US Pat. No. 10,193,985

METHOD AND DEVICE FOR PERFORMING SERVICE DISCOVERY IN WIRELESS COMMUNICATION SYSTEM

LG Electronics Inc., Seo...

1. A method of performing service discovery performed by a first NAN (neighbor awareness networking) device in a wireless communication system, the method comprising:exchanging a subscribe message with a second NAN device; and
transmitting a first service discovery frame (SDF) based on the exchanged subscribe message,
wherein the first service discovery frame comprises a NAN connection capability attribute field,
wherein the NAN connection capability attribute field comprises a first type interface information field indicating whether the first NAN device supports a first type interface, and
wherein the NAN connection capability attribute field further comprises a beacon frame field containing information about a beacon frame associated with the first type interface.

US Pat. No. 10,193,984

ARCHITECTURE FOR ENABLING FINE GRANULAR SERVICE CHAINING

TELEFONAKTIEBOLAGET LM ER...

1. A method implemented by a network device, the method for implementing a service chain by instantiating services on demand by a lightning module that provides the services as applications executed by unikernels supported by a hypervisor, the method comprising:receiving authentication, administration and accounting (AAA) service authentication of a user by the lightning module;
instantiating, by the lightning module, a special unikernel monitor to only monitor a session for packets from the user, in response to receiving the AAA service authentication of the user;
determining at least one unikernel configuration file for the user;
checking whether a packet from the user is received in the session by the special unikernel monitor; and
responsive to detecting the packet, instantiating a plurality of service chain unikernels identified in the at least one unikernel configuration file, by the special unikernel monitor, the plurality of service chain unikernels to process packets of the session.

US Pat. No. 10,193,983

INFORMATION DISTRIBUTION DEVICE INFORMATION RECEPTION DEVICE, INFORMATION DISTRIBUTION METHOD, AND RECORDING MEDIUM

NEC Corporation, Tokyo (...

1. An information reception device comprising:a memory storing instructions; and
one or more processors to execute the instructions to:
receive, from an information distribution device, a plurality of pieces of distribution information representing advertisements;
receive, from the information distribution device, a plurality of personalization rules, each of the plurality of personalization rules including a selection condition and selection information, wherein
the selection condition is generated based on information concerning at least one of a plurality of pieces of action information, which are extracted from actions of a user who uses the user's own device, and
the selection information represents one of the plurality of received pieces of distribution information and is generated by using information concerning at least another one of the plurality of extracted pieces of action information;
acquire a piece of action information;
extract, from the plurality of received personalization rules, personalization rules based on a corresponding selection condition that matches the acquired piece of action information and select, from the plurality of received pieces of distribution information, a piece of distribution information indicated by selection information included in the extracted personalization rules; and
output the selected piece of distribution information, wherein the one or more processors execute the instructions to:
associate, for each of a plurality of user identifications and from a plurality of pieces of action information from the plurality of user identifications, first type of action attribute information with second type of action attribute information to form a pair,
count a number of each unique pair of first type of action attribute information together with second type of action attribute information for all of the plurality of user identifications, and
rank the counted numbers of unique pairs to form at least a personalized rule including, as a combination of selection condition and selection information, a pair of first type of action attribute information together with second type of action attribute information.

US Pat. No. 10,193,982

SYSTEMS AND METHODS FOR RECONNECTING CALLS

SECURE CONNECTION LTD., ...

1. A method for restoring bidirectional voice communication between at least two client terminals, comprising:detecting, by a server, a dropping of a bidirectional voice communication on a communication segment between a first client terminal and the server, the communication segment part of the bidirectional voice communication established between the first client terminal and a second client terminal using respective communication segments with the server, the dropping triggered by insufficient resources for maintaining the bidirectional voice communication in a desired quality for the first client terminal,
receiving, at the server, at least one message from the first client terminal, the at least one message including instructions for restoring the bidirectional voice communication, the at least one message received over available resources sufficient for transmission of the at least one message over the affected communication segment;
automatically activating an instant message session between the first client terminal and the second client terminal in response to the detecting; and
restoring, by the server, the bidirectional voice communication according to the received instructions when sufficient resources are available for maintaining the bidirectional voice communication at the desired quality.

US Pat. No. 10,193,981

INTERNET OF THINGS (IOT) SELF-ORGANIZING NETWORK

CenturyLink Intellectual ...

1. A method for implementing Internet of Things (“IoT”) self-organizing network functionality, comprising:receiving, with a computing system, at least one first data from at least one first IoT-capable device of a plurality of IoT-capable devices, the at least one first data comprising data regarding one or more second IoT-capable devices of the plurality of IoT-capable devices of a self-organizing network (“SON”) of IoT-capable devices;
analyzing, with the computing system, the at least one first data to determine a status of at least one second IoT-capable device of the one or more second IoT-capable devices;
based at least in part on the determined status of the at least one second IoT-capable device, generating, with the computing system, one or more control instructions; and
autonomously sending, with the computing system, the one or more control instructions to one or more third IoT-capable devices of the plurality of IoT-capable devices, based at least in part on the determined status of the at least one second IoT-capable device, the one or more control instructions causing each of the one or more third IoT-capable devices to change at least one of its device settings, its device configurations, its network configurations, or its functions within the SON of IoT-capable devices.

US Pat. No. 10,193,980

COMMUNICATION METHOD BETWEEN TERMINALS AND TERMINAL

SAMSUNG ELECTRONICS CO., ...

1. A terminal comprising:a communicator configured to receive media data of a first terminal arbitrating a transmission authority among other terminals, transmit a transmission authority request message to each of the other terminals in response to an expiry of a first timer based on receiving the media data; and
a controller configured to enter a permission state in response to a Nth expiry of a second timer started upon transmitting the transmission authority request message,
wherein in the permission state, the terminal has permission to transmit media data of the terminal.

US Pat. No. 10,193,979

SYSTEM ARCHITECTURE FOR WIRELESS METROLOGICAL DEVICES

General Electric Company,...

1. A computer-based method by a wireless metrological device, the wireless metrological device including a wireless communication interface configured to communicate with at least one mobile computing device, the method comprising:receive a connection request from the at least one mobile computer device;
send a connection confirmation to the at least one mobile computer device;
respond to the at least one mobile computer with Device Information Service (DIS);
acknowledge to the at least one mobile computer a universal generic data service;
send a data descriptor to the at least one mobile device, wherein the data descriptor is affiliated with a measurement; andsend a data packet comprising the measurement using the universal generic data service to the at least one mobile computing device, wherein the wireless metrological device comprises a taper gauge.

US Pat. No. 10,193,978

DISTRIBUTED NETWORK NODE OPERATION SYSTEM BASED ON OPERATION CONTROL UNIT

CHONGQING GKTSINGCHIP IND...

1. A distributed network node operation system based on an operation control unit, the operation system operating on the network node and directly interacting with a data link layer, the operation system comprising: an application interface unit, a network information management unit, a file unit, a task scheduling unit and a device drive management unit, wherein,the application interface unit is a set of application interfaces, and packages services provided by the file unit, the task scheduling unit and the network information management unit into an interface for interacting with a protocol stack management unit;
the network information management unit is configured to interact with the data link layer to perform link scheduling for transmitting information and updating node data;
the file unit is configured to manage and store file information, organize and allocate space of a file storage device, and is responsible for file storage and protecting and searching stored files;
the task scheduling unit is configured to manage hardware resources;
the device drive management unit is configured to manage underlying device application drives, and to invoke different protocol stack library functions through different application drives, thus making a plurality of communication modes and protocols compatible;
data of the network node are stored in a manner of a block chain table, and the block chain table comprises a plurality of information abstracts, including time stamps, a number of acquisition nodes and tags of the acquisition nodes; and
after a neighbor node receives the encapsulated information shared by the acquisition nodes, the network information management unit incorporates the time stamp of this time, the tags of the acquisition nodes and the data in the encapsulated information into the block chain in an order according to the time stamps; meanwhile actively pushes the received encapsulated information to another neighbor node according to the push path.

US Pat. No. 10,193,977

SYSTEM, DEVICE AND PROCESS FOR DYNAMIC TENANT STRUCTURE ADJUSTMENT IN A DISTRIBUTED RESOURCE MANAGEMENT SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A process for managing workloads by a distributed resource management system of a distributed computing system, the process comprising:receiving a tenant update for a hierarchical queue, the hierarchical queue comprising tenants and sub-tenants, the tenant update identifying a modification to a tenant or sub-tenant of the hierarchical queue;
retrieving, by a rule-based workload management engine, a rule having a tenant event corresponding to the tenant update, wherein the rule-based workload management engine retrieves the rule from a database storing rules, each rule stored in the database including a tenant event identifying a tenant or sub-tenant of the tenants or sub-tenants the rule is applicable to and an action for one or more workloads of the tenant or sub-tenant;
determining, from the retrieved rule, the action for the one or more workloads of the tenant or sub-tenant identified in the tenant event of the retrieved rule, each of the one or more workloads of the tenant or sub-tenant identified associated with a resource request; and
applying the action for the one or more workloads of the tenant or sub-tenant, without interrupting execution of any workloads of other tenants or sub-tenants of the hierarchical queue.

US Pat. No. 10,193,976

METHOD AND SYSTEM FOR RECONSTRUCTING A SLOT TABLE FOR NFS BASED DISTRIBUTED FILE SYSTEMS

Dell Products L.P., Roun...

6. A system for enabling a seamless failover between distributed system controllers in a Network File System (NFS) based distributed file systems, the system comprising:a distributed cluster of controllers configured to receive a retried request from a client, wherein each controller comprises substitute slot table modules being a process running on it respective controller;
wherein each of the substitute slot table modules is configured to:
determine an expected size of sessions slot table by inspecting a COMPOUND message's SEQUENCE operation ‘highest_slotid’ field at said client request;
in a case that the retried request is of a re-enter idempotent type, process the request again;
in a case that the retried request is file state related, check in already opened file handles if the already opened file handles are open with exactly same properties already exist for the particular client, and if found, returning the file handle information to the client as if it was just opened by it; and
in a case that the retried request is of a non-idempotent type, attempt to perform the operation again, wherein if the source file does not exist, check the existence of the expected outcome, and reply with a success,
wherein the distributed file systems are compliant with NFSv4.1 protocol.

US Pat. No. 10,193,975

MANAGING MULTIPLE CLOUD STORES THROUGH A WEB SERVICE

Microsoft Technology Lice...

1. A computing system, comprising:a processor; and
memory storing instructions executable by the processor, wherein the instructions, when executed, configure the computing system to:
receive, from a client device through a storage system-independent application programming interface, a call that is associated with an application on the client device and indicates a data access request to move an identified file from a first cloud-based storage system to a second cloud-based storage system, wherein
the first cloud-based storage system implements a first storage system-specific interface, and
the second cloud-based storage system implements a second storage system-specific interface that is different than the first storage system-specific interface;
perform an authentication operation to authenticate the application to the first cloud-based storage system;
transform the call into a storage system-specific call that is configured in accordance with the first storage system-specific interface; and
execute the storage system-specific call against the first storage system-specific interface to perform the operation, by moving the identified file from the first cloud-based storage system to the second cloud-based storage system without downloading the identified file to the client device.

US Pat. No. 10,193,974

MANAGING COLLABORATION OF SHARED CONTENT USING COLLABORATOR INDEXING

Box, Inc., Redwood City,...

1. A method comprising:identifying a server in a cloud-based environment that is interfaced with one or more storage devices that store one or more content objects accessible by one or more collaborators;
receiving a content object transaction request from a transaction requestor, the content object transaction request to result in a change of collaboration attributes pertaining to the content object;
maintaining a collaboration index as a database table, the database table comprising:
(i) a first column that identifies an object path associated with the content object,
(ii) a second column that identifies an object parent associated with the content object,
(iii) a third column that identifies user identifiers associated with the one or more collaborators; and
(iv) one or more database rows associated with the user identifiers from the third column, wherein a user is designated as a collaborator for the content object by inserting a database row for the user identified from the third column into the one or more database rows of the database table where the object path in the first column for the database row corresponds to the content object and one or more object parents for the content object associated with the user is included in the second column;
querying the database table to determine a set of potential content object collaborators for a current object by identifying the user identifiers from the third column from among the one or more database rows that are identified as having a current content object path or having a current content object parent path listed in at least one of the first column or the second column;
generating one or more updated database rows in the database table based at least in part on the set of content object collaborators; and
triggering an update to the collaborator index based at least in part on the one or more updated database rows.

US Pat. No. 10,193,973

OPTIMAL ALLOCATION OF DYNAMICALLY INSTANTIATED SERVICES AMONG COMPUTATION RESOURCES

Ubisoft Entertainment, R...

7. One or more non-transitory computer readable media, said media containing computer-executable instructions which, when executed, perform a method for the allocation of tasks among computation resources, said method comprising the steps of:receiving a task specification including an indication of a bundle,
wherein the bundle comprises one or more service execution files and a manifest including metadata for the bundle;
for each computation resource of a plurality of computation resources, each computation resource including a separate launcher, calculating a time metric for the specified task on the computation resource, said time metric incorporating a computation time and a transfer time,
wherein the transfer time includes the time necessary to transfer the task to the computation resource, the time necessary to transfer any input data needed for the task to the computation resource, and the time needed to transfer the resulting output data from the computing resource;
determining a chosen computation resource of the plurality of computation resources based on the time metric calculated for each computation resource of the plurality of computation resources
determining that no suitable computing resource exists;
spawning a new computing resource;
using the new computing resource as the chosen computation resource for instantiating the service;
selecting a bundle based on the service to be instantiated;
transmitting a message to a launcher, said message indicating the selected bundle; and
executing the specified task on the chosen computation resource via the launcher executing as a persistent service on the chosen computation resource.

US Pat. No. 10,193,971

METHOD, SERVER AND SYSTEM FOR APPLICATION SYNCHRONIZATION

TENCENT TECHNOLOGY (SHENZ...

1. An application synchronization method, comprising:establishing, by a server, a communication connection between an originating terminal and a destination terminal, wherein the originating terminal and the destination terminal respectively log in the server with a same login account;
upon establishing the communication connection between the originating terminal and the server and between the destination terminal and the server, displaying a device list including the originating terminal and the destination terminal on the originating terminal and the destination terminal;
receiving, by the server, a synchronization request message sent by the originating terminal, wherein the synchronization request message includes a program identification of a target application and a terminal identification of the destination terminal;
obtaining, by the server, device information and address information of the destination terminal based on the terminal identification of the destination terminal;
querying, by the server, an installation file matching with the program identification of the target application and the device information of the destination terminal; and
sending, by the server, the installation file to the destination terminal based on the address information.

US Pat. No. 10,193,970

WIRELESS SYNCHRONIZATION OF MEDIA CONTENT AND SUBSCRIPTION CONTENT

Microsoft Technology Lice...

1. A computing device comprising:at least one processor; and
memory storing computer-executable instructions that, when executed by the at least one processor, cause the computing device to:
establish a wireless synchronization connection to a portable computing device;
receive, from the portable computing device over the wireless synchronization connection, wireless configuration setup parameters used by the portable computing device to connect to a particular wireless local area network and subscription data used by the portable device to access a web-based media content delivery service over the Internet;
re-use the wireless configuration setup parameters to connect to the particular wireless local area network; and
re-use the subscription data to access the web-based media content delivery service over the Internet, wherein the subscription data indicates an action to execute, the action comprising an order to retrieve media data from the web-based media content delivery service, the order based on a global state of a user subscription.

US Pat. No. 10,193,969

PARALLEL PROCESSING SYSTEM, METHOD, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A parallel processing system which is a multi-layered fullmesh system in which a plurality of layers of fullmesh systems, having a plurality of Leaf switches fullmesh-coupled to each other, are coupled to each other, the parallel processing system including a plurality of nodes, the parallel processing system being configured to perform a parallel arithmetic operation of applications, at least one of the plurality of nodes being coupled to each of the plurality of Leaf switches, the parallel processing system comprising:circuitry configured to:
obtain communication recording information in which a number of times of communication between the plurality of nodes during execution of an application is recorded;
obtain communication pattern information in which assignment information indicating which connection topology of a fullmesh topology and a fattree topology is to be selected for each a plurality of communication patterns, in the fullmesh topology, the plurality of nodes having an intra-layer connection relationship, and in the fattree topology, the plurality of nodes having inter-layer connection relationship;
select a first communication pattern from the plurality of communication patterns based on the number of times of communication;
identify, based on the communication pattern information, a connection topology from the fullmesh topology and the fattree topology corresponding to the selected first communication pattern; and
assign, based on the identified connection topology, nodes included in the parallel processing system that execute the application.

US Pat. No. 10,193,967

REDIRECTING DEVICES REQUESTING ACCESS TO FILES

Oracle International Corp...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, causes performance of operations comprising:receiving, at a first storage node of a plurality of storage nodes, a first file download request for a file;
wherein the first storage node has dual functionality to (a) serve file requests and (b) select other nodes to serve file requests;
serving, by the first storage node, the first file download request for the file;
receiving, at the first storage node, a second file download request for the file from a requesting device;
determining that an access load corresponding to the first storage node exceeds a threshold value;
responsive to determining that the access load corresponding to the first storage node exceeds the threshold value:
identifying, by the first storage node, at least two storage nodes in the plurality of storage nodes that can serve the second file download request for the file;
selecting, by the first storage node, a second storage node from the at least two storage nodes to serve the second file download request for the file;
wherein the second storage node is selected by the first storage node based on the second storage node having a higher priority value, than other nodes in the at least two storage nodes, for serving a geographical region of the requesting device; and
redirecting the requesting device to the second storage node that stores the file.

US Pat. No. 10,193,966

METHOD FOR A USER TO ACCESS AT LEAST ONE COMMUNICATION SERVICE PROVIDED VIA A DATA CENTRE OF A CLOUD COMPUTING SYSTEM

ORANGE, Paris (FR)

1. A method for a user to access at least one communication service provided via a first data center of a cloud computing system, the first data center being located in a first geographic area, the method comprising the following acts, executed in the first data center:a) after a user's terminal has been connected to a web portal for accessing said service, receiving in the first data center a message providing information on the location of the terminal;
b) determining the geographic location of the terminal on the basis of the received terminal location information, and if the geographic location of the terminal corresponds to a second geographic area, different from the first area, then:
d) searching for a second data center of the cloud computing system capable of providing the service in the second area;
e) if this second data center exists, transferring computing functionality adapted to provide the communication service to the user to the second data center, so that the communication service can be used in the user's terminal, based on the second data center
wherein said computing functionality adapted to the provision of the service is implemented in a virtual machine hosted by a server of the first data center, and wherein, in act e), the transfer of said functionality from the first data center to the second data center corresponds to sending, to a server of the second data center, of a copy of some or all of the execution code of said virtual machine and its execution context.

US Pat. No. 10,193,964

CLUSTERING REQUESTS AND PRIORITIZING WORKMANAGER THREADS BASED ON RESOURCE PERFORMANCE AND/OR AVAILABILITY

International Business Ma...

1. A computer program product for optimizing a resource manager thread pool in a production environment, the computer program product comprising:one or more non-transitory computer readable storage media and program instructions stored on the one or more non-transitory computer readable storage media, the program instructions comprising:
first program instructions programmed to divide a set of vouchers into a plurality of voucher subsets so that each voucher subset respectively corresponds to a resource manager of a plurality of resource managers, where each resource manager of the plurality of resource managers respectively corresponds to a resource in an application server and where each voucher subset corresponds respectively to a thread subset associated with the resource and clustered based on the resource;
second program instructions programmed to receive a plurality of incoming pending requests with each incoming pending request respectively corresponding to a resource;
third program instructions programmed to temporarily remove a voucher from its voucher subset corresponding to a given resource manager upon each instance that a given pending incoming request is assigned to that given resource manager for responsive processing such that the given pending incoming request thereby becomes an assigned request;
fourth program instructions programmed to determine which request of the plurality of pending incoming requests will be next assigned to a corresponding resource manager based, at least in part, upon which resource manager has the greatest number of vouchers in its respective subset of vouchers;
fifth program instructions programmed to assign the plurality of pending incoming requests to a corresponding resource manager for execution by a thread associated with the thread subset; and
sixth program instructions programmed to return a temporarily removed voucher to its voucher subset corresponding to a given resource manager upon each instance that the given resource manager has completed responsive processing of a given assigned request such that the given assigned request thereby becomes a completed request.

US Pat. No. 10,193,962

OPPORTUNISTIC ROUTING

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request for at least a first portion of content from a client;
providing the first portion of the content to the client from a first server, the first server configured to transmit data at least at a threshold transmission rate;
determining that processing or characteristics of a connection with the client are below a threshold;
selecting a second server to provide a second portion of the content to the client based at least in part on the processing or characteristics of the connection and a determination that the client has a threshold amount of the content buffered;
buffering the content until the threshold amount of the content is available to the client; and
providing the second portion of the content to the client from the second server at a transmission rate less than the threshold transmission rate, wherein the second server has a lower demand than the first server based at least in part upon the second server being at a second geographic location that is further from the client than a first geographic location of the first server.

US Pat. No. 10,193,961

BUILDING DEPLOYMENT PIPELINES FOR A PRODUCTION COMPUTING SERVICE USING LIVE PIPELINE TEMPLATES

Amazon Technologies, Inc....

1. A computer-readable storage medium storing instructions, which, when executed on a processor, perform an operation for provisioning a deployment pipeline, the operation comprising:receiving a definition of an instance of a live pipeline template (LPT), wherein the instance of the LPT is specified using at least a first base pipeline template and a second pipeline template, wherein the first base pipeline template specifies a set of configuration parameters for a plurality of deployment stages of the deployment pipeline, and wherein the second pipeline template extends the first base pipeline template with one or more instance specific parameters for the deployment pipeline;
generating, from the instance of the LPT, an application definition which provides a fully-specified configuration for a plurality of computing services included in the deployment pipeline;
launching a first instance of the deployment pipeline in at least a first cloud computing region by invoking, for each computing service referenced in the application definition, a respective pipeline synthesis driver to configure one of the plurality of computing services in the first cloud computing region according to the fully-specified configuration provided in the application definition; and
launching at least a second instance of the deployment pipeline in at least a second cloud computing region by invoking, for each computing service referenced in the application definition, the respective pipeline synthesis driver to configure one of the plurality of computing services in the second cloud computing region according to the fully-specified configuration provided in the application definition.

US Pat. No. 10,193,960

MOBILE CORE CLIENT ARCHITECTURE

ProntoForms Inc., Kanata...

1. A system for automatically managing one or more processes created by a plurality of software providers, comprising:a computer processor;
a memory; and
a mobile resource contextualization engine stored in the memory,
the mobile resource contextualization engine having computer readable instructions for execution by the computer processor,
the mobile resource contextualization engine being coupled with a mobile device having a plurality of applications running thereon;
the mobile resource contextualization engine configured to communicate with one or more network services available to the mobile device over a network, the mobile resource contextualization engine comprising:
a secure framework configured to control access to one or more context information exposed to mobile applications running on the mobile device;
a device context engine coupled with said secure framework and configured to exchange information with one or more information capture resource;
a network context engine coupled with said secure framework, the network context engine configured to communicate with one or more network services over a network;
wherein said device context engine and said network context engine communicate with a mobile context registry and said one or more context information exposed to said one or more processes running on the mobile device to allow the mobile device and the applications running thereon to utilize said plurality of context information;
an extensible application programming interface coupled with said secure framework and configured to allow said one or more processes to access said one or more context information and said one or more information capture resource; and
a call notification interface coupled with said secure framework and configured to receive updates for said one or more processes and configured to subscribe to changes in said one or more context information.

