US Pat. No. 10,250,624

METHOD AND DEVICE FOR ROBUST DETECTION, ANALYTICS, AND FILTERING OF DATA/INFORMATION EXCHANGE WITH CONNECTED USER DEVICES IN A GATEWAY-CONNECTED USER-SPACE

Oak Tree Logic, LLC, Aus...

1. A security appliance comprising:a network port enabling direct connection to a gateway;
a storage module having stored thereon firmware for operating the security appliance; and
a processor that executes the program code of the firmware, which configures the security appliance to:
establish a seamless communication interface with a connected gateway;
in response to establishing the seamless communication interface, monitor traffic coming into and going out from the connected gateway;
identify traffic anomalies within the monitored traffic; and
in response to identifying one or more of the traffic anomalies:
block and filter out unwanted and undesirable traffic associated with the traffic anomalies; and
initiate steps to report on and prevent further occurrence of the traffic anomalies, by generating one or more alerts and filtering out the captured data in preparation for forwarding to a remote server database; and
forward the filtered information about the identified traffic anomalies to a centralized database for evaluation and reporting;
enable manual configuration of an “away” mode selection to one of an enabled mode or disabled mode of operation; and
mask internet bounded traffic by configuring the security appliance to:
detect periods of statistical change that are indicative of an “away” period; and in response to detecting periods of statistical change indicative of the away period, generate internet traffic and communications with random content to Internet sites in a manner that is statistically indistinguishable from communication patterns during an “at-home” period.

US Pat. No. 10,250,622

USING MULTIPLE LAYERS OF POLICY MANAGEMENT TO MANAGE RISK

GLASSWALL (IP) LIMITED, ...

1. A system, comprising:a processor;
a receiver to receive a file at a computer system, the file including a content, the content of the file including a first portion;
a file type identifier to identify a purported file type of the file;
a scanner to scan the content of the file using a set of rules corresponding to the purported file type, the scanner operative to determine that the file does not conform to the set of rules corresponding to the purported file type for a first reason with an associated first issue ID; a quarantine that can store the file;
a file issue exclusion policy specifying an approved file type and a second issue ID;
a file content policy that can be used to:
allow the first portion of the content of the file to be included in the file, quarantine the file, or
sanitize the first portion of the content of the file,
the file content policy including a whitelist of known approved portions of content;
the processor executing a comparator to compare the first portion of the content of the file with the whitelist, wherein the first portion of the content of the file can be included in the file based at least in part on the first portion of the content of the file matching a known approved portion of content in the whitelist; and
a transmitter to transmit the file to the recipient instead of storing the file in the quarantine based at least in part on the approved file type in the file issue exclusion policy matching the purported file type and the second issue ID in the file issue exclusion policy matching the first issue ID.

US Pat. No. 10,250,619

OVERLAY CYBER SECURITY NETWORKED SYSTEM AND METHOD

MISSION SECURE, INC., Ch...

1. An overlay cyber security method comprising:providing an overlay secure network comprising a communication channel associated with a Process Control Network (PCN);
associating, with each component of the Process Control Network (PCN), identification information that generates an identity for each component, the identity permitting timestamp information to be associated with one or more physical-level signals received or output by the component;
receiving, by at least one security device via the communication channel of the overlay security network, physical-level signals received or output by a component of the Process Control Network (PCN);
receiving, by the at least one security device and using the communication channel, at least one physical-level signal received by a controller of the component or at least one network-level signal output by the controller of the component;
obtaining, by the at least one security device, derived state information associated with the component via a network, the derived state information including the timestamp information associated with the one or more physical-level signals received or output by the component;
obtaining, by the at least one security device, stored historical state information associated with the component from a computer-readable historian device, the historical state information including stored timestamp information;
determining, by the at least one security device, occurrence of an unexpected state associated with the component based on a vertical consistency comparison of the physical level signals received or outputted by the component and one of the derived state information and said or the historical state information, and based on a horizontal state estimation consistency comparison of a plurality of said physical-level signals including the physical level signals received or outputted by the component and physical level signals received or outputted by other components at a same level as the component in the Process Control Network (PCN);
capturing and storing information associated with the unexpected state using an event message, the captured and stored information including the identification information associated with the component of the PCN and a unique identifier associated with the security device;
transforming the event message into a formatted message; and
outputting the formatted message via an interface to a forensic analysis system.

