COMPARING DIFFERENT VERSIONS OF A CLOUD BASED APPLICATION IN A PRODUCTION ENVIRONMENT USING SEGREGATED BACKEND SYSTEMS

Intuit Inc., Mountain Vi...

1. A system for comparing two versions of a cloud based application in a production environment using segregated backend systems
comprising:
one or more processors;
a production environment, wherein the production environment includes one or more production environment components used to
implement an application in the production environment selected from the group of production environment components consisting
of

one or more computing environments used to implement the application in the production environment, wherein at least one of
the one or more computing environments used to implement the application in the production environment is a cloud-based computing
environment;

one or more computing systems used to implement the application in the production environment;
one or more virtual assets used to implement the application in the production environment;
one or more hypervisors used to implement the application in the production environment;
one or more communications channels used to implement the application in the production environment;
one or more firewalls used to implement the application in the production environment;
one or more routers used to implement the application in the production environment;
one or more communications endpoint proxy systems used to implement the application in the production environment;
one or more access control systems used to implement the application in the production environment;
one or more load balancers used to implement the application in the production environment;
one or more databases used to implement the application in the production environment; and
one or more services used to implement the application in the production environment; and
at least one memory coupled to the one or more processors, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for comparing two versions of a cloud based application
in the production environment using segregated backend systems, the process for comparing the two versions of the cloud based
application in the production environment using the segregated backend systems including:

implementing a first version of an application in the production environment;
implementing a second version of an application in the production environment;
providing two or more backend systems associated with the implementation of the first and second versions of the application
in the production environment, wherein at least one of the two or more backend systems used to implement the application in
the production environment are backend servers implemented in a computing environment that is distinct from the cloud-based
computing environment;

receiving actual user data;
routing a first portion of the actual user data representing user data from a first group of users to be processed by the
first version of the application using a first backend system of the two or more backend systems;

routing a second portion of the actual user data representing user data from a second group of users to be processed by the
second version of the application using a second backend system of the two or more backend systems;

processing the first portion of the actual user data using the first version of the application in the production environment
and the first backend system of the two or more backend systems to transform the first portion of the actual user data into
first portion of actual users' results data;

processing the second portion of the actual user data using the second version of the application in the production environment
and the second backend system of the two or more backend systems to transform the second portion of the actual user data into
second portion of actual users' results data; and

analyzing the second portion of actual users' results data to evaluate the production environment and/or operation of the
second version of the application in the production environment.

US Pat. No. 9,208,551

METHOD AND SYSTEM FOR PROVIDING EFFICIENT FEEDBACK REGARDING CAPTURED OPTICAL IMAGE QUALITY

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing efficient feedback regarding captured optical image quality comprising
the following, which when executed individually or collectively by any set of one or more processors perform a process including:
obtaining a source document;
capturing an optical image of the source document using an image capture device associated with a computing system;
dividing the optical image of the source document into two or more distinct source document image test regions, each source
document image test region representing only a portion of the entire optical image of the source document;

performing individual and separate optical image scans on each source document image test region with regions of the source
document optical image that are outside the source document test regions remaining unscanned;

determining, through individual analyses of the individual and separate scans, that there are not any identifiable alpha-numeric
characters or symbols present in at least one of the individual and separate scans;

designating the captured optical image of the source document as being of insufficient quality to identify and extract individual
characters and symbols;

recommending that the optical image of the source document be re-captured using an image capture device;
wherein the number of source document image test regions is determined based on the resolution of the image capture device.

US Pat. No. 9,087,354

ORDERING CHECKS USING A MOBILE DEVICE

Intuit Inc., Mountain Vi...

1. A method to authenticate a request for a set of paper checks using a smartphone, comprising:
obtaining, using the smartphone, an image of a check;
analyzing, using a computer processor of the smartphone and based on a pre-determined check template, the image to identify
account information of the check, wherein the account information relates to a checking account of an account holder at a
financial institution issuing the check;

extracting, using the computer processor, the account information comprising a checking account number, a name of the account
holder, and an address of the account holder from the image;

determining, using a global positioning system (GPS) of the smartphone, a current location of a user of the smartphone;
authenticating the request by comparing the address of the account holder and the current location of the user of the smartphone;
searching, using the computer processor and in response to authentication of the request, a database to identify a check ordering
service based on the account number and the address of the account holder; and

submitting to the check ordering service, using the smartphone, an order of the set of paper checks for the account holder
based on the account information of the account holder.

US Pat. No. 9,710,436

METHOD AND SYSTEM FOR GENERATING A MODIFIED WEBSITE

Intuit Inc., Mountain Vi...

1. A method for managing a website, comprising:
obtaining a plurality of data items from a plurality of websites, wherein each of the plurality of data items comprises a
conversion rate corresponding to a percentage of transactions completed by a plurality of website visitors accessing the data
item;

receiving, by the processor and from a user, a website text item of the website;
identifying a business type of the website and a website element category of the website text item;
searching, by the processor and using the business type and the website element category, the plurality of data items to identify
a subset of the plurality of data items;

identifying, by the processor and from the subset, a comparable text item to the website text item;
identifying, by the processor and from the subset, a modified text item, wherein a conversion rate of the modified text item
exceeds a conversion rate of the comparable text item;

generating, using the processor, a conversion improved website comprising the modified text item, wherein the modified text
item replaces the website text item;

receiving, from the user, an approval of the conversion improved website;
obtaining a localized traffic rate of the comparable text item;
identifying a modified localized traffic text item comprising a modified localized traffic rate that exceeds the localized
traffic rate;

generating a localized traffic improved web site comprising the modified localized traffic text item, wherein the modified
localized traffic text item is text;

receiving, from the user, a fourth approval of the localized traffic improved website; and
generating, based on the fourth approval, the website comprising the modified localized traffic text item based on the localized
traffic improved website,

wherein the localized traffic improved website receives more traffic originating from a country than the website comprising
the website text item.

US Pat. No. 9,639,900

SYSTEMS AND METHODS FOR TAX DATA CAPTURE AND USE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for preparing at least a portion of an electronic tax return with a computerized tax preparation
application, the computer-implemented method comprising:
a computing device receiving an image of one or more documents containing tax data therein with an imaging device;
the computing device processing the image by:
extracting a plurality of features from the image of the one or more documents, wherein optical character recognition is performed
on at least one of the features to output text,

comparing the extracted one or more features and output text to a graphical database and a textual database, respectively,
containing a plurality of different tax forms, and

identifying a tax form corresponding to the one or more documents from the plurality of different tax forms based on a comparison
of the extracted one or more features and the output text to the graphical database and the textual database, respectively;
and

the computing device transferring at least a portion of the tax data determined from the image into corresponding fields of
the computerized tax preparation application to automatically prepare at least a portion of the electronic tax return.

US Pat. No. 9,460,395

SYSTEM AND METHOD FOR DEPLOYING PREDICTIVE MODELS

Intuit Inc., Mountain Vi...

1. A system for deploying predictive models comprising:
an application computing system executing an application program, the application computing system being coupled to a network;
a decision engine operatively coupled to the application program;
a data aggregation service operatively coupled to the decision engine;
receiving, at the application computing system, data identifying an authorized consumer user who is currently using the application
program;

determining, by the application program and using data associated with the authorized consumer user, a next action to be performed
by the application program, the next action being a configurable action and involving at least one interaction with the authorized
consumer user, wherein a possible next action is selected from a plurality of possible next actions of the application program,
the determination of a next action requiring selection, by the application program from a plurality of decision models, of
a first decision model specific to the next action to be performed, wherein decision models of the plurality of decision models
require different sets of consumer user data to be analyzed in making a determination of the next action to be performed;

determining, by the decision engine using resources of the data aggregation service and from a plurality of next action configurations,
an active configuration appropriate for the authorized consumer user, the determination of the active configuration being
dependent on results of an analysis of a particular consumer user data set specific a determined decision model, wherein the
particular consumer user data set specific to the determined decision model is different than other user data sets associated
with other decision models available for selection and is also a subset of an entirety of available data associated with the
consumer user; and

implementing, by the application program, the active configuration.

US Pat. No. 9,342,690

METHOD AND APPARATUS FOR A SCORING SERVICE FOR SECURITY THREAT MANAGEMENT

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing a security threat scoring service to identify and prioritize potential
security threats for an online service, comprising:
determining, with a computing system, security threat patterns by:
monitoring first traffic between the online service and a test program,
wherein the first traffic includes requests for information transmitted to the online service from the test program, wherein
the requests include data representing requests to application programming interfaces of the online service for communicating
with the online service;

recording patterns associated with the first traffic between the test program and the online service,
wherein the patterns associated with the first traffic include durations of delays between transmission of requests from the
test program to the online service; and

defining deviations from the patterns as the security threat patterns, wherein the deviations include a delay threshold that
is shorter in duration than the durations of delays between transmission of requests from the test program to the online service,
wherein durations of delays between transmission requests from one or more external computing systems to the online service
that are faster than the delay threshold are identified as potential security threats;

comparing second traffic between the one or more external computing systems and the online service to the security threat
patterns;

identifying portions of the second traffic as a potential security threat, if the portions of the second traffic correlate
with at least one of the security threat patterns;

assigning a threat score to the potential security threat at least partially based on a potential impact of the potential
security threat on the online service; and

providing the threat score to the online service to enable the online service to secure against the potential security threat.

US Pat. No. 10,048,497

SECURE PAIRING OF HEAD-MOUNTED ELECTRONIC DEVICES

INTUIT INC., Mountain Vi...

1. A first head-mounted electronic device, comprising: a heads-up display configured to display information to a first user of the first head-mounted electronic device; a sensor; a processor; and a memory storing a set of instructions that, when executed by the processor, perform an operation to establish a secure connection with a second head-mounted electronic device associated with a second user, the operation comprising: receiving a voice command from the first user of the first head-mounted electronic device to capture sensory information; in response to receiving the voice command, capturing, via the sensor, sensory information associated with an object identifying the second user of the second head-mounted electronic device in an environment of the first head-mounted electronic device, the sensory information comprising at least one of an image, a video, or an audio recording, the sensory information further comprising a time at which the sensory information was captured; providing the sensory information captured via the sensor to a pairing electronic device; receiving connection information from the pairing electronic device if the sensory information identifies the second user; and establishing the secure connection with the second head-mounted electronic device based on the connection information.

US Pat. No. 9,760,953

COMPUTER IMPLEMENTED METHODS SYSTEMS AND ARTICLES OF MANUFACTURE FOR IDENTIFYING TAX RETURN PREPARATION APPLICATION QUESTIONS BASED ON SEMANTIC DEPENDENCY

INTUIT INC., Mountain Vi...

1. A computer-implemented method, comprising:
a modular rule engine of a computerized tax return preparation application comprising instructions executed by a processor
of a computer

receiving runtime data of the electronic tax return, wherein respective fields for respective questions presented by the tax
return preparation application are populated with respective data of the runtime data,

determining which questions of the tax return preparation application remain unanswered after receiving the runtime data based
at least in part upon the received runtime data and a data structure generated by

transforming a first data structure of a pre-determined question-and-answer flow into a second data structure different from
the first data structure,

identifying unanswered questions within the second data structure that are free of pre-determined semantic dependency based
at least in part upon an answer to at least one tax return preparation application question within the second data structure,
wherein the unanswered questions are identified without reference to the first data structure, and selecting at least one
identified unanswered question of the identified unanswered questions within the different, transformed data structure; and
generating a non-binding suggestion based at least in part upon the selected unanswered question; and

a modular interface controller of the computerized tax return preparation application receiving the non-binding suggestion
as an input, and generating an interview screen that is presented to a user of the tax return preparation application through
a display of the computer based at least in part upon the non-binding suggestion, the modular rule engine and the modular
interface controller being loosely coupled to each other such that the non-binding suggestion generated by the modular rule
engine does not control how the modular interface controller determines content of the interview screen.

US Pat. No. 9,330,415

PERSONAL SAVINGS PLAN

Intuit Inc., Mountain Vi...