US Pat. No. 10,193,957

MULTIMEDIA FILE UPLOAD

1. A computerized method for accelerating a handling of a media file being uploaded from a first computer system to a second computer system over a communication network, comprising:at a first computer system, electronically communicating with a second computer system over a communication network:
receiving, during a continuous uploading event, an incoming stream of packets sent by said second computer system over said communication network, wherein the packets are generated from a media file comprising both at least one image and at least thumbnail image of said at least one image, wherein the at least one image is encoded according to a file format of the media file, and wherein packets generated from the at least one thumbnail image of the at one image and packets generated from the at least one image of the media file are transmitted to the first computer system;
extracting the at least one thumbnail image of the at least one image of the media file, from one or more of the incoming packets, during the continuous uploading event of said at least one image of the media file and completing said extracting before all the packets of the incoming stream are received; and
accelerating a displaying of a representative image of said at least one image, by displaying the at least one thumbnail image of the at least one image during the continuous uploading event of said at least one image of the media file, before all the packets of the incoming stream are received at the first computer system.

US Pat. No. 10,193,956

GROUPING AND TRANSFERRING OMIC SEQUENCE DATA FOR SEQUENCE ANALYSIS

FIVE3 GENOMICS, LLC, San...

1. A method of transferring a plurality of omic sequences, comprising:providing an access to a first computer coupled with a second computer;
receiving, by the first computer, a plurality of omic output files from a plurality of respective sequencers, wherein each of the omic output files comprises sequence data and a machine-specific annotation;
annotating, by the first computer, the plurality of omic output files using an annotation input from a user to thereby form annotated omic output files;
grouping, by the first computer, the annotated omic output files into a transport group, wherein grouping is based on the machine-specific annotation and the annotation input from the user and wherein all of the plurality of omic sequences required for sequence analysis are in the transport group;
delivering, by the first computer, the transport group to the second computer; and
sending, by at least one of the first and second computers, a feedback signal to at least one of the plurality of sequencers to modify an operation of the sequencer.

US Pat. No. 10,193,955

SYSTEM AND METHOD FOR VIDEO COMMUNICATION

Huawei Technologies Co., ...

1. A method for transmitting video, the method comprising:receiving, by a first device, a first video transmission schedule indicating a first frame type of different frame types to be transmitted;
encoding, by the first device, a first video frame of video frames to generate a first encoded video frame based on the first frame type of the first video transmission schedule;
transmitting, by the first device towards a second device, the first encoded video frame;
after the transmitting the first encoded video frame, receiving, by the first device, a second video transmission schedule determined in accordance with characteristics of a channel and use of the channel by other devices, the second video transmission schedule indicating a second frame type of the different frame types to be transmitted, wherein the use of the channel by other devices comprises information for selecting a predicted picture coded frame (P-frame) to avoid collisions of intra-coded frames (I-frames);
encoding, by the first device, a second video frame of the video frames to generate a second encoded video frame based on the second frame type of the second video transmission schedule; and
transmitting, by the first device towards the second device, the second encoded video frame.

US Pat. No. 10,193,954

SYSTEM AND METHOD FOR PROVIDING AN APPLICATION TO A DEVICE

Comcast Cable Communicati...

1. A method comprising:determining, for a computing device, device capability information;
determining, based on the device capability information, a set of applications that is supported by the computing device;
generating, for the set of applications, a set of messages that comprises data indicating a download location for the set of applications; and
based on determining that porting, from a first account to a second account, information associated with the computing device is complete, sending, to the computing device, the set of messages.

US Pat. No. 10,193,953

SELF DESCRIBING CONFIGURATION

Oracle International Corp...

1. A method comprising:providing, by a cloud infrastructure system, an application programming interface (API) to a data model used by a cloud-based application of the cloud infrastructure system;
receiving, by the cloud infrastructure system, a request for configuration data of the data model through the API, wherein the request is generated by a data security provider monitoring communications between a client device and the cloud-based application;
generating, by the cloud infrastructure system, a response that includes the configuration data, wherein the configuration data includes a set of protectable attributes of an entity modeled using the data model;
receiving, by the cloud infrastructure system, an indication of an attribute from the set of protectable attributes that is to be protected; and
marking, by the cloud infrastructure system, the indicated attribute from the set of protectable attributes as protected.

US Pat. No. 10,193,952

SYSTEMS AND METHODS FOR INTEGRATING EXTERNAL RESOURCES FROM THIRD-PARTY SERVICES

UberGrape GmbH, Vienna (...

1. A system for facilitating intelligent communication between users, the system comprising:a processor communicatively coupled to a memory and a network-accessible device, the processor operable to execute instructions stored in the memory; and
the memory, which includes specific instructions for facilitating intelligent communication, wherein the specific instructions cause the processor to:
identify a plurality of databases associated with different sources, wherein each of the plurality of databases hosts electronic resources;
integrate the electronic resources hosted by the plurality of databases by tagging metadata associated with each electronic resource;
index the metadata to make the electronic resources searchable using a single search architecture;
receive a communication entered by a user on the network-accessible device;
identify recognizable elements within the communication using natural language processing techniques; and
detect a reference to a desired electronic resource within the communication.

US Pat. No. 10,193,951

BINDING CRUD-TYPE PROTOCOLS IN DISTRIBUTED AGREEMENT PROTOCOLS

Microsoft Technology Lice...

1. A method implemented in a computing system having a plurality of web servers, comprising:receiving communications from a client device to a first web server of the plurality of web servers via the Internet, the communications being associated with a plurality of operations that are requested by the client device and to be performed by a web service implemented by both the first web server and a second web server of the plurality of web servers;
responsive to the received communications, arriving at a consensus between the first web server and the second web server regarding an agreed-upon order of operations to be performed by the first web server and the second web server in response to the requested operations by the client device;
upon arriving at the consensus, generating a response to the requested operations by performing the requested operations in the agreed-upon order at both the first web server and the second web server, the web service at both the first web server and the second web server having the same state subsequent to performing the requested operations at the first web server and the second web server; and
returning the generated response to the client device via the Internet.

US Pat. No. 10,193,950

NETWORK SYSTEM AND CONTROL METHOD

CANON KABUSHIKI KAISHA, ...

1. A network system comprising:a first information processing terminal on which a first web browser runs;
a second information processing terminal on which a second web browser runs; and
a shared server,
wherein the shared server includes a memory storing instructions and a processor which is capable of executing the instructions causing the shared server to:
manage access data on a first tab of the first web browser in which to access a website and data on session storage valid for a session with the website in association with the first information processing terminal, the data on the session storage being locally managed by the first web browser in association with the first tab, wherein the data on the session storage includes data defined by using a combination of a key and a value that are designated by the website,
receive an instruction for sharing the first tab of the first web browser with the second web browser,
transmit the access data and the data on the session storage related to the first tab to the second web browser according to the instruction,
delete association between the transmitted data on the session storage and the first information processing terminal so that the data on the session storage being locally managed by the first web browser is deleted by the first web browser, and
manage the data on the session storage in association with the second information processing terminal.

US Pat. No. 10,193,949

COMMUNICATION APPARATUS, COMMUNICATION METHOD, AND STORAGE MEDIUM

Canon Kabushiki Kaisha, ...

1. A communication apparatus comprising:a hardware processor; and
a memory storing one or more programs configured to be executed by the hardware processor, the one or more programs including instructions for:
acquiring a media content;
transmitting the media content acquired by the acquiring to another communication apparatus;
determining whether to describe, as an acquisition source URL of the media content acquired by the acquiring, a URL of the communication apparatus or a URL of the another communication apparatus, in accordance with a state of transmission of the media content;
generating, based on the determination made by the determining, a description file in which the acquisition source URL of each predetermined unit of the media content is described; and
providing the description file generated by the generating.

US Pat. No. 10,193,948

SYSTEM AND PROTOCOL FOR REMOTE SUPERVISORY PARENTAL OBSERVATION, INTERACTION, AND MANAGEMENT OF MEDIA CONTENT ON DIGITAL CONTENT-DELIVERY DEVICES

PUBLIC BROADCASTING SERVI...

1. A system for facilitating parental management of media content delivery to children, comprising:a child's media interaction application executing on a child's media delivery device and configured to collect the child's media interaction data comprising the child's user interactions with media content, said media content obtained from a third-party content provider and delivered by a stand-alone media delivery application executing on the child's media delivery device;
a parent's remote media management application executing on a parent's portable electronic device and configured to monitor the child's media interaction data and further configured to let the parent issue at least one of a set of media management instructions to the child's media interaction application via secure communications;
a communications broker executing on a first network server and configured to provide the secure communications between the child's media interaction application and the parent's remote media management application, said parent's remote media management application authorized to engage in said secure communications by the parent entering a connect code provided by the communications broker; and
a media interaction analysis application executing on a second network server and configured (1) to receive the child's media interaction data from the child's media interaction application, (2) to transform the child's media interaction data into summary media interaction data, and (3) to provide the summary media interaction data to the parent's remote media management application;
wherein the child's media interaction application is further configured to transmit the child's media interaction data to the parent's remote media management application via the communications broker using the secure communications,
wherein the parent's remote media management application is further configured to issue the media management instructions to the child's media interaction application via the communications broker using the secure communications,
wherein the media interaction analysis application is further configured to receive the child's media interaction data via the communications broker; and
wherein said connect code is issued by the child's media interaction application in response to the parent initiating a connection request to the child's media interaction application from the parent's remote media management application via the communications broker, and after the communications broker supplies the connect code to the child's media interaction application for subsequent issuance to the parent's remote media management application.

US Pat. No. 10,193,947

DEVICES AND METHODS FOR CONTENT DISTRIBUTION IN A COMMUNICATIONS NETWORK

Nokia of America Corporat...

1. A method for transmitting data files in a combination network, comprising:performing a caching method including determining popularities for the data files according to a demand distribution of destination devices and sending random packets of the data files to the destination devices based on the determined popularities;
receiving one or more requests from one or more the destination devices for packets of one or more the data files, wherein the requests are for missing packets that were not cached as a result of the caching method;
constructing a conflict graph, such that each packet requested by each destination device is represented by a distinct vertex among a plurality of vertices of the conflict graph, based on which of the plurality of vertices represent a same requested packet and which requested packets are stored in caches belonging to the destination devices;
coloring the plurality of vertices of the conflict graph according to a coloring scheme such that any two linked vertices have different colors;
performing a first encoding operation on the requested packets by combining subsets of the requested packets represented by vertices having a same color to generate first encoded data;
performing a second encoding operation on the first encoded data by combining bits of the first encoded data according to a binary encoding method to generate second encoded data, wherein the binary encoding method includes,
determining a number of blocks based on a number of connections incoming to the destination devices from intermediate nodes, wherein the intermediate nodes connect a source of the data files to the destination devices and the destination devices are connected to different subsets of the intermediate nodes,
grouping the bits of the first encoded data into a the determined number of blocks,
padding one or more of the blocks with at least one bit to generate padded blocks,
determining a number of shifting operations for the padded blocks based on (i) the number of connections incoming to the destination devices from the intermediate nodes and (ii) a total number of the intermediate nodes,
performing the determined number of shifting operations on bits of one or more of the padded blocks to generate shifted blocks,
removing at least one bit from the shifted blocks to generate resultant blocks, and
combining the resultant blocks to generate the second encoded data; and
sending respective subsets of the second encoded data towards the one or more destination devices via respective intermediate nodes, wherein
the first encoding operation reduces a total load on the combination network, and
the second encoding operation distributes the total load evenly over the connections incoming to the destination devices from the intermediate nodes.

US Pat. No. 10,193,946

METHOD FOR DOWNLOADING MULTIMEDIA FILE AND ELECTRONIC DEVICE

Acer Incorporated, New T...

1. A method for downloading a multimedia file, adapted to an electronic device, the method for downloading the multimedia file comprising:obtaining first bandwidth information of a first source device;
calculating a first time point from a start time point of the multimedia file according to the first bandwidth information, comprising:
obtaining first preloading time information of the multimedia file and frame rate information of the multimedia file;
calculating first pause time information according to the first preloading time information, the frame rate information, and the first bandwidth information, wherein the first pause time information is a predicted play pause time point of the multimedia file; and
determining the first time point according to the first preloading time information and the first pause time information;
sending a first download request to the first source device to request downloading a first multimedia streaming from the start time point to the first time point in the multimedia file; and
sending a second download request to a second source device to request downloading a second multimedia streaming from the first time point in the multimedia file.

US Pat. No. 10,193,945

SYSTEMS AND METHODS FOR DISTRIBUTING MEDIA TO PERSONAL ELECTRONIC DEVICES

1. A media streaming apparatus comprising:a media streaming board for processing requests for media content;
a storage module for storing the media content;
a battery pack for supplying power to the media streaming apparatus without tapping power from any other source while in use;
an antenna for receiving global positioning information from global positioning satellites; and
an access point, wherein the access point provides a Wi-Fi connection to a plurality of personal computing devices and further provides individually-tailored media streams of the media content to each of the plurality of personal computing devices for viewing and listening thereon,
wherein the access point optimizes each of the media streams via:
using airtime fairness to send and receive data based on time increments;
using dual band transmitting on a 2.4 GHz radio band and a 5 GHz radio band;
using band steering, wherein personal computing devices capable of sending and receiving the media streams over the 5 GHz radio band are automatically routed through the 5 GHz radio band; and
using multiple input/multiple output optimization using a plurality of antennas and spatial multiplexing modulation,
wherein the access point is powered separately from the media streaming board,
wherein the access point is dynamically powered wherein power to the access point dynamically increases as the number of personal computing devices wirelessly connected thereto increases,
wherein there is no connection to the Internet when streaming the media content to the plurality of personal computers;
wherein the media content comprises a map, wherein the map shows the position of the media streaming apparatus based on the global positioning information received from the global positioning satellites.

US Pat. No. 10,193,944

SYSTEMS AND METHODS FOR MULTI-DEVICE MEDIA BROADCASTING OR RECORDING WITH ACTIVE CONTROL

1. A multi-device media broadcasting system, comprising:a controller comprising a stream controller and a network interface in communication with a plurality of media devices and a server;
wherein the stream controller is configured to:
select a first media stream from a plurality of media streams generated by the corresponding plurality of media devices, and
generate a multi-device stream configuration file identifying the selected first media stream; and
wherein the network interface is configured to transmit the generated multi-device stream configuration file to the server, the server providing at least one additional device with a stream manifest identifying the selected first media stream responsive to receipt of the configuration file,
wherein the controller is further configured to subsequently select a second media stream from the plurality of media streams, and generate an updated multi-device stream configuration file identifying the selected second media stream; and
wherein the network interface is further configured to transmit the updated multi-device stream configuration file to the server, the server replacing a media chunk identified in the first stream manifest generated by a first media device of the plurality of media devices with a media chunk generated by a second media device of the plurality of media devices, responsive to receipt of the updated multi-device stream configuration file, the server providing the at least one additional device with media comprising the stream without adjusting the manifest or the configuration file provided to the additional device.

US Pat. No. 10,193,943

DATA-PLAN-BASED QUALITY SETTING SUGGESTIONS AND USE THEREOF TO MANAGE CONTENT PROVIDER SERVICES

T-Mobile USA, Inc., Bell...

1. A computer-implemented method comprising:receiving, by a telecommunication network, an indication that a device associated with a subscriber to a data plan is consuming video content from a third party content provider;
determining, by the telecommunication network, whether the subscriber is participating in a program offering consumption of the video content free of charge in exchange for the video content being provided to the device at a limited service quality;
in response to determining that the subscriber is participating in the program, reducing, by the telecommunication network, network resources available for transmission of the video content to the device to cause the third party content provider to reduce a service quality of the video content being transmitted to the device to no more than the limited service quality; and
conditionally excluding, by the telecommunication network, the consuming of the video content from a consumption metric of the data plan that tracks a total amount of content consumed in a time period that counts toward a consumption limit based at least in part on whether the subscriber is participating in the program.

US Pat. No. 10,193,942

MOBILE MEDIA ARCHITECTURE FOR SPONSORED DATA SERVICES

Verizon Patent and Licens...

1. A method for accessing a sponsored data service (SDS) from a mobile device, comprising:generating, by an application executing at a mobile device within a wireless network, a play media command that includes a remote media address and an SDS identifier, wherein the SDS identifier is provided to an application programming interface (API) at the mobile device through a call generated by the application, and further wherein the SDS identifier includes sponsor account information and a network address for third party payment associated with requested media;
converting the remote media address into a local media address;
requesting the media from an internal content server via the local media address, wherein the internal content server resides within the mobile device;
determining if the requested media is stored on the internal content server;
obtaining the requested media from the internal content server upon determining that the requested media is stored within the internal content server; and
playing the requested media on a mobile media player.

US Pat. No. 10,193,941

INTERWORKING BETWEEN FIRST PROTOCOL ENTITY OF STREAM RESERVATION PROTOCOL AND SECOND PROTOCOL ENTITY OF ROUTING PROTOCOL

TELEFONAKTIEBOLAGET LM ER...

1. A method for interworking between a first protocol entity adapted to operate in accordance with a stream reservation protocol for reserving resources for a data stream along a stream path of the data stream and a second protocol entity adapted to operate in accordance with a routing protocol for distributing information in a bridge network, wherein the stream reservation protocol and the routing protocol form a protocol stack in a network node, the method comprising:sending, from the first protocol entity to the second protocol entity via an interface between the first and the second protocol entities, a request for stream path information indicating, for a data stream to be sent, a stream path in the bridge network,
determining, by the second protocol entity, which controls the bridge network based on Layer 2 add-ons, the stream path information for the stream path based on the request, wherein the second protocol entity stores network topology information, and the step of determining stream path information is performed by locally processing the network topology information according to Dijkstra's algorithm using the Layer 2 add-ons,
sending, from the second protocol entity to the first protocol entity, the determined stream path information, and
initiating, by the first protocol entity, a resource reservation procedure for reserving resources in response to receiving the stream path information.

US Pat. No. 10,193,940

ADDING RECORDED CONTENT TO AN INTERACTIVE TIMELINE OF A TELECONFERENCE SESSION

Microsoft Technology Lice...

1. A device comprising:one or more processing units; and
a computer-readable medium having encoded thereon computer-executable instructions to cause the one or more processing units to:
display an interactive timeline associated with previously recorded content of a teleconference session;
receive first input to add content to the interactive timeline at a position associated with an interactive timeline cursor;
based at least in part on receiving the first input, determining supplemental recorded content;
receive second input that indicates that the supplemental recorded content is to be added to the interactive timeline by one of (i) injecting the supplemental recorded content into the previously recorded content of the teleconference session thereby splitting the previously recorded content of the teleconference session at the position associated with the interactive timeline cursor, or (ii) appending the supplemental recorded content to the interactive timeline at the position associated with the interactive timeline cursor; and
send data to add the supplemental recorded content to the interactive timeline based at least in part on the second input.

US Pat. No. 10,193,939

SPI HANDLING BETWEEN UE AND P-CSCF IN AN IMS NETWORK

T-Mobile U.S.A., Inc., B...

1. At least one non-transitory computer-readable memory, storing instructions, which when executed by at least one data processing device, manages security parameters that enable a device to receive Internet Protocol Multimedia Subsystem (IMS) services via a telecommunications network, the instructions comprising:receiving a registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a first pair of security associations,
wherein the first pair of security associations include a first expiration time;
permitting access to an IMS service based at least in part on the first pair of security associations;
receiving a re-registration request for the device to receive one or more IMS services via the telecommunications network;
negotiating a second pair of security associations,
wherein the second pair of security associations include a second expiration time;
deleting the first pair of security associations; and
permitting access to the IMS service or another IMS service based at least in part on the second pair of security associations.

US Pat. No. 10,193,938

OPERATING A NETWORK NODE

Metaswitch Networks Ltd.,...

1. A method of operating a network node, the method comprising, at the network node, during setup of a communication session between a calling party and at least a called party:receiving a communication session setup request message from a calling party device associated with the calling party;
forwarding the received communication session setup request message to a forking proxy responsible for providing communication session forking services in relation to at least the called party;
receiving a first provisional response message from a first device, the first provisional response message comprising first session description protocol (SDP) data, wherein the first provisional response message is received from the first device in response to the forwarding of the received communication session setup request message to the forking proxy;
forwarding the first provisional response message on to the calling party device, the forwarded first provisional response message comprising at least a part of the first SDP data;
receiving a first provisional acknowledgement message from the calling party device and receiving a second provisional acknowledgement message from the first device, thereby enabling media data sent during setup of the communication session before the communication session is established to flow between the first device and the calling party device;
receiving a second provisional response message from a second device, the second provisional response message comprising second SDP data, wherein the second provisional response message is received from the second device in response to the forwarding of the received communication session setup request message to the forking proxy;
receiving an answer message which accepts the communication session setup request received in the communication session setup request message from the calling party device; and
forwarding the answer message to the calling party device, wherein the method further comprises:
in response to receipt of the second provisional response message, transmitting, during setup of the communication session, a first message to the calling party device, which offers to update the SDP data to at least a part of the second SDP data, before the answer message is transmitted to the calling party device;
receiving a second message from the calling party device which accepts the offer to update the SDP data to the at least part of the second SDP data;
responsive to receipt of the second message, removing the second SDP data from the second provisional response message, and
transmitting the second provisional response message from which the second SDP data has been removed to the calling party device; and
receiving a third provisional acknowledgement message from the calling party device and receiving a fourth provisional acknowledgement message from the second device, thereby enabling media data sent during setup of the communication session before the communication session is established to flow between the second device and the calling party device.

US Pat. No. 10,193,937

INTERNET PROTOCOL MULTIMEDIA SUBSYSTEM (IMS) RESTORATION SUPPORT FOR TEMPORARY GLOBALLY ROUTABLE USER AGENT UNIFORM RESOURCE IDENTIFIER (GRUU)

NOKIA SOLUTIONS AND NETWO...

1. A method, comprising:creating, at a registrar, a registration identified by a registration identifier;
storing, by the registrar, the registration identifier, a call identifier, and an initial command sequence related to the registration identified by the registration identifier in a persistent database during the creation of the registration;
generating, at the registrar, a temporary user identifier related to the registration identified by the registration identifier; and
storing, by the registrar, information related to an algorithm for generating the temporary user identifier in the persistent database.

US Pat. No. 10,193,936

DATA COMMUNICATIONS

BRITISH TELECOMMUNICATION...

1. A method of establishing a connection between a WebRTC-capable software application and a server in a communications network;in which the connection is associated with a CLI or a URI;
in which the method is performed by a WebRTC gateway and comprises:
associating credentials with the WebRTC-capable software application;
receiving from the server over a non-WebRTC communications channel, a connection request comprising the CLI or a URI;
identifying from the CLI or the URI comprised in the connection request, a signalling channel for WebRTC for signalling to the WebRTC-capable software application;
using the signalling channel, setting up a WebRTC media channel extending to the WebRTC-capable software application as part of the connection between the server and the WebRTC-capable software application; in which the connection comprises the WebRTC media channel extending to the WebRTC-capable software application and a non-WebRTC channel extending to the server; in which the WebRTC media channel and the non-WebRTC channel are interconnected for communication at an intermediate point of the connection; and
disassociating the credentials from the WebRTC-capable software application at a time at which it is determined that the credentials are no longer required;
in which the credentials are disassociated from the WebRTC-capable software application in response to the user navigating away from a web page.

US Pat. No. 10,193,935

METHOD AND SYSTEM FOR ENABLING A COMMUNICATION DEVICE TO REMOTELY EXECUTE AN APPLICATION

Hammond Development Inter...