US Pat. No. 10,250,617

SYSTEMS AND METHODS FOR DETECTING MALWARE USING MACHINE LEARNING

Symantec Corporation, Mo...

1. A computer-implemented method for detecting malware using machine learning, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying, by the computing device, data to be analyzed for malware;
classifying the data to be analyzed for malware using a classifier created by applying a combination of at least one deep learning neural network, wherein a deep learning neural network comprises multiple layers of artificial neural networks, and at least one supervised data mining method to:
extract features from training data using one method of the deep learning neural network or the supervised data mining method; and
classify the features using the other method of the deep learning neural network or the supervised data mining method;
determining, by the computing device and based on a predefined threshold, that the classification of the data indicates potential malware on the computing device; and
performing, by the computing device, a security action based on the determination of potential malware on the computing device.

US Pat. No. 10,250,616

SERVER AND USER TERMINAL

Samsung Electronics Co., ...

1. A server, comprising:communication circuitry configured to communicate with a plurality of external terminals;
a storage; and
a processor configured to, based on a request for hardware integrity verification of a second external terminal being received from a first external terminal through the communication circuitry, perform hardware integrity verification of the second external terminal using reference data of the second external terminal stored in the storage,
wherein, based on the second external terminal accessing the first external terminal, the server is configured to receive from the first external terminal a transmission of the request for hardware integrity verification of the second external terminal,
wherein, based on the request for the hardware integrity verification being received, the processor is configured to control the communication circuitry to request transmission of data for the hardware integrity verification of the second external terminal to the second external terminal, not via the first external terminal, and
wherein, based on the data for the hardware integrity verification of the second external terminal being received from the second external terminal, not via the first external terminal, the processor is configured to perform the hardware integrity verification of the second external terminal by comparing the received data with the stored reference data.

US Pat. No. 10,250,613

DATA ACCESS METHOD BASED ON CLOUD COMPUTING PLATFORM, AND USER TERMINAL

TENCENT TECHNOLOGY (SHENZ...

1. A data access method based on a cloud computing platform, the method being performed by a user terminal, and the method comprising:obtaining, by the user terminal, an access request for a data ciphertext of the cloud computing platform, the access request comprising a decryption key, and the decryption key comprising a user precise identity identifier and a user attribute identifier;
decrypting, by the user terminal, the data ciphertext into a data plaintext, in response to the user precise identity identifier belonging to an identity identifier set comprised in an access structure of the data ciphertext and/or in response to the user attribute identifier belonging to a user attribute identifier set comprised in the access structure of the data ciphertext; and
before the obtaining the access request:
sending, by the user terminal, a data query request to the cloud computing platform, the data query request comprising a query condition that is authorized by a query key and comprising a permission type of the query key, the query condition comprising the user attribute identifier, and the permission type of the query key indicating whether the query key comprises permission time validity,
wherein, in response to the cloud computing platform identifying, based on the permission type of the query key, that the query key does not comprise the permission time validity, the cloud computing platform queries, from data ciphertexts that are stored in the cloud computing platform, an index ciphertext of the data ciphertext and the data ciphertext that are matched to the user attribute identifier comprised in the query condition, to obtain the data ciphertext; and
receiving, by the user terminal, the data ciphertext that is obtained, from the cloud computing platform.

