US Pat. No. 9,454,413

SYSTEMS AND METHODS FOR HANDLING COMMUNICATIONS BETWEEN NETWORK APPLICATIONS

Unisys Corporation, Blue...

1. A method for handling communications between network applications, comprising:
associating, by a processor, a first set of application interfaces (APIs) with a first network application executing in a
first operating system (OS) platform;

receiving, by the processor, via at least one API of the first set of APIs, a message from an API of a second set of APIs
associated with a second network application executing in a second OS platform;

packaging, by the processor, using at least one API of the first set of APIs, the received message, wherein packaging comprises
converting the message from a format configured for use by the second network application on the second OS platform to a format
for use by the first network application on the first OS platform; and

processing, by the processor, the packaged message with the first network application on the first OS platform.

US Pat. No. 9,383,985

AUTOMATED MODIFICATION OF PRE-GENERATED MSI PACKAGED APPLICATIONS

Unisys Corporation, Blue...

1. A method, comprising:
preparing a deployment package for a unique instance via copying a first deployment package to a second deployment package
automatically and changing an identifier or a parameter within the second deployment package automatically such that the second
deployment package is unique from the first deployment package at least via a unique identifier;

creating an executable file for the unique instance, wherein creating the executable file comprises creating a dynamic link
library (DLL);

generating a class file corresponding to the unique instance by a standalone application; and compiling the class file with
an external application to create the DLL;

updating a configuration file for the unique instance; and
packaging the executable file and the configuration file with the deployment package to create the unique instance of the
deployment package for a unique copy of an existing application.

US Pat. No. 9,317,703

ENHANCED SECURITY SETUP FOR MEDIA ENCRYPTION

Unisys Corporation, Blue...

1. A method for setting up secure media encryption in one call, comprising:
providing an interface for an application executing in an emulated environment of a host operating system, in which the application
accesses a security module in the host operating system through calls to the interface;

identifying two or more related calls, from the application to the module, for setting up secure media encryption, the two
or more related calls comprising at least one of:

a call to create a cryptography context;
a call to randomly generate an encryption key;
a call to compute a hash subkey;
a call to store the computed hash subkey in the cryptography context;
a call to compute an initialization vector; and
a call to create a cipher instance, in which a cipher instance initialization vector is initialized to the computed initialization
vector;

combining the two or more related calls into a single call; and
executing the single combined call to the module of the host operating system to perform the two or more related calls.

US Pat. No. 9,411,513

SENSITIVE DATA FILE ATTRIBUTE

Unisys Corporation, Blue...

1. A method, comprising:
receiving an instruction to delete data from a storage device, wherein the data occupies a portion of the storage device;
changing use bits that correspond to the data from in-use status to not-in-use status, wherein one use bit corresponds to
one data bit;

determining whether the data is marked as sensitive data in sensitive data bits, wherein one sensitive data bit corresponds
to one data bit; and

when the data is marked as sensitive data, scrubbing the portion of the storage device.

US Pat. No. 9,384,060

DYNAMIC ALLOCATION AND ASSIGNMENT OF VIRTUAL FUNCTIONS WITHIN FABRIC

Unisys Corporation, Blue...

1. A method of allocating one or more virtual functions of a plurality of virtual functions associated with physical functions
of I/O interface devices of a computing device, the method comprising:
managing one or more physical functions of an I/O interface device within an interconnect partition of a multi-partition virtualization
system implemented at least in part on the computing device; and

during a boot process of a second partition on the computing device, parsing a file to determine an assignment of one or more
virtual functions to the second partition and associate each of the one or more virtual functions to corresponding physical
functions, wherein the file comprises an XML file defining associations between at least one physical function and a plurality
of virtual functions;

based on a change to the XML file adding a new virtual function associated with one of the physical functions, re-setting
a value in an ECAM configuration space identifying a number of virtual functions associated with the physical function, wherein
re-setting the value is performed by a trusted code base executing on the computing system.

US Pat. No. 9,380,083

SYSTEMS AND METHODS OF DISTRIBUTED SILO SIGNALING

Unisys Corporation, Blue...

1. A computer-implemented method having a programmable processor and memory coupled to a communications network, the method
comprising:
receiving, by a signaling server from a host server, a command containing a group field and network interface unit identification
(NIU id);

transmitting, by the signaling server, a select port command to a media server based on the NIU id;
receiving, by the signaling server from the media server, an acknowledgement of port selection;
transmitting, by the signaling server, a command to a remote endpoint where a session initiated protocol (SIP) call is executed;
receiving, by the signaling server from the remote endpoint, a command indicating that the SIP call has been answered by the
remote endpoint;

transmitting, by the signaling server to the media server, a start port command based on the select port command;
receiving, by the signaling server from the media server, an acknowledgement of the start port command;
establishing a real-time transport protocol (RTP) session stream between the media server and the remote endpoint using the
selected port;

receiving, by the signaling server from the media server, a second port selection;
transmitting, by the signaling server to the media server, a second start port command; and
receiving, by the signaling server from the media server, a second acknowledgment;
wherein the acknowledgement of the start port command is failure and the call is no longer active.

US Pat. No. 9,336,696

ENHANCED SECURITY SETUP FOR MEDIA DECRYPTION

Unisys Corporation, Blue...

1. A method for setting up secure media decryption in one call, comprising:
providing an interface for an application executing in an emulated environment of a host operating system, in which the application
accesses a security module in the host operating system through calls to the interface;

identifying two or more related calls, from the application to the module, for setting up secure media decryption, in which
the two or more related calls comprise at least one of:

a call to create a cryptography context;
a call to decrypt an encrypted binary large object (BLOB) using a machine key to obtain an encryption key from the decrypted
BLOB;

a call to compute an initialization vector;
a call to create a cipher instance; and
a call to set an encryption key associated with the cipher instance to the obtained encryption key from the decrypted BLOB
and an initialization vector associated with the cipher instance to the computed initialization vector;

combining the two or more related calls into a single call; and
executing the single combined call to the module of the host operating system to perform the two or more related calls.

US Pat. No. 9,213,816

PROTOCOL FOR BIOMETRIC DEVICE CAPTURE AND QUALITY ANALYSIS

Unisys Corporation, Blue...

1. A computer-implemented method for communicating with peripheral devices comprising:
loading, by a computer, a configuration file specifying supported peripheral devices and defining commands for each supported
peripheral device;

providing, by a computer, a list of one or more peripheral devices to an interface configured to present the list of one or
more peripheral devices;

receiving, by a computer, a selection of a peripheral device from the list of one or more peripheral devices presented in
the interface;

calling, by a computer, a device handler for the selected peripheral device;
invoking, by a computer, protocols for the selected peripheral device that are specified by the device handler corresponding
to the selected peripheral device; and

sending, by a computer, commands entered through the interface to the selected peripheral device using the invoked protocols
of the device handler corresponding to the selected peripheral device.

US Pat. No. 9,189,511

FREE RESOURCES PARAMETER FOR IMPROVING PERFORMANCE OF DATABASE ALTERATIONS

Unisys Corporation, Blue...

1. A computer implemented method for updating database structures in a computing system, the computer implemented method comprising:
establishing at least one database connection with a user;
setting a free resources parameter to initiate the release of database connections, wherein the free resources parameter corresponds
to a dynamic system reconfiguration parameter;

releasing the at least one database connection based on the free resources parameter by releasing the at least one database
connection more rapidly when the free resources parameter is set than when the free resources parameter is not set, wherein
the releasing of the at least one database connection occurs prior to the execution of an end thread command;

updating the database without shutting down the database after the at least one database connection is released and while
the free resources parameter is set; and

unsetting the free resource parameters after the database has been updated.

US Pat. No. 9,094,460

SOCKET TABLES FOR FAST DATA PACKET TRANSFER OPERATIONS

Unisys Corporation, Blue...

1. A method, comprising:
receiving, from an application, a first data packet for transmission over a network interface;
identifying a similar packet in a socket table, wherein the socket table comprises information regarding previously received
data packets, and wherein a similar packet is a previously received data packet in which information regarding the data packet
is similar to information regarding the first data packet; and

determining from the socket table, a network interface transmission method for the first data packet and
queuing, when no similar packet is identified in the socket table, the first data packet for transmission according to a slow
send method; and

adding information corresponding to the first data packet to the socket table.

US Pat. No. 9,386,049

SYSTEMS AND METHODS OF DISTRIBUTED SILO SIGNALING

Unisys Corporation, Blue...

1. A computer-implemented method method having a programmable processor and memory coupled to a communications network, the
method comprising:
establishing, by a signaling server, a real-time transport protocol (RTP) session stream for a call between a media server
and a remote endpoint using a port;

receiving, by the signaling server from a host server, a command to end a call;
transmitting, by the signaling server to the media server, a command to release the port of the call;
receiving, by the signaling server from the media server, an acknowledgement of the command to release the port of the call;
transmitting, by the signaling server to the remote endpoint, a command indicating the call should end; and
receiving, by the signaling server from the remote endpoint, an ok message indicating the command indicating the call should
end was received;

wherein establishing a RTP session stream further comprises: receiving, by a signaling server from a host server, a command
containing a group field and network interface unit identification (NIU id);

transmitting, by the signaling server, a command to a media server containing a port selection based on the NIU id;
receiving, by the signaling server from the media server, an acknowledgement of the command containing the port selection;
transmitting, by the signaling server, a command to a remote endpoint where a session initiated protocol (SIP) call is executed;
receiving, by the signaling server from the remote endpoint, a command indicating that the SIP call has been answered by the
remote endpoint;

transmitting, by the signaling server to the media server, a command to start a port based on a selected port; and
receiving, by the signaling server from the media server, an acknowledgement of command to start the port.

US Pat. No. 9,380,047

INSECURE CONNECTION PROHIBITION

Unisys Corporation, Blue...

1. A method, comprising:
receiving, by a server, a request for a connection from a client application, wherein the server hosts a plurality of processes;
determining, by the server, whether to prohibit or permit the connection with the client application based on whether or not
the client application can use a secure connection;

determining, by the server, if connection security protocol settings are specified by one process on the server or if connection
security protocol settings are specified on a system-wide basis on the server;

prohibiting, by the server, the connection with the client application if the server determines that the client application
cannot use a secure connection; and

permitting, by the server, a secure connection with the client application if the server determines that the client application
can use a secure connection, wherein the permitted secure connection is established with one of:

the one process on the server, if the connection security protocol settings are specified by the one process on the server;
and

the server on the system-wide basis, if the connection security protocol settings are specified on the system-wide basis of
the server.

US Pat. No. 9,363,174

APPARATUS, METHOD, AND SYSTEM FOR A DESTINATION CACHED ROUTING PROTOCOL FOR MOBILE AD HOC NETWORKS

Unisys Corporation, Blue...

1. A method for a destination cached routing protocol for data transmission in a mobile ad hoc network, the method performed
by a plurality of data processing apparatus as a plurality of nodes of the mobile ad hoc network, the method comprising:
using a source node, transmitting a routing request packet for a data transmission route from the source node to a destination
node of the plurality of nodes;

when a routing request is received, using an intermediate node of the plurality of nodes, transmitting a received routing
request message to neighboring nodes of the plurality of nodes;

using the intermediate node, appending the intermediate node address to the routing request packet and forwarding the routing
request packet only to other nodes, of the plurality of nodes, from which a received routing request message was not received
during a first predetermined period of time; using a destination node, for each route request packet received by the destination
node, transmitting a route reply packet having a designated data transmission route between the source node and the destination
node; and

transmitting a data packet, the data packet having the designated data transmission route in a packet header.

US Pat. No. 9,329,883

POST-EXECUTION INSTRUCTION TRACING OF VIRTUALIZED INSTRUCTIONS

Unisys Corporation, Blue...

1. A method of tracing an emulated execution order of non-native instructions based on natively executing code on a computing
system having a native instruction set architecture, the method comprising:
during emulated execution of non-native program code, maintaining a jump history in the computing system, the jump history
including a listing of non-native jump instructions for which execution is emulated in the computing system, wherein the one
or more non-native instructions are included in a virtual instruction block, and wherein the non-native jump instruction is
included in the virtual instruction block as a last instruction in the virtual instruction block; and
for each of the non-native jump instructions included in the jump history:accessing non-native program code including the non-native instructions to determine one or more non-native instructions executed
between the non-native jump instruction and a last-executed non-native jump instruction; and
aggregating the non-native jump instruction and the one or more non-native instructions into an instruction trace.

US Pat. No. 9,319,285

OPTIMIZING PARTITION PLACEMENT IN VIRTUALIZED ENVIRONMENTS

Unisys Corporation, Blue...

1. A method, comprising:
receiving, by a migration server, a network traffic log listing communications between a plurality of partitions spanning
a first server and a second server, wherein the second server comprises a memory; and

identifying, by the migration server, from the network traffic log, a set of related partitions based on a set of criteria,
wherein the plurality of partitions comprises the set of related partitions, wherein the set of related partitions comprises
a first partition and a second partition related to each other based on the set of criteria, wherein the first partition and
the second partition belong to a same system image, wherein the first partition is hosted on the first server, wherein the
second partition is hosted on the second server, where the set of criteria is stored on the migration server;

performing a first determination, by the migration server, of a first average communication cost for the first partition and
a second average communication cost for the second partition, wherein the first average communication cost is based on the
first partition communicating with the set of related partitions, wherein the second average communication cost is based on
the second partition communication with the set of related partitions;

selecting, by the migration server, the first partition over the second partition based on the first average communication
cost being greater than the second average communication cost;

performing a second determination, by the migration server, based on the selecting, of a new location for the first partition
in a hierarchical network tree, wherein the hierarchical network tree comprises a root node, a plurality of parent nodes dependent
from the root node, and a plurality of children nodes dependent from the parent nodes, wherein the children nodes comprise
the first server and the second server, wherein the second server comprises the new location, wherein each node of the hierarchical
network tree represents a communication cost to that respective node, wherein each of the parent nodes aggregates a cost of
all of the children nodes for that parent node, wherein the second determination comprises a traversal of the hierarchical
network tree from the root node to the children nodes and a selection, based on the traversal, of a branch of the hierarchical
network tree with a largest cost, wherein a parent node from the parent nodes comprises the cost which comprises the first
average communication cost;

moving, by the migration server, based on the hierarchical network tree, the first partition from the first server to the
new location on the second server based on the second average communication cost being less than the first average communication
cost such that the first partition and the second partition share the memory.

US Pat. No. 9,201,635

JUST-IN-TIME DYNAMIC TRANSLATION FOR TRANSLATION, COMPILATION, AND EXECUTION OF NON-NATIVE INSTRUCTIONS

Unisys Corporation, Blue...

1. A method for executing non-native instructions in a computing system having a processor configured to execute native instructions,
comprising:
fetching a first non-native instruction from a plurality of non-native instructions;
interpreting the first non-native instruction to generate a first instruction code;
compiling the first instruction code to generate a first native instruction corresponding to the first non-native instruction;
determining, by the processor, whether to execute the first instruction code or the generated first native instruction; and
implementing a first virtual machine instruction corresponding to the first non-native instruction based, at least in part,
on determining whether to execute the first instruction code or the first native instruction, wherein the determining is based
on parameters comprising at least one of user inputs, type of instruction to be executed, and location of instruction in memory.

US Pat. No. 9,576,144

SECURED FILE SYSTEM MANAGEMENT

Unisys Corporation, Blue...

1. A method of accessing data secured and encrypted using a file system manager, the method comprising:
determining whether a community of interest (COI) key obtained from a security appliance matches a COI key associated with
a file structure managed by the file system manager that is the subject of a file system request issued by a caller;

identifying an entry included in a key bank associated with the COI key and the file structure that is the subject of the
file system request, the key bank storing encrypted versions of a metadata key;

decrypting the metadata key using the COI key;
decrypting at least one block encryption key using the metadata key; and
decrypting a block of data associated with the at least one block encryption key;
wherein the metadata key is included in a metadata key entry including a first identity value and a second identity value;
wherein the at least one block encryption key is included in a block encryption key entry including the second identity value
and a third identity value; and

wherein the third identity value comprises a portion of the block of data associated with the at least one block encryption
key.

US Pat. No. 9,462,087

AVOIDING COLLISIONS IN INTERNET PROTOCOL (IP) PACKET IDENTIFICATION NUMBERS

Unisys Corporation, Blue...

1. A computer-implemented method for providing secure communications over a network having data packets with identification
IDs, the method, comprising:
receiving, at a processor, data for transmission over a network coupled to a communications adapter according to a protocol;
generating, by the processor, a pseudo-random number; formatting, by the processor, the data into one or more internet protocol
(IP) packets, wherein the step of formatting the data into one or more internet protocol (IP) packets comprises inserting
the pseudo-random number as an identifier in the one or more internet protocol (IP) packets;

after generating the pseudo-random number, comparing the pseudo-random number, a source address, and a destination address
with a collision table; and

when a collision is identified for the generated pseudo-random number, the source address, and the destination address; incrementing
the pseudo-random number until no collision is identified for the incremented pseudo-random number;

transmitting, through the communications adapter under control of the processor, the one or more internet protocol (IP) packets;
wherein the collision table comprises a protocol identifier, a time stamp, and pointers to implement a linked list, which
may be chained off an indexed entry into the collision array.

US Pat. No. 9,208,111

TRIGGERING PROCESSING OF NETWORK REQUESTS

UNISYS CORPORATION, Blue...

1. A method, comprising:
receiving, by a processor, an input/output request for a network device;
placing, by the processor, on a network queue the input/output request;
determining whether a triggering flag is enabled before triggering the handler; and
triggering, by the processor, a handler for the network queue, in which the step of triggering is performed when the triggering
flag is determined to be enabled to process the input/output request.

US Pat. No. 9,189,310

AUTOMATED MONITORING OF SERVER CONTROL AUTOMATION COMPONENTS

Unisys Corporation, Blue...

1. A method, comprising:
transmitting, by an automated server control system, a request for state information associated with a component of a control
system;

detecting, by an automated server control system, at least one of:
a reception of the state information for the component; and
a threshold time period without reception c e state information for the component;
determining, by an automated server control system, if the received state information for the component comprises an error
condition; and

outputting an alert based on at least one of:
detecting the threshold time period expiring without reception of the state information for the component; and
determining that the received state information comprises an error condition;
wherein the state information comprises system login sequences.

US Pat. No. 9,384,149

BLOCK-LEVEL DATA STORAGE SECURITY SYSTEM

Unisys Corporation, Blue...

