US Pat. No. 10,250,797

THIN MULTI-APERTURE IMAGING SYSTEM WITH AUTO-FOCUS AND METHODS FOR USING SAME

Corephotonics Ltd., Tel ...

1. A dual-aperture digital camera, comprising:a) a first sub-camera that includes a first optics bloc with a respective first optical axis and a first, color image sensor covered with a color filter array (CFA) with a first number of pixels and a first pixel size, the first camera configured to output a first image;
b) a second sub-camera that includes a second optics bloc with a respective second optical axis and a second, clear image sensor with a second number of pixels and a second pixel size, the second camera configured to output a second image, wherein the first and second optics blocs are mounted on a single lens holder;
c) a single autofocus (AF) mechanism coupled mechanically to the single lens holder and operative to move the single lens holder and the first and second optics blocs mounted thereon together for AF in a direction common to the respective first and second optical axes;
d) an optical image stabilization (OIS) mechanism, coupled mechanically to the first and second optics blocs and operative to move the first and second optics blocs together for OIS in a direction perpendicular to the first and second optical axes; and
e) an image fusion algorithm that combines the first image and the second image into a combined color image.

US Pat. No. 10,250,796

FOCUS ADJUSTMENT APPARATUS AND FOCUS ADJUSTMENT METHOD

Canon Kabushiki Kaisha, ...

1. A focus adjustment apparatus comprising:a signal generating unit configured to generate signals of two images respectively corresponding to a pair of light fluxes that pass through different pupil regions of a focusing lens;
a two-image displacement amount calculating unit configured to calculate a displacement amount of the two images with respect to each other based on a phase difference of the signals of the two images;
a steepness calculating unit configured to calculate a steepness of change in a correlation change amount of the two images;
a steepness normalizing unit configured to normalize the steepness; and
an evaluating unit configured to evaluate reliability of the displacement amount of the two images based on the normalized steepness.

US Pat. No. 10,250,790

ELECTRIC APPARATUS, IMAGE PROJECTION APPARATUS AND IMAGE CAPTURING APPARATUS

CANON KABUSHIKI KAISHA, ...

1. An image projection apparatus comprising:a first optical modulator configured to operate in response to receipt of a first clock signal whose polarity reverses periodically so as to modulate a first color light introduced thereto;
a second optical modulator configured to operate in response to receipt of a second clock signal whose polarity reverses periodically at a same period as that of the first clock signal so as to modulate a second color light introduced thereto;
an optical element through which exit lights from the first and second optical modulators pass;
a projection optical system configured to project an image light including the exit lights modulated by the first and second optical modulators onto a projection surface; and
a signal outputter configured to output the first and second clock signals respectively to the first and second optical modulators,
wherein:
the first and second optical modulators are arranged on mutually opposite sides across the optical element,
light exit surfaces of the first and second optical modulators respectively face first and second light entrance surfaces provided in the optical element at mutually opposite sides thereof, and
the signal outputter is configured to output the first and second clock signals such that, in each period of the first and second clock signals, a time period in which their polarities are mutually reversed is longer than a time period in which their polarities are mutually identical.

US Pat. No. 10,250,789

ELECTRONIC DEVICE WITH MODULATED LIGHT FLASH OPERATION FOR ROLLING SHUTTER IMAGE SENSOR

GOOGLE LLC, Mountain Vie...

1. A user-held electronic device comprising:a modulated light projector;
an electronic rolling shutter (ERS) imaging camera having a sensor array with pixel rows;
a controller to control the modulated light projector to project a modulated light flash into an environment of the user-held electronic device during capture of a first image frame by the sensor array and to refrain from projecting any modulated light flash during capture of a second image frame adjacent to the capture of the first image frame, and wherein the controller is to initiate the modulated light flash while each pixel row of the sensor array is exposed for gathering light for the first image frame and to terminate the modulated light flash before any pixel row of the sensor array ceases to be exposed for gathering light for the first image frame; and
a processor to determine modulated light image data based on the first image frame, to determine one or more two-dimensional (2D) spatial features of the environment based on visible light imagery and match the 2D spatial features with a corresponding depth reading based on a 2D feature analysis of the modulated light image data, to identify one or more three-dimensional (3D) spatial features from the 2D spatial features, and to determine a pose of the user-held electronic device relative to the environment based on the one or more 3D spatial features; and
wherein the controller is to control the ERS imaging camera to selectively:
initiate exposure of each of the pixel rows of the sensor array substantially simultaneously for capture of the first image frame and to initiate the modulated light flash in response to the initiation of the exposure of the pixel rows substantially simultaneously; or
capture the first and second image frames at a frame rate greater than a nominal frame rate for capture of visible light imagery by the user-held electronic device.

US Pat. No. 10,250,788

CAMERA MODULE WITH HEAT DISSIPATION ARRANGEMENT AND MANUFACTURING METHOD THEREOF

Ningbo Sunny Opotech Co.,...

1. A camera module, comprising:an optical lens unit, and
a light sensing unit provided along a light outgoing path of said optical lens unit so that said light sensing unit is able to sense light emitted from said optical lens unit,
wherein said light sensing unit comprises:
a photoelectric converting element, and
a conducting unit connected to said photoelectric converting element, wherein said conducting unit transfers electrical signals converted and generated during an operation of said photoelectric converting element, and conducts heat generated during the operation of said photoelectric converting element to the surroundings, wherein said conducting unit comprises a substrate and a circuit board overlapped and contacted with said substrate at a position that said circuit board is positioned between said substrate and said photoelectric converting element, wherein said substrate is contacted with said photoelectric converting element for dissipating the heat from said photoelectric converting element during operation thereof, wherein said substrate has a raised portion and said circuit board has a through hole that said raised portion of said substrate is engaged and contacted with said through hole of said substrate to increase a heat dissipating area therebetween and to contact with said photoelectric converting element, wherein said substrate and said photoelectric converting element are closely attached to conduct the heat generated during operation of said photoelectric converting element, and said circuit board is electrically coupled with said photoelectric converting element to transfer electrical signals converted and generated during the operation of said photoelectric converting element.

US Pat. No. 10,250,785

ELECTRONIC APPARATUS CAPABLE OF EFFICIENT AND UNIFORM HEAT DISSIPATION

Canon Kabushiki Kaisha, ...

1. An electronic apparatus provided with a battery accommodation section that can accommodate a battery, comprising:a substrate that has an electric component, which forms a heat source, mounted thereon;
a heat dissipating member that is formed in the battery accommodation section so as to receive and hold the battery when the battery is accommodated in the accommodation section;
a first heat conductive member that has one end thermally connected to the electric component and another end thermally connected to said heat dissipating member; and
an insertion port member that forms part of the battery accommodation section and is connected to said heat dissipating member at a location closer to a battery insertion port through which the battery is inserted than a remaining portion of said heat dissipating member,
wherein said insertion port member is formed of a material lower in thermal conductivity than said heat dissipating member.

US Pat. No. 10,250,783

MAGNETIC MOUNT ASSEMBLY OF A CAMERA

GOOGLE LLC, Mountain Vie...

1. A physical assembly, comprising:a magnet mount for physically receiving a physical module, the physical module including a housing having a rear surface of a first shape, the magnet mount including:
a first surface configured to attach to a mounting surface directly or indirectly;
a second surface opposing the first surface, the second surface having a second shape that is substantially complementary to the first shape of the rear surface of the housing of the physical module, the second surface being configured to engage the rear surface of the housing of the physical module; and
a magnetic material disposed between the first and second surfaces and configured to magnetically couple to a magnetic material of the physical module such that when the physical module is magnetically coupled to the magnet mount an adjustable union between the magnet mount and the physical module is formed permitting adjustment of an angle of orientation of the physical module with respect to the magnet mount, the angle of orientation being limited by a stopping structure of the physical module, wherein the magnetic material of the physical module has an area that is substantially greater than that of a cross section of the magnetic material included in the magnet mount.

US Pat. No. 10,250,779

IMAGE PROCESSING APPARATUS, IMAGE PROCESSING METHOD, AND PROGRAM

FUJIFILM Corporation, Mi...

1. An image processing apparatus comprising:an image reading unit that reads a target printed matter to acquire first read image data indicating a read image of the target printed matter;
an image matching unit that performs a process of matching a positional relationship between read image data which is any one of the first read image data and second read image data obtained by color conversion of the first read image data and original document image data of the target printed matter;
a statistical processing unit that generates statistical information that reflects a distribution of read image signal values of the read image data in each image region of the read image data corresponding to an image region having the same original document image signal values in the original document image data; and
a mismatching detection unit that detects color mismatching between the original document image data and the target printed matter on the basis of the statistical information.

US Pat. No. 10,250,778

DISTRIBUTED SMART CARD READER FOR MULTIFUNCTION PRINTER

Xerox Corporation, Norwa...

13. A method for distributed smart card authentication comprising:selecting, by an administrator, at least one device that can be authenticated by said smart card reader;
setting, by an administrator, a secure password for each of said at least one selected devices that can be authenticated by said smart card reader;
reading user authentication information on a smart card with a smart card reader;
sending said user authentication information from said smart card reader to a server;
storing said user authentication information on said server wherein said server is accessible by each of said selected devices that can be authenticated by said smart card reader;
providing said stored user authentication information to each of said selected devices where authentication is desired upon request; and
authenticating a user of said at least one selected device where authentication is desired according to said stored user authentication information, and user authentication information provided at said selected device by said user.

US Pat. No. 10,250,776

ENHANCING GRAPH VISUALIZATION WITH SUPPLEMENTAL DATA

International Business Ma...

1. A method for communicating supplemental data for nodes of a graph representing a system, said method comprising:dividing, by one or more processors of a computer system, a visual representation of the graph into a plurality of portions, each portion of the visual representation of the graph being a rectangle corresponding to a respective node of the graph, said visual representation being an area of a computer screen displaying the graph, wherein said dividing the visual representation of the graph comprises determining a number of pixels in a plurality of rectangles displayed on the computer screen along with the graph, based on a number of pixels of the graph and a number of nodes of the graph;
encoding steganographically, by the one or more processors, supplemental data for each respective node, together with an offset distance between a reference point of each respective node and a reference point of the supplemental data for each respective node, into the portion of the graphical representation corresponding to each respective node;
prioritizing, by the one or more processors, fixed length attributes related to the respective node, and
encoding steganographically, by the one or more processors, the attributes into the rectangle corresponding to the respective node, said encoding starting with a highest priority attribute of the fixed length attributes and continuing sequentially according to a priority of the remaining attributes of the fixed length attributes.

US Pat. No. 10,250,775

IMAGE PROCESSING DEVICE, IMAGE PROCESSING METHOD AND REMOTE-SCAN IMAGE PROCESSING SYSTEM USING THE SAME

RICOH COMPANY, LTD., Tok...

1. An image processing device, comprising:a scanner to scan a document;
a network interface;
a user interface including a display;
a memory; and
a processor configured to conduct an image data storing process and an image data sending process;
wherein in conducting the image data storing process, the processor is configured to:
display one or more first display screens to receive first inputs by a user, the first inputs including at least one or more scan condition settings and a document name, and the one or more first display screens including a scan setting screen to receive the at least one or more scan condition settings and a document name input screen to receive the document name;
control the scanner to scan the document in accordance with the one or more scan condition settings that have been received via the one or more first display screens;
generate image data based on the scanned document; and
store the generated image data in the memory in association with the document name which has been received via the one or more first display screens; and
wherein in conducting the image data sending process, the processor is configured to:
display one or more second display screens to receive second inputs by the user, the second inputs including at least a selection of at least one image data to be sent among a plurality of image data stored in the memory and a selection of a destination to which the at least one image data is to be sent, the plurality of image data including at least the generated image data; and
control the network interface to send the at least one image data to the destination.

US Pat. No. 10,250,772

DEVICE MANAGAMENT APPARATUS, DEVICE MANAGEMENT SYSTEM, AND DEVICE MANAGEMENT METHOD

RICOH COMPANY, LTD., Tok...

1. A device management apparatus configured to manage one or more managed devices, each device configured to connect to the device management apparatus via a network and configured to include one or more associated functions provided therein, each function executed according to one or more corresponding security setting items which are required to be set to respective security setting values for the device to operate the function, the device management apparatus comprising circuitry configured to perform a method comprising:(a) registering device management data in a storage device, the device management data including, for each associated function amongst the one or more functions provided in a managed device, use setting information indicating whether the associated function provided in the managed device is currently available for the managed device to operate;
(b) presenting a selection screen to display the use setting information for the functions provided in the managed device and to receive a use change instruction of a specified function provided in the managed device, the use change instruction permitting the use setting information corresponding to the specified function to be changed, in a case that, prior to the use change instruction having been received, the specified function was unavailable to the managed device to operate;
(c) determining, in response to receiving the use change instruction in (b), one or more security setting items of the managed device required to be set to respective security setting values, for the specified function provided by the managed device to be executed; and
(d) changing, upon determining in (c) that the one or more security setting items of the managed device are required to be set to respective security setting values to execute the specified function, a first security setting item of the managed device, amongst said one or more security setting items, from a first setting value to a second setting value different from the first setting value of the first security setting item of the managed device, said first security setting item of the managed device being required to be set to said second setting value to enable the managed device to execute the specified function which was unavailable for the managed device to operate prior to the use change instruction being received in (b).

US Pat. No. 10,250,768

PRINT MEDIA SIZE/COLOR DETECTION USING SCANNER

Xerox Corporation, Norwa...

1. A printer comprising:a print media storage device;
a drawer sensor positioned to detect opening of said print media storage device;
a processor electrically connected to said drawer sensor;
a document scanner electrically connected to said processor;
tray sensors electrically connected to said processor; and
a user interface electrically connected to said processor,
said user interface displays instructions to use said document scanner for scanning a sheet of print media of a stack of print media being added to said print media storage device, in response to said drawer sensor detecting said opening of said print media storage device,
said processor determines whether said tray sensors detect a media type of said stack of print media,
said instructions are displayed on said user interface only if said tray sensors cannot detect said media type of said stack of print media,
said document scanner generates an electronic image of said sheet of print media from said scanning of said sheet of print media,
said processor evaluates said electronic image of said sheet of print media to identify said media type and a color of said stack of print media being added to said print media storage device, and
said processor records that said print media storage device contains said stack of print media having said media type and said color.

US Pat. No. 10,250,766

METHOD AND DEVICE FOR CHANGING DISPLAY LANGUAGE OF APPLICATION

Ricoh Company, Ltd., Tok...

1. An imaging device including a main unit implementing an imaging function, and an information processing terminal configured to act as an operation unit, the information processing terminal comprising a hardware processor and a hardware memory storing a program that causes the hardware processor to execute a process including:obtaining a predetermined selectable language of an operating system and a language of a character string added to an application program by a terminology module;
displaying a list of selectable language candidates on a language setting screen to enable a user to select a display language of the operating system, the selectable language candidates including the predetermined selectable language of the operating system and the language of the character string added to the application program by the terminology module; and
changing the display language of the operating system into a language selected from the list of the selectable language candidates by the user.

US Pat. No. 10,250,764

DISPLAY SYSTEM, CONTROL DEVICE, AND NON-TRANSITORY COMPUTER READABLE MEDIUM

FUJI XEROX CO., LTD., To...

1. A display system comprising:a head-mounted augmented reality (AR) display apparatus including a display that displays a virtual image, the head-mounted AR display apparatus enabling a user to see an object by using the head-mounted AR display apparatus, the object being actually located on a line extending from a line of sight of the user;
at least one recording medium container that accommodates a recording medium on which an image is to be formed; and
a display controller of the head-mounted AR display apparatus that displays, on the display, the virtual image of the image to be recorded on the recording medium, the virtual image being superimposed on the recording medium to be placed in the recording medium container, the display controller displaying the virtual image when the recording medium container is aligned with the line of sight of the user.

US Pat. No. 10,250,763

INPUT DEVICE, IMAGE FORMING APPARATUS, AND NON-TRANSITORY COMPUTER READABLE MEDIUM

FUJI XEROX CO., LTD., To...

1. An input device comprising:a display having a first outer edge and a second outer edge;
a protrusion located along the first outer edge;
an operation detector configured to detect an operation input within a detection region, the detection region corresponding to a display region of the display, the detection region including:
a first function enabling area located along the first outer edge; and
a second function enabling area located along the second outer edge, a width of the second function enabling area in a direction perpendicular to the second outer edge being less than a width of the first function enabling area in a direction perpendicular to the first outer edge; and
a processor operatively connected to the display and operation detector, the processor programmed to:
display an operation screen on the display region of the display;
determine whether the detected operation input is a continuous movement across the detection region;
in response to a determination that the detected operation input is a continuous movement across the detection region, determine a direction of the continuous movement;
in response to a determination that the direction of the continuous movement is oriented towards the protrusion, enable a function corresponding to the operation input once the continuous movement enters the first function enabling area; and
in response to a determination that the direction of the continuous movement is oriented away from the protrusion, enable the function corresponding to the operation input once the continuous movement enters the second function enabling area.

US Pat. No. 10,250,761

IMAGE HANDLING APPARATUS, IMAGE PROCESSING SYSTEM, IMAGE PROCESS CONTROLLING METHOD, AND IMAGE PROCESS CONTROLLING PROGRAM PRODUCT

Ricoh Company, Ltd., Tok...

1. An image handling apparatus, comprising:an operation panel displaying one or more input screens, including a web browser, allowing to input image handle information including one or more scan settings for handling an image, the one or more input screen is displayed based on HTML data received from a web application of an external web server capable of connecting through a network, and receiving a user instruction of an image generation from the web browser displaying at least one of the input screens;
hardware resource including a scanner for generating an image; and
processing circuitry configured to
transmit a first message including a scan setting from among the one or more scan settings, in response to the input at the web browser displaying at least one of the input screens, to the web application
transmit a second message to the web application in response to receiving the user instruction of an image generation,
receive image generation information for the scanner to execute an image generation including the one or more scan settings, from the web application, in response to the transmitted second message, transmitted to the web application from the web browser included in the image handling apparatus, and
control the scanner to execute the image generation, wherein
the first message including the scan setting is transmitted to the web application in a plurality of times, in response to each input of the scan setting on at least one of the input screens, and
the image generation information including the plurality of scan settings, is transmitted from the web application to control the scanner, in response to the user instruction of the image generation on the image handling apparatus.

US Pat. No. 10,250,760

IMAGING DEVICE, IMAGING SYSTEM, AND IMAGING METHOD

Olympus Corporation, Tok...

1. An imaging device comprising:an imaging sensor;
a processor including a first image processing section which generates a non-magnified image using image processing that does not perform magnification processing from image data that was acquired by the imaging sensor, at the time of movie shooting or at the time of live view display, and a magnification processing section which magnifies a part of the non-magnified image to generate a magnified image;
a display device to display an image;
a transmission circuit to transmit an image to an external device that has a screen that is larger than the display device, and that displays an image in high definition;
a transmission switching section; and
a controller,
wherein the display device includes a display switching section to control which one of the magnified image and the non-magnified image is displayed,
wherein the transmission switching section is configured to control which one of the magnified image and the non-magnified image is transmitted and the controller has a photographing mode setting section which sets one of a still image photographing mode and a moving image photographing mode, and
wherein the transmission switching section, when a moving image photographing mode is set and a setting is made to display the magnified image on the display device, controls the transmission circuit to transmit the non-magnified image data, and when a still image photographing mode is set and the magnified image is displayed on the display device, controls the transmission circuit to transmit the magnified image.

US Pat. No. 10,250,756

SYSTEMS AND METHODS FOR PROVIDING RENEWABLE WIRELINE AND WIRELESS SERVICES AND GOODS

1. A method comprising:receiving, by a system comprising a processor, from a mobile communication device associated with a subscription plan for a first service associated with a first time period, a user request for a second service associated with a second time period, wherein the second service is different from the first service;
provisioning, by the system, in response to receiving the user request, the second service for the mobile communication device to grant the mobile communication device access to the second service for the second time period; and
establishing, in a database, an entry associated with an account corresponding to a user of the mobile communication device, the entry comprising at least one of an expiration quantity of the second service or an expiration date for the second service based on the second time period during which the second service is available.

US Pat. No. 10,250,753

CUSTOMER-CENTRIC NETWORK-BASED CONFERENCING

1. A communication system comprising:a processor; and
a memory coupled to the processor, wherein the memory stores instructions that, when executed by the processor, cause the processor to:
receive a command provided by an initiator to set up a conference;
identify a list of potential conference participants other than the initiator and an agent of an enterprise hosting the communication system;
identify projected presence information for each of the potential conference participants, the projected presence information being an estimate of presence at a future point in time;
determine an optimum time to schedule the conference based on the projected presence for each of the potential conference participants at the optimum time, the optimum time being a time later than a current time, wherein the determined optimum time is for increasing a likelihood of acceptance of an invitation to join the conference;
determine whether a minimum number of the potential conference participants are projected to be available at the determined optimum time;
in response to determining, based on the projected presence, that the minimum number of potential conference participants are projected to be available at the determined optimum time:
send the invitation to a first one of the potential conference participants to join the conference scheduled for the optimum time;
refrain from sending an invitation to a second one of the potential conference participants whose projected presence information indicates unavailability of the second one of the potential conference participants at the optimum time;
receive a first message from the first one of the potential conference participants accepting the invitation to join the conference;
receive a second message from the first one of the potential conference participants to join the conference at the scheduled optimum time; and
transmit a command to connect the first one of the potential conference participants to the conference in response to receipt of the second message.

US Pat. No. 10,250,752

TELECOMMUNICATION NETWORK

STARLEAF LTD, London (GB...

1. A telecommunication network for telecommunications between telecommunication end point devices, the telecommunication network comprising:a plurality of PBXs implemented by a computer system comprising a single hardware platform, each PBX being shared by telecommunication end point devices allocated to it, and each PBX being configured to control communication connections involving telecommunications originating from telecommunication end point devices allocated to it and other telecommunication end point devices,
wherein at least some functionality of the plurality of PBXs shared between the plurality of PBXs is configured to be stored in a memory of the computer system,
wherein the computer system is configured to:
receive a request for a telecommunication event;
determine telecommunication resource requirements for the telecommunication event;
allocate, based on the telecommunication resource requirements, resources of a first PBX of the plurality of PBXs to implement the telecommunication event by allocating resources of the first PBX that are on a public internet side of a firewall; and
allocate, based on the telecommunication resource requirements, resources of a second PBX of the plurality of PBXs to implement the telecommunication event by allocating resources of the second PBX that are on a private side of the firewall.