1. A communication system enabling at least one communication device to remotely execute one or more applications, comprising:one or more application servers coupled to a first communication link, the first communication link comprising a data connection, at least one of the one or more application servers adapted to execute an application to establish a communication session with at least one communication device coupled to the data connection in response to a request from the at least one communication device to establish the communication session, the one or more application servers residing at a location remote from the at least one communication device;
wherein the one or more application servers is operable to receive over a second communication link the application from at least one repository having access to one or more applications maintained in a database coupled to the at least one repository, wherein the one or more application servers is further operable to execute the application remote from the at least one communication device and to establish the communication session with the at least one communication device, wherein the one or more application servers is operable to communicate a request for processing service to the at least one communication device, and wherein the request for processing service is communicated to the at least one communication device over the data connection.

US Pat. No. 10,193,934

DATA COMPRESSION FOR COMMUNICATIONS SIGNALLING

Microsoft Technology Lice...

1. A method of establishing a communication event between an initiating device and a responding device, the establishing of the communication event being under the control of a remote communications controller, the method comprising implementing by the initiating device the following steps:in a pre-session establishment phase: receiving at the initiating device, from a dictionary server, a compression dictionary or a dictionary link that identifies an addressable memory location, at which a compression dictionary is held;
storing the received compression dictionary or the received dictionary link in electronic storage of the initiating device;
generating an initial session establishment request message for transmission to the remote communications controller;
applying compression to the initial session establishment request message to compress the initial session establishment request message in size based on the compression dictionary, by accessing the stored compression dictionary or by using the stored dictionary link to access the compression dictionary; and
in response to a communication event establishment instruction received at the initiating device after the dictionary or the dictionary link has been received and stored at the initiating device, establishing a session between the initiating device and the remote communications controller by the initiating device transmitting the compressed initial session establishment request message to the remote communications controller;
wherein the communication event is established between the initiating device and the responding device based on the established session between the initiating device and the remote communications controller.

US Pat. No. 10,193,933

SYSTEM AND METHOD FOR POST-DISCOVERY COMMUNICATION WITHIN A NEIGHBORHOOD-AWARE NETWORK

Qualcomm Incorporated, S...

1. A method comprising:determining, at a first mobile device, a post-discovery communication protocol for communicating within a mobile device cluster after a discovery interval;
during the discovery interval, sending, through a first communication channel, a discovery message indicating which particular post-discovery communication protocol of a plurality of post-discovery communication protocols is the determined post-discovery communication protocol, the discovery message indicating a time interval when the first mobile device is to receive association requests, wherein the discovery message indicates a second communication channel for sending post-discovery communications to a second mobile device, wherein the second communication channel is different than the first communication channel;
in response to sending the discovery message, receiving, from the second mobile device, during the indicated time interval, an association request that includes a security information request and a paging request; and
sending one or more post-discovery communications to the second mobile device based on the security information request.

US Pat. No. 10,193,932

REAL-TIME ENERGY DATA PUBLISHING SYSTEMS AND METHODS

SolarCity Corporation, S...

1. A method comprising:subscribing to real-time data enable requests for a device on an energy generation (EG) network;
intercepting, from a first requester, a first request for real-time data for the device on an EG system within the EG network;
intercepting, from a second requester, a second request for real-time data for the device within a predetermined period after intercepting the first request; and
publishing a single request to the device to post a single measurement corresponding to the real-time data request; wherein:
publishing the single request comprises publishing at less than or equal to a predetermined frequency for a predetermined duration, and
the predetermined period is a reciprocal of the predetermined frequency.

US Pat. No. 10,193,931

SESSION INITIATION PROTOCOL CALL PRESERVATION BASED ON A NETWORK FAILURE

Avaya Inc., Santa Clara,...

1. A system comprising:a microprocessor; and
a computer readable medium, coupled with the microprocessor and comprising microprocessor readable and executable instructions that cause the microprocessor to execute:
a communication application that:
receives a first Session Initiation Protocol (SIP) INVITE with replaces header message from a first communication endpoint, wherein the first SIP INVITE with replaces header message comprises a first Session Description Protocol (SDP) offer that is based on a first changed network address of the first communication endpoint;
receives a second SIP INVITE with replaces header message from a second communication endpoint, wherein the second SIP INVITE with replaces header message comprises a second SDP offer that is based on a second changed network address of the second communication endpoint and wherein the first communication endpoint and the second communication endpoint had an established media stream; and
sends a first SIP 200 OK message with a first fabricated SDP answer to the first communication endpoint in response to receiving the second SIP INVITE with replaces header message.

US Pat. No. 10,193,927

METHOD OF INSTRUCTION LOCATION RANDOMIZATION (ILR) AND RELATED SYSTEM

University of Virginia Pa...

1. A system for computer security that defines a specification for relocating arbitrarily sized blocks of computer instructions included in a computer code to arbitrary locations, said system comprising:an input module configured to receive blocks of instructions, said blocks of instructions being of an arbitrarily-selectable size;
a microprocessor configured to define in a specification how to relocate said blocks of instructions to arbitrary locations; and
an output module configured to transmit the specification,
wherein the specification is configured to determine the arbitrary locations to which the blocks of instructions will be moved based at least in part on a randomization function,
wherein said microprocessor is further configured to determine the size of said blocks based at least in part on another randomization function, and to identify indirect branch targets among said blocks of instructions,
wherein the specification includes rules for relocating all of the identified indirect branch targets to randomized locations, and rules for modifying a call instruction for an original address of at least one of the indirect branch targets so that the call instruction is directed to the randomized location for the at least one of the indirect branch targets, and
wherein the relocation may occur according to the specification that defines how to perform the relocation, the relocated blocks of instructions may be re-relocated at any time, and the re-relocation may include only a portion of the blocks of instructions.

US Pat. No. 10,193,926

APPARATUSES, METHODS AND SYSTEMS FOR A SECURE RESOURCE ACCESS AND PLACEMENT PLATFORM

1. A method comprising:receiving a Payload-specific request to access one or more corporate resources;
receiving, using at least one processor, user authentication credentials from a non-trusted entity;
analyzing, using the at least one processor, one or more formats of the received user authentication credentials;
determining a validity of the one or more foil cats of the received user authentication credentials; and
if the one or more formats of the received user authentication credentials are valid:
conducting an authentication process based on the received user authentication credentials,
establishing a first secure connection with a corporate server controlling the one or more corporate resources,
providing the received request and the received user authentication credentials to the corporate server via the first secure connection,
establishing a second secure connection between the non-trusted entity and a Transfer Plane entity,
receiving a plurality of control policies and a plurality of user data from the corporate server via the first secure connection, and
providing the control policies and the user data to the non-trusted entity via the second secure connection,
wherein the Transfer Plane entity is configured to forward the control policies and the user data to the non-trusted entity via the second secure connection.

US Pat. No. 10,193,924

NETWORK INTRUSION DIVERSION USING A SOFTWARE DEFINED NETWORK

ACALVIO TECHNOLOGIES, INC...

1. A method for diverting a client device from a production device in a network, the method comprising:receiving, at a deception network device, an indication that a connection is suspicious, wherein the connection is a protocol-based network connection between the client device and the production device, and wherein the production device has an Internet Protocol (IP) address;
stalling the connection to divert communications over the connection to a decoy host on a host emulator, wherein the connection is stalled in response to receiving the indication, wherein stalling causes the client device to terminate the connection;
receiving a reconnection request for the client device to reconnect to the production device, wherein the reconnection request is received after the connection is stalled;
determining a configuration of the production device;
configuring the host emulator using the configuration, wherein configuring the host emulator includes assigning the IP address of the production device to the decoy host, and wherein, when configured, the decoy host has a similar hardware and software configuration as the production device; and
requesting redirection of the reconnection request to the host emulator, wherein requesting redirection facilitates a second connection between the client device and the host emulator, and wherein the host emulator enables an appearance of a successful intrusion into the production device by the second connection.

US Pat. No. 10,193,923

METHODS FOR PREVENTING CYBER INTRUSIONS AND PHISHING ACTIVITY

Duo Security, Inc., Ann ...

1. A system for mitigating attacks on a computer network, the system comprising:a web interface configured to receive target domain name input;
a remote computing server that is configured to generate phishing domain names and that comprises one or more computer processors and a memory storing computer-executable instructions that when executed by the one or more computer processors perform the steps of:
receiving the target domain input, wherein the target domain input comprises a domain name associated with a target entity or target entity data that is useable to generate a plurality of phishing attack domain names;
using the target domain name input to create a plurality of phishing attack domain names, wherein creating the plurality of phishing attack domain names includes:
identifying a plurality of domain name transformation operations that operate to transform the domain name associated with the target entity to one or more attack domain names;
selecting one or more of the identified domain name transformation operations based on features of the domain name; and
applying the selected domain name transformation operations to the domain name;
generating a phishing value for each of the plurality of phishing attack domain names, wherein generating the phishing value includes calculating a likelihood a user would succumb to a phishing attack using a respective phishing attack domain name of the plurality of phishing attack domain names;
setting a phishing value threshold indicating a minimum likelihood of implementing the phishing attack with a created phishing attack domain name;
dynamically changing the phishing value threshold based on a number of phishing attack domain names created;
calculating a visual similarity score for each of the plurality of phishing attack domain names, wherein the visual similarity score indicates a level of resemblance between the target domain name and a phishing attack domain name of the plurality of phishing attack domain names;
selecting a subset of the plurality of phishing attack domain names based on the phishing value threshold and the visual similarity;
implementing one or more computer security protocols that mitigate the likelihood or the probability that the plurality of phishing attack domain names are used in the phishing campaign against the computer network, wherein implementing the one or more computer security protocols includes:
generating one or more e-mail validation policies that restrict e-mail activity from the subset of the plurality of phishing attack domain names to one or more networked devices of the computer network;
updating a security certificate for each of the phishing attack domain names in the subset; and
managing access to each of the phishing attack domain names based on the security certificate.

US Pat. No. 10,193,922

ISP BLACKLIST FEED

Level 3 Communications, L...

1. A method of providing a notification containing an ISP from which DDoS attacks originate, the method comprising performing by a computing system:receiving an indication that one or more network resources are being targeted as part of one or more DDoS attacks;
obtaining one or more malicious IP addresses corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
sending a request to a database system to determine an Internet Service Provider (ISP) associated with each of the one or more malicious IP addresses;
computing a metric associated with a first ISP involved in the one or more DDoS attacks, wherein the metric includes at least one of: a quantity of malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks and a quantity of malicious requests from the malicious IP addresses of the first ISP corresponding to devices that transceive data with the one or more network resources as part of the one or more DDoS attacks;
comparing the metric to a threshold; and
sending, to a list of subscribers, an alert message indicating that the first ISP is involved in the one or more DDoS attacks when the metric exceeds the threshold.

US Pat. No. 10,193,921

MALWARE DETECTION AND PREVENTION SYSTEM

Level 3 Communications, L...

1. A method for managing access to a public network, the method comprising:utilizing a control system to control a computing device to access a first node in the public network;
applying a personality profile to the computing device to access a second node in the public network, the personality profile comprising a plurality of inputs provided to the computing device, the plurality of inputs applied to a browser program displayed on a display of the computing device to mimic characteristics of a user associated with the computing device;
analyzing transmission of information between the computing device and the public network, in response to the browser program, during accessing of the second node of the public network;
detecting an indication of a malware program stored in the public network accessible through the second node based on the analyzed transmission of information; and
storing information of the malware program in a database according to the detected indication of the malware program.

US Pat. No. 10,193,920

MANAGING SECURITY ACTIONS IN A COMPUTING ENVIRONMENT BASED ON COMMUNICATION ACTIVITY OF A SECURITY THREAT

Splunk Inc., San Francis...

1. A method of improving security actions in a computing environment, wherein the computing environment comprises a plurality of computing assets, the method comprising:identifying a security threat within the computing environment;
obtaining state information for the security threat within the computing environment from computing assets of the plurality of computing assets in the computing environment, wherein the state information comprises at least communication activity related to the security threat, wherein the communication activity comprises at least a quantity of connections associated with the security threat and a quantity of exchanged data associated with the security threat;
determining a current state for the security threat within the computing environment based on the state information;
obtaining enrichment information for the security threat; and
determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

US Pat. No. 10,193,919

RISK-CHAIN GENERATION OF CYBER-THREATS

Empow Cyber Security, Ltd...

1. A method for cyber threat risk-chain generation, comprising:obtaining a plurality of events;
mapping each event of the plurality of obtained events to a global threat type, wherein each global threat type is associated with a risk-chain group;
correlating among the mapped plurality of events to determine at least a transition between one global threat type to another; and
updating a data structure maintaining data of at least one risk-chain, when the transition is determined, wherein the at least one risk-chain is a lifecycle of a cyber-attack.

US Pat. No. 10,193,918

BEHAVIOR-BASED RANSOMWARE DETECTION USING DECOY FILES

Malwarebytes Inc., Santa...

1. A method for detecting and remediating ransomware, the method comprising:monitoring a plurality of processes executing on a client device;
identifying, from the plurality of processes, an untrusted process that is absent from a whitelist of trusted processes;
monitoring the untrusted process executing on the client device;
detecting a request by the untrusted process to enumerate a directory containing one or more user files;
causing a decoy file to be returned to the untrusted process in response to the request;
monitoring actions of the untrusted process performed on the decoy file;
determining sub-scores associated with each of the monitored actions performed on the decoy file;
generating a cumulative score for the untrusted process based on a combination of the sub-scores associated with the monitored actions;
determining that the cumulative score for the untrusted process exceeds a predefined threshold score;
responsive to determining that the cumulative score exceeds the predefined threshold score, determining that behavior of untrusted process exhibited malicious behavior with respect to the decoy file;
identifying, by a processor, the untrusted process as corresponding to the ransomware based at least in part on determining that the untrusted process exhibited the malicious behavior with respect to the decoy file; and
remediating the untrusted process responsive to identifying the process as corresponding to the ransomware.

US Pat. No. 10,193,917

RULE-BASED NETWORK-THREAT DETECTION

Centripetal Networks, Inc...

1. A method comprising:receiving, by a packet-filtering device, a plurality of packets;
responsive to a determination by the packet-filtering device that a first packet of the plurality of packets corresponds to one or more packet-filtering rules:
applying, by the packet-filtering device and to the first packet, an operator specified by a corresponding packet-filtering rule and configured to cause the packet-filtering device to either prevent the first packet from continuing toward a destination of the first packet or allow the first packet to continue toward the destination of the first packet; and
generating, by the packet-filtering device, a packet log entry comprising at least one threat identifier corresponding to the first packet and data indicating whether the packet-filtering device prevented the first packet from continuing toward the destination of the first packet or allowed the packet to continue toward the destination of the first packet;
updating, by the packet-filtering device and based on the packet log entry, a packet flow entry, corresponding to the generated packet log entry, of packet flow analysis data for a plurality of logged packets, wherein the packet flow analysis data comprises data corresponding to a plurality of packet flow entries, and wherein each packet flow entry consolidates a plurality of packet log entries corresponding to a common threat identifier;
communicating, by the packet-filtering device and to a computing device, the packet flow analysis data; and
causing, based on the communicated packet flow analysis data, display of at least a portion of the packet flow analysis data,
wherein the packet flow analysis data comprises at least one threat identifier corresponding to each of the plurality of logged packets, packet time data for packets corresponding to the packet flow entry, and data indicating whether the packet-filtering device prevented packets from continuing toward a respective destination or allowed packets to continue toward the respective destination.

US Pat. No. 10,193,916

CONFIGURING THE GENERATION OF EVENT DATA BASED ON A TRIGGERING SEARCH QUERY

Splunk Inc., San Francis...

1. A computer-implemented method, comprising:receiving input specifying a search query for time-series event data;
causing execution of the search query based on a recurring schedule to search time-series event data stored by a data storage server, the time-series event data generated, by a remote capture agent located in a computer network, based on network traffic monitored by the remote capture agent and involving at least one resource running in the computer network;
identifying, based on the execution of the search query, one or more events of the time-series event data stored by the data storage server satisfying the search query; and
in response to identifying the one or more events, sending configuration information to the remote capture agent, the configuration information causing the remote capture agent to generate additional time-series event data.

US Pat. No. 10,193,915

COMPUTERIZED SYSTEM AND METHOD FOR AUTOMATICALLY DETERMINING MALICIOUS IP CLUSTERS USING NETWORK ACTIVITY DATA

OATH INC., New York, NY ...

1. A method comprising:identifying, via a computing device on a network, an access log for network activity on said network and an Internet Protocol (IP) blacklist, said access log comprising a first set of IP addresses and a type of network activity performed by each IP address in said first set, said IP blacklist comprising a second set of IP addresses associated with known malicious activity on said network;
automatically analyzing, via the computing device, said first set of IP addresses in said access log, and determining, based on said analysis, which IP addresses in said first set are performing a common network activity based on the type of network activity of each IP address in said first set;
constructing, via the computing device, based on said analysis, an IP graph such that each IP address in the first set has an associated node represented on the IP graph, and nodes associated with the IP addresses performing said common activity are connected by an edge;
further automatically analyzing, via the computing device upon construction of said IP graph, relationships between each pair of IP addresses in said IP graph associated with an edge, said further analyzing comprising comparing a value of each edge against an edge threshold and removing the IP addresses associated with the edge values that are below said edge threshold from said constructed IP graph;
determining, via the computing device, a cluster of IP addresses based on the connected IP addresses remaining in said IP graph after said removal, said determination comprising identifying each pair of IP addresses connected by an edge that remains after said removal, and generating a file that includes information associated with said remaining IP addresses;
determining, via the computing device, a standardized residual value for said IP cluster by comparing the IP addresses in said generated file against the second set of IP addresses in said IP blacklist, and determining a co-occurrence of an IP address in said file appearing in said IP blacklist; and
determining, via the computing device, whether said IP addresses in said IP cluster are associated with performing malicious activity based on said standardized residual value determination, said malicious activity determination comprising comparing said standardized residual value for said IP cluster against a predetermined threshold value, and determining that said IP cluster is malicious when said standardized residual value is above said threshold value.

US Pat. No. 10,193,913

JOINT ANOMALY DETECTION ACROSS IOT DEVICES

Cisco Technology, Inc., ...

1. A method, comprising:monitoring, at a gateway device, network communications between a plurality of computing devices connected to a network associated with the gateway device;
creating, at the gateway device, a graph, wherein each vertex of the graph represents one of the computing devices connected to the network and each edge of the graph represents network communication that has occurred between the computing devices connected by that edge during a time window;
receiving, from each of the computing devices, a collection of one or more performance metrics observed by that computing device during the time window;
determining, based on the graph and the collections of one or more performance metrics, a respective measure of risk for each of the computing devices for the time window;
determining, from the graph, a clique of computing devices that are linked by edges in the graph;
adjusting the respective measure of risk for the time window for one of the computing devices in the clique based on the measures of risk for the remaining computing devices in the clique; and
in response to determining that a given computing device in the clique is infected with malware based on the respective measure of risk exceeding a threshold, setting an alert flag at the gateway device indicating that the given computing device is infected.

US Pat. No. 10,193,912

WARM-START WITH KNOWLEDGE AND DATA BASED GRACE PERIOD FOR LIVE ANOMALY DETECTION SYSTEMS

Cisco Technology, Inc., ...

1. A method, comprising:loading, by a device in a network, an anomaly detection model for warm-start;
filtering, by the device, input data for the model during a warm-start grace period after warm-start of the anomaly detection model, wherein the model is not updated during the warm-start grace period based on the filtering;
determining, by the device, an end to the warm-start grace period;
updating, by the device, the anomaly detection model using unfiltered input data for the anomaly detection model after the determined end to the warm-start grace period; and
sending, by the device, a notification of the warm-start of the anomaly detection model to a supervisory device in the network.

US Pat. No. 10,193,911

TECHNIQUES FOR AUTOMATICALLY MITIGATING DENIAL OF SERVICE ATTACKS VIA ATTACK PATTERN MATCHING

VERISIGN, INC., Reston, ...

1. A method for mitigating a denial of service attack, the method comprising:determining that a number of requests transmitted by a first client to a server during a first time period is greater than a first threshold;
in response, classifying the first client as a top talker;
generating one or more first attack patterns based on the requests transmitted by the first client to the server;
determining, at least partially in parallel with generating the one or more first attack patterns, that a number of requests transmitted by a second client to a server during a second time period is greater than the first threshold;
identifying additional requests being transmitted by at least one of the first client and the second client to the server;
determining that a number of the additional requests transmitted by the at least one of the first client and the second client to the server matches the one or more first attack patterns; and
in response, performing one or more operations to address the additional requests being transmitted to the server.

US Pat. No. 10,193,910

NETWORK ATTACK DETECTION METHOD

The Hong Kong Polytechnic...

1. A method, comprising:at an electronic device having one or more processors, and a memory for storing program instructions that are executed by the one or more processors,
conducting a topology analysis on network, and obtaining a probing path set containing at least one probing path according to the topology analysis;
probing a first probing path contained in the probing path set by using a probing pattern and obtaining a performance metric of the first probing path; and
determining whether the first probing path is subjected to network attack according to the performance metric and a control performance metric,
wherein one end of the probing path is a probing node and another end of the probing path is a target node, a forward path of the probing path is from the probing node to the target node and a reverse path of the probing path is from the target node to the probing node,
wherein the probing pattern is Round Trip Probing (RTP),
wherein the probing a first probing path by using a probing pattern and obtaining a performance metric of the first probing path comprises:
sending at least two RTP probing packets from the probing node to the target node;
receiving RTP response packets in responsive to the RTP probing packets from the target node of the first probing path, each RTP response packet having a sequence number and an ACK number; and
according to the sequence numbers and the ACK numbers of the RTP response packets, determining one or more of the following performance metric of the first probing path: a RTP packet loss rate on the forward path, a RTP loss pair rate on the forward path, a RTP packet reordering rate on the forward path, a RTP packet loss rate on the reverse path, a RTP packet reordering rate on the reverse path, and a RTP loss pair rate on the reverse path,
wherein a packet pair on the forward path is placed between load packets and measurement packets and consists of an ?th RTP probing packet and an ?+1th RTP probing packet, a packet pair on the reverse path consists of an ?th RTP response packet and an ?+1th RTP response packet, the ?th RTP probing packet corresponds to the ?th RTP response packet, a time gap between the ?th RTP response packet and the ?+1th RTP response packet being used to estimate an interval between head and tail load packets.

US Pat. No. 10,193,909

USING INSTRUMENTATION CODE TO DETECT BOTS OR MALWARE

1. A method comprising:obtaining data corresponding to requests from a plurality of client devices for a web resource comprising web code, wherein the web resource is hosted by a first web server system;
for a first client device of the plurality of client devices, serving instrumentation code that is configured to execute on the first client device to monitor execution of the web code of the web resource at the first client device;
receiving, from the first client device, one or more responses generated by the instrumentation code at the first client device based one or more interactions with the web code at the first client device;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,193,908

DATA TRANSFER FOR NETWORK INTERACTION FRAUDULENCE DETECTION

comScore, Inc., Reston, ...

1. A method for analyzing network interaction data for detection of network interaction fraudulence, the method comprising:receiving network interaction data from a network over time, wherein the network interaction data is indicative of computer network interaction between a first computer system and a second computer system;
receiving a predetermined model comprising predetermined values associated with network interaction parameters;
processing the received network interaction data to determine the network interaction parameters and information regarding the network interaction data, wherein the information regarding the network interaction data is indicative of an attribute of the computer network interaction;
calculating a score for the network interaction data based on the predetermined model and the determined network interaction parameters;
comparing the score to a threshold; and
forwarding, based on the comparison of the score to the threshold, the information regarding the network interaction data, wherein the information regarding the network interaction data is further indicative of network interaction fraudulence.

US Pat. No. 10,193,907

INTRUSION DETECTION TO PREVENT IMPERSONATION ATTACKS IN COMPUTER NETWORKS

Cisco Technology, Inc., ...