7. A method of reading secured data in a network, the method comprising:
receiving a request from a client device to read a block of data managed by a secure storage appliance;
determining a number of secondary blocks of data required to reconstitute the block of data;
transmitting a request for the number of secondary blocks of data to a plurality of shares located at a plurality of physical
storage devices, the plurality of shares corresponding to the number of secondary blocks of data required to reconstitute
the block of data, each of the secondary blocks of data representing a portion of the block of data encrypted by a different
session key;

encrypting each session key with a workgroup key prior to storing the session key on the physical storage device associated
with the session key, wherein the workgroup key is associated with a community of interest capable of accessing the data;

receiving at least the number of secondary blocks of data required to reconstitute the block of data from the plurality of
shares;

reconstituting the block of data from the secondary blocks of data by decrypting each of the shares received from the physical
storage devices using session keys associated with each of the physical storage devices; and

transmitting the reconstituted block of data to the client device;
wherein the different session keys are associated with a virtual disk associated with one or more communities of interest
providing access to shares only to members of associated communities of interest.

US Pat. No. 9,330,380

METHOD AND SYSTEM FOR MANAGING ONE OR MORE RECURRENCIES INCLUDING EXCLUSIONARY SCHEDULE

Unisys Corporation, Blue...

1. A computer-implemented method for managing one or more recurrencies of tasks, the method comprising:
defining by a user one or more recurrency tasks, each recurrency task having associated recurrency parameters;
identifying by a system recurrency application a recurrency period based on the recurrency parameters associated with the
one or more recurrency tasks;

disaggregating by the system recurrency application the one or more recurrency tasks into individual scheduled events over
a span of the recurrency period by applying the recurrency parameters associated with the one or more recurrency tasks to
the recurrency period;

determining if an exclusionary schedule is to be applied, and if so, applying by the system recurrency application an exclusionary
schedule to the individual scheduled events, wherein the exclusionary schedule is defined by the user and comprises one or
more days that are to be excluded from the recurrency period to modify conflicting events; and

outputting by the system recurrency application the edited recurrent tasks in a pre-defined file format.

US Pat. No. 9,686,220

DEBUG AND VERIFY EXECUTION MODES FOR COMPUTING SYSTEMS CALCULATING AUTOMATION DEGREE OF IMPLEMENTATION METRICS

Unisys Corporation, Blue...

1. A method, comprising:
selecting, by the message system, a first message execution mode for messages received by the message system, wherein the
first message execution mode is selected from a group consisting of a first message execution mode and a second message execution
mode;

receiving, by a message system, a first plurality of messages relating to events occurring on a host system;
processing, by the message system, the first plurality of messages in accordance with the selected first message execution
mode, wherein processing in accordance with the first message execution mode comprises executing actions invoked by execution
of a first portion of the first plurality of messages and logging, but not executing, actions invoked by execution of a second
portion of the first plurality of messages; and

determining an automation degree of implementation metric indicative of the degree of automation implemented in the massage
system, wherein the automation degree of implementation metric comprises a percentage or an absolute number of messages automated
in the message system.

US Pat. No. 9,594,707

DATA INPUT/OUTPUT (I/O) HANDLING FOR COMPUTER NETWORK COMMUNICATIONS LINKS

Unisys Corporation, Blue...

1. A method for performing data in input/output (I/O) operations using at least one computer network communications link,
comprising:
assigning a first block of virtual addresses, equal to the size of available physical memory, for exclusive usage with at
least one computer network communications link;

registering the entire first block of virtual addresses prior to an operating system partition performing I/O operations using
the at least one computer network communications link, wherein registering comprises setting a plurality of virtual page frame
numbers of the first block of virtual addresses to point to distinct pages of physical memory;

performing one or more I/O operations using the at least one computer network communications link and the registered first
block of virtual addresses, wherein the one or more I/O operations are performed without each I/O operation being associated
with a distinct memory registration or a distinct memory deregistration;

receiving an instruction to perform an I/O operation;
combining the assigned first block of virtual addresses with a block of physical addresses to obtain a combined second block
of virtual addresses;

instructing the at least one computer network communications link to perform a direct memory access I/O operation using the
combined second block of virtual addresses and the block of physical addresses;

dynamically associating a third block of virtual addresses with the block of physical addresses before instructing the at
least one computer network communications link to perform the direct memory access I/O operation; and

disassociating the third block of virtual addresses from the block of physical addresses after the direct memory access I/O
operation has been performed.

US Pat. No. 9,449,305

METHOD OF ORGANIZING A DATABASE ACCORDING TO AN EVENT FOR A WEB-BASED CONFERENCE COLLABORATION TOOL WITH DYNAMIC CONTENT AND ROLES

Unisys Corporation, Blue...

1. A computer-implemented method comprising:
creating, by a server, a record for a conference in a database comprising a non-transitory machine-readable medium storing
one or more records for a plurality of conferences, the database storing dynamic content associated with one or more conferences,
and a plurality of page views configured to display dynamic content, wherein each respective record is associated with an
event identification key that uniquely identifies the conference associated with the respective record;

receiving, by the server, a dynamic content from a client device during the conference via a network browser running on the
client device, wherein the record for the conference is associated with a set of page views assigned to the event identification
key, and a set of dynamic content assigned to the event identification key, and wherein each respective page view in the set
of page views is configured to display, based on a characteristic of the client device, dynamic content in the set of dynamic
content assigned the event identification key that is associated with the record for the conference, wherein the dynamic content
in the set of dynamic content is updated in real-time in response to an input received from the client device via the network
browser during the conference, and wherein updated dynamic content in the set of dynamic content is transmitted by the server
to all client devices connected to the server requesting information about the conference in response to determining authorization
level of a user associated with each of the client devices;

assigning, by the server, to the dynamic content, the event identification key associated with the record for the conference,
wherein the event identification key references the record for the conference and associates the dynamic content with the
record for the conference; and

storing, by the server, the received dynamic content in the database, wherein the dynamic content is included in the set of
dynamic content associated with the record for the conference in accordance with the event identification key.

US Pat. No. 9,348,700

ROLLBACK COUNTERS FOR STEP RECORDS OF A DATABASE

Unisys Corporation, Blue...

1. A method, comprising:
recording one or more transaction updates to a database, wherein recording comprises assigning to a transaction update a step-id,
in which the database is configured to record a step-id in at least two different step-id formats;

performing a first rollback of database processing on the database using at least one transaction update with assigned step-id,
in which the database is capable of performing a first rollback with either of the at least two different step-id formats;

recording a number of times the one or more transaction updates are rolled back; and
recovering the database using the one or more transaction updates without applying updates previously rolled back in the first
rollback;

wherein the at least two different step-id formats include:
a step-id formatted with an identification number set to a time, in a coordinated universal time (UTC) format, that does not
change with seasonal offsets and a unique transaction identification value appended to the identification number;

a step id formatted with a time which is not formatted in coordinated universal time (UTC) format, a sequence number, and
an advance number; and

wherein the step of recording the first rollback comprises incrementing a rollback counter in a rollback record, and in which
the step of performing the recovery comprises using the rollback counter to identify portions of the step that rolled back.

US Pat. No. 9,213,563

IMPLEMENTING A JUMP INSTRUCTION IN A DYNAMIC TRANSLATOR THAT USES INSTRUCTION CODE TRANSLATION AND JUST-IN-TIME COMPILATION

Unisys Corporation, Blue...

1. A method for implementing a jump instruction, comprising:
interpreting, by a processor, a first non-native instruction to generate a first instruction code after an initial scheduling
of the first non-native instruction for execution;

storing, by the processor, the first instruction code and an address of a target instruction code pointed to by the first
instruction code, wherein the address corresponds to an address in a shadow memory;

determining, by the processor, if a second instruction code is available at the shadow memory address of the target instruction
code pointed to by the first instruction code;

compiling, by the processor, during a subsequent scheduling of the first non-native instruction for execution, and without
reinterpreting the first non-native instruction during the subsequent scheduling, at least the first instruction code and
the second instruction code, both retrieved from the shadow memory, as a group to generate a native instruction path when
it is determined that the second instruction code is available in the shadow memory; and

defining a maximum number of target instruction codes for the first instruction code; and
compiling no more than the maximum number of target instruction codes with the first instruction code to generate the native
instruction path.

US Pat. No. 9,110,727

AUTOMATIC REPLICATION OF VIRTUAL MACHINES

Unisys Corporation, Blue...

9. A computer-implemented system for automatically replicating virtual machines across wide area networks, the system comprising:
selected, from a plurality of secondary backend computing devices, at least one secondary backend computing device for storing
at least one replica of a first virtual machine for physical hosting of a first virtual machine image;

a primary backend computing device configured to monitor the first virtual machine image for any updates, where the update
to the first virtual machine image creates a second virtual machine image;

wherein the primary backend computing device is further configured to partition the first virtual machine image into a set
of first virtual machine image components, and the second virtual machine image into a set of second virtual machine image
components;

wherein the primary backend computing device is further configured to index the first set of virtual machine image components
into an index of stale virtual machine image components, and the second set of virtual machine image components into an index
of active virtual machine image components;

wherein the primary backend computing device is further configured to compare the set of active virtual machine image components
to the set of stale virtual machine components to identify new active virtual machine image components, where the new active
virtual machine image components are transmitted to the selected secondary backend computing device; and

wherein the selected secondary backend computing device is further configured to update the at least one replica of the first
virtual machine with the new active virtual machine image components, to replicate the second virtual machine image in the
selected secondary backend computing device.

US Pat. No. 9,804,877

RESET OF SINGLE ROOT PCI MANAGER AND PHYSICAL FUNCTIONS WITHIN A FABRIC

Unisys Corporation, Blue...

1. A method of managing reset of a physical function of an input/output (“I/O”) device in a computing system, the physical
function included in a single-root Peripheral Component Interconnect (“PCI”) manager, the method comprising:
maintaining a count of active virtual functions associated with the physical function included in the single-root PCI manager,
upon determining, at a first time, that the single-root PCI manager is to be reset and that the physical function is associated
with at least one active virtual function, resetting the single-root PCI manager without resetting the physical function;

upon determining, at a second time, that no active virtual functions are associated with the physical function, allowing the
physical function to be reset within the single-root PCI manager;

while resetting the physical function, persisting a configuration memory space associated with the physical function; and
associating the persisted configuration memory space with the physical function after the physical function is reset;
wherein resetting the single-root PCI manager at the first time occurs prior to resetting the physical function at the second
time.

US Pat. No. 9,659,313

SYSTEMS AND METHODS FOR MANAGING INTERACTIVE FEATURES ASSOCIATED WITH MULTIMEDIA CONTENT

Unisys Corporation, Blue...

1. A method of managing interactive features associated with multimedia content, the method comprising:
applying a container to a multimedia content using one or more computing systems, the multimedia content being a piece of
content having a predetermined playback time, and the container defining an interface through which a metadata external to
the multimedia content is linked with a portion of one or more portions of the multimedia content occurring within the predetermined
playback time, each portion of the one or more portions of the multimedia content is defined by a segment of the predetermined
playback time of the multimedia content, wherein the one or more portions comprise a first portion and a second portion defining
different, segments of the predetermined playback time, wherein the portion of the one or more portions of the multimedia
content is the first portion;

receiving a first request for the multimedia content from a content consumer;
associating a set of the metadata objects describing one or more interactive features with the multimedia content, the set
of the metadata linked to the portion of the one or more portions of the multimedia content via the interface of the container
and selected from a database including the metadata defining interactive features associated with the multimedia content;
and

upon receiving a second request for a playback of the multimedia content, providing the playback of the multimedia content
via the container and presenting the one or more interactive features to the content consumer during the playback of the segment
of the predetermined playback time corresponding to the portion of the one or more portions of the multimedia content to the
content consumer, wherein the playback comprises the first portion and the second portion, wherein the one or more interactive
features change upon completing the first portion and starting the second portion;

wherein the metadata objects comprise one or more: event data, text index information, identified supplemental content that
is used alongside playback of the multimedia content, video metadata describing specific attributes of the multimedia content
that are common across all playback requests, objects of interest data, location information, content consumer account data,
content consumer session data, search keyword data, and administrative data;

wherein the one or more interactive features presented to the content consumer include a first objects of interest data that
is different from a second objects of interest data included in the one or more interactive features presented to a second
content consumer during playback of the segment to the second content consumer, based on user preference data associated with
the second content consumer.

US Pat. No. 9,612,804

BUSINESS SUITE FRAMEWORK FOR DEVELOPING SOFTWARE APPLICATIONS

Unisys Corporation, Blue...

1. A method, comprising:
receiving, at a system modeler, a class comprising a plurality of attributes defining data and behavior of a client application;
receiving, at the system modeler, a selection of at least a portion of the plurality of attributes for exposing through a
graphical presentation interface;

generating, by the system modeler, a software framework project comprising a data model based, at least in part, on the received
selection and the received class;

receiving an indication of a change in the class;
updating, by the system modeler, the data model based, at least in part, on the change in the class; and
automatically regenerating, by the system modeler, an updated version of the software framework project based on the updated
data model;

wherein the data model comprises a mashup view extending a DataViewModel as a partial class generated when an access layer
is generated, the mashup view permits the DataView Model to be extended without a risk of overriding changes when regenerating
the DatViewModel;

wherein the system modeler, having a client framework development module integrated using interface data models containing
graphical presentation attribute definitions, interfaces a client framework runtime environment, and operates on a server,
and

wherein the client application operates on a remote client.

US Pat. No. 9,525,666

METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS

Unisys Corporation, Blue...

1. An endpoint comprising:
a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication
interface configured to send and receive data packets via a data communications network;

a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access
list defining a group of access permissions for a community of interest, wherein the community of interest includes one or
more users, and wherein an access list from among the one or more access lists defines a set of clear text access permissions
associated with a community of interest; and

a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send
and receive data packets via the data communications network, the driver configured to selectively split and encrypt a data
packet into a plurality of data packets based at least in part upon the contents of the one or more access lists, the driver
further configured to effectuate transmission of the split and encrypted data packet through transmission of the plurality
data packets;

wherein the driver encrypts the data packets using a community-of-interest specific encryption key associated with the community
of interest as identified upon the access list.

US Pat. No. 9,483,639

SERVICE PARTITION VIRTUALIZATION SYSTEM AND METHOD HAVING A SECURE APPLICATION

Unisys Corporation, Blue...

1. A virtualization method for a host computing device having at least one host processor and system resources including memory
divided into most privileged system memory and less privileged user memory, the method comprising:
providing an ultraboot application that operates in the less privileged user memory and divides the host computing device
into a resource management partition, at least one virtual service partition and at least one virtual guest partition,

executing the ultraboot application to divide the host computing device into the resource management partition, the at least
one virtual guest partition providing a virtualization environment for at least one guest operating system, the at least one
virtual service partition providing a virtualization environment for the basic operations of the virtualization system, and
the resource management partition maintaining a resource database for use in managing the use of the at least one host processor
and the system resources;

building a secure application;
executing the secure application in the at least one virtual guest partition, wherein the at least one virtual guest partition
is an isolated secure partition, wherein the isolated secure partition includes a security manifest portion for controlling
the execution of the secure application within the isolated secure partition, wherein the isolated secure partition includes
a secure application operating system (OS) portion that supports only the execution of the secure application within the isolated
secure partition, wherein the secure application operating system (OS) portion includes a secure application runtime portion
that provides the runtime needed to execute the secure application within the isolated secure partition;

maintaining, by a monitor in the most privileged system memory, guest applications in the at least one virtual guest partition
within memory space allocated by the at least one virtual service partition to the at least one virtual guest partition; and

controlling multitask processing in the partitions on the at least one host processor by a context switch between the at least
one monitor and the respective virtual guest partitions and the at least one virtual service partition,

wherein the at least one virtual service partition further comprises a plurality of isolated secure partitions isolated from
one another, wherein at least one of the isolated secure partitions includes a secure application executing therein and isolated
from the other isolated secure partitions, and wherein at least one of the isolated secure partitions includes a primary secure
application executing therein and sharing the isolated secure partition with at least one other secure application that is
allowed to be executed with the primary secure application within the isolated secure partition.

US Pat. No. 9,411,710

AUTOMATED REGRESSION TEST CASE SELECTOR AND BLACK BOX TEST COVERAGE TOOL FOR PRODUCT TESTING

Unisys Corporation, Blue...

1. A method for testing a computer application, the method comprising:
identifying, by a test server, components of a version of the application, said components including one or more components
that are one of new and modified, wherein each of the one or more components corresponds to a keyword;

generating, by the test server, a keyword matrix of the identified application components, the keyword matrix having a set
of all identified application components as a first dimension and a set of the one or more components that are one of new
and modified as a second dimension, wherein the keyword matrix comprises the keywords;

performing, by the test server, a search in a test script repository with respect to components listed as at least one of
the first and second dimensions, said test script repository including test scripts referencing at least some of the identified
components, and determining a result of the search;

populating, by the test server, the keyword matrix with test case identification numbers in the search result, the test case
identification numbers corresponding to test scripts that refer to the at least some of the identified components of the application;
and

based on the populated keyword matrix, identifying, by the test server, one or more of (a) gaps in test case coverage for
the version of the application, and (b) one or more test cases covering the version of the application.

US Pat. No. 9,392,034

SYSTEMS AND METHODS OF DISTRIBUTED SILO SIGNALING

Unisys Corporation, Blue...

1. A computer-implemented method having a programmable processor and memory coupled to a communications network, the method
comprising:
receiving, by a signaling server from a remote endpoint, an invite to the remote endpoint containing the remote endpoint information
needed to establish a real-time transport protocol (RTP) session;

transmitting, by the signaling server to a media server, a command to start a port including a remote internet protocol (IP)
address and a remote port number;

transmitting, by the signaling server to the remote endpoint, an acknowledgment indicating the signaling server viewed the
invite;

receiving, by the signaling server from the media server, an acknowledgement of the start port command and returning the port
to be used for a call;

transmitting, by the signaling server to the host server, a command indicating the call to be answered by an application running
on the host;

receiving, by the signaling server from the host server, an answer to the call;
receiving, by the signaling server from the media server, a second port selection;
transmitting, by the signaling server to the media server, a second start port command; receiving, by the signaling server
from the media server, a second acknowledgment; and

establishing, by the signaling server, a second real-time transport protocol (RTP) session stream between the media server
and the remote endpoint using the selected second port, wherein the second port is selected from a list of available ports;

wherein the acknowledgement of the start port command is failure and the call is no longer active.

US Pat. No. 9,202,592

SYSTEMS AND METHODS FOR MEMORY MANAGEMENT IN A DYNAMIC TRANSLATION COMPUTER SYSTEM

Unisys Corporation, Blue...

1. A method, comprising:
obtaining, by a processor, a block of virtual memory for use in an emulated operating environment from a slab of virtual memory
in a host environment;

detecting, by the processor, a fill type of the block of virtual memory;
filling, by the processor, the block of virtual memory with zeros and a pattern based, at least in part, on the fill type;
and

disabling, by the processor, local-timer interrupts;
wherein the step of disabling may occur before or after the step of obtaining, detecting, or filling.

US Pat. No. 9,141,400

TECHNIQUE FOR DEPLOYING OPERATING SYSTEMS IN A VIRTUALIZED ENVIRONMENT

Unisys Corporation, Blue...