US Pat. No. 10,250,751

MOBILE CONFERENCE SYSTEM

1. A mobile conference system comprising:a master mobile hands-free unit; and
a first slave mobile hands-free unit;
wherein each of the mobile hands-free unit comprise:
at least one microphone configured to record audio signals;
a loudspeaker configured to play back audio signals to be played back;
a battery unit configured to supply energy;
an operating unit;
a muting operating element,
a control interface configured to control wireless bidirectional transmission of control commands;
at least one lighting unit; and
a first transmitting/receiving unit configured to bidirectionally communicate wirelessly with another of the mobile hands-free units
wherein the master mobile hands-free unit further comprises:
a second transmitting/receiving unit configured to bidirectionally communicate wirelessly with an external unit;
wherein the master mobile hands-free unit is configured to:
receive first audio signals from the external unit by the second transmitting/receiving unit; and
wirelessly transmit the received first audio signals to the second mobile hands-free unit via the first transmitting/receiving unit;
wherein the master mobile hands-free unit is further configured to:
receive second audio signals from the second mobile hands-free unit by the first transmitting/receiving unit; and
mix the received second audio signals with recorded audio signals recorded by the at least one microphone of the master mobile hands-free unit; and
wirelessly transmit the mixed audio signals to the external unit via the second transmitting/receiving unit;
wherein the at least one second hands-free unit further comprises:
a muting operating element;
wherein the at least one second hands-free unit is configured to transmit, in response to an actuation of the muting operating element, a muting control command via the control interface of the at least one second hands-free unit to the control interface of the master mobile hands-free unit; and
wherein the master mobile hands-free unit is configured to interrupt, in response to receiving the muting control command, output of the audio signals recorded by its at least one microphone to the external unit via the second transmitting/receiving unit.

US Pat. No. 10,250,750

METHOD AND SYSTEM FOR INTEGRATING AN INTERACTION MANAGEMENT SYSTEM WITH A BUSINESS RULES MANAGEMENT SYSTEM

1. A system for processing communication events for a contact center, the system comprising:a processor;
a memory, wherein the memory has stored therein instructions that, when executed by the processor, cause the processor to:
receive, during execution of a routing strategy for routing a communication event, a request for rule execution;
identify, in response to the request, a set of facts associated with the communication event and with contact center state;
identify a rule based on the set of facts;
execute the identified rule based on the set of facts, the identified rule including a condition for updating the contact center state;
determine, in response to executing the identified rule, that the condition is satisfied; and
transmit, in response to the condition being satisfied, a signal for updating the contact center state; and
an electronic switch coupled to the processor, the electronic switch configured to distribute the communication event according to the updated contact center state.

US Pat. No. 10,250,749

AUTOMATED TELEPHONE HOST SYSTEM INTERACTION

REPNOW INC., San Diego, ...

1. A system comprising:one or more client applications executable by respective communication devices, each communication device comprising one or more processors configured with processor-executable instructions included in the client application to perform operations comprising:
receiving, from a user of the communication device, a natural language input;
determining, using natural language processing, that the natural language input comprises a request associated with a service provider of a plurality of known user service providers; and
transmitting a representation of the natural language input via a communication network; and
a server comprising one or more processors configured with processor-executable instructions to perform operations comprising:
receiving, via the communication network, the representation of the natural language input from the communication device;
determining, using natural language processing, metadata associated with a call center corresponding to the request;
causing, based at least in part on the metadata, initiation of a call center communication session from a telephony service to the call center;
receiving at least one interactive voice response (IVR) prompt transmitted by the call center in the call center communication session;
determining, based on natural language processing of the representation of the natural language input, a response to the IVR prompt; and
causing the response to be transmitted from the telephony service to the call center in response to the IVR prompt.

US Pat. No. 10,250,746

METHOD AND SYSTEM FOR GROUP COMMUNICATION ACROSS ELECTRONIC MAIL USERS AND FEATURE PHONE USERS

OATH INC., New York, NY ...

1. A method comprising:receiving, by a processor, a first electronic mail from an electronic mail user;
converting, by the processor, the first electronic mail to an audio clip in response to the receipt of the first electronic mail;
generating, by the processor, a text message for communication to a user of a feature phone, said text message comprising embedded information referencing the audio clip, and further comprising a name of the electronic mail user, and an email identifier of the electronic mail user;
authenticating, by the processor, the user of the feature phone by requesting a username and password of the feature phone user;
comparing, by the processor, a number of characters in the first electronic mail to a predefined number;
when the number of characters in the first electronic mail is below the predefined number, including, by the processor, the first electronic mail in the text message;
when the number of characters in the first electronic mail is above the predefined number or when the first electronic mail has been included in the text message, transmitting, by the processor, the text message to the feature phone;
receiving, by the processor, a voice input provided by the feature phone user as a response to the first electronic mail;
receiving, by the processor, the email identifier of the electronic mail user from the feature phone;
creating and storing, by the processor, a shortcut key, said shortcut key comprising the email identifier of the electronic mail user and a phone number of the electronic mail user;
embedding, by the processor, the voice input as an audio file in a second electronic mail; and
transmitting, by the processor, the second electronic mail to the electronic mail user via the shortcut key.

US Pat. No. 10,250,745

IDENTIFYING THE CELLULAR NUMBER ON A CELLULAR DEVICE CAPABLE OF SUPPORTING MULTIPLE CELLULAR NUMBERS

T-Mobile USA, Inc., Bell...

1. A method comprising:on a cellular device capable of using a first cellular number and a second cellular number, receiving an input to open a contacts application to generate a contact, the contact including a name field indicating a name of the contact and a phone number field indicating a phone number of the contact;
displaying a customizable field in the contact, the customizable field associating a call received from the contact with the first cellular number or with the second cellular number;
receiving an input to modify the customizable field, the input identifying the first cellular number or the second cellular number;
storing the input as part of the contact;
receiving an incoming call from the contact; and
displaying on the cellular device in response to receiving the incoming call from the contact, the name field, phone number field, and the customizable field of the contact.

US Pat. No. 10,250,744

CALL CENTER SYSTEM AND VOICE RECOGNITION CONTROL METHOD OF THE SAME

1. A call center system that records calls from customers and stores the calls as data, the call center system comprising:an exchange for performing an exchange of a call from a public telephone network that arrives at an extension;
a communication terminal provided for each operator to make calls;
an operator information processing terminal that each operator operates;
a recorder for recording call data transmitted from the exchange and stores as recorded data;
a call and recorded information management server that receives call information relating to the call from the exchange, associates the call information with the information relating to the recorded data from the recorder, and stores the call information in a database; and
a voice recognition server that performs voice recognition on the recorded data and outputs text data,
wherein the exchange, the communication terminal, the operator information processing terminal, the recorder, the call and recorded information management server, and the voice recognition server are connected by a network,
wherein the call and recorded information management server includes a call and recorded information management table in which call identification information, business identification information relating to a call, and management information of recorded data are associated with each other,
wherein the voice recognition server includes a business information-recognition engine correspondence table in which the business identification information relating to the call and a voice recognition engine used for voice recognition are associated to each other,
wherein the operator information processing terminal transmits the call identification information to the call and recorded information management server in order to request a voice recognition process,
wherein the call and recorded information management server searches the call and recorded information management table for the business identification information relating to the call according to the received call identification information, and transmits the call identification information as well as the business identification information relating to the call corresponding to the call identification information, to the voice recognition server,
wherein the voice recognition server searches for the corresponding voice recognition engine according to the received business identification information relating to the call, and adds the received identification information to a recognition queue to be processed by the corresponding voice recognition engine,
wherein the voice recognition server requests the call and recorded information management server to obtain the recoded data according to the received call identification information,
wherein the call and recorded information management server searches the call and recorded information management table according to the received call identification information, and transfers the recoded data corresponding to the call identification information to the voice recognition server, and
wherein the voice recognition server performs voice recognition on the recorded data corresponding to the call identification information stored in the recognition queue by using the corresponding voice recognition engine, and stores the recognition result as text data.

US Pat. No. 10,250,743

SENDER IDENTIFICATION SYSTEM AND METHOD

MOBILE MESSENGER GLOBAL, ...

1. A method for messaging, including:sending to an identity database a query based upon data included in a received message, the received message originating from a sender at a first device in a first protocol and directed to a recipient at a second device;
receiving from the identity database information pertaining to the identity of the sender of the message, including identity information that is not a part of the message;
locating a rule set by the recipient of the message, the rule being associated with the identity of the sender of the message;
handling the message according to the rule; and
wherein the handling is performed without receiving additional input from the recipient and includes at least one of providing the message to the recipient in a second protocol and not providing the message to the recipient,
wherein the second protocol is different than the first protocol and comprises at least one of a Short Message Service (“SMS”) or Multimedia Messaging Service (“MMS”);
when the message is provided to the second device according to the rule, rendering the message to the recipient and providing an indication to the sender that the message was provided to the recipient, and
when the message is not provided to the second device according to the rule, identifying that the message is subject to deletion and providing an indication to the sender that the message was not provided to the recipient.

US Pat. No. 10,250,740

ECHO PATH CHANGE DETECTOR

Imagination Technologies ...

1. An echo path monitoring system for controlling an adaptive filter configured to estimate an echo of a far-end signal comprised in a microphone signal, the system comprising:a comparison generator configured to compare the microphone signal with the estimated echo to obtain a first comparison result and compare an error signal, which represents a difference between the microphone signal and the estimated echo, with the estimated echo to obtain a second comparison result; and
a controller configured to:
combine the first and second comparison results to form a parameter indicative of a state of the microphone signal;
control an operating mode of the adaptive filter in dependence on said parameter and on whether the adaptive filter is in a transient state or a steady state, wherein, when the adaptive filter is in the steady state, the controller is configured to assess whether the microphone signal incorporates echo path change.

US Pat. No. 10,250,739

TERMINAL EQUIPMENT CONTROL METHOD, TERMINAL EQUIPMENT AND SYSTEM, COMPUTER STORAGE MEDIA

ZTE Corporation, Shenzhe...

1. A terminal device control method, applied to a terminal device to be controlled, comprising:acquiring control strategies for the terminal device, and acquiring information on a current study scenario where the terminal device is located, wherein the current study scenario is calculated based on position information and course table information describing class conditions;
acquiring control information for the terminal device, according to the control strategies for the terminal device and the information on the current study scenario;
controlling the terminal device according to the control information;
sending a request for regulating the control strategies;
acquiring control strategy regulation information;
acquiring new control information used in controlling the terminal device, according to the control strategy regulation information and the information on the current study scenario; and
controlling the terminal device according to the new control information.

US Pat. No. 10,250,737

TERMINAL FUNCTION SETTING METHOD AND DEVICE FOR VEHICLE UNLOCKING, AND MOBILE TERMINAL

BEIJING MOBIKE TECHNOLOGY...

1. A terminal function setting method for vehicle unlocking, said method comprising the steps of:receiving a current request for vehicle unlocking sent by a mobile terminal;
determining to perform a scene mode of the current request;
acquiring a terminal function setting manner under the scene mode; and
performing function setting of the mobile terminal according to the terminal function setting manner,
wherein:
the scene mode comprises a night mode, and a terminal function setting manner under the night mode includes activating a flashlight function of the mobile terminal; and
the terminal function setting manner under the night mode further comprises a setting manner of camera parameters.

US Pat. No. 10,250,736

TERMINAL CONTROLLING DEVICE AND CONTROLLING METHOD USING SAME

MODA-INNOCHIPS CO., LTD.,...

1. A terminal control device having a mode control module for switching an execution mode of a terminal, the terminal control device comprising:a main control module configured to control driving of the terminal;
a receiver sensor installed in the terminal and capable of inter-conversion between an electric signal and an external physical force; and
a signal processing unit configured to analyze an electric signal generated in the receiver sensor, process the electric signal into a mode switching signal for switching a mode of the terminal, and transfer the mode switching signal to the main control module,
wherein the receiver sensor acts as a speaker for transferring a call connection sound and a voice of a user's other party to the user in response to an input electric signal.

US Pat. No. 10,250,730

ADAPTER APPARATUS FOR EARPHONE ACCESSORY

Merry Electronics (Shenzh...

1. An adapter apparatus for a earphone accessory, comprising:an earphone jack, suitable for a plug of the earphone accessory to plug in;
a connection interface, suitable for being electrically connected with a portable device;
a pre-amplifier, electrically connected to the earphone jack to receive an earphone control signal of the earphone accessory and to provide an amplified earphone control signal, wherein the pre-amplifier comprises:
a signal amplifier, electrically connected to the earphone jack to receive the earphone control signal and provide an enhanced control signal; and
a comparator, coupled to the signal amplifier to receive the enhanced control signal and to provide the amplified earphone control signal based on a comparing result of the enhanced control signal and a predetermined reference voltage; and
a device adapter circuit, electrically connected to the pre-amplifier and the connection interface to receive the amplified earphone control signal and provide a device control signal to the portable device via the connection interface, wherein the device adapter circuit comprises:
a signal extractor, receiving the amplified earphone control signal to determine a frequency of the amplified earphone control signal and correspondingly provide a frequency determination signal;
a potential detector, receiving the amplified earphone control signal to determine a direct current (DC) level of the amplified earphone control signal and correspondingly provide a level determination signal; and
a signal comparison module, coupled to the signal extractor and the potential detector to provide the device control signal according to the frequency determination signal and the level determination signal.

US Pat. No. 10,250,729

MOBILE TERMINAL

LG Electronics Inc., Seo...

1. A mobile terminal comprising:a case unit comprising a plurality of case parts defining an outer appearance;
a waterproof member configured to waterproof a gap between the plurality of case parts;
an inner space formed by coupling of the plurality of case parts with the waterproof member;
a sound output unit mounted in the inner space;
an electronic component mounted in the inner space;
at least one processor configured to control the sound output unit;
a resonance space provided in the inner space and configured to resonate sound that is output from the sound output unit; and
a sound hole provided at one side of the case unit and configured to output a first sound,
wherein a sound pressure level of a second sound output by vibration of the case unit due to vibration of the first sound is higher than a sound pressure level of the first sound in a low-frequency sound range, and
wherein, in a state in which the case unit is placed on a mounting surface, a third sound is generated by the mounting surface due to vibration of the second sound.

US Pat. No. 10,250,727

MAGNIFICATION AND LIGHTING ATTACHMENT FOR MOBILE TELEPHONES

1. A camera attachment for a mobile phone with a camera lens and an illumination component to photograph an object, comprising:a support configured to be nonmovably attached to the mobile phone;
a carrier member movably mounted to the support, the carrier member configured to be movable relative to the mobile phone, the carrier member comprises a semi-annular opening having a first side and a second side;
a first lens station mounted to the carrier member adjacent the first side of the semi-annular opening, the first lens station comprising a lens;
a second lens station mounted to the carrier member on the second side of the semi-annular opening, the second lens station comprising a lens operationally separate from the lens of the first lens station; and
at least one light component mounted to the carrier member;
wherein the carrier member is configured to move between a first position and a second position with the support attached to the mobile phone; and
wherein, in the first position, the first lens station is in alignment and optically coupled with the lens of the mobile phone to optically magnify the object to be photographed by the mobile phone, and the light component is in alignment and optically coupled with the illumination component of the mobile phone to illuminate the object to be photographed by the mobile phone and the separate, second lens station is out of alignment and not optically coupled with the lens of the mobile phone; and wherein, in the second position, the first lens station is out of alignment and not optically coupled with the lens of the mobile phone, the light component is out of alignment and not optically coupled with the illumination component of the mobile phone, and the second lens station is in alignment and is optically coupled with the lens of the mobile phone.

US Pat. No. 10,250,725

METHOD OF L2 LAYER DATA PACKET PROCESSING AND ELECTRONIC DEVICE USING THE SAME

Acer Incorporated, New T...

1. A method of data packets processing applicable to an electronic apparatus, the method comprising:generating, by a higher L2 sublayer before receiving an uplink (UL) grant, protocol data units (PDUs) of the higher L2 sublayer, wherein each PDU of the higher L2 sublayer comprises one or more SDUs of the higher L2 sublayer;
generating, by a lowest L2 sublayer before receiving the UL grant, subheaders for each of service data units (SDUs) of the lowest L2 sublayer, wherein each SDU of the lowest L2 sublayer is equivalent to each PDU of the higher L2 sublayer;
performing, by the lowest L2 sublayer, a logical channel prioritization (LCP) procedure for the SDUs in response to receiving the UL grant;
generating, by the lowest L2 sublayer based on a result of the LCP procedure, a PDU of the lowest L2 sublayer by multiplexing a portion of the SDUs of the lowest L2 sublayer and the subheaders of the portion of the SDUs; and
modifying, by the lowest L2 sublayer, the last subheader within the PDU.

US Pat. No. 10,250,724

SOFTWARE UPGRADE IN A HOME NETWORK USING LOWER LAYER MESSAGING

Entropic Communications, ...

1. A home-based server for use in a coaxial cable network of a home, where the coaxial cable network of the home comprises an open network that is user modifiable and a closed network that is not user modifiable, the home-based server comprising:a first transceiver configured to communicate with an external server over a communication network external to the home and not over the coaxial cable network of the home;
a second transceiver configured to communicate with a client device over the coaxial cable network of the home and not over the communication network external to the home; and
processing circuitry configured to:
utilize the first transceiver to receive a software update image from the external server; and
utilize the second transceiver to communicate the received software update image to the client device over the closed network of the coaxial cable network of the home.

US Pat. No. 10,250,723

PROTOCOL-LEVEL IDENTITY MAPPING

BlueTalon, Inc., Redwood...

1. A method, comprising:intercepting, by an identity mapping system, a user request submitted from a client device through an application program to a distributed computing system that provides a plurality of services, the user request being associated with user credentials, wherein the identity mapping system intercepts the user request at a protocol level that is outside of the application program;
determining, by the identity mapping system, a user protocol in which the client device submitted the user request;
authenticating the user request based on the user credentials;
upon successfully authenticating the user request, determining, by the identity mapping system, a service of the services that the user request is authorized to access;
determining service credentials associated with the service;
generating a service request by the identity mapping system, including translating the user protocol of the user request to a service protocol associated with the service at least in part by associating the service credentials with the service request; and
submitting the service request by the identity mapping system to the distributed computing system, wherein the identity mapping system includes one or more computer processors.

US Pat. No. 10,250,722

TCP TRAFFIC PRIORITY BANDWIDTH MANAGEMENT CONTROL BASED ON TCP WINDOW ADJUSTMENT

SONICWALL INC., Milpitas...

1. A method for managing bandwidth in a computer network, the method comprising:receiving a first packet sent from a first client;
identifying a first traffic class associated with the first packet;
receiving a second packet;
identifying a second traffic class associated with the second packet;
identifying that the first traffic class and the second traffic class are competing for shared bandwidth;
monitoring a first number of bytes received that are associated with the first traffic class over a first interval of time;
calculating a competitive base adjusted window value based on the identified competition for the shared bandwidth;
assigning a first traffic priority index to the first traffic class;
calculating a first traffic class input rate associated with the first number of bytes received that are associated with the first traffic class over the first interval of time;
calculating a first priority window size to associate with packets of the first traffic class that is proportional to the first traffic priority index and to the calculated competitive base adjusted window value and that is inversely proportional to a total priority count, wherein the total priority count is a count of a number of priority classes to which one of the packets is assigned;
calculating a value of a first prioritized adjusted window to include in an acknowledge message to send to the first client, wherein the calculation of the first prioritized adjusted window value is a function of the first priority window size and the competitive base adjusted window value;
transmitting the acknowledge message to the first client, wherein the acknowledge message includes the first prioritized adjusted window value, and the first client changes a first transmitted number of bytes sent in one or more packets; and
receiving the one or more packets over a second interval of time of the first traffic class, wherein the received one or more packets of the first traffic class include a number of bytes corresponding to a changed first number of bytes value.

US Pat. No. 10,250,720

SHARING IN AN AUGMENTED AND/OR VIRTUAL REALITY ENVIRONMENT

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:generating, by a computing device operating in an ambient environment, a virtual environment;
receiving, by a processor of the computing device, a selection of a virtual item by a selection device in virtual contact with the selected virtual item, the selected virtual item representing content associated with the selected virtual item;
tracking movement of the selection device in virtual contact with the selected virtual item;
projecting a virtual trajectory for propulsion of the selected virtual item based on the tracked movement of the selection device in virtual contact with the selected virtual item;
identifying a target recipient for the selected virtual item, including:
detecting a plurality of possible recipients in the virtual environment, the plurality of possible recipients respectively corresponding to a plurality of virtual representations in the virtual environment;
detecting an attractive force associated with each of the plurality of possible recipients, wherein the attractive force is based on a commonality between a characteristic of the content of the selected virtual item and a characteristic of each of the plurality of possible recipients; and
identifying the target recipient based on the projected virtual trajectory for the propulsion of the selected virtual item and the detected attractive force associated with each of the plurality of possible recipients; and
sharing the content of the selected virtual item with the identified target recipient.

US Pat. No. 10,250,718

SYSTEM AND METHOD TO SUPPORT CODEC DELIVERY MODELS FOR IMS NETWORKS

International Business Ma...

1. A computer program product comprising a non-transitory computer usable storage medium having readable program code tangibly embodied in the storage medium, wherein the computer program product, when executed by a processor in a server, causes the processor to perform steps of:receiving a first request at the server for first content from a first user device in communication with the server;
determining, in the server, a first codec required by the first user device for the first content based on stored codec information for the first user device;
determining, in the server, that the first user device does not have the first codec required for the first content using a profile of the first user device, and, using the profile of the first user device, determining to use an online mode to send the first codec with the first content, and based upon that determination, sending the first codec with the first content;
receiving a second request at the server for second content from a second user device in communication with the server;
determining, in the server, a second codec required by the second user device for the second content based on stored codec information for the second user device; and
determining, in the server, that the second user device does not have the second codec required for the second content using a profile of the second user device, and, using the profile of the second user device, determining to use an offline mode to send a reference to the second codec with the second content, and based upon that determination, sending the reference to the second codec with the second content.

US Pat. No. 10,250,716

PRIORITY-DRIVEN BOXCARRING OF ACTION REQUESTS FROM COMPONENT-DRIVEN CLOUD APPLICATIONS

salesforce.com, inc., Sa...

1. A system including a user device and a server device, coupled in communication, including:the user device configured to:
determine an action request by a data consuming application that consumes data received from the server responsive to the action request, the action request associated with a priority label applied to a display region rendered by the data consuming application;
place, by a middleware application, the action request into a first batch based on the priority label and a predetermined segregation schedule;
manage, by the middleware application, a pool of request objects; and
send, to the server device via a request object from the pool of request objects, the first request batch as a first boxcar ahead of a second request batch based on the priority label; and
the server device configured to:
receive the first boxcar and forward the action request to an application program of the server;
collect a response to the action request from the application program;
send the response in a second boxcar corresponding to the first boxcar, the second boxcar including other responses associated with the first boxcar.

US Pat. No. 10,250,714

PAGE REDIRECTION METHOD, ROUTING DEVICE, TERMINAL DEVICE AND SYSTEM

HUAWEI DEVICE CO., LTD., ...