1. A method for saving money through payroll withholding, comprising:
receiving, by a merchant portal and from an employee, a selection of a physical product from a list of products provided by
a plurality of merchants;

obtaining, by a web portal coupled to the merchant portal and for a tax year, a projected tax liability of the employee and
a target savings amount corresponding to a price of the physical product selected by the employee;

identifying, by a payroll system coupled to the web portal and for the tax year, a plurality of pay periods for the employee;
calculating, by the payroll system, a plurality of tax withholding amounts for the plurality of pay periods based on the projected
tax liability;

calculating, by the payroll system, a plurality of savings withholding amounts for the plurality of pay periods based on the
target savings amount;

withholding, by the payroll system, the plurality of tax withholding amounts and the plurality of savings withholding amounts
from a plurality of paychecks of the employee corresponding to the plurality of pay periods;

monitoring, by the merchant portal, the price of the physical product;
obtaining, from the merchant portal, a revised price of the physical product;
notifying, by the web portal, the employee of the revised price of the physical product;
obtaining, by the web portal, the approval of the employee to modify at least one of the plurality of savings withholding
amounts based on the revised price of the physical product;

modifying, by the payroll system, the at least one of the plurality of savings withholding amounts based on the revised price
of the physical product;

sending, by the payroll system, the plurality of tax withholding amounts to a tax authority for paying the projected tax liability;
funding, by the payroll system, a third-party financial account at a financial institution with the plurality of savings withholding
amounts;

obtaining, by the web portal and from the employee, a savings rule related to at least one of the target savings amount, the
selection of the physical product, the third-party financial account, and the plurality of savings withholding amounts;

applying the savings rule to the at least one of the target savings amount, the selection of the physical product, the third-party
financial account, and the plurality of savings withholding amounts;

disbursing, by the payroll system and after withholding the plurality of savings withholding amounts, the target savings amount
from the third-party financial account;

sending, by the payroll system to the plurality of merchants, an electronic notification inviting each of the plurality of
merchants to offer an auction price of the physical product;

selecting, by the payroll system from the plurality of merchants, a merchant based on the auction price offered by the merchant;
and

facilitating, by the payroll system in response to disbursing the target savings amount, purchasing and delivering the physical
product for the employee.

US Pat. No. 9,319,374

PERSONALIZED BOOKMARKING OF TEXTSITE APPLICATIONS VIA A TEXT MESSAGE

Intuit Inc., Mountain Vi...

1. A method for using a bookmark to access content from a global textsite platform (GTP), comprising:
obtaining a bookmark creating text message, wherein the bookmark creating text message is based on a text messaging service
(TMS) and sent by a user to create the bookmark;

extracting, by a computer processor from the bookmark creating text message and based on a pre-determined syntax, a user ID
representing the user, a first bookmark ID representing the bookmark, and a first registered unique keyword used to access
a first textsite from the GTP based on the TMS; and

storing, as a bookmark entry in a bookmark list of the GTP, the user ID, the first bookmark ID, and the first registered unique
keyword,

wherein the first bookmark ID is used by the user to access the first textsite from the GTP.

US Pat. No. 9,129,323

METHOD AND SYSTEM FOR FACILITATING CUSTOMER DRIVEN GROUP SALES AND DISCOUNTS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for facilitating customer driven group sales and discounts comprising the following,
which when executed individually or collectively by any set of one or more processors perform a process including:
obtaining item identification data indicating a product or service of interest to a first party;
posting at least part of the item identification data to a network location;
monitoring, using a module specifically configured for monitoring and collecting data relating to network activity, one or
more amounts of time spent at the network location by one or more parties;

determining respective amounts of time spent by the one or more parties on the network location;
determining one or more of the respective amounts of time that exceed a predetermined threshold amount of time, resulting
in level of interest data;

responsive to determining one or more of the respective amounts of time exceeding the predetermined threshold amount of time,
generating an alert informing at least one provider of the product or service of the level of interest data;

receiving offer data from the at least one provider of the product or service indicating a group sale related offer associated
with the product or service, the offer data reflecting a condition based on a predetermined number of the individuals indicating
interest in the product or service accepting the offer and actually purchasing the product or service; and

providing at least part of the offer data to at least one of the first party or the one or more parties other than the first
party.

US Pat. No. 9,129,278

PRE-ALLOCATING MERCHANT ID IN A CREDIT CARD PROCESSOR ENTITY SYSTEM BY A MASTER MERCHANT

Intuit Inc., Mountain Vi...

1. A method to process credit card transactions, comprising:
obtaining, by the master merchant computer system from a credit card processor computer system of a credit card transaction
network, a plurality of available merchant account IDs;

transmitting, by a master merchant computer system separate from the credit card processor computer system, a merchant account
set up application to a computer system of a merchant of a plurality of merchants;

receiving, by the master merchant computer system and after obtaining the plurality of available merchant account IDs and
providing the merchant account set up application, a request from the computer system of the merchant via the merchant account
set up application to set up a merchant account of the plurality of merchant accounts, wherein the request comprises a name
of the merchant;

receiving, by the master merchant computer system from a credit card processor computer system, a credit approval of the merchant;
assigning, by the master merchant computer system and in response to the credit approval of the merchant and the request,
a merchant account ID selected from the plurality of available merchant account IDs to the merchant for setting up the merchant
account;

receiving, by the master merchant computer system from the credit card processor computer system, a record of a credit card
transaction of the merchant, wherein the credit card transaction includes the merchant account ID;

identifying, by the master merchant computer system, the name of the merchant based on the merchant account ID included in
the record of the credit card transaction;

generating, by the master merchant computer system, an amended record of the credit card transaction by at least adding the
name of the merchant to the record of the credit card transaction; and

sending, by the master merchant computer system, the amended record of the credit card transaction to the credit card processor
computer system.

US Pat. No. 9,734,136

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR RENDERING INTERNET CONTENTS ON DIFFERENT DISPLAYS OF MOBILE DEVICES

INTUIT INC., Mountain Vi...

1. A machine implemented method for natively painting Internet contents on different displays of mobile communication devices,
the method being performed by at least a mobile communication device including a plurality of painter applications and comprising:
receiving, by a mobile communication device, a description of a screen from a backend service server, wherein the backend
service server is in communication with a first server hosting a software application which the mobile communication device
attempts to access, and the software application comprises a tax return preparation software application;

identifying, by the mobile communication device, a plurality of data models for the screen by extracting the plurality of
data models from the description;

generating, by the mobile communication device, at least one inquiry of whether a first painter application receiving the
at least one inquiry has native capability to paint the screen based at least in part upon the description;

communicating the at least one inquiry to at least a second painter application of the plurality of painter applications;
at least the second painter application receiving the at least one inquiry and generating respective responses to the at least
one inquiry, wherein a communication of the at least one inquiry to a third painter application is skipped based at least
in part upon the respective responses of at least the second painter application;

selecting a painter application from the plurality of painter applications, wherein the painter application that has been
selected is not the third painter application; and

painting the screen by transforming at least one data model of the plurality of models into content of the screen by the painter
application that has been selected.

US Pat. No. 9,246,935

METHOD AND SYSTEM FOR DYNAMIC AND COMPREHENSIVE VULNERABILITY MANAGEMENT

Intuit Inc., Mountain Vi...

1. A system for dynamic and comprehensive vulnerability management comprising:
at least one processor; and
at least one memory unit coupled to the at least one processor, the at least one memory unit having stored therein instructions
which when executed by any set of the one or more processors, perform a process for dynamic and comprehensive vulnerability
management, the process for dynamic and comprehensive vulnerability management including:

obtaining vulnerability management data;
obtaining scanner data representing one or more scanner tests configured to discover one or more vulnerabilities in an asset;
obtaining remedy data representing two or more remedies associated with vulnerabilities scanned for by the one or more scanner
tests, the two or more remedies including a first remedy of automatic re-sizing of buffers and buffer pools and a second remedy
of automatic re-setting or changing a response time;

correlating the remedy data with vulnerabilities discoverable by the scanner tests;
obtaining asset data associated with an asset;
analyzing the vulnerability management data and the asset data to automatically identify a relevant scanner test in the scanner
data to be applied to the asset;

determining an ideal time to deploy the relevant scanner test on the asset;
automatically deploying the relevant scanner test on the asset at, or before, the ideal time;
if a vulnerability is identified by the relevant scanner test, identifying the remedy in the remedy data associated with the
identified vulnerability;

automatically applying the identified remedy to the asset;
automatically re-deploying the relevant scanner on the asset to determine if the identified vulnerability has been corrected;
and

if the identified vulnerability is present after the remedy associated with the identified vulnerability has been applied
taking protective action to mitigate the vulnerability.

US Pat. No. 9,118,614

NOTIFICATION MANAGER

Intuit Inc., Mountain Vi...

1. A method to provide notifications to a user, comprising:
receiving, by a computer processor, notification subscription information comprising user selections made by the user indicating
a first request to receive the notifications from at least a first network application and a second network application, and
a second request to access a website of a third network application upon detecting a notification from the third network application;

obtaining, based on the notification subscription information, a first notification that is generated and sent by the first
network application, wherein the first notification notifies the user regarding a first status of the first network application;

obtaining, based on the notification subscription information, a second notification that is generated and sent by the second
network application, wherein the second notification notifies the user regarding a second status of the second network application;

obtaining, based on the notification subscription information, a third notification that is generated and sent by the third
network application, wherein the third notification notifies the user regarding a third status of the third network application;

aggregating, by the computer processor, at least the first notification and the second notification to generate a plurality
of aggregate notifications;

presenting, by the computer processor and to the user, the plurality of aggregate notifications as an aggregate notification
list within a single user interface;

determining that the third status matches a user specified criterion in the notification subscription information, wherein
the user specified criterion specifies a type of notification from the third network application; and

redirecting, in response to obtaining the third notification and based on the notification subscription information, the user
to the website of the third network application,

wherein the user is redirected to the website of the third network application further in response to the determining.

US Pat. No. 9,804,886

EXTENDING OBJECT-SCHEMA-BASED APPLICATION PROGRAMMING INTERFACES (APIS)

INTUIT INC., Mountain Vi...

1. A method for extending an object schema-based application programming interface (API), comprising:
receiving, from a user, a schema defining an extension to the API and a reference to a parent node in a graph projection of
the API, wherein the graph projection of the API comprises a number of navigable paths, each navigable path representing a
function exposed by the API and wherein the extension defines a plurality of functions to be added to the API;

verifying that the schema defines a valid extension to the API based at least in part on whether the navigable path comprises
a continuous path in the graph projection of the API from a root node of the graph projection of the API to the node representing
the extension by determining that a parent node of the extension is an existing node in the graph projection of the API;

updating the graph projection of the API to include a node representing the extension and a navigable path to the node representing
the extension; and

processing a request from the user by traversing through the updated graph projection of the API, the request representing
the navigable path to the node representing the extension.

US Pat. No. 9,563,718

USING INTERACTIVE SCRIPTS TO FACILITATE WEB-BASED AGGREGATION

INTUIT INC., Mountain Vi...

1. A method for facilitating interactivity during automated web-site accesses on behalf of a user, comprising:
selecting, for execution at a computer, a first script from a set of scripts;
executing, at a computer, the first script which accesses one or more websites, wherein executing the first script initially
comprises:

retrieving previously stored authentication credentials associated with the user;
automatically navigating to a target website on behalf of the user;
in response to receiving a request for authorization information from the target website, sending the retrieved authorization
credentials to the target website;

prior to the getting logged onto the target website on behalf of the user, receiving an interactivity request generated by
the target website, wherein the interactivity request specifies information that requires a response from the user by using
an object and requiring that the user interact with the object, and wherein the specified information requiring a response
is in addition to the previously sent authorization credentials, wherein the response is based on the interaction with the
object, and wherein the object includes at least one of an image to be viewed by the user, an audio file to be listened to
by the user, a question in text form to be presented to the user, or HTML or XML code to generate a presentation for the user;

presenting the interactivity request to the user; and
suspending execution of the first script to wait for the response from the user to the interactivity request;
subsequent to suspending execution of the first script, and prior to receiving a response to the interactivity request from
the user, selecting, for execution, a second script from the set of scripts, wherein the second script is not the first script;

executing, at the computer, the selected second script;
upon receiving a response to the interactivity request from the user,
forwarding the response from the user to the target website;
suspending the execution of the second script; and
subsequently resuming execution of the first script.