1. A data processing method comprising:storing, by a central computer, authentication records in a hosts database, wherein each authentication record comprises a certificate and a host identifier of a sender computer;
receiving, by the central computer, a suspect record that was sent by a first intrusion sensor, from one or more intrusion sensors, and that comprises a first particular certificate and a first particular host identifier of a suspect sender computer, wherein the suspect record is generated based on network telemetry data exchanged in compliance with an Internet Protocol Flow Information Export (IPFIX) or a NetFlow protocol;
determining, by the central computer, whether the hosts database contains a matching record having a same certificate as the first particular certificate of the suspect record and a same host identifier as the first particular host identifier of the suspect record, the first particular certificate comprising a first particular thumbprint of a first particular public key certificate, the first particular host identifier comprising an Internet Protocol (IP) address of the suspect sender computer;
in response to determining, by the central computer, that the hosts database does not contain the matching record, generating, by the central computer, an intrusion alert;
propagating, by the central computer, the intrusion alert to the one or more intrusion sensors to ban network traffic from the suspect sender computer; and
instructing the one or more intrusion sensors to periodically request a second particular certificate from the suspect sender computer.

US Pat. No. 10,193,906

METHOD AND SYSTEM FOR DETECTING AND REMEDIATING POLYMORPHIC ATTACKS ACROSS AN ENTERPRISE

CHECKPOINT SOFTWARE TECHN...

1. A method for detecting potential malware comprising:a) 1) obtaining an attack tree representative of an attack on a network, the attack tree formed of objects;
2) analyzing the objects to determine whether each of the objects is classified as known or unknown, in accordance with predetermined criteria; and,
3) representing the unknown objects in the attack tree as generalized objects, resulting in the creation of a generalized attack tree from the obtained attack tree;
b) breaking the first generalized attack tree into subtrees including generalized objects;
c) obtaining at least one subtree including generalized objects associated with a subsequent generalized attack tree including generalized objects;
d) comparing the subtrees from the first generalized attack tree to the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects;
e) creating an updated generalized attack tree from the subtrees from the first generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree;
f) obtaining the subtrees associated with updated generalized attack tree;
g) comparing the subtrees associated with the updated generalized attack tree with the at least one subtree associated with the subsequent generalized attack tree, based on the generalized objects; and,
h) creating an updated generalized attack tree from the subtrees from the previously updated generalized attack tree and the at least one subtree associated with the subsequent generalized attack tree, to detect potential malware.

US Pat. No. 10,193,905

METHOD AND APPARATUS FOR ADAPTIVE CACHE MANAGEMENT

Samsung Electronics Co., ...

1. A method for processing data by a terminal implemented using at least one hardware processor, the method comprising:identifying, by the terminal, a plurality of inspection types for a packet;
determining, by the terminal, an inspection type from the plurality of inspection types for the packet based on a network type for transmitting or receiving the packet and an Internet Protocol (IP) version; and
processing, by the terminal, the determined inspection type for the packet,
wherein the network type includes at least one of a Wi-Fi network and a cellular network, and
wherein determining the inspection type comprises determining, by the terminal, if at least one packet is transmitted or received through an application being executed in the terminal, a size of the at least one packet is over a predetermined size that can be transmitted through an application, to process a security inspection for the packet.

US Pat. No. 10,193,904

DATA-DRIVEN SEMI-GLOBAL ALIGNMENT TECHNIQUE FOR MASQUERADE DETECTION IN STAND-ALONE AND CLOUD COMPUTING SYSTEMS

QATAR UNIVERSITY, Doha (...

1. A method for identifying masquerade attacks in a network computing environment, the method comprising:receiving data from at least one user with an active session on a system;
receiving historical data for each of the at least one user;
applying an algorithm to the received data to build at least one profile for each of the at least one user, wherein the at least one profile comprises one or more sample signatures;
applying an algorithm to the received historical data to build at least one model for each of the at least one user, wherein said at least one model comprises one or more reference signatures;
identifying a dynamic threshold;
determining an alignment score between the sample signatures to the reference signatures by comparing first alignment parameters from the sample signatures with second alignment parameters from the reference signatures;
determining an intrusion masquerade event based on the alignment score being greater than the identified dynamic threshold; and
updating patterns for each of the at least one active user,
wherein the first alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps, and
wherein the second alignment parameters are selected from at least three of: optimal gap penalties, mismatch score, average optimal threshold, and maximum factor of test gaps.

US Pat. No. 10,193,902

METHODS AND SYSTEMS FOR MALWARE DETECTION

DEEP INSTINCT LTD., Tel ...

1. A method of building vectors for feeding to a deep learning algorithm of a malware detector, the method comprising:building a first size dictionary, by extracting features from a plurality of malware files and non-malware files,
reducing the size of the first size dictionary, in order to obtain a subset of the features of the first size dictionary, and a second size dictionary being formed from at least the subset of the features of the first size dictionary, the second size dictionary being of lower size than the first size dictionary,
the method further comprising, for a plurality of files to be fed to the malware detector:
extracting features from each file based on features present in the second size dictionary, wherein at least a first subset of the files is operable on an operating system which is different from an operating system on which a second subset of the files is operable, wherein the features are independent of operating systems so that a vector is built for each file based on the second size dictionary irrespective of the file operating system,
building a vector representing said each file based on the extracted features, the vector being suitable for being processed by the deep learning algorithm, for determining prospects of whether the file constitutes malware or not based on a model of said deep learning algorithm, wherein each vector is suitable to be processed by the same model of the deep learning algorithm.

US Pat. No. 10,193,901

INTERFACE PROVIDING AN INTERACTIVE TIMELINE FOR EVALUATING INSTANCES OF POTENTIAL NETWORK COMPROMISE

Splunk Inc., San Francis...

1. A method comprising:receiving event data generated by network activities of entities that interact with a computer network, wherein the event data comprises machine data, and the entities include at least one of computer users and devices in communication with the computer network;
identifying instances of potential network compromise from the event data comprising threats based on one or more anomalies automatically triggered by detecting deviations from expected or permitted network activities, wherein each of the instances of potential network compromise is classified by type and associated with a time period of occurrence and an entity or entities that participated in the network activity that triggered the corresponding automated determination;
causing display, in a graphical user interface, of an interactive graphic of data values indicating identified instances of potential network compromise occurring at time periods along a timeline, including graphical representations indicating a level of risk and the number of instances of network compromise occurring during a same time period;
upon receiving a selection by a user, via the graphical user interface, of a time period from the timeline, causing display of a listing of each identified instance of potential network compromise occurring at the selected time period, the listing including the type of instance and each associated entity; and
upon receiving a selection of a threat from the listing of instances of potential network compromise, causing display of a graphical representation of a relationship between the entities participating in the network activities that triggered the threat, wherein the display includes one or more lines that connect the entities whose participation together in a network activity triggered an anomaly, and upon receiving a selection of a line in the display, causing the type of the anomaly to be displayed.

US Pat. No. 10,193,900

METHODS AND APPARATUS TO IDENTIFY AN INTERNET PROTOCOL ADDRESS BLACKLIST BOUNDARY

1. A method to identify candidate boundaries of Internet protocol addresses associated with a malicious Internet protocol address, the method comprising:collecting, by executing an instruction with a processor, netflow data associated with the Internet protocol addresses within a netblock having a lower boundary Internet protocol address and an upper boundary Internet protocol address;
generating, by executing an instruction with the processor, a first window of Internet protocol addresses numerically lower than the malicious Internet protocol address;
generating, by executing an instruction with the processor, a second window of Internet protocol addresses numerically higher than the malicious Internet protocol address;
for respective Internet protocol addresses in the first and second windows, calculating, by executing an instruction with the processor, occurrence counts associated with behavior features identified in the netflow data;
identifying, by executing an instruction with the processor, candidate boundaries within the netblock based on breakpoint scores calculated from divergence values associated with the behavior features, the divergence values based on a first multinomial distribution of the occurrence counts associated with the first window and a second multinomial distribution of the occurrence counts associated with the second window; and
identifying, by executing an instruction with the processor, a first one of the candidate boundaries as an Internet protocol address boundary associated with the malicious Internet protocol address by comparing the breakpoint scores of the candidate boundaries to a threshold.

US Pat. No. 10,193,898

REPUTATION-BASED METHOD AND SYSTEM FOR DETERMINING A LIKELIHOOD THAT A MESSAGE IS UNDESIRED

WatchGuard Technologies, ...

1. A system, comprising:a computing device having a processor and memory, the computing device including a security appliance configured to:
receive, from a reputation engine, a first reputation metric corresponding to a first tuple of a plurality of tuples, the first tuple comprising a user identifier and an Internet Protocol (IP) address for an origin of a message and associated with a first level of granularity for identification of the origin of the message;
receive, from the reputation engine, a second reputation metric corresponding to a second tuple of the plurality of tuples, the second tuple comprising a domain and the IP address for the origin of the message and associated with a second level of granularity for identification of the origin of the message; and
calculate a value indicative of a likelihood that the message is undesired by use of the first reputation metric corresponding to the first tuple associated with the first level of granularity and the second reputation metric corresponding to the second tuple associated with the second level of granularity; and
handling the message in accordance with the value indicative of the likelihood that the message is undesired;
wherein the reputation engine is configured to determine the first reputation metric and the second reputation metric in response to receiving the plurality of tuples associated with the message; and
wherein a reputation metric associated with a tuple assigned a finer granularity contributes to the value more than a reputation metric associated with a tuple assigned a lower granularity.

US Pat. No. 10,193,896

VEHICLE COMMUNICATION APPARATUS, IN-VEHICLE NETWORK SYSTEM, AND VEHICLE COMMUNICATION METHOD

PANASONIC INTELLECTUAL PR...

1. An electronic control unit connected to an in-vehicle network bus in an in-vehicle network system, the in-vehicle network system including a plurality of apparatuses that perform communication of frames via the in-vehicle network bus, the electronic control unit comprising:a first control circuit; and
a second control circuit,
wherein the first control circuit is connected to the in-vehicle network bus via the second control circuit over at least one of wired communication or wireless communication,
wherein the second control circuit receives a frame from the in-vehicle network bus, to which the second control circuit is connected, performs a first determination process on the received frame to determine a conformity of the received frame with a first rule related to at least a reception time of the received frame by the second control circuit, upon determining that the received frame conforms to the first rule, executes a predetermined process based on content of the received frame, and transmits the received frame to the first control circuit, and
wherein the first control circuit receives the received frame from the second control circuit and performs a second determination process on the received frame to determine a conformity of the received frame with a second rule that is different from the first rule.

US Pat. No. 10,193,895

SYSTEM AND METHOD FOR REMOTE AUTHENTICATION WITH DYNAMIC USERNAMES

1. A first device for authenticating a user for access to a service provider over a network comprising:circuitry configured to:
receive a request for a ticket;
generate the ticket, wherein the ticket includes a one-time username;
send the ticket to at least one additional device;
generate a first partial signature of the ticket;
receive at least one additional partial signature of the ticket from each of the at least one additional device;
generate a complete signature of the ticket based on the first partial signature and the at least one additional partial signature of the ticket;
encrypt the ticket and the complete signature of the ticket;
send the encrypted ticket and encrypted complete signature of the ticket to the service provider;
receive an encrypted verification code from the service provider;
decrypt the encrypted verification code; and
display the decrypted verification code.

US Pat. No. 10,193,894

ENABLING ACCESS TO RESTRICTED DATA USING GEOFENCES

1. A system comprising:a processor; and
a memory that stores computer-executable instructions that, when executed by the processor, cause the processor to perform operations comprising
identifying a device associated with restricted data, wherein the restricted data comprises network data that law prohibits network operators from using for commercial purposes without authorization from a user associated with the device,
determining use parameters associated with the device, wherein each of the use parameters comprises
a device identifier associated with the device,
a geofence that defines a location at which the use of the restricted data is authorized by the user, wherein boundaries of the geofence are defined in response to receiving, by the device, the user input via a touchscreen, the input corresponding to drawing the boundaries,
time limits associated with the geofence, and
a commercial purpose for which the use of the restricted data by the network operator is authorized by the user,
determining if the device is at a geographic location that satisfies the location that is defined by the geofence,
determining if the time limits associated with the geofence are satisfied,
determining a purpose for which the restricted data will be used, and
if a determination is made that the location that is defined by the geofence is satisfied, that the time limits are satisfied, and that the purpose matches the commercial purpose of one of the use parameters, using the restricted data for the purpose.

US Pat. No. 10,193,893

SYSTEM AND METHOD FOR ACCESS CONTROL USING NETWORK VERIFICATION

Open Text SA ULC, Halifa...

1. A system for data access control, comprising:a computing device having a processor and at least one non-transitory memory containing instructions executable by the processor to:
determine a first unique device identifier identifying a first access point being used by the computing device to access a network;
determine first access control data associated with the first unique device identifier and a first application executing on the computing device, the first access control data specifying an access control level selected from at least three different levels of access; and
control access of the first application to data associated with a target server to which the computing device is connected through the first access point and over the network based on the first access control data, wherein the first access control data specifies a first level of access to the data associated with the target server applicable when the computing device connects to the target server through the first access point.

US Pat. No. 10,193,892

RESOURCE RESTRICTION

HEWLETT PACKARD ENTERPRIS...

1. A data sharing system comprising:a processor; and
a non-transitory computer readable medium storing instructions executable by the processor, the instructions comprising:
instructions to identify an environment that satisfies a first level of trust of a first entity and a second level of trust of a second entity, wherein the first entity and the second entity are different devices;
instructions to request access to a set of data associated with the first entity in response to a procedure received from the second entity;
instructions engine to execute the procedure in the environment, the procedure to request access to the set of data;
instructions to receive a restriction from the first entity, wherein the restriction associated with a resource of the environment is to limit information that can be accessed in the set of data by the procedure of the second entity based on resource utilization information associated with the resource;
instructions to maintain the resource utilization information of the environment associated with the resource; and
instructions to limit execution of the procedure based on the restriction and the resource utilization information.

US Pat. No. 10,193,891

DEVICE-TO-DEVICE NETWORK LOCATION UPDATES

Neone, Inc., Austin, TX ...

1. An electronic device, comprising:an interface circuit configured to communicate with a group of one or more other instances of the electronic device via dynamic connections that are based on pre-established and maintained associations in a device-to-device network of a user of the electronic device, wherein each instance of the electronic device in the device-to-device network stores locally the pre-established and maintained associations comprising encryption keys and locations for each of the instances of the electronic device in the group that are maintained for a longer time than the dynamic connections,
wherein a given dynamic connection between the electronic device and a given instance of the electronic device in the group is setup by the electronic device without storing the pre-established and maintained associations in a computer in another network; and
wherein the interface circuit is configured to communicate with the given instance of the electronic device via at least a non-wireless communication technique and the other network; and
a control circuit, coupled to the interface circuit, configured to:
detect, via the interface circuit, a change to a location of the electronic device in the other network, wherein detecting the change to the location involves poking a hole through a firewall to determine the location of the electronic device and tracing a route back to the electronic device;
communicate, via the interface circuit, a message with an update to the location based on the detected change that is encrypted with the encryption key of the user, to a second user of a second instance of the electronic device in the group in the device-to-device network at a second location specified by one of the pre-established and maintained associations and use the updated location to update a pre-established and maintained association stored locally on the second instance of the electronic device; and
when a communication with a third instance of the electronic device fails for a time interval, poll one or more other instances of the electronic device in the group to determine an update to a third location from the pre-established and maintained associations, wherein the one or more other instances does not include the given instance, second instance or third instance of the electronic device.

US Pat. No. 10,193,888

DYNAMIC AUTHENTICATION IN ALTERNATE OPERATING ENVIRONMENT

WELLS FARGO BANK, N.A., ...

1. A method, comprising:authenticating, by a hardware processor, a device to a network via a first authentication technique during an initial access request;
after successful authentication with the first authentication technique, storing, by the hardware processor, information related to the first authentication technique;
creating, by the hardware processor, a record of the device related to a second authentication technique, wherein the record includes at least the information related to the first authentication technique;
after the device changes state due to an activity that results in a re-authentication with the network, authenticating, by the hardware processor, the device to the network via the second authentication technique during a subsequent access request without re-authenticating with the first authentication technique, the second authentication technique does not rely on manual entry at the device; and
wherein the information related to the first and to the second authentication techniques are annotated and kept in the record of the device until a non-expiration-timing event prompts, by the hardware processor, removal, by the hardware processor, the information related to the first authentication technique and the record of the device related to the second authentication technique.

US Pat. No. 10,193,887

NETWORK APPLIANCE

OATH INC., New York, NY ...

1. A device having at least one processor, storage, and a communication platform for providing services, the device comprising:a security assessor unit implemented on the at least one processor and configured to identify rights of a first entity on an intranet; and
a service provider unit implemented on the at least one processor and connected to the security assessor unit, the service provider unit configured to respond to a first request to provide content to the first entity, the service provider unit comprising:
a discovery unit configured to identify a first piece of information associated with the content that is privileged within the intranet; and
a social network engine configured to determine that the first entity lacks a right to access the content and the first piece of information as defined within the intranet, wherein the content and the first piece of information residing in the intranet are not accessible from outside of the intranet without privileged authentication, wherein:
the service provider unit provides the content to the first entity on the intranet as an intranet private link directed to a corresponding resource that is privileged within the intranet such that access from an external public Internet requires privileged authentication and sends a second request to a second entity to authorize access to the content, wherein the second entity is configured for granting the first entity access to the content responsive to the second request by forwarding a response to the second request to the social network engine to indicate that the first entity has been authenticated to access the content and the first piece of information.

US Pat. No. 10,193,884

COMPLIANCE AND AUDIT USING BIOMETRIC TOKENIZATION

WELLS FARGO BANK, N.A., ...

1. A method of auditing a biometric enrollment event journal entry, the method comprising:retrieving, by an authentication computing system, a biometric enrollment event journal entry, the biometric enrollment event journal entry comprising:
at least one tokenized biometric reference sample, the at least one tokenized biometric reference sample generated by tokenizing with a first tokenization schema at least one biometric reference sample captured from a user having a unique user identifier, wherein the at least one biometric reference sample is processed to generate biometric data, the biometric data tokenized with a second tokenization schema to generate tokenized biometric data,
a biometric reference template identifier, the biometric reference template identifier uniquely identifying a biometric reference template, the biometric reference template being generated using the at least one biometric reference sample, and
an enrollment match value indicative of whether the at least one biometric reference sample matched with the biometric reference template;
retrieving, by the computing system, the at least one tokenized biometric reference sample in the biometric enrollment event journal entry;
retrieving, by the computing system, the biometric reference template associated with the biometric reference template identifier in the biometric enrollment event journal entry;
detokenizing, by the computing system, the at least one tokenized biometric reference sample to retrieve the at least one biometric reference sample;
determining, by the computing system, whether the at least one biometric reference sample matches with the biometric reference template;
generating, by the computing system, a temporary enrollment match value indicative of whether the at least one biometric reference sample matched with the biometric reference template of the user;
determining, by the computing system, whether the temporary enrollment match value matches with the enrollment match value;
generating, by the computing system, an audit enrollment match value indicative of whether the temporary enrollment match value matches with the enrollment match value;
generating, by the computing system, a first compliance event journal entry, the first compliance event journal entry comprising:
a first identifier signifying the biometric enrollment event journal entry, and
the audit enrollment match value, wherein the first compliance event journal entry provides an audit of the biometric enrollment event journal entry and an indication of the validity of the biometric enrollment event journal entry;
digitally signing, by the computing system, the first compliance event journal entry using SignedData cryptographic message syntax to generate a SignedData message;
binding, by the computing system, the first identifier to the SignedData message via an attribute of the SignedData message;
binding, by the computing system, a second identifier to the SignedData message via an attribute of the SignedData message, the second identifier identifying the first tokenization schema, wherein the attribute includes a first uniform resource identifier query string, the first uniform resource identifier query string including a first uniform resource locator identifying a first tokenization service provider capable of recovering the biometric reference sample from the tokenized biometric reference sample; and
binding, by the computing system, a third identifier to the SignedData message via an attribute of the SignedData message, the third identifier identifying the second tokenization schema, wherein the attribute includes a second uniform resource identifier query string, the second uniform resource identifier query string including a second uniform resource locator identifying a second tokenization service provider capable of recovering the biometric data from the tokenized biometric data.

US Pat. No. 10,193,883

SYSTEMS AND METHODS FOR PRODUCT AUTHENTICATION

Aintu Inc., Sunnyvale, C...

1. A method for authenticating an article of manufacture, said method comprising:generating a set of unique identifiers to be associated with a plurality of articles of manufacture;
associating on a one-to-one basis a single identifier from said set with a single instance of the article of manufacture from said plurality of articles of manufacture;
maintaining an authentication server to perform at least one authentication operation in response to receiving an authentication request from a client device;
enabling each of a plurality of client devices to generate an authentication request to set authentication server, wherein said authentication request is to authenticate a particular instance of an article of manufacture from said plurality of articles of manufacture,
responsive to receiving said authentication request from said client device, performing by said authentication server said at least one authentication operation comprising transmitting a request to an authentication database provisioned with manufacturer-derived authentication information to enable authentication of the particular instance of the article of manufacture; and;
transmitting a response to said application request from said client device to said client device.

US Pat. No. 10,193,882

PROVISION OF CROSS-DEVICE IDENTIFICATION

Criteo SA, Paris (FR)

1. A method comprising:a. assigning, by a computing entity matching system on a first domain, a cross-device ID to a browser executing on a first computing device and to one or more computing entities based on one or more of activity data for the browser and the one or more computing entities collected by the computing entity matching system and activity data for the browser and the one or more computing entities collected by a plurality of third-parties;
b. sending, by the browser, to a server on a second domain, a first request for a first webpage;
c. receiving, by the browser, the first webpage, the first webpage comprising first cross-device ID retrieval instructions;
d. executing, by the browser, the first cross-device ID retrieval instructions to send a second request to the computing entity matching system comprising a matching system ID;
e. determining, by the computing entity matching system, the cross-device ID based on the matching system ID;
f. sending, by the computing entity matching system, to the browser, first cross-device ID storage instructions comprising a distributed cross-device ID, the distributed cross-device ID based on the cross-device ID;
g. executing, by the browser, the first cross-device ID storage instructions to set a cookie on the second domain comprising the distributed cross-device ID; and
h. sending, by the browser, to the server, a third request for a second webpage, the third request comprising the distributed cross-device ID.

US Pat. No. 10,193,881

METHOD FOR CONTROLLING INFORMATION TERMINAL IN COOPERATION WITH WEARABLE TERMINAL

PANASONIC INTELLECTUAL PR...

1. A control method for an information terminal that is configured to communicate with an electronic mail server and a wearable terminal used while being worn on a portion of a user's body, the information terminal having a first display, and the wearable terminal having a second display, the method causing a computer of the information terminal to:receive electronic mail from the electronic mail server by using a mail application for executing transmission and reception of the electronic mail, the mail application being stored in a memory of the information terminal;
transfer the received electronic mail to the wearable terminal;
receive viewing information from the wearable terminal, the viewing information indicating that the electronic mail was displayed on the second display at a first time;
determine whether or not the electronic mail is being displayed on the second display at a second time, which is a predetermined period of time after the first time, based on the viewing information; and
automatically display, on the first display, a reply-mail creation screen for creating a reply mail to the electronic mail that was displayed on the second display at the first time, when it is determined that the electronic mail is being displayed on the second display, and the computer of the information terminal launches the mail application, and
automatically stop displaying, on the first display, the reply-mail creation screen at the second time when it is determined that the electronic mail is not being displayed on the second display.

US Pat. No. 10,193,879

METHOD AND SYSTEM FOR SOFTWARE APPLICATION DEPLOYMENT

Cisco Technology, Inc., ...