1. A page redirection method, comprising:receiving, by a routing device, based on a first access request sent by a terminal device, a first access response corresponding to the first access request from a network server, wherein the first access request comprises a first access address of a page that a user needs to access;
when an update is available for a configuration of the routing device, modifying, by the routing device, a return code of the first access response and adding, by the routing device, a second access address of a redirected-to page and the first access address to the first access response, wherein the second access address of the redirected-to page is an access address to a page to update the configuration of the routing device; and
sending, by the routing device, the first access response that includes the return code that is modified, and the second access address of the redirected-to page to the terminal device, wherein the first access response prompts the terminal device to send a second access request according to the return code that is modified, and to open the page that the user needs to access and the redirected-to page upon receiving a second access response returned for the second access request.

US Pat. No. 10,250,713

MANAGING CONTACT STATUS UPDATES IN A PRESENCE MANAGEMENT SYSTEM

International Business Ma...

1. A method for managing online status according to a power event comprising:receiving, via a network communication interface, an indication of the power event occurring at a mobile device for an online identity, wherein the power event causes the mobile device to switch from an external power source to an internal battery, and wherein the device represents that the online identity is online while the mobile device receives power from the internal battery;
holding, at a second device, at least one status update for an online contact of the online identity while the mobile device receives power from the internal battery; and
releasing, for transmission to the mobile device, the at least one status update in response to determining that the mobile device switches back to the external power source.

US Pat. No. 10,250,712

METHOD AND SERVER OF CONFIGURING SCENARIO MODE FOR SMART DEVICES

XIAOMI INC., Haidian Dis...

1. A method for configuring a scenario mode for smart devices, comprising:acquiring device information of a first smart device and a second smart device bounded to a user account;
pushing, according to the device information of the first and second smart devices, a predefined scenario mode template to a controlling device bound to the user account, wherein the predefined scenario mode template corresponds to a scenario mode which associates at least one startup condition for the first smart device to trigger the scenario mode with at least one task to be performed by the second smart device when the scenario mode is triggered;
receiving, from the controlling device, scenario mode template selection information indicating whether a user selects to enable the predefined scenario mode template;
bounding, when the scenario mode template selection information indicates the predefined scenario mode template is enabled, the scenario mode corresponding to the predefined scenario mode template to the user account and configuring the scenario mode according to the device information of the first and second smart devices; and
performing, by the second smart device, the at least one task of the scenario mode when the at least one startup condition is satisfied;
wherein the scenario mode bounded to the user account is configured with parameters selected from: user account information, device type information of the first and second smart devices, device ID information of the first and second smart devices, a startup condition parameter for defining conditions of triggering the scenario mode, and a task parameter for defining actions to be performed in the scenario mode;
wherein the predefined scenario mode template comprises: the device type information of the first smart devices and the second smart devices, the startup condition parameter for defining conditions of triggering the corresponding scenario mode, and the task parameter for defining actions to be performed in the corresponding scenario mode; and
wherein bounding the scenario mode corresponding to the predefined scenario mode template to the user account comprises defining the scenario mode corresponding to the predefined scenario mode template by supplementing the device ID information of the first smart device and the second smart device and the user account information to the predefined scenario mode template.

US Pat. No. 10,250,711

FRACTIONAL PRE-DELIVERY OF CONTENT TO USER DEVICES FOR UNINTERRUPTED PLAYBACK

OPANGA NETWORKS, INC., S...

1. A method, comprising:receiving an indication that content is available for pre-delivery from a content server to a user device over a network;
determining a fraction of the content available for pre-delivery that satisfies one or more predicted content playback conditions by determining a fractional size of the content associated with an uninterrupted playback probability for the content; and
causing the determined fraction of the content available for pre-delivery to be delivered to the user device before the user device receives a request to play back the content,
wherein determining a fraction of the content available for pre-delivery that satisfies one or more predicted content playback conditions includes:
determining the fractional size of the content associated with the uninterrupted playback probability for the content by determining a delivery buffer cumulative credit function (CCF) on a cumulative-distribution function (CDF) curve,
the CDF curve representing a relationship between predicted uninterrupted playback probabilities for new content to be pre-delivered to the user device and outputs of the delivery buffer cumulative credit function for content previously delivered to the user device.

US Pat. No. 10,250,708

HIGH PERFORMANCE DISTRIBUTED SYSTEM OF RECORD

Akamai Technologies, Inc....

1. A method, comprising:configuring a set of computing elements to receive and process messages into a blockchain, wherein a message is associated with a transaction to be included in the blockchain, the computing elements organized as a set of computing nodes:
for a given block to be added to the blockchain, associating ordered segments of the block within respective computing nodes, wherein a segment of the block comprises a set of one or more transactions that are unique to the segment; and
processing the block into the blockchain using the ordered segments;
wherein, during processing of the block, transactions within each segment are sequenced and processed concurrently with respect to one another, and wherein segments are processed independently of each other.

US Pat. No. 10,250,706

HIERARCHICAL CLUSTERING

Bank of America Corporati...

1. A method comprising:receiving first network usage data for a plurality of user devices, the first network usage data indicating activity by the user devices on a plurality of webpages;
determining a plurality of first-level cluster centroids based on the first network usage data;
assigning each user device to at least one of the first-level cluster centroids;
selecting a first-level cluster centroid from the at least one of the first-level cluster centroids, the user devices assigned to the selected first-level cluster centroid having an average distance to the selected first-level cluster centroid that is greater than a threshold;
determining a plurality of second-level cluster centroids based on the first network usage data for user devices assigned to the selected first first-level cluster centroid;
assigning each user device previously assigned to the selected first first-level cluster centroid to at least one of the second-level cluster centroids;
determining a plurality of clusters based on the first-level cluster centroids and the second-level cluster centroids;
assigning each user device to at least one cluster of the plurality of clusters; and
sending one or more first notifications to user devices associated with a first cluster of the plurality of clusters.

US Pat. No. 10,250,705

INTERACTION TRAJECTORY RETRIEVAL

International Business Ma...

1. A method, comprising:receiving, by one or more computer processors, a natural language action description associated with actions performed by a user on a website;
building, by the one or more computer processors, an interaction graph of the website based on a logical structure of the website, wherein a node in the interaction graph indicates a web component in the website, and an edge in the interaction graph indicates a potential interaction between the user and the website;
marking, by the one or more computer processors, the interaction graph based on the interactions between the user and the website to generate an interaction history;
retrieving, by one or more computer processors, at least one user interaction matching the action description from the interaction history of user interactions between the user and the website by interpreting and converting using semantic analysis by the one or more computer processors each text or verbal clause in the action description into a corresponding action in an action sequence comprising at least one chronologically ordered action;
finding by one or more computer processors in the interaction history, with regard to an action in the action sequence, a user interaction corresponding to the action by determining whether an action type of the interaction corresponds to an action type of the action;
generating, by one or more computer processors, an interaction trajectory associated with a problem that occurred on the website and a technical solution for the problem that occurred on the website, based, at least in part, on the retrieved at least one user interaction; and
implementing the technical solution associated with the action trajectory.

US Pat. No. 10,250,704

REGISTRATION DURING DOWNTIME

EXPERIAN HEALTH, INC., F...

1. A system for enabling registration according to client policies for a client system used for managing creation of client records for a client facility when a client server of the client system is experiencing a downtime event and non-responsive to manage creation of the client records, comprising:a processor; and
a memory storage device including instructions that when executed by the processor are operable to provide:
an advanced services system, in communication with client terminals and third parties, operable to receive registration requests from the client terminals and operable to request and receive supplemental data from the third parties related to the registration requests;
an advanced services database, in communication with the advanced services system, operable to store information for postback to the client server once responsive after the downtime event;
an identifier database, storing the client policies, wherein the client polices relate to how identifiers are used in the client records, wherein a type for the identifiers is set from a global identifier, a local identifier, and an event identifier by the client system; and
a downtime registration service, in communication with the advanced services system and the identifier database, operable to provide the identifiers to the advanced services system to create a new record when the client server is non-responsive, wherein the new record is stored in the advanced services database for postback when the client server is responsive.

US Pat. No. 10,250,698

SYSTEM AND METHOD FOR SECURING PRE-ASSOCIATION SERVICE DISCOVERY

FUTUREWEI TECHNOLOGIES, I...

1. A method for operating a first station in discovering a service, the method comprises:generating, by the first station, a first identifier of the service;
generating, by the first station, a second identifier of the service in accordance with a first parameter;
transmitting, by the first station, a request instructing a generating of a third identifier of the service by a second station, the request including the first identifier of the service and the first parameter;
receiving, by the first station from the second station, a first response including the third identifier of the service;
determining, by the first station, that the first response is valid in response to the second identifier of the service and the third identifier of the service being equal; and
in response to the first response being valid, establishing, by the first station, a connection for the service with the second station.

US Pat. No. 10,250,697

TOKEN BUCKET FLOW-RATE LIMITER

KALRAY, Orsay (FR)

1. A token bucket flow rate limiter for data transmission, comprising:a token counter configured to be incremented at a rate determining the average flow rate of the transmission;
a frequency divider connected to control incrementing of the token counter from a clock, the divider having an integer division factor; and
a modulator configured to alternate the division factor between two different integers so that the resulting average flow rate tends to a programmed flow rate comprised between two boundary flow rates respectively corresponding to the two integers.

US Pat. No. 10,250,696

PRESERVING STATEFUL NETWORK CONNECTIONS BETWEEN VIRTUAL MACHINES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of preserving stateful network connections between virtual machines during a suspend and resume cycle, the virtual machines being interconnected by a network, the computer-implemented method comprising:tracking, by a control instance, based on a suspend operation of a first virtual machine and a second virtual machine, network addresses of the first virtual machine and the second virtual machine;
setting up by the control instance, based on a resume operation, a first router for the first virtual machine and a second router for the second virtual machine, and requesting new network addresses for the first router and the second router;
configuring by the control instance network address translation on the first router and the second router assigned to the first virtual machine and the second virtual machine to map the new network addresses to the network addresses used before suspending the first virtual machine and the second virtual machine, wherein use of the network addresses used before suspending map to the new network addresses subsequent to suspending, such that the network addresses used with the first virtual machine and the second virtual machine before suspending are reused by the first virtual machine and the second virtual machine after resuming the first virtual machine and the second virtual machine; and
managing a routing of network traffic of the first virtual machine and the second virtual machine to the network.

US Pat. No. 10,250,695

MITIGATION OF PROCESSING LOOPS IN A COMMUNICATION NETWORK

Comcast Cable Communicati...

1. A method, comprising:determining, by a computing device, based on an exchange of one or more error codes between a first network device associated with a first service provider and a second network device associated with a second service provider, that a routing loop associated with a communication session exists;
triggering, based on determining that the routing loop exists, a timer, wherein a duration of the timer is based on multiplying a regressed value by a safety factor, wherein the regressed value is determined by auto regression of an amount of time associated with establishing a previous communication session between the first network device and the second network device, wherein the previous session occurred and successfully ended, indicated by valid messages; and
terminating, based on the timer satisfying a threshold, the communication session.

US Pat. No. 10,250,694

MAINTAINING DISTRIBUTED STATE AMONG STATELESS SERVICE CLIENTS

CA, Inc., New York, NY (...

1. A method for managing distributed state for stateless transactions, said method comprising:detecting, by an application server, a first state-changing event that corresponds to a stateless transaction between a first node of a plurality of nodes and the application server, wherein the stateless transaction is generated from a first instance of an application that is executing on the first node, and wherein the application is hosted by the application server;
broadcasting, by the application server, the first state-changing event to the plurality of nodes;
initiating, by at least the first node and a second node of the plurality of nodes, generation of a block for entry into a blockchain based, at least in part, on the broadcasted first state-changing event, wherein the blockchain comprises blocks that each record a batch of one or more state-changing events associated with execution of the application;
adding, by the first node, the block to a locally stored copy of the blockchain on the first node based, at least in part, on the first node completing generation of the block prior to the second node;
based on detecting that the first node added the block, updating, by each of the plurality of nodes, a locally stored copy of the blockchain with the block generated by the first node to maintain synchronization among the blockchain copies; and
modifying, by the second node, a state of a second instance of the application executing on the second node based, at least in part, on the update to the locally stored copy of the blockchain.

US Pat. No. 10,250,692

VOICE USER INTERFACE FOR PAIRING BETWEEN DEVICES

SONY CORPORATION, Tokyo ...

1. A system, comprising:at least one controlee device;
at least one controller device to control the controlee device;
at least one primary server;
the controlee device being programmed with instructions to cause the controlee device to send a message including an identification of the controlee device to the primary server;
the primary server being programmed with instructions to generate a first code and send the first code to the controlee device;
the controlee device being programmed with instructions to present the first code;
the controller device being programmed with instructions to receive first speech and send at least one first signal to a network on which the primary server communicates representing the first speech;
the primary server being programmed with instructions to receive the first signal from the controller device and to compare information in the first signal from the controller device to the first code;
the primary server being programmed with instructions to associate the controller device with the controlee device responsive to identifying that the information in the first signal from the controller device matches the first code;
the primary server being programmed with instructions to command the controlee device to commence a second pairing step;
the controlee device being programmed with instructions to, responsive to the command from the primary server, generate a second code;
the controlee device being programmed with instructions to present the second code;
the controlee device being programmed with instructions to send the second code to the primary server;
the controller device being programmed with instructions to receive second speech and to send at least one second signal representative thereof to the network;
the primary server being programmed with instructions to receive the second signal from the controller device and to compare information in the second signal from the controller device to the second code; and
the primary server being programmed with instructions to authorize pairing of the controller device with the controlee device responsive to identifying that the information in the second signal from the controller device matches the second code.

US Pat. No. 10,250,691

METHOD AND DEVICE FOR CONTROLLING HOME DEVICE

SAMSUNG ELECTRONICS CO., ...

1. A method by which a server controls a home device, the method comprising:receiving a trigger signal generated by a sensor in a home in response to a mobile device being present at a specific location in the home, wherein the trigger signal comprises an identification value of the mobile device, which is acquired by the sensor, in response to the mobile device being present at the specific location in the home;
comparing the identification value with pre-stored identification values of a plurality of mobile devices to determine a home device within a proximity of the sensor;
determining the home device corresponding to the specific location by using the trigger signal;
requesting the mobile device for context information of the mobile device or context information of a user if the identification value of the mobile device is included in the pre-stored identification values of the plurality of mobile devices;
receiving the context information indicating a situation of the user from the mobile device;
selecting context information related to an operation of the determined home device from among context information received from the mobile device;
providing the selected context information to the home device; and
controlling the home device based on the provided selected context information.

US Pat. No. 10,250,689

SECURITY MONITOR FOR A VEHICLE

Robert Bosch GmbH, Stutt...

1. A method of securing a controlled area network (CAN) of a vehicle, the CAN having a plurality of electronic control units (ECUs) for controlling electronically-controlled vehicular systems, the method comprising:monitoring, using an electronic processor, an on-board diagnostic (OBD) port of the vehicle for activity, the OBD port being interconnected with the CAN, wherein the monitoring includes:
storing a baseline message profile for at least one of the ECUs of the CAN;
comparing a message in the monitored activity with the baseline message profile of the at least one ECU in the CAN;
flagging a message in the monitored activity as suspicious activity when the message in the monitored activity does not fit the baseline profile of the at least one ECU;
determining whether the flagged message relates to a critical ECU of the plurality of ECUs or to a non-critical ECU of the plurality of ECU;
generating an alert when any monitored activity is suspicious activity that indicates an attack; and
counteracting the suspicious activity to minimize potential harm resulting from the suspicious activity, the counteracting including
determining that the suspicious activity is an attack on a first critical ECU of the plurality of ECUs;
notifying a non-targeted second critical ECU of the plurality of ECUs about the attack on the first critical ECU; and
disabling a non-critical ECU of the plurality of ECUs when the determining determines that the flagged message relates to a critical ECU of the plurality of ECUs.

US Pat. No. 10,250,688

METHOD AND APPARATUS FOR TRANSMITTING SENSOR DATA IN A WIRELESS NETWORK

Canon Kabushiki Kaisha, ...

1. A method for transmitting data from a slave node to a master node in a robotic control network, the robotic control network being based on a shared transmission channel, access to the shared transmission channel being scheduled by the master node, the slave node comprising an acquisition device producing the data, the method comprising on the slave node:obtaining a request from the master node for acquiring data;
estimating the value of a time information representative of a delay for the acquisition device to acquire a block of data ready for transmission to the master node;
sending a message to the master node comprising the estimated time information value;
receiving, from the master node, an authorization of transmission of the block of data from the slave node to the master node, the authorization of transmission scheduling an access time for transmitting the block of data, wherein the scheduled access time depends on the estimated time information value and wherein the estimating of the value of the time information by the slave node is performed prior the receiving of the authorization of transmission from the master node; and
transmitting the block of data from the slave node to the master node during the scheduled access time after the receiving of the authorization of transmission of the block of data.

US Pat. No. 10,250,687

VEHICLE REMOTE OPERATION INFORMATION PROVISION DEVICE, VEHICLE-MOUNTED REMOTE OPERATION INFORMATION ACQUISITION DEVICE, AND VEHICLE REMOTE OPERATION SYSTEM COMPRISING THESE DEVICES

TOYOTA JIDOSHA KABUSHIKI ...

17. A vehicle remote operation system, comprising:a vehicle remote operation information provision device that provides various information pieces relating to a remote operation for a vehicle requested by a user of the vehicle; and
a vehicle-mounted remote operation information acquisition device that is mounted on the vehicle for acquiring the various information pieces from the vehicle remote operation information provision device, wherein
the vehicle remote operation information provision device includes at least one processor configured to:
acquire remote operation request information indicating a request of a remote operation for the vehicle by the user of the vehicle;
transmit access request information to the vehicle-mounted remote operation information acquisition device based on the acquired remote operation request information, the access request information including information for use by the vehicle-mounted remote operation information acquisition device to access a connection destination for prompting provision, to the vehicle-mounted remote operation information acquisition device, of command information indicating a remote operation command for realizing the remote operation requested by the user of the vehicle; and
provide the command information to the vehicle-mounted remote operation information acquisition device according to the access from the vehicle-mounted remote operation information acquisition device,
the vehicle-mounted remote operation information acquisition device includes an ECU configured to:
acquire the transmitted access request information; and
access the connection destination based on the acquired access request information to acquire the command information from the connection destination,
the vehicle remote operation information provision device and the vehicle-mounted remote operation information acquisition device each include a communication interface that realize indirect communication with each other through a predetermined network or direct communication with each other,
the at least one processor and the ECU transmit and receive the access request information by using the indirect communication by the communication interface, and
the at least one processor and the ECU transmit and receive the command information by using the direct communication by the communication interface.

US Pat. No. 10,250,686

FINDING ALTERNATE STORAGE LOCATIONS TO SUPPORT FAILING DISK MIGRATION

INTERNATIONAL BUSINESS MA...

1. A computing device comprising:an interface configured to interface and communicate with a dispersed or distributed storage network (DSN);
memory that stores operational instructions; and
processing circuitry operably coupled to the interface and to the memory, wherein the processing circuitry is configured to execute the operational instructions to:
detect a potentially adverse storage issue with a memory device of a storage unit (SU) of one or more sets of storage units (SUs) within the DSN, wherein a data object is segmented into a plurality of data segments, wherein a data segment of the plurality of data segments is dispersed error encoded in accordance with dispersed error encoding parameters to produce a set of encoded data slices (EDSs) that are distributedly stored within the one or more sets of storage units SUs within the DSN, wherein the potentially adverse storage issue is based on at least one of predicted failure of the memory device, an age of the memory device being greater than or equal to a maximum age threshold level, or an indication that the memory device is failing;
determine whether to transfer at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to another memory device of the SU of the one or more sets of SUs within the DSN for temporary storage therein;
based on a determination not to transfer the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to the another memory device of the SU of the one or more sets of SUs within the DSN for temporary storage therein, identify at least one alternate storage location within the DSN to store temporarily the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN;
facilitate transfer of the at least one EDSs of the set of EDSs that is associated with the memory device of the SU of the one or more sets of SUs within the DSN to the at least one alternate storage location within the DSN for temporary storage therein; and
based on detection that the potentially adverse storage issue with the memory device of the SU of the one or more sets of SUs within the DSN has subsided, facilitate transfer of the at least one EDSs of the set of EDSs from the at least one alternate storage location within the DSN back to the memory device of the SU of the one or more sets of SUs within the DSN.

US Pat. No. 10,250,685

CREATING LAYER 2 EXTENSION NETWORKS IN A HYBRID CLOUD COMPUTING SYSTEM

VMWARE, INC., Palo Alto,...

1. A computer-implemented method of creating a stretched network, comprising:deploying a first virtual computing instance in a first computing system and a corresponding second virtual computing instance in a second computing system;
establishing one or more tunnels between the first virtual computing instance and the second virtual computing instance;connecting a first network interface of the first virtual computing instance to a first network in the first computing system via a first port which is configured as a sink port;connecting a second network interface of the second virtual computing instance to a second network in the second computing system via a second port which is configured as a sink port;
configuring the first virtual computing instance to bridge the first network interface and the one or more tunnels; and
configuring the second virtual computing instance to bridge the second network interface and the one or more tunnels.

US Pat. No. 10,250,683

SERVER NODE ARRANGEMENT AND METHOD

GURULOGIC MICROSYSTEMS OY...

1. A server node arrangement comprising:a plurality of nodes,
the plurality of nodes of the server node arrangement are coupled via a communication network to a plurality of source devices of input data, and to one or more output devices, wherein the plurality of nodes of the server node arrangement are operable to receive data content from the plurality of source devices of input data, and to process the data content for supplying to the one or more output devices,
the plurality of nodes of the server node arrangement are operable to host one or more processes which are operable to:
determine a form which is compatible to a native data rendering format of the one or more output devices, wherein the form includes a native resolution of the one or more output devices, and
process the data content into the determined form and into the native resolution of the one or more output devices,
each of the one or more output devices is operable to render the data content from the plurality of source devices of input data simultaneously and without scaling the processed data content; and
the plurality of nodes of the server node arrangement are operable to supply the processed data content to the one or more output devices in a manner compatible with a region-of-interest (ROI) of the one or more output devices;
wherein the one or more output devices are operable to define in a message to the plurality of nodes of the server node arrangement one or more parameters which define one or more native formats in which the one or more output devices require their data content to be supplied from the server node arrangement;
wherein the plurality of nodes of the server node arrangement are operable to store data content from the one or more source devices of input data in its original resolution, and supply the data content to the one or more output devices in a format which is compatible with a native format of the one or more output devices;
wherein the plurality of nodes of the server node arrangement are operable to process data content there through in a manner allowing for dynamically-changeable image rescaling in response to user input at the one or more output devices.

US Pat. No. 10,250,681

OPTIMIZATION OF A MULTI-CHANNEL SYSTEM USING A FEEDBACK LOOP

Google LLC, Mountain Vie...