US Pat. No. 9,223,672

METHOD AND SYSTEM FOR PROVIDING ERROR REPAIR STATUS DATA TO AN APPLICATION USER

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing error repair status data to an application user comprising the following,
which when executed individually or collectively by any set of one or more processors perform a process including:
obtaining application user contact data from an application user;
assigning application user identification data to the application user;
receiving application request data associated with the application user;
assigning request identification data to the application request data;
associating the application user identification data and the request identification data with the application request data;
obtaining error data associated with the application request data indicating an error has occurred;
designating an error repair status data location for storing error repair status data associated with the repair of the error
associated with the error data;

providing error repair status data associated with the error to the error repair status data location, the provided error
repair status data being updated as a threshold level of progress is made towards fixing the error;

generating application user error notification data, the application user error notification data including error repair status
access data representing data for accessing error repair status data associated with the error;

providing the application user error notification data, including the error repair status access data, to the application
user.

US Pat. No. 9,213,966

REGULATION COMPLIANT DATA INTEGRATION FOR FINANCIAL INSTITUTIONS

Intuit Inc., Mountain Vi...

1. A method to access financial data, comprising:
redirecting, by a computer processor and based on an input of a user, the user to a website of a financial institution (FI);
obtaining, by the computer processor and from the FI website, a token based on redirecting the user to the website of the
FI, the token identifying a request to access the financial data via the website, wherein the token comprises information
regarding a geographic location of the FI, a regulatory restriction on accessing the financial data from outside of the geographical
location, and a reference pointer to a financial data structure in a remote repository;

detecting, by the computer processor and based on the token, that the regulatory restriction applies to the request;
identifying, by the computer processor and in response to detecting, the financial data structure in the remote repository
based on the token, wherein the financial data structure comprises a financial data record downloaded from the FI in response
to the request;

retrieving, by the computer processor and without user intervention, the financial data record from the financial data structure;
and

preparing, by the computer processor, a financial management report based on the retrieved financial data record from the
financial data structure.

US Pat. No. 10,810,021

METHODS AND SYSTEM FOR STORAGE RETREIVAL

Intuit Inc., Mountain Vi...

1. A method for storage retrieval, comprising:receiving, from a computing device, a request for software application content,
wherein the request comprises a first field identifier, and
wherein the software application content is a user interface portion of a software application;
submitting, in response to the request, a query to a content repository, for at least one asset comprising the first field identifier;
receiving, from the content repository and in response to the query, a first asset comprising the first field identifier and a second asset comprising the first field identifier, the first asset and the second asset defining content for a same displayed portion of the user interface portion;
extracting a first variability tag from the first asset and a second variability tag from the second asset based on the first asset having a matching asset property value to the second asset, the first variability tag specifying a first context of the software application and the second variability tag specifying a second context of the software application;
selecting, from the first asset and the second asset, the first asset based on the first variability tag and the second variability tag; and
transmitting, to the computing device, the first asset as the software application content.

US Pat. No. 9,639,507

METHOD AND SYSTEM FOR PROVIDING A NET EFFECT PLATFORM FOR DEVELOPING AND CORRECTING SCREEN SCRAPING PARSER SCRIPTS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing a net effect platform for developing and correcting screen scraping
scripts comprising the following, which when executed individually or collectively by any set of one or more processors perform
a process including:
obtaining, by a process computing system from a user computing system under the control of an individual, login data used
to obtain data associated with the individual from a third party webpage provided by a webpage computing system, the obtained
login data including at least an account number associated with the user;

accessing, using some or all of the login data by the process computing system, the third party webpage;
determining, by the process computing system following an attempt to access the third party webpage, that an error has occurred
in retrieving data from the third party webpage;

requesting, of the user through communication by the process computing system with the first computing system, that the individual
help identify and correct the cause of the error;

receiving acknowledgement from the individual that the individual will help identify and correct the cause of the error;
generating, by the process computing system, default data associated with a third party webpage, the default data at least
indicating the layout of the webpage;

generating, by the process computing system using the default data, a mock-up of the third party webpage, the mock-up of the
third party webpage including a reproduction of at least part of the third party webpage;

providing, to the user computer system by the process computing system communicating with the user computer system, the mock-up
of the third party webpage as an interactive interface, wherein the interactive interface configured to allows the individual
to add, modify, correct, and rearrange the default data;

obtaining, from the interactive interface, additions, modifications, corrections, and/or rearrangements of the default data
associated with the third party webpage from the interactive interface, the additions, modifications, corrections, and/or
rearrangements of the default data associated with the third party webpage at least including an additions, modifications,
corrections, and/or rearrangements of the layout of the webpage;

transforming the additions, modifications, corrections, and/or rearrangements of the default data associated with the third
party webpage into correction data;

transforming the correction data into parser scripts associated with the third party webpage; and
using the login data and parser scripts associated with the third party webpage to obtain data associated with the individual
from the third party webpage.

US Pat. No. 9,613,380

METHOD AND SYSTEM FOR PUBLIC AND PRIVATE TEMPLATE SHARING

Intuit Inc., Mountain Vi...

1. A method for sharing templates for use with a financial management application (FMA), comprising:
obtaining, from each of a plurality of financial professionals using the FMA, a company profile comprising a data structure
that includes:

a first field storing a chart of accounts for a small business,
a second field storing a commercial industry that the small business operates within, and
a third field storing a geographic location where the small business operates,
 wherein the company profiles include a new company profile obtained from a first financial professional, and
 wherein the new company profile comprises a new chart of accounts for a new small business operating within a new commercial
industry and at a new geographic location;

generating a plurality of profile templates comprising, for each company profile, a profile template comprising the commercial
industry, the geographic location, and a redacted version of the chart of accounts of the company profile by removing company-specific
data from the first field, such that the redacted version of the chart of accounts is configured for a generic business entity
operating within the commercial industry of the second field of the data structure, and at the geographic location of the
third field of the data structure,

 wherein the plurality of profile templates include a new profile template comprising the new commercial industry, the new
geographic location, and a redacted version of the new chart of accounts;

receiving, from the first financial professional using the FMA on a first client, a sharing preference that specifies the
new profile template is shareable only with clients operatively connected to the first client by a private network;

receiving, from one or more of the plurality of financial professionals, one or more requests to publicly share one or more
of the plurality of profile templates;

receiving, from a representative of a first small business using the FMA, a profile creation request specifying a first commercial
industry and a first geographic location of the first small business;

identifying, from the plurality of profile templates, a first profile template comprising the first commercial industry at
the second field of the first profile template and the first geographic location at the third field of the first profile template;

providing, in response to the profile creation request, the first profile template to the representative, wherein the representative
uses the first profile template to create a first company profile for the first small business;

receiving, from a second financial professional using the FMA on a second client, a new profile creation request specifying
the new commercial industry and the new geographic location;

determining that the second client of the second financial professional satisfies the sharing preference by being operatively
connected to the first client by the private network; and

providing, in response to the new profile creation request and the determination that the second client is operatively connected
to the first client by the private network, the new profile template to the second financial professional.

US Pat. No. 9,560,132

METHOD AND SYSTEM FOR TRANSFERRING THE HOSTING OF FINANCIAL SERVICE TO ELASTIC VIRTUAL COMPUTING RESOURCES FROM A DATA CENTER AND WITHOUT SERVICE INTERRUPTION

Intuit Inc., Mountain Vi...

1. A computing system implemented method for transferring a hosting of financial services to a virtual asset computing environment
from a hardware asset computing environment, comprising:
creating, with a first computing system, a secondary copy of application data for a first instance of a financial services
application that is executed by the first computing system to provide financial services to multiple users,

wherein the first computing system is a hardware asset computing environment;
encrypting at least part of the secondary copy of the application data;
transferring the secondary copy of the application data to a storage device;
delivering the storage device to a second computing system from the first computing system using a parcel courier;
receiving, with the second computing system, the secondary copy of the application data from the storage device,
wherein the second computing system is a virtual asset computing environment,
wherein the virtual asset computing environment dynamically and selectively allocates and de-allocates virtual assets to support
one or more services hosted from the virtual asset computing environment;

executing, with the second computing system, a virtual asset configuration script to configure some of the virtual assets
to execute a second instance of the financial services application to enable the second computing system to provide the financial
services to the multiple users; and

configuring the second computing system as a primary service provider for providing the financial services by primarily directing
user traffic for the financial services to the second computing system and by secondarily directing user traffic for the financial
services to the first computing system.

US Pat. No. 9,497,601

ACCESSING TEXTSITES USING TEXT MESSAGING SERVICE

Intuit Inc., Mountain Vi...

11. A system for providing content using a global textsite platform (GTP) comprising:
a repository storing a registry comprising a plurality of registered unique keywords, wherein the plurality of registered
unique keywords are registered with the GTP by a plurality of publishers, wherein a registered unique keyword, and metadata
associated therewith, of the plurality of registered unique keywords are stored in an entry of the registry, the metadata
containing access information to a textsite of a plurality of textsites indexed based on the plurality of registered unique
keywords, and wherein the registered unique keyword is registered with the GTP by a publisher of the textsite comprising a
plurality of text pages published by the publisher and indexed based on a plurality of navigating keywords defined by the
publisher for navigating the textsite;

a processor; and
memory storing instructions when executed by the processor comprising functionalities to:
receive, from a device of a user, an initial user message comprising a pre-designated keyword for requesting access to content
using the GTP;

send, to the device and in response to the initial user message, an initial GTP message comprising the plurality of registered
unique keywords;

receive, from the device, a first user message identifying the registered unique keyword selected by the user from the plurality
of registered unique keywords;

retrieve the metadata from the registry based on the registered unique keyword;
access the textsite based on the metadata to retrieve a navigating keyword of the plurality of navigating keywords, the navigating
keyword indexing a text page within the plurality of text pages;

include a representation of the navigating keyword in a first GTP message;
send, to the device and in response to receiving the first user message, the first GTP message comprising the navigating keyword
for the user to access the text page,

wherein one or more of the initial user message, the initial GTP message, the first user message, and the first GTP message
comprise a first text message transmitted using a text messaging service (TMS);

receive, from the device and in response to sending the first GTP message, a second user message comprising at least one selected
from a group consisting of the navigating keyword and the representation of the navigating keyword;

identify and retrieve the text page based on the at least one selected from a group consisting of the navigating keyword and
the representation of the navigating keyword;

send, to the device and in response to receiving the second user message, a second GTP message comprising the text page for
display on the device,

wherein one or more of the second user message and the second GTP message comprise a second text message transmitted using
the text messaging service (TMS);

receive, from the device, a third user message identifying another registered unique keyword, wherein the another registered
unique keyword, and another metadata associated therewith, of the plurality of registered unique keywords are stored in another
entry of the registry, the another metadata containing access information to another textsite of the plurality of textsites,

wherein the another registered unique keyword is registered with the GTP by another publisher of the another textsite comprising
another plurality of text pages published by the another publisher and indexed based on another textsite map comprising another
plurality of navigating keywords defined by the another publisher for navigating the another textsite, and

wherein the publisher and the another publisher are separate from an operating entity of the GTP,
wherein the another textsite is converted from a website by:
mapping another navigating keyword to a link of the website; and
converting a webpage of the website indexed by the link to an another text page indexed by the another navigating keyword;
and

exchange text messages with the device for navigating the another textsite using the another plurality of navigating keywords.

US Pat. No. 9,444,818

METHOD AND SYSTEM FOR AUTOMATICALLY MANAGING SECURE COMMUNICATIONS IN MULTIPLE COMMUNICATIONS JURISDICTION ZONES

Intuit Inc., Mountain Vi...