US Pat. No. 10,250,612

CROSS-ACCOUNT ROLE MANAGEMENT

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:providing a user, associated with a first account, with a temporary credential enabling the user to assume a role under a second account, the role having access rights to one or more resources under the second account;
sending information about the providing of the temporary credential to a management component associated with the first account and restricted to users authorized through the first account, the information including an access identifier;
receiving, at an interface associated with the second account, a communication including identifying information about the user stored under the first account and the access identifier;
storing the identifying information and the access identifier to an event repository associated with the second account;
receiving a request for access to the one or more resources associated with the second account, the request specifying the access identifier;
storing request information for the request in the event repository, the request information specifying the access identifier to link the request to the communication and identify actions performed by the user of the first account; and
enabling the identifying information to be associated with the request information in the event repository using the access identifier.

US Pat. No. 10,250,610

METHOD AND SYSTEM FOR COMMUNICATION CONTROL

International Business Ma...

1. An apparatus for communication control, the apparatus comprising:a memory; and
a processor, the processor communicatively coupled to the memory, the processor configured to:
receive, from an initiator, a request to initiate a communication with a first user, the request including a first identification specific to the first user, the first identification being different from a first communication account used by the first user to receive communications;
determine, based on a communication mapping associated with the first user, whether the initiator is allowed to communicate with the first user using the first identification, the communication mapping indicating authorized initiators allowed to communicate with the first user and respective identifications to be used by the authorized initiators, wherein the communication mapping is solely assigned to the first user, and wherein the communication mapping is separate from any communication mapping of the initiator, and wherein the communication mapping of the first user is solely used for the determination;
obtain, in response to determining that the initiator is allowed to communicate with the first user using the first identification and from the communication mapping, the first communication account used by the first user, the first communication account distinct from a plurality of communication account entries of the first user used to receive communications from other initiators;
obtain, from the communication mapping, an initiator identification specific to the initiator, the initiator identification being different from an initiator communication account to be used by the initiator for the communication, the initiator identification being generated by a communication service provider that facilitates the communication between the initiator and the first user; and
present the initiator identification to the first user in the communication between the initiator and the first user.

US Pat. No. 10,250,609

PRIVILEGED ACCESS TO TARGET SERVICES

CyberArk Software Ltd., ...

1. A credentials management system for managing credentials for use in an authentication protocol, comprising:at least one hardware processor configured to:
determine that a client requires a specific permission to access a target service according to the authentication protocol;
identify, based at least in part on the determination, a credential accessible to the credentials management system, the identified credential being associated with the client but not accessible to the client;
communicate with an authentication service using the identified credential to obtain an authenticator on behalf of the client based on the identified credential;
receive the authenticator from the authentication service, responsive to the authentication service authenticating the credentials management system based on the identified credential; and
send the authenticator to the client thereby enabling use of the authenticator by the client for client operations with the target service.

US Pat. No. 10,250,606

NETWORK ACCESS METHOD, PROXIMITY COMMUNICATIONS SERVER, RELAY TERMINAL AND TERMINAL

Huawei Technologies Co., ...

1. A network access method, comprising:receiving, by a proximity communications server, a relay access verification request from a relay terminal, wherein the relay access verification request corresponds to a trunking communication request from a terminal;
verifying, by the proximity communications server, based on the relay access verification request, that the terminal is authorized to perform network access using the relay terminal;
authorizing, by the proximity communications server, the relay terminal to activate a relay function by sending a relay authorization response message to the relay terminal, wherein the relay authorization response message carries indication information indicating that the terminal is allowed to perform network access via trunking communications using the relay terminal;
acquiring, from a home subscriber server, group information of a trunking communications group to which the terminal belongs;
acquiring a network address of a trunking communications server that the terminal is allowed to access according to the group information; and
sending, to the relay terminal, the network address.

US Pat. No. 10,250,604

STORAGE MEDIUM, INFORMATION-PROCESSING DEVICE, INFORMATION-PROCESSING SYSTEM, AND NOTIFICATION METHOD

Nintendo Co., Ltd., Kyot...