1. A system comprising:a third-party content corpus database that stores information for various content that are available to be distributed to client devices; and
a distributed computing environment, including multiple computing devices and a feedback loop wherein the distributed computing environment interacts with the third-party content corpus database and performs operations comprising:
distributing content over multiple different online channels using a same reference distribution amount specified by a provider of the content for distribution over the multiple different online channels, wherein the feedback loop is configured to obtain feedback about the distributions and adjust a transmission of content over the multiple different online channels by adjusting a selection value used to distribute content over the multiple different online channels;
receiving, through the feedback loop and for multiple different distributions of the content over the multiple different online channels, an observed distribution amount required for distribution of the content to client devices over the multiple different online channels;
determining, based on the observed distribution amount received through the feedback loop, a realized distribution amount for the multiple different distributions across the multiple different online channels;
adjusting the selection value for the multiple different online channels based on a difference between the realized distribution amount and the same reference distribution amount specified by the provider of the content; and
distributing the content over the multiple different online channels using the adjusted maximum selection value.

US Pat. No. 10,250,679

ENABLING SNAPSHOT REPLICATION FOR STORAGE

EMC IP Holding Company LL...

1. A system comprising:one or more processors;
computer-executable logic operating in memory, wherein the computer-executable program logic enables execution across the one or more processor of:
splitting IO directed to a LUN on a production site to a first thin LUN;
determining to take a snapshot of the LUN at a point in time;
reconfiguring the IO split from the LUN on the production site to be split to a second thin LUN, wherein the first and second thin LUNs are enabled to change size according to an amount of IO split to them, respectively; and
copying changes from the first thin LUN to a protection storage device.

US Pat. No. 10,250,677

DECENTRALIZED NETWORK ADDRESS CONTROL

CyberArk Software Ltd., ...

1. A non-transitory, computer-readable medium containing instructions that, when executed by at least one processor, cause the at least one processor to perform operations for decentralized load balancing for a plurality of network resources, in a system allowing for load balancing decisions that are decentralized among the plurality of network resources, the operations comprising:determining, by a first decentralized load balancing application associated with a first network resource, a load characteristic for the first network resource;
receiving at the first decentralized load balancing application, from a second decentralized load balancing application associated with a second network resource, a load characteristic for the second network resource;
determining, by at least the first decentralized load balancing application and based on the load characteristics for the first network resource and second network resource, that network traffic should be received by the first network resource;
sending, based on the determination that network traffic should be received by the first network resource, a report to a network address resolution resource, the report being configured to cause the network address resolution resource to send the network traffic to the first network resource;
wherein the network address resolution resource is configured to also receive reports from the second load balancing application, and wherein both the first network resource and the second network resource are each associated with a common network resource name; and
receiving, from a client that has identified the common network resource name and been directed to the first network resource by the network address resolution resource, a communication directed to the first network resource.

US Pat. No. 10,250,676

MODULAR DEVICE AND METHOD OF OPERATION

Arch Systems Inc., Mount...

1. A method for device operation, the device including a control tile connected to a plurality of tiles physically distinct from the control tile, the method comprising:operating each tile of the plurality based on a respective set of operation settings associated with the respective tile;
writing tile output values from the tiles into a common circular buffer stored by the control tile in order of arrival;
monitoring the circular buffer for a trigger event with a virtual monitor executed by the control tile;
incrementally stepping through the circular buffer with a reading module that selectively reads the tile output values satisfying a tile output parameter associated with the trigger event; and
at the device, determining a processing function output by processing, according to a processing function associated with the trigger event, the tile output values read by the reading module;wherein the control tile stores a graph data structure defining device operation, the graph data structure comprising an edge and a node, the edge associated with the trigger event and the tile output parameter, the node associated with the processing function.

US Pat. No. 10,250,675

POSTING THE SAME RESPONSE FOR DUPLICATED CONTENT

INTERNATIONAL BUSINESS MA...

1. A method, comprising:detecting a first instance of a response, generated by a user, posted in a first social networking service, the first instance of the response responding to a first instance of first content shared with the user in the first social networking service;
responsive to detecting the first instance of the response, generated by the user, posted in the first social networking service, storing to a functional data structure a record including a first identifier identifying the response and at least a second identifier identifying the first instance of the first content;
detecting a second instance of the same first content being shared with the user in the first social networking service or a second social networking service, wherein detecting the second instance of the first content being shared with the user in the first social networking service or the second social networking service comprises determining that a third identifier identifying the second instance of the first content matches the first identifier identifying the first instance of the first content; and
responsive to detecting the second instance of the same first content being shared with the user, automatically posting, using a processor, a second instance of the response, the second instance of the response responding to the second instance of the first content on behalf of the user.

US Pat. No. 10,250,674

RADIO ACCESS METHOD, APPARATUS, AND SYSTEM FOR IMPLEMENTING MUTUAL TRANSMISSION AND PROCESSING OF COLLABORATIVE DATA BETWEEN SITES

Huawei Technologies Co., ...

1. A radio access method for implementing a cloud radio access network (RAN) architecture that includes digital processing units (DUs) deployed in sites of an evolved universal terrestrial radio access network (E-UTRAN) architecture, the method comprises:receiving, by a switching device, first and second data packets sent by first and second DUs, respectively, in respective first and second sites, wherein the DUs support the E-UTRAN architecture;
determining, by the switching device, to send the first data packet to the second DU in the second site for collaborative processing that involves mutual transmission and processing of collaborative data between the first and second DUs,
wherein the determination is based on a routing policy at the switching device for implementing the cloud RAN architecture based on the DUs arranged to support the E-UTRAN architecture; and
sending, by the switching device, the first and second data packets to the second DU, so that the second DU performs collaborative processing on the first and second data packets,
wherein the first and second data packets are of a same data type comprising layer 2 (L2) scheduling data, hard bit data, frequency-domain in-phase-quadrature (IQ) data and time-domain IQ data.

US Pat. No. 10,250,673

STORAGE WORKLOAD MANAGEMENT USING REDIRECTED MESSAGES

Amazon Technologies, Inc....

1. A system, comprising:one or more computing devices configured to:
determine, based on a plurality of requests of a storage workload at a first client-side component of a multi-tenant network-accessible storage service presenting a block-level programmatic interface, a metric associated with at least the plurality of requests of the storage workload directed from the first client-side component towards one or more storage servers during a particular time interval, wherein the storage workload includes block-level storage requests from one or more applications to block-level storage hosted by the one or more storage servers, and wherein the first client-side component is configured to communicate the block-level storage requests over one or more respective data-plane communication channels between the first client-side component and the one or more storage servers;
transmit the metric from the first client-side component to a particular storage server via a pre-existing data-plane communication channel created between the first client-side component and the particular storage server;
identify, at the particular storage server in accordance with a metric distribution policy, a second client-side component of the storage service to which the metric is to be propagated;
transmit the metric from the particular storage server to the second client-side component using a different pre-existing data-plane communication channel created between the second client-side component and the particular storage server; and
reschedule, at the second client-side component, based at least in part on an analysis of one or more workload metrics including the metric determined at the first client-side component, transmission of one or more storage requests to the one or more storage servers from the second client-side component.

US Pat. No. 10,250,672

METHOD AND SYSTEM FOR CONTROLLED DISTRIBUTION OF INFORMATION OVER A NETWORK

Facebook, Inc., Menlo Pa...

1. A method comprising:by one or more computer servers associated with an information management and distribution system, receiving a request from a user for a profile page associated with the information management and distribution system, the profile page permitting the user to supply information about the user that may be shared with other users of the information management and distribution system;
by the one or more computer servers, after sending the profile page to the user, receiving profile information for the user that was entered into the profile page;
by the one or more computer servers, in response to receiving the profile information and determining that the user has not previously registered with the information management and distribution system, generating a personal identifier, the personal identifier being a unique identifier associated with the user;
by the one or more computer servers, storing the personal identifier in association with the profile information for the user; and
by the one or more computer servers, sending the personal identifier to a client device of the user in association with a response to the request-request; and by the one or more computer servers, receiving the personal identifier during user profile exchange operations with one or more other users of the information management and distribution system; wherein the response comprises information to download an application to the client device.

US Pat. No. 10,250,670

STREAMING ZIP

Apple Inc., Cupertino, C...

1. A method comprising:at a server device:
initiating a transmission of a streamable ZIP file container to a client device via a network connection, wherein the streamable ZIP file container includes a plurality of files;
receiving an indication that the transmission of the streamable ZIP file container is interrupted, wherein the indication indicates at least one of (i) an initial portion of the plurality of files included in the streamable ZIP file container was received by the client device or (ii) a remaining portion of the plurality of files included in the streamable ZIP file container is to be transmitted to the client device; and
in response to receiving a resume transmission instruction:
establishing a resumption point, wherein the resumption point is a predefined checkpoint disposed at a boundary between a first file and a second file of the plurality of files, and
transmitting the remaining portion of the plurality of files, in accordance with the resumption point, to the client device via the network connection.

US Pat. No. 10,250,669

FILE TRANSFERRING METHOD AN DEVICE THROUGH WI-FI DIRECT

1. A method for sending files through Wireless Fidelity (Wi-Fi) Direct, comprising:obtaining, by a transmitting end, a multimedia attribute of a file to be transferred after the file to be transferred is determined to be transferred to a receiving end; and
sending, by the transmitting end, the obtained multimedia attribute before sending the file to be transferred to the receiving end,
wherein the multimedia attribute indicates the receiving end to judge whether to support the file to be transferred,
wherein if the multimedia attribute of the file to be transferred is in a supporting capability list supported by the receiving end, it is indicated that the type of the file to be transferred is supported by the receiving end;
if the multimedia attribute of the file to be transferred is not in the supporting capability list supported by the receiving end, it is indicated that, the type of the file to be transferred is not supported by the receiving end;
wherein the multimedia attribute of the file:
includes content that describes the type of file being transferred and at least one or more operational requirements for processing the file on the receiving end;
is carried in a signaling or message exchange between the transmitting end and the receiving end, and the multimedia attribute of the file is taken as a plurality of fields and appended in any existing protocol data unit (PDU) used for exchange; and
is transferred by the message exchange between the transmitting end and the receiving end;
wherein the supporting capability list describes one or more types of files supported by the receiving end and at least one or more operational capabilities required for processing the file on the receiving end.

US Pat. No. 10,250,666

SYSTEMS AND METHODS FOR DASHBOARD IMAGE GENERATION

Dundas Data Visualization...

1. A method for generating a static image of an interactive dashboard for viewing on a remote computing device, the method comprising:receiving a dashboard request, the dashboard request comprising data identifying the interactive dashboard and data specifying a state for one or more dashboard filters to be applied to the interactive dashboard;
in response to receiving the dashboard request:
transmitting, to an image generator, a dashboard image request corresponding to the dashboard request, the image generator comprising an image generation service and an instance of an image generation client application; and
receiving, from the instance of the image generation client application, at least one query parameter corresponding to the dashboard image request;
in response to receiving the at least one query parameter:
deriving one or more key performance indicator values from business data stored in a business database; and
transmitting the one or more key performance indicator values to the instance of the image generation client application, the instance of the image generation client application rendering the interactive dashboard and generating an image data file comprising a static image of the rendered interactive dashboard in response to receipt of the one or more key performance indicator value;
receiving, from the instance of the image generation client application, the image data file comprising the static image of the interactive dashboard; and
transmitting the image data file to the remote computing device.

US Pat. No. 10,250,665

DISTRIBUTION CONTROL SYSTEM, DISTRIBUTION SYSTEM, DISTRIBUTION CONTROL METHOD, AND COMPUTER-READABLE STORAGE MEDIUM

Ricoh Company, Limited, ...

1. A distribution control system, the distribution control system configured to communicate with a plurality of communication terminals, a terminal management system for managing the plurality of communication terminals, and at least one cloud web server through a communication network and configured to transmit real-time video and/or sound data to the plurality of communication terminals through the communication network, the distribution control system comprising:a storage device having at least two types of web browsers installed thereon, the two types of web browsers including at least a public web browser configured to allow information to be open to other users, and a private web browser configured to restrict information to only a requesting user; and
at least one processor configured to execute computer readable instructions to,
receive a request to start a web browser from the terminal management system,
determine which of the at least two types of web browsers to start based on whether the request includes personal information,
start one of the two types of web browsers in response to the request and results of the determination,
obtain web content data from the at least one cloud web server using the started web browser,
calculate a transmission delay time that indicates a period of elapsed time from a point when transmission data is transmitted from the distribution control system to each of the plurality of communication terminals to a point when the transmission data is received,
calculate a frame rate and data resolution of the transmission delay time based on the transmission delay time and size of the transmission data,
generate the real-time video and/or sound data by rendering the web content data from the at least one cloud web server based on the calculated frame rate and data resolution,
multicast the generated real-time video and/or sound data to the plurality of communication terminals when the started web browser is the public web browser, and
transmit the generated real-time video and/or sound data to only a first communication terminal of the plurality of communication terminals when the started web browser is the private web browser,
wherein the transmission delay time is calculated by (t0+?)?T0, where t0 indicates a point in time at a communication terminal when the communication terminal receives transmission data transmitted from the distribution control system, T0 indicates a point in time when the transmission data is transmitted from the distribution control system to the communication terminal, and ? indicates a time difference between the distribution control system and the communication terminal,
wherein the time difference is based on information indicating a time when the communication terminal transmits a request for time information to the distribution control system (ts), information indicating a time when the distribution control system receives the request for time information (Tr), information indicating a time when the distribution control system transmits a response to the request (Ts), and information indicating a time when the communication terminal receives the response (tr), and
wherein the time difference is further based on a difference between a first function and a second function, the first function including a sum of Tr and Ts, the second function including a sum of ts and tr.

US Pat. No. 10,250,664

PLACESHIFTING LIVE ENCODED VIDEO FASTER THAN REAL TIME

SLING MEDIA LLC, Foster ...

1. A method executable by a placeshifting device to encode a media stream for placeshifting to a remote media player via a network, the method comprising:encoding the media stream by the placeshifting device;
transmitting the media stream from the placeshifting device to the remote media player via the network for playback of the media stream by the remote media player, wherein the encoding and transmitting of the media stream occur concurrently so that the media stream is a live encoded media stream;
monitoring delivery of the media stream via the network by the placeshifting device to determine a decoding capacity of the remote media player; and
while the media stream is being transmitted to the remote media player via the network, the placeshifting device adapting the encoding of the media stream in response to the monitoring, wherein the adapting comprises changing an encoding quality of the media stream based upon the decoding capacity of the remote media player so that the media stream is delivered to the remote media player at a rate that is faster than a real time playback rate of the remote media player.

US Pat. No. 10,250,663

GATEWAY STREAMING MEDIA TO MULTIPLE CLIENTS IN ACCORDANCE WITH DIFFERENT STREAMING MEDIA PROTOCOLS

ARRIS Enterprises LLC, S...

1. A method for delivering two or more concurrent streaming media sessions to client devices, comprising:receiving a request from a client device to establish a new streaming media session while one or more ongoing streaming media sessions is in progress;
determining if resources are available to fulfill the request; and
when one or more resources needed to fulfill the request are unavailable because of one or more ongoing streaming media sessions, responding to the request in accordance with a pre-established prioritization scheme that gives priority to either delivery of a total number of concurrent streaming media sessions or a quality level of the concurrent streaming media sessions being delivered,
wherein the pre-established prioritization scheme prioritizes the total number of concurrent streaming media sessions over the quality level of the concurrent streaming media sessions and further comprising limiting at least one of the ongoing streaming media sessions or the new streaming media session to be established to a quality level that allows the request to be fulfilled and which is less than a maximum available quality level,
wherein the streaming media session being limited in quality is streamed to a given client device in accordance with an adaptive streaming protocol and further comprising sending a manifest to the given client device for a media stream having a quality level that does not exceed a quality level that allows the request to be fulfilled, and
wherein sending the manifest to the given client device includes receiving from the given client device a request for a manifest Uniform Resource Identifier (URI) for a media stream having a quality level that exceeds the quality level that allows the request to be fulfilled and rerouting the request to another manifest URI for the media stream having a quality level that does not exceed the quality level that allows the new request to be fulfilled.

US Pat. No. 10,250,662

AGGREGATING STREAMS MATCHING A QUERY INTO A SINGLE VIRTUAL STREAM

EMC IP Holding Company LL...

1. A computer-implemented method performed by a server, comprising:determining a plurality of data streams active on the server that match a query received from a client device;
generating a virtual stream comprising data received from the plurality of data streams;
transmitting to the client device, a unique identifier and one or more routing keys for the virtual stream and one or more segments of data of the virtual stream;
detecting that a flow rate of data segments received by the virtual stream has increased above a first threshold amount;
notifying the client device to add one or more consumers to process the virtual stream; and
increasing a number of partitions of the virtual stream by at least one partition, in response to receiving notice from the client device that the client device has added at least one consumer to process the virtual stream.

US Pat. No. 10,250,661

METHOD OF CONTROLLING A REAL-TIME CONFERENCE SESSION

1. A communication apparatus for controlling a real-time conference session comprisinga media processing unit communicatively connectable to a first communication terminal of a first user and a second communication terminal of a second user, the media processing unit configured to allow a conference session to comprise a passive mode of the first user, wherein the data is received at and transmitted by the first communication terminal as passive data but not received by the second communication terminal, and an active mode of the first user, wherein the data is received and transmitted by the first communication terminal and received by the second communication terminal as active data;
the communication apparatus configured to perform switching from the passive mode to the active mode at a switching point-in-time, wherein after the switching a first duration of the passive data of the first user, the first duration ending at or starting from the switching point-in-time, is left to be transmitted to the second user;
the communication apparatus configured to record the first duration of the passive data and a second duration of the active data of the first user, the second duration starting from the switching point-in-time;
the communication apparatus configured to replay the recorded first duration of the passive data and the recorded second duration of the active data to the second user via the second communication terminal after switching, the replaying starting from the switching point-in-time; and
the communication apparatus configured to switch-off of recording and starting to transmit the data of the first user in real-time to the second communication terminal of the second user, when a synchronization delay between a first end of the second duration of the active data of the first user during recording and a second end of the replayed second duration of the active data after recording is equal or smaller than a predetermined duration.

US Pat. No. 10,250,659

CONTEXTUALLY AWARE CLIENT BUFFER THRESHOLDS

MobiTV, Inc., Emeryville...

1. A computing device comprising:a memory module storing a buffer, the buffer having associated therewith a plurality of thresholds including a first data threshold and a second data threshold, the second data threshold being greater than the first data threshold;
a communications interface configured to receive first media stream data associated with a media stream from a remote server via a network and store the received first media stream data in the buffer, wherein the first media stream data encodes the media stream at a first quality level;
a media presentation component configured to present the media stream at the computing device when the first media stream data stored in the buffer reaches the first threshold; and
a processor configured to transmit a first message to the remote server via the communications interface when the first media stream data stored in the buffer reaches the second threshold, wherein the first message includes a request to transmit second media stream data associated with the media stream, and wherein the second media stream data encodes the media stream at a second quality level, wherein the processor is further configured to establish a modified buffer having a modified playback threshold higher than the first data threshold.

US Pat. No. 10,250,658

HYBRID MEDIA STREAM DELIVERY USING MULTIPLE NETWORK CONNECTIONS

THE DIRECTV GROUP, INC., ...

1. A method comprising:receiving, from a destination device, a request for data to be delivered to the destination device over one of a network pathway or a satellite pathway;
determining a first cost of transmission of the data over the network pathway to the destination device;
determining a second cost of transmission of the data over the satellite pathway to the destination device;
determining a least costly pathway for transmission of the data between the network pathway and the satellite pathway using the first cost and the second cost; and
transmitting the data over the least costly pathway of the network pathway and the satellite pathway to a device associated with the destination device, wherein the data is passed directly by the device to the destination device when the data is transmitted over the network pathway, and wherein the data is removed from at least one first transport packet container, added to at least one second transport packet container associated with transport packet containers received over the network pathway, and passed to the destination device in the at least one second transport packet container by the device when the data is transmitted over the satellite pathway.

US Pat. No. 10,250,657

STREAMING MEDIA OPTIMIZATION

Amazon Technologies, Inc....

1. A system, comprising:at least one client computing device comprising:
a memory having a buffer; and
a processor, the processor of the at least one client computing device being configured to at least:
monitor an amount of network bandwidth available to the at least one client computing device;
receive a plurality of media blocks from a media server, the plurality of media blocks being part of a media stream for a media item;
store the plurality of media blocks in the buffer;
detect an increase in network bandwidth available to the at least one client computing device;
responsive to detecting the increase in network bandwidth available to the at least one client computing device and concurrently with receiving an additional part of the media stream, select a stored media block in the buffer, the stored media block being part of the media stream for the media item;
obtain a replacement media block for the stored media block, the replacement media block corresponding to a portion of the media item encoded within the stored media block, wherein a quality level of the replacement media block is chosen based on the increase in network bandwidth and is greater than the quality level of the stored media block; and
replace, after obtaining the replacement media block, the stored media block in the buffer with the replacement media block prior to a rendering of the stored media block.

US Pat. No. 10,250,656

SYSTEMS AND METHODS FOR GENERATING, PROVIDING, AND RENDERING QUICK LOAD ARTICLES

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:transmitting, by a computing system, a quick load article request identifying a quick load article;
receiving, by the computing system, one or more media content elements associated with the quick load article, the one or more media content elements comprising a first quick load embedded web content element; and
rendering, by the computing system, the quick load article, wherein
the first quick load embedded web content element comprises
embedded web content element information identifying a first embedded web content element, and
snapshot information identifying a first snapshot associated with the first embedded web content element, and
the rendering the quick load article comprises rendering the first snapshot within the quick load article in place of the first embedded web content element.

US Pat. No. 10,250,654

METHOD AND APPARATUS FOR TRANSCEIVING DATA PACKET FOR TRANSMITTING AND RECEIVING MULTIMEDIA DATA

Samsung Electronics Co., ...

1. A transmitting apparatus, comprising:a transceiver; and
a processor configured to control the transceiver to transmit a data packet including a packet header and a packet payload,
wherein the packet payload includes a payload header and a fragment of a data unit or at least one complete data unit, and the payload header includes fragmentation information and a fragment indicator,
wherein the fragmentation information includes information about a number of at least one packet payload including at least one fragment of the data unit succeeding the packet payload,
wherein the fragment indicator includes one of a first value indicating that the packet payload includes a first fragment of the data unit, a second value indicating that the packet payload includes a fragment of the data unit that is neither the first fragment nor a last fragment of the data unit, and a third value indicating that the packet payload includes the last fragment of the data unit,
wherein the packet header including a packet identifier, a sequence number, and a timestamp,
wherein the packet identifier includes information to identify an asset related to the data packet,
wherein the sequence number includes information to identify at least one data packet that has the packet identifier, and
wherein the timestamp includes time information for the data packet.

US Pat. No. 10,250,650

DISCOVERY PLAYLIST CREATION

HARMAN INTERNATIONAL INDU...