1. A system for automatically managing secure communications across multiple communications jurisdiction zones comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for automatically managing secure communications
across multiple communications jurisdiction zones, the process for automatically managing secure communications across multiple
communications jurisdiction zones including:

identifying two or more communications jurisdiction zones from which, and/or to which, data may be transferred using one or
more types of communications channels including one or more types of secure communications security levels;

obtaining communications and data security policy data for the two or more identified communications jurisdiction zones, the
communications and data security policy data for the identified communications jurisdiction zones including data indicating
allowed types of secure communications security levels for each of the respective communications jurisdiction zones;

obtaining exchange data indicating a desired exchange of data between a first virtual asset in a first communications jurisdiction
zone and a second virtual asset in a second communications jurisdiction zone, the first and second communications jurisdiction
zones being different from each other, the data to be exchanged being of a type, the type of data being one selected from
at least messages, files, images and secrets wherein each data security policy data is based on political regulation in each
zone and whereby the zones consist of local, state, national, or regional government agencies;

identifying owner secure communications polices provided by an owner of the data to be transferred;
determining, through examination of the actual data to be exchanged, the type of data to be exchanged;
automatically obtaining first communications jurisdiction zone communications and data security policy data associated with
the first communications jurisdiction zone and second communications jurisdiction zone communications and data security policy
data associated with second communications jurisdiction zone from the communications and data security policy data;

automatically determining, based on the results of determining the type of data to be exchanged through examining the actual
data to be transferred, a required type of communications channel having a type and length of encryption required to be applied
to the data to be transferred, the required type of communications channel meeting the data security policy data associated
with the first communications jurisdiction zone and data security policy data associated with the second communications jurisdiction
zone and the owner secure communications polices provided by the owner of the data to be transferred;

automatically analyzing the first communications jurisdiction zone communications and data security policy data and the second
communications jurisdiction zone communications and data security policy data to determine at least one allowed type of secure
communications security level for the desired exchange of data that complies with both the first communications jurisdiction
zone communications and data security policy data and the second communications jurisdiction zone communications and data
security policy data;

selecting one of the at least one allowed type of secure communications security level; and
automatically establishing the selected allowed type of communications channel including the allowed type of secure communications
security level between the first virtual asset and the second virtual asset.

US Pat. No. 9,313,281

METHOD AND SYSTEM FOR CREATING AND DYNAMICALLY DEPLOYING RESOURCE SPECIFIC DISCOVERY AGENTS FOR DETERMINING THE STATE OF A CLOUD COMPUTING ENVIRONMENT

Intuit Inc., Mountain Vi...

1. A system for creating and dynamically deploying virtual resource specific discovery agents for determining the state of
a computing environment comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for creating and dynamically deploying virtual resource
specific discovery agents for determining the state of a computing environment, the process for creating and dynamically deploying
virtual resource specific discovery agents for determining the state of a computing environment including:

generating virtual resource specific discovery agent creation data through a virtual asset creation system, the virtual resource
specific discovery agent creation data for instantiating a virtual resource specific discovery agent in a computing environment,
the virtual resource specific discovery agent creation data including:

security logic for providing authentication and trust for the virtual resource specific discovery agent; and
internal resource specific data collection logic for directing and allowing the virtual resource specific discovery agent
to collect data from a specific resource, or resource type, assigned to the virtual resource specific discovery agent;

instantiating and deploying the virtual resource specific discovery agent in the computing environment using the virtual resource
specific discovery agent creation data;

the virtual resource specific discovery agent collecting data from a specific resource, or resource type, assigned to the
virtual resource specific discovery agent; and

the virtual resource specific discovery agent providing the data collected from the specific resource, or resource type, assigned
to the virtual resource specific discovery agent to a computing environment modeling system.

US Pat. No. 9,727,866

METHODS SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR VERIFYING CONSUMER IDENTITY DURING TRANSACTION

INTUIT INC., Mountain Vi...

1. A computer-implemented method comprising:
receiving, by an intermediate computer through a respective network, a request from a point of sale (POS) device of a merchant
for data to be used to verify an identity of a consumer during a first transaction after the POS device has been accessed
by the consumer to initiate the first transaction with a payment instrument tendered by the consumer;

communicating, by the intermediate computer through a respective network, with a computer hosting an online social networking
website and accessing or receiving data of an account the consumer has with the online social networking website;

determining, by the intermediate computer, a challenge question and response options based at least in part upon the account
data of the online social networking website, the response options comprising a valid response that is a content item of the
account and at least one invalid response, wherein the valid response is selected from the consumer's account and at least
one invalid response is selected from another account of another user of the online social networking website;

transmitting, by the intermediate computer, the challenge question and the response options to the POS device; and
transmitting, by the POS device, the challenge question and the response options to a mobile communication device of the consumer
for presentation to the consumer through the mobile communication device, wherein the challenge question and the response
options are presented to the consumer through a display of the mobile communication device, and the consumer interacts with
the mobile communication device to select a response option to answer the challenge question for verification of the identity
of the consumer before the first transaction has been completed based at least in part upon whether the consumer selects the
valid response.

US Pat. No. 9,660,947

METHOD AND APPARATUS FOR FILTERING UNDESIRABLE CONTENT BASED ON ANTI-TAGS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for filtering undesirable content based on anti-tags, the method comprising:
receiving, by computer, a plurality of items of content;
receiving, by computer, an anti-tag, wherein an anti-tag describes content that a user has elected not to receive;
analyzing, by computer, the plurality of items of content to identify one-or-more undesirable items of content that satisfy
the anti-tag, wherein the analyzing includes:

identifying at least a first one of the items of content that uses a word according to a first meaning described by the anti-tag
for the word, and

identifying at least a second one of the items of content that uses the word according to a second meaning not described by
the anti-tag for the word;

filtering, by computer, the one-or-more undesirable items of content, including the first one of the items of content, from
the plurality of items of content; and

presenting, by computer, the filtered plurality of items of content, including the second one of the items of content, to
the user.

US Pat. No. 9,558,089

TESTING INSECURE COMPUTING ENVIRONMENTS USING RANDOM DATA SETS GENERATED FROM CHARACTERIZATIONS OF REAL DATA SETS

INTUIT INC., Mountain Vi...

1. A method for facilitating testing of an insecure computing environment, comprising:
obtaining a real data set comprising a set of data strings;
determining, by one or more computer systems, a set of frequency distributions associated with the set of data strings, wherein
determining the set of frequency distributions associated with the set of data strings comprises:

obtaining one or more block definitions, wherein each of the one or more block definitions identifies a set of possible characters
for substrings of the data strings,

generating a set of block sequences from the set of data strings by:
applying the one or more block definitions to each data string in the set of data strings to produce a block sequence of one
or more blocks, wherein each block in the block sequence comprises one or more frequency distributions for a substring of
the data string that matches a block definition in the one or more block definitions; and

including the block sequence in the set of block sequences, and
generating a combined block sequence from the set of block sequences by:
combining a set of blocks from each block position in the set of block sequences to produce a block distribution over the
set of blocks in the block position; and

including the block distribution in the block position of the combined block sequence;
generating, by the one or more computer systems, a test data set from the real data set, wherein the test data set comprises
a set of random data strings that conforms to the set of frequency distributions; and

testing the insecure computing environment using the test data set.

US Pat. No. 9,396,338

METHOD AND SYSTEM FOR PROVIDING A SECURE SECRETS PROXY

Intuit Inc., Mountain Vi...

1. A system for providing a secure secrets proxy comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for providing a secure secrets proxy, the process
for providing a secure secrets proxy including:

providing a secure secrets proxy in a first computing environment, the secure secrets proxy being a virtual asset instantiated
in the first computing environment, the first computing environment being a cloud environment, the virtual asset being an
instance of dynamically allocatable computing resources that are instantiated in the cloud environment, the secure secrets
proxy enabling secure decentralization of secrets data from a second computing environment to the cloud environment to decrease
access latency for the secrets data from the cloud environment, the secure secrets proxy including secure secrets proxy authentication
data, the secure secrets proxy authentication data for identifying the secure secrets proxy as a trusted virtual asset in
the first computing environment, the secure secrets proxy authentication data including hardware identification data identifying
underlying hardware on which the secure secrets proxy is running;

providing a secrets distribution management system, the secrets distribution management system being in the second computing
environment, the secrets distribution management system having access to the secrets data representing one or more secrets,
the secrets distribution management system controlling the distribution of the one or more secrets in accordance with one
or more secrets distribution policies;

the secure secrets proxy providing the secure secrets proxy authentication data to the secrets distribution management system;
the secrets distribution management system authenticating the secure secrets proxy by comparing the hardware identification
data with data obtained via a cloud provider of the cloud environment;

the secrets distribution management system identifying the secure secrets proxy as a trusted virtual asset eligible to cache
secrets data in a secure secrets cache outside the second computing environment, the secure secrets cache being a data store
that is outside the second computing environment;

the secure secrets proxy generating cache secrets request data representing a request for data representing one or more requested
secrets to be cached in the secure secrets cache;

the secure secrets proxy providing the cache secrets request data to the secrets distribution management system; and
in response to the cache secrets request data, the secrets distribution management system providing data representing the
one or more requested secrets to the secure secrets cache.

US Pat. No. 9,298,927

METHOD AND SYSTEM FOR PROVIDING AN EFFICIENT VULNERABILITY MANAGEMENT AND VERIFICATION SERVICE

Intuit Inc., Mountain Vi...

1. A system for providing an efficient vulnerability management and verification service comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory unit having stored therein instructions
which when executed by any set of the one or more processors, perform a process for providing an efficient vulnerability management
and verification service, the process for providing an efficient vulnerability management and verification service including:

identifying a virtual asset creation template, wherein the virtual asset creation template is associated with a class of virtual
assets, wherein the virtual asset creation template is used to create each virtual asset of the class of virtual assets;

obtaining virtual asset creation template data representing the virtual asset creation template, wherein at least part of
the virtual asset creation template data includes steps, instructions, and/or operations used to create each virtual asset
of the class of virtual assets;

analyzing the virtual asset creation template data to identify any vulnerabilities in the virtual asset creation template
data;

if one or more vulnerabilities are identified in the virtual asset creation template data, creating a remedied virtual asset
creation template by applying to the virtual asset creation template a remedy to each vulnerability identified in the virtual
asset creation template data;

generating one or more virtual assets using the virtual asset creation template;
if no vulnerability is identified in the virtual asset creation template data, or each vulnerability identified in the virtual
asset creation template data is remedied, transforming an initial status of each virtual asset of the virtual asset class
generated using the virtual asset creation template to an initial status of verified;

monitoring the verified virtual assets of the virtual asset class generated using the virtual asset creation template to detect
any changes made to any of the monitored verified virtual assets;

if a change in a monitored verified virtual asset is detected, transforming the status of the changed monitored verified virtual
asset to a status of unverified;

analyzing the unverified virtual asset to identify any vulnerabilities in the unverified virtual asset;
if one or more vulnerabilities are identified in the unverified virtual asset, applying a remedy to each vulnerability identified
in the unverified virtual asset; and

if no vulnerability is identified in the unverified virtual asset, or each vulnerability identified in the unverified virtual
asset is remedied, transforming the status of the unverified virtual asset to a status of verified.

US Pat. No. 9,288,193

AUTHENTICATING CLOUD SERVICES

INTUIT INC., Mountain Vi...

1. A computer-implemented method for authenticating cloud services, the method comprising:
receiving a request for a credential from a compute instance executing in a cloud computing environment, wherein the request
comprises a first set of metadata specific to the compute instance;

wherein the credential is associated with a compute role;
wherein the method further comprises denying the compute instance access to the credential when a second compute role associated
with the credential key does not match the compute role of the compute instance;

tracking the credentials that have been requested by and granted to the compute instance;
determining anomalous requests from the compute instance;
querying a management interface for the cloud computing environment to retrieve a second set of metadata specific to the compute
instance; and

upon determining that the first set of metadata matches the second set of metadata, granting the credential to the compute
instance.

US Pat. No. 9,195,978

DYNAMIC QUERY SEQUENCES FOR RETRIEVAL OF NEGOTIABLE INSTRUMENT IMAGE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for determining a sequence of queries to be utilized for retrieving an image of a negotiable
instrument, the method being performed by an intermediate computer in communication through respective networks with respective
computers of a financial institution and of a user that has an account with the financial institution, the method comprising:
the intermediate computer hosting an online banking program and receiving a first request for a first image of a first negotiable
instrument that was utilized in a first completed transaction;

the intermediate computer determining a first sequence of queries comprising respective query configurations available to
attempt to retrieve the first image from a data store comprising respective images of respective negotiable instruments for
respective completed transactions, the first sequence being determined based at least in part upon first historical data of
whether respective query configurations were successfully used in the past to retrieve respective requested images from the
data store;

the intermediate computer submitting a first query of the first sequence to the data store;
the intermediate computer receiving a first result generated by executing the first query; and
the intermediate computer determining a second sequence of queries comprising respective query configurations based at least
in part upon second historical data reflecting the first result, wherein at least one query of the second sequence of queries
is executed to retrieve at least one image from the data store.