1. A method of creating and capturing a guest disk image comprising:
creating, by a computer, a plurality of virtual disks from a single storage array, wherein the virtual disks include at least
one virtualization software disk and at least one guest disk, and wherein the at least one guest disk is minimally sized for
deployment of an operating system and at least one data files and to minimize unused space;

installing, by a computer, virtualization software onto the at least one virtualization software disk, wherein the virtualization
software bundles a virtualization software console and a restore environment;

partitioning, by a computer running the virtualization software, the guest disk into at least an operating system (OS) partition
and a data partition;

installing, by a computer running the virtualization software, a guest operating system that bundles virtualization drivers
onto the OS partition of the guest disk;

booting, by a computer running the virtualization software, the guest operating system through the virtualization software
console;

configuring, by a computer, settings of the guest operating system depending on applications or services installed on the
guest disk;

booting, by a computer running the virtualization software, the restore environment from the virtualization software console;
capturing, by a computer, a guest disk file system of the OS partition into a first disk image file and a guest disk file
system of the data partition into a second image file; and

saving, by a computer, the first and second disk image files to the at least one virtualization software disk;
updating, by a computer running the virtualization software, virtualization drivers onto the guest operating system so that
the guest operating system communicates with computer hardware through the virtualization software.

US Pat. No. 9,652,606

CLOUD-BASED ACTIVE PASSWORD MANAGER

Unisys Corporation, Blue...

1. A computer-implemented method for managing passwords using a remote password manager server communicating with a client
device to provide log-in credentials permitting access to a remote web server using a web browser, the method comprising:
registering the client device with the password manager server using an activation ID;
specifying one or more websites requiring passwords to be managed by the password manager server and security parameters associated
with each website;

synchronizing the password manager server and the client device;
identifying, by the password manager server, in a software code of a webpage of a website accessed from the remote web server
by the client device one or more keywords matching one or more field keywords in a list of field keywords, the list of field
keywords comprising field keywords identifying a login field and a change password field;

parsing, by the password manager server, the software code of the webpage based upon one or more matches between the one or
more keywords in the code of the webpage and the list of field keywords;

identifying, by the password manager server, in the software code of the webpage a formatting tag associated with each of
one or more matched keywords from the list of field keywords, each formatting tag matching one or more formatting tags in
a list of formatting tags;

inputting, by the password manager server, one or more data inputs into one or more fields of the webpage respectively, the
one or more fields identified by the one or more field keywords matching the one or more keywords in the code of the webpage,
wherein each respective data input is based upon the formatting tag associated with the field keyword that identifies the
respective field, and wherein at least one data input is a new password for the website account;

generating, the password manager server, a record associated with the website in a password manager database, the record containing
information pertaining to the new password of the website account, wherein the information comprises at least the one or more
matched keywords and the formatting tags associated with each input field;

generating, by the password manager server, one or more new data inputs based upon the information stored in the record; and
inputting, by the password manager server, the one or more new data inputs into the one or more fields of the webpage according
to the formatting tag associated with each respective field, thereby updating the password for the website.

US Pat. No. 9,483,289

OPERATING SYSTEM IN A COMMODITY-BASED COMPUTING SYSTEM

Unisys Corporation, Blue...

1. A computer-implemented method for managing computing resources comprising:
monitoring, by a managing computer executing a fabric manager software module, one or more execution environments associated
with one or more partitions of a plurality of computers, wherein each respective computer comprises a partition hosting an
execution environment, and wherein an the execution environment comprises an operating system and one or more services executed
by an the operating system;

detecting, by the managing computer, a service need associated with a first execution environment of a first partition of
a first computer when the operating system of the first execution environment does not comprise the service needed;

providing, by the managing computer, a service of a second execution environment of the first partition of a second computer
to the first execution environment of the first partition of the first computer based on the service need associated with
the first execution environment;

executing, by the managing computer, each of the one or more services independently of each of the execution environments;
and

executing, by the managing computer, each of the one or more services independently of each of the one or more services
commissioning, by the computer, onto one or more partitions one or more new images executing one or more services associated
with an application;

automatically identifying, by the computer, one or more redundant partitions to store one or more sets of at least one of
the services, wherein each redundant partition is a partition capable of storing a set of at least one of the services;

commissioning, by the computer, each set of services onto redundant partition, wherein the redundant partition is a partition
capable of executing the set of services;

detecting, by the computer, one or more failed services corresponding to the one or more one or more services commissioned
onto a partition;

automatically triggering, by the computer, a set of one or more redundant partitions to respectively execute the set of services
corresponding to the one or more failed services.

US Pat. No. 9,330,147

DATABASE AND DATA BUS ARCHITECTURE AND SYSTEMS FOR EFFICIENT DATA DISTRIBUTION

Unisys Corporation, Blue...

1. A computer-implemented method for managing distributed data using any of a plurality of data model types, the method comprising:
receiving a data request from one of a plurality of database interfaces, each database interface associated with a different
data model type;

translating the data request to a second data request based at least in part on a data model neutral description of a data
model that is associated with data and the database interface, wherein the second data request comprises a data model neutral
request and the data model neutral description is included with a plurality of descriptions of each of a plurality of different
data models corresponding to the different data model types;

executing the second data request, thereby reflecting the data request in data storage such that data is managed consistently
across each of the plurality of database interfaces;

wherein executing the data model neutral request occurs within a data model neutral data layer and issues a plurality of divided
data request tasks to each of a plurality of computing systems configured to store data in the data model neutral data layer,
the data model neutral data layer including data storage distributed across a plurality of computing systems; and

receiving data from the data model neutral data layer and translating the data to a format recognizable to the database interface.

US Pat. No. 9,311,117

SYSTEM AND METHOD OF CAPACITY MANAGEMENT

Unisys Corporation, Blue...

1. A method for providing a system name of a computer system, comprising:
generating a system ID key based on a system type of the computer system using an external key generator module, wherein the
system ID key comprises a system name;

installing the system ID key on the computer system in an active operating state by:
extracting the system name from the system ID key;
updating operating system structures for immediate use of the system name;
writing a machine name index into halt/load parameters that are implemented by the computer system for subsequent restarts
of the computer system after suspending the computer system, wherein the machine name index identifies a location of the system
name in a system registry; and

writing the system name into the system registry from the system ID key.

US Pat. No. 9,946,740

HANDLING SERVER AND CLIENT OPERATIONS UNINTERRUPTEDLY DURING PACK AND AUDIT PROCESSES

Unisys Corporation, Blue...

1. A method, comprising:receiving, at an information server, a query for a database in communication with the information server;
executing, by the information server, the query against the database;
storing, by the information server, a record of the query in a first audit trail;
determining, by the information server, that a size of the first audit trail has reached a predetermined threshold size; and
when the size has reached the predetermined threshold size executing the steps comprising:
initiating, by the information server, a pack process on the first audit trail to switch from the first audit trail to a second audit trail;
receiving, by the information server, a second query for the database while the pack process is executing; and
storing, by the information server, a record of the second query in a third audit trail while the pack process is executing.

US Pat. No. 9,519,757

AES-GCM BASED ENHANCED SECURITY SETUP FOR MEDIA ENCRYPTION

Unisys Corporation, Blue...

1. A method for setting up secure media encryption in one function call, comprising:
providing an interface for an application executing in an emulated environment of a host operating system, in which the application
accesses a security module in the host operating system through function calls to the interface;

identifying two or more related function calls, from the application to the module located outside of the emulated environment,
for setting up secure media encryption, in which the two or more related function calls comprise at least two of:

a function call to create a cryptography context;
a function call to randomly generate an encryption key;
a function call to compute a hash subkey;
a function call to create an advanced encryption standard in Galois Counter Mode (AES-GCM) cipher instance; and
a function call to store the AES-GCM cipher instance and the computed hash subkey in the cryptography context;
combining the two or more related function calls into a single function call; and
executing the single combined function call to the module of the host operating system located outside of the emulated environment
to perform the two or more related function calls;

identifying a type of encryption to be setup, wherein identifying the type of encryption indicates whether a different initialization
vector should be generated for each distinct set of input data to be encrypted; and

receiving an input parameter, at the application, that identifies an initialization vector generation algorithm, wherein at
least one of the two or more related function calls is based, at least in part, on the received input parameter.

US Pat. No. 9,804,750

TEXTBOX ASSOCIATED WITH DEVICE NATIVE FEATURES

Unisys Corporation, Blue...

1. A method for retrieving data on a textbox in a cross-platform mobile application using a native feature of a mobile device,
the method comprising:
displaying a user interface element adjacent a textbox in the cross-platform mobile application, the user interface associated
with a predetermined native feature of the mobile device;

receiving a user input through the user interface element including a graphical icon, visual indicator, and text-based interfaces
and have different designs in accordance with functionalities of the user interface element;

accessing the predetermined native feature of the mobile device corresponding to the user input received from the user interface
element; and

displaying information associated with the predetermined native feature of the mobile device in the textbox.

US Pat. No. 9,794,237

SECURED NETWORKS AND ENDPOINTS APPLYING INTERNET PROTOCOL SECURITY

Unisys Corporation, Blue...

1. A method of managing secure communications states in an endpoint within a secure network, the method comprising:
in a disconnected state, transmitting from a first endpoint to a second endpoint a first message including an authorization
token, the authorization token including one or more entries, each entry corresponding to a community of interest associated
with a user of the first endpoint and including an encryption key and a validation key associated with the first endpoint
and encrypted with a corresponding community of interest key and entering a pending state;

in the pending state, receiving from the second endpoint a second message including a second authorization token at the first
endpoint, the second authorization token including one or more entries, each entry corresponding to a community of interest
associated with the second endpoint and including an encryption key and a validation key associated with the second endpoint
and encrypted with the corresponding community of interest key;

based on receipt of the second message, entering an open state and initializing a tunnel between the first and second endpoints
using an IPsec-based secured connection; and

upon termination of the tunnel due to a termination or timeout message issued by at least one of the first and second endpoints,
entering a closed state;

wherein a community of interest includes a plurality of users having common user rights and segregating user groups by way
of assignment of different cryptographic keys used for each user group, and any message from by an unauthorized endpoint that
is not a member of the community of interested are not responded to in any way.

US Pat. No. 9,489,158

PRINT LOGGING FOR USE WITH TERMINAL EMULATORS

Unisys Corporation, Blue...

1. A method, comprising:
determining a user access for one or more print requests;
creating a print log data;
analyzing the print log data;
developing one or more data reports based on the print log data in response to an inquiry request;
creating a data buffer based on a received input;
reading the data buffer;
creating a staging record based on information contain in the data buffer, wherein the staging record includes a computer
name, a computer IP address, a printer name, and a log status, the log status includes a value, the value indicates one selected
from the following: print request details have been successfully logged and print request details cannot be logged;

sending an access message to a user based on the user access; and
initializing a processing routine.

US Pat. No. 9,514,325

SECURED FILE SYSTEM MANAGEMENT

Unisys Corporation, Blue...

1. A method for processing file system requests using a file server, the method comprising:
receiving a file system request and a user identification associated with the file system request from a caller, wherein the
file system request includes a path identifying an existing file system structure in an existing directory;

obtaining a community of interest (COI) credential associated with the user identification;
identifying the existing file system structure in the path;
providing access to the existing directory, and returning a handle to the directory to the caller based on an assessment that
the caller has permission to access the existing directory;

determining whether at least one COI included in the COI credential matches at least one COI associated with the existing
file system structure; and

determining whether at least one COI included in the COI credential matches at least one COI associated with the existing
file system structure; and

assessing visibility of the existing file to the caller based on a COI associated with the existing file system structure;
wherein:

if at least one COI included in the COI credential matches at least one COI associated in the existing file system structure
includes assessing user access permission to the existing file and decrypting the content with the COI credential; and

if no COI included in the COI credential matches a COI associated in the existing file, assessing visibility of the existing
file includes returning an indication, to the caller, that the file does not exist;

wherein the COI credential comprises a CIO key, a metadata key, and a file block key.

US Pat. No. 9,262,185

SCRIPTED DYNAMIC DOCUMENT GENERATION USING DYNAMIC DOCUMENT TEMPLATE SCRIPTS

Unisys Corporation, Blue...

1. A computer implemented method, comprising:
executing a dynamic document template having access only to variables in its local namespace and variables passed by an application
through arguments to the dynamic document template, wherein the dynamic document template is physically separate from the
application, in which executing dynamic document template comprises calling the separate dynamic document template scripts
which comprise the dynamic document template from more than one application program, in which calling the dynamic document
template comprises generating an interim script, and in which the method further comprises the step of deleting the interim
script after generating the document;

generating a script from the dynamic document template; and
creating a document based, in part, on the script by executing procedural statements of the script to generate document records,
wherein the document comprises document records without the procedural statements.

US Pat. No. 10,007,429

DATABASE REPLICATION WITH CONTINUE AND TAPE-TYPE-OVERRIDE FUNCTIONS

Unisys Corporation, Blue...

1. A tape-type-override method for replicating backup data, configured to increase compatibility among backup tapes comprising:receiving a tape override command to replicate backup data from a first tape to a second tape, wherein the first tape and the second tape have different tape types;
determining whether the tape override command is a single or double override command;
determining whether the override command is proper;
implementing a replication of backup data from the first tape to a second tape according to the tape override command;
detecting an error in the replication;
marking a restart point in an existing file; and
restarting the replication with a new file.

US Pat. No. 9,916,479

USB DOCK SYSTEM AND METHOD FOR SECURELY CONNECTING A USB DEVICE TO A COMPUTING NETWORK

UNISYS CORPORATION, Blue...

1. A Universal Serial Bus (USB) dock for connecting a USB data storage device to a computing network, the USB dock comprising:
a chassis for coupling the USB dock to the computing network;
at least one panel coupled to the chassis;
at least one USB port coupled to at least one of the panels, wherein the at least one USB port is configured to couple a USB
data storage device to the USB dock, wherein the at least one USB port indicates when a USB data storage device is connected
to the USB port; and

an operating system within the USB dock for booting the USB dock, for creating a table associated with a USB data storage
device connected to the USB port, wherein the table identifies the USB data storage device connected to the USB port and the
USB port to which the USB data storage device is connected, and for initiating an antivirus scan of the USB data storage device
connected to the USB port,

wherein, if the antivirus scan detects a virus on the USB data storage device connected to the USB port, an option of removing
the virus from the USB data storage device connected to the USB port is provided,

wherein, if the detected virus is not removed from the USB data storage device, the USB port to which the USB data storage
device is connected is disabled thereby preventing the virus from entering the computing network,

wherein, if the detected virus is removed from the USB data storage device, the operating system generates a token associated
with the USB port to which the USB data storage device is connected and stores the token in the table, wherein the token allows
for enablement of the USB port to which the USB data storage device is connected, and

wherein, when the token expires, the USB port to which the USB data storage device is connected is disabled thereby preventing
enablement of the USB port to which the USB data storage device is connected.

US Pat. No. 9,396,289

METHOD AND APPARATUS FOR UNRESTRICTED REPORTING OF ALERT STATES FOR MANAGED OBJECTS, REGARDLESS OF TYPE

Unisys Corporation, Blue...

1. A method of identifying a unique object nested within a hierarchy of objects in a computing system, the method, comprising:
identifying the unique object by its class and instance in a syntax readable by the computing system;
identifying at least one parent object by its class and instance in the syntax, further including identifying all parent objects
in the hierarchy of objects; and

defining a relationship between the unique object and the parent object in the syntax, in Which defining a relationship includes
defining all relationships between all parent objects in the hierarchy of objects and the unique object, wherein an alert
can be issued for the unique object regardless of how nested the unique object is within the hierarchy of objects;

issuing an alert for the unique object, wherein all parent objects sharing a relationship with the unique object receive the
alert;

displaying, on a same view in a first pane, the hierarchy of objects and the alert for the unique object;
displaying, on the same view as the hierarchy of objects but separately in a second pane, a display pane which displays the
top level managed objects and any alert within the hierarchy of those objects; and

wherein displaying the alert comprises overlaying a first shape specifying a type of system that corresponds to the unique
object, a second shape specifying an alert state for the unique object based, at least in part, on the issued alert, and a
third shape specifying a network connection state between the unique object and a network to display a single shape that provides
the information specified by the first, second, and third shapes by displaying at least a portion of each of the first, second,
and third shapes within the single shape.

US Pat. No. 9,367,373

AUTOMATIC CONFIGURATION CONSISTENCY CHECK

Unisys Corporation, Blue...

1. A method, comprising:
retrieving, by a server, a plurality of policies for at least one workload group of a host computer system from a data storage
device via a storage controller, wherein the server is coupled to the storage controller, wherein the storage controller is
coupled to the data storage device;

retrieving, by the server, a reference policy for the at least one workload group from the data storage device via the storage
controller, wherein the reference policy specifies that the at least one workload group requires an active policy for certain
times of a week, and wherein the reference policy specifies that the retrieved policies for the at least one workload group
require a goal for the at least one workload group to achieve, and wherein the reference policy specifies that the retrieved
policies for the at least one workload group require a collection of statistics information by the at least one workload group;

verifying, by the server, a consistency of the policies for the at least one workload group with the reference policy by determining
whether the retrieved policies for the at least one workload group specify an active policy for the certain times of the week
identified by the reference policy and whether the retrieved policies for the at least one workload group contain a goal for
the at least one workload group to achieve and whether the retrieved policies for the at least one workload group require
a collection of statistics information by the at least one workload group;

determining, by the server, an inconsistency based on the verifying;
generating, by the server, a recommendation to correct the inconsistency;
providing, by the server, an information to a user interface device over a network, wherein the information comprises an outcome
of the consistency verification and the recommendation, wherein the outcome informs of the inconsistency.

US Pat. No. 9,612,907

POWER EFFICIENT DISTRIBUTION AND EXECUTION OF TASKS UPON HARDWARE FAULT WITH MULTIPLE PROCESSORS

Unisys Corporation, Blue...

1. A method, comprising:
detecting, by a processor, at least one processor, scheduled to execute portions of a queue of realtime tasks and a queue
of non-realtime tasks, has failed of a group of processors spanning at least two platforms coupled by a network;

determining, by the processor, whether the failed processor of the group of processors is local to the processor or whether
the failed processor of the group of processors is coupled through a network to the processor; and

performing, by the processor, a course of action for performing tasks assigned to the failed process based, at least in part,
on whether the failed processor is a local processor or a cloud processor;

detecting, by the processor, that a second processor, scheduled to execute portions of the realtime tasks and non-realtime
tasks, has failed of the group of processors;

scheduling, by the processor after detecting the second failed processor, the realtime tasks on a first other processor of
the group of processor;

executing the realtime tasks on the first other processor using at least one execution strategy selected from a group comprising
using reliability aware power management (RAPM) and using earliest deadline first (EDF) at a maximum frequency of the first
other processor, the execution strategy selected based, at least in part, on a workload of the first other processor;

when executing realtime tasks using reliability aware power management (RAPM), executing the non-realtime tasks in idle intervals
between executing the realtime tasks;

when executing realtime tasks using earliest deadline first (EDF), executing the non-realtime tasks in idle intervals between
executing the realtime tasks.