1. A non-transitory computer-readable medium containing computer code that, when executed, performs an operation comprising:capturing one or more images of a physical environment;
identifying two or more users in the physical environment by analyzing the one or more images;
in response to identifying the two or more users, retrieving, for each of two or more identified users, a respective musical preferences model representing a plurality of acoustical characteristics of musical content determined based on preferences of the respective user;
generating a common musical preferences model representing a set of common acoustical characteristics of musical content for the two or more identified users, based on the musical preferences models for each of the two or more identified users;
identifying a library of available musical content; and
creating a playlist of two or more musical selections from the library of available musical content, based on the common musical preferences model.

US Pat. No. 10,250,648

AMBIENT COMMUNICATION SESSION

GOOGLE LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, at a first communication device, a request of a first user of the first communication device to establish a communication session in an inactive mode when the first user is unavailable to participate in the communication session, wherein the communication session enables communication between different communication devices when the communication session is in an active mode;
responsive to receiving the request, initiating at the first communication device the communication session in the inactive mode in which one or more features of the communication session are temporarily disabled;
receiving, at the first communication device, a request from a second communication device to participate in the communication session; and
responsive to receiving the request, switching the communication session at the first communication device from the inactive mode to an active mode in which the one or more features are enabled, wherein the first communication device and second communication device are joined to the communication session in the active mode.

US Pat. No. 10,250,646

METHOD AND DEVICE FOR ESTABLISHING CHANNEL

Huawei Technologies Co., ...

1. A method for establishing a channel, comprising:receiving, by a first web real-time communication (WEBRTC) signaling gateway device, a session request message transmitted by a calling terminal, wherein the session request message comprises an identifier of a called terminal, and wherein the calling terminal is a WEBRTC terminal;
transmitting, by the first WEBRTC signaling gateway device, a query request message comprising the identifier of the called terminal to a WEBRTC server, and receiving, by the first WEBRTC signaling gateway device, an access mode in which the called terminal accesses a WEBRTC signaling gateway device and a gateway identifier of the WEBRTC signaling gateway device accessed by the called terminal, wherein the access mode and the gateway identifier are transmitted by the WEBRTC server, and wherein the access mode comprises accessing via a web browser;
determining, by the first WEBRTC signaling gateway device, that the called terminal is a WEBRTC terminal according to the access mode, and transmitting the session request message to the called terminal via the WEBRTC signaling gateway device corresponding to the gateway identifier; and
receiving, by the first WEBRTC signaling gateway device, a session response message transmitted by the called terminal, and transmitting, by the first WEBRTC signaling gateway device, the session response message to the calling terminal, to enable the calling terminal to establish an end-to-end media channel between the calling terminal and the called terminal according to the session response message.

US Pat. No. 10,250,644

DETECTION AND REMOVAL OF UNWANTED APPLICATIONS

Malwarebytes, Inc., Sant...

1. A method comprising:detecting, by a protection application executing on a client device, a suspected unwanted application file associated with an application on the client device;
providing, from the client device to a security server, an indication of the suspected unwanted application file on the client device;
receiving, from the security server by the client device, an application rating and a definition for the application, the application rating representing a reputation of the application for being unwanted, wherein the application rating is based on a weighted combination of counts of detections of respective instances of the suspected unwanted application on a plurality of client devices that resulted in selections to remediate the respective instances, the counts weighted based on versions of protection applications executing on the plurality of client devices from which the selections were made;
responsive to determining that the application rating meets a threshold rating, presenting an option by the client device to remediate the application by:
detecting, during an installation process associated with the application, that a control element of a user interface of the installation process is selected by default to install the application; and
modifying the control element of the user interface to skip installing the application absent user intervention;
responsive to receiving a selection to remediate the application on the client device:
remediating the application using the definition for the application; and
providing, from the client device to the security server, an indication of the selection to remediate and a version of the protection application executing on the client device, wherein the security server updates the application rating based on the selection to remediate and the version of the protection application.

US Pat. No. 10,250,642

SYSTEM, METHOD AND APPARATUS FOR FINE-GRAINED PRIVACY SPECIFICATION AND VERIFICATION

International Business Ma...

1. A method performed by at least one hardware processor, comprising:presenting a user interface via a display of a computing device, the user interface including at least one element that is activatable by a user to set a privacy policy, the privacy policy specifying a maximum amount of confidential data that is authorized to be leaked to a sink;
receiving from the user via the user interface an activation of the at least one element to set the privacy policy, the activation of at least one element comprising a selecting a category of fine-grain confidential data and specifying the maximum amount of fine-grain confidential data that is authorized to be leaked to the sink;
tracking movement of confidential data through an application, said tracking comprising tracking said fine-grain confidential data originating at a source and being transferred into a sink;
determining based on the tracked movement of the confidential data that the confidential data is leaked to the sink by the application;
comparing the confidential data that is leaked to the sink to the specified maximum amount of confidential data that is authorized to be leaked to the sink; and
presenting to the user via the user interface an indication that the application complies with the privacy policy set by the user upon determining that fine-grain confidential data that is leaked to the sink is below the specified maximum amount of confidential data that is authorized to be leaked to the sink, or
presenting to the user via the user interface an indication that the application does not comply with the privacy policy set by the user upon determining that the fine-grain confidential data that is leaked to the sink is above the specified maximum amount of fine-grain confidential data that is authorized to be leaked to the sink.

US Pat. No. 10,250,640

INFORMATION INFRASTRUCTURE MANAGEMENT DATA PROCESSING TOOLS WITH TAGS, CONFIGURABLE FILTERS AND OUTPUT FUNCTIONS

1. A method of organizing and storing data in an information infrastructure and for processing data throughput in a distributed computing system with respective ones of a plurality of filters, comprising:identifying sensitive content and select content in said data throughput with one or more of said plurality of filters, said sensitive content represented by one or more sensitive words, characters, images, data elements or data objects therein grouped into a plurality of sensitivity levels, said select content represented by one or more predetermined words, characters, images, data elements or data objects;
extracting and tagging said sensitive content and said select content from said data throughput including tagging said sensitive content based upon a respective sensitivity level of said plurality of sensitivity levels and generating tagged sensitive content and tagged select content;
data processing said tagged sensitive content and said tagged select content with: (a) a data storage process storing, in one or more data stores of a plurality of predetermined data stores; (b) a data mining process; (c) a copy process; (d) a transfer process to other predetermined storage stores; (e) a supplemental data search process; and, (f) a presentation process responsive to a data inquiry;
wherein said data throughput is a source document;
with said tagged sensitive content and said tagged select content, generating at least one tear line for said source document or a contextual range within said source document; and
thereafter data processing said tagged sensitive content and said tagged select content and said source document.

US Pat. No. 10,250,639

INFORMATION INFRASTRUCTURE MANAGEMENT DATA PROCESSING TOOLS FOR PROCESSING DATA FLOW WITH DISTRIBUTION CONTROLS

1. A method of processing data throughput in an information infrastructure in a distributed computing system with respective ones of a plurality of filters, comprising: identifying sensitive content or select content in said data throughput with one or more of said plurality of filters, said sensitive content represented by one or more sensitive words, characters, images, data elements or data objects therein grouped into a plurality of sensitivity levels, said select content represented by one or more predetermined words, characters, images, data elements or data objects;extracting and storing said sensitive content from said data throughput in respective data stores based upon said plurality of sensitivity levels;
classifying both the extracted sensitive content and said select content with a taxonomic category filter and generating classification tags therefor;
associating respective classification tags to the classified extracted sensitive content and said select content;
using the classification tags for data processing the stored sensitive content and said select content with: (a) a data mining process; (b) a copy process; (c) a transfer process to other predetermined storage stores; (d) a supplemental data search process; and (e) a presentation process responsive to a data inquiry;
using the classification tags in a structured data format for the transfer process and data storage; and,
repeating the extraction and storage on further data throughput.

US Pat. No. 10,250,638

CONTROL OF TRANSMISSION TO A TARGET DEVICE WITH A CLOUD-BASED ARCHITECTURE

ELWHA LLC, Bellevue, WA ...

17. A system, comprising:at least one computing device; and
one or more instructions that, when implemented in the computing device, program the at least one computing device for:
receiving a first electronic message for transmission to a target computing device and a second electronic message for transmission to the target computing device;
authorizing transmission of the first electronic message to the target computing device;
querying an image capture sensor of the target computing device to obtain an image of a current environment of the target computing device;
analyzing the image of the current environment of the target computing device to determine a context of the target computing device;
determining a threshold transmission time interval according to a mapping between the context of the target computing device and reference context data;
comparing an elapsed time since the authorizing transmission of the first electronic message to the target computing device with the threshold transmission time interval; and
in response to the comparing, authorizing transmission of the second electronic message to the target computing device when the threshold transmission time interval has elapsed following the authorizing transmission of the first electronic message to the target computing device.

US Pat. No. 10,250,635

DEFENDING AGAINST DOS ATTACKS OVER RDMA CONNECTIONS

MELLANOX TECHNOLOGIES, LT...

1. Apparatus, comprising:one or more communication ports; and
a hardware processor, configured to establish a Remote Direct Memory Access (RDMA) connection between a client device and a server by:
receiving via the communication ports, from the client device, a first message indicating a request to establish the connection,
ascertaining that the first message does not include any cookie satisfying one or more criteria,
in response to ascertaining that the first message does not include any cookie satisfying the one or more criteria, designating a Queue Pair (QP) Number for the connection without allocating a QP having the designated QP Number,
sending, to the client device, a second message that includes a first cookie and indicates the designated QP Number,
subsequently receiving, from the client device, a third message,
ascertaining that the third message includes a second cookie, and that the second cookie satisfies the one or more criteria,
in response to ascertaining that the second cookie satisfies the one or more criteria, allocating the QP on the server, and
sending, to the client device, a fourth message indicating that the server is ready to receive data communication at the allocated.

US Pat. No. 10,250,634

APPARATUS, SYSTEM, AND METHOD FOR PROTECTING AGAINST DENIAL OF SERVICE ATTACKS USING ONE-TIME COOKIES

Juniper Networks, Inc, S...

1. An apparatus comprising:a storage device that stores a set of cookies that facilitate authenticating packets received from a node within a network; and
a processing unit communicatively coupled to the storage device, wherein the processing unit:
receives, from the node within the network, at least one time-synchronization packet that is formatted in a time-synchronization protocol as part of a time-synchronization operation;
identifies a cookie included in the time-synchronization packet received from the node;
searches the set of cookies stored in the storage device for the cookie included in the time-synchronization packet received from the node;
identifies, within the set of cookies stored in the storage device, the cookie included in the time-synchronization packet received from the node;
protects against a Denial of Service (DoS) attack by authenticating the legitimacy of the time-synchronization packet by:
confirming that the cookie included in the time-synchronization packet is identified in the set of cookies stored in the storage device; and
ensuring that the time-synchronization packet did not originate from a malicious node masquerading as a trusted peer; and
synchronizes the apparatus with the node based at least in part on a time-synchronization calculation that accounts for the time-synchronization packet.

US Pat. No. 10,250,632

WEB SERVICE TESTING

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of web service testing within a computing environment, the method comprising:inferring a web service infrastructure from a web service hosted on a web server to facilitate testing of the web service, the inferring comprising:
downloading a web service description language (WSDL) file describing the web service from a location on the web server identified by a uniform resource locator (URL);
identifying at least one of a web service design technology and a web service technology provider from character strings indicative of the web service design technology and web service technology provider, respectively, in at least one of the WSDL file and URL; and
inferring the web service infrastructure from the at least one identified web service design technology and web service technology provider, wherein the inferring comprises evaluating individual pieces of web service infrastructure information, the evaluating including rejecting incompatible pieces of web service infrastructure information;
providing a security test tailored to test the web service based, at least in part, on the inferring of the web service infrastructure; and
testing the web service using the provided security test based, at least in part, on the inferred web service infrastructure.

US Pat. No. 10,250,630

SYSTEM AND METHOD FOR PROVIDING COMPUTER NETWORK SECURITY

WIPRO LIMITED, Bangalore...

1. A method for providing computer network security, the method comprising:gathering, via a processor, real-time threat information from one or more sources;
deriving, via the processor, security intelligence based on the real-time threat information;
determining, via the processor, a security measure based on the security intelligence; and
dynamically applying, via the processor, the security measure to a computer network using a set of virtual appliances and a set of virtual switches,
wherein dynamically applying comprises:
mapping the security measure to the set of virtual appliances, the set of virtual switches, and to a plurality of packet filters,
dynamically instantiating each virtual appliance in the set of virtual appliances based on the mapping using software defined networking,
service chaining virtual appliances in the set to connect the instantiated virtual appliances according to the mapping, and
dynamically programming, based on the mapping, the set of virtual switches using the plurality of packet filters to steer network traffic to the instantiated set of virtual appliances.

US Pat. No. 10,250,628

STORYBOARD DISPLAYS OF INFORMATION TECHNOLOGY INVESTIGATIVE EVENTS ALONG A TIMELINE

Splunk Inc., San Francis...

1. A method comprising:causing display of a timeline view of events in an information technology security investigation;
causing display on the timeline view of one or more system events that contain data that reflect activity in an information technology environment, wherein each system event is positioned on the timeline according to a timestamp associated with the system event, wherein each system event is represented on the timeline by a graphical indicator;
causing display on the timeline view of one or more investigative events reflecting investigative activity performed in association with a security investigation of one or more of the system events, wherein each investigative event is represented on the timeline by a graphical indicator;
while causing display of the timeline view, causing display of a storyboard view of system events and investigative events displayed in the timeline view, wherein a storyboard panel includes a view of one or more selected system events in addition to a view of any related investigative events, the storyboard panel enables a user to progress through detailed information regarding user investigative activities associated with system events that are indicative of security threats in a chronological fashion, wherein the storyboard view displays one or more storyboard panels at a time;
receiving user input to add one or more annotations to a displayed storyboard panel, wherein the displayed storyboard panel displays information related to a specific system event;
storing the one or more annotations in association with the specific system event.

US Pat. No. 10,250,627

REMEDIATING A SECURITY THREAT TO A NETWORK

HEWLETT PACKARD ENTERPRIS...

1. A method for remediating a security threat to a network, the method comprising:obtaining, from a network, security information about the network to determine traffic patterns of the network;
identifying, based on the traffic patterns of the network, a security threat to the network;
determining, from a playbook library and a workflow library, a workflow template and at least one software-defined networking (SDN) flow rule template to remediate the security threat comprising:
presenting a number of workflow templates from the workflow library and a number of SDN flow rule templates from the playbook library to a user;
receiving a selection from the user, the selection comprising the workflow template and the at least one SDN flow rule template; and
advancing, based upon the selection of the user, a workflow based on the workflow template by adding the SDN flow rule based on the at least one SDN flow rule template to a flow table of the network; and
deploying, via a SDN controller, a SDN flow rule based on the at least one SDN flow rule template in the network to remediate the security threat by altering a control path of the network.

US Pat. No. 10,250,626

ATTACKING NODE DETECTION APPARATUS, METHOD, AND NON-TRANSITORY COMPUTER READABLE STORAGE MEDIUM THEREOF

Institute For Information...

1. An attacking node detection apparatus, comprising:a storage unit, storing a plurality of access records of an application, wherein each of the access records comprises a network address of a host and an access content regarding the host accessing the application; and
a processing unit, being electrically connected to the storage unit and configured to filter the access records into a plurality of filtered access records according to a predetermined rule, wherein the access content of each of the filtered access records conforms to the predetermined rule;
wherein the processing unit further creates at least one access relation for each of the network addresses according to the filtered access records, each of the access relations is defined by one of the network addresses and one of the access contents,
wherein the processing unit further identifies a specific network address among the network addresses as a first attacking node according to the access relations;
wherein the processing unit further determines at least one node relation for each of the network addresses according to the access relations, each of the node relations is defined by two of the network addresses, the processing unit further assigns an initial score to the first attacking node, the processing unit further propagates the initial score according to a propagation algorithm and the node relations so that each of the network addresses has a propagated score, the processing unit further selects at least one second attacking node among the network addresses, and the propagated score of each of the at least one second attacking node is greater than a predetermined threshold.

US Pat. No. 10,250,625

INFORMATION PROCESSING DEVICE, COMMUNICATION HISTORY ANALYSIS METHOD, AND MEDIUM

NEC Corporation, Tokyo (...

1. An information processing device comprising a processor configured to:calculate a degree of possibility that indicates a degree of certainty of a practical user agent permitted to operate as a portion of a client, with respect to each user agent that relates to a user agent character string, based on a history of communication between the client and a server, the history including at least an identifier of the server, an identifier of the client, and the user agent character string included in a request header that is sent from the client and includes information about at least one of a browser, a plug-in installed in the browser, and a toolbar installed in the browser; and
output, based on the degree of possibility, disguise information that is information regarding communication performed by a fake user agent impersonating the practical user agent, wherein the processor is further configured to exclude the user agent character string when it includes a specific string.

US Pat. No. 10,250,624

METHOD AND DEVICE FOR ROBUST DETECTION, ANALYTICS, AND FILTERING OF DATA/INFORMATION EXCHANGE WITH CONNECTED USER DEVICES IN A GATEWAY-CONNECTED USER-SPACE

Oak Tree Logic, LLC, Aus...

1. A security appliance comprising:a network port enabling direct connection to a gateway;
a storage module having stored thereon firmware for operating the security appliance; and
a processor that executes the program code of the firmware, which configures the security appliance to:
establish a seamless communication interface with a connected gateway;
in response to establishing the seamless communication interface, monitor traffic coming into and going out from the connected gateway;
identify traffic anomalies within the monitored traffic; and
in response to identifying one or more of the traffic anomalies:
block and filter out unwanted and undesirable traffic associated with the traffic anomalies; and
initiate steps to report on and prevent further occurrence of the traffic anomalies, by generating one or more alerts and filtering out the captured data in preparation for forwarding to a remote server database; and
forward the filtered information about the identified traffic anomalies to a centralized database for evaluation and reporting;
enable manual configuration of an “away” mode selection to one of an enabled mode or disabled mode of operation; and
mask internet bounded traffic by configuring the security appliance to:
detect periods of statistical change that are indicative of an “away” period; and in response to detecting periods of statistical change indicative of the away period, generate internet traffic and communications with random content to Internet sites in a manner that is statistically indistinguishable from communication patterns during an “at-home” period.

US Pat. No. 10,250,622

USING MULTIPLE LAYERS OF POLICY MANAGEMENT TO MANAGE RISK

GLASSWALL (IP) LIMITED, ...

1. A system, comprising:a processor;
a receiver to receive a file at a computer system, the file including a content, the content of the file including a first portion;
a file type identifier to identify a purported file type of the file;
a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue ID; a quarantine that can store the file;
a file issue exclusion policy specifying an approved file type and a second issue ID;
a file content policy that can be used to:
allow the first portion of the content of the file to be included in the file, quarantine the file, or
sanitize the first portion of the content of the file,
the file content policy including a whitelist of known approved portions of content;
the processor executing a comparator to compare the first portion of the content of the file with the whitelist, wherein the first portion of the content of the file can be included in the file based at least in part on the first portion of the content of the file matching a known approved portion of content in the whitelist; and
a transmitter to transmit the file to the recipient instead of storing the file in the quarantine based at least in part on the approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID.

US Pat. No. 10,250,619

OVERLAY CYBER SECURITY NETWORKED SYSTEM AND METHOD

MISSION SECURE, INC., Ch...

1. An overlay cyber security method comprising:providing an overlay secure network comprising a communication channel associated with a Process Control Network (PCN);
associating, with each component of the Process Control Network (PCN), identification information that generates an identity for each component, the identity permitting timestamp information to be associated with one or more physical-level signals received or output by the component;
receiving, by at least one security device via the communication channel of the overlay security network, physical-level signals received or output by a component of the Process Control Network (PCN);
receiving, by the at least one security device and using the communication channel, at least one physical-level signal received by a controller of the component or at least one network-level signal output by the controller of the component;
obtaining, by the at least one security device, derived state information associated with the component via a network, the derived state information including the timestamp information associated with the one or more physical-level signals received or output by the component;
obtaining, by the at least one security device, stored historical state information associated with the component from a computer-readable historian device, the historical state information including stored timestamp information;
determining, by the at least one security device, occurrence of an unexpected state associated with the component based on a vertical consistency comparison of the physical level signals received or outputted by the component and one of the derived state information and said or the historical state information, and based on a horizontal state estimation consistency comparison of a plurality of said physical-level signals including the physical level signals received or outputted by the component and physical level signals received or outputted by other components at a same level as the component in the Process Control Network (PCN);
capturing and storing information associated with the unexpected state using an event message, the captured and stored information including the identification information associated with the component of the PCN and a unique identifier associated with the security device;
transforming the event message into a formatted message; and
outputting the formatted message via an interface to a forensic analysis system.

US Pat. No. 10,250,617

SYSTEMS AND METHODS FOR DETECTING MALWARE USING MACHINE LEARNING

Symantec Corporation, Mo...

1. A computer-implemented method for detecting malware using machine learning, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying, by the computing device, data to be analyzed for malware;
classifying the data to be analyzed for malware using a classifier created by applying a combination of at least one deep learning neural network, wherein a deep learning neural network comprises multiple layers of artificial neural networks, and at least one supervised data mining method to:
extract features from training data using one method of the deep learning neural network or the supervised data mining method; and
classify the features using the other method of the deep learning neural network or the supervised data mining method;
determining, by the computing device and based on a predefined threshold, that the classification of the data indicates potential malware on the computing device; and
performing, by the computing device, a security action based on the determination of potential malware on the computing device.

US Pat. No. 10,250,616

SERVER AND USER TERMINAL

Samsung Electronics Co., ...

1. A server, comprising:communication circuitry configured to communicate with a plurality of external terminals;
a storage; and
a processor configured to, based on a request for hardware integrity verification of a second external terminal being received from a first external terminal through the communication circuitry, perform hardware integrity verification of the second external terminal using reference data of the second external terminal stored in the storage,
wherein, based on the second external terminal accessing the first external terminal, the server is configured to receive from the first external terminal a transmission of the request for hardware integrity verification of the second external terminal,
wherein, based on the request for the hardware integrity verification being received, the processor is configured to control the communication circuitry to request transmission of data for the hardware integrity verification of the second external terminal to the second external terminal, not via the first external terminal, and
wherein, based on the data for the hardware integrity verification of the second external terminal being received from the second external terminal, not via the first external terminal, the processor is configured to perform the hardware integrity verification of the second external terminal by comparing the received data with the stored reference data.

US Pat. No. 10,250,613

DATA ACCESS METHOD BASED ON CLOUD COMPUTING PLATFORM, AND USER TERMINAL

TENCENT TECHNOLOGY (SHENZ...