1. A method for deploying applications, the method comprising:deploying an application from an application image in an application virtual machine of a computing device, wherein the application is accessible using a first uniform resource locator (URL);
sending an application creation message to an authoritative domain name system (DNS) server to create a record mapping the first URL to a second URL, wherein the first URL is in a first domain and the second URL is in a second domain;
providing, to a service virtual machine (SVM) of the computing device, a digital certificate associated with the application virtual machine, wherein the service virtual machine is configured to store the digital certificate isolated from and inaccessible by the application virtual machine, and wherein the service virtual machine is separate from a certificate authority that issues the digital certificate;
generating, by the service virtual machine and in response to one or more applications requesting communication based on the digital certificate, certificate data using the digital certificate; and
sending, to a remote application server comprising a client software module, the second URL and the certificate data,
wherein the client software module is configured to establish a connection to the application on the computing device using the second URL and the certificate data.

US Pat. No. 10,193,878

USING APPLICATION LEVEL AUTHENTICATION FOR NETWORK LOGIN

Hewlett Packard Enterpris...

1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors of a controller, cause the one or more hardware processors of the controller to:intercept an authentication request addressed to an identity authentication server that would have received the authentication request in an absence of the interception in response to a network authentication provider determining that a first client device is not associated with a currently active session;
retrieve a token associated with the first client device that is stored in a cache at the controller in response to the interception, wherein the token is generated in response to receiving a first client authentication information including an indication that the first client device was successfully authenticated by a network authentication server based on credentials provided by the first client device;
redirect the intercepted authentication request with the token to the identity authentication server using an address that will not be intercepted by the controller;
receive, from the identity authentication server, an indication that the first client device was successfully authenticated; and
based on the indication received from the identity authentication server, grant network access to the first client device.

US Pat. No. 10,193,877

ON-PREMISES AGENT FOR MOBILE CLOUD SERVICE

Oracle International Corp...

1. A method comprising:receiving, by an application executing on a computer system connected to a network behind a firewall, from a first server computer executing outside the firewall over a connection according to a WebSocket protocol, a first request for data stored on a second server computer behind the firewall on the network, the first request comprising a request uniform resource locator (URL), a request header, and a request body, wherein the first request has a first format compliant for the connection according to the WebSocket protocol;
translating, by the application, the first request received from the first server computer into a second request having a second format according to a hypertext transport protocol (HTTP) for communication with the second server computer on the network, wherein:
translating comprises converting the first format of the first request to the second format of the second request for communication with the second server computer,
converting the first format comprises converting the request URL into a converted request URL, and
the second request comprises the request header, the request body, and the converted request URL;
receiving, by the application, from the second server computer, a first response to the second request sent by the application to the second server computer, wherein the first response has the first format;
based on converting the first response from the second format to the first format, creating, by the application, a second response having the first format; and
sending, by the application, the second response over the connection to the first server computer.

US Pat. No. 10,193,876

SYSTEM AND METHOD FOR VERIFYING USER SUPPLIED ITEMS ASSERTED ABOUT THE USER FOR SEARCHING

Zoosk, Inc., San Francis...

1. A method of verifying registration information, comprising:receiving information about a user of a web site, including purported characteristics of the user of the web site for display to other users of the web site, and/or at least one photograph purported to represent the user of the web site for display to the other users of the web site;
providing at least one instruction to the user of the web site requesting the user to pose in a certain manner while causing at least one image to be recorded of the user posing in the certain manner;
receiving the at least one image recorded, either simultaneously with their recording or thereafter;
providing the at least one image to a moderator and at least one of the purported characteristics and/or at least one of the at least one photograph from the information about the user of the web site;
receiving an indication from the moderator whether the at least one image of the user at least correspond to the at least one of the purported characteristics and/or the at least one of the at least one photograph provided to the moderator;
receiving a first request to display information about a plurality of users of the web site who meet a criteria specified as part of the request; and
displaying, responsive to the indication, the information about the user as part of a response to the request.

US Pat. No. 10,193,875

METHOD AND APPARATUS FOR CONTROLLING ACCESS TO SURVEILLANCE VIDEO

XIAOMI INC., Haidian Dis...

1. A method for controlling access to a surveillance video, comprising:acquiring from a user account a view request for viewing a surveillance video file, the view request comprising authorization information of the user account;
performing an identity authentication on the user account according to the authorization information;
allowing a user with the user account to view the surveillance video file when the identity authentication is passed; and
performing a privacy protection operation on the surveillance video file uploaded from a camera device;
wherein said performing a privacy protection operation on the surveillance video file uploaded from a camera device comprises at least one of the following operations:
setting an attribute of the surveillance video file to be hidden; and
encrypting the surveillance video file;
wherein said encrypting the surveillance video file comprises:
acquiring a file key used for encrypting the surveillance video file;
encrypting the surveillance video file based on the file key;
wherein when the surveillance video file is encrypted, the method further comprises:
acquiring a user private key of a preset user account;
generating a user public key of the preset user account according to the file key and the user private key of the preset user account; and
sending the user public key to a corresponding preset user account, such that the preset user account generates a file key of the surveillance video file according to the user public key and the user private key.

US Pat. No. 10,193,874

COMMUNICATION SYSTEM

NATIONAL INSTITUTE OF INF...

1. A communication system in which a terminal communicates with a server via a portable communication network used for communication between portable communication devices, wherein:the portable communication device includes a first pre-shared key and an encryption key,
the terminal includes a second pre-shared key,
the server has an encryption key which is the same as the encryption key included in the portable communication device,
authentication between the terminal and the portable communication device is performed by using the first pre-shared key and the second pre-shared key,
the terminal communicates with the server via the portable communication device by performing key synchronization of the encryption key while setting a hash value of the encryption key as an ID,
the hash value is generated by using a strongly universal hash function by a Toeplitz matrix, and
the portable communication device and the server respectively include a same plurality of different encryption keys and perform communication by using a one time pad, and the encryption keys of the portable communication device and the server are respectively supplied to the portable communication device and the server by using quantum key distribution from a quantum key generation device.

US Pat. No. 10,193,873

KEY DERIVATION FOR SECURE COMMUNICATIONS

Comcast Cable Communicati...

1. A method comprising:performing, by a computing device, a first encryption using a device security key stored in a first memory storage area of the computing device as cleartext;
deriving, using a first seed value comprising a combination of an address of the computing device and a first random number, a first derived key;
storing the first derived key in a second memory storage area of the computing device;
performing, after a compromise of the first derived key, a second encryption using the device security key as cleartext;
deriving, using a second seed value comprising a combination of the address of the computing device and a second random number, a second derived key; and
storing the second derived key in the second memory storage area of the computing device.

US Pat. No. 10,193,872

SYSTEM AND METHODS FOR DYNAMICALLY AND RANDOMLY ENCRYPTING AND DECRYPTING DATA

Cyphyx, LLC, Bonita Spri...

1. One or more non-transitory computer readable media bearing one or more instructions that when executed by a processor cause the processor to execute steps for the dynamic management of the encryption and decryption of a target data element including at least one target data sub-element provided by a local sender for transmission to a remote user, the steps comprising:a. providing an encryption configuration application for installation on a local computer processor, receiving the target data element from the local sender and transmitting an encrypted target data element over a communication channel to a remote computer processor within the computer network;
b. installing a decryption configuration application on the remote computer processor;
c. configuring the encryption configuration application on the local computer processor to prepare and transmit the target data element by:
i. providing a synchronization point value;
ii. using the synchronization point value to provide a multidimensional table having a plurality of arrays of random data;
iii. providing an encryption algorithm sub-table of a plurality of encryption algorithms associated with the multidimensional table;
iv. using the synchronization point value to provide a semaphore command sub-table of a plurality of semaphore codes expressing a plurality of semaphore commands, wherein the semaphore command sub-table is associated with the multidimensional table and the encryption algorithm sub-table;
v. using the synchronization point value to provide an execution step table having step data corresponding to the order of semaphore execution;
vi. providing an encryption configuration manager and a data encryption manager, wherein the encryption configuration manager executes computer programming steps for:
1. using a pseudo-random number generation algorithm to select an encryption algorithm type from the plurality of encryption algorithm types and to select any algorithm parameters according to any requirements of the encryption algorithm type;
2. selecting values for the algorithm parameters from the multidimensional table and applicable semaphore codes corresponding to the semaphore commands specifying those values;
3. communicating the multidimensional table, the selected encryption algorithm type, and the semaphore codes to the data encryption manager;
vii. receiving within the data encryption manager the target data element, the multidimensional table, the selected encryption algorithm type, and the semaphore codes, wherein the data encryption manager executes computer programming steps for:
1. accessing an encryption algorithm corresponding to the selected encryption algorithm type;
2. encrypting the target data element with the selected encryption algorithm in accordance with semaphore commands to form an encrypted target data element;
3. inserting the semaphore codes randomly into the encrypted target data element;
4. transmitting the encrypted target data element with the semaphore codes;
d. configuring the remote computer processor to receive and decrypt an encrypted target data element by:
i. determining the synchronization point value;
ii. receiving the encrypted target data element and semaphore codes;
iii. extracting the semaphore codes;
iv. providing a decryption configuration manager and a data decryption manager, wherein the decryption configuration manager executes computer programming steps for:
1. using the semaphore codes to determine the selected encryption algorithm type, the values for the algorithm parameters, any other semaphore commands, and to apply any predetermined restrictions to the random data of the multidimensional table; and
2. communicating the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands to the data decryption manager;
v. receiving within the data encryption manager the selected encryption algorithm type, the values for the algorithm parameters, the predetermined restrictions, and any other semaphore commands, wherein the data decryption manager executes computer programming steps for:
1. accessing the encryption algorithm corresponding to the selected encryption algorithm type;
2. decrypting the encrypted target data element with the selected encryption algorithm in accordance with semaphore commands and predetermined restrictions to form a decrypted target data element.

US Pat. No. 10,193,871

INFORMATION PROCESSING APPARATUS, CONTROL METHOD, AND PROGRAM

CANON KABUSHIKI KAISHA, ...

1. A camera comprising:a hardware processor; and
a memory for storing instructions to be executed by the hardware processor,
wherein, when the instructions stored in the memory are executed by the hardware processor, the camera functions as:
a first processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on a Device Management service defined in the Open Network Video Interface Forum (ONVIF) standard;
a second processing unit configured to perform a setting for performing encrypted communication on the camera in response to a command based on an Advanced security service defined in the ONVIF standard; and
a transmitting unit configured to transmit information indicating that the setting for performing the encrypted communication is made in response to the command based on the Device Management service defined in the ONVIF standard to a client apparatus if the command based on the Advanced security service defined in the ONVIF standard is received from the client apparatus after the first processing unit performs the setting for performing the encrypted communication on the camera in response to the command based on the Device Management service defined in the ONVIF standard.

US Pat. No. 10,193,870

METHODS AND SYSTEMS FOR NON-INTRUSIVE ANALYSIS OF SECURE COMMUNICATIONS

Borland Software Corporat...

1. A method, comprising:capturing a plurality of secure communications between a first application and a second application;
grouping the plurality of communications into one or more streams, each stream representing a different network connection between the first application and the second application; and
processing the one or more streams in parallel to create a plurality of transactions with each transaction representing a pair of information comprising a request and a response to that request, and wherein processing further includes hierarchically reconstructing a session representing the transactions and creating a script for recreating the session for analysis by looking for references to a particular transaction of a particular stream within another transaction of another stream, wherein the session representing a set of all transactions between the first application and the second application.

US Pat. No. 10,193,868

SAFE SECURITY PROXY

BAE Systems Information a...

1. A method of protecting at least one networked enclave, comprising,providing a proxy node per networked enclave, wherein the proxy node of the networked enclave comprises a timer and is configured to communicate with other networked enclaves via a respective proxy node;
the networked enclaves comprising electronic control units of a vehicle;
providing one or more regular nodes per networked enclave, wherein the proxy node establishes a connection between the one or more regular nodes within a networked enclave and establishes the connection between the one or more regular nodes of the other networked enclaves via their respective proxy node;
monitoring a state of the proxy nodes or regular nodes, wherein the proxy nodes and regular nodes have reputations and states, where said states include at least healthy, compromised, and off-line;
detecting an attack on the proxy nodes or regular nodes;
isolating the one or more attacked nodes;
cleansing the one or more attacked nodes by sending a reboot message via the proxy node of the networked enclave to the one or more attacked nodes within the networked enclave or to a respective proxy node of another networked enclave;
reducing the reputation of the one or more attacked nodes; and
rebooting the one or more attacked nodes to restore the state of the one or more attacked nodes to healthy.

US Pat. No. 10,193,867

METHODS AND SYSTEMS FOR API PROXY BASED ADAPTIVE SECURITY

Ping Identity Corporation...

1. A method for securing one or more API servers, the method comprising:receiving at a first security server within a cluster of security servers, a first set of information comprising proxy access log information from at least a first proxy within a proxy cluster;
analysing the first set of information for identifying a first set of indicators of compromise;
receiving at a second security server within the cluster of security servers, a second set of information comprising proxy access log information from at least a second proxy within the proxy cluster;
analysing the second set of information for identifying a second set of indicators of compromise;
responsive to receiving an indicator of compromise at a proxy within the proxy cluster, discarding a received client message corresponding to a client or connection id associated with the received indicator of compromise, without onward transmission to an API server identified in the received client message;wherein the proxy cluster comprises a networked plurality of proxies, wherein each of the plurality of proxies is configured to extract information identifying a target API from data packets corresponding to a received client message, and to transmit the received client message to an API server implementing the target API; andwherein at least one of the first set of information and the second set of information is acquired by:
capturing at each protocol specific data plane or TCP port specific data plane within the first proxy or second proxy, real time API traffic data routed through said data plane; and
for each data plane, generating a log uniquely corresponding to said data plane, wherein said log comprises captured real time API traffic data routed through said data plane; and persisting each generated log file along with a unique id associated with the generated log.

US Pat. No. 10,193,866

PRIVATE NETWORK PEERING IN VIRTUAL NETWORK ENVIRONMENTS

Amazon Technologies, Inc....

1. A provider network, comprising;a network substrate;
a plurality of host devices implementing a plurality of resource instances for clients of the provider network, wherein subsets of the resource instances are provisioned in virtual networks for the clients on the provider network;
one or more computing devices implementing a peering service, wherein the one or more computing devices implementing the peering service are configured to:
determine routing information for routing network packets between one or more resource instances of a first virtual network and one or more resource instances of another virtual network via a peering on the provider network; and
enable the first virtual network and the other virtual network to exchange network packets via the peering on the provider network, wherein the packets are addressed to respective private IP addresses of the first virtual network or the other virtual network when being transmitted from a resource instance of the first virtual network or the other virtual network.

US Pat. No. 10,193,864

CLOUD INTERFACE FOR USE OF CLOUD SERVICES

Comcast Cable Communicati...

1. A system comprising:a user device; and
a cloud carrier device communicatively coupled to a first cloud provider, of a plurality of cloud providers, and to a second cloud provider, of the plurality of cloud providers and different from the first cloud provider;
wherein the cloud carrier device is communicatively coupled to the user device via a cloud service user interface associated with a physical layer comprising data over cable service interface specification (DOCSIS) attributes; and
wherein the cloud carrier device comprises:
one or more processors;
memory storing instructions that, when executed by the one or more processors, cause the cloud carrier device to:
coordinate access of cloud services of the first cloud provider and cloud services of the second cloud provider by the user device; and
relay communications between the cloud carrier device and at least one of the plurality of cloud providers; and
an interface associated with an Internet Protocol version 6 (IPv6) virtual private network (VPN) attribute and an Internet Protocol version 4 (IPv4) VPN attribute.

US Pat. No. 10,193,863

ENFORCING NETWORK SECURITY POLICY USING PRE-CLASSIFICATION

Microsoft Technology Lice...

1. A system comprising:at least one computer processor; and
at least one memory comprising computer program code configured to cause the at least one computer processor to:
create a pre-classifier layer for a network traffic property according to a network security policy, the pre-classifier layer having a pre-classifier filter for each element of a set of elements associated with the network traffic property;
classify, in the pre-classifier layer, inbound or outbound network traffic based on the network traffic property;
set a bit in a pre-classifier bit array for each pre-classifier filter based on classifying the network traffic in the pre-classifier layer, wherein the bit represents a classification of the network traffic; and
allow or deny, in a network security layer, the network traffic based on the bit in the pre-classifier bit array.

US Pat. No. 10,193,861

METHOD AND APPARATUS FOR BEST EFFORT PROPAGATION OF SECURITY GROUP INFORMATION

CISCO TECHNOLOGY, INC., ...

13. A network device comprising:one or more processors;
one or more network interfaces coupled to the one or more processors, wherein
the one or more network interfaces are configured to couple the network device to a sub-network and a core network;
a non-transitory computer-readable storage medium coupled to the one or more processors; and
a plurality of instructions, encoded in the non-transitory computer-readable storage medium and configured to cause the one or more processors to
receive a packet from the sub-network via one of the one or more network interfaces, wherein
the packet comprises a source group identifier and a destination address,
determine whether the destination address is associated with any security group identifier, and
in response to a determination that the destination address is associated with a security group identifier,
determine whether the security group identifier is a reserved group identifier,
if the security group identifier is the reserved group identifier, forward the packet to another network device in the core network, and
if the security group identifier is not the reserved group identifier, perform access control processing on the packet using the source group identifier, wherein
the plurality of instructions configured to cause the one or more processors to perform the access control processing is further configured to cause the one or more processors to
 identify a permissions matrix entry in a permissions matrix, using the source group identifier and a destination group identifier,
 identify a role-based access control list using information in the permissions matrix entry, and
 determine handling of the packet using information in the role-based access control list.

US Pat. No. 10,193,860

SECURE APPLICATION DELIVERY SYSTEM WITH DIAL OUT AND ASSOCIATED METHOD

Akamai Technologies, Inc....

1. A system to deliver an application, hosted by a private application provider system, over a network, comprising:an application delivery system that includes at least one hardware processor and a storage device configured to provide:
a first network interface that includes a computing entity instance of a first type;
a second network interface that includes one or more computing entity instances of a second type;
a network security interface that includes one or more computing entity instances of a third type comprising a decryption service, an authentication service, an encryption service, and a connection stitching service; and
an application agent disposed within the private application provider system;
wherein the application agent is configured to create a pool of third connections between the application agent and one or more computing entity instances of the second type within the second network interface;
wherein in response to creation of the pool of third connections each computing entity instance of the second type within the second network interface provides a fourth connection to a computing instance of the third type within the network security interface, wherein each fourth connection corresponds to a separate third connection in the pool of third connections;
wherein a computing entity instance of the first type within the first network interface provides a second connection to a computing instance of the third type and uses that second connection to send to the computing instance of the third type a request for access to the application, the request for access having been received over a first connection established to the computing entity of the first type; and
wherein the decryption service receives the request for access over the second connection and decrypts it to generate a result;
wherein, upon a successful authentication of the result by the authentication service, the encryption service re-encrypts the request for access and the stitching service creates a connection pair between the second connection and one of the fourth connections; and
wherein the request for access as re-encrypted is then provided to a computing entity instance of the second type over the connection pair.

US Pat. No. 10,193,859

SECURITY APPARATUS, ATTACK DETECTION METHOD, AND STORAGE MEDIUM

PANASONIC INTELLECTUAL PR...

1. A security apparatus connected to a bus, comprising:a receiver that receives a first frame from the bus;
a memory that stores an examination parameter defining a content of an examination on the first frame; and
processing circuitry that, in operation, performs operations including
first determining whether a predetermined condition is satisfied for the first frame,
in a case where the first determining determined that the predetermined condition is satisfied, updating the examination parameter stored in the memory, and
second determining whether the first frame is an attack frame based on the updated examination parameter stored in the memory,
wherein the first frame is a data frame including an ID field storing an ID, Data Length Code (DLC), and a data field,
the examination parameter stored in the memory includes a threshold value indicating an upper limit of an allowable range of a frequency of transmission of one or more frames whose ID values are identical within a predetermined unit time,
the first determining determines that the predetermined condition is satisfied for the first frame received by the receiver, in a case where a transmission interval is out of a predetermined allowable range, the transmission interval being defined by a reception interval between the first frame and a second frame whose ID value is identical to the ID value of the first frame,
the updating updates the threshold value, in a case where the first determining determined that the predetermined condition is satisfied, and
the second determining determines that the first frame received by the receiver is an attack frame, in a case where the frequency of transmission of the first frame received by the receiver is higher than the updated threshold value.

US Pat. No. 10,193,857

SECURE UNRESTRICTED NETWORK FOR INNOVATION

The United States of Amer...

1. A dual network computing system comprising:a workstation comprising:
a first computing system communicably coupled with a first data storage system within a first network, the first computing system is configured to access or transmit first network data;
a second computing system communicably coupled with a second data storage system within a second network, wherein the second network does not communicate outbound data to the first network;
a keyboard;
a video display;
a graphical user interface pointing device; and
a keyboard video, and graphical user interface pointing device (KVGUIPD) switch that is coupled to the first and second computing systems, the KVGUIPD switch selectively couples the keyboard, the video display, and the graphical user interface pointing device with either said first or said second computing systems, said KVGUIPD switch comprises a mechanical switch that enables coupling of the keyboard, the video display, and the graphical user interface pointing device with either the first or second computing systems while electrically isolating the first and second computing systems from each other;
a data transport server communicably coupled to the first data storage system and the second data storage system, the data transport server including a first network interface configured to receive first network data from the first data storage data system, wherein the first storage system further include a data or file synchronization system or program that automatically replicates the first network data selected for storage on the first data storage system to the data transport server when the first network data is selected for said storage to the first data storage system using the first computing system, wherein the data transport server further includes, and a second network interface configured to transmit data unidirectionally from the data transport server to the second data storage system, wherein the data transport server further includes a purging module, the purging module configured to scan for one or more predefined data elements from the first network data received from the first data storage system, the purging module is further configured to purge said one or more matching data elements from the first network data if detected, wherein the purging module outputs in remaining first network data elements, wherein the data transport server further comprises a second network interface configured to transmit the purging module outputs of remaining first network data elements unidirectionally from the data transport server; and
a first data link providing unidirectional data communication from the data transport server's second network interface to the second data storage system, wherein the second network interface and the first data link is implemented using a physical and logical one-way interface/data transport link with the second storage system;
the data transport server includes logic that overrides a purging function of the purging module when the data transport server verifies at least one authentication factor associated with one or more of the first plurality of data to determine whether the one or more of the first plurality of data originated from a trusted source; and
wherein the one or more of the first plurality of data include a binary data file and the at least one authentication factor includes a digital signature associated with at least one of the binary data file;
a second data blocking device communicably coupled to an encryption device, wherein the second data blocking device is configured to block first network data not selected for storage in the first data storage system via the first computing system from entering the second network comprising a closed network portion of the dual network computing system, and the second data routing device is communicably coupled to the encryption device, wherein the encryption device encrypts data transmitted by the second data routing device;
wherein the encryption device and the second data blocking device are configured to enable encrypted isolation between first network data not selected for storage in the first data storage system via the first computing system that is external to the second network's closed network portion and data internal to the closed network portion.

US Pat. No. 10,193,856

METHOD, TERMINAL, AND SERVER FOR PROVIDING COMMUNICATION SERVICE

Samsung Electronics, Co.,...

1. A communication service method of a terminal, the method comprising:generating a transmission control protocol (TCP) connection request;
determining a communication network type for transmitting the TCP connection request to a server;
mapping a first internet protocol (IP) address associated with a first communication network to a virtual address, when the communication network type is determined to the first communication network;
transmitting a first mapping request message including first information on the first IP address and the virtual address to the server through the first communication network;
mapping a second IP address associated with a second communication network to the virtual address, when a handover from the first communication network to the second communication network is detected; and
transmitting a second mapping request including second information on the second IP address and the virtual address to the server through the second communication network.