US Pat. No. 9,542,167

PERFORMANCE MONITORING OF VIRTUALIZED INSTRUCTIONS

Unisys Corporation, Blue...

1. A method of assessing performance of one or more non-native instructions executing on a computing system having a native
instruction set architecture, the one or more non-native instructions incapable of native execution on the computing system,
wherein emulated execution of the one or more non-native instructions simulates execution of a second computing system having
a second native instruction set architecture different from and incompatible with the native instruction set architecture,
the method comprising: during emulated execution of non-native program code including non-native instructions: maintaining
a program flow history in the computing system representing a flow of program execution of the non-native program code, the
program flow history including a jump storage captured from a state of a jump table defined in the non-native instruction
set architecture and including a listing of non-native jump instructions for which execution is emulated in the computing
system; and capturing one or more statistics regarding performance in native execution of the non-native program code on the
computing system; reconstructing an instruction trace based on the program flow history; and correlating the one or more statistics
to the program flow history to determine performance of the computing system in executing one or more non-native instructions
included in segments of the instruction trace between each of the non-native jump instructions.

US Pat. No. 9,824,020

SYSTEMS AND METHODS FOR MEMORY MANAGEMENT IN A DYNAMIC TRANSLATION COMPUTER SYSTEM

Unisys Corporation, Blue...

1. A computer implemented method, the computer having a processor, a block of virtual memory, and physical memory, comprises:
obtaining, by the processor, the block of virtual memory for use in an emulated operating environment from a slab of virtual
memory in a host environment executing the emulated operating environment;

detecting a fill pattern of the block of virtual memory;
maintaining, by the processor, a mapping between the block of virtual memory and the physical memory upon returning the block
of virtual memory to the slab of virtual memory, wherein maintaining the mapping between the block of virtual memory and the
physical memory is based, at least in part, on the fill pattern of the block of virtual memory;

disabling local-timer interrupts;
receiving an inter-processor communication instruction packet, wherein the step of obtaining is initiated after receipt of
the inter-processor communication instruction packet;

checking the inter-processor communication instruction packet for errors; and
re-initializing the mapping between the block of virtual memory and the physical memory based, at least in part, on the fill
pattern of the block of virtual memory.

US Pat. No. 9,819,493

ENHANCED SECURITY FOR MEDIA ENCRYPTION

Unisys Corporation, Blue...

1. A method for secure media encryption in one function call, comprising:
providing an Interface for an application executing in an emulated environment of a host operating system, in which the application
accesses a security module in the host operating system through function calls to the interface;

identifying a type of encryption to be used to compute the encryption of data, wherein identifying the type of encryption
indicates whether a different initialization vector should be generated for each input data to be encrypted;

identifying two or more related function calls, from the application to the security module located outside of the emulated
environment, for secure media encryption, in which the two or more related function calls comprise at least one of:

a function call to randomly generate an initialization vector; a function call to compute an encryption of data; a function
call to format a binary large object (BLOB); and

a function call to write the BLOB to the secure media; combining the two or more related function calls into a single function
call; and

executing the single combined function call from the emulated environment to the security module of the host operating system
located outside of the emulated environment to perform the two or more related function calls.

US Pat. No. 9,465,591

SYNTAX LANGUAGE GENERATOR FOR COMPILER VALIDATION

Unisys Corporation, Blue...

1. A method of validating operation of a compiler, the method comprising:
receiving, by a translation tool, a user-readable syntax description in a text document;
translating, by the translation tool, the user-readable syntax description in the text document into a definition of language
syntax;

receiving the definition of language syntax at an automated source code generator from the translation tool;
generating program code at the automated source code generator based on the received definition of language syntax, wherein
the program code is represented in source code including constructed self-validating code and syntactically-correct automatically
generated code, wherein the constructed self-validating code is programmed to test for validation of correct performance of
the compiler relative to parsing syntax of the received definition of language syntax when the constructed self-validating
code is compiled by the compiler; and

providing the source code to the compiler;
compiling, by the compiler, the source code into object code;
executing the self-validating code as the object code in a computing system such that the computing system outputs an indication
of correctness of compilation of the program code by the compiler in response to receipt of the source code; and

executing the syntactically-correct automatically generated code as the object code in the computing system and testing at
least an operation of the compiler.

US Pat. No. 9,384,020

DOMAIN SCRIPTING LANGUAGE FRAMEWORK FOR SERVICE AND SYSTEM INTEGRATION

Unisys Corporation, Blue...

1. A computer-implemented method of executing an enterprise application, the method comprising:
receiving, by a computer, an external request from a client device for a service provided by a runtime engine of the enterprise
application, wherein the runtime engine runs on the computer;

automatically selecting, by the computer via the runtime engine, a script from a plurality of scripts saved on a database
based on the external request;

referencing, by the computer via the runtime engine, one or more tags stored in a tag library saved on the database that are
called by the selected script, wherein the one or more tags in the tag library define commands of the plurality of scripts
and call one or more granular services of the enterprise application;

loading, by the computer via the runtime engine, the selected script and the one or more tags referenced by the selected script;
and

executing, by the computer via the runtime engine, instructions of the loaded script based on the one or more tags to provide
the service to the client device as requested by the external request, wherein the selected script is updated in the database
after executing instructions of the loaded script.

US Pat. No. 9,294,443

SECURE INTEGRATION OF HYBRID CLOUDS WITH ENTERPRISE NETWORKS

Unisys Corporation, Blue...

1. A system for managing secure integration of a cloud-based computing resource with a private domain, the system comprising:
a hybrid cloud arrangement including a plurality of virtual machines, the plurality of virtual machines including at least
a first virtual machine within the private domain and a second virtual machine within a public cloud;

a virtual data relay within the private domain and associated with the second virtual machine, the virtual data relay comprising:
a private domain interface used to establish a secure communication link according to a first security protocol with each
virtual machine within the private domain that is a member of a community of interest, the virtual data relay assigned a community
of interest key used by the private domain interface and defining the community of interest of which the second virtual machine
is a member; and

a public cloud interface used to establish a secure communication link with the second virtual machine, the public cloud interface
using a second security protocol different from the first security protocol.

US Pat. No. 10,110,683

SYSTEMS AND METHODS FOR MAINTAINING OWNERSHIP OF AND AVOIDING ORPHANING OF COMMUNICATION SESSIONS

Unisys Corporation, Blue...

1. A method for maintaining ownership of sessions by applications, comprising:obtaining, by a processor, a communication session table, wherein the communication session table comprises a data structure with information used to establish and maintain a communication session between network applications;
determining, by the processor, if an activity table exists, wherein an activity table comprises a list of operations scheduled for execution;
creating an activity table when an activity table is determined to not exist;
determining, by the processor, when an activity table is determined to exist, if the session table is linked to the activity table or to another activity table;
linking, by the processor, the session table to the activity table when the activity table is determined to exist, the session table is determined to not already be linked to the activity table, and the session table is referenced by the activity table; and
performing, by the processor, a computer instruction requested by a user on the communication session identified in the session table when the activity table exists and the session table is linked to the activity table,
wherein, when the session table is determined to be linked to the another activity table, the method further comprises:
stopping an un-owned session timer associated with the session table;
removing the link between the session table and the another activity table and
linking the session table to the activity table.

US Pat. No. 9,910,647

FIELD SIZE CALCULATION AND COLOR CODING DISPLAY OPTIONS USABLE IN AN EMULATED INTEGRATED DEVELOPMENT ENVIRONMENT (IDE)

Unisys Corporation, Blue...

1. A method of analyzing code within an integrated development environment, comprising:
receiving a plurality of field size rules for automatically calculating a field size for a code structure;
receiving a plurality of element display rules for categorizing one or more elements in a code structure;
receiving a selection of one or more program variables;
analyzing the selection for completeness;
completing an incomplete selection; and
displaying results based on the field size rules and the element display rules.

US Pat. No. 9,742,816

SYSTEMS AND METHODS OF DISTRIBUTED SILO SIGNALING

Unisys Corporation, Blue...

1. A computer implemented method comprising:
establishing, by a signaling server, a first real-time transport protocol (RTP) session stream between a media server and
a first remote endpoint using a first port;

receiving, by the signaling server from a host server, an initiate operation identifying a destination address of a second
remote endpoint and a first port identification (id);

transmitting, by the signaling server to the second remote endpoint, a command to initiate a call with the second remote endpoint;
transmitting, by the signaling server to the media server, a stop first port command identifying the first port id to stop
the media session with the first remote endpoint;

receiving, by the signaling server from the media server, an acknowledge command indicating the media session stopped;
establishing, by the signaling server, a second RTP session stream between the first remote endpoint and the second remote
endpoint and

receiving, by the signaling server from the second remote endpoint, a bye command indicating the call should end.

US Pat. No. 9,519,795

INTERCONNECT PARTITION BINDING API, ALLOCATION AND MANAGEMENT OF APPLICATION-SPECIFIC PARTITIONS

Unisys Corporation, Blue...

1. A system comprising:
one or more host computing systems implemented at least partially by hardware, each host computing system including at least
one execution core and a system memory;

a plurality of virtual partitions executing on the one or more host computing systems and including
a first virtual partition having at least a portion of the system memory associated with at least one of the one or more host
computing systems and configured to store a database in the first virtual partition, and

a control virtual partition having at least another portion of the system memory associated with the at least one of the one
or more host computing systems and configured to store a master resource database containing all resource assignments for
all of the plurality of virtual partitions;

an interconnect layer communicatively connecting the plurality of virtual partitions, the interconnect layer providing a programming
interface by which direct memory access operations between any of the plurality of plurality of partitions are coordinated;

wherein, in response to database commands received at the first virtual partition, data stored in the database of the first
virtual partition is provided to a requesting virtual partition as a direct memory access operation, wherein the requesting
virtual partition being any of the plurality of partitions;

the plurality of virtual partitions each comprises its own partition monitor that constrains applications running within each
virtual partition to only assigned resources and protects processor-provided resources using memory mapped I/O operations
according to the resource assignments;

the partition monitor within the virtual control partition creates and terminates the partition monitors in all other virtual
partitions and aids processor context switches from one virtual partition to another, wherein the processor context switches
being associated with at least a guest partition state and a privileged state of at least a virtual partition;

the partition monitor of each virtual partition being able to adaptively support features of each of the plurality of virtual
partitions.

US Pat. No. 9,172,685

SYSTEM AND METHOD FOR PROVIDING A SECURE BOOK DEVICE USING CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS SECURE NETWORKS

Unisys Corporation, Blue...

1. A secure communication system interposed between a client device and a plurality of separate networks each physically partitioned
from each other for security purposes, the client device operated by an end-user having a particular security clearance level
for accessing one or more of the separate networks via the client device, the system comprising:
a data splitter, configured to divide data into a portion of data which is Y bits in length, Y numbering at least one, wherein
a portion of data is associated with data content;

an assignment module executing within the secure communications system, configured to assign tags to each portion of data,
each tag containing metadata indicating a traffic path a particular portion of data is to be distributed through and the network
from which the portion of data originated as well as the end-point the portion of data is destined;

a scrambler connected to the plurality of networks, configured to intermix portions of data sent from each of the plurality
of networks and to select different paths for transporting the intermixed portions of data to the client device based on the
tags assigned to the portions of data, each of the different paths being physically and/or logically partitioned from each
other; and

a buffer system configured to send the intermixed portions of data to the client device for reassembly by the client device
according to the security clearance level of the end-user, whereby from the end-user's perspective authorized assets appear
accessible from a single network connection;

wherein the client device is coupled to the secure communications system for transmitting over the plurality of separate networks;
the secure communications system coupled to the plurality of separate networks for transmitting data sent and received from
the client device over the plurality of separate networks.

US Pat. No. 9,836,295

METHOD AND SYSTEM FOR SECURE AUTOMATED DEPLOYMENT OF EMULATED COMPUTER SYSTEM

Unisys Corporation, Blue...

1. A method for deploying an emulated computer system, the method comprising:
providing, by a processor, a download package for installation on a target machine,
wherein the download package includes:
a generic emulated computer system having no unique identity, no model identity, no features, and minimal processing components,
a customer order file based on an order from a customer of the target machine, wherein the customer order file includes a
machine identity, at least one machine capability, and control data, and

at least one enabling key configured to enable the generic emulated computer system on the target machine to implement a specific
emulated computer system, wherein the at least one enabling key is customized based on the order from the customer of the
target machine, and wherein the at least one enabling key includes identity information that restricts the use of the specific
emulated computer system on any computer systems other than the target machine; and

delivering, by the processor, the download package to the target machine for installation of the specific emulated computer
system on the target machine,

wherein the at least one enabling key prevents the unauthorized cloning of the specific emulated computer system onto any
hardware platforms other than the target machine, and

wherein the at least one enabling key prevents the unauthorized use of any hardware other than the hardware of the target
machine.

US Pat. No. 9,823,851

SECURE MIGRATABLE ARCHITECTURE HAVING SECURITY FEATURES

Unisys Corporation, Blue...

1. A computing system comprising: a programmable circuit configured to execute instructions according to a first computing
architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable
circuit, the software including:

an operating system; and
a process including a firmware environment representing a virtual computing system having a second computing architecture
different from the first computing architecture and one or more workloads to be executed within the process, the software
executable to perform a method including:

upon initiating execution of the process, allocating a portion of the memory for use by the process during execution;
and executing the process hosted by the operating system, wherein the firmware environment manages the portion of the memory
using a token associated with one or more area descriptors to describe the portion of the memory and a tag, each of the one
or more area descriptors defining to the firmware environment a base address and an offset at which a buffer memory area is
located, the base address translated to an address in the memory managed by the operating system

wherein the firmware receives a write request from the one or more workloads, translating the request to a specific memory
buffer corresponding to the token, adding an offset to the base address at which the buffer memory area is located, the buffer
memory area being within the portion of memory allocated for use by the process, validate that the tag value associated with
the address is compatible, write the a value of the memory access request at the offset address,

the write value and the offset address is passed to the first computing architecture, wherein the first computing architecture
converts the virtual address to a physical address and writes the value in the memory.

US Pat. No. 9,774,516

TRACE ROUTE COMMAND EXECUTION FROM A VIRTUALIZED ENVIRONMENT

Unisys Corporation, Blue...

1. A method, comprising:
receiving, in a virtualized environment, a user command to execute a trace route in the virtualized environment, wherein the
user command includes a maximum number of hops, a source host address and a destination host address;

building, in the virtualized environment, a trace route command string corresponding to the user command;
transmitting the trace route command string to a network interface for execution in a host environment outside of the virtualized
environment;

executing the trace route command string in the host environment outside of the virtualized environment;
receiving, from the host environment outside of the virtualized environment, results of the trace route command string; and
outputting, in the virtualized environment, the results of the trace route command string, wherein the results of the trace
route command string includes the source host address, the destination host address and the maximum number of hops that are
used to construct a network path between a source host and a destination host.

US Pat. No. 9,720,762

CLEARING BANK DESCRIPTORS FOR REUSE BY A GATE BANK

Unisys Corporation, Blue...

1. A method, comprising:
obtaining, by a processor, information regarding a bank descriptor of a memory system;
determining, by the processor from the information, whether the bank descriptor describes a common bank, the common bank being
previously uninstalled; and

updating, by the processor when the bank descriptor describes the common bank, the bank descriptor without rebooting to no
longer describe the common bank.

US Pat. No. 9,608,960

SYSTEMS AND METHODS OF GEO-LOCATION BASED COMMUNITY OF INTEREST

Unisys Corporation, Blue...

1. A computer implemented method comprising:
storing, by a host server, a plurality of internet protocol (IP) addresses in a host database;
receiving, by the host server, a request to send packets of information to a destination device IP address outside a geo-location
surrounding a source device IP address;

comparing, by the host server, the destination device IP address with the plurality of IP addresses;
when the destination device IP address matches one of the plurality of IP addresses stored in the host database, sending,
by the host server, the destination device IP address to a network connect device to permit the network connect device to
send the destination device IP address the packets of information;

when the destination device IP address does not match one of the plurality of IP addresses stored in the host database, determining,
by the host server, whether the destination device is a preselected device to permit the network connect device to send the
destination device the packets of information; and

when the destination device IP address does not match one of the plurality of IP addresses stored in the host database and
is not the preselected device, blocking, by the host server, the destination device IP address from the network connect device.

US Pat. No. 9,596,077

COMMUNITY OF INTEREST-BASED SECURED COMMUNICATIONS OVER IPSEC

Unisys Corporation, Blue...

1. A method of establishing secure communications between endpoints, the method comprising:
transmitting, by a processor of a first endpoint, from the first endpoint to a second endpoint a first message including a
token, the token including one or more entries, each entry corresponding to a community of interest associated with a user
of the first endpoint and including an encryption key and a validation key associated with the first endpoint and encrypted
with the corresponding community of interest key;

receiving, at the processor of the first endpoint, from the second endpoint a second message, distinct from the first message,
including a second authorization token at the first endpoint, the second authorization token including one or more entries,
each entry corresponding to a community of interest associated with a second user of the second endpoint and including an
encryption key and a validation key associated with the second endpoint and encrypted with corresponding community of interest
key; for each community of interest associated with both the first user and the second user, decrypting an associated entry
in the second authorization token to obtain the encryption key and validation key associated with the second endpoint;

creating, by the processor of the first endpoint, a key pair at the first endpoint and generating a shared secret based on
the key pair;

transmitting by the processor of the first endpoint, a third message, distinct from the first and second messages, including
the created key pair to the second endpoint, thereby allowing the second endpoint to derive the shared secret;

initializing, by the processor of the first endpoint, a tunnel between the first and second endpoints, the tunnel using the
shared secret to derive encryption keys used for IPsec-secured communications between the first and second endpoints.

US Pat. No. 9,332,319

AMALGAMATING MULTIMEDIA TRANSCRIPTS FOR CLOSED CAPTIONING FROM A PLURALITY OF TEXT TO SPEECH CONVERSIONS

Unisys Corporation, Blue...

1. A method of converting speech to text, the method comprising:
analyzing multimedia content using one or more computing devices to determine the presence of dosed captioning data;
upon detecting closed captioning data, causing at least one of the one or more computing devices to begin:
i) indexing the closed captioning data as associated with the multimedia content;
upon failure to detect closed captioning data in the multimedia content causing at least one of the one or more computing
devices to begin:

i) extracting audio data from multimedia content, the audio data including speech data;
ii) performing a plurality of different speech to text conversions on the speech data to create a plurality of transcripts
of the speech data, the plurality of different speech to text conversions include speech to text conversion processes from
different software vendors, wherein at least one of the plurality of transcripts is different from a remainder of the plurality
of transcripts, wherein at least one of the speech to text conversions uses a context-sensitive speech to text dictionary
selected according to the subject matter of the multimedia content;

iii) selecting text from among the plurality of transcripts to form an amalgamated transcript; and
iv) indexing the amalgamated transcript as associated with the multimedia content, wherein indexing the amalgamated transcript
includes storing metadata associating text in the amalgamated transcript to timestamps associated with the multimedia content.