1. A data access method based on a cloud computing platform, the method being performed by a user terminal, and the method comprising:obtaining, by the user terminal, an access request for a data ciphertext of the cloud computing platform, the access request comprising a decryption key, and the decryption key comprising a user precise identity identifier and a user attribute identifier;
decrypting, by the user terminal, the data ciphertext into a data plaintext, in response to the user precise identity identifier belonging to an identity identifier set comprised in an access structure of the data ciphertext and/or in response to the user attribute identifier belonging to a user attribute identifier set comprised in the access structure of the data ciphertext; and
before the obtaining the access request:
sending, by the user terminal, a data query request to the cloud computing platform, the data query request comprising a query condition that is authorized by a query key and comprising a permission type of the query key, the query condition comprising the user attribute identifier, and the permission type of the query key indicating whether the query key comprises permission time validity,
wherein, in response to the cloud computing platform identifying, based on the permission type of the query key, that the query key does not comprise the permission time validity, the cloud computing platform queries, from data ciphertexts that are stored in the cloud computing platform, an index ciphertext of the data ciphertext and the data ciphertext that are matched to the user attribute identifier comprised in the query condition, to obtain the data ciphertext; and
receiving, by the user terminal, the data ciphertext that is obtained, from the cloud computing platform.

US Pat. No. 10,250,612

CROSS-ACCOUNT ROLE MANAGEMENT

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a user, associated with a first account, with a temporary credential enabling the user to assume a role under a second account, the role having access rights to one or more resources under the second account;
sending information about the providing of the temporary credential to a management component associated with the first account and restricted to users authorized through the first account, the information including an access identifier;
receiving, at an interface associated with the second account, a communication including identifying information about the user stored under the first account and the access identifier;
storing the identifying information and the access identifier to an event repository associated with the second account;
receiving a request for access to the one or more resources associated with the second account, the request specifying the access identifier;
storing request information for the request in the event repository, the request information specifying the access identifier to link the request to the communication and identify actions performed by the user of the first account; and
enabling the identifying information to be associated with the request information in the event repository using the access identifier.

US Pat. No. 10,250,610

METHOD AND SYSTEM FOR COMMUNICATION CONTROL

International Business Ma...

1. An apparatus for communication control, the apparatus comprising:a memory; and
a processor, the processor communicatively coupled to the memory, the processor configured to:
receive, from an initiator, a request to initiate a communication with a first user, the request including a first identification specific to the first user, the first identification being different from a first communication account used by the first user to receive communications;
determine, based on a communication mapping associated with the first user, whether the initiator is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized initiators allowed to communicate with the first user and respective identifications to be used by the authorized initiators, wherein the communication mapping is solely assigned to the first user, and wherein the communication mapping is separate from any communication mapping of the initiator, and wherein the communication mapping of the first user is solely used for the determination;
obtain, in response to determining that the initiator is allowed to communicate with the first user using the first identification and from the communication mapping, the first communication account used by the first user, the first communication account distinct from a plurality of communication account entries of the first user used to receive communications from other initiators;
obtain, from the communication mapping, an initiator identification specific to the initiator, the initiator identification being different from an initiator communication account to be used by the initiator for the communication, the initiator identification being generated by a communication service provider that facilitates the communication between the initiator and the first user; and
present the initiator identification to the first user in the communication between the initiator and the first user.

US Pat. No. 10,250,609

PRIVILEGED ACCESS TO TARGET SERVICES

CyberArk Software Ltd., ...

1. A credentials management system for managing credentials for use in an authentication protocol, comprising:at least one hardware processor configured to:
determine that a client requires a specific permission to access a target service according to the authentication protocol;
identify, based at least in part on the determination, a credential accessible to the credentials management system, the identified credential being associated with the client but not accessible to the client;
communicate with an authentication service using the identified credential to obtain an authenticator on behalf of the client based on the identified credential;
receive the authenticator from the authentication service, responsive to the authentication service authenticating the credentials management system based on the identified credential; and
send the authenticator to the client thereby enabling use of the authenticator by the client for client operations with the target service.

US Pat. No. 10,250,606

NETWORK ACCESS METHOD, PROXIMITY COMMUNICATIONS SERVER, RELAY TERMINAL AND TERMINAL

Huawei Technologies Co., ...

1. A network access method, comprising:receiving, by a proximity communications server, a relay access verification request from a relay terminal, wherein the relay access verification request corresponds to a trunking communication request from a terminal;
verifying, by the proximity communications server, based on the relay access verification request, that the terminal is authorized to perform network access using the relay terminal;
authorizing, by the proximity communications server, the relay terminal to activate a relay function by sending a relay authorization response message to the relay terminal, wherein the relay authorization response message carries indication information indicating that the terminal is allowed to perform network access via trunking communications using the relay terminal;
acquiring, from a home subscriber server, group information of a trunking communications group to which the terminal belongs;
acquiring a network address of a trunking communications server that the terminal is allowed to access according to the group information; and
sending, to the relay terminal, the network address.

US Pat. No. 10,250,604

STORAGE MEDIUM, INFORMATION-PROCESSING DEVICE, INFORMATION-PROCESSING SYSTEM, AND NOTIFICATION METHOD

Nintendo Co., Ltd., Kyot...

1. A non-transitory storage medium storing a program for causing a computer to execute a process, the process comprising:accepting a login from a first user;
detecting receipt of a chat request from a second user different from the first user,
upon detecting receipt of the chat request, in response to matching of a destination of the received chat request and the first user who is logged in, displaying a first screen for notifying the receipt of the chat request, the first screen including a button for starting a chat with the second user, and in response to the destination of the received chat request and the first user who is logged in not being matched, displaying a second screen for notifying the receipt of the chat request, the second screen not including the button for starting a chat with the second user.

US Pat. No. 10,250,603

CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request to launch a virtual machine in a multi-tenant environment;
determining a policy corresponding to the request;
determining that the request comprises an indication for a scan to be performed on the virtual machine;
causing a scanning virtual machine to perform the scan on the virtual machine, wherein the scanning virtual machine and the virtual machine are hosted within the multi-tenant environment;
evaluating a result of the scan against the policy corresponding to the request;
determining that the result of the scan complies with at least one scan requirement of the policy; and
enabling the virtual machine to access one or more additional resources in the multi-tenant environment.

US Pat. No. 10,250,602

AUTHENTICATOR CENTRALIZATION AND PROTECTION

Early Warning Services, L...

1. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising:receiving authenticators for a user and storing the received authenticators;
receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;
determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy;
when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and
when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.

US Pat. No. 10,250,601

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

1. A processor-implemented method for updating drivers, the method comprising:receiving, by a processor, a connection request from a first computer in a second computer;
creating a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
receiving the created connection handshake from the first computer in a second computer;
determining the first computer is authorized to connect to the second computer based on the plurality of client credentials;
comparing, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
transmitting a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary; and
installing the driver update in the first computer.

US Pat. No. 10,250,600

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

8. A computer program product for updating drivers, the computer program product comprising:one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more tangible storage media, the program instructions executable by a processor, the program instructions comprising:
program instruction to receive, by a processor, a connection request from a first computer in a second computer;
program instructions to create a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
program instructions to receive the created connection handshake from the first computer in a second computer;
program instructions to determine the first computer is authorized to connect to the second computer based on the plurality of client credentials;
program instructions to compare, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
program instructions to transmit a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary.

US Pat. No. 10,250,599

QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION

Capital One Services, LLC...

1. A method performed by a user device, comprising:obtaining, by the user device, biometric information relating to a user of the user device using a biometric sensor of the user device;
determining, by the user device, that the biometric information is valid;
generating, by the user device, a biometric indicator indicating that the biometric information is valid;
providing, by the user device, a request for a callback from an entity,
wherein the request includes:
the biometric information indicating that the biometric information is valid, and
data indicating a queue associated with the callback; and
receiving, by the user device, the callback from the entity,
wherein the callback is received based on the biometric information indicating that the biometric information is valid, and
wherein the callback is associated with an entity identifier that is not provided to the user.

US Pat. No. 10,250,598

LIVENESS DETECTION METHOD AND DEVICE, AND IDENTITY AUTHENTICATION METHOD AND DEVICE

ALIBABA GROUP HOLDING LIM...

1. A method for identity verification using facial information comprising:collecting, by a computing device, biological characteristic information of a user;
displaying, by the computing device, the collected biological characteristic information at an initial position on a screen of the computing device;
determining, by the computing device, a target position using the initial position, and displaying the target position on the screen
randomly generating, by the computing device, a candidate target position based on the initial position;
using, by the computing device, the candidate target position as a target position upon determining that the candidate target position and the initial position satisfy a predetermined condition;
displaying, by the computing device, the target position on the screen;
prompting, by the computing device, the user to move the user's biological characteristic information to cause the displayed biological characteristic to move from the initial position on the screen to the target position on the screen;
detecting, by the computing device, the user's biological characteristic information movement, and determining the display position of the displayed biological characteristic information using the detected user's movement; and
judging, by the computing device, whether the user is a living being using a relationship between the determined display position and the target position.

US Pat. No. 10,250,595

EMBEDDED TRUSTED NETWORK SECURITY PERIMETER IN COMPUTING SYSTEMS BASED ON ARM PROCESSORS

GBS Laboratories, LLC, H...

1. A computing system with an embedded network security perimeter that incorporates capabilities to secure external network communications comprising:a computer system based on an Advanced RISC (Reduced Instruction Set Computer) Machines (ARM) processor with integrated Security Extensions;
an embedded network security perimeter running in a Trusted Execution Environment (TEE) on the ARM processor with dedicated memory and storage; and
an Operating System (OS) running in a Rich OS Execution Environment on the ARM processor with a dedicated memory and a storage for the OS;
wherein the TEE and Rich OS Execution Environment are hardware isolated from each other using the integrated security extensions,
wherein only the embedded network security perimeter has an access to a physical network interface,
wherein all network traffic from the Rich OS to external networks goes through security checks and transformations performed by the embedded network security perimeter in the TEE,
wherein the embedded network security perimeter is controlled by a management service,
wherein the management service uses a security policy as a primary source of configuration data, and
wherein the security is protected using an encryption signature for decryption and a digital signature of the security policy is accessible only from the TEE.

US Pat. No. 10,250,593

IMAGE BASED KEY DEPRIVATION FUNCTION

Visa International Servic...

1. A computing device comprising:a processor; and
a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including:
receiving, from another computing device, an identifier and first encrypted data that was encrypted using an image-based derived key, the identifier being stored with the image-based derived key in an entry of a database;
determining the image-based derived key associated with the identifier,
wherein the image-based derived key is generated from a selection of authentication images, and a combination of image identifiers and pixel properties of the authentication images is used as an image input value to an image-based derived key function, and
wherein the image-based derived key is further generated based on:
an adjustable iteration count value being an input to the image-based derived key function indicating a number of repetitions that the image-based derived key function is performed to generate the image-based derived key;
an adjustable key length indicating a length of the image-based derived key; and
a salt value based on the identifier that is stored with the image-base derived key in the entry of the database; and
decrypting the first encrypted data.

US Pat. No. 10,250,591

PASSWORD-BASED AUTHENTICATION

International Business Ma...

1. A method, comprising:sending by an access control server an authentication value to at least a subset of a set of authentication servers,
wherein the access control server is one of ??2 servers in a system and the set of authentication servers are others of the ??2 servers,
wherein the access control server stores, for each of a plurality of user IDs, a first ciphertext which has been produced by encrypting a user password associated with a respective user ID under a public key pk using a homomorphic encryption algorithm, and
wherein the sending is performed in response to receipt from a user computer of a user ID and the authentication value which was previously determined using a predetermined function of a first ciphertext for that user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID;
receiving, by the access control server and from each one of the authentication servers in the subset, a decryption share dependent on the authentication value and produced by a corresponding one of the authentication servers using a key-share ski thereof,
wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the ? servers, of a cryptographic key-pair (pk, sk) where pk is the public key of the key-pair;
using by the access control server at least the decryption shares of the subset of the authentication servers to determine if the authentication value decrypts to the predetermined value, if so permitting access to the resource by the user computer.

US Pat. No. 10,250,590

MULTI-FACTOR DEVICE REGISTRATION FOR ESTABLISHING SECURE COMMUNICATION

Samsung Electronics Co., ...

1. A method of improving security of a computer server system through secure device registration, the method comprising:receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;
in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
receiving, by the computer server system, a passcode input from the second device via the second connection;
in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;
in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;
in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;
in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.

US Pat. No. 10,250,588

SYSTEMS AND METHODS FOR DETERMINING REPUTATIONS OF DIGITAL CERTIFICATE SIGNERS

Symantec Corporation, Mo...

1. A computer-implemented method for determining reputations of digital certificate signers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a plurality of endpoint devices that have accessed files to which a digital certificate signer has attached digital certificates that assert the files are legitimate;
determining, for each endpoint device, whether a security state of the endpoint device is compromised or uncompromised based on a security analysis of computing events detected on the endpoint device;
classifying the digital certificate signer as potentially malicious by determining that the files were accessed more frequently by endpoint devices with compromised security states than by endpoint devices with uncompromised security states; and
protecting a security state of an additional endpoint device by preventing the additional endpoint device from accessing a file with a digital certificate signed by the digital certificate signer.

US Pat. No. 10,250,587

DETECTING MALICIOUS USAGE OF CERTIFICATES

MICROSOFT TECHNOLOGY LICE...

1. A method for improving network security, comprising:scanning a network to detect certificates deployed within the network;
generating a network map based on the certificates detected as deployed within the network;
comparing the network map to a set of rules;
generating notifications based on the network map relative to the set of rules;
determining whether to change a deployment of certificates in response to the notifications; and
in response to determining to change the deployment of certificates, adjusting the certificates deployed to one or more environments of the network.

US Pat. No. 10,250,586

SECURITY CERTIFICATION AND APPLICATION CATEGORIZATION FOR MOBILE DEVICE MANAGEMENT

SAP SE, Walldorf (DE)

1. A computer-implemented method for managing mobile devices associated with enterprise operations, the method being executed using one or more processors and comprising:receiving, by the one or more processors, a request to access information regarding at least one mobile application for download to and installation on a mobile device of a user, the request comprising an identifier associated with an enterprise, the identifier being unique to the enterprise and distinguishing the enterprise from other enterprises;
receiving, by the one or more processors, a tenant-specific configuration based on the identifier, the tenant-specific configuration comprising a plurality of criteria for mobile applications to be available for download to and installation on mobile devices associated with the enterprise, at least one of the plurality of criteria being associated with vendors of the mobile applications that are independent from the enterprise;
transmitting, by the one or more processors, a request for a list of available mobile applications to an application and certification database, the request comprising the tenant-specific configuration;
receiving, by the one or more processors, the list of available mobile applications, which comprises a subset of mobile applications of a superset of mobile applications, the subset of mobile applications being provided based on the tenant-specific configuration by using automated assessments and integrating an existing certification;
providing, by the one or more processors, graphical representations of each mobile application in the list of available mobile applications for display to the user, the graphical representations being ranked based on at least two different criteria that are selected by the user of the mobile device, the list of available mobile applications further grouped according to the at least two different criteria, at least one of the criteria being a risk of installing each mobile application; and
installing, by the one or more processors and on the mobile device of the user, a mobile application selected from the list of available mobile applications.

US Pat. No. 10,250,585

IDENTITY MIGRATION BETWEEN ORGANIZATIONS

Amazon Technologies, Inc....

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, wherein when executed the program causes the at least one computing device to at least:receive, via an authentication service executed on the at least one computing device, user login information from a client device, the authentication service being operated by a first organization;
identify, via the authentication service, one of a plurality of second organizations for which the authentication service authenticates users;
verify, via the authentication service, that the user login information is correct according to identity data associated with the one of the plurality of second organizations;
return, via the authentication service, an authentication token to the client device, wherein the authentication token is used by the client device to access resources of a network site operated by the one of the plurality of second organizations; and
send, via the authentication service, a customer identifier for the client device to the network site in response to receiving a request for user information from the network site, the customer identifier being used by the network site to initiate a generation of a session token that correlates a plurality of client device interactions with the network site.

US Pat. No. 10,250,583

SYSTEMS AND METHODS TO AUTHENTICATE USERS AND/OR CONTROL ACCESS MADE BY USERS ON A COMPUTER NETWORK USING A GRAPH SCORE

IDM GLOBAL, INC., Palo A...

1. A controller for user authentication and access control, the controller comprising:at least one microprocessor;
a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
memory coupled with the at least one microprocessor and storing:
graph data representing a graph having nodes and links;
wherein the nodes of the graph represent data elements associated with accesses made using access tokens, and
wherein the links of the graph among the nodes of the graph represent connections between the data elements identified in collected data about the accesses;
instructions which, when executed by the at least one microprocessor, cause the controller to:
receive, from the computing site, input data specifying details of an access made using an access token;
update the graph according to the input data;
determine a plurality of measurements of the graph;
compute a score of the graph based on a weighted average of the measurements; and
process the access made using the access token based on the score.

US Pat. No. 10,250,582

SECURE PRIVATE LOCATION BASED SERVICES

Microsoft Technology Lice...

1. A method for providing secure location based services comprising:receiving, from a user device, a set of initial information comprising a beacon identifier;
identifying a set of services to be provided to authorized users based on the beacon identifier;
sending to the user device, an authentication challenge;
receiving from the user device a response to the authentication challenge, the response to the authentication challenge allowing the user of the user device to be identified;
determining whether the response to the authentication challenge is valid;
responsive to the determination that the response to the authentication challenge is valid;
sending information to the user device describing a subset of the set of services that the user is authorized to access; and
providing access to a selected service of the subset; and
responsive to the determination that the response to the authentication challenge is not valid, denying access to the set of services.

US Pat. No. 10,250,581

CLIENT, SERVER, RADIUS CAPABILITY NEGOTIATION METHOD AND SYSTEM BETWEEN CLIENT AND SERVER

ZTE CORPORATION, Shenzhe...

1. A Remote Authentication Dial In User Service (RADIUS) capability negotiation method, comprising:transmitting, by a client, to servers a first message carrying RADIUS capability parameters of the client, wherein the RADIUS capability parameters of the client indicates RADIUS capability supported by the client;
receiving, by the client, a first announcement message carrying at least one of load information or compulsory switching information of the server, after the client transmits the first message to servers;
selecting, by the client, one server for user accessing from severs according to the load information or the compulsory switching information of one or more severs;
receiving, by the client, a second message carrying a result of matching of the RADIUS capability parameters in the first message with RADIUS capability parameters of the server from the server, wherein the RADIUS capability parameters of the server indicates RADIUS capability supported by the server;
determining, by the client, whether to establish effective communication with the selected server according to the matching result in the second message, and
establishing by the client or the server, effective communication between the selected server and the client when the matching result indicates successful matching.

US Pat. No. 10,250,580

OUT-OF BAND REMOTE AUTHENTICATION

Intel Corporation, Santa...

1. An article comprising a non-transient machine-accessible storage medium including instructions that when executed enable a processor-based system to:authenticate a user to a processor-based host, via a third credential, to determine a user authentication status;
transparently authenticate the user to a processor-based first service provider via (a)(i) the user authentication status, (a)(ii) a first credential that is unequal to the third credential, and (a)(iii) a first out-of-band (OOB) communication;
transparently authenticate the user to a processor-based second service provider via (b)(i) the user authentication status, (b)(ii) a second credential that is unequal to either of the first and third credentials, and (b)(iii) a second OOB communication;
in response to a timed-out session with the first service provider, re-authenticate the user to the first service provider (c)(i) transparently to the user and via another OOB communication, and (c)(ii) without re-authenticating the user to the host.

US Pat. No. 10,250,578

INTERNET KEY EXCHANGE (IKE) FOR SECURE ASSOCIATION BETWEEN DEVICES

QUALCOMM Incorporated, S...

1. A method comprising:performing an Internet Key Exchange (IKE) to create an Internet Protocol security (IPsec) security association (SA) between a first device and a second device based upon both an authentication header (AH) and an encapsulating security payload (ESP), free of creating a child security association, wherein the first device and the second device are configured to communicate through a link; and
allowing information exchanges between the first device and the second device via the link based upon the IPsec SA.

US Pat. No. 10,250,577

SYSTEM AND METHOD FOR AUTHENTICATING AND ENABLING AN ELECTRONIC DEVICE IN AN ELECTRONIC SYSTEM

Anvaya Solutions, Inc., ...

1. An electronic system comprising:a protected device;
a requesting device node, executing on a computing system, the requesting device node including:
a device query data packet generator to generate a device query data packet including data representing trust credentials of the protected device and a particular paired system, the device query data packet including an obfuscation state value and a nonce value; and
an authentication key retriever to obtain an authentication key based on the device query data packet from an authentication provisioning node using an external data communication; and
an obfuscation state machine of the particular paired system configured with a pre-defined quantity of state elements, a pre-defined quantity of the state elements being functional state elements, the obfuscation state machine being programmed with the authentication key to cause the obfuscation state machine to transition the protected device from an initial obfuscation state to a functional state.

US Pat. No. 10,250,576

COMMUNICATION OF MESSAGES OVER NETWORKS

International Business Ma...

1. A system comprising n?2 servers Si, 1?i?n, for communicating messages between sender and receiver computers, connectable to said system via a network, in dependence on authentication of receiver passwords, associated with respective receiver IDs, by the system, wherein each server Si comprises at least one hardware data processor connected with at least one memory that stores software instructions, and wherein execution of the software instructions by the at least one hardware data processor causes each server Si:to store, for each said receiver ID, a first ciphertext produced by encrypting the receiver password associated with that ID under a respective public key via a homomorphic threshold encryption scheme having a threshold t?n, and a key-share ski of a secret key corresponding to that public key;
in response to receipt from a sender computer of an encrypted message, produced by encrypting a message for a said receiver ID under the public key for that ID via said encryption scheme, to store the encrypted message;
in response to receipt from a receiver computer of a said receiver ID, to send said first ciphertext for that ID to the receiver computer and, following receipt from the receiver computer of an authentication value which comprises a predetermined function of that first ciphertext and a second ciphertext produced by encrypting a password attempt under the public key for that ID via said encryption scheme such that the authentication value decrypts to a predetermined value if the password attempt equals the receiver password for that ID, to produce a first decryption share dependent on the authentication value using said key-share ski for that ID; and
in response to receipt of said first decryption share produced by each of (t?1) other servers Si for the authentication value received for said ID, to determine from the t first decryption shares whether the authentication value decrypts to said predetermined value and, if so, to produce a second decryption share of a selected encrypted message using said key-share ski for that ID, and to send the second decryption share to said receiver computer.

US Pat. No. 10,250,572

LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

Amazon Technologies, Inc....