US Pat. No. 10,193,854

APPARATUS AND METHOD FOR DETECTING DUPLICATE TEMPORARY ID

DENSO International Ameri...

1. An apparatus mounted on a host vehicle to detect a duplicate temporary ID in basic safety messages (BSMs), the apparatus comprising:a receiver configured to receive the BSMs from surrounding vehicles through packet transmission; and
a duplication identifier configured to identify the duplicate temporary ID based on the BSMs having an identical temporary ID value commonly used by at least two surrounding vehicles, wherein
the apparatus further comprises a packet error rate (PER) calculator configured to calculate a PER during a specified time for the BSMs having the identical temporary ID value, wherein
the duplication identifier configured to identify the duplicate temporary ID when the PER calculated by the PER calculator is greater than a PER threshold.

US Pat. No. 10,193,853

WEB BROWSER OR WEB SERVICE BASED DETECTION OF INTERNET FACING DNS SERVER

Workday, Inc., Pleasanto...

1. A system for determining an IP address of an Internet facing DNS server, comprising:an input interface configured to:
receive a request for a web page from a client system, wherein the client system comprises the Internet facing DNS server in communication with a user of the client system, wherein the request includes a detection URL; and
a hardware processor configured to:
determine an ID code from the detection URL;
determine the IP address of the Internet facing DNS server based at least in part on the ID code;
determine a distance between an internet facing DNS server geolocation and a user geolocation; and
provide, using the web page, one or more of the following: the internet facing DNS server geolocation or the distance between the internet facing DNS server geolocation and the user geolocation.

US Pat. No. 10,193,851

TECHNIQUES FOR MAPPING MACHINE TO MACHINE COMMUNICATION TO DIFFERENT UNDERLYING NETWORKS

ZTE Corporation, Shenzhe...

1. A method for facilitating Machine-to-Machine (M2M) communication, the method comprising:providing a first machine identification to an M2M node, the first machine identification being specific to an underlying communication network via which the M2M node is communicatively accessible;
acquiring a second machine identification given to the M2M node, the second machine identification being specific to an M2M application layer by which other M2M application layer entities can communicate with the M2M node, wherein
the second machine identification is added as an additional attribute to an application resource structure of the M2M node,
the application resource structure is included at a Common Services Entity of an Infrastructure Node, and the application resource structure represents information about the M2M application layer known to the Common Service Entity of the Infrastructure Node;
storing a mapping between the first machine identification and the second machine identification; and
triggering the M2M node using the mapping.

US Pat. No. 10,193,850

DISCOVERING QUESTIONS, DIRECTIVES, AND REQUESTS FROM, AND PRIORITIZING REPLIES TO, A PREFERRED MESSAGE SENDER METHOD AND APPARATUS

Notion AI, Inc., Ann Arb...

1. An online method operating in an electronic mail environment that re-prioritizes electronic messages according to identifiable requests and automates responses to the electronic messages, the online method comprising:collecting, at an electronic message server, one or more electronic messages directed to a user of the email environment;
implementing a parsing circuit to detect one or more actionable message content within a content of the electronic message, wherein the one or more actionable message content includes one or more of a query and a directive from a sender of the electronic message to a recipient;
in response to detecting the one or more actionable message content:
(i) implementing an electronic message analyzer circuit that analyzes the content of the electronic message and a historical message database, wherein the electronic message analyzer circuit calculates (a) an urgency score and (b) an importance score for the electronic message based on a result of the analysis of the content of the electronic message and an estimated sender-recipient relationship score derived from historical electronic messages exchanged between the sender and the recipient of the electronic message;
(ii) automatically generating, by a timer circuit, a timer value based on an input of the urgency score and the importance score;
(iii) automatically setting, by the timer circuit, a timer for automatically generating a disposition for the electronic message, wherein the timer comprises the timer value;
upon an expiry of the timer, automatically disposing the electronic message according to one or more predetermined dispositions if a reply to the electronic message is not generated by the recipient of the electronic message.

US Pat. No. 10,193,849

DETERMINING STORIES OF INTEREST BASED ON QUALITY OF UNCONNECTED CONTENT

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:storing user profiles for users of the social networking system, each user profile comprising connections between one of the users and pages of social networking system, the connections representing interactions performed by the users on the pages of the social networking system;
receiving a plurality of content items posted on an additional page of the social networking system;
determining, by a processor, from the plurality of content items, a subset of content items determined to be high quality content items, the determination of the high quality content items comprising: computing a quality score representing a lexical quality for the content item;
extracting topics from the content items of the subset by analyzing terms and phrases of the content items of the subset;
selecting one of the content items of the subset having an extracted first topic;
mapping the extracted first topic to one or more related pages of the social networking system, the mapping comprising:
determining a first rate of interactions performed by additional users of the social networking system on the content item and additional rates of interactions performed by the additional users on the one or more related pages by accessing connections stored in the user profiles of the additional users of the social networking system; and
comparing the first rate of interactions to each of the additional rates of interactions;
for one of the one or more related pages:
identifying a user of the social networking system that previously interacted with the related page and previously did not interact with the additional page by accessing the connections in a stored user profile for the user of the social networking system; and
providing the content item in a newsfeed for display to the user.

US Pat. No. 10,193,848

SYSTEM AND RELATED METHOD FOR MANAGEMENT OF DEVICES OF A NETWORK SYSTEM VIA SOCIAL MEDIA INTERFACES

Extreme Networks, Inc., ...

1. A non-transitory social media agent implemented at one or more hardware computer devices for exchanging network management messages with a network infrastructure device of a network system via one or more social media interfaces, the social media agent comprising:a social media interface configured to receive an incoming message having a first message configuration via a social media network;
a session agent configured to translate the received incoming message into a command executable by the network infrastructure device of the network system, wherein the executable command has a second message configuration different from the first message configuration;
a network management interface configured to receive a log message acknowledging receipt of the executable command from the network infrastructure device, wherein the log message has the second message configuration;
the session agent being configured to translate the log message into an outgoing message having the first message configuration and select the social media network or another social media network for transmitting the outgoing message based on content of the outgoing message and a messaging format requirement defined by the social media network; and
the social media interface being configured to transmit the outgoing message having the first message configuration via the social media network.

US Pat. No. 10,193,847

CONTEXTUAL FEED

Microsoft Technology Lice...

1. A computer-implemented method comprising:maintaining member profiles representing members in an on-line social network system, the on-line social network system comprising a news feed web page generator to generate news feed web pages for presentation to members represented by respective member profiles;
detecting events originated with the member profiles from web pages that are distinct from news feed pages generated for the respective member profiles by the news feed web page generator;
using at least one processor, generating contextual engagement features, based on the detected events, the contextual engagement features reflecting respective areas of a web site provided by the on-line social network system where respective events occurred;
including the contextual engagement features as training data for training a second pass ranker;
for a focus profile representing a focus member in the on-line social network system, detecting a request to generate news feed web page, generating focus contextual engagement features based on recent events data representing events originated with the focus member from web pages that are distinct from news feed pages previously generated for the focus member, the recent events data represents respective events detected within a predetermined period of time from the request to generate news feed web page for the focus member, and providing the focus contextual engagement features as input to the second pass ranker; and
generating, using the second pass ranker that was trained using the contextual engagement features, respective ranks for items in an inventory of updates identified as potentially of interest to a the focus member and selecting a subset of items from the inventory based on the generated respective ranks, the second pass ranker to generate the respective ranks using as input the focus contextual engagement features.

US Pat. No. 10,193,846

METHOD AND SYSTEM FOR REPORTING MESSAGE DISPOSITION IN A COMMUNICATION NETWORK

Telefonaktiebolaget LM Er...

1. A method of operating a messaging application server in a communication network, the method comprising:receiving a message originating from a sender mobile station, the message being addressed to a recipient mobile station, the message being received via a first protocol;
determining that the recipient mobile station is not operative to receive the message via the first protocol;
responsive to determining that the recipient mobile station is not operative to receive the message via the first protocol, converting the message into a format compliant with a second protocol different from the first protocol, wherein the recipient mobile station is operative to receive the converted message via the second protocol;
transmitting the converted message toward the recipient mobile station via the second protocol;
receiving a notification message comprising an indication that the converted message was delivered to the recipient mobile station;
generating a disposition notification message comprising an indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol, wherein the indication that the message was delivered to the recipient mobile station via a protocol different from the first protocol comprises a status element in the disposition notification message populated with a predetermined value indicative of a type of protocol used to deliver the message to the recipient mobile station; and
transmitting the disposition notification message toward the sender mobile station via the first protocol.

US Pat. No. 10,193,845

PREDICTIVE ELECTRONIC MESSAGE MANAGEMENT SYSTEMS AND CONTROLLERS

The Travelers Indemnity C...

1. An electronic message processing apparatus, comprising:a transceiver device;
a processor in communication with the transceiver device; and
a computer-readable memory device in communication with the processor, the computer-readable memory device storing instructions that when executed by the processor direct the processor to:
receive data indicative of at least one rule for recognizing an interaction pattern in a plurality of interaction events;
receive data indicative of a plurality of interaction events associated with a specific user, the plurality of interaction events comprising at least one electronic message from the specific user;
determine a respective interaction type associated with each at least one electronic message from the specific user;
determine, based on (i) the data indicative of the plurality of interaction events associated with the specific user and (ii) the respective interaction type associated with each at least one electronic message from the specific user, at least one interaction outgoing message to transmit to the specific user; and
output, via the transceiver device, the at least one interaction outgoing message to a user message device associated with the specific user.

US Pat. No. 10,193,844

SECURE CLOUD-BASED MESSAGING AND STORAGE

Amazon Technologies, Inc....

1. A method comprising:identifying a first electronic message intended for delivery to at least a first recipient by a gateway module operating in association with a first server;
determining, by the gateway module, at least a first permission level of the first recipient;
determining, by the gateway module, that the first recipient is authorized to receive the first electronic message based at least in part on the first permission level and at least a portion of the first electronic message;
comparing, by the gateway module, at least the portion of the first electronic message to at least one storage criterion;
determining, by the gateway module, that at least the portion of the first electronic message satisfies the at least one storage criterion;
in response to determining that at least the portion of the first electronic message satisfies the at least one storage criterion, identifying a first secure folder associated with the portion of the first electronic message by the gateway module, wherein the first secure folder is provided in association with the first server;
storing, by the gateway module, at least the portion of the first electronic message in the first secure folder;
generating, by the gateway module, a second electronic message intended for delivery to the first recipient, wherein the second electronic message comprises a hyperlink to at least a portion of the first secure folder;
causing, by the gateway module, the second electronic message to be transmitted over a network to the first recipient;
receiving, by the gateway module, information regarding a first selection of the hyperlink over the network, wherein the first selection of the hyperlink is received at a first computer device;
in response to the first selection of the hyperlink, determining that the first computer device is associated with the first recipient by the gateway module; and
causing, by the gateway module, a first file comprising at least the portion of the first electronic message to be transmitted to the first computer device over the network via a first contact path associated with the first recipient.

US Pat. No. 10,193,843

COMPUTING SYSTEM WITH CONVERSATION MODELING MECHANISM AND METHOD OF OPERATION THEREOF

Samsung Electronics Co., ...

1. A computing system comprising:a control circuit configured to:
access a subject interaction representing communication between a customer and a service provider, wherein the communication comprises a textual or linguistic communication via an electronic medium,
parse the communication to identify a communication segment and a sourcing party associated with the communication segment from the subject interaction,
generate a message label for the communication segment based on one of a categorization or classification of the communication segment, and
generate a dialog-flow framework based on the message label for representing the subject interaction, wherein the dialog-flow framework comprises a set of patterns representing one or more communications between the customer and the service provider; and
a storage circuit, coupled to the control circuit, configured to store the dialog-flow framework.

US Pat. No. 10,193,842

WORKFLOW MANAGEMENT AND CORRESPONDING INTEGRATED NOTIFICATION PROCESSING PLATFORM

West Corporation, Omaha,...

1. A method, comprising:receiving, via a receiver of a device, a request message from a customer device;
identifying, via a processor of the device, the request message as being a particular message type;
pre-processing, via the processor of the device, the request message based on the identified message type to identify message content and keywords included therein, wherein the keywords comprise an auto-identified purpose related to the request message; and
displaying, via a display of the device, the identified message content and the identified keywords, wherein the identified keywords are distinguished from other message content thereby distinguishing the auto-identified purpose related to the request message from the other message content.

US Pat. No. 10,193,841

PRODUCT ONBOARDING VIA MESSAGES

Microsoft Technology Lice...

1. A computer-implemented method comprising:accessing, via one or more data sources, email content data describing an email type of an email to be transmitted to a particular member of an online social network service;
accessing, via the one or more data sources, candidate information identifying a set of candidate onboarding content items associated with the email type, each of the onboarding content items in the set being configured to promote a product feature associated with the online social network service;
removing, from the set, a first subset of the candidate onboarding content items, responsive to determining that the particular member has already been onboarded to products associated with the candidate onboarding content items in the first subset;
removing, from the set, a second subset of the candidate onboarding content items, responsive to determining that the particular member has previously viewed and not further interacted with the candidate onboarding content items in the second subset after being exposed to the candidate onboarding content in accordance with an impression capping rule that is tuned to the particular member; and
dynamically selecting, using one or more processors, a specific onboarding content item from the set of candidate onboarding content items for inclusion in a portion of the email along with content displayed in an additional portion of the email.

US Pat. No. 10,193,840

MESSAGE BLOCKING AND NETWORK QUEUING, FOR EXAMPLE WHILE RECIPIENT IS DRIVING

T-Mobile U.S.A., Inc., B...

15. A system, in a mobile telecommunications network, adapted to block delivery of messages to a destination mobile device located inside of a moving vehicle, the system comprising:a memory;
a processor coupled to the memory, wherein the system is further configured to:
receive, at the system, from a message originator, an incoming message to be delivered to the destination mobile device;
retrieve a driving status indicator from a Home Location Register (HLR) or a Home Subscriber Server (HSS) located within the mobile telecommunications network, wherein the driving status indicator provides an indication of whether the destination mobile device is in motion;
analyze the driving status indicator to determine whether the destination mobile device is in motion;
in response to determining when the destination mobile device is in motion, add the incoming message to a message queue, wherein the incoming message remains in the message queue without delivery to the destination mobile device as long as the destination mobile device remains in motion; and
in response to determining when the destination mobile device is not in motion, deliver the incoming message to the destination mobile device.

US Pat. No. 10,193,839

MANAGING SECURITY IN MESSAGING PROTOCOL COMMUNICATIONS

Amazon Technologies, Inc,...

1. A computer-implemented method for managing the execution of commands on a computing device utilizing a messaging protocol comprising:receiving, at a message processing service, from an administrative client device, information related to configuration of message processing functionality to publish messages to a subset of registered devices to receive messages published in accordance with a topic, wherein the messages are formed in accordance with the MQ Telemetry Transport protocol;
receiving, by the message processing service, a received message from a device, wherein the received message includes a topic portion that includes one or more levels associated with subject matter descriptors;
identifying, by the message processing service, a set of recipient devices registered to receive messages based on the topic portion of the messages;
processing, by the message processing service, the received message to identify a security identifier and additional information to select a subset of the recipient devices based on evaluation of at least one of a set of business rules or routing tables; and
publishing, by the message processing service, the processed received message based, at least in part, on the processing of the received message.

US Pat. No. 10,193,838

CONDITIONAL INSTANT DELIVERY OF EMAIL MESSAGES

Microsoft Technology Lice...

1. A method for delivery of a message, the method comprises:receiving the message from a client, wherein the message indicates a sender associated with a sender mailbox and a recipient associated with a recipient mailbox;
analyzing the message to determine that the recipient mailbox and the sender mailbox are in a domain managed by a single entity;
in response to determining that the recipient mailbox and the sender mailbox are not in the domain managed by the single entity, sending the message using a processing hub having a set of operations that include a queuing process for delivering the message to the recipient mailbox, wherein the set of operations further comprises at least one of malware scanning, compliance checking, SPAM filtering, creating copies of the message for redundancy for high availability purposes or a resolving process; and
in response to determining that the recipient mailbox and the sender mailbox are in the domain managed by the single entity, adding a direct delivery tag to the message, and sending the message using a direct delivery system having a subset of the set of operations that eliminates the queuing process for purposes of expediting delivery of the message to the recipient mailbox.

US Pat. No. 10,193,835

MESSAGE MANAGEMENT AND MESSAGE MODIFICATION APPLICATION

Open Invention Network LL...

1. A method, comprising:receiving a message from a user device at a network controller;
processing, by the network controller, the message to identify message content;
determining, by the network controller, whether the message should be modified based on the message content;
automatically filtering, by the networking controller, the message content if it includes information considered to be uninteresting;
automatically modifying the data based on user preferences if the network controller determines the message should be modified based on the message content;
determining, by the network controller, whether the message should be transmitted to its intended destination based on the message content;
determining, by the network controller, whether the message content relates to a particular issue;
forwarding, by the network controller, a first message that relates to the particular issue to a first predetermined storage location;
forwarding, by the network controller, subsequent messages that relate to the particular issue to a second predetermined storage location;
accumulating, by the network controller, a quantity of the stored subsequent messages that relate to the particular issue;
generating, by the network controller, a solution to the particular issue when the quantity of stored subsequent messages exceeds a threshold quantity; and
providing the solution to one or more user devices associated with the particular issue.

US Pat. No. 10,193,834

METHOD AND APPARATUS FOR DOWNLOADING AND DISPLAYING PICTURES

TENCENT TECHNOLOGY (SHENZ...

1. A computer-implemented method of downloading and displaying pictures associated with instant messages on a screen of a computing device, the method comprising:at the computing device having one or more processors and memory for storing program modules to be executed by the processors:
displaying a list of instant messages on the screen, at least one of the instant messages having an associated picture and including address information of the picture;
while the picture is being downloaded:
detecting a user instruction to slide the list of instant messages on the screen;
in response to the user instruction:
pausing the download of the picture;
determining, among the list of instant messages, a second instant message having an associated second picture and including address information of the second picture based on the user instruction; and
downloading the second picture associated with the second instant message according to the address information without receiving a download instruction from the user of the computing device.

US Pat. No. 10,193,833

ELECTRONIC MESSAGE COMPOSITION SUPPORT METHOD AND APPARATUS

OATH INC., New York, NY ...

1. A method comprising:receiving, by a server computing device from a client computing device, content of an electronic message being composed by a user at the client computing device prior to the electronic message being sent by the user to at least one recipient;
forwarding, by the server computing device, at least a portion of the received electronic message content to a number of linters, each linter using the at least a portion of the received electronic message content to determine whether a condition exists that merits feedback to the user, the number of linters comprising at least one linter to identify a grammatical condition, at least one linter to identify a stylistic condition and at least one linter to identify a functional condition, the at least one linter to identify a stylistic condition comprising a formality linter to identify a mismatch between a determined level of formality of the content of the electronic message and a desired level of formality;
receiving, by the server computing device, the electronic message content annotated to include feedback identifying at least one condition identified by the number of linters; and
forwarding, by the server computing device, the annotated electronic message content for display at the user computing device, the annotated electronic message content being forwarded as a prompt for the user to replace at least a portion of the electronic message's content displayed at the user computing device prior to the electronic message being sent to the at least one recipient, the annotated electronic message content comprising the content of the electronic message being composed by the user and annotation message content indicating the identified mismatch between a current level of formality of the content of the electronic message and the suggested level of formality.

US Pat. No. 10,193,832

NOTIFICATION DELIVERY MECHANISM FOR PRESENT VIEWING USERS

Google LLC, Mountain Vie...

1. A method comprising:identifying a notification to be sent to a user having a plurality of user devices;
determining presence of the user on a first user device of the plurality of user devices;
determining whether a media player on the first user device is playing media content; and
upon determining that the media player on the first user device is playing the media content, transmitting the notification to the first user device without transmitting the notification to other user devices of the plurality of user devices.

US Pat. No. 10,193,831

DEVICE AND METHOD FOR PACKET PROCESSING WITH MEMORIES HAVING DIFFERENT LATENCIES

Marvell Israel (M.I.S.L) ...

1. A packet processing system, comprising:a processor for processing units of data traffic received from a network;
a first memory composed of a first type of memory cells and disposed in proximity to the processor;
a second memory composed of a second type of memory cells that is different from the first type and being disposed further away from the processor than the first memory, wherein a head portion of a queue for queuing data units utilized by the processor is disposed in the first memory, and a tail portion of the queue is disposed in the second memory, wherein the second memory has a greater memory space than the first memory and the second memory is configured to receive bursts of high activity data traffic without dropping units of data traffic, the high activity data traffic being periodically received from the network at a data rate that is higher than a sustained data rate of the data traffic, the sustained data rate being indicative of an average rate at which data units are received over time; and
a queue manager configured to:
(i) manage the queue using a linked list, the linked list comprising linking indications between data units of the queue that are maintained across the first and second memories,
(ii) selectively push new data units to the tail portion of the queue at a burst data rate, at least some of the new data units from data traffic bursts of high-traffic activity, such that newer data units of the queue that are received during high-traffic activity are stored in the second memory at a rate that is higher than the sustained data rate, and generate a linking indication linking a new data unit to an earlier-received data unit that is physically located either in the head or tail portion of the queue, and
(iii) transfer, according to an order, a queued data unit from the tail portion of the queue disposed in the second memory to the head portion of the queue disposed in the first memory, without overloading the first memory, prior to popping the queued data unit from the head portion of the queue, such that older data units of the queue are stored in the first memory, and to update the linking indication for the queued data unit that is transferred from the tail portion to the head portion.

US Pat. No. 10,193,829

INDEFINITELY EXPANDABLE HIGH-CAPACITY DATA SWITCH

OMEGA SWITCHING SYSTEMS, ...

1. A packet-data switching system, the system comprising:a plurality of interconnecting switching nodes, each node having an embedded processor and a plurality of physical ports; and
a switch management processor for managing the plurality of switching nodes;
wherein each switching node is configured to receive a data packet at one of the plurality of ports and to process the data packet;
wherein processing the data packet includes at least one of:
routing the data packet to another of the plurality of ports of the switching node for egress from the switching system;
routing the data packet to another of the plurality of switching nodes;
routing the data packet to the embedded processor; and
routing the data packet to the switch management processor;
wherein processing the data packet includes identifying, as switching system ingress data packets, data packets that are entering the switching system and wherein processing a switching system ingress data packet includes:
identifying, as an ingress node, the switching node via which the data packet entered the switching system;
determining a destination of the data packet;
using the destination to identify, as the egress node, a switching node via which the data packet will exit the switching system;
determining a path from the ingress node to the egress node, the path including at least one switching node;
determining, for each of the at least one switching node in the path, a physical address of an egress port for transmitting the data packet to the next step in the path;
representing the path as a list of the addresses of at least one egress port, in the order of the switching nodes that the data packet will encounter on its way to the egress port of the egress node, wherein the egress port of the egress node is at the back of the list;
modifying a data packet header to include the list of addresses of egress ports; and
routing the data packet through the switching system using the list of addresses of egress ports, wherein at the egress node, the data packet header is restored to its original condition before the data packet egresses the switching system.

US Pat. No. 10,193,828

EDGE DATAPATH USING INTER-PROCESS TRANSPORTS FOR CONTROL PLANE PROCESSES

NICIRA, INC., Palo Alto,...