US Pat. No. 9,111,265

STEP IDENTIFIER BASED ON A UNIVERSAL TIMESTAMP

Unisys Corporation, Blue...

1. A method, comprising:
receiving a request to process a transaction on a database;
processing the transaction on the database;
assigning an identification number to the transaction, in which the step of assigning comprises:
obtaining a current universal time, in a coordinated universal time (UTC) format, that does not change with seasonal offsets;
and

obtaining a nine bit unique transaction identification value;
setting the identification number to the current universal time;
shifting off nine bits of the identification number;
appending the unique transaction identification value to the identification number; and
adjusting a first bit of the identification number to indicate a format of the identification number after setting the identification
number to the current universal time.

US Pat. No. 10,044,755

INTEGRATED SECURITY MANAGEMENT

Unisys Corporation, Blue...

1. A system for configuring a plurality of assets located at a single network site, the plurality of assets including at least a first security device operating under a first security policy configuration, and a second security device different from the first security device and operating under a second security policy configuration that is different from the first security policy configuration, the system comprising:a security control server communicatively connected to the first security device and the second security device;
a security control module executable on the security control server to convert one or more security parameters specific to the first security policy configuration and one or more security parameters specific to the second security policy configuration into a single security policy definition file;
a plurality of policy agent modules including at least a first policy agent module associated with the first security device, and a second policy agent module different from the first policy agent module and associated with the second security device, the first policy agent module being located at the security control server or at the network site in association with the first security device and configured to:receive the single security policy definition file from the security control module of the security control server;determine if one or more policy configuration parameters from the single security policy definition file should be deployed to one or more of the assets based on the importance of the asset in a network topology;when it is determined, that one or more the policy configuration parameters from the single security policy definition file should be deployed to the first security device, extract the one or more policy configuration parameters from the single security policy definition file that are applicable to the first security policy configuration and push the applicable policy configuration parameters out to the first security device to update the first security policy configuration;the second policy agent module being located at the security control server or at the network site in association with the second security device and configured to:receive the single security policy definition file from the security control module of the security control server;determine if one or more policy configuration parameters from the single security policy definition file should be deployed to one or more of the assets based on the importance of the asset in a network topology;when it is determined, that a second one or more of the policy configuration parameters from the single security policy definition file should be deployed to the second security device, extract the second one or more policy configuration parameters from the single security policy definition file that are applicable to the second security policy configuration and push the applicable policy configuration parameters out to the second security device to update the second security policy configuration, the second one or more policy configuration parameters being different from the one or more policy configuration parameters extracted by the first policy agent module; anda checking module executable on the security control server to determine that the policy configurations pushed to the first security device and the second security device have or have not appropriately configured the an associated security device from among the first and second security devices as required by the policy definition file, the checking module further executable to send a feedback message to the security control module based on the determination, the feedback message including configuration information of the associated security device, the configuration status of the associated security device, and whether the first and/or second policy agent modules have operated properly to configure the associated security device,wherein the security control module analyzes the feedback message to generate a proposal to improve the single security policy definition file.

US Pat. No. 10,008,132

METHOD AND SYSTEM FOR PROTECTING DATA USING STEGANOGRAPHY

Unisys Corporation, Blue...

1. A steganography method for embedding a data message in a carrier object having a plurality of color channels, the method comprising:providing a secret key;
determining an indicator channel from the plurality of color channels in the carrier object, wherein the indicator channel is the color channel in the carrier object that has a maximum number of different pixel values in the carrier object;
generating a sorted indicator channel value array based on the channel values and the frequency of occurrence of each value of the indicator channel in the carrier object;
for each indicator channel value in the sorted indicator channel value array, iterating through the carrier object to determine the pixel in the carrier object whose indicator channel value is the same as the current indicator channel value in the sorted indicator channel value array;
for pixels in the carrier object whose indicator channel value is the same as the current indicator channel value, and based on the value of a portion of the secret key, embedding a first portion of the data message into a first color channel other than the indicator color channel and embedding a second portion of the data message into a second color channel other than the indicator color channel and other than the first color channel; and
repeating the iterating step and the embedding step until all of the data message is embedded into the carrier object, thereby generating a stego image.

US Pat. No. 9,965,192

SECURE MIGRATABLE ARCHITECTURE HAVING IMPROVED PERFORMANCE FEATURES

Unisys Corporation, Blue...

1. A computing system comprising:a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable circuit, the software including:
an operating system; and
a process including a firmware environment representing a virtual computing system having a second computing architecture different from the first computing architecture and one or more workloads to be executed within the process, the software executable to perform a method including:
allocating a portion of the memory for use by the process;
associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process, wherein each of the area descriptors includes a token defining to the firmware environment a base address at which a corresponding memory area is located, the base address translated to an address in memory managed by the operating system;
receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas, the first memory area defined by a first area descriptor of the area descriptors, the request being associated with a plurality of memory addresses within the first memory area;
in response to the request, performing a check on a tag associated with the first memory area and stored in the area descriptor; and
upon completion of the check, storing the data within the memory area without performing a separate tag check for each of the plurality of memory addresses within the first memory area.

US Pat. No. 9,942,110

VIRTUAL TAPE LIBRARY (VTL) MONITORING SYSTEM

Unisys Corporation, Blue...

1. A computer implemented method utilizing a programmable processor, memory, and a network device, the method, comprising:initiating, by a monitoring system, a secure shell (SSH) connection to a storage manager;
issuing commands, by the monitoring system, through the SSH connection to monitor a storage device coupled to the storage manager;
receiving, by the monitoring system, responses to the issued commands through the SSH connection, wherein the responses include a running process;
matching, by the monitoring system, the responses to automation rules, wherein the automation rules include a time threshold of the running process for triggering an alert; and
executing, by the monitoring system, commands based on the matched automation rules based upon the responses to the issued commands.

US Pat. No. 9,824,208

CLOUD-BASED ACTIVE PASSWORD MANAGER

Unisys Corporation, Blue...

1. A computer-implemented method comprising:
receiving, by a password manager server, an access credential for a website from a host computer, the access credential comprising
a password for logging into the website by a user;

synchronizing cryptographic key information, by the password manager server, between a client device and the password manager
server, wherein the client device comprises non-transitory machine-readable storage media storing a unique seed value; and

at a predetermined time frequency, generating, by the password manager server, a new password replacing the password of the
access credential for logging into the website by the user based on at least the unique seed value stored on the client device
and a time-date stamp stored on the password manager server comprising time and date of when the password that is being replaced
was generated, wherein the new password generated by the password manager server is different from each previous password
for the website based on use of the time and date of previous password as an input for generating the new password, wherein
the password manager server is configured to generate the new password for logging into the website each time the user generates
a request to log into the website, and wherein the generated new password is never stored in a database associated with the
password manager server for further use by the user.

US Pat. No. 9,760,408

DISTRIBUTED I/O OPERATIONS PERFORMED IN A CONTINUOUS COMPUTING FABRIC ENVIRONMENT

Unisys Corporation, Blue...

1. A method of managing input/output operations of a first computing system at a second computing system, the method comprising:
receiving an input/output control block at a distributed input/output processor separate from a first computing system, the
input/output control block built by the first computing system in response to initiation of an input/output operation at the
first computing system;

enqueueing a first input/output operation at the distributed input/output processor;
processing, by the distributed input/output processor, the first input/output operation from memory of the first computing
system;

returning results from the distributed input/output processor to the first computing system,
encapsulating, by an input/output processor of the first computing system, information required to complete the input/output
operation;

transmitting a request including the encapsulated information to the distributed input/output processor;
enqueueing the request for execution by a second computing system including the distributed input/output processor; and
performing a second input/output operation at the second computing system according to the request by the distributed input/output
processor.

US Pat. No. 9,672,058

REDUCED SERVICE PARTITION VIRTUALIZATION SYSTEM AND METHOD

Unisys Corporation, Blue...

1. A virtualization system for a host computing device having at least one host processor and system resources including memory
divided into most privileged system memory and less privileged user memory, the system comprising:
a virtualization boot application that operates in the less privileged user memory and divides the host computing device into
a resource management partition, at least one virtual service partition and at least one virtual guest partition, the at least
one virtual guest partition providing a virtualization environment for at least one guest operating system, the virtual service
partition providing a virtualization environment for the basic operations of the virtualization system, and the resource management
partition maintaining a resource database for use in managing the use of the at least one host processor and the system resources;

an ultravisor partition that operates in the most privileged system memory to create and destroy at least one monitor instance
and to provide services to the at least one monitor instances during context switches of partitions;

at least one monitor instances and maintains guest applications in the at least one virtual guest partition within memory
space allocated by the virtual service partition to the at least one virtual guest partition; and

a context switch between the at least one monitor and the respective virtual guest partitions and the virtual service partition
for controlling multitask processing in the partitions on the at least one host processor, during a context switch, the ultravisor
partition and the at least one monitor instance save a current virtual guest partition state in a virtual processor structure,
save a current privilege state in virtual processor structure, and invokes a ultravisor monitor switch service;

wherein the host computing device includes Unified Extensible Firmware Interface (UEFI) firmware, and wherein the virtualization
boot application is embedded in the UEFI firmware of the host computing device;

wherein the ultravisor monitor switch service loads the privileged state of the target partition monitor and switches to the
target partition monitor, which then restores the remainder of the virtual guest partition state; and

wherein the virtual service partitions comprises a command partition, an Input/Output partition, and a diagnostic partition
and is stored within the UEFI firmware of the host computing device.

US Pat. No. 9,582,676

ADDING OR REPLACING DISKS WITH RE-KEY PROCESSING

Unisys Corporation, Blue...

1. A method, comprising:
receiving a command, at a first storage device, to clone a second storage device, wherein the first storage device and second
storage device are storage devices in a multiple storage device network presented as a virtual disk;

copying data from the second storage device to the first storage device, which comprises reconstructing cryptographically
split data from the second storage device;

re-keying the first storage device by changing an encryption key of the first storage device to an encryption key matching
an encryption key of the second storage device; and

establishing, by the first storage device, secure communications with the encryption key;
wherein the data copied to the first storage device from the second storage device is provided to a client device through
the virtual disk.

US Pat. No. 9,524,491

MASTER NAVIGATION CONTROLLER FOR A WEB-BASED CONFERENCE COLLABORATION TOOL

Unisys Corporation, Blue...

1. A computer implemented method of generating a navigation interface for a conference collaboration tool, the method comprising:
determining, by a server, a type of a client device requesting a page view associated with a conference and a dynamic content
associated with the conference from the server, in response to receiving from the client device a request requesting from
a database storing a record of the conference, the record containing the page view and the dynamic content;

determining, by the server, an authorization level of a user interacting with the client device in response to evaluation
of user credentials stored in the database;

retrieving, by the server, a plurality of services associated with the conference identified in the record of the conference;
formatting, by the server, a navigation table that contains interactive links to the plurality of services according to the
record of the conference and based on the type of the client device and the authorization level of the user interacting with
the client device, wherein the record of the conference contains one or more page views associated with one or more types
of client devices;

determining, by the server, whether a navigation bar and a menu button are to be displayed on the client device concurrently
with the navigation table according to the type of client device, Wherein the navigation bar comprises the menu button;

determining, by the server, whether a service page view is to be displayed with the navigation table on a screen of the client
device according to the type of the client device, wherein the service page view is an area of the screen for displaying the
dynamic content associated with one of the services, links to the services, or interactive buttons for interacting with a
service of the services depending on which of the services is being displayed by the service page view: and

formatting, by the server, the service page view positioned next to the navigation table on the screen of the client device
according to the type of the client device if the server determines that the service page view is to be displayed, wherein
the type of the client device is selected from the group consisting of: a desktop computer, a laptop computer, a smartphone
device, and a tablet computing device.

US Pat. No. 9,349,119

MASTER VIEW CONTROLLER FOR A WEB-BASED CONFERENCE COMPANION TOOL

Unisys Corporation, Blue...

1. A computer implemented method of generating a page view of a conference collaboration tool, the method comprising:
receiving, by a server, a request from a client device for a page view and a dynamic content associated with a record of a
conference stored in a database in preparation to the conference or updated during the conference, the database configured
to store one or more records of one or more conferences, wherein the record comprises the page view and the dynamic content:

determining, by the server, a type of the client device requesting the page view and the dynamic content;
retrieving, by the server, from the record stored in the database, the page view and the dynamic content associated with the
record of the conference based on the request from the client device; and

formatting, by the server, the page view and the dynamic content according to the type of client device, wherein the server
formats the page view and the dynamic content according to the type of the client device after the client device requests
the page view and the dynamic content from the server;

sending, by the server, the formatted page view and the dynamic content to a page rendering service configured to send an
HTTP response to the client device.

US Pat. No. 9,215,227

SYSTEMS AND METHODS FOR NETWORK COMMUNICATIONS

Unisys Corporation, Blue...

1. A computer program product, comprising a non-transitory computer usable medium having a computer readable program code
embodied therein, the computer readable program code adapted to be executed to implement a method for network communication,
the method comprising:
providing a first system, wherein the first system comprises distinct software modules, and wherein the distinct software
modules comprise a user application module, a network sockets-style application programming interface module, a connectivity
services module, and a transport protocol module, wherein the user application module and the network sockets-style application
programming interface module communicate with each other directly;

generating, by the user application module, data to be sent over a network link based on at least one process performed by
the user application module or information entered by a user,

sending, by the network application programming interface module, a request to open the communication link to the connectivity
services module;

determining, by the connectivity services module of the first system, a transport protocol that will be used to transmit data
over a network communication link;

sending, by the connectivity services module of the first system, a request to open the network communication link to the
transport module in response to a request by the user application module;

negotiating, by the connectivity services module of the first system or a connectivity services modules of a second system,
connection services to be performed on data that will be transmitted over the network communication link with a connectivity
services module of a second system;

receiving, by the connectivity services of the first system, a request for credentials of the first system for sending to
the connectivity services module of the second system to verify that the credentials match an authenticated computer;

opening, by the connectivity services module of the first system, a network connection between the first system and the second
system when the first system's credentials have been verified by the connectivity services module of the second system; and

transmitting, by the transport protocol module and the connectivity services module of the first system, the data to the second
system according to the determining network protocol and negotiated connection services.

US Pat. No. 10,007,807

SIMULTANEOUS STATE-BASED CRYPTOGRAPHIC SPLITTING IN A SECURE STORAGE APPLIANCE

Unisys Corporation, Blue...

1. A method of managing input/output (I/O) requests in a secure storage appliance, the method including:receiving a plurality of I/O requests at the secure storage appliance, each I/O request associated with a primary block of data and a volume, each volume associated with a plurality of primary data blocks, the volume being mapped to a specific subset of a plurality of physical storage devices, and the volume including a metadata store, wherein the plurality of I/O requests are thereby processed concurrently;
storing a plurality of primary blocks of data in buffers of the secure storage appliance, each of the primary blocks of data associated with one or more of the plurality of I/O requests, wherein at least one of the buffers is a direct buffer;
associating a state with each of the primary blocks of data, the state selected from a plurality of states associated with processing of an I/O request;
determining an availability of a resource in the secure storage appliance, the resource used to process an I/O request of a buffer; and
upon determining that the resource is available, applying the resource to a primary block of data in the buffer and updating the state associated with the primary block of data;
wherein the volume is presented as a single virtual disk to clients;
wherein the resource includes a parser driver configured to perform a cryptographic splitting operation on the primary block of data to generate a plurality of secondary data blocks;
wherein the metadata store includes share and key information defining volumes, virtual disks and client access rights, to either process or reroute requests assigned to the failed device;
wherein after cryptographically splitting the primary block of data into the plurality of secondary data blocks, each secondary data block is encrypted with a different session key, each secondary data block is included in a stripe of dataset;
wherein each stripe of dataset further includes a share label, the share label is in plain text; and
wherein each stripe of data further includes a signature identifying physical device that the stripe is stored, each stripe of data includes a header information, each stripe of data includes a virtual disk information, the signature, the header information, and the virtual disk information are encrypted with a same community of interest key.

US Pat. No. 9,912,663

ENABLING SECURE NETWORK MOBILE DEVICE COMMUNICATIONS

Unisys Corporation, Blue...

1. A method of enabling communication between a mobile device and one or more secure endpoints included within a secured network,
the method comprising:
receiving user credentials from the mobile device at a virtual data relay (VDR) broker within a gateway;
allocating a virtual data relay (VDR) at the gateway;
retrieving a wrapping key associated with the VDR;
transmitting a tuples request to an authentication server from the VDR broker, the tuples request including the user credentials;
receiving from the authentication server, one or more communities of interest (COIs) wrapped with the wrapping key associated
with the VDR, the one or more COIs based on the user credentials; and

providing configuration information to the VDR.

US Pat. No. 9,819,658

VIRTUAL GATEWAYS FOR ISOLATING VIRTUAL MACHINES

Unisys Corporation, Blue...

1. A method, comprising:
receiving, by a virtual gateway separating a plurality of virtual machines into an enclave separate from a plurality of other
enclaves, a message destined for a target virtual machine of the plurality of virtual machines in the enclave;

identifying, by the virtual gateway, a community-of-interest corresponding to the target virtual machine;
encrypting, by the virtual gateway, the message with a key assigned to the identified community-of-interest;
transmitting the encrypted message to the target virtual machine;
receiving, at the virtual gateway, a request for a dynamic license from the virtual machine; and
transmitting, by the virtual gateway, the request for a dynamic license to a license server.

US Pat. No. 9,794,225

SECURE NETWORK COMMUNICATIONS IN A MOBILE DEVICE OVER IPSEC

Unisys Corporation, Blue...

1. A method of communicating with secure endpoints included within a secured network from a mobile device external to the
secured network, the method comprising:
initiating a virtual private network (VPN) based secure connection to a VPN appliance;
initializing a stealth-based service on the mobile device;
transmitting user credential information from the mobile device to a virtual data relay (VDR) broker via the VPN appliance;
receiving status information from the VDR broker identifying a VDR associated with the mobile device and providing a connected
status; and

communicating with one or more secure endpoints within the secured network via a VPN connection to the VDR via the VPN appliance
and through the VDR to the one or more secure endpoints within a community of interest based on user credential information
transmitted to the VDR broker.

US Pat. No. 9,727,612

HANDLING OF ANALYTIC QUERIES

Unisys Corporation, Blue...