1. A non-transitory storage medium storing a program for causing a computer to execute a process, the process comprising:accepting a login from a first user;
detecting receipt of a chat request from a second user different from the first user,
upon detecting receipt of the chat request, in response to matching of a destination of the received chat request and the first user who is logged in, displaying a first screen for notifying the receipt of the chat request, the first screen including a button for starting a chat with the second user, and in response to the destination of the received chat request and the first user who is logged in not being matched, displaying a second screen for notifying the receipt of the chat request, the second screen not including the button for starting a chat with the second user.

US Pat. No. 10,250,603

CONNECTION CONTROL FOR VIRTUALIZED ENVIRONMENTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a request to launch a virtual machine in a multi-tenant environment;
determining a policy corresponding to the request;
determining that the request comprises an indication for a scan to be performed on the virtual machine;
causing a scanning virtual machine to perform the scan on the virtual machine, wherein the scanning virtual machine and the virtual machine are hosted within the multi-tenant environment;
evaluating a result of the scan against the policy corresponding to the request;
determining that the result of the scan complies with at least one scan requirement of the policy; and
enabling the virtual machine to access one or more additional resources in the multi-tenant environment.

US Pat. No. 10,250,602

AUTHENTICATOR CENTRALIZATION AND PROTECTION

Early Warning Services, L...

1. A computer implemented method for authenticating a user who is communicating with an enterprise via a user device, comprising:receiving authenticators for a user and storing the received authenticators;
receiving, from the enterprise, a request to authenticate the user with an authentication policy for authenticating the user, wherein the request does not identify which of the stored authenticators is to be used for authenticating the user;
determining whether the stored authenticators include a first authenticator to be used for authenticating the user based on the authentication policy;
when the stored indicators include the first authenticator, transmitting an authentication request to the user device requesting the first authenticator, receiving, from the user device, an authenticator in response to the authentication request, and authenticating the user by comparing the received authenticator with the stored first authenticator; and
when the stored authenticators do not include the first authenticator, transmitting to the entity an identification of at least one of the stored authenticators, for the entity to determine if the at least one of stored authenticators is to be used for authentication.

US Pat. No. 10,250,601

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

1. A processor-implemented method for updating drivers, the method comprising:receiving, by a processor, a connection request from a first computer in a second computer;
creating a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
receiving the created connection handshake from the first computer in a second computer;
determining the first computer is authorized to connect to the second computer based on the plurality of client credentials;
comparing, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
transmitting a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary; and
installing the driver update in the first computer.

US Pat. No. 10,250,600

UPDATING DATABASE DRIVERS FOR CLIENT APPLICATIONS THROUGH A DATABASE SERVER PUSH

International Business Ma...

8. A computer program product for updating drivers, the computer program product comprising:one or more computer-readable tangible storage media and program instructions stored on at least one of the one or more tangible storage media, the program instructions executable by a processor, the program instructions comprising:
program instruction to receive, by a processor, a connection request from a first computer in a second computer;
program instructions to create a connection handshake in the first computer in response to the transmitted connection request, wherein the connection handshake includes a plurality of client credentials and a plurality of driver information;
program instructions to receive the created connection handshake from the first computer in a second computer;
program instructions to determine the first computer is authorized to connect to the second computer based on the plurality of client credentials;
program instructions to compare, by the second computer, a first version level of a first plurality of drivers associated with the first computer to a second version level of a second plurality of drivers associated with the second computer based on the plurality of driver information;
program instructions to transmit a driver update from the second computer to the first computer as a byte array using a database protocol operating on the second computer regardless of whether the driver update is necessary.

US Pat. No. 10,250,599

QUEUE MANAGEMENT BASED ON BIOMETRIC AUTHENTICATION

Capital One Services, LLC...