1. A method for implementing a gateway datapath for a logical network, the gateway datapath comprising a plurality of pipeline stages corresponding to entities of the logical network, the method comprising:receiving a packet from a network external to the logical network at the gateway datapath, the gateway datapath executing in a user space of the computing device;
executing a first set of pipeline stages in the plurality of pipeline stages to process the received packet, the plurality of pipeline stages corresponding to logical entities along the data path, wherein one of the pipeline stages of the first set identifies the packet as a control plane packet; and
based on the identification of the packet as a control plane packet, transporting the packet to a kernel network stack via a user-kernel transport, wherein the network stack provides the packet to a control plane process, wherein transporting the packet to the kernel network stack bypasses a second set of pipeline stages in the plurality of pipeline stages subsequent to the particular pipeline stage.

US Pat. No. 10,193,827

HOT CARRIER INJECTION TOLERANT NETWORK ON CHIP ROUTER ARCHITECTURE

1. An apparatus comprising:a plurality of input buffers that receives a plurality of input buffer data bits;
a plurality of multiplexers that shuffles the plurality of input buffer data bits to output multiplexer outputs, wherein the multiplexer outputs are buffered by a plurality of buffers to output a plurality of shuffled input buffer data bits;
a coupling module comprising semiconductor gates that switches first input buffer data bits of the plurality of input buffer data bits at the plurality of input buffers from first shuffled input buffer data bits to second shuffled input buffer data bits using the plurality of multiplexers in response to reaching an end of a time interval to reduce hot carrier injection for the apparatus;
a selector comprising semiconductor gates that receives the plurality of shuffled input buffer data bits at a plurality of decoders and selects, using the plurality of decoders, a virtual channel path to a virtual channel of the plurality of virtual channels for the shuffled input buffer data bits;
a connection module comprising semiconductor gates that switches the second shuffled input buffer data bits from a first virtual channel to a second virtual channel of the plurality of virtual channels using the plurality of decoders in response to reaching the end of the time interval to reduce the hot carrier injection for the apparatus.

US Pat. No. 10,193,826

SHARED MESH

INTEL CORPORATION, Santa...

1. A shared mesh comprising:an interconnect fabric on a die;
a plurality of tiles on the die coupled to the interconnect fabric, at least some of the plurality of tiles comprising
a mesh station comprising
a logic unit;
a first port coupled to the logic unit;
a second port coupled to the logic unit; and
a third port coupled to the logic unit;
a first core component coupled to the first port at a first side of the mesh station; and
a second core component that is flipped relative to the first core component to connect to the second port at a second side of the mesh station that is opposite to the first side to reduce an area of the shared mesh,
wherein the logic unit is configured to communicate data between the first core component and the interconnect fabric through the first port and the third port and wherein the logic unit is configured to communicate data between the second core component and the interconnect fabric through the second port and the third port; and
a memory coupled to the mesh station that is shared by the first core component and the second core component, wherein the logic unit is to identify each of the first core component and the second core component, to map a first identifier associated with the first core component to a first broadcast vector and a second identifier associated with the second core component to a second broadcast vector and to determine credits for the first core component and the second core component.

US Pat. No. 10,193,825

CAPACITY-BASED SERVER SELECTION

Avi Networks, Santa Clar...

1. A method, comprising:receiving a network request;
identifying a plurality of servers eligible to handle the network request and a determined traversal order of the plurality of servers eligible to handle the network request;
traversing at least a portion of the plurality of eligible servers in the determined traversal order to identify that a selected server of the plurality of servers eligible to handle the network request has a non-zero higher load as opposed to another server of the plurality of servers that has a lower load;
at least in part in response to the identification that the selected one of the plurality of servers has the non-zero higher load as opposed to the another server of the plurality of servers that has the lower load, determining to assign the network request to the selected server with the non-zero higher load, wherein the selected server has a load threshold that is dynamically exceedable based at least in part on a load level of a next server in the determined traversal order of the plurality of servers; and
enabling the selected server to handle the network request.

US Pat. No. 10,193,824

SYSTEMS AND METHODS FOR INTELLIGENT APPLICATION GROUPING

RISC Networks, LLC, Ashe...

1. A method comprising,collecting communication data travelling among a plurality of computing nodes in a networked environment;
using the communication data to create a plurality of connectivity records, wherein each connectivity record comprises a communication between a source computing node and a destination computing node of the plurality of computing nodes, wherein the communication comprises a source IP address of the source computing node, wherein the communication comprises a destination IP address of the destination computing node;
associating the communication with an application context;
associating the communication with a protocol;
defining a plurality of service oriented architecture groups, wherein a service oriented architecture group comprises one or more computing nodes of the plurality of computing nodes that run a service oriented architecture application;
processing the plurality of connectivity records to eliminate connectivity records that meet at least one criteria, wherein the plurality of connectivity records includes associated application contexts and protocols, the processing including examining each connectivity record of the plurality of connectivity records to determine whether the at least one criteria is met wherein the at least one criterion includes a source IP address of a connectivity record of the plurality of connectivity records matching a computing node belonging to a service oriented architecture group, wherein a first portion of the plurality of connectivity records comprises the eliminated connectivity records, wherein a second portion of the plurality of connectivity records comprises the remainder of the connectivity records;
building a graph using the second portion of the connectivity records.

US Pat. No. 10,193,823

RICH RESOURCE MANAGEMENT INCORPORATING USAGE STATISTICS FOR FAIRNESS

Microsoft Technology Lice...

1. A system comprising:a processor and memory; and
an application executed by the processor and memory, the application configured to:
receive feedback from a target regarding ability of a plurality of resources of the target to service requests from one or more clients, the feedback including a metric indicative of a load of each of the resources;
calculate weights for the resources based on the feedback, wherein a weight for a resource is based on a product of a first term that determines a maximum difference in probabilities of selection between two resources and a second term including an exponent that is a difference between a current load of the resource and a current minimum load across the resources determined based on the feedback; and
select, for servicing a request from one of the clients, one of the resources in round robin manner based on the weights of the resources to evenly utilize the plurality of resources.

US Pat. No. 10,193,822

PREDICTIVE AUTO-SCALING AND REACTIVE AUTO-SCALING FOR NETWORK ACCESSIBLE MESSAGING SERVICES

Amazon Technologies, Inc....

1. A service provider network comprising:a network-accessible message processing service comprising asynchronous messaging protocol (AMP) infrastructure and configured to process messages;
a message prediction service configured to analyze control metrics for the network-accessible message processing service;
a resource management service configured to (i) predict, based upon the analyzing, a predicted level of resources needed by the network-accessible message processing service for processing of messages, and (ii) allocate, based at least in part upon the predicted level of resources, a first level of resources for the network-accessible message processing service for processing of messages;
a network-accessible queuing service configured to receive a stream of messages for processing by the network-accessible message processing service; and
a health check service configured to monitor an enqueue rate of messages at the network-accessible queuing service,
wherein based upon the monitoring, the resource management service is further configured to adjust the first level of resources for the network-accessible message processing service to a second level of resources.

US Pat. No. 10,193,821

ANALYZING RESOURCE PLACEMENT FRAGMENTATION FOR CAPACITY PLANNING

Amazon Technologies, Inc....

1. A distributed system, comprising:a plurality of resource hosts implementing a plurality of resources for the distributed system;
a capacity manager implemented via one or more hardware processors and memory and configured to:
access resource utilization data collected for the plurality of resource hosts;
analyze the resource utilization data to determine one or more capacity fragmentation measures that are associated with unutilized capacity of the distributed system unusable for placement of additional resources according to one or more placement constraints for placing resources in the distributed system, wherein the one or more placement constraints comprise an infrastructure diversity constraint to place a resource with respect to another one or more resources, and wherein to analyze the resource utilization data comprises to determine a number of possible resource placements amongst the resource hosts that satisfy the infrastructure diversity constraint;
update a capacity model for the distributed system to indicate an available capacity for placing additional resources at the distributed system based, at least in part, on the one or more capacity fragmentation measures;
compare the available capacity to a capacity threshold; and
responsive to a determination that the available capacity crosses the capacity threshold, perform at least one of:
generating a notification of a deficient state of the available capacity,
triggering a modification in total capacity of the distributed system, or
triggering a diversion of additional resource placement requests with respect to the distributed system.

US Pat. No. 10,193,820

SYSTEM AND METHOD FOR OPTIMIZING RESOURCE UTILIZATION IN A CLUSTERED OR CLOUD ENVIRONMENT

MessageOne, Inc., Austin...

1. A method comprising:on a computer cluster comprising a plurality of computers:
calculating first resource apportionments from a current set of consumable resources for each of a plurality of reservations;
wherein each reservation corresponds to one of a plurality of customers;
wherein each customer's aggregate resource apportionment comprises a sum of the calculated first resource apportionments for the customer's reservations;
running an apportionment process relative to the plurality of reservations, the running comprising attempting to apportion to each reservation its first resource apportionment;
wherein the running yields an actual first resource apportionment for each reservation;
wherein each customer's actual first resource apportionment comprises a sum of the actual first resource apportionments for the customer's reservations;
creating a set of unfulfilled reservations, the set comprising reservations that have not yet attained at least one of the first resource apportionments and grossed-up first resource apportionments;
responsive to an indication of unapportioned resources following the running, performing a first optimization to increase resource utilization by at least one needy customer;
wherein each needy customer represents one of the customers with an unfulfilled reservation, and an unfulfilled reservation represents a reservation whose actual first resource apportionment is less than its calculated first resource apportionment;
identifying one or more provisions of the current set of consumable resources that has remaining available resources;
wherein each provision comprises resources of the current set of consumable resources that provide a same set of resource profiles;
wherein each resource profile represents properties that define, at least in part, which resources a customer reservation can consume and/or serve;
for each provision of the one or more provisions:
generating a set of available resource profiles for the provision;
acquiring at least one set of a plurality of profile entries;
filtering the at least one set of profile entries by the available resource profiles to yield at least one filtered set of the plurality of the profile entries;
placing each unfulfilled reservation of the set of reservations into a profile set based on the reservation's resource profile; and
computing a smallest total resource need for each profile set;
for each profile entry of the at least one filtered set:
fetching the profile entry;
fetching a profile set corresponding to the fetched profile entry;
computing a resource quantity to apply to each unfulfilled reservation of the profile set; and
apportioning the resource quantity to each unfulfilled reservation of the profile set.

US Pat. No. 10,193,819

ADAPTIVE THROTTLING FOR SHARED RESOURCES

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a requestor with a determined number of work units, the determined number of work units enabling the requestor to obtain an amount of work from a resource in a multi-tenant environment;
receiving a request from the requestor to perform an input/output (I/O) operation with respect to the resource, the I/O operation requiring at least one work unit in excess of the determined number of work units;
determining a multi-tenant environment performance criterion;
providing the requestor a sufficient number of borrowed work units to complete the I/O operation based at least in part upon an analysis of the multi-tenant environment performance criterion; and
associating a negative work unit value with the requestor based at least in part on the sufficient number of borrowed work units, the negative work unit value representing a time period to restore a normal operating state, wherein a maximum number of work units available for work requesting parties is required to be reattained by the requestor before the requestor is allowed to request additional work units.

US Pat. No. 10,193,818

METHOD AND APPARATUS FOR ALLOCATING BANDWIDTHS, AND COMPUTER STORAGE MEDIUM

1. A method for allocating bandwidths, comprising:establishing a database storing use records of application services used by a user, compiling statistics on attributes and use frequencies of the application services according to the use records, by a network access device;
extracting features from the application services so as to generate, for each of the application services, a feature vector that uniquely identifies the each of the application services;
classifying the application services according to the attributes, the use frequencies and the features of the application services, and allocating bandwidths to each of the application services based on the classified classes,
wherein compiling statistics on attributes and use frequencies of the application services comprises:
determining a period;
compiling statistics on attributes and use frequencies of the application services used by the user within the period;
sorting each of the application services in accordance with the use frequencies, and
outputting a use frequency-based sorted table;
wherein the use frequency is

 wherein T2 represents a time when one of the application services is terminated to be used, T1 represents a time when the application service is started to be used, C represents times that the application service has been used within the period, and T represents a total time of the period.

US Pat. No. 10,193,817

METHOD, AND NETWORK SYSTEM

FUJITSU LIMITED, Kawasak...

1. A method executed in a network system including a plurality of relay devices and an analyzer device, each of the plurality of relay devices including a first memory, the analyzer device including a second memory configured to store one or more of connection information, the method comprising:receiving, by any of the plurality of relay devices, a packet for establishing a connection, the received packet including the connection information related to the connection;
storing, by the any of the plurality of relay devices, the connection information included in the received packet into the first memory of the any of the plurality of relay devices;
generating, by the any of the plurality of relay devices, a copied packet by copying the received packet;
transmitting, by the any of the plurality of relay devices, the generated copied packet to the analyzer device;
receiving, by the analyzer device, a plurality of copied packets including the generated copied packet from the any of the plurality of relay devices, the plurality of received copied packets respectively including the connection information;
determining, by the analyzer device, for each of the plurality of copied packets, whether the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet does not match with any of the one or more of connection information stored in the second memory, considering a source relay device from which the received copied packet is received as a first relay device, and storing the connection information of the received copied packet in association with identifier of the first relay device into the second memory of the analyzer device;
when it is determined that the connection information included in the received copied packet matches with any of the one or more of connection information stored in the second memory, considering the source relay device as a second relay device, and transmitting, from the analyzer device to the second relay device, instruction information for instructing not to transmit the copied packet associated with the connection information included in the received copied packet; and
in response to reception of the instruction information, deleting, by the second relay device, the connection information indicated by the instruction information from the first memory of the second relay device.

US Pat. No. 10,193,816

METHOD FOR OPERATING AN INFORMATION-CENTRIC NETWORK AND NETWORK

NEC CORPORATION, Tokyo (...

1. A method for operating an information-centric network (ICN) in which at least a first named data object (NDO) is addressable, the method comprising:implementing, in the ICN, software-defined networking (SDN) with an SDN controller; and
performing, by the SDN controller, network-wide request aggregation in the ICN by:
detecting an initial request for the first NDO received at a first ingress node of the ICN,
detecting one or more additional requests for the first NDO received at one or more additional ingress nodes of the ICN, and
aggregating the initial request for the first NDO received at the first ingress node and the one or more additional requests for the first NDO received at the one or more additional ingress nodes.

US Pat. No. 10,193,815

MOBILE NETWORK HANDLING OF UNATTENDED TRAFFIC

Telefonaktiebolaget LM Er...

1. A method for handling unattended data traffic differently than attended data traffic, the method comprising: detecting unattended data traffic of an application service;retrieving a dedicated policy on how to handle unattended data traffic, wherein handling the unattended data traffic comprises underestimating a buffer size for the unattended data traffic in a buffer status report; and
handling the unattended data traffic of the application service according to the dedicated policy.

US Pat. No. 10,193,814

METHOD AND APPARATUS FOR CATEGORIZING A DOWNLOAD OF A RESOURCE

Openwave Mobility Inc., ...

1. A method for categorizing a downloading of a resource to a user device from a resource server in a data network, the method comprising:receiving, at an intermediate network device in the data network, data of one or more requests from the user device, wherein each of the one or more requests is a request for a different portion of, or the whole of, the resource to be downloaded to the user device;
forwarding the data of each of the one or more requests from the intermediate network device to the resource server;
receiving, at the intermediate network device, data of one or more responses from the resource server, each response corresponding to a respective one of the requests;
determining, at the intermediate network device, a size of, or an estimate of the size of, each of the one or more responses;
categorizing, at the intermediate network device, the downloading of the resource to the client device as being one of one or more pre-defined download categories, wherein the categorizing is based on a count of the one or more responses and the determined sizes or estimated sizes of the one or more responses, and on the count of the one or more responses reaching a predetermined threshold value and the determined size of, or the determined estimate of the size of, each of the one or more responses each being within a pre-defined data range.

US Pat. No. 10,193,812

MULTICAST LOAD BALANCING IN MULTIHOMING EVPN NETWORKS

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a provider edge (PE) router of a plurality of PE routers configured with an Ethernet Virtual Private Network (EVPN) instance reachable by an Ethernet segment connecting the plurality of PE devices to a customer edge (CE) router that is multi-homed to the plurality of PE routers over the Ethernet segment, an Internet Group Management Protocol (IGMP) join report for a multicast group;
sending, by the PE router and to the plurality of PE routers, one or more Border Gateway Protocol (BGP) join synch routes used to synchronize the IGMP join report for the multicast group across the Ethernet segment;
deterministically determining, by the PE router, whether the PE router is configured to be an elected multicast forwarder for at least one of a plurality of multicast groups;
in response to determining that the PE router is configured to be the elected multicast forwarder for the one of the plurality of multicast groups, configuring, by the PE router, a forwarding state of the PE router to forward multicast traffic for the one of the plurality of multicast groups into the Ethernet segment and to ignore a designated forwarder election for the Ethernet segment;
receiving, by the PE router, multicast traffic from an ingress PE router of the plurality of PE routers; and
forwarding, by the PE router, the multicast traffic into the Ethernet segment for the one of the plurality of multicast groups.

US Pat. No. 10,193,811

FLOW DISTRIBUTION USING TELEMETRY AND MACHINE LEARNING TECHNIQUES

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors to:
receive information that permits the network device to identify a set of expected bandwidth values associated with a first set of flows,
the information that permits the network device to identify the set of expected bandwidth values having been generated using a machine learning technique on telemetry information, associated with a second set of flows, from a set of network devices;
receive network traffic associated with a flow of the first set of flows;
identify an expected bandwidth value, of the set of expected bandwidth values, associated with the flow using the information that permits the network device to identify the set of expected bandwidth values;
identify a set of bandwidth values of a set of links;
compare the expected bandwidth value and the set of bandwidth values;
select a link, of the set of links, to use when providing the network traffic associated with the flow based on comparing the expected bandwidth value and the set of bandwidth values of the set of links; and
provide the network traffic on the link.

US Pat. No. 10,193,809

LOAD BALANCING METHODS BASED ON TRANSPORT LAYER PORT NUMBERS FOR A NETWORK SWITCH

Cisco Technology, Inc., ...

1. A method comprising:receiving, at a network element that performs network traffic bridging, load balancing criteria comprising an indication of at least one transport layer port number and an indication of a plurality of network nodes;
creating a plurality of forwarding entries based on the load balancing criteria, a forwarding entry specifying the at least one transport layer port number and a network node of the plurality of network nodes;
constructing, based on the plurality of forwarding entries and network traffic, a key representing the at least one transport layer port number;
determining whether the network traffic is to be load balanced, wherein when the network element uses a destination port based load balancing scheme, the network traffic is load balanced when a source port of the network traffic matches a predetermined list of source ports;
when the network traffic is to be load balanced:
using the key, performing, by the network element, a lookup to identify a matching forwarding entry from the plurality of forwarding entries, wherein when the network element uses the destination port based load balancing scheme, the matching forwarding entry specifies that an egress port of the network traffic is based on a destination port of the network traffic, and when the network element uses a source port based load balancing scheme, the matching forwarding entry specifies that an egress port of the network traffic is based on the source port of the network traffic; and
using the matching forwarding entry to load balance, among the plurality of network nodes, the network traffic used to construct the key.

US Pat. No. 10,193,808

METHOD AND SYSTEM FOR TRIGGERING AUGMENTED DATA COLLECTION ON A NETWORK BASED ON TRAFFIC PATTERNS

Exinda Networks PTY Ltd.,...

1. A method of adjusting network data management in a network appliance coupled to devices in a network, the network appliance passing data traffic on the network, the method comprising:collecting network traffic data from a first set of data sources based on the data traffic passing through the network appliance at a normal level;
determining whether the network traffic data indicates an abnormal condition;
when an abnormal condition is determined, collecting network data from a second set of data sources and increasing the collection of network traffic data through collection of network data from a second set of data sources and through the network traffic appliance, wherein the first set of data sources is different than the second set of data sources; and
storing the network traffic data from increased collection in a memory device.

US Pat. No. 10,193,807

PENALTY-BOX POLICERS FOR NETWORK DEVICE CONTROL PLANE PROTECTION

Juniper Networks, Inc., ...

1. A method comprising:executing, by a host process executing by a control unit of a network device of a network, a protocol to exchange packets with other network devices of the network to perform control plane functions of the network device;
configuring, by the control unit, a line card of the network device with a goal weight for the protocol that determines respective packet limits for a plurality of packet flows associated with the protocol, wherein each of the plurality of packet flows is destined for the network device, wherein the goal weight defines a share of host-bound path resources available to the protocol for a host-bound path from the line card to the control unit;
computing, by the line card based at least on the goal weight for the protocol, the respective packet limits for the plurality of packet flows;
policing, by the line card in response to detecting congestion of the host-bound path caused at least in part by forwarding the packet flows from the line card to the control unit, based on the packet limit for a first packet flow from the plurality of packet flows, the first packet flow to constrain a rate at which the line card sends packets of the first packet flow to the control unit;
policing, by the line card in response to detecting the congestion, based on the packet limit for a second packet flow from the plurality of packet flows, the second packet flow to constrain a rate at which the line card sends packets of the second packet flow to the control unit; and
processing, by the host process executing by the control unit, the packets of the first packet flow and packets of the second packet flow.

US Pat. No. 10,193,805

USER ORIENTED IOT DATA DISCOVERY AND RETRIEVAL IN ICN NETWORKS

Futurewei Technologies, I...

1. A method for accessing content in a network, comprising:receiving an interest message including semantics information to be matched to the content in the network, the semantics information excluding a name of the content;
accessing a memory to identify the content requested in the interest message using the semantics information, the memory including at least one of a content store (CS) caching the content and a forwarding information base (FIB) storing routing entries, the routing entries including content names with corresponding semantics information, forwarding faces and hop count;
aggregating the routing entries in the FIB having the same content name, the semantics information, forwarding faces and hop count to form an aggregated FIB; and
sending a FIB propagation message to neighboring network nodes, the FIB propagation message including at least changes made to the existing routing entries in the FIB.

US Pat. No. 10,193,804

METHOD OF FORWARDING DATA PACKETS, METHOD OF CREATING MERGED FIB KEY ENTRY AND METHOD OF CREATING A SEARCH KEY

HUAWEI TECHNOLOGIES CO., ...

1. A method of creating a key entry of a merged forwarding information base (FIB) for at least two routing instances (RI) on a network node, each RI having a corresponding RI FIB with corresponding RI FIB key entries and a corresponding routing instance identifier (RII), the method comprising:inserting a corresponding RII after at least a portion of a corresponding RI FIB key entry;
identifying a common root in a plurality of the RI FIB entries, wherein the merged FIB key entries have the corresponding RII immediately after the common root of the corresponding RI FIB key entries.

US Pat. No. 10,193,802

METHODS, SYSTEMS, AND COMPUTER READABLE MEDIA FOR PROCESSING MESSAGES USING STATEFUL AND STATELESS DECODE STRATEGIES

ORACLE INTERNATIONAL CORP...

1. A method for processing a message containing type-length-value (TLV) elements, the method comprising:at a processing node including at least one message processor, wherein the processing node shares validation information about an ingress message among decode algorithms:
receiving the ingress message containing a plurality of TLV elements;
determining, using at least one message related attribute, whether the ingress message is to be processed using a stateless decode algorithm;
in response to determining that the ingress message is to be processed using the stateless decode algorithm, processing the ingress message using the stateless decode algorithm, wherein the stateless decode algorithm uses pointer arithmetic and length values associated with the plurality of TLV elements to decode the ingress message;
determining, using the stateless decode algorithm, whether the ingress message includes at least one TLV element indicating that the ingress message is to be further processed using a stateful decode algorithm; and
in response to determining that the ingress message includes the at least one TLV element indicating that the ingress message is to be further processed using the stateful decode algorithm, processing the ingress message using the stateful decode algorithm.

US Pat. No. 10,193,800

SERVICE LABEL ROUTING IN A NETWORK

Level 3 Communications, L...