1. A method for evaluating analytic queries comprising disjunctive Boolean expressions, comprising:
receiving, with a processor, an analytic query comprising a first disjunctive Boolean expression;
transforming, with the processor, the analytic query to obtain a transformed analytic query comprising at least one nondisjunctive
Boolean expression and at least a second disjunctive Boolean expression; and

evaluating, with the processor, the transformed analytic query, wherein complete evaluation of the at least one nondisjunctive
Boolean expressions and the at least a second disjunctive Boolean expressions yields the same results as evaluation of the
first disjunctive Boolean expression,

wherein evaluation of the at least one nondisjunctive Boolean expression comprises retrieving and processing of a single data
table referenced by the first disjunctive Boolean expression of the analytic query, and wherein no processing is performed
on the data table when the data table does not satisfy a criteria of the nondisjunctive Boolean expression.

US Pat. No. 9,716,589

SECURED COMMUNICATIONS ARRANGEMENT APPLYING INTERNET PROTOCOL SECURITY

Unisys Corporation, Blue...

1. An endpoint comprising a computing system, the computing system including:
a user level services component;
an input/output control (IOCTL) interface;
a kernel level callout driver interfaced to the user level services component via the IOCTL interface and configured to establish
an IPsec tunnel with a remote endpoint;

a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel;
and

a second kernel level driver interfaced to the user level services component via the IOCTL interface and residing between
the kernel level callout driver and a network interface of the endpoint, the second kernel level driver configured to establish
a secure tunnel using a second security protocol different from IPsec;

wherein the IPsec tunnel and secure tunnel are selectably established based on an addressing scheme of a network to which
the endpoint is connected, the second kernel level driver configured to pass packets exchanged via the IPsec tunnel to the
kernel level callout driver; and

wherein a user is associated with a community of interest, and wherein the user level services component manages storage of
one or more community of interest keys including a key assigned to the community of interest associated with the user; and

wherein one or more community of interest keys are provided to the endpoint via the secure tunnel.

US Pat. No. 9,684,545

DISTRIBUTED AND CONTINUOUS COMPUTING IN A FABRIC ENVIRONMENT

Unisys Corporation, Blue...

1. A continuous computing system comprising:
a plurality of communicatively interconnected computing systems; a workload including a plurality of tasks executing on a
first computing system of the plurality of communicatively interconnected computing systems;

a task management system executing on at least one of the plurality of communicatively interconnected computing systems, the
task management component configured to encapsulate a task of the plurality of tasks with a current system state of the first
computing system, wherein encapsulating the task includes associating metadata defining an association between the task and
resources of the first computing system;

wherein the task management system is configured to transfer the encapsulated task to a second computing system among the
plurality of communicatively interconnected computing systems for execution, the metadata used to associate the task with
resources of a second computing system;

wherein the first computing system has a first architecture and the second computing system has a second architecture different
from but compatible with the first architecture; and

wherein the metadata defines an association between the first architecture and the second architecture.

US Pat. No. 9,667,573

IDENTIFICATION OF AUTOMATION CANDIDATES USING AUTOMATION DEGREE OF IMPLEMENTATION METRICS

Unisys Corporation, Blue...

1. A method, comprising:
receiving, by a message system, a plurality of messages relating to events occurring on a host system;
determining, by the message system for each message of the plurality of messages, whether each message evokes an automated
response;

determining, by the message system for the messages determined to not evoke an automated response, duplication within the
non-automated messages;

transmitting, by the message system, the duplicated messages to an automation analyzer, wherein the automation analyzer is
configured to analyze a potential of automating the duplicated messages; and

classifying, by the message system, the messages determined to not evoke an automated response into one or more impact groups,
where at least one of the one or more impact groups includes critical non-automated messages.

US Pat. No. 9,582,381

MULTI-THREADED SERVER CONTROL AUTOMATION FOR DISASTER RECOVERY

Unisys Corporation, Blue...

1. A method, comprising:
initiating a disaster recovery sequence on two or more processors, wherein the disaster recovery sequence comprises a plurality
of subsequences;

implementing the disaster recovery sequence on the two or more processors in parallel, wherein one or more subsequences of
the disaster recovery sequence are implemented on the two or more processors in parallel;

performing a first subsequence for stopping a partition;
performing a second subsequence for deactivating a partition;
performing a third subsequence for activating a partition;
performing a fourth subsequence for starting a partition;
performing a fifth subsequence for booting a partition; and
implementing a subsequence for mounting boot tapes in parallel using an automated virtual tape library; and
implementing a subsequence for splitting Site Remote Data Facility volumes in parallel;
wherein the step of implementing the disaster recovery sequence comprises repurposing at least one server partition from a
first configuration to a second configuration upon completion of the disaster recovery sequence; and

wherein one or more subsequences are combined to create a combined subsequence that is implemented on the two or more processors
in parallel.

US Pat. No. 9,571,455

REMOTE CREDENTIAL MANAGEMENT FOR HYBRID CLOUDS WITH ENTERPRISE NETWORKS

Unisys Corporation, Blue...

1. A method of initializing a virtual machine within a secure hybrid cloud, the method comprising:
transmitting service mode credentials to a cloud broker from a cloud-based virtual machine;
receiving a service mode community of interest key from a credentialing service based on the service mode credentials;
establishing a secure service mode connection based on the service mode community of interest key;
receiving role VPN credentials at the cloud-based virtual machine;
establishing a secure role connection to the cloud broker using the role VPN credentials, thereby providing, in response to
the role VPN credentials, a role VPN community of interest key to a virtual data relay dedicated to the cloud-based virtual
machine;

receiving role cloud credentials at the cloud-based virtual machine; and
establishing secure communications at the cloud-based virtual machine based on the role cloud credentials, including receiving
a role cloud community of interest key at the cloud-based virtual machine used for secure communication among the cloud-based
virtual machine and other cloud-based virtual machines within a common community of interest with the cloud-based virtual
machine.

US Pat. No. 9,529,610

UPDATING COMPILED NATIVE INSTRUCTION PATHS

Unisys Corporation, Blue...

1. A method for updating compiled native instruction paths, comprising:
interpreting a non-native instruction to generate an instruction code;
compiling the instruction code to generate a native instruction corresponding to the non-native instruction;
detecting a modification to the instruction code;
invalidating a native code fragment associated with the instruction code upon detecting the modification to the instruction
code;

reinterpreting the non-native instruction to regenerate the instruction code and generate an updated instruction code; and
replacing a branch address pointed to by the modified instruction code to cause reinterpretation of the non-native instruction
to regenerate the instruction code upon identifying that the modified instruction code is scheduled to be subsequently executed,
wherein reinterpretation and regeneration occurs prior to subsequently executing the instruction code.

US Pat. No. 9,215,280

SYSTEMS AND METHODS FOR DOWNLOADING MULTIPLE FILES

Unisys Corporation, Blue...

1. A system for allowing a user to download multiple files a network-based productivity information management platform, the
system comprising:
a network-based productivity information management platform server comprising a processor and a memory, wherein the processor
is coupled to the memory, wherein the memory stores a set of instructions to execute on the processor, wherein the set of
instructions is instructive to implement:

a detection module configured to detect a binary choice selection of at least one item from a document library by a user,
wherein the at least one item includes at least one of a file or a folder;

a download button configured to switch from being inactive for pressing to being active for the pressing based on the detection
module detecting the selection of the at least one item;

a packaging module configured to package the at least one item as a compressed file based on the pressing of the download
button by the user after the download button is activated; and

a downloading module configured to facilitate downloading of the compressed file.

US Pat. No. 10,146,695

SYSTEM AND METHOD FOR IMPLEMENTING AN EFFICIENT LARGE SYSTEM PAGE INVALIDATION

UNISYS CORPORATION, Blue...

1. A method, comprising steps:receiving, at a processor, a first head link for a page invalidation chain, the page invalidation chain including a plurality of page invalidation tables (PITs);
receiving, at the processor, a second head link for an active real page table (RPT) chain, the active RPT chain including a plurality of RPTs;
accessing, by the processor, a PIT, wherein the PIT includes a first data structure and a second data structure, the first data structure further including a plurality of absolute addresses corresponding to one or more RPTs, and the second data structure further including a processor mask, wherein the
processor mask is configured such that the processor is aware of page invalidation statuses of other processors;
invalidating, by the processor, the plurality of RPTs, whereas the one or more RPTs are invalidated simultaneously in a batch; and
releasing, by the processor, the plurality of RPTs to a free RPT chain, the free RPT chain includes a plurality of released RPTs.

US Pat. No. 10,083,086

SYSTEMS AND METHODS FOR AUTOMATICALLY RESUMING COMMISSIONING OF A PARTITION IMAGE AFTER A HALT IN THE COMMISSIONING PROCESS

Unisys Corporation, Blue...

6. An apparatus, comprising:a memory; and
a processor coupled to the memory, wherein the processor is further configured to perform the steps of:
initiating a commissioning process of a partition image, wherein commissioning of the partition image comprises execution, by the computing system, of a sequence of steps specified by a commissioning process;
updating metadata associated with the commissioning process of the partition image after each successfully executed step of the commissioning process;
identifying a halt in the commissioning process;
resuming after the halt has been identified, the commissioning process from the last successfully executed step of the commissioning process stored in the metadata during the most recent update of the meta data;
restarting the commissioning process from the beginning of the commissioning process when settings of the computing system have changed and the changes to the settings of the computing system prevent resumption of the commissioning process; and
updating the metadata with the changes to the computing system and resuming the commissioning process from the last successfully executed step of the commissioning process when the settings of the computing system have changed and the changes to the settings of the computing system do not prevent resumption of the commissioning process from the last successfully executed step of the commissioning process.

US Pat. No. 9,912,750

DATA PATH SELECTION FOR NETWORK TRANSFER USING HIGH SPEED RDMA OR NON-RDMA DATA PATHS

Unisys Corporation, Blue...

1. A computer implemented method for determining and configuring a data path used to transport network data transfers within
a computing system, the computing system, having an emulated environment having an emulated program, a non-emulated environment,
a network interface, memory, and a processor, the method comprising:
assigning a port internet protocol (IP) address to a network port utilizing an internet protocol network connection used by
the non-emulated interface;

assigning an RDMA IP address to an RDMA interface;
receiving, at a non-emulated interface, a network transfer request from the emulated program executed in the emulated environment
to a particular IP address;

determining using the port IP address, by the non-emulated interface, that the network transfer request should be handled
within the non-emulated environment by a remote direct memory access (RDMA) transfer;

attempting to transfer network traffic packets related to the network transfer request within the non-emulated environment
using RDMA when the network transfer request is determined using the IP address to be handled by a RDMA transfer;

determining using the IP address, by the non-emulated interface, that the network transfer request should be handled within
the non-emulated environment by an internet protocol (IP) network transfer; and

attempting to transfer network traffic packets related to the network transfer request within the non-emulated environment
using the IP network transfer when the network transfer request is determined to be handled by the IP network transfer;

wherein the IP addresses assigned to network connections and the RDMA IP addresses are maintained within the non-emulated
environment using a connection table.

US Pat. No. 9,817,580

SECURE MIGRATABLE ARCHITECTURE HAVING IMPROVED PERFORMANCE FEATURES

Unisys Corporation, Blue...

1. A computing system comprising:
a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable
circuit, the software including:

an operating system; and
a process including a firmware environment representing a virtual computing system having a second computing architecture
different from the first computing architecture and one or more workloads to be executed within the process,

the software executable to perform a method including:
allocating a portion of the memory for use by the process;
associating area descriptors with each of a plurality of memory areas within the portion of the memory used by the process;
receiving a request within the firmware environment to store data within a first memory area of the plurality of memory areas,
the first memory area defined by a first area descriptor, including a common tag value associated with all memory locations
within the first memory area, the request being associated with a plurality of memory addresses within the first memory area;

in response to the request, performing a check on a tag associated with the first memory area and stored in the area descriptor;
and

upon completion of the check, storing the data within the memory area without performing a separate tag check for each of
the plurality of memory addresses within the first memory area;

wherein each of the area descriptors includes a token defining to the firmware environment a base address at which the corresponding
memory area is located, the base address translated to an address in the memory managed by the operating system.

US Pat. No. 9,817,968

SECURE CONNECTION FOR A REMOTE DEVICE THROUGH A MOBILE APPLICATION

Unisys Corporation, Blue...

1. A method, comprising:
initiating, by a remote device, a secure connection to a router executing in a virtual machine of a server;
transmitting, through the secure connection, data to the router designated for a host and/or appliance on a shared network
with the router;

routing the transmitted data from the router to a virtual device relay on the shared network; and
forwarding the routed data from the virtual device relay to the designated host and/or appliance only when the designated
host and/or appliance has the same administrator-assigned community-of-interest as the virtual device relay.

US Pat. No. 9,760,291

SECURE MIGRATABLE ARCHITECTURE HAVING HIGH AVAILABILITY

Unisys Corporation, Blue...

1. A system comprising:
a computing system including:
a programmable circuit configured to execute instructions according to a first computing architecture;
a memory communicatively connected to the programmable circuit, the memory storing software executable by the programmable
circuit, the software including:

a first process including a firmware environment representing a virtual computing system having a second computing architecture
different from the first computing architecture and one or more workloads to be executed within the process,

the software executable to perform a method including:
initializing, by an operating system executing natively on the computing system, execution of the first process by the programmable
circuit;

allocating a portion of the memory for use by the first process, the portion of memory including a plurality of memory segments;
generating a plurality of area descriptors associated with the plurality of memory segments, each of the area descriptors
defining a location and length of a corresponding memory segment and used by the virtual computing system to access the portion
of the memory for execution of the one or more workloads;

quiescing execution of the first process;
capturing contents of the portion of memory and the plurality of area descriptors associated with the quiesced first process;
and

transferring a binary including the quiesced first process and the state of the portion of memory associated with the quiesced
first process to a second location.

US Pat. No. 9,716,703

SYSTEMS AND METHODS OF GEO-LOCATION BASED COMMUNITY OF INTEREST

Unisys Corporation, Blue...

1. A computer implemented method comprising:
transmitting, by a host server to a router, a request to access a destination device with a pre-determined zone from a zone-based
authentication mechanism (ZAM) application for an electronic device;

transmitting, by the host server to the router, the geo-location of the IP address of the electronic device;
when the ZAM application for the electronic device has not been activated for the destination device and the geo-location
of the IP address of the electronic device is outside the zone of the destination device, receiving, by the host server from
the router, an authentication request for the ZAM application of the electronic device;

when the ZAM application for the electronic device has been activated for the destination device and the geo-location of the
IP address of the electronic device is outside the zone of the destination device, receiving, by the host server from the
router, an authentication request for the ZAM application of the electronic device;

when the ZAM application for the electronic device has not been activated for the destination device and the geo-location
of the IP address of the electronic device is within the zone of the destination device, receiving, by the host server from
the router, an authentication request for the ZAM application of the electronic device; and

when the ZAM application for the electronic device has been activated for the destination device and the geo-location of the
IP address of the electronic device is within the zone of the destination device, receiving, by the host server from the router,
an acknowledgement command for the ZAM application of the electronic device to allow the destination device to communicate
with the ZAM application of the electronic device.

US Pat. No. 9,588,787

RUNTIME VIRTUAL PROCESS CREATION FOR LOAD SHARING

Unisys Corporation, Blue...

1. A method of managing execution of a process in a virtual environment, the method comprising:
creating a virtual process based on a snapshot of a process hosted on a first virtual machine of a host platform;
transferring the virtual process from the first virtual machine to a second virtual machine; and
after resumed execution of the virtual process complete at the second virtual machine, receiving synchronized data from the
second virtual machine at the first virtual machine.

US Pat. No. 9,524,178

DEFINING AN INSTRUCTION PATH TO BE COMPILED BY A JUST-IN-TIME (JIT) COMPILER

Unisys Corporation, Blue...

1. A method for defining an instruction path to be compiled by a just-in-time compiler, comprising:
interpreting a first non-native instruction to generate a first instruction code;
creating a shadow memory having at least one entry, wherein the at least one entry includes one partition for storing a pointer
and a plurality of partitions for storing instruction codes;

identifying a plurality of instruction codes reachable by the first instruction code;
updating the pointer to associate the first instruction code and the identified plurality of instruction codes;
assigning a first group of instruction codes to the at least one entry of the shadow memory, wherein the first group of instruction
codes include the pointer and the identified plurality of instruction codes;

compiling the first group of instruction codes to generate a native instruction path; and
identifying a second instruction code from the plurality of instruction codes that satisfy a criteria for terminating an instruction
code path, wherein no instruction code in the plurality of instruction codes branched to after the second instruction code
is assigned to the first group of instructions.

US Pat. No. 9,825,764

ENHANCED SECURITY FOR MEDIA DECRYPTION

Unisys Corporation, Blue...

1. A method for secure media decryption in one function call, comprising:
providing an interface for an application executing in an emulated environment of a host operating system, in which the application
accesses a security module in the host operating system through function calls to the interface;

identifying two or more related function calls, from the application to the module located outside of the emulated environment,
for secure media decryption, in which the two or more related function calls comprise at least one of:

a function call to verify an encryption cipher used to encrypt data;
a function call to verify a hash associated with the encryption of the data; a function call to obtain the encrypted data,
a tag value associated with the encryption of the data, and an initialization vector; and
a function call to decrypt the data using a decryption cipher;
combining the two or more related function calls into a single function call from the emulated environment; and
reading the encrypted data from media prior to identifying two or more related function calls;
receiving an error, at the application, if the tag value associated with the encryption of the data indicates an authentication
failure;

executing the single combined function call to the module of the host operating system located outside of the emulated environment
to perform the two or more related function calls.

US Pat. No. 9,633,498

SYSTEMS AND METHODS FOR AN AUTOMATED ENTRY SYSTEM

Unisys Corporation, Blue...

11. An access control system for controlling access at a facility site, the system comprising:
a camera capturing an image of a license plate of a vehicle approaching an access control point (ACP) of a facility site and
transmitting the image of the license plate to an ACP server associated with the ACP;

an iris scanner capturing a scan of one or more individuals in the vehicle approaching the access control point and transmitting
the scan to the ACP server;

a cache memory storing a record from the ACP server associated with the license plate to be matched to the one or more individuals
based on the scan;

a site database of one more databases logically residing in a hierarchical architecture storing records of one or more enrolled
entrants authorized to enter the facility site and associated with a license plate, wherein each enrolled entrant is uniquely
identified by a scan of each individual's iris; and

the ACP server searching the site database to retrieve a matching record associated with the license plate, wherein when the
retrieved record of the license plate is not found in the site database, the ACP server searches the remaining databases of
the one more databases that are at a higher-hierarchical level of the site databases for records matching the license plate
for one or more deny access records of the license plate indicating an identified problem for granting access to the vehicle,
and

wherein the ACP server automatically authorizes entry to the approaching vehicle responsive to matching the scan of the iris
of each individual in the vehicle with the unique iris of an enrolled entrant and matching the license plate of the vehicle
with the license plate associated with the enrolled entrant; and

where the ACP server denies access for the vehicle responsive to determining that the one or more retrieved deny access records
indicate problems have been identified.