1. A method performed by a user device, comprising:obtaining, by the user device, biometric information relating to a user of the user device using a biometric sensor of the user device;
determining, by the user device, that the biometric information is valid;
generating, by the user device, a biometric indicator indicating that the biometric information is valid;
providing, by the user device, a request for a callback from an entity,
wherein the request includes:
the biometric information indicating that the biometric information is valid, and
data indicating a queue associated with the callback; and
receiving, by the user device, the callback from the entity,
wherein the callback is received based on the biometric information indicating that the biometric information is valid, and
wherein the callback is associated with an entity identifier that is not provided to the user.

US Pat. No. 10,250,598

LIVENESS DETECTION METHOD AND DEVICE, AND IDENTITY AUTHENTICATION METHOD AND DEVICE

ALIBABA GROUP HOLDING LIM...

1. A method for identity verification using facial information comprising:collecting, by a computing device, biological characteristic information of a user;
displaying, by the computing device, the collected biological characteristic information at an initial position on a screen of the computing device;
determining, by the computing device, a target position using the initial position, and displaying the target position on the screen
randomly generating, by the computing device, a candidate target position based on the initial position;
using, by the computing device, the candidate target position as a target position upon determining that the candidate target position and the initial position satisfy a predetermined condition;
displaying, by the computing device, the target position on the screen;
prompting, by the computing device, the user to move the user's biological characteristic information to cause the displayed biological characteristic to move from the initial position on the screen to the target position on the screen;
detecting, by the computing device, the user's biological characteristic information movement, and determining the display position of the displayed biological characteristic information using the detected user's movement; and
judging, by the computing device, whether the user is a living being using a relationship between the determined display position and the target position.

US Pat. No. 10,250,595

EMBEDDED TRUSTED NETWORK SECURITY PERIMETER IN COMPUTING SYSTEMS BASED ON ARM PROCESSORS

GBS Laboratories, LLC, H...

1. A computing system with an embedded network security perimeter that incorporates capabilities to secure external network communications comprising:a computer system based on an Advanced RISC (Reduced Instruction Set Computer) Machines (ARM) processor with integrated Security Extensions;
an embedded network security perimeter running in a Trusted Execution Environment (TEE) on the ARM processor with dedicated memory and storage; and
an Operating System (OS) running in a Rich OS Execution Environment on the ARM processor with a dedicated memory and a storage for the OS;
wherein the TEE and Rich OS Execution Environment are hardware isolated from each other using the integrated security extensions,
wherein only the embedded network security perimeter has an access to a physical network interface,
wherein all network traffic from the Rich OS to external networks goes through security checks and transformations performed by the embedded network security perimeter in the TEE,
wherein the embedded network security perimeter is controlled by a management service,
wherein the management service uses a security policy as a primary source of configuration data, and
wherein the security is protected using an encryption signature for decryption and a digital signature of the security policy is accessible only from the TEE.

US Pat. No. 10,250,593

IMAGE BASED KEY DEPRIVATION FUNCTION

Visa International Servic...

1. A computing device comprising:a processor; and
a non-transitory computer-readable medium comprising code executable by the processor for implementing operations including:
receiving, from another computing device, an identifier and first encrypted data that was encrypted using an image-based derived key, the identifier being stored with the image-based derived key in an entry of a database;
determining the image-based derived key associated with the identifier,
wherein the image-based derived key is generated from a selection of authentication images, and a combination of image identifiers and pixel properties of the authentication images is used as an image input value to an image-based derived key function, and
wherein the image-based derived key is further generated based on:
an adjustable iteration count value being an input to the image-based derived key function indicating a number of repetitions that the image-based derived key function is performed to generate the image-based derived key;
an adjustable key length indicating a length of the image-based derived key; and
a salt value based on the identifier that is stored with the image-base derived key in the entry of the database; and
decrypting the first encrypted data.

US Pat. No. 10,250,591

PASSWORD-BASED AUTHENTICATION

International Business Ma...

1. A method, comprising:sending by an access control server an authentication value to at least a subset of a set of authentication servers,
wherein the access control server is one of ??2 servers in a system and the set of authentication servers are others of the ??2 servers,
wherein the access control server stores, for each