6. A telecommunications network, comprising:a service edge device in communication with a customer device to receive a request from the customer device to add a telecommunication service for a customer, wherein the telecommunication service comprises one of Firewall services or distributed denial of service (DDOS) protection;
metro edge devices in communication with the service edge device wherein an intermediate metro edge device of the metro edge devices on the telecommunication network is intermediate to two of the metro edge devices; and
a network management computing device comprising a processor configured to:
instantiate the telecommunication service on the service edge device and the metro edge devices, wherein instantiating the telecommunication service comprises associating a unique service label identifier to the requested telecommunication service; and
configure the service edge device and the metro edge devices to route information associated with the telecommunication service;
generate a segment label identifier associated with the service edge device and the metro edge devices;
wherein the service edge device and the metro edge devices route at least one data packet associated with the telecommunication service on the telecommunications network to the customer based at least on the unique service label identifier associated with the data packet, the at least one data packet comprising at least one of the unique service label identifier, the segment label identifier, and a frame associated with the instantiated telecommunication service;
wherein the intermediate metro edge device modifies the unique service label identifier based on network changes, and
wherein the service edge device and the metro edge devices comprise at least a portion of a Multiprotocol Label Switching (MPLS) network.

US Pat. No. 10,193,799

IN-ORDER MESSAGE DELIVERY IN A DISTRIBUTED STORE-AND-FORWARD SYSTEM

QUALCOMM Incorporated, S...

1. A method of operating an intermediate node in a distributed store-and-forward system, the method comprising:establishing, by the intermediate node, a first communication link with a destination node, wherein the first communication link comprises a first Open Systems Interconnection (OSI) model layer;
while the first communication link with the destination node is established, sending a request from the intermediate node to an origination node, wherein:
the request is for information to provide to the destination node, and
the request is sent via a second communication link comprising a second OSI model layer different from the first OSI model layer;
receiving, by the intermediate node via the second communication link, a message to provide to the destination node; and
sending the message from the intermediate node to the destination node via the first communication link while the first communication link is established.

US Pat. No. 10,193,798

METHODS AND MODULES FOR MANAGING PACKETS IN A SOFTWARE DEFINED NETWORK

Telefonaktiebolaget LM Er...

1. A method, performed by an entry module, for managing packets in a communication system based on Software Defined Networking, wherein the communication system comprises the entry module, a radio network node, a mobile device, a forwarding module, a service module, a peer device and a management module for managing the forwarding module, the service module and the entry module, wherein a data plane of the communication system comprises the forwarding module, the service module and the entry module and a control plane of the communication system comprises the management module, wherein the mobile device is attached to the radio network node, wherein the method comprises:receiving an Internet Protocol (IP) packet from the peer device, wherein the IP packet includes a destination IP address associated with the mobile device;
obtaining, from the management module, a location value specifying the radio network node associated with the destination IP address;
associating the location value with the IP packet, wherein the location value is related to a location tag name, indicating the radio network node that serves the mobile device, thereby obtaining a packet; and
sending the packet, via the forwarding module, towards the radio network node as indicated by the location value of the location tag name.

US Pat. No. 10,193,797

TRIGGERED-ACTIONS NETWORK PROCESSOR

ORACLE INTERNATIONAL CORP...

1. A network processor, comprising:an input network stack configured to receive messages from an inbound network link;
a format decoder, coupled to the network stack, configured to: extract one or more fields from a given message; provide the one or more fields to application logic; determine a context for the given message; provide the given message and the context to a data handler, wherein the context is based on a message type and an identifier of the network connection on which the given message was received; determine a message status for the given message; and provide the message status to the data handler, wherein the message status includes a length of the given message and information specifying any error conditions associated with the given message;
the application logic, coupled to the format decoder, configured to: determine one or more trigger values based on the one or more fields and one or more trigger expressions; and provide the one or more trigger values to the data handler, wherein the one or more trigger expressions include checks on information in a payload of the given message; and
the data handler, coupled to the format decoder and the application logic, configured to determine one or more actions to be taken for the given message based on the context and the one or more trigger values, wherein the one or more actions to be taken include whether the given message is forwarded and one or more forwarding destinations, wherein the data handler is further configured to determine the one or more actions to be taken based on the information specifying any error conditions associated with the given message.

US Pat. No. 10,193,796

MODELING A BORDER GATEWAY PROTOCOL NETWORK

Aria Networks Limited, (...

1. A system to determine a route of a service through a transit autonomous system, the system comprising:a memory; and
a processor in communication with the memory, the processor configured to:
receive a topology of the transit autonomous system, the topology comprising a plurality of nodes, the plurality of nodes comprising at least two border gateway protocol nodes;
receive a routing information base for each border gateway protocol node, each routing information base comprising at least one route for each of plurality of internet protocol prefixes, each route comprising a next hop associated with a border gateway protocol node;
generate, for each border gateway protocol node, a prioritized next hop table from the routing information base for the border gateway protocol node, the prioritized next hop table comprising a prioritized list of next hops for each internet protocol prefix;
store the prioritized next hop table for each border gateway protocol node in the memory;
generate, for each border gateway protocol node, a routing table from the prioritized next hop table, the routing table comprising the best next hop for each internet protocol prefix;
store the routing table for each border gateway protocol node in the memory; and
determine a route of a service through the transit autonomous system in a failure scenario using the prioritized next hop table and the routing table of the border gateway protocol nodes;
wherein determining the route of a service through the transit autonomous system in the failure scenario comprises:
identifying invalid next hops in each routing table, an invalid next hop being a next hop that is inaccessible in the failure scenario; and
for each routing table, replacing each invalid next hop with the next valid next hop in the corresponding prioritized next hop table to generate an updated routing table.

US Pat. No. 10,193,795

ROBUST DATA ROUTING IN WIRELESS NETWORKS WITH DIRECTIONAL TRANSMISSIONS

SONY CORPORATION, Tokyo ...

1. A wireless communication apparatus, comprising:(a) a wireless communication circuit configured for wirelessly communicating with other wireless communication stations;
(b) a computer processor coupled to said wireless communication circuit;
(c) a non-transitory computer-readable memory storing instructions executable by the computer processor; and
(d) wherein said instructions, when executed by the computer processor, perform steps comprising:
(i) communicating with the other wireless communication stations utilizing a routing protocol;
(ii) performing primary and secondary path discovery in establishing communications with a destination wireless communication station, through intermediate wireless communication stations;
(iii) determined by the processor that intermediate station of the primary and secondary path to be selected such that the antenna pattern for the primary and secondary path are spatially uncorrelated, using beamforming (BF) training information toward candidate intermediate stations;
(iv) transmitting data on the primary and the same data on the secondary path, for receipt by the destination wireless communication station toward overcoming link blockages of the primary path in response to data received on the secondary path; and
(v) wherein said instructions when executed by the computer are configured to provide reception at a destination station which is selected from the group of reception types consisting of: uncoordinated reception, coordinated reception by combining received signal powers, or coordinated reception with conditional reception from the secondary routing path.

US Pat. No. 10,193,794

MULTIPARTY CALL METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A multiparty call method, applied in a process in which a transmit end makes a multiparty call with at least two receive ends, wherein the transmit end and the at least two receive ends are user equipment, wherein the method comprises:acquiring, by the transmit end, one piece of communications data to be transmitted to the at least two receive ends and identifiers of each of the at least two receive ends, wherein the identifiers of each of the at least two receive ends comprise internet protocol (IP) addresses of the at least two receive ends and port numbers for the at least two receive ends: and
sending, by the transmit end, the one piece of communications data and the identifiers of each of the at least two receive ends to a network side device.

US Pat. No. 10,193,793

BROWSER APPARATUS, RECORDING MEDIUM, SERVER APPARATUS, AND INFORMATION PROCESSING METHOD

SONY CORPORATION, Tokyo ...

1. A browser apparatus comprising:circuitry configured to
implement a web browser application including a first communication function section that sends a request to a web site and receives web content from the web site using a unicast protocol, and a second communication function section that receives web content multicast-distributed using a multicast protocol,
control, in response to an external input, the first communication function section of the web browser application to send a request to a web site and receive web content from the web site using the unicast protocol, wherein
the second communication function section receives a plurality of web content items,
the circuitry is configured to record only a web content item of the plurality of web content items, which has a particular URL address, on a recording medium, and
the circuitry is configured to control, when the web content received by the second communication function section has an error, the first communication function section to request the web content from the web site.

US Pat. No. 10,193,792

DATA PACKET SENDING METHOD, MOBILE ROUTER, AND NETWORK DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A method comprising:receiving a routing control request, wherein the routing control request comprises routing control policy information;
obtaining, from a mobile node (MN), a first data packet associated with a first home address;
determining whether to enable routing control for the first data packet, according to indication information indicating whether routing control is enabled, and according to home address status information, wherein the indication information and the home address status information are comprised by the routing control policy information;
establishing a tunnel with a designated routing node according to the home address status information in the routing control policy information carried in the routing control request in response to the indication information in the routing control policy information carried in the routing control request indicating that routing control is enabled and after receiving the routing control request;
sending the first data packet to the designated routing node through the tunnel with the designated routing node according to the home address status information in the routing control policy information, in response to determining to enable routing control for the first data packet;
obtaining a first processed data packet returned by the designated routing node; and
sending the first processed data packet to a destination node via a current mobile router of the destination node, wherein the current mobile router of the destination node sends the first processed data packet to the destination node, and wherein the first processed data packet is obtained by the designated routing node by processing the first data packet.

US Pat. No. 10,193,791

METHOD OF ALLOCATING WAVELENGTH AND WAVELENGTH ALLOCATION DEVICE

FUJITSU LIMITED, Kawasak...

1. A method of allocating a wavelength, the method comprising:first deciding whether a wavelength bandwidth of an optimum route for a demand has a free bandwidth to which the demand is able to be allocated;
allocating the demand to a bypass route other than the optimum route when the wavelength bandwidth of the optimum route does not have the free bandwidth;
acquiring a degree of influence of a section on the optimum route that is decided not to have the free bandwidth, by accumulating a difference in a route cost between the optimum route and the bypass route, the degree of influence being indicative of powerful influence on the bypass route when the demand is accommodated in the bypass route;
second deciding whether the acquired degree of influence becomes a predetermined value or more;
third deciding whether there is the wavelength link that can be added to the section in which the acquired degree of influence becomes a predetermined value or more;
adding an unused wavelength link to the wavelength bandwidth of the section in which there is the wavelength link that can be added to the section, to activate a laser of a transmitter of the section, and set a filter of a receiver of the section to filter the wavelength in the added wavelength link;
re-calculating the optimum route for the demand being allocated to the bypass route, after adding the unused wavelength link to the wavelength bandwidth of the section; and
allocating the demand to the optimum route obtained by the re-calculation in the case that the wavelength bandwidth of the optimum route obtained by the re-calculation has the free bandwidth, and a type of the demand is a momentary interruption toleration type that permits the momentary interruption of data.

US Pat. No. 10,193,790

SYSTEMS AND METHODS FOR AN INTELLIGENT, DISTRIBUTED, AUTONOMOUS, AND SCALABLE RESOURCE DISCOVERY, MANAGEMENT, AND STITCHING

DELL PRODUCTS LP, Round ...

1. A method for an originating node to facilitate using a resource at a fulfilling node in a decentralized network of nodes, the method comprising:sending to a node in the decentralized network a request message for the resource for use by or on behalf of the originating node, the request message comprising:
a description of the resource requested by the originating node, the node being communicatively coupled to the originating node; and
one or more intelligent distribution instructions determined by the originating node using an analytics module to determine, at least in part, the one or more intelligent distribution instructions for propagating the request message, the one or more intelligent distribution instructions setting forth: (1) one or more conditions regarding propagation of the request message by a receiving node that receives the request message, including a timeout period such that the request message times out and is dropped after a predetermined amount of time has passed, and (2) one or more conditions for responding to the request message, one or more conditions for handling receipt of one or more responses from nodes that received the request message and have the resource requested by the originating node available for use by or on behalf of the originating node, or both;
receiving a reply message from a neighbor node, the reply message comprising:
a message that the fulfilling node can satisfy the request message;
network identifier information from the fulfilling node; and
network identifier information indicating a path between the originating node and the fulfilling node; and
stitching the path from the originating node to the fulfilling node using the network identifier information received with the reply message.

US Pat. No. 10,193,789

HANDLING PORT IDENTIFIER OVERFLOW IN SPANNING TREE PROTOCOL

ARRIS Enterprises LLC, S...

1. A method comprising:receiving, by a network device, a spanning tree protocol (STP) bridge protocol data unit (BPDU);
extracting, by the network device, a port identifier value from the BPDU;
determining, by the network device, a fourteen-bit port number associated with the BPDU by decoding the least significant fourteen bits of the port identifier value; and
determining, by the network device, an eight-bit port priority associated with the BPDU by:
decoding the most significant two bits of the port identifier value; and
converting the most significant two bits of the port identifier value into the eight-bit port priority, the converting comprising padding the least significant six bits of the eight-bit port priority with zeroes.

US Pat. No. 10,193,788

SYSTEMS AND METHODS IMPLEMENTING AN AUTONOMOUS NETWORK ARCHITECTURE AND PROTOCOL

1. A computing node device comprising:a communication interface to communicate with other devices in a communications network; and
a networking interface to:
identify a plurality of computing nodes in the communications network, respective computing nodes of the plurality of computing nodes capable of being assigned a parent node of the computing node device;
verify an identity of a particular computing node of the plurality of computing nodes, the particular node capable of requesting to join the communications network;
transmit an identity of the computing node device to the particular computing node to enable the particular computing node to verify the identity of the computing node device;
when the identify of the particular computing node has been verified, transmit, using the communications interface, a message, to the particular computing node;
receive a response from the particular computing node, the response including metadata identifying a current load of the particular computing node;
based on the metadata identifying the current load of the particular computing node, identify the particular computing node as the parent node of the computing node device;
transmit, to the parent node, a request to register as part of the communications network.

US Pat. No. 10,193,787

METHOD OF NOTIFYING FUNCTION IDENTIFICATION INFORMATION AND COMMUNICATION SYSTEM

KABUSHIKI KAISHA TOSHIBA,...

1. A communication apparatus, comprising:a receiver configured to receive a probe request frame comprising a first SSID (Service Set Identifier) field from a first communication apparatus, wherein the first SSID field comprises first characters indicating a wireless communication function, the first SSID field of the probe request frame is defined in IEEE802.11 specification, and the wireless communication function is defined in a first specification different from the IEEE802.11 specification; and
a transmitter configured to transmit a probe response frame comprising a second SSID field to the first communication apparatus after a reception of the probe request frame, wherein the second SSID field comprises the first characters, and the second SSID field of the probe response frame is defined in the IEEE802.11 specification, the first SSID field and the second SSID field are defined as a field comprising an identifier of a service set in the IEEE802.11 specification.

US Pat. No. 10,193,786

WIRELESS ROUTERS UNDER TEST

Contec, LLC, Schenectady...

1. A universal tester for testing a plurality of wireless routers, comprising:a plurality of test slots, each test slot of the plurality of test slots configured to host a wireless router of a plurality of wireless routers; and
a plurality of sets of test connections, each set of test connections of the plurality of sets of test connections being associated with one test slot of the plurality of test slots,
wherein each set of test connections of the plurality of sets of test connections comprises:
a wireless networking test connection configured to test a corresponding wireless networking interface on a wireless router of the plurality of wireless routers,
an Ethernet test connection configured to test a corresponding Ethernet interface on a wireless router of the plurality of wireless routers, and
a MoCA test connection configured to test a corresponding MoCA interface on a wireless router of the plurality of wireless routers.

US Pat. No. 10,193,785

METHODS AND APPARATUS TO PREDICT END OF STREAMING MEDIA USING A PREDICTION MODEL

The Nielsen Company, LLC,...

1. An apparatus comprising:a predictor to determine a bandwidth rate associated with presentation of streaming media based on monitored traffic between a user device and a streaming media distributor;
a modeler to generate a prediction model based on characteristics of the bandwidth rate, the characteristics of the bandwidth rate including an amplitude of the bandwidth rate, a mean value of the bandwidth rate, and a standard deviation of the bandwidth rate; and
a forecaster to determine that a time when an output of the prediction model is below a minimum bandwidth threshold is a session end time for a streaming media session, the session end time corresponding to when the user device stops receiving the streaming media.

US Pat. No. 10,193,784

TRACKING VIRTUAL IP CONNECTION CHANGES

Cisco Technology, Inc., ...

1. A network device comprising:a memory; and
a processor, wherein the processor is configured to:
increment a sequence number associated with a virtual IP connection at the network device in response to a change of a status of the virtual IP connection, wherein the network device is a primary device configured to probe the virtual IP connection, wherein the network device is part of a mesh comprising a plurality of network devices, wherein the mesh comprises a standby network device configured to probe the virtual IP connection, and wherein the sequence number is attached to data corresponding to the status and is stored at the network device;
send, in response to a pull request from one of the plurality of network devices of the mesh, the data corresponding to the status of the virtual IP connection in response to the incremented sequence number of the virtual IP connection being greater than a requested sequence number, wherein the plurality of network devices are configured to pull incremental answer statuses at a configurable frequency; and
send, in response to the network device rebooting, the data corresponding to the status of the virtual IP connection to the standby network device with a request to overwrite all previously stored statuses.

US Pat. No. 10,193,783

SYSTEM FOR AGGREGATING STATISTICS ASSOCIATED WITH INTERFACES

NICIRA, INC., Palo Alto,...

1. A method of aggregating statistics for a set of interfaces associated with a logical forwarding element (LFE), the method comprising:for each particular interface in the set of interfaces associated with the LFE, defining at least one flow entry comprising (i) a set of matching fields that store flow-identifying parameters for matching with attributes of packets and (ii) a tag identifier that identifies the particular interface and that is not part of a matching field to match with packet attributes;
sending the flow entries to a plurality of physical forwarding elements (PFEs) that implement the LFE, at least a subset of the PFEs executing on host computers along with data compute nodes associated with the LFE;
receiving, from the plurality of PFEs, statistics generated by each PFE for each flow entry that has a tag identifier; and
aggregating the received statistics to produce overall statistics relating to each interface associated with the LFE.

US Pat. No. 10,193,782

LAYER 4 SWITCHING FOR PERSISTENT CONNECTIONS

Akamai Technologies, Inc....

1. A method of improving operations of an overlay network using transport layer (Layer 4) switching, the overlay network comprising a plurality of overlay nodes organized as edge nodes, parent nodes and other Internet Protocol (IP)-addressable nodes, the overlay network nodes being positioned between requesting client devices and content provider origin servers that utilize the overlay network nodes to thereby provide content and application delivery to the requesting client devices, comprising:organizing a set of switches into an interface, wherein each switch in the set of switches provides a group of ports that are dedicated to providing out-bound connections to given destinations persistently;
selectively positioning the interface between one of: the IP-addressable nodes and edge nodes, the edge nodes and the parent nodes, and the parent nodes and the content provider origin servers; and
controlling routing across the interface such that, as requesting client devices interact with content provider origin servers, a given persistent connection to a destination in a particular switch is used by first and second in-bound connections;
wherein providing the interface with out-bound persistent connections improves overlay network performance by reducing connection establishment overhead with respect to communications between the requesting client devices and content provider origin servers that traverse the overlay network.

US Pat. No. 10,193,781

FACILITATION OF MULTIPATH TRANSMISSION CONTROL PROTOCOLS

1. A method, comprising:receiving, by a network device comprising a processor, web site request data related to a request for a web site made by a mobile device;
receiving, by the network device, preference data associated with sending web site data related to the web site request data via a Wi-Fi connection of the network device or via a cellular network connection of the network device, wherein the preference data comprises benefit data related to a number of bytes that are deliverable via the Wi-Fi connection of the mobile device and the cellular network connection of the mobile device;
receiving, by the network device, resource data associated with the sending the web site data via the Wi-Fi connection of the network device or via the cellular network connection of the network device;
analyzing, by the network device, the preference data and the resource data, resulting in analyzed data; and
in response to a condition associated with the analyzed data being determined to have been satisfied, sending, by the network device, the web site data.

US Pat. No. 10,193,780

SYSTEM AND METHOD FOR ANOMALY ROOT CAUSE ANALYSIS

Futurewei Technologies, I...

1. A method comprising:receiving, by a processor from a radio network controller (RNC) of a network, one of a first anomaly data point, a second anomaly data point, and a third anomaly data point, the first, second, and third anomaly data points being related to a plurality of variables;
classifying, by the processor in response to receiving the first anomaly data point, the first anomaly data point as a relationship type anomaly, upon determining that the first anomaly data point is inside a magnitude bounding box and outside a principal component analysis (PCA) bounding box, wherein the PCA bounding box excludes all of a plurality of anomaly data points of a data set, and limits of the PCA bounding box are orthogonal to eigenvectors of the data set;
classifying, by the processor in response to receiving the second anomaly data point, the second anomaly data point as a joint magnitude anomaly, upon determining that the second anomaly data point is outside the magnitude bounding box, outside the PCA bounding box, and between major limits of the PCA bounding box;
classifying, by the processor in response to receiving the third anomaly data point, the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, upon determining that the third anomaly data point is outside the magnitude bounding box, outside the PCA bounding box, and not between the major limits of the PCA bounding box;
determining, in response to classifying the first anomaly data point as the relationship type anomaly, at least a first subset of the variables related to the classified first anomaly data point;
performing, by the processor based on classifying the first anomaly data point as the relationship type anomaly, corrective action on the network in accordance with the classified first anomaly data point and the at least a first subset of the variables related to the classified first anomaly data point;
determining, in response to classifying the second anomaly data point as the joint magnitude anomaly, at least a second subset of the variables related to the classified second anomaly data point;
performing, by the processor based on classifying the second anomaly data point as the joint magnitude anomaly, corrective action on the network in accordance with the classified second anomaly data point and the at least a second subset of the variables related to the classified second anomaly data point;
determining, in response to classifying the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, at least a third subset of the variables related to the classified third anomaly data point; and
performing, by the processor based on classifying the third anomaly data point as both the relationship type anomaly and the joint magnitude anomaly, corrective action on the network in accordance with the classified third anomaly data point and the at least a third subset of the variables related to the classified third anomaly data point.

US Pat. No. 10,193,779

APPARATUS AND METHOD FOR CONTROLLING DOWNLINK THROUGHPUT IN COMMUNICATION SYSTEM

Samsung Electronics Co., ...

1. A method of a server in a communication system, the method comprising:determining a buffering delay of a terminal for a data packet based on at least one of a time when the terminal inputs the data packet into a buffer of the terminal, a time when the server receives the data packet from the terminal, or a time when the terminal transmits the data packet to the server; and
transmitting, to the terminal, control information for controlling a transmission rate of the terminal based on whether the buffering delay of the terminal for the data packet is larger than a buffering delay of the terminal for another data packet.

US Pat. No. 10,193,778

SYSTEM, METHOD AND PROGRAM FOR DETECTING ANOMALOUS EVENTS IN A NETWORK

ITRON NETWORKED SOLUTIONS...

1. A network communication device configured to monitor operating events occurring in a network, the communication device comprising:a memory unit having historical operating information and situational information recorded therein, the historical operating information including data indicative of historical operation of nodes in the network based on respective feature information that is uniquely defined for each of the nodes in the network, such that there is historical operating information for each node in the network based on the unique feature information for that node, and the situational information including data indicative of operation data expected to be received from nodes in the network during a predetermined time period based on at least one of a condition and an event that is occurring during the predetermined time period;
a communication unit configured to receive respective operation data from nodes in the network;
a control unit configured to compare the operation data received from a node in the network with (i) the historical operating information for the node from which the operation data was received and (ii) the situational information for the predetermined period in which the operation data is received, and to associate the received operation data with the historical operating information and the situational information in the memory unit based on the comparison of the received operation data with (i) the historical operating information for the node and (ii) the situational information.