US Pat. No. 10,296,749

SECURE CLOUD DRIVE

Unisys Corporation, Blue...

1. A secure cloud drive (SCD), which is a portable device, comprising:a processor configured to establish operating functions of the SCD;
a computer-readable medium including a setup volume and a storage volume, the setup volume being configured to store information that is decrypted, and the storage volume being configured to store information that is encrypted, wherein the setup volume includes:
instructions that direct the processor to establish at least one local authentication process in response to an access request to decrypt the information of the storage volume, the at least one local authentication process having a selectable level of authentication that is selected from among a plurality of different available levels of authentication including a first level and a second level;
instructions that direct the processor, in response to the access request, to initiate communications with a remote status report service via a network to check a current security status of the SCD, the status report service being physically separated from the SCD, wherein the current security status was stored prior to the check in a second computer readable medium at the remote status report service; and
instructions that take security action if the security status reflects a security alert, wherein the security action includes increasing the selectable level of authentication for the local authentication process from the first level to the second level based on the current security status of the SCD;
a communications interface to transmit information stored in the computer-readable medium to a host or a user.

US Pat. No. 10,242,052

RELATIONAL DATABASE TREE ENGINE IMPLEMENTING MAP-REDUCE QUERY HANDLING

Unisys Corporation, Blue...

1. A method of processing a database query, the method comprising:receiving a SQL database query at a database query handling server managing access to a database;
parsing, by the database query handling server, the SQL database query to identify one or more tables and columns identified by the SQL database query;
determining, by the database query handling server, a query plan based on the parsed database query; and
at a database engine running on the database query handling server, based on the query plan, and the identified tables and columns:
identifying, by the database query handling server, a set of data nodes implicated by the database and the identified one or more tables and columns,
determining, by the database query handling server, based on the identifying, a set of map-reduce operations and levels at which each of the set of map-reduce operations are to execute; and
passing, by the database query handling server, the query plan, the set of data nodes, and the map-reduce operations to a map-reduce query execution framework running on the database query handling server,
wherein the set of map-reduce operations correspond to an atomic set of operations that are performed at a data block level,
wherein the map-reduce query execution framework is configured to distribute each of the map-reduced operations of the parsed query to one or more data nodes communicatively connected to the database query handling server by referencing IP addresses of the one or more data nodes having relevant data, and to receive data from the one or more data nodes in response to at least one of the map-reduced operations,
wherein during map-reduced operations each data node of the one or more data nodes access different blocks of the data without sitting idle permitting each of the one or more data nodes to execute at a same time,
wherein the database engine and the map-reduce query execution framework are part of one component running on the database query handling server; and
wherein the one or more data nodes comprise a plurality of data nodes having a plurality of tables and indices distributed thereamong.

US Pat. No. 10,153,992

IDENTIFICATION OF PROGRESS TOWARDS COMPLETE MESSAGE SYSTEM INTEGRATION USING AUTOMATION DEGREE OF IMPLEMENTATION METRICS

UNISYS CORPORATION, Blue...

1. A method, comprising:receiving, by a message system executed by a processor, a plurality of messages relating to events occurring on a host system;
classifying, by the message system, each of the plurality of messages into one of three message groups comprising a critical automated messages group, a critical non-automated messages group, and a non-critical messages group, wherein the three message groups classified are stored in a first data storage;
determining, by the message system, progress towards complete message system automation by analyzing one or more of the three message groups, wherein the plurality of messages within the three message groups are analyzed using at least one of a Correlation Analysis, a Monte-Carlo simulation, a Factor Analysis, a Mean Square Weighted Deviation (MSWD), a Regression Analysis, and a Time Series Analysis, analyzed results of the one or more of the three message groups are stored in a consolidated data storage independent from the first data storage, such that the message system has the capability to directly refer back to the consolidated data storage to obtain analyzed results without accessing the first data storage; and
automating, by the message system, non-automated messages, based, at least in part, on the classified messages.

US Pat. No. 10,057,370

TEAM PROCESSING USING DYNAMIC LICENSES

UNISYS CORPORATION, Blue...

1. A method, comprising:initializing, by a device with an assigned team identifier, communication on a network;
searching, by the device, for at least one other team device on the network with the shared team identifier;
assuming control, by the device, as the team's control device if the device has the highest assigned priority, wherein the control device is configured to be the only device within the team that communicates with a client, the control device is configured not to provide any dynamic license itself, the control device is further configured to:
receive, at a team address, at least one message from the client, in which the at least one message includes a request for a dynamic license, wherein the dynamic license allows a number of requested licenses to be adjusted by the client,
parse the at least one message received from the client,
assign a team device, using the team device's device address, to provide the dynamic license, and
pass on the dynamic license provided by the team device;
wherein the team identifier comprises a team identifier portion and an intra team identifier portion; the team identifier portion being utilized to identify devices that are members of a same team, and the intra-team identifier portion being utilized to identify itself separate from other device in the team.

US Pat. No. 10,510,081

CARGO AIR WAYBILL AUDIT

Unisys Corporation, Blue...

1. A computer implemented method, comprising:receiving, by a cargo revenue accounting system, at least one audit transaction associated with a plurality of air waybills, wherein the cargo revenue accounting system includes a pattern analyzer and at least one database;
determining, by the pattern analyzer, one or more patterns related to the at least one audit transaction and a plurality of previously-stored audit transactions associated with the plurality of air waybills;
generating, by the pattern analyzer, one or more pattern-derived rules associated with the one or more patterns related to the at least one audit transaction and the plurality of previously stored audit transactions, wherein the pattern-derived rules comprise at least one of a generated rule and a corresponding action or transaction; and
storing, by the cargo revenue accounting system, the one or more pattern-derived rules associated with the pattern in the database;wherein determining the pattern comprises:analyzing, by the pattern analyzer, the one or more patterns using an algorithm or an analytical tool; and
applying, by the pattern analyzer, an anomaly detection scheme to the at least one audit transaction to filter out anomalies.

US Pat. No. 10,248,442

AUTOMATED PROVISIONING OF VIRTUAL MACHINES

Unisys Corporation, Blue...

1. A computer-implemented method for automatically provisioning virtual machines within a programmable processing system, the method comprising:detecting when processing demand within the programmable processing system exceeds a predefined capacity limit;
starting a virtual machine when processing demand exceeded the predefined capacity limit;
assigning at least one community-of-interest to the virtual machine when the processing demand on the virtual machine is detected to have exceeded the predefined capacity limit, wherein the virtual machine and other virtual machines within the community-of-interest form an enclave; and
configuring the virtual machine for communications with a virtual gateway in the community-of-interest, wherein a client communicates with virtual machines of the enclave through the virtual gateway;
wherein all virtual machines within the enclave communicate with each other through a common bus, the common bus is encrypted with a key of the community-of-interest;
wherein the virtual gateway decrypts a communication when communicating with the client; and
wherein the community-of-interest being defined by a role played by the virtual machine in the community of interest and by capabilities of the virtual machine.

US Pat. No. 10,509,686

DISTRIBUTABLE COMPUTATIONAL UNITS IN A CONTINUOUS COMPUTING FABRIC ENVIRONMENT

Unisys Corporation, Blue...

16. A system comprising:a computing system including at least one physical processing core and a memory subsystem communicatively connected to the at least one physical processing core, the at least one physical processing core having a native computing architecture and configured to execute native computer instructions;
a distributed computational unit received from a remote system having a non-native computing architecture, the distributed computational unit stored in the memory subsystem, the distributed computational unit including:
a distributable procedure defined by a plurality of non-native instructions, the distributable procedure including executable instructions capable of execution independent of underlying operating system or platform resources of the remote system and configured for execution on an architecture of the remote system, the distributable procedure being fewer than all of the procedures included in a workload of a remote system and executing less than the entire workload of the remote system, wherein the distributable procedure is self-contained and memory- and processor-bound;
data indicative of a memory state of the remote system;
an application configured to natively execute operations on the at least one physical processing core of the computing system and which, when executed by the at least one processing core, emulates execution of the distributable procedure to produce an updated memory state and to return the updated memory state to the remote system;
wherein the remote system includes a remote processor that is configured to execute the workload without having executed the at least one distributable procedure.

US Pat. No. 10,423,603

SYSTEMS AND METHODS FOR IMPLEMENTING A MULTI-HOST RECORD LOCK MECHANISM

Unisys Corporation, Blue...

1. A method comprising:determining, by a processor, whether a program check condition exists;
determining, by the processor, whether a lock descriptor of a lock in a file lock table satisfies an unlocking condition;
releasing, by the processor, the lock by setting the lock descriptor's host identifier as zero;
determining, by the processor, whether any lock in the file lock table satisfies a lock conflict condition, wherein the lock conflict condition comprises one or more of a specific value for lock descriptor's host identifier, more than one locks satisfy the unlocking condition, and an overlap in addressed segments;
determining, by the processor, whether the file lock table has an available lock descriptor; and
creating, by the processor, a new lock using the lock descriptor that satisfies the locking condition by:
setting, by the processor, the lock descriptor's last file relative segment as specified in a lock-unlock command;
setting, by the processor, the lock descriptor's host identifier as specified in the lock-unlock command; and
setting, by the processor, the lock descriptor's lock data command identification as specified in the lock-unlock command.

US Pat. No. 10,146,832

PREFETCHING FOR COMPUTING AIRLINE ROUTES

UNISYS CORPORATION, Blue...

1. A method, comprising:receiving, at a routings engine from an airline reservation system, a request for first airline routes between an origin and a destination based on specified route parameters;
storing, by the routings engine, the request in a historical record of requests;
fetching, by the routings engine, first airline routes matching the origin, the destination, and the specified route parameters; and
pre-fetching, by the routings engine, second airline routes based, at least in part, on the historical record of requests, by:
computing a weighted arithmetic mean for a day of the historical record of requests;
determining an idle time of the routings engine during which a load of the routings engine is below a mean between the total weighted arithmetic mean and a lowest load, and
pre-fetching during the determined idle time of the routings engine.

US Pat. No. 10,425,395

SINGLE SIGN ON SYSTEM FOR SECURE NETWORKS

Unisys Corporation, Blue...

1. A method of single sign-on technology, comprising:receiving, by a processor of a server, a first network connection request and a user identity certificate from a client for client authentication, wherein the first network connection request is initiated by the client through a first emulated environment;
verifying, by the processor, receipt of a user identity certificate associated with the first network connection request over which a server session request arrived;
receiving, by the processor, the server session request using a certificate-based authentication;
verifying, by the processor, that the user identity certificate corresponds to a registered user previously saved on the server;
initiating a secure connection between the client and the server based, at least in part, on the user identity certificate;
receiving, by the processor, a second network connection request from the client, wherein the second network connection request is sent to the processor through the secure connection, the second network connection request is initiated by the client using a second emulated environment, the second network request does not include the user identity certificate; and
granting, by the processor, the second network connection between the server and the second emulated environment by verifying that a user identifier associated with the second network connection matches the user identity certificate previously saved.

US Pat. No. 10,404,462

SYSTEMS AND METHODS FOR DOCUMENT AUTHENTICITY VALIDATION BY ENCRYPTING AND DECRYPTING A QR CODE

Unisys Corporation, Blue...

1. A processor-implemented method of reviewing and verifying documents having managed distribution, the method comprising:capturing, by a mobile device, a glyph located on a document under scrutiny, wherein a correspondence between the scrutinized document and an issued document issued by an entity is to be verified, and the glyph was previously generated based on only a portion of the issued document;
converting, by the mobile device, the glyph to a machine-readable message using an algorithm associated with a type of the glyph, wherein the message was previously encrypted by a processor with a private key of the issuing entity from an image file that had been converted to a black-and-white version of the portion of the issued document, the processor having determined whether it was necessary to compress the black-and-white version of the portion to a reduced number of bits for the glyph prior to encryption with the private key, and the private key cannot be used to decrypt the message by the mobile device; and decrypting, by the mobile device, the message using a public key of an encryption algorithm used by the issuing entity to encrypt the portion of the issued document corresponding to the scrutinized document.

US Pat. No. 10,348,831

METHOD AND SYSTEM FOR CONTAINERIZED INTERNET OF THINGS (IOT) DEVICES

UNISYS CORPORATION, Blue...

1. A method for processing Internet of Things (IoT) device sensor data, comprising:receiving by a computing platform IoT device sensor data;
receiving by the computing platform at least one container image script, wherein the at least one container image script includes a pointer to a record relevant to process the IoT device sensor data, the at least one container image script includes parameters needed for operation of at least one container;
loading into the computing platform the at least one container, based on the at least one container image script received by the computing platform;
processing at least a portion of the IoT device sensor data within the at least one container to generate processed IoT device data;
transmitting from the computing platform at least a portion of the processed IoT device data; and
removing the at least one container from the computing platform in response to at least a portion of the processed IoT device data being transmitted from the computing platform.

US Pat. No. 10,108,479

DEVICE EXPECTED STATE MONITORING AND REMEDIATION

Unisys Corporation, Blue...

1. A method, comprising:monitoring, by a processor, an operating state for each of a plurality of data storage devices;
identifying, by the processor, one or more of the plurality of data storage devices for which the operating state is different than an expected operating state for each of the plurality of data storage devices;
correcting, by the processor, the operating state for each of the one or more of the plurality of data storage devices for which the operating state is different than the expected operating state; wherein the correcting comprises setting the operating state to the expected operating state for a corrected data storage device;
receiving, by the processor, a request from an operator to change the operating state for the one or more of the plurality of data storage devices;
notifying, by the processor, the operator that the operating state requested is incorrect for the one or more of the plurality of data storage devices for which the operating state is different than the expected operating state, wherein the notification is configured such that the operator must acknowledge the notification before the operating state is changed; and
in which the operating state for each of the plurality of data storage devices comprises one of an Up state, a Down state, a Reserved state, or a Suspended state, wherein any of the plurality of data storage devices in the Reserved state operates only when a disaster recovery event occurs.

US Pat. No. 10,638,298

PUBLIC EVENT DETECTION PLATFORM

Unisys Corporation, Blue...

1. A method of determining public events, the method comprising:receiving data from a plurality of heterogeneous data feeds each having a native format;
generating a plurality of event data objects based on the received data from the plurality of heterogeneous data feeds, each of the plurality of data objects including at least a human readable message, an event time, and an event location;
parsing the at least one human readable message of each of the plurality of event data objects into keywords;
for each event data object:
determining a probability that the keywords classify the event data object as one or more of a set of predetermined tags;
assigning one or more of the set of predetermined tags to the event data object based on the determined probability; and
assigning a sentiment to the event data object based on a valence score determined by a comparison of the keywords and a predetermined set of sentiment words;
grouping each of the plurality of event data objects into at least one public event based on the assigned tags, the event time of each of the plurality of event data objects, the event location of each of the plurality of event data objects, and the sentiment of each of the event data objects;
filtering the at least one public event based on a filter score;
clustering the plurality of event data objects grouped within the at least one public event based on at least the sentiment, the event location, and the event time of each of the plurality of event data objects grouped within the at least one public event;
determining the density of the clustered event data objects; and
determining the validity of the at least one public event by comparing the determined density to a predetermined threshold density.

US Pat. No. 10,503,360

SYSTEM AND METHOD FOR ADAPTIVE CONTROL AND ANNOTATION INTERFACE

Unisys Corporation, Blue...

1. A computer-implemented method for modifying a graphical user interface, the method comprising:identifying, by a computer, a data input field based on coordinates of pixels associated with a location of a cursor on the graphical user interface;
determining, by the computer, one or more user options associated with the identified data input field;
displaying, by the computer, a context-sensitive menu comprising the one or more user options positioned circumferentially around a point of origin located proximate to the cursor, the one or more user options being based on contextual information relevant to the identified data input field, the context-sensitive menu being rendered to encircle the identified data input field in a manner permitting contents of the identified data input field to be viewable with the graphical user interface;
receiving, by the computer, parametric data comprising vector data indicative of a displacement angle and displacement distance of the cursor with respect to the point of origin;
determining, by the computer, whether one of the displayed user options was selected by a user, the determination based on the vector data; and
based on determining that one of the displayed user options was selected by the user, executing, by the computer, the selected user option to modify, by the computer, the identified data input field encircled by the context-sensitive menu in accordance with the displayed user option selected by the user.

US Pat. No. 10,454,881

SYSTEMS AND METHODS FOR CONFIGURING AN IPV4 PROCESS WITHOUT ASSOCIATING THE IPV4 PROCESS WITH AN IP LOOPBACK ADDRESS

Unisys Corporation, Blue...

1. A method for configuring a process that uses IPv4 communication, comprising:receiving, by a processor, a message to configure the IPv4 process, the message including a configuration parameter, wherein the configuration parameter is set, indicating that one or more default IP loopback addresses are to be used as IP loopback addresses to associate with the IPv4 process, or the configuration parameter is not set, indicating that one or more default IP loopback addresses are not to be used as IP loopback addresses to associate with the IPv4 process;
determining, by the processor, whether the configuration parameter associated with the received message is set or not set;
in response to determining that the configuration parameter is not set, completing, by the processor, the configuration of the IPv4 process without associating an IP loopback address with the IPv4 process;
in response to determining that the configuration parameter is set, determining, by the processor, whether the one or more default IP loopback addresses exist in a memory; and
in response to determining that the one or more default IP loopback addresses exist in the memory when the configuration parameter is set, associating, by the processor, an IP loopback address of the one or more default IP loopback addresses existing in the memory with the IPv4 process.

US Pat. No. 10,454,931

SECURE REMOTE ACCESS FOR SECURED ENTERPRISE COMMUNICATIONS

UNISYS CORPORATION, Blue...

1. A computer-implemented method of securing communications with an enterprise, the method comprising:initiating a first secured connection between a remote computing device and a VPN appliance associated with an enterprise using service credentials maintained in a secure applet installed on the remote computing device;
initiating communication with the authentication server within an enterprise via the first secured connection;
providing user credentials from the secure applet to the authentication server;
receiving specific credentials from the authentication server based on the user credentials, the specific credentials providing access to one or more computing devices within the enterprise that are within a community of interest accessible by the user, the community of interest including the one or more computing devices and the remote computing device, and obfuscating to the user and the remote computing device one or more other computing systems within the enterprise excluded from the community of interest;
terminating the first secured connection with the VPN appliance;
after terminating the first secured connection, initiating a second secured connection between the remote computing device and the VPN appliance using the specific credentials from the authentication server, the specific credentials including a one-time password used for establishing the second secured connection;
wherein the second secured connection enables communication between the remote computing device and the one or more computing devices within the community of interest via a virtual data relay (vDR) that manages access to the community of interest on behalf of the remote computing device.

US Pat. No. 10,419,388

METHOD AND SYSTEM FOR DARK MATTER SCANNING

Unisys Corporation, Blue...