US Pat. No. 9,818,406

ADJUSTING USER EXPERIENCE BASED ON PARALINGUISTIC INFORMATION

INTUIT INC., Mountain Vi...

1. A computer-implemented method for adjusting a user experience of a software application, the method comprising:
receiving, at a computing device, an audio stream comprising audio of a user;
analyzing, by the computing device, the audio stream for paralinguistic information to determine an attribute of the user;
identifying, by the computing device, content of the audio stream;
determining, by the computing device, a plurality of content for display in a graphical user interface based on the content
of the audio stream;

ranking, by the computing device, the plurality of content based on the attribute of the user; and
selecting, by the computing device, at least one of the plurality of content based on the ranking of the plurality of content
to display in the graphical user interface.

US Pat. No. 9,613,105

STREAMLINED DATA ENTRY BASED ON DATA RELATIONSHIPS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for streamlining data entry at a graphical user interface (GUI) of the computer, the method
comprising:
requesting an attribute of a user of the computer, the request being displayed as a message at the graphical user interface;
receiving the attribute from the user via the graphical user interface;
using the computer, determining a first conditional probability of a first relationship between a first field and a second
field of a document based on the attribute, wherein the first conditional probability of the first relationship indicates
a likelihood that content of the second field is the same as content of the first field based on the attribute;

if the first conditional probability satisfies a first threshold, requesting data for the first field, populating the first
field with the data, and automatically populating the second field with the data of the first field; and

if the first conditional probability does not satisfy the first threshold, performing one of leaving the second field empty
and requesting data for the second field.

US Pat. No. 9,535,892

METHOD AND SYSTEM FOR GENERATING UNIQUE CONTENT BASED ON BUSINESS ENTITY INFORMATION RECEIVED FROM A USER

Intuit Inc., Mountain Vi...

1. A method for generating content, comprising:
receiving, from a user, a plurality of data items comprising a plurality of restrictions of the content and a plurality of
information associated with a business entity;

analyzing the plurality of data items to identify a subject matter of the content;
obtaining, based on the analysis, a content template corresponding to the subject matter, wherein the content template comprises
a block of text comprising a plurality of blanks;

accessing, based on the content template, a terminology library, comprising a plurality of words and phrases associated with
the subject matter;

analyzing the plurality of data items, the content template, and the terminology library to identify a required data item
comprising a plurality of characteristics;

generating a plurality of search terms corresponding to the plurality of characteristics of the required data item;
performing an internet search, using the plurality of search terms, to obtain the required data item;
analyzing the plurality of data items and the required data item to identify a plurality of additional terminology;
identifying, based on the content template, a subset of the terminology library and a subset of the additional terminology;
combining the content template, the subset of the terminology library, the subset of the additional terminology, and the plurality
of information to generate raw content;

obtaining unique content by modifying the raw content by rearranging text of the content and replacing a word of the content
with a synonym of the word;

displaying the unique content to the user;
receiving, from the user, a plurality of edits to the unique content;
applying the plurality of edits to the unique content to obtain completed content;
analyzing the completed content to obtain a new content template and a new terminology library; and
storing the new content template and the new terminology library in a data repository for future use.

US Pat. No. 9,483,797

METHOD AND SYSTEM FOR RECORDING A TRANSACTION USING A DYNAMIC USER INTERFACE WITHIN AN APPLICATION

Intuit Inc., Mountain Vi...

1. A method for recording a transaction using a Dynamic User Interface (DUI) within an application, comprising:
identifying, within the application, a prior transaction relating to a customer of a user;
obtaining, in response to identifying the prior transaction and by the application, the prior transaction;
automatically populating, without intervention of the user, the DUI with the prior transaction such that one or more details
of the prior transaction are input to the DUI;

receiving, from the user and within the application, a request to generate a form for the transaction;
generating, in response to receiving the request to generate the form and within the application, the form comprising a customer
list and a form element;

receiving, from the user and within the application, a request to generate the DUI;
generating, in response to receiving the request to generate the DUI, the DUI adjacent to the form displayed within the application;
receiving, from the user and within the form adjacent to the DUI, an identification of the customer from the customer list;
without intervention of the user and in response to receiving the identification of the customer, displaying within the DUI
the prior transaction relating to the customer, wherein the prior transaction is owned by an application operator;

receiving, from the user, a selection of therp for transaction from the DUI by receiving, from the user, a drag and drop manipulation
of a visual representation of the prior transaction from the DUI to the form adjacent to the DUI;

populating, in response to receiving the selection of the prior transaction and within the form adjacent to the DUI, the form
element using therp for transaction;

in response to populating the form element, temporarily hiding the visual representation of the prior transaction from the
DUI; and

recording, within the application, the transaction.

US Pat. No. 10,089,523

AUTOMATING CREATION OF ACCURATE OCR TRAINING DATA USING SPECIALIZED UI APPLICATION

INTUIT INC., Mountain Vi...

1. A method for generating training data for optical character recognition, the method comprising:selecting a line of text from a multi-line text fragment;
selecting a character located in the line of text;
displaying a character subsequence from the line of text in a single-line user-interface (UI) element, wherein the character subsequence is rendered in a font type and a font size for display in the single-line UI element and wherein the character subsequence includes the character and any characters that precede the character in the line of text;
determining a width used by single-line UI element to display the character subsequence;
determining at least a first coordinate and a second coordinate, wherein the first coordinate and the second coordinate define a position of a bounding box for the character in a training image; and
storing the training image, the multi-line text fragment, an indication of the font type, an indication of the font size, and the first and second coordinates as training data for optical character recognition.

US Pat. No. 10,037,581

METHODS SYSTEMS AND COMPUTER PROGRAM PRODUCTS FOR MOTION INITIATED DOCUMENT CAPTURE

INTUIT INC., Mountain Vi...

1. A computer-implemented method, comprising:a computing device, by a tax return preparation application executed by the computing device, being prompted by a user of the tax return preparation application to acquire an image of a tax document based at least in part upon sufficient motion of the tax document in view of a camera of the computing device;
in response to being prompted, the computing device, by the tax return preparation application, presenting to the user a timer indicating a minimum time that the tax document must be maintained steady or substantially steady in view of the camera; and
the computing device, by the tax return preparation application, acquiring an image of the tax document in response to the computing device detecting that the tax document was maintained steady or substantially steady for the minimum time.

US Pat. No. 9,836,787

METHOD AND SYSTEM FOR SECURE SYNDICATED BALANCE DISPLAY

Intuit Inc., Mountain Vi...

1. A system for secure syndicated balance display comprising: one or more computing processors; and one or more memories coupled
to the computing processors, the one or more memories having stored therein instructions which when executed by the one or
more processors perform a process comprising: designating, at a financial institution website of a financial institution managing
one or more financial accounts by an account owner of the one or more financial accounts, at least one of the one or more
financial accounts of the account owner for balance monitoring; defining, at the financial institution website of the financial
institution managing the one or more financial accounts by the account owner, one or more account balance ranges for encoding;
selecting, at the financial institution website of the financial institution managing the one or more financial accounts by
the account owner, one or more unique balance indicator images, symbols, or displays to associate with the one or more account
balance ranges; associating, on behalf of the financial institution managing the one or more financial accounts, a unique
balance indicator image, or symbol, or display with each of the defined one or more account balance ranges; designating, at
the financial institution website of the financial institution managing the one or more financial accounts by the account
owner, one or more merchant websites to receive data from the financial institution representing the balance indicator images,
symbols, or displays, the merchant website being controlled by a merchant and distinct from the financial institution; accessing,
by the account owner using an account owner computing system of the account owner during a purchasing process at a merchant
website checkout screen, one of the one or more designated merchant websites; responsive to the account owner accessing one
of the one or more designated merchant websites, requesting, of a computing system of the financial institution by the accessed
one or more designated merchant websites, a balance indicator image, symbol or display; obtaining, by financial institution,
current account balance amount data for at least one of the one or more designated financial accounts; determining, by the
financial institution, an appropriate balance indicator image, symbol, or display associated with the defined one or more
account balance ranges that includes the current account balance amount; transforming, on behalf of the financial institution,
the current account balance amount data into the appropriate balance indicator image, symbol, or display data; providing,
by the financial institution, the balance indicator image, symbol or display to a designated website system associated with
the accessed one or more designated websites; providing, by the designated website system to the account owner computing system,
designated website data incorporating the provided balance image, symbol or display; and displaying, on an account owner computing
system, the designated website data incorporating the balance image, symbol or display.

US Pat. No. 9,530,228

CONTEXT-AWARE GLOSSARIES FOR DATA SETS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for processing data, comprising:
obtaining, by a computer, metadata that describes a data model of a data set, wherein the metadata is related to a category;
identifying by the computer, based on the metadata, data relevant to the data model to include in the data set to restrict
the data set to the category;

applying by the computer, one or more rules to the data set independent of the category;
displaying, by the computer within a user interface, a visualization of the data model of the data set; and
using the metadata, by the computer, to provide a glossary of terms related to the data model in the user interface without
requiring pre-configuration of the glossary for use with the data model.

US Pat. No. 9,298,780

METHOD AND SYSTEM FOR MANAGING USER CONTRIBUTED DATA EXTRACTION TEMPLATES USING WEIGHTED RANKING SCORE ANALYSIS

Intuit Inc., Mountain Vi...

1. A computing system implemented method for managing user contributed data extraction templates using weighted ranking score
analysis comprising the following, which when executed individually or collectively by any set of one or more processors perform
a process including:
generating required number of fields data for a specific source document type indicating the required number of fields for
which data is required to be extracted;

receiving data extraction template data representing a data extraction template associated with the specific source document
type;

determining field hit count number data associated with the data extraction template;
generating data field ratio term data for the data extraction template;
assigning data field count weighting factor data to the data extraction template;
using the data extraction template to extract data from received source documents of the specific source document type;
monitoring the acceptance or rejection of data extracted from received source documents of the specific source document type
using the data extraction template;

generating data acceptance count data to be associated with the data extraction template;
generating data acceptance ratio term data for the data extraction template;
assigning data acceptance weighting factor data to the data extraction template;
transforming the data field ratio term data for the data extraction template, the data field count weighting factor data assigned
to the data extraction template, the data acceptance ratio term data for the data extraction template, and the data acceptance
weighting factor data assigned to the data extraction template into data extraction template ranking score data for the data
extraction template;

saving the data extraction template data and the data extraction template ranking score data for the data extraction template
as ranked data extraction template data; and

aggregating ranked data extraction template data associated with two or more data extraction templates associated with the
specific source document type.

US Pat. No. 9,256,783

SYSTEMS AND METHODS FOR TAX DATA CAPTURE AND USE

INTUIT INC., Mountain Vi...

1. A computer-implemented method for preparing at least a portion of an electronic tax return with a computerized tax preparation
application, the computer-implemented method comprising:
a computing device receiving an image of at least one document containing tax data therein with an imaging device;
the computing device identifying connected pixels within the received image and extracting one or more features from the image
of the at least one document based at least in part upon identified connected pixels;

the computing device comparing the extracted one or more features to a database containing a plurality of different tax forms;
the computing device identifying a tax form corresponding to the at least one document from the plurality of different tax
forms based at least in part on a confidence level associated with the comparison of the extracted one or more features to
the database; and

the computing device transferring at least a portion of the tax data determined from the image into corresponding fields of
the computerized tax preparation application to automatically prepare at least a portion of the electronic tax return.

US Pat. No. 9,953,318

AUTOMATIC TRANSACTION-BASED VERIFICATION OF ACCOUNT OWNERSHIP

INTUIT INC., Mountain Vi...