1. A method of providing configurable hardware, the method comprising:receiving a first request to generate configuration data for a field-programmable gate array (FPGA), the first request comprising a reference to a hardware design specifying application logic for implementation on the FPGA, the FPGA comprising host logic and the application logic when the FPGA is configured;
generating a validated bitstream based on the application logic and the host logic, the validated bitstream specifying the configuration data for the FPGA;
encrypting the validated bitstream to generate an encrypted bitstream;
signing the encrypted bitstream using a private key to generate a signed encrypted bitstream, the signed encrypted bitstream comprising a signature and the encrypted bitstream;
transmitting the signed encrypted bitstream to a host server computer in communication with a particular FPGA;
verifying the signature of the signed encrypted bitstream using a public key;
decrypting the encrypted bitstream to generate the validated bitstream; and
programming the particular FPGA with the validated bitstream so that the particular FPGA is configured with the host logic and the application logic.

US Pat. No. 10,250,571

SYSTEMS AND METHODS FOR OFFLOADING IPSEC PROCESSING TO AN EMBEDDED NETWORKING DEVICE

Cavium, LLC, Santa Clara...

1. A system to support offloading of IPSec operations on network traffic comprising:a host running one or more virtual machines (VMs) and configured to:
identify a VM running on the host that requires secured communication with a remote client device;
offload one or more Internet Protocol Security (IPSec) operations of a plurality of data packets exchanged between the VM and the remote client device to an external embedded networking device, wherein the embedded networking device is a hardware-based, software-programmable Network Interface Card (NIC), wherein the NIC is a multi-core network packet processing engine and the NIC includes a IPSec processing component, a network interface component, and a virtual switch component, each component running on independent cores of the multi-core network, and wherein the NIC is configured to:
encrypt the data packets in a tunnel mode if an IPSec policy is found;
send the encrypted data packets to a IPSec VM based on a destination Media Access Control (MAC);
decrypt IPSec-processed packets received by the NIC on a return path from the remote client device if a security association (SA) is found for a corresponding Security Parameter Index (SPI) in the IPSec-processed packets;
send the decrypted packets to the VMs via the IPSec VM after a MAC lookup of the decrypted packets;
perform the offloaded IPSec operations to process the data packets from the VM running on the host that requires secured communication with the remote client device;
support flexible packet processing at various input/output rates; and
transmit the IPSec-processed data packets to the remote client device over a network without returning the data packets back to the host before they are transmitted over the network.

US Pat. No. 10,250,570

SEPARATED INTELLIGENT CONTROL SYSTEM AND METHOD THEREOF

1. A separated intelligent control system comprising a wireless networking intelligent controller, said wireless networking intelligent controller comprising:a wireless networking unit for performing network communication;
a microprocessor connected with said wireless networking unit for data transmission via said wireless networking unit, said data comprising programs or instructions; and
at least one multi-use interface, said multi-use interface comprising a plurality of pins, said plurality of pins being connected to said microprocessor; said microprocessor being used to change function of said plurality of pins of said multi-use interface via firmware;
wherein the separated intelligent control system further comprises an external module connected to said multi-use interface, and said external module comprises a power switch controller or sensor.

US Pat. No. 10,250,568

METHODS AND SYSTEMS FOR CONCEALING INFORMATION

1. A method for concealing information comprising a sequence of symbols, the method comprising the steps of:a concealing system, the concealing system comprising a network interface in communication with the internet and an encoder, obtaining location information obtained using a Uniform Resource Locator (URL);
the concealing system obtaining rule information from a location indicated by the location information, the rule information being indicative of a rule for discarding a plurality of symbols;
the concealing system using the rule information obtained to configure the encoder; and
the encoder forming concealed information by applying to the information comprising the sequence of symbols at least one encoder rule determined by the configuration of the encoder.

US Pat. No. 10,250,567

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication apparatus comprising:a receiver that receives a beacon frame from a first wireless communication apparatus belonging to a basic service set (BSS), the beacon frame including a value indicating a first encryption method, the first encryption method used by the BSS to protect at least one of a broadcast or a multicast, wherein the wireless communication apparatus supports a second encryption method; and
a transmitter that:
transmits an association request frame, to establish a connection with the first wireless communication apparatus, to the first wireless communication apparatus prior to completion of establishment of the connection with the first wireless communication apparatus, the association request frame including a value indicating the second encryption method, if the second encryption method is equal to the first encryption method,
declines to establish the connection with the first wireless communication apparatus, if the second encryption method is not equal to the first encryption method, and
transmits a data frame including a frame body, the frame body including data encrypted by the second encryption method, after a reception of an association response frame including a status code that indicates success of the connection with the first wireless communication apparatus,
wherein the association request frame includes a frame control field and a frame body, the frame body includes the second value, the frame control field includes a type field, and the type field includes a value indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,566

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication terminal configured to belong to a first communication group, the wireless communication terminal comprising:an antenna;
a memory configured to store a first encryption method used by the first communication group to protect at least one of broadcast communication or multicast communication in the first communication group;
a transmitter configured to transmit, via the antenna, a beacon frame including information of the first encryption method;
a receiver configured to receive, via the antenna, an association request frame from a first wireless communication apparatus, the association request frame including information of a second encryption method supported by the first wireless communication apparatus; and
circuitry configured to, prior to completion of establishment of a connection between the wireless terminal and the first wireless communication apparatus, check whether the second encryption method is equal to the first encryption method to determine whether a request of the association request frame is permitted or rejected,
wherein the transmitter is further configured to transmit, via the antenna, an association response frame indicating either one of an association successful or an association failure, and the connection between the wireless communication terminal and the first wireless communication apparatus is not established,
wherein the receiver is further configured to receive, via the antenna, a data frame after a transmission of the association response frame indicating the association successful and the completion of establishment of the connection between the wireless communication terminal and the first wireless communication apparatus, a frame body of the data frame including data encrypted by the second encryption method, the data frame is either one of broadcast communication or multicast communication in the first communication group, and one of destinations of the data frame is the wireless communication terminal, and
wherein the association request frame includes a frame control field and a frame body, the frame body includes the information of the second encryption method, the frame control field includes a type field, and the type field includes information indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,563

SECURE DEVICE AND PROXY FOR SECURE OPERATION OF A HOST DATA PROCESSING SYSTEM

ZANGULI LLC, Boca Raton,...

1. A method comprising:generating, using a processor, a first proxy and a first proxy companion paired with the first proxy;
providing the first proxy to a host data processing system for execution therein;
wherein the first proxy in the host data processing system and the first proxy companion communicate;
detecting a proxy change event for the host data processing system; and
responsive to the detecting, generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for execution therein.

US Pat. No. 10,250,562

ROUTE SIGNALING DRIVEN SERVICE MANAGEMENT

Juniper Networks, Inc., ...

15. A service gateway system, comprising:a network; and
a plurality of service gateway network devices connected by the network, wherein the plurality of service gateway network devices includes a first service gateway network device and a second service gateway network device, wherein each service gateway network device includes a memory and one or more processors connected to the memory, wherein the one or more processors are configured to:
receive configuration information defining a redundancy set having a master redundancy state and a standby redundancy state, wherein the configuration information includes one or more redundancy policies associated with the redundancy set, the one or more redundancy policies including a service redundancy policy that defines changes to be made in a service when a transition occurs in the state of the redundancy set;
receive configuration information defining events that cause a transition between the master and standby redundancy states in the redundancy set, wherein the events include a first event that causes a transition from the master redundancy state to the standby redundancy state in the redundancy set;
store a plurality of signal-routes, including a first signal-route, wherein each signal-route is a route used by applications to signal changes in application state and wherein each signal-route is associated with one or more of the defined events, wherein the first signal-route is associated with the first event; and
in response to detecting the first event in the service gateway:
transition the redundancy set, within the service gateway, from the master redundancy state to the standby redundancy state;
modify a first signal-route state associated with the redundancy set, wherein modifying includes adding the first signal-route to or removing the first signal-route from a routing information base and advertising, from the service gateway and to peer network devices, the change in the routing information base; and
modify the service based on the service redundancy policy.

US Pat. No. 10,250,560

NETWORK SECURITY METHOD AND DEVICE USING IP ADDRESS

SOOSAN INT CO., LTD., Se...

1. A network security method implemented by a network security device, comprising:maintaining information related to a blocked country with which data communication is to be blocked, in a blocked country database (DB);
identifying an external Internet Protocol (IP) address by extracting at least one of a source IP address and a destination IP address of a communication packet transmitted on a network;
identifying a country to which the identified external IP address belongs;
blocking the communication packet when the identified country corresponds to the blocked country;
maintaining a country and an IP address corresponding to the country in a the country-by-country IP DB; and
identifying a country corresponding to the identified external IP address by referring to the country-by-country IP DB,
wherein the maintaining comprises:
registering all countries as blocked countries in the blocked country DB;
excluding a first country from the blocked countries in the blocked country DB when at least a predetermined first number of packets are transmitted to and received from the first country during a predetermined first time period;
displaying the first country to an administrator when at least the predetermined first number of packets are transmitted to and received from the first country during the predetermined first time period; and
excluding the first country from the blocked countries in the blocked country DB in accordance with an instruction of the administrator,
wherein the maintaining comprises registering the first country as the blocked country in the blocked country DB when at least a predetermined second number of packets are received from and transmitted to, the first country during a predetermined second time period.

US Pat. No. 10,250,559

REVERSIBLE MAPPING OF NETWORK ADDRESSES IN MULTIPLE NETWORK ENVIRONMENTS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first network packet from a client device in a first network, wherein
the first network packet comprises an internal source address, and
the internal source address is a network address of the client device in the first network;
generating a value by executing a hashing function, wherein
the hashing function is reversible by a reverse hashing operation, and
the hashing function associates an external source address with the internal source address by virtue of generating the value based, at least in part, on the internal source address, and
at least a portion of the external source address;
generating a second network packet, wherein
the generating the second network packet comprises
including the external source address in the second network packet, and
including the value in the second network packet,
the external source address is a network address in a second network,
the external source address is associated with the internal source address by the at least the portion of the value, and
the hashing function generates the value such that, upon receipt of a third network packet comprising the value and a destination address, execution of the reverse hashing operation on the value produces the internal source address and the at least the portion of the external source address, such that the third network packet is transmitted to the internal source address, if a comparison between at least a portion of the destination address and the at least the portion of the external source address indicates that the destination address and the external source address are the same;
transmitting the second network packet into the second network; and
upon receipt of the third network packet,
recovering the internal source address and the at least the portion of the external source address by executing the reverse hashing operation, wherein the executing the reverse hashing operation recovers the internal source address without accessing any data structure that is external to both the reverse hashing operation and the third network packet,
determining whether the at least the portion of the external source address and at least a portion of the destination address are the same, and
in response to a determination that the at least the portion of the external source address and the at least the portion of the destination address are the same, transmitting at least a portion of the third network packet to the internal source address.

US Pat. No. 10,250,557

ENABLING MULTI-REALM SERVICE ACCESS FOR A SINGLE IP STACK UE

NOKIA SOLUTIONS AND NETWO...

1. An apparatus comprising:a connection unit configured to provide connection of a user equipment to a first network in a first address realm, wherein the user equipment is located within the first address realm, and
a processor configured:
to serve the user equipment based on a first address in the first network,
to request a second address in a second address realm,
to detect the second address to be used by the user equipment for a service in the second address realm, the second address realm being separately located from the first address realm,
to store the second address together with the first address,
to inform a network policy control element controlling policy in connection with the service in the second address realm about the second address,
to receive a credit control acknowledgment message,
to perform service specific signaling with the first address realm,
to receive a re-authorization request message after the first and second addresses being matched when carrying policy control functions triggers an authentication and/or authorization answer message,
to send a re-authorization answer message to the network policy control element, and
to provide bearers for both internet services located in the first address realm and operator services located in the second address realm simultaneously,
wherein the network policy control element is located outside of the first address realm,
wherein the user equipment is defined in the first address realm, and
wherein the service is defined in the second address realm.

US Pat. No. 10,250,555

METHODS AND SYSTEMS FOR IMPLEMENTING VERY LARGE DNS ZONES

BLUECAT NETWORKS, INC., ...

1. A method of registering DNS hostnames of Internet host devices for a very large domain zone (VLZ) stored on a DNS server on a network, wherein the Internet host devices collectively define a load of the VLZ and further wherein each Internet host device has an original fully qualified domain name (FQDN), comprising:instructions stored in non-transitory memory that, when executed by a processor, cause the processor to perform steps including:
defining a pseudo-zone that represents the VLZ, wherein the pseudo-zone is a unique map from each original FQDN into a hierarchy of a plurality of subzones, each containing a pre-determined number of the Internet host devices such that the load of the VLZ is effectively distributed across multiple servers that are separate but operatively connected to the Internet;
intercepting DNS updates to the pseudo-zone;
mapping the entries in the pseudo-zone into a hierarchy of real parent zones and subzones using a mapping formula, wherein the mapping formula includes a hash function used to establish the plurality of subzones in the pseudo-zone; and
translating DNS updates to the pseudo-zone from the original FQDN into at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server.

US Pat. No. 10,250,554

METHODS, SYSTEMS, AND PRODUCTS FOR MONITORING DOMAIN NAME SERVERS

1. A method, comprising:capturing, by a server, a query requesting a domain name resolution of a domain name;
capturing, by the server, a response to the query, the response generated after performing the domain name resolution;
determining, by the server, a response time of the domain name resolution exceeds a threshold value;
inferring, by the server, that the domain name was not locally cached based on the response time that exceeds the threshold value;
categorizing, by the server, the response in a single category in which the domain name successfully resolved to an Internet Protocol address; and
uniquely categorizing, by the server, the query in which the domain name failed to resolve according to the domain name resolution.

US Pat. No. 10,250,553

ARP OFFLOADING FOR MANAGED HARDWARE FORWARDING ELEMENTS

NICIRA, Inc., Palo Alto,...

1. A non-transitory machine readable medium storing a service node program for processing address resolution protocol (ARP) in a network comprising a plurality of managed software forwarding elements (MSFE) and at least one managed hardware forwarding element (MHFE), the program comprising sets of instructions for:at a service node,
receiving an ARP request from the MHFE;
determining whether a layer 2 (L2) address for replying to the ARP request is stored locally at the service node;
when the L2 address is not stored locally, replicating the ARP request and sending the replicated ARP request to a set of MSFEs;
providing the L2 address to the MHFE when the L2 address is stored locally or when the L2 address is received from one of the MSFEs.

US Pat. No. 10,250,552

L3VPN SERVICE WITH SINGLE IGP/BGP SESSION FROM A MULTI-HOMED CE WITH FAST CONVERGENCE USING EVPN

Cisco Technology, Inc., ...

1. A computer-implemented method for assisting provision of a Layer 3 Virtual Private Network (L3VPN) service using Ethernet VPN (EVPN) for a customer edge (CE) device multi-homed to a plurality of provider edge (PE) devices and operating in a single-active redundancy mode, the method comprising:establishing a communication session between said CE device and a provider edge (PE) device elected, out of said plurality of PE devices, to be a designated forwarder (DF) for said CE device (DF PE device), wherein each of said plurality of PE devices are configured with a same anycast overlay address;
receiving at said DF PE device from said CE device, over said communication session, one or more messages comprising host Internet Protocol (IP) prefixes reachable via said CE device;
sending, by said DF PE device, one or more route advertisement messages advertising the host IP prefixes received at said DF PE device from said CE device, each route advertisement message comprising an indication of said CE device;
detecting, by said DF PE device, a failure of said communication session between the DF PE device and said CE device; and
in response to the failure of said communication session, withdrawing a pseudowire used by said communication session, wherein withdrawing the pseudowire triggers one of the other non-DF PE devices to establish a second communication session with said CE device.

US Pat. No. 10,250,551

METHOD AND APPARATUS FOR EXPIRING MESSAGES IN ELECTRONIC COMMUNICATIONS

GOOGLE LLC, Mountain Vie...

1. A method comprising:receiving, at one of one or more servers, an electronic communication from a source client device, the electronic communication including a message;
temporarily storing, on a non-durable storage media accessible by at least one of the one or more servers, content of the message;
notifying, by at least one of the one or more servers, a recipient client device of availability of the message;
determining an occurrence of at least one of a first expiration event and a second expiration event, wherein:
the first expiration event includes expiration of an amount of time to live associated with the message as defined on at least one of the one or more servers, and
the second expiration event includes number of times of access of the message as defined on at least one of the one or more servers, based on input received from the recipient client device;
in response to determining the occurrence of the at least one of the first expiration event and the second expiration event, causing the content of the message to be deleted from the non-durable storage media; and
after deletion of the content of the message from the non-durable storage media, notifying the recipient client device that the message is unavailable.

US Pat. No. 10,250,550

SOCIAL MESSAGE MONITORING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A social message monitoring method, comprising:receiving a social message;
performing theme modeling analysis on the social message to obtain a theme probability vector of the social message;
comparing the theme probability vector of the social message with a theme probability vector of a representative message to obtain a theme similarity;
comparing a user of the social message with a user of each representative message to obtain a user similarity between the social message and each representative message;
acquiring a similarity between the social message and the representative message according to the theme similarity, the representative message being a representative social message in a message class;
saving the social message in a message class containing a representative message most similar to the social message, the representative message from each message class being selected by performing weighted averaging on theme probability vectors of all social messages in each message class to obtain a theme probability vector of a representative message of each message class, and when a new social message is added to the message class, selecting, from each message class, a social message matching the theme probability vector of the representative message of the message class as the representative message, and performing weighted averaging again to calculate the theme probability vector of the representative message of the message class; and
outputting the message class to a social network client when a quantity of social messages in the message class reaches a first threshold or themes of social messages in the message class are consistent.

US Pat. No. 10,250,548

SOCIAL MEDIA ENGAGEMENT ENGINE

SAP SE, Walldorf (DE)

1. A method of social media engagement, comprising:receiving a social media message from a person via a social media data connector;
generating processed data by analyzing the social media message, the generating comprising:
extracting data from the social media message,
determining an importance level of the person, and
enriching the extracted data with the determined importance level of the person,
determining, by a rule engine based on the processed data including the determined importance level of the person, whether an engagement is to be manually or automatically conducted with the person;
in response to determining the engagement is to be manually conducted, invoking a response from an agent via an engagement workbench;
in response to determining the engagement is to be automatically conducted, automatically generating the response based on information extracted from an application system; and
transmitting the invoked or generated response to the social media data connector;
wherein at least one predefined rule executed by the rules engine (i) identifies which agent or group of agents to take action in response to the social media message, (ii) what action the identified agent should take, (ii) what information to extract from an external application system.

US Pat. No. 10,250,547

TREND DETECTION FOR CONTENT TARGETING USING AN INFORMATION DISTRIBUTION SYSTEM

TWITTER, INC., San Franc...

1. A method comprising:receiving, by an information distribution system and from one or more client devices, a first plurality of messages composed by one or more users of the one or more client devices, wherein each of the messages in the first plurality of messages includes a first hashtag, and wherein a first message of the first plurality of messages includes first semantic content;
receiving, by the information distribution system and from a second client device, a second message composed by one or more users of the second client device, wherein the second message includes a second hashtag and second semantic content, and wherein the second message does not include the first hashtag;
determining, by the information distribution system, a degree of similarity between the first semantic content included in the first message and the second semantic content of the second message;
in response to determining that the degree of similarity satisfies a similarity threshold, determining, by the information distribution system, that the first hashtag corresponds to the second hashtag;
in response to determining that the first hashtag corresponds to the second hashtag, forming, by the information distribution system, a second plurality of messages that includes the first plurality of messages and the second message;
determining, by the information distribution system and using a set of metrics that are based at least in part on the second plurality of messages, a trending score that represents a magnitude of a trend for the first hashtag and the second hashtag;
in response to determining that the trending score satisfies a threshold, sending, by the information distribution system and to a content provider system, a set of demographic data that describes one or more of the users who associated with the first hashtag or the second hashtag; and
in response to receiving, from the content provider system, targeted content that is based at least in part on the first hashtag, on the second hashtag, and on the set of demographic data, sending, by the information distribution system and for display at one or more of the one or more client devices or the second client device, the targeted content.

US Pat. No. 10,250,546

MANAGING AN E-MAIL RESPONSE

International Business Ma...

1. A method for managing an e-mail response, the method comprising:receiving a first e-mail from a sender sent to a plurality of e-mail addresses, wherein each e-mail address from the plurality of e-mail addresses includes a domain name, and wherein two or more of the e-mail addresses from the plurality of e-mail addresses have different domain names;
initiating a graphical user interface (GUI) associated with the e-mail response;
providing a list of the different domain names associated with the plurality of e-mail addresses and an e-mail address associated with the sender;
generating, based on a selection of one or more of the different domain names, a distribution list, wherein the distribution list comprises one or more e-mail addresses limited to e-mail addresses having a selected domain name; and
providing the distribution list in an addressee field associated with the e-mail response in the GUI,
wherein the GUI includes a plurality of addressee fields and a plurality of dropdown menus respectively associated with each addressee field from the plurality of addressee fields, wherein each dropdown menu from the plurality of dropdown menus lists the different domain names, and
wherein the distribution list is provided in one of the addressee fields from the plurality of addressee fields associated with a dropdown menu from which the selection of one or more of the different domain names is made.

US Pat. No. 10,250,545

METHOD, SYSTEM AND COMPUTER READABLE MEDIUM FOR NOTIFICATION DELIVERY

West Corporation, Omaha,...

1. A method, comprising:a processor assigning a plurality of delivery ports to each of a plurality of delivery channels;
the processor receiving a plurality of message delivery jobs;
the processor assigning each of the message delivery jobs to one of the plurality of delivery channels;
the processor determining a delivery timeframe for each of the message delivery jobs;
the processor assigning a priority to each of the message delivery jobs, wherein each job's priority is based at least in part on its delivery timeframe,
the processor ordering the delivery jobs for delivery according to their priority;
in the case any of the prioritized jobs' delivery timeframe will not be met, increasing that job's priority to ensure its delivery within its delivery timeframe, and reordering the delivery jobs for delivery;
in the case any of the reprioritized jobs' delivery timeframe will not be met, determining, by the processor, a number of ports required by each channel to ensure that each message assigned to that channel is delivered to its respective recipient within its delivery timeframe;
in the case the number of available ports is at least equal to the total number of required ports, reassigning the available ports so that each channel has at least the number of ports it requires; and
in the case the number of available ports is not at least equal to the total number of required ports, reassigning the available ports to maximize the total value of delivering the messages, including any penalties incurred by the inability to delivery every message within its timeframe.

US Pat. No. 10,250,544

ELECTRONIC EQUIPMENT, SYSTEM INCLUDING ELECTRONIC EQUIPMENT AND MANAGEMENT DEVICE, AND METHOD EXECUTED BY ELECTRONIC EQUIPMENT

Seiko Epson Corporation, ...