1. A method for scanning a computing system network for dark matter, wherein dark matter includes one or more unknown, unmanaged, unauthorized or non-standard computing systems or devices, wherein the computing system network includes at least one network computing system having a scanning agent coupled thereto, the method comprising:establishing a secure and encrypted communication link between a master server and at least one target scanning agent, wherein the at least one target scanning agent is located in the computing system network according to the geographic area of and the proximity to segments of the network computing system that are to be scanned for dark matter;
creating a scanning job for the target scanning agent;
building a scanning job command based on the scanning job;
sending the scanning job command to the target scanning agent, wherein the target scanning agent performs a dark matter scan on at least one segment of the network computing system based on the scanning job command, and wherein the secure and encrypted communication link between the master server and the at least one target scanning agent allows the master server to be unknown to the segment of the network computing system on which the dark matter scan is being performed despite machine-to-machine communications between the master server and the at least one target scanning agent;
receiving scanning job results from the target agent;
parsing through the received scanning job results for identifying information of hosts in the network computing system detected during the scanning job, wherein the parsing includes parsing through the scanning job results to determine a device type and a device operating system of all hosts in the network computing system detected during the scanning job;
determining which detected hosts are known hosts and which detected hosts are unknown hosts based on the identifying information; and
comparing the identifying information of the unknown hosts to reference identifying information to determine which of the unknown hosts are dark matter.

US Pat. No. 10,359,998

RUNSTREAM GENERATOR

Unisys Corporation, Blue...

1. A method to simplify creation of an executable file, comprising:receiving, at a processor, a plurality of programs, at least some of the received plurality of programs being coded in different programming languages, wherein each of the plurality of programs performs at least one function;
parsing, by the processor, the plurality of programs and identifying the different programming languages used in the plurality of programs;
linking, by the processor, the plurality of programs, including the programs coded in different programming languages, wherein the linking is done, at least partially, by:
identifying whether each of the plurality of programs is a main program or a subprogram; and
extracting input and/or output information from the plurality of programs; and
generating, by the processor, control statements configured to create the executable file, the executable file being configured to perform the functions performed by the plurality of programs, including the programs coded in different programming languages, the executable file being independently executable and including a .exe file extension.

US Pat. No. 10,296,503

SYSTEM AND METHOD FOR EFFICIENT DATABASE TRANSACTIONS

Unisys Corporation, Blue...

1. A computer implemented method of processing a transaction from a remote client device with a database stored within a database server containing data stored in a raw storage format, the database server having a processor, computer-readable storage medium maintaining database management software, and a storage device for maintaining the database, the method comprising the steps of:receiving a request from the remote client device to access the database stored within the database server;
generating at least one statement based on the request, the at least one statement comprising a command for execution by the database server;
receiving client data related to the transaction from an in-memory record created by and stored on the remote client device, the in-memory record storing the client data in the raw storage format of the database such that the client data received is in the raw storage format of the database; and
executing by the database server the at least one statement using the client data as received.

US Pat. No. 10,296,867

PRICE QUOTING OF ALLOTMENTS BASED UPON SELECT CATEGORIES IN A LOGISTICS MANAGEMENT SYSTEM (LMS)

Unisys Corporation, Blue...

1. A method for improving functionalities of a logistics management system (LMS), comprising:receiving, at a server of the LMS, a reservation request from a requestor for an allotment on an air carrier's cargo hold for a designated route and date range;
setting, by the server, an allotment reservation parameter, wherein the allotment reservation parameter instructs the server to generate a real-time dynamic hurdle rate based on a real-time air carrier capacity availability acquired by the server from the air carrier through the internet, wherein the LMS includes a first data storage and a consolidated data storage, the first data storage and the consolidated data storage include modules interfacing with the internet, the server accesses the real-time air carrier capacity availability from the first data storage, the server stores the real-time dynamic hurdle rate to the consolidated data storage, and wherein in response to the reservation request, the server further generates an additional at least one dynamic hurdle rate corresponding to additional routes besides the designated route, for the date range;
assigning, by the server, an allotment category for the requested allotment based at least in part on the allotment reservation parameter;
generating, by the server, an allotment rate for the requested allotment based, at least in part, upon the designated route, the allotment reservation parameter, and the allotment category, the real-time dynamic hurdle rate, and the real-time air carrier capacity availability; and
communicating, from the server to the requestor, the generated allotment rate.

US Pat. No. 10,635,499

MULTIFUNCTION OPTION VIRTUALIZATION FOR SINGLE ROOT I/O VIRTUALIZATION

Unisys Corporation, Blue...

1. A method of allocating virtual functions associated with physical functions of input/output (I/O) interface devices of a computing device, the method comprising:instantiating at least one physical function with an I/O interface device within an interconnect partition of a multi-partition virtualization system implemented at least in part on the computing device, the interconnect partition being managed by a first partition monitor;
instantiating a plurality of virtual functions within a guest partition of the multi-partition virtualization system, the guest partition being managed by a second partition monitor different from the first partition monitor, each of the plurality of virtual functions associated with a physical function via a mapping between the plurality of virtual functions and physical functions in a configuration file; and
assigning a bus identifier, a device identifier, and a function identifier to each of the plurality of virtual functions within the guest partition, the plurality of virtual functions including a first virtual function associated with a first bus identifier and a first device identifier and a second virtual function associated with the first bus identifier and the first device identifier;
wherein correspondence between each of the plurality of virtual functions and the physical function is managed via the configuration file independently of the bus identifier, the device identifier, and the function identifier of each of the plurality of virtual functions.

US Pat. No. 10,635,653

SYSTEMS AND METHODS FOR IMPLEMENTING A MULTI-HOST RECORD LOCK DEADLOCK FEEDBACK MECHANISM

Unisys Corporation, Blue...

1. A method, comprising:retrieving, by a processor, a first entry from a global wait list as a current waiting lock;
decreasing, by the processor, a deadlock timer of the current waiting lock;
determining, by the processor, whether the deadlock timer has reached a limit;
adding, by the processor, the current waiting lock to a deadlock victim selection list, if the deadlock timer has reached a limit;
selecting, by the processor, a victim from the deadlock victim selection list;
constructing, by the processor, a deadlock report identifying at least one process involved in a current deadlock, the deadlock report including a delayed response message (DRM) corresponding to the victim and including deadlock occurrence information indicative of a cause of the deadlock; and
deleting, by the processor, the victim from the global wait list.

US Pat. No. 10,599,458

FABRIC COMPUTING SYSTEM HAVING AN EMBEDDED SOFTWARE DEFINED NETWORK

Unisys Corporation, Blue...

1. A Forward Fabric system for coupling to a data center platform, the Forward Fabric system comprising:a processor;
a memory coupled to the processor;
a plurality of nodes, wherein each node includes at least one of one or more applications, operating systems, virtual machines, and hypervisor applications running thereon;
an interconnect backplane coupled between the plurality of nodes;
a Forward Fabric Manager (FFM) coupled to the plurality of nodes via the interconnect backplane for controlling and managing the Forward Fabric system; and
a physical router switch coupled to the Forward Fabric manager and coupled to the plurality of nodes,
wherein the Forward Fabric manager creates at least one secure partition (s-Par) application executing within at least one of the plurality of nodes,
wherein at least one of the plurality of nodes having a secure partition (s-Par) application executing therein also includes a software defined network (SDN) controller executing therein for receiving configuration information and providing at least one secure and non-stop Forward Fabric endpoint on the Forward Fabric system for connecting with at least one endpoint on the data center platform,
wherein at least one of the plurality of nodes having a secure partition (s-Par) application executing therein also includes an interconnect service partition for accepting and interpreting at least one configuration command from the SDN controller and for implementing a configuration based on the configuration command,
wherein at least one of the plurality of nodes having a secure partition (s-Par) application executing therein also includes a router switch component for performing at least one switching function within the Forward Fabric system,
wherein at least one of the plurality of nodes is coupled to the data center platform via at least one SDN controller, and
wherein the at least one SDN controller allows the plurality of nodes to communicate with the data center platform without any network cards and without any host bus adapters.

US Pat. No. 10,592,434

HYPERVISOR-ENFORCED SELF ENCRYPTING MEMORY IN COMPUTING FABRIC

Unisys Corporation, Blue...

1. A method of securing memory within a computing fabric, the method comprising:allocating memory of one or more host computing systems in the computing fabric to a virtual partition, the virtual partition included among a plurality of virtual partitions within a virtualization system, the computing fabric including a hypervisor installed on the one or more host computing platforms and managing interactions among the plurality of virtual partitions;
defining an address range associated with the memory allocated to the virtual partition, wherein the address range includes one or more memory pages included in an extended page table;
receiving a memory operation including an address within the address range from an application executing within a second virtual partition included among the plurality of virtual partitions within the virtualization system, the second virtual partition being different from the virtual partition;
based on the memory operation including an address within the address range, issuing, by the hypervisor, an indication that the memory operation is occurring at an encrypted memory location, wherein the indication that the memory operation is occurring at an encrypted memory location is triggered by an extended page fault violation;
performing the memory operation; and
performing, via the hypervisor, an encryption operation on data associated with the memory operation.

US Pat. No. 10,498,624

SYSTEMS AND METHODS FOR ADAPTIVE ROUTER FAILOVER IN LINUX-BASED COMPUTING SYSTEMS

Unisys Corporation, Blue...

1. A method for adaptive router failover in Linux-based computing systems, comprising:configuring, by a processor of a Linux-based computing system, the Linux-based computing system to have access to at least a first router and a second router, via a switch;
transmitting, by the processor, one or more data packets from the Linux-based computing system to another computing system via the switch and only the first router, wherein the second router is not used to transmit the one or more data packets while the first router is used to transmit the one or more data packets from the Linux-based computing system to the another computing system;
identifying, by the processor, a failure in the first router by a ping-like operation between the Linux-based computing system and the first router;
in response to identification of the failure in the first router, automatically switching, by the processor, use of the first router and second router, via the switch, by the Linux-based computing system; and
transmitting, by the processor, one or more data packets from the Linux-based computing system to the another computing system via the switch and only the second router after switching the use of the first router and second router by the Linux-based computing system, wherein the first router is not used to transmit the one or more data packets while the second router is used to transmit the one or more data packets from the Linux-based computing system to the another computing system.

US Pat. No. 10,459,769

ELASTIC CONTAINER MANAGEMENT SYSTEM

Unisys Corporation, Blue...

1. A method comprising:determining that a quantity of resources on a first host being utilized by one or more containers on the first host is greater than a predetermined utilization quantity;
determining that there are insufficient unutilized resources on the first host to satisfy the resource utilization of the one or more containers;
responsive to obtaining an approval:
imaging a respective container to form a corresponding image;
copying the image to a second host having sufficient unutilized resources to satisfy the resource utilization of the respective container, wherein the second host is different from the first host; and
starting the image on the second host; and
distributing requests for the respective container on the first host between the respective container and the started image on the second host.

US Pat. No. 10,454,890

NEGOTIATION OF SECURITY PROTOCOLS AND PROTOCOL ATTRIBUTES IN SECURE COMMUNICATIONS ENVIRONMENT

Unisys Corporation, Blue...

1. A method of communicatively connecting first and second computing system endpoints, the method comprising:transmitting, from a first computing system endpoint, to a second computing system endpoint a connection request that includes an IP address of the second computing system endpoint, the connection request including an encryption key, in which the second computing system endpoint is a member of a community of interest, each member of the community of interest is a client of the first computing system endpoint;
receiving, at the first computing system endpoint, from the second computing system endpoint a responding request that includes a validation key, wherein the validation key matches with the encryption key authenticating the second computing system endpoint, the validation key being common among the members of the community of interest;
based at least in part on the IP address of the second computing system endpoint, selecting by the first computing system endpoint, an IPsec security protocol from among a plurality of security protocols concurrently available at the first computing system endpoint to first attempt to use in forming a tunnel between the first and second computing system endpoints; and
forming the tunnel between the first and second computing system endpoints based on the connection request.

US Pat. No. 10,447,501

SYSTEMS AND METHODS FOR ESTABLISHING A VLAN ON A COMPUTING SYSTEM IRRESPECTIVE OF THE COMPUTER NETWORKING TECHNOLOGY UTILIZED BY THE COMPUTING SYSTEM

Unisys Corporation, Blue...

1. A method for establishing a virtual local area network (VLAN) or a subinterface on a computing system using a single configuration statement, comprising:modifying, by a computing system, a configuration statement that configures a network interface controller (NIC) coupled to the computing system to include a new field which indicates if a VLAN should be created on the NIC port;
processing the received configuration statement to determine if a VLAN should be created on the NIC port;
determining if the NIC port is part of an Ethernet computer network or an InfiniBand computer network;
creating, by the computing system, a VLAN on an Ethernet computer network based on the received configuration statement when the processing of the received configuration statement indicates that a VLAN should be created and the NIC port is determined to be part of an Ethernet computer network, or a subinterface on an InfiniBand computer network based on the received configuration statement that includes the new field when the processing of the received configuration statement indicates that a VLAN should be created and the NIC port is determined to be part of an InfiniBand computer network;
processing the received configuration statement to determine if the new field was defined or left undefined;
determining if a shared object that makes socket calls on behalf of the computing system is capable of processing the new field; and
outputting a notice that VLAN information provided in the new field will not be used to create a VLAN or a subinterface when the new field is determined to be defined and the shared object is determined to not be capable of processing the new field.

US Pat. No. 10,423,591

MODEL FILE GENERATOR

Unisys Corporation, Blue...

1. A method, comprising:reading, by a processor, an input model file, the input model file including N number of input components comprising a first plurality of database attributes;
extracting, by the processor, the input components from the input model file;
generating, by the processor, M number of output components comprising a second plurality of database attributes, using the input components;
storing, by the processor, a first output model file including the M number of output components, the first output model file being configured to operate in a first database management endpoint application;
generating, by the processor, P number of output components comprising a third plurality of database attributes, using the input components; and
storing, by the processor, a second output model file including the P number of output components, the second output model file being configured to operate in a second database management endpoint application separate from the first endpoint application,
wherein M is larger than N, and P is larger than N.

US Pat. No. 10,417,428

METHODS AND SYSTEMS FOR PROVIDING AND CONTROLLING CRYPTOGRAPHIC SECURE COMMUNICATIONS TERMINAL PROVIDING A REMOTE DESKTOP ACCESSIBLE IN SECURED AND UNSECURED ENVIRONMENTS

Unisys Corporation, Blue...

1. A method for operating a remote desktop client from a computing system hosting a secure boot device, the method comprising:initiating execution of an operating system from the computing system hosting the secure boot device, the computing system communicatively connected within a secure enterprise network, the computing system being untrusted within the secure enterprise network;
receiving authentication credentials from the user;
based on verification of the received authentication credentials, booting, from the secure boot device, the operating system;
establishing a secure communication tunnel with a service appliance;
receiving, from the service appliance, via the secure communication tunnel, a destination address of a secure gateway device connected to the enterprise network and community of interest keys and filters based on the authenticated credentials; and
establishing a cleartext communication channel with the secure gateway device, thereby allowing communication between the computing system and one or more trusted endpoints within the secure enterprise network.

US Pat. No. 10,652,280

USER INTERFACE FEATURES FOR ENTERPRISE SECURITY MANAGEMENT

Unisys Corporation, Blue...

1. A system for defining a security configuration for an enterprise network, the system comprising:an enterprise security management configuration server comprising a processor and a memory, the enterprise security management configuration server hosting an enterprise security management configuration tool from the memory that, when executed from the enterprise security management configuration server, causes the enterprise security management configuration server to perform:
displaying a configuration user interface including an enterprise topology region and a tool palette, the enterprise topology region being configured to display a logical interconnection view of a plurality of nodes included within an enterprise network, and the tool palette being configured to display a plurality of tools useable to modify groupings or settings associated with the plurality of nodes;
wherein the enterprise topology region is configured to display at least one profile icon representing a profile including a plurality of affinitized nodes and at least one solution icon representing a plurality of intercommunicating profiles without requiring display of each of the affinitized nodes in the profile individually, the affinitized nodes being automatically grouped into the profile based on similarity of network concordance data among the plurality of nodes to present a simplified illustration of the enterprise topology, the network concordance data comprising network traffic data regarding identities and interactions of the plurality of nodes included within the enterprise network.

US Pat. No. 10,649,766

DYNAMIC REPLACEMENT OF SOFTWARE COMPONENTS

Unisys Corporation, Blue...

1. A method, comprising:receiving, by a processor of a vestibule bank, an installation manager call for replacement of a component;
routing, by the processor, the installation manager call from the vestibule bank to the component;
draining, by the processor, one or more first user calls from a first queue of the component, and diverting the one or more first user calls to a replacement component via a private gate separate from the vestibule bank;
queueing, by the processor, in a second queue different from the first queue, one or more second user calls for the component while the one or more first user calls are being drained from the component; and
routing, by the processor, the one or more second user calls in the second queue to the replacement component via the private gate upon completion of draining the one or more first user calls from the component;
wherein the vestibule bank provides a transition point into a protected subsystem, and comprises a collection of software units that collectively serve as a transition point into a protected system by routing incoming user calls including the one or more first user calls and the one or more second user calls to the component and routing subsequent user calls to the replacement component.

US Pat. No. 10,649,851

EXTRACTION OF AUDIT TRAILS

Unisys Corporation, Blue...

1. A machine-based method for reading activity log information from a computer readable medium data, the method comprising:receiving, at a processor, a first timestamp;
determining, at the processor, a start-point for extracting information from the computer readable medium according to the first timestamp;
extracting the information, by the processor, from the computer readable medium starting at the start-point;
receiving, at the processor, a second timestamp;
determining, by the processor, whether an end-point of the information from the computer readable medium has been reached, wherein the end-point of the information is determined according to the second timestamp;
writing, by the processor, the information extracted to a second computer-readable medium; and
formatting, by the processor, the information extracted to conform with format requirements of an endpoint application.

US Pat. No. 9,525,666

METHODS AND SYSTEMS FOR MANAGING CONCURRENT UNSECURED AND CRYPTOGRAPHICALLY SECURE COMMUNICATIONS ACROSS UNSECURED NETWORKS

Unisys Corporation, Blue...

1. An endpoint comprising:
a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication
interface configured to send and receive data packets via a data communications network;

a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access
list defining a group of access permissions for a community of interest, wherein the community of interest includes one or
more users, and wherein an access list from among the one or more access lists defines a set of clear text access permissions
associated with a community of interest; and

a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send
and receive data packets via the data communications network, the driver configured to selectively split and encrypt a data
packet into a plurality of data packets based at least in part upon the contents of the one or more access lists, the driver
further configured to effectuate transmission of the split and encrypted data packet through transmission of the plurality
data packets;

wherein the driver encrypts the data packets using a community-of-interest specific encryption key associated with the community
of interest as identified upon the access list.