1. A method for providing a user access to a feature of a financial account, comprising:receiving, at a processing apparatus via a network, a request to access a feature of a first financial account, wherein the feature is associated with a minimum identity assurance level;
obtaining, by the processing apparatus from a financial data repository in data communication with the processing apparatus, a first set of financial data representing one or more financial transactions of a first financial account;
obtaining, by the processing apparatus from the financial data repository, a second set of financial data representing one or more financial transactions of a second financial account;
matching, by execution of a processor of the processing apparatus, at least one of the one or more financial transactions of the first financial account to at least one of the one or more financial transactions from the second financial account;
generating, by execution of the processor of the processing apparatus, a first verification of ownership of the first financial account by a user based on the matching at least one of the one or more financial transactions of the first financial account to the at least one of the one or more financial transactions from the second financial account; and
increasing, by execution of the processor of the processing apparatus, an identity assurance level associated with the user based on the first verification of ownership,
wherein the increased identity assurance level enables the user to access the feature of the first financial account if the increased identity assurance level exceeds the minimum identity assurance level associated with the feature of the first financial account.

US Pat. No. 9,742,794

METHOD AND APPARATUS FOR AUTOMATING THREAT MODEL GENERATION AND PATTERN IDENTIFICATION

Intuit Inc., Mountain Vi...

1. A computing system implemented method for automating threat model generation and pattern identification for an application
of an asset of a service provider, comprising:
identifying, with a first computing environment, components of the application, wherein ones of the components perform at
least one of receiving, transferring, and transmitting information for the application, wherein the asset includes a second
computing environment provided by the service provider and configured to make the application publically available through
one or more networks;

identifying, by at least one virtual asset of the first computing environment, one or more security threats and populating
a threat model library with data regarding the identified security threats;

receiving security information, for at least some of the components, that identifies whether measures were taken within the
application to secure the application against one or more of the security threats of the threat model library, the threat
model library further including one or more patterns, the patterns representing one or more first operational characteristics
of the first virtual asset, wherein patterns of the threat model library are associated with at least one external event;

determining that the measures sufficiently address security risks associated with the security threats of the threat model
library, including:

transmitting first queries to a third computing environment that are related to the security information, wherein the third
computing environment is a different computing environment than the first and second computing environments;

receiving responses from the third computing environment to the first queries related to the security information;
transmitting subsequent queries to the third computing environment in response to and based at least in part on content of
the responses to the first queries;

receiving a second virtual asset pattern from a second virtual asset, the received second virtual asset pattern representing
one or more second operational characteristics of the second virtual asset;

identifying, by comparing the second virtual asset pattern to one or more patterns of the threat model library, at least one
external event; and

distributing data of the identified at least one external events to the one or more second virtual assets, if the second pattern
is similar or equal to a compared pattern.

US Pat. No. 9,483,783

PURCHASE SYSTEM USING A COMPUTING DEVICE

Intuit Inc., Mountain Vi...

1. A method for authorizing a purchase, comprising:
receiving, from a computing device operated by a consumer, a request to access a webpage of a merchant;
transmitting, in response to the request, the webpage of the merchant comprising a plurality of product information and a
password field to an application executing on the computing device,

wherein the webpage of the merchant comprising the plurality of product information and the password field is displayed to
the consumer by the application;

receiving, from the application via computer network communication over the Internet, a purchase request for a product, wherein
the consumer initiates the purchase request by populating the password field in the webpage of the merchant with a password,
and wherein the purchase request comprises the password;

inferring, by a computer processor external to the computing device, an identity of the consumer based solely on the password
in the purchase request and a device identifier used for the computer network communication over the Internet, wherein inferring
the identity of the consumer comprises:

extracting, subsequent to displaying the password field to the consumer and from metadata of the computer network communication
transmitting the purchase request, the device identifier of the computing device; and

comparing the password and the device identifier to pre-registered information of the consumer,
wherein the consumer does not provide a username, and
wherein inferring the identity of the consumer is without further user intervention of the consumer subsequent to receiving
the purchase request;

identifying, based on the identity of the consumer, a plurality of payment information of the consumer; and
generating, by the computer processor, a purchase authorization for the product based on the purchase request and the plurality
of payment information.

US Pat. No. 9,219,720

METHOD AND SYSTEM FOR AUTHENTICATING A USER USING MEDIA OBJECTS

Intuit Inc., Mountain Vi...

1. A method for authenticating a user, comprising:
creating an account, wherein creating the account comprises:
presenting a category prompt to the user,
receiving a selection of a category from the user,
obtaining, from a media library, a plurality of stock media objects classified into the category, and
receiving, from the user, a selection of a valid media object from the plurality of stock media objects classified into the
category, wherein the valid media object is one of the plurality of valid stock media objects;

receiving an account identifier from the user;
obtaining, based on the account identifier, a plurality of valid media objects;
presenting, to the user, a plurality of media objects comprising the plurality of valid media objects and a plurality of invalid
media objects,

receiving, from the user, a selection of a subset of the plurality of media objects to obtain a selected subset;
obtaining user metrics for risk analysis;
performing, by a computer hardware processor of a device, risk analysis to identify a risk level for authentication based
on user metrics, wherein the risk level defines a number of attempts that the user is permitted to select the plurality of
valid media objects;

authenticating, after receiving the selection, the user when a selected number of valid media objects in the selected subset
satisfies a minimum number specified by the risk level, wherein the selected subset comprises at least one valid media object
and at least one invalid media object; and

authorizing the user to access a resource when the user is authenticated.

US Pat. No. 9,047,380

TECHNIQUE FOR DETERMINING KEYWORDS FOR A DOCUMENT

INTUIT INC., Mountain Vi...

1. A computer-implemented method for providing one or more targeted keywords associated with a document, comprising:
receiving a set of user-selected keywords and a specification of a market segment associated with the document from a user,
the market segment associated with an industry;

determining, by computer a set of similar keywords based on the user selected keywords, wherein the determining involves:
generating a first set of similar keywords, by selecting keywords correlated with the user selected keywords;
calculating a competitiveness score based on the number of other users bidding for the keyword relative to all other keywords
for each keyword in the first set of similar keywords; and

filtering out a set of keywords with the top competitiveness scores from the set of similar keywords;
determining a set of weighted market-specific keywords based on the filtered set of similar keywords, the user-selected keywords,
and keywords in documents that are associated with other users in the market segment, wherein the set of market specific keywords
includes:

one or more of the keywords in the documents,
one or more of the user-selected keywords, and
one or more of keywords from the filtered set of similar keywords;
providing at least a subset of the set of market-specific keywords to the user, the subset comprising at least the top weighted
keywords of the set of market-specific keywords;

receiving, from the user, a selection of one or more keywords from the provided subset of market specific keywords; and
incrementing, in a data structure comprising weights associated with keywords, weights for each of the one or more keywords
in the received selection of keywords, wherein the weight for each selected keyword is incremented by a predetermined value
each time the keyword is selected such that the weight directly relates to a total number of selections of the keyword.

US Pat. No. 9,646,295

HANDSFREE POINT-OF-SALE

Intuit Inc., Mountain Vi...

1. A system for performing a point-of-sale (POS) transaction, comprising:
a POS device configured to:
receive, from a customer voice input device, a customer voice input to place an item order, wherein the item order specifies
an item that is listed in a pre-determined inventory list of a merchant,

send the item order to a wearable hardware device worn by the merchant,
receive, in response to sending the item order to the wearable hardware device, a hands-free confirmation by the merchant
confirming receipt of the item order using the wearable hardware device, and

prompt, in response to the hands-free confirmation by the merchant, a customer to select a payment method; and
the wearable hardware device worn by the merchant and separate from the customer voice input device, wherein the wearable
hardware device is configured to:

display, to the merchant and in response to the POS device receiving the customer voice input, the item order,
receive, from the merchant and in response to displaying the item order, a merchant voice input comprising the hands-free
confirmation by the merchant for sending to the POS device, and

obtain, in response to the prompting, information associated with a payment credential of the consumer for sending to the
POS device,

wherein the POS transaction is performed based on the payment credential.

US Pat. No. 9,606,956

METHOD AND SYSTEM FOR PROVIDING A TABLET SWIPING CALCULATOR FUNCTION

Intuit Inc., Mountain Vi...

1. A computing system implemented method for providing a tablet swiping calculator function comprising the following, which
when executed individually or collectively by any set of one or more processors perform a process including:
providing a listing of data in a tablet swiping calculator function display, the listing of data including two or more financial
transaction entries automatically and directly imported from an electronic data management system external to and coupled
to the tablet swiping calculator function;

receiving a selection of at least one mathematical operation through the tablet swiping calculator function display using
a finger, stylus, or other user touch interface device;

receiving a selection of at least two of the two or more financial transaction entries through the tablet swiping calculator
function display using a finger, stylus, or other user touch interface device;

performing the selected mathematical operation on the selected financial transaction entries; and
displaying the results of performing the selected mathematical operation on the selected financial transaction entries on
the tablet swiping calculator function display.

US Pat. No. 9,946,699

LOCATION-BASED SPEECH RECOGNITION FOR PREPARATION OF ELECTRONIC TAX RETURN

INTUIT INC., Mountain Vi...

1. A computer-implemented method, comprising:a computing device, by a computerized tax return preparation application comprising computer-executable instructions stored in a data store of the computing device and executed by the processor of the computing device,
receiving respective voice samples of respective users of the tax preparation application;
parsing the voice samples into voice sample terms;
generating a voice sample database comprising:
voice sample terms,
location data associated with respective electronic voice sample terms, and
identification of respective interview screens or tax forms of the computerized tax return preparation application is associated with respective voice sample terms and respective location data;
after generation of the voice sample database, the computing device, by the computerized tax return preparation application:
receiving, from a computing apparatus utilized to prepare an electronic tax return utilizing the computerized tax return preparation application, an electronic output generated by a microphone of the computing apparatus based on voice input comprising the preparer of the electronic tax return speaking into the microphone of the computing apparatus during preparation of the electronic tax return;
determining location data of the electronic output;
parsing the electronic output into voice data terms;
accessing the previously generated voice sample database;
determining a meaning or intent of the voice input of the preparer based at least in part upon voice data terms and associated location data of the received voice data and respective stored voice sample terms and associated location data of the generated voice sample database;
selecting an interview screen or tax form of the computerized tax return preparation application based at least in part upon the determined meaning or intent of the voice input;
automatically populating the selected interview screen or tax form with associated electronic tax return data determined based at least in part upon the electronic output;
executing machine learning by communicating a request for feedback whether the determined meaning or intent of the voice input was what the prepare intended to be conveyed by the voice data, receiving a response from the preparer in response to the request for feedback, and updating the voice sample database based on the received response to improve accuracy of future voice data interpretation during preparation of future electronic tax returns, the response being associated with a previously recorded voice sample and the location data of the associated voice sample;
determining at least one additional interview screen or tax form to present to the user based at least in part upon the generated voice sample database;
presenting the at least one additional interview screen or tax form to the preparer through a display of the computing device without additional preparer input thereby improving how interview screens or tax forms are presented to the preparer by the computerized tax return preparation application during preparation of an the electronic tax return.

US Pat. No. 9,841,961

METHOD AND SYSTEM FOR PROVIDING ELASTIC FEDERATION AS A SERVICE

Intuit Inc., Mountain Vi...

1. A computing system implemented method for managing communications between applications and multiple user computing systems,
comprising:
establishing, with a tenant computing system, one or more virtual assets in an asset computing environment,
wherein each of the one or more virtual assets is allocated hardware and software resources from the asset computing environment;
installing an application onto the one or more virtual assets in the asset computing environment, wherein the application
supports single-user operations and excludes support for multi-user operations;

receiving a first request from a first user computing system and a second request from a second user computing system,
wherein the first request and the second request are requests for services from the application;
delivering, with the tenant computing system, the first request and the second request to the application,
wherein the first request includes first user data and the second request includes second user data;
receiving, with the tenant computing system, a first result from the application for the first request and a second result
from the application for the second request,

wherein the first result is associated with applying the application to the first user data and the second result is associated
with applying the application to the second user data; and

distributing, with the tenant computing system, the first result to the first user computing system and the second result
to the second computing system.

US Pat. No. 9,633,476

METHOD AND APPARATUS FOR USING AUGMENTED REALITY FOR BUSINESS GRAPHICS

INTUIT INC., Mountain Vi...