1. Electronic equipment configured to facilitate secure equipment settings modification through use of a transmitted notification that is triggered for transmission upon detection of a request to change one or more settings of the electronic equipment, the electronic equipment comprising:an instruction receiving unit that receives an instruction of a setting modification regarding the electronic equipment; and
an electronic mail sending unit that sends an electronic mail including access information to access a web page for permission of the setting modification by the modification instruction to a mail address corresponding to a predetermined administrator;
wherein a visual arrangement of content included within the electronic mail is structured in a manner to operate as a notification regarding the setting modification, the visual arrangement being arranged in the following specific manner:
a first list listing the one or more settings of the electronic equipment,
a second list listing proposed modified settings for the same one or more settings of the electronic equipment, wherein the proposed modified settings included in the second list are modified in accordance with the setting modification, and
the access information, which is provided to access the web page for permission of the setting modification, the access information being presented in a selectable form that, when selected, causes the web page to be accessed.

US Pat. No. 10,250,543

DEDUPLICATION OF E-MAIL CONTENT BY AN E-MAIL SERVER

International Business Ma...

1. A method for handling e-mail communication by an e-mail server, the method comprising:receiving an e-mail by the e-mail server;
determining a number of recipients for the e-mail;
based on determining the number of recipients being above a recipient threshold number:
parsing the e-mail to identify a large content item within the e-mail;
generating a modified e-mail by replacing the large content item within the e-mail with an identifier, wherein the identifier comprises a thread identifier, a content identifier, and a nonce, wherein the thread identifier is used to position the large content in a weblog, wherein the content identifier is a series of characters to identify a specific content item of the large item, and wherein the nonce is formed by an encryption function for identification and securing access to the large content; and
storing the large content item, wherein the large content item forms a basis for the weblog associated with the identifier, wherein the weblog comprises one or more large content items that are arranged in reverse chronological order;
sending the modified e-mail; and
receiving a reply e-mail to the modified e-mail, wherein content of the reply e-mail builds an extension to the weblog, and wherein the reply e-mail is generated by replacing the identifier with the large content making the replacement undetectable to a recipient.

US Pat. No. 10,250,541

PREDICTIVE RESPONSES TO INCOMING COMMUNICATIONS

Google LLC, Mountain Vie...

1. A method comprising:receiving, by a computing system, a plurality of message histories, wherein each message history from the plurality of message histories includes one or more of a simple messaging service message history, multimedia messaging service message history, an instant messaging message history, or an email message history;
determining, by the computing system and based on the plurality of message histories, a plurality of message and response pairs;
determining, by the computing system, a number of instances of each response for each message from the plurality of message and response pairs;
classifying, by the computing system, each response from the plurality of message and response pairs as having an information type, wherein the information type is one or more of time type, text type, number type, address type, emoji type, celebrity type, store type, day of week type, date type, or unknown type;
storing, by the computing system and in a data store, an indication of each unique message from the plurality of message and response pairs, an indication of the information type associated with the respective response associated with the unique message, and a number of responses from the plurality of message and response pairs having the information type as message and response information;
receiving, by the computing system and from a computing device, a request for a suggested response to an incoming communication, the request including an indication of the incoming communication;
determining, by the computing system and based on the request and the message and response information stored in the data store, a type of information expected to be included in a response to the incoming communication, wherein the type of information is one or more of the time type, the text type, the number type, the address type, the emoji type, the celebrity type, the store type, the day of week type, the date type, or the unknown type;
predicting, by the computing system, and based on the request and the type of information, one or more candidate response messages; and
sending, by the computing system and to the computing device, an indication of the one or more candidate response messages.

US Pat. No. 10,250,539

METHODS AND APPARATUS TO MANAGE MESSAGE DELIVERY IN ENTERPRISE NETWORK ENVIRONMENTS

VMware, Inc., Palo Alto,...

1. A method to manage delivery of messages in an enterprise network environment, the method comprising:accessing, via a message application programmable interface (API), a message posted to a social media network by a user of the enterprise network environment;
identifying, by executing an instruction with a processor, an occupational position of the user;
scanning, by executing an instruction with the processor, the message for at least one of a plurality of identifiers;
determining, by executing an instruction with the processor, whether the message includes the at least one of the identifiers;
when the message does not include the at least one of the identifiers, delivering the message to at least one of a first plurality of users of an enterprise entity via the message API, the first plurality of users characterized by a same occupational position as the user;
when the message includes the at least one of the identifiers:
identifying, with the processor, a different enterprise entity including a second plurality of users associated with the at least one of the identifiers, at least one of the second plurality of users characterized by a different occupational position than the occupational position of the user; and
delivering the message to at least one of the second plurality of users via the message API, the message API to provide compatibility between different types of social media networks used by the first plurality of users and the second plurality of users by delivering the message using a Hypertext Transfer Protocol.

US Pat. No. 10,250,538

DETECTING MESSAGES WITH OFFENSIVE CONTENT

1. A method comprising:receiving input that includes message content using a virtual keyboard that is generated for output on a display of a user device, the virtual keyboard being generated by an application program installed on the user device that includes multiple software modules;
determining, by the user device and using one or more of the software modules of the application program, whether the message content includes offensive content, wherein determining, by the user device and using one or more of the software modules of the application program comprises:
determining whether the received message content includes an offensive trigger word;
in response to determining that the received message content includes an offensive trigger word, analyzing the context in which the offensive trigger word is used in the message content, wherein analyzing the context in which the offensive trigger word is used comprises:
determining whether the offensive trigger word falls within a predetermined proximity of (i) a pronoun that refers to a person other than the user of the user device or (ii) an entity name that refers to a person other than the user of the user device; and
in response to determining, by the user device and using one or more of the software modules of the application program, that the received message content includes an offensive trigger word that falls within a predetermined proximity of (i) a pronoun that refers to a person other than the user of the user device or (ii) an entity name that refers to a person other than the user of the user device, generating an alert message for display on the user device that provides an indication that the received message content includes offensive content.

US Pat. No. 10,250,537

METHODS AND APPARATUSES FOR ANIMATED MESSAGING BETWEEN MESSAGING PARTICIPANTS REPRESENTED BY AVATAR

1. A data processing system for rendering an avatar of a sender of a message on a device of a recipient of the message, the data processing system comprising:a memory storing a program; and
at least one processor to execute the program, wherein execution of the program configures the at least one processor to:
receive an animation markup record listing visible attributes of the sender;
receive an indication of a selected art style for the recipient;
query a database storing art styles, including the selected art style, each art style including graphic elements that can be combined to create a corresponding avatar of the sender in a corresponding animation style of the recipient; and
relate the visible attributes of the sender to the graphic elements of the selected art style to render the avatar in the corresponding animation style of the recipient.

US Pat. No. 10,250,534

CLOUD-BASED UNIVERSAL COLLABORATIVE MESSAGING SYSTEM AND METHOD

Avaya Inc., Santa Clara,...

1. A server, comprising:a processor;
a memory; and
a universal collaborative messaging system (UCMS) application contained in the memory and executed by the processor, wherein the UCMS application: receives messages from a plurality of different messaging sources, wherein the messages are configured as communications from a sender to at least one recipient including a user; transforms a received message from a first messaging format into a second messaging format compatible with standardized file management systems, wherein the second messaging format is configured as a folder including one or more files, each file of the one or more files representing content of the received message, and wherein a size of the transformed message is less than a size of the received message; stores the transformed message in the second messaging format in a secure central memory in communication with the server, wherein the secure central memory is part of a cloud storage platform; and sends a notification to a communication device of the user, wherein the notification activates a universal message viewing application on the communication device without transmitting the transformed message to the communication device and enables a connection to the secure central memory via the communication device and the server, and wherein the communication device is caused to render at least a portion of the transformed message that is hosted by the server and the secure central memory.

US Pat. No. 10,250,532

SYSTEMS AND METHODS FOR A PERSONALITY CONSISTENT CHAT BOT

Microsoft Technology Lice...

9. A method for automated chatting with personality consistency, the method comprising:identifying that a first reply is warranted from a chat bot regarding a first entity to a user;
searching an entity-based disposition memory graph for the chat bot based on the first entity;
identifying a chat bot disposition for the first entity that was previously provided by the chat bot based on the searching of the entity-based disposition memory graph for the chat bot;
generating the first reply about the first entity based on the chat bot disposition for the first entity; and
providing the first reply to the user.

US Pat. No. 10,250,527

PORT EXTENDER ID ASSIGNMENT IN AN EXTENDED BRIDGE

ARRIS Enterprises LLC, S...

1. A method comprising:storing, by a controlling bridge (CB) in an extended bridge, a set of one or more port extender (PE) ID configurations, wherein at least one PE ID configuration in the stored set includes:
an identity of a first CB port; and
a plurality of PE IDs corresponding to a plurality of PEs connected to the first CB port, the plurality of PE IDs being sorted in connection order, and
wherein the stored set further comprises a second PE ID configuration that includes a provisional PE ID for a PE that has not yet joined the extended bridge.

US Pat. No. 10,250,525

INTENT-BASED SERVICES ORCHESTRATION

CenturyLink Intellectual ...

1. A method, comprising:receiving, with a computing system over a network, a request for network services from a customer, the request for network services comprising desired performance parameters for the requested network services, without information regarding any of specific hardware, specific hardware type, specific location, or specific network for providing the requested network services;
allocating, with the computing system, one or more network resources from one or more first networks of a first set of networks for providing the requested network services, based at least in part on the desired performance parameters and based at least in part on a determination that the one or more first networks is capable of providing network resources each having the desired performance parameters;
determining, with the computing system, whether at least one first network of the one or more first networks can no longer provide at least one first network resource, of the one or more network resources, having the desired performance parameters, based at least in part on one or more network performance metrics; and
based on a determination that at least one first network can no longer provide at least one first network resource having the desired performance parameters, allocating, with the computing system, at least one second network resource from at least one second network of a second set of networks for supplementing provision of the requested network services having the desired performance parameters, based at least in part on one or more updated network performance metrics, thereby replacing or augmenting the at least one first network resource provided from the one or more first networks of the first set of networks.

US Pat. No. 10,250,522

SECURE DISTRIBUTED COMPUTING USING CONTAINERS

1. A computer-implemented method for performing distributed computing in a secure manner, said method comprising the steps of:(a) encrypting, via one or more processors, a data set using a homomorphic encryption algorithm;
(b) generating a plurality of application containers configured to process the encrypted data set encrypted in step (a), wherein the application containers are self-contained applications that comprise all dependencies necessary for execution and operation of the application containers;
(c) providing, over one or more communications networks, the encrypted data set to a plurality of compute node resources;
(d) deploying, over the one or more communications networks, the application containers to the compute node resources, wherein the compute node resources are configured to execute the application containers to process the encrypted data set to obtain a processed encrypted data set;
(e) receiving, over the one or more communications networks, the processed encrypted data set from the compute node resources;
(f) decrypting, via one or more processors, the processed encrypted data set to obtain a decrypted processed data set;
(g) managing the compute node resources with a management resource; and
(h) tracking, via the management resource, metrics associated with each of the compute node resources.

US Pat. No. 10,250,520

CUSTOMER ENGAGEMENT PLATFORM AND PORTAL HAVING MULTI-MEDIA CAPABILITIES

SAMSUNG ELECTRONICS CO., ...

1. A system for managing customer engagement, comprising:a customer engagement portal to be disposed at a site, said customer engagement portal configured to receive inputs, including inputs related to media information;
at least one memory storing instructions;
at least one processor associated with said customer engagement portal and configured to execute the instructions stored in said at least one memory to manage said media information;
a first network device to be disposed at said site and communicatively coupleable with said at least one processor to wirelessly transmit a media stream therebetween, said first network device configured to output said media stream, and said first network device having an operating condition capable of being altered;
a second network device to be disposed at said site and communicatively coupleable with said at least one processor to wirelessly transmit another media stream therebetween, said second network device configured to output said other media stream, and said second network device having another operating condition capable of being altered;
a mobile device associated with said site and configured to initiate a change of at least one of said operating condition of said first network device while said first network device outputs said media stream and said other operating condition of said second network device while said second network device outputs said other media stream; and
a customer engagement platform communicatively couplable with both said customer engagement portal and said mobile device, the customer engagement platform configured to provide the media information based on both a present location of said mobile device relative to said customer engagement portal and a tracked travel pattern of a user associated with the mobile device,
wherein the tracked travel pattern of the user includes a determined frequency of the user being at the site and a previous movement of the user from one location to another location,
wherein said operating condition and said other operating condition are independent of and unrelated to said media stream and said other media stream, and
wherein said customer engagement portal is integrated into one of said first network device or said second network device.

US Pat. No. 10,250,519

SYSTEM AND METHOD FOR SUPPORTING A DISTRIBUTED DATA STRUCTURE IN A DISTRIBUTED DATA GRID

ORACLE INTERNATIONAL CORP...

1. A system for supporting a distributed queue, comprising:one or more microprocessors;
a distributed data grid comprising a plurality of member nodes operating on the one or more microprocessors;
a plurality of buckets distributed over the plurality of member nodes in the distributed data grid, wherein the plurality of buckets are maintained as a distributed queue, including a current tail bucket that acts as a tail of the distributed queue, and wherein each of the plurality of buckets are configured to store one or more elements of the distributed queue;
a queue state owner member node of the plurality of member nodes, wherein the queue state owner member node executes a queue state owner process, wherein the queue state owner process holds queue state information for the distributed queue, and wherein the queue state owner process provides the state information about the distributed queue to a client process; and
wherein said client process is configured to
store a local version of the queue state information for the distributed queue, and
use the local version of the queue state information about the distributed queue to perform an operation on one or more elements in a bucket in the distributed queue.

US Pat. No. 10,250,514

SYSTEMS, METHODS, AND DEVICES FOR ADDRESSED DATA COMMUNICATIONS

QUIET COACH INC., Waterl...

1. A communications system for sending a data packet, comprising:(a) a first device, comprising:
(i) a processor, the processor configured to compose an addressing bitmask and, address the data packet with the bitmask; and,
(ii) a transmitter connected to the processor for transmitting the addressed data packet;
(b) a second device, comprising:
(i) a receiver for receiving the addressed data packet; and,
(ii) a processor attached to the receiver, the processor configured to perform a bitmask test on the bitmask contained in the addressed data packet such that, if the test is failed, then the addressed data packet is discarded;
wherein the data packet comprises encoded audio data,
wherein the encoded audio data is encoded with pulse code modulation;
wherein:
(a) the processor of the first device is further configured to segment the addressed data packet into at least one datagram;
(b) the transmitter of the first device transmits the addressed data packet as a part of the at least one datagram, the at least one datagram being transmitted using a multi-casting protocol;
(c) the receiver of the second device receives the addressed data packet as a part of at least one datagram;
(d) the processor of the second device is further configured to reconstitute the data packet from the at least one datagram;
wherein: the datagrams are User Datagram Protocol (UDP) datagrams; and, the multi-casting protocol uses the Internet Protocol multi-casting (IP multicasting) protocol;
wherein at least one of the transmitter of the first device and the receiver of the second device are configured for use over a private wireless local area network; and
wherein the private wireless local area network uses at least one IEEE 802.11 standard.

US Pat. No. 10,250,512

SYSTEM AND METHOD FOR TRAFFIC DIRECTOR SUPPORT IN A MULTITENANT APPLICATION SERVER ENVIRONMENT

ORACLE INTERNATIONAL CORP...

1. A system for traffic director support in a multitenant application server environment, comprising:one or more computers, including an application server that enables deployment and execution of software applications, wherein the application server is associated with a domain configuration that is used at runtime to define a domain for the execution of the software applications, together with
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain,
one or more resource groups, wherein each of the one or more resource groups is associated with a partition of the one or more partition,
a plurality of virtual targets,
an instance of a traffic director, the instance of a traffic director comprising a configuration, and
a traffic director plugin instantiated within the domain, the traffic director plugin providing access to the domain, the traffic director plugin further providing access to a plurality of lifecycle operations of the domain;
wherein each of the plurality of partitions and the one or more resource groups are targeted to a virtual target of the plurality of virtual targets;
wherein the configuration of the instance of a traffic director is configured to direct network traffic to the plurality of partitions and the one or more resource groups, the configuration of the instance of the traffic director comprising one or more routes; and
wherein the instance of a traffic director provides load balancing among one or more servers of a server pool.

US Pat. No. 10,250,510

INTELLIGENT NETWORK RESOURCE MANAGER

Oracle International Corp...

1. A method comprising:assigning a selected priority and a selected category to each of a plurality of virtual channels selected from a set of virtual channels associated with a physical communication channel within a switched fabric;
wherein each selected priority is selected from a plurality of priorities comprising a first priority and a second priority;
wherein each selected category is selected from a plurality of categories comprising a first category and a second category, wherein the first category is based on a first message size and the second category is based on a second message size that is larger than the first message size, wherein more virtual channels are assigned the first category than the second category;
directing outbound messages to the plurality of virtual channels based on a category and a priority of each outbound message;
segmenting each outbound message into one or more respective packets to generate a plurality of packets that each do not exceed a maximum packet size, wherein said second message size exceeds said maximum packet size;
processing the plurality of virtual channels in a circular order to send a same amount of packets from said plurality of packets for each virtual channel over the physical communication channel within the switched fabric;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,250,509

INCREMENTAL APPLICATION OF RESOURCES TO NETWORK TRAFFIC FLOWS BASED ON HEURISTICS AND BUSINESS POLICIES

Level 3 Communications, L...

12. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform a method for operating a network service provider, the method comprising:receiving a first portion of a traffic flow in a network, wherein the traffic flow satisfies a first condition;
inspecting the first portion of the traffic flow at a first level of detail;
determining, based on the inspecting, that the traffic flow satisfies a second condition;
in response to determining that the traffic flow satisfies the second condition, sending a message to a controller, the message indicating that the second condition is satisfied, wherein the controller is configured to instruct one or more routers to transmit a second portion of the traffic flow to the network service provider based on the determining that the traffic flow satisfies the second condition;
subsequent to sending the message, receiving the second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and
in response to receiving the second portion of the traffic flow, inspecting the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.

US Pat. No. 10,250,508

LOAD BALANCING METHOD AND SYSTEM

ZTE Corporation, Shenzhe...

1. A load balancing method, comprising:collecting load information of a load balancing object, and generating a load balancing group table according to the load information;
generating a load balancing group routing table according to information of the load balancing group table; and
forwarding a data packet according to the load balancing group routing table,
wherein information in the load balancing group routing table at least comprises:
a group identifier, group identification information, branch object load weight information, and/or a subgroup object switch egress port,
wherein, the branch object load weight information is represented by a bearing space value, branch objects in the load balancing group routing table are arranged according to an order of bearing space values from small to large, and a load proportion corresponding to each branch object is equal to a bearing space value corresponding to the branch object minus a bearing space value corresponding to a previous branch object and divided by a maximum branch bearing space value in a group having the group identifier.

US Pat. No. 10,250,507

PERSISTENT CONNECTION REBALANCING

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of rebalancing persistent client connections to a cluster of servers, the method comprising:identifying, by one or more processors of a computer system, an increase in a total client connection capacity of the cluster of servers with a network connection balancing component, wherein the increase in the total client connection capacity of the cluster of servers is due to one or more new servers being added to the cluster of servers;
determining, by the one or more processors of a computer system, a target client connection capacity utilization with the network connection balancing component from the increased total client connection capacity of the cluster of servers and the number of persistent connections to the cluster of servers; and
for each server in a selection of servers in the cluster of servers:
determining, by the one or more processors of a computer system, a current client connection capacity utilization of the server from the number of persistent connections to the server and a current capacity of the server;
comparing, by the one or more processors of a computer system, the current client connection capacity utilization with the target client connection capacity utilization; and
terminating, by the one or more processors of a computer system, a selection of its persistent client connections by the server based on the current client connection capacity utilization exceeding the target client connection capacity utilization.

US Pat. No. 10,250,505

EMERGENCY SIGNAL FOR M2M DEVICES

1. A method comprising:receiving, at a server connected to a network, messages from a plurality of devices connected to the network, wherein the messages comprise a first subset and a second subset;
consolidating the first subset into a consolidated message;
consolidating the second subset into another consolidated message;
prioritizing the second subset lower than the first subset based on a first message type indicated by the first subset being ranked higher than a second message type indicated by the second subset; and
causing the consolidated message to be provided to a recipient at a first transport quality of service (QoS) level before causing an indication of the another consolidated message to be provided to the recipient at a lower QoS level than the first transport QoS level.

US Pat. No. 10,250,504

LONGEST PREFIX MATCHING OPERATIONS ON A VALUE IN MULTIPLE INTERSPERSED PREFIX LENGTH SEARCH SPACES TO DETERMINE AN OVERALL LONGEST PREFIX MATCHING RESULT IN A PACKET SWITCHING SYSTEM

Cisco Technology, Inc., ...

1. A method, comprising:determining, by a packet switching system, an overall longest prefix matching (LPM) result for a particular lookup value associated with a packet, wherein said determining the LPM result includes:
performing a first LPM operation, by a first LPM lookup unit, on the particular lookup value in a first search space determining a first longest matching prefix and resulting in an identification of a first LPM result including processing information identified directly or indirectly and a first length value specifying a prefix length of the first longest matching prefix, which is not a default route;
performing a second LPM operation, by a second LPM lookup unit, on the particular lookup value in a second search space determining a second longest matching prefix and resulting in an identification of a second LPM result including processing information identified directly or indirectly and a second length value specifying a prefix length of the second longest matching prefix, which is not a default route;
selecting as the overall LPM result the first LPM result when the first length value is greater than the second length value else the second LPM result, which includes comparing the first and second length values; and
processing the packet according to the overall LPM result;
wherein the first search space and the second search space include non-default route prefixes with interspersed prefix lengths matching a same value.

US Pat. No. 10,250,503

ROUTING METHOD AND WIRELESS NODE FOR WIRELESS MESH NETWORK

Industrial Technology Res...

1. A routing method for a wireless mesh network, the routing method being performed on a wireless node of a plurality of nodes of the wireless mesh network and comprising:transmitting a control message packet for finding a plurality of available paths to reach a destination node of the plurality of nodes by performing a route algorithm to discover a topology of the wireless mesh network, and stopping performing the route algorithm after the plurality of available paths are found;
recording the available paths to reach the destination node, at least one parent-child node relationship corresponding to the available paths, and at least one link-state corresponding to the available paths in a route table;
using an optimal path among the available paths to transmit data or transfer data;
in response to the optimal path reaching the destination node being not operable, selecting another available path as the optimal path from the available paths, updating the route table, and notifying at least one parent wireless node on the optimal path of a node-deleted message;
in response to a node-added message being received from a newly-added node, relaying the node-added message and performing a block route algorithm for creating a block route table in a block to which the newly-added node belongs, updating the route table according to the block route table to acquire a plurality of updated available paths, selecting a path as the optimal path from the updated available paths, and notifying the at least one parent wireless node on the optimal path of the node-added message, wherein the block to which the newly-added node belongs is consist of the newly-added node and a part of the wireless mesh network and the part of the wireless mesh network comprises at least one adjacent node of the newly-added node in the wireless mesh network, and the wireless node is one of the at least one adjacent node; and
in response to the node-added message not being relayed from any wireless node in the block, not relaying the node-added message and not performing the block route algorithm.