1. A computer-implemented method for using Augmented Reality (AR) for business graphics, the method comprising:
receiving at a computer system a video stream, wherein the video stream includes an image of a marker, and wherein the marker
is a physical object that is manipulated by a user and is recognizable by the computer system;

recognizing the marker at the computer system;
receiving from the user a selection of a business graphic, wherein a business graphic is a visual representation of business
data;

rendering the business graphic over the image of the marker in the video stream such that the image of the marker is obscured
by the business graphic;

recognizing a physical manipulation of the marker at the computer system, wherein the physical manipulation of the marker
is indicated by a change in the image of the marker in the video stream;

performing an action on the business graphic that corresponds to the physical manipulation of the marker, wherein the action
is displayed in the video stream;

in response to receiving a command from the user to disregard physical manipulations of the marker, fixing the business graphic
to the last known location of the image of the marker in the video stream, thereby allowing the user to physically manipulate
the marker without affecting the business graphic;

after fixing the business graphic to the last known location of the image of the marker in the video stream, recognizing a
virtual manipulation on the business graphic at the computer system, wherein the virtual manipulation is indicated when the
user moves one of the user's hands to simulate a rotation of the business graphic;

performing a second action on the business graphic that corresponds to the virtual manipulation, wherein the second action
corresponds to rotating the business graphic and the second action is displayed in the video stream; and

displaying the video stream to the user.

US Pat. No. 9,607,297

MOBILE PAYMENT VIA A VIRTUAL PERIPHERAL DEVICE

INTUIT INC., Mountain Vi...

1. A point-of-sale-terminal-implemented method for conducting a financial transaction, the method comprising:
initiating, at a point-of-sale terminal, a secure session with a portable electronic device of a customer using at least one
of wireless communication, near-field communication, an audio channel, or a video channel, wherein a point-of-sale terminal
software executing on the point-of-sale terminal supports a unified point-of-sale (UPOS) standard, wherein the UPOS standard
provides for integration of peripheral devices of the point-of-sale terminal;

providing a transaction request associated with the financial transaction from the point-of-sale-terminal software executing
on the point-of-sale terminal to a UPOS service object as defined by the UPOS standard;

receiving, at the point-of-sale terminal, a token from the portable electronic device, wherein the token identifies the customer
and the token is received using a UPOS service object executing on the point-of-sale terminal, and wherein instead of using
the UPOS service object to drive an actual physical peripheral device for which the UPOS service object was intended to drive,
the UPOS service object acts as a virtual peripheral device driver for a virtual peripheral device while implementing logic
required to complete the financial transaction;

using the UPOS service object executing on the point-of-sale terminal, obtaining financial information associated with the
customer based on the identification of the customer by the token;

providing the financial information and transaction information associated with the financial transaction to a financial institution
specified in the financial information; and

receiving a confirmation from the financial institution that the financial transaction has been completed, wherein providing
the financial information and the transaction information associated with the financial transaction, and receiving the confirmation
occur via a credit-authorization-terminal service object which is a driver for the credit-authorization terminal, and wherein
the credit-authorization-terminal service object is compatible with the UPOS standard.

US Pat. No. 9,542,710

CATEGORIZING FINANCIAL TRANSACTIONS BASED ON BUSINESS PREFERENCES

INTUIT INC., Mountain Vi...

2. A computer-program product for use in conjunction with a computer system, the computer-program product comprising a non-transitory
computer-readable storage medium and a computer-program mechanism embedded therein to categorize financial transaction data,
the computer-program mechanism performing the method of:
obtaining first financial category transaction data associated with a user, the first financial category transaction data
including first financial category merchant business entity data representing first financial category merchant business entities
that the user has engaged in a transaction with and first financial category merchant business entity name data representing
first financial category merchant business entity names associated with each first financial category merchant business entity
that the user has engaged in a transaction with;

storing the first financial category transaction data in a partitioned first financial category transaction data section of
a memory;

accessing the first financial category transaction data in the partitioned first financial category transaction data section
of the memory;

analyzing, with a processor, the first financial category transaction data to obtain the first financial category merchant
business entity data and the first financial category merchant business entity name data from the first financial category
transaction data;

for each first financial category merchant business entity represented in the first financial category merchant business entity
data, retrieving, via a network, first financial category merchant size data associated with the first financial category
merchant business entity from a business-listings database, the first financial category merchant size data associated with
each first financial category merchant business entity representing a size of the first financial category merchant business
entity;

analyzing, with a processor, the retrieved first financial category merchant size data associated with each first financial
category merchant business entity represented in the first financial category merchant business entity data and determine
the average size of first financial category merchant business entities represented in the first financial category merchant
business entity data;

generating first financial category business size preference data representing the determined average size of first financial
category merchant business entities represented in the first financial category merchant business entity data;

obtaining second category financial transaction data associated with a user, the second category financial transaction data
including second financial category merchant business entity data representing second financial category merchant business
entities that the user has engaged in a transaction with and second financial category merchant business entity name data
representing a second financial category merchant business entity name associated with each second financial category merchant
business entity that the user has engaged in a transaction with;

storing the second category financial transaction data in a partitioned second category financial transaction data section
of a memory;

accessing the second category financial transaction data in the partitioned second category financial transaction data section
of the memory;

analyzing, with a processor, the second category financial transaction data to obtain the second financial category merchant
business entity data and the second financial category merchant business entity name data from the second category financial
transaction data;

for each second financial category merchant business entity represented in the second financial category merchant business
entity data, retrieving, via a network, second financial category merchant size data associated with the second financial
category merchant business entity from a business-listings database, the second financial category merchant size data associated
each second financial category merchant business entity representing a size of the second financial category merchant business
entity;

analyzing, with a processor, the retrieved second financial category merchant size data associated with each second financial
category merchant business entity represented in the second financial category merchant business entity data and determine
the average size of second financial category merchant business entities represented in the second financial category merchant
business entity data;

generating second category business size preference data representing the determined average size of second financial category
merchant business entities represented in the second financial category merchant business entity data;

receiving financial transaction data representing a financial transaction that the user has engaged in, the received financial
transaction data including received merchant business entity data representing a received financial transaction merchant business
entity associated with the financial transaction data and received financial transaction merchant business entity name data
representing a received financial transaction merchant business entity name associated with the received financial transaction
merchant business entity;

comparing, using a processor, the received financial transaction merchant business entity name data with the first financial
category merchant business entity name data and the second financial category merchant business entity name data and if ambiguity
is identified with respect to the received financial transaction merchant business entity name data and at least one merchant
business entity name represented in each of the first financial category merchant business entity name data and the second
financial category merchant business entity name data, retrieving, via a network, received financial transaction merchant
size data from a business-listings database, the received financial transaction merchant size data representing a size of
the received financial transaction merchant business entity associated with the received merchant size data;

comparing, using a processor, the received financial transaction merchant size data to the first category business size preference
data and the second category business size preference data wherein;

if the received financial transaction merchant size data matches the first category business size preference data more closely
than the second category business size preference data, the received financial transaction data is categorized as first financial
category transaction data, further wherein;

if the received financial transaction merchant size data matches the second category business size preference data more closely
than the first category business size preference data, the received financial transaction data is categorized as second financial
category transaction data.

US Pat. No. 9,684,791

METHOD AND SYSTEM FOR PROVIDING A SECURE SECRETS PROXY AND DISTRIBUTING SECRETS

Intuit Inc., Mountain Vi...

1. A system for providing a secure secrets proxy and distributing secrets comprising:
at least one processor; and
at least one memory coupled to the at least one processor, the at least one memory having stored therein instructions which
when executed by any set of the one or more processors, perform a process for providing a secure secrets proxy and distributing
secrets, the process for providing a secure secrets proxy and distributing secrets including:

providing a secure secrets proxy in a first computing environment, the secure secrets proxy being a virtual asset instantiated
in the first computing environment, the secure secrets proxy including secure secrets proxy authentication data;

providing a secrets distribution management system in a second computing environment, the secrets distribution management
system having access to secrets data representing one or more secrets and configured to control the distribution of the one
or more secrets in accordance with one or more secrets distribution policies;

providing, by the secure secrets proxy, the secure secrets proxy authentication data to the secrets distribution management
system;

providing secrets distribution policy data representing one or more secrets distribution factors used to control the distribution
of one or more secrets;

receiving, at the secrets distribution management system, secrets request data from a requesting virtual asset for secrets
data necessary to access a resource of a resource type;

obtaining, by the secrets distribution management system, requesting virtual asset profile data associated with the requesting
virtual asset;

authenticating, by the secrets distribution management system, the secure secrets proxy as a trusted virtual asset eligible
to cache secrets data in a secure secrets cache;

authenticating, by the secrets distribution management system, the requesting virtual asset;
analyzing the requesting virtual asset profile data using one or more of the one or more secrets distribution factors to generate
authorized secrets data for the requesting virtual asset;

providing, by the secrets distribution system to the secure secrets proxy in response to the secrets request data, authorized
secrets data representing one or more requested secrets;

providing, from the secure secrets proxy to the requesting virtual asset, authorized secrets data for the requesting virtual
asset.

US Pat. No. 9,558,521

SYSTEM AND METHOD FOR POPULATING A FIELD ON A FORM INCLUDING REMOTE FIELD LEVEL DATA CAPTURE

Intuit Inc., Mountain Vi...

1. A method for populating a field on a form, comprising:
establishing a secure communication session between a mobile phone and a personal computer, wherein establishing the secure
communication session comprises:

receiving, from the mobile phone, a request to establish the secure communication session;
in response to receiving the request from the mobile phone, sending a notification to the mobile phone, wherein the mobile
phone displays an authentication image in response to receiving the notification;

receiving the authentication image from the mobile phone;
sending the authentication image to the personal computer;
receiving, from the personal computer, a confirmation that the authentication image matches a contents of a photograph of
a display screen of the mobile phone captured using a camera of the personal computer; and

establishing, in response to the confirmation, the secure communication session between the mobile phone and the personal
computer;

receiving, from a user of the mobile phone, a selection of a plurality of source data;
transferring, over the secure communication session, the plurality of source data from the mobile phone to the personal computer;
matching, based on a matching criterion, the plurality of source data to the field in the personal computer, wherein matching
the plurality of source data to the field comprises:

identifying, in the plurality of source data, a label text defined by the matching criterion, wherein the label text corresponds
to the field;

calculating, after matching the plurality of source data to the field, a value for the field based on the matching criterion
and the plurality of source data; and

populating the field with the value.

US Pat. No. 10,579,721

LEAN PARSING: A NATURAL LANGUAGE PROCESSING SYSTEM AND METHOD FOR PARSING DOMAIN-SPECIFIC LANGUAGES

Intuit Inc., Mountain Vi...

1. A computer implemented method, comprising:receiving electronic textual data relating to a form for which one or more machine-executable form field functions needs to be determined, the electronic textual data including natural language instructions relating to the determination of one or more form field values of the form;
analyzing the electronic textual data to determine sentence data representing a plurality of separate sentences of the electronic textual data;
separating the electronic textual data into a data array formed of the sentence data of the determined plurality of separate sentences;
for each given sentence of sentence data representing sentences in the data array:
isolating segment data of one or more segments of the sentence data while relating each resulting segment to prior and succeeding segments of the sentence data, further storing the isolated segment data in one or more segment data memory locations organized to retain structure and relation of one segment to another;
for each segment of the segment data:
classifying segment data of each segment as being of a segment type of a plurality of possible segment types, discarding segment data classified as being of one or more particular predetermined segment types; and
parsing each segment data according to one or more predetermined lexicons and determining whether the segment contains one or more operators, an operator being a natural language token representing an operation that may be performed on data;
upon determining that the segment data representing the segment contains operator data representing one or more operators:
identifying all operators in the segment data representing the segment;
identifying dependency data representing one or more dependencies of the segment data associated with each identified operator;
discarding any tokens not identified as either an operator or a dependency; and
applying one or more operator-specific rules to each identified operator of the segment data to determine a first predicate structure equivalent to the original natural language text of the segment; and
upon determining that the segment data representing the segment does not contain operator data representing one or more operators:
identifying each single or multiword token in the segment data that is a predetermined token of the domain;
determining any remaining tokens of the segment that are not predetermined tokens of the domain and map the identified tokens and the remaining tokens to one or more predetermined rules, resulting in a first predicate structure for the segment data of the segment being analyzed;
mapping one or more of the first predicate structures to one or more predetermined machine-executable functions; and
implementing at least one of the mapped machine-executable functions in an electronic document preparation system.

US Pat. No. 10,169,826

SYSTEM AND METHOD FOR GENERATING EXPLANATIONS FOR TAX CALCULATIONS

INTUIT INC., Mountain Vi...

1. A computer-implemented method, comprising:a calculation engine of a computerized tax return preparation application comprising computer-executable instructions executed by a computing, reading, from a shared data store of the computerized tax return preparation application, runtime data of an electronic tax return being prepared by a user of the computerized tax return preparation application;
populating, by the calculation engine, a directed graph structure of the computerized tax return preparation, the directed graph structure semantically describing data dependent tax operations and comprising respective leaf nodes populated with respective specific runtime data, function nodes associated with respective input nodes, respective functions, and respective result nodes, wherein respective pre-determined explanations are associated with respective function nodes and functions, inputs to a function comprises runtime data of respective associated leaf nodes, and a result node is populated with a calculation result generated by execution of the function,
constructing, by an explanation engine of the computerized tax return preparation application and in communication with the calculation engine, narrative explanation concerning the calculation result based at least in part upon the explanation engine traversing at least a portion of the directed graph structure and determining one or more explanations associated with respective traversed function nodes and functions;
communicating, by the explanation engine, the narrative explanation to a user interface controller of the computerized tax return application that is also in communication with the shared data store; and
presenting, by the user interface controller and through a display of the computing device and to the user, a computer generated interface comprising the calculation result and the narrative explanation associated with the calculation result.

US Pat. No. 10,140,666

SYSTEM AND METHOD FOR TARGETED DATA GATHERING FOR TAX PREPARATION

Intuit Inc., Mountain Vi...

1. A computer-implemented method for the targeted gathering of tax data for use with tax preparation software comprising:a computing device presenting to a user a plurality of interview questions or statements;
the computing device creating a user profile based on the responses to the interview questions or statements;
the computing device executing a data capture utility, the data capture utility including an application programming interface (API) which accesses one or more remotely located data sources and captures tax data from the data sources;
the computing device identifying highly relevant tax topics based on the user profile, wherein a highly relevant tax topic is a tax topic determined to have a probability of being relevant to the user greater than a predetermined threshold;
the computing device confirming with the user whether other tax topics apply to the user, wherein tax topics which are not identified as a highly relevant tax topic and not confirmed by the user as a tax topic which applies to the user are referred to as a low relevance tax topic;
the computing device modifying one or more completion graphs for completing all required data fields for computing a tax return based on the identified highly relevant tax topics by eliminating nodes on the completion graphs representing the low relevance tax topics, the completion graphs converted into a plurality of decision tables, each decision table representing a plurality of columns wherein each column corresponds to a tax question and a plurality of rows wherein each row corresponds to a completion path for a tax rule, thereby forming a plurality of cells with each cell corresponding to a particular row and column, each cell in a respective row having a logic operator corresponding to the tax question of each cell's respective column such that completion of each respective row is determined by the logic operators in the respective row, wherein each cell is related to a node on the tax calculation graph;
the computing device executing a tax logic agent of the tax preparation software, the tax logic agent traversing the decision tables using user-specific tax data to determine one or more suggested tax questions for obtaining missing tax data required to complete the tax return;
the computing device executing a user interface manager of the tax preparation software, the user interface manager receiving the suggested tax questions, determining a tax question to be presented to a user for completing a tax return and generating an interview screen having the tax question to be presented to a user based at least in part upon the suggested tax questions, the user interface manager being detached from the tax logic agent such that the interview screen is not rigidly defined by the tax logic agent; and
the computing device executing a tax calculation engine of the tax preparation software configured to compute a tax liability or refund amount.

US Pat. No. 9,710,829

METHODS, SYSTEMS, AND ARTICLES OF MANUFACTURE FOR ANALYZING SOCIAL MEDIA WITH TRAINED INTELLIGENT SYSTEMS TO ENHANCE DIRECT MARKETING OPPORTUNITIES

INTUIT INC., Mountain Vi...

1. A computer implemented method for analyzing user generated content items in social media networks with trained intelligent
systems, comprising:
at least one computing system identifying a user generated content item that is transmitted from a user computing device of
a user in a social media network via a first network element, wherein the user generated content item includes at least a
part that is expressed in a natural language;

the at least one computing system determining whether the user generated content item is to be further processed with additional
processing at least by performing a first filtering process based in part or in whole upon a set of key terms or a set of
filtering rules, wherein user generated content items determined not to be relevant are discarded from the additional processing;

when the user generated content item is determined to be relevant, the additional processing comprising:
performing, at an artificial intelligence module stored in memory and including or functioning in conjunction with at least
one micro-processor of the at least one computing system, a segmentation process on the user generated content item by segmenting
at least a part of the user generated content item into a plurality of units, storage of the plurality of units in a first
location of memory of the computing system, and a second filtering process on the user generated content item, the second
filtering process producing a smaller user generated content item by discarding a smaller objective portion of the user generated
content item;

identifying or creating, with at least the artificial intelligence module, a response for the user generated content item
at least by referencing at least results of one or more analyses of the plurality of units stored in a second location of
the memory and corresponding to the smaller user generated content item in light of an environment in which the plurality
of units are used and by calibrating the artificial intelligence module via at least validating the user generated content
item, wherein the response includes at least a portion that is expressed in the natural language, and the one or more analyses
and validating the user generated content item enhance accuracy of description of the user generated content item determined
by the artificial intelligence module;

the at least one computing system storing the response in a database and indexing the response with a database index that
facilitates subsequent retrievals of the response to subsequently identified user generated content items;

the at least one computing system transmitting, via a second network element, the response from the at least one computing
system to a user computing device of the user in response to the user generated content item; and

evaluating the response for the user generated content item at least by receiving user input data responding to the response
from the user computing device and by reducing the user input data into reduced user input data, wherein reducing the user
input data comprises filtering out one or more true elements, and analyzing the reduced user input data based in part or in
whole upon a context in which the reduced user input data appears.

US Pat. No. 9,614,899

SYSTEM AND METHOD FOR USER CONTRIBUTED WEBSITE SCRIPTS

Intuit Inc., Mountain Vi...

1. A system for user contributed website scripts comprising:
at least one computing processor; and
at least one memory coupled to the at least one computing processor, the at least one memory having stored therein instructions
which when executed by any set of the at least one computing processors, perform a process for user contributed website scripts
comprising:

receiving user data identifying a user;
determining a list of one or more websites for which a new user contributed website script is desired by
determining one or more accounts of the user, resulting in user accounts:
determining one or more billers having websites for which a less than satisfactory number of user contributed website scripts
are accessible to the process for user contributed website scripts, resulting in prospective websites; and

determining one or more prospective websites associated with one or more of the user accounts and preparing a determined list
of the prospective websites associated with one or more of the user accounts;

receiving user input selecting, from the determined list, a website of the one or more websites for which a new user contributed
website script is desired;

receiving, from the user, data of a user contributed website script of the selected website, resulting in the user becoming
a contributing user, the data of the user contributed website script including one or more user contributed website script
operations designed to be performed on the selected website to gather data of the user;

determining whether the user contributed website script performs successfully;
upon the user contributed website script being determined to have performed successfully, storing the user contributed website
script and activating the user contributed website script for use on behalf of at least one user; and

upon the user contributed website script being determined to have performed unsuccessfully, storing the user contributed website
script and providing feedback to the contributing user.

US Pat. No. 9,836,664

METHOD AND SYSTEM FOR IDENTIFYING AND ADDRESSING IMAGING ARTIFACTS TO ENABLE A SOFTWARE SYSTEM TO PROVIDE FINANCIAL SERVICES BASED ON AN IMAGE OF A FINANCIAL DOCUMENT

Intuit Inc., Mountain Vi...

1. A computer system implemented method for identifying and addressing imaging artifacts to enable a software system to provide
financial services that are at least partially based on an image of a financial document, comprising:
providing, with one or more computing systems, a software system;
receiving, with the software system, image data for a financial document, the image data for the financial document representing
an image of the financial document;

storing the image data in one or more sections of memory associated with the one or more computing systems;
providing an analytics model to identify one or more imaging artifacts in the image of the financial document, the analytics
model being trained with artifact imaging data representing a plurality of imaging artifacts, to enable the analytics model
to identify the one or more imaging artifacts in the image of the financial document;

applying the image data for the financial document to the analytics model to generate image classification data that represents
an image classification, the image classification indicating a likelihood that the image of the financial document includes
the one or more imaging artifacts;

comparing the image classification data to a predetermined threshold;
if the image classification data exceeds the predetermined threshold, applying a filter to the image data to at least partially
reduce the one or more imaging artifacts in the image data;

applying the image data to an optical character recognition engine to identify content data that represents content of the
financial document; and

populating one or more fields in a data structure maintained by the software system, with the content data, to support a financial
service provided by the software system to a user, and to reduce a manual entry of the content data from the financial document
and into the software system by the user.

US Pat. No. 9,754,318

RELATIVE SPENDING PATTERN REPORTS FOR A FINANCIAL MANAGEMENT SYSTEM

Intuit Inc., Mountain Vi...

1. A system for displaying spending pattern data comprising:
one or more processors; and
one or more memories coupled to the one or more processors, the one or more memories having instructions stored therein which
when executed by the one or more processors, perform a process comprising:

obtaining financial transaction data using a computing system implemented financial management system, the financial transaction
data being of a party;

categorizing at least a portion of the financial transaction data using the computing system implemented financial management
system;

storing the financial transaction data;
providing an interface display, the interface display comprising a listing of two or more financial transaction items associated
with the at least a portion of the financial transaction data;

assigning a first set of spending pattern report parameters to a first one of the two or more financial transaction items,
the first set of spending pattern report parameters being distinct from transaction data associated with the first transaction
item, the first set of spending report parameters comprising a first type of visual display of the data to be used in a spending
pattern report, wherein the first type of visual display is automatically selected by the one or more processors based on
historical transaction data collected, and the system further being enabled to utilize spending parameters comprising:

a first timeframe to be covered by a spending pattern report, and
a first period used to determine average and target spending amounts for the spending report timeframe;
assigning a second set of spending pattern report parameters to a second one of the two or more financial transaction items,
the second set of spending pattern report parameters being distinct from transaction data associated with the second transaction
item, the second set of spending report parameters comprising a second type of visual display of the data to be used in a
spending pattern report, wherein the second type of visual display is automatically selected by the one or more processors
based on historical transaction data collected, and the system further being enabled to utilize spending parameters including

a second timeframe to be covered by a spending pattern report, and
a second period used to determine average and target spending amounts for the spending report timeframe,
wherein the second type of visual display is different than the first type of visual display;
receiving a selection by the party, by an event handler informing main logic executed by the one or more processors, the selection
indicating a choice of the first one of the two or more financial transaction items from the listing of two or more financial
transaction items associated with the at least a portion of the financial transaction data;

responsive to the selection of the first one of the two or more financial transaction items, visually distinguishing on the
interface display the first one of the two or more financial transaction items, and choosing the first set of spending pattern
report parameters;

preparing a spending report, by a report builder executed by the one or more processors in response to a request from the
main logic, using the financial transaction data and the first set of spending pattern report parameters, the spending report
being customized to the first type of visual display automatically selected based on historical transaction data collected,
by virtue of using the first set of spending pattern report parameters to prepare the spending report;

utilizing the main logic to orchestrate the preparation of the report and requesting data from a data model; and
displaying the spending pattern report in the interface display, in response to a request from the main logic, within the
context of the selected first one of the two or more financial transaction items, the spending pattern report comprising:

a visual representation of average spending associated with a characteristic of the selected first one of the two or more
financial transaction items over a specified timeframe; and

a visual representation of actual spending associated with a characteristic of the selected first one of the two or more financial
transaction items during the specified timeframe, wherein the visual representation of average spending, the visual representation
of actual spending, and the visually distinguished first one of the two or more financial transaction items are displayed
simultaneously in the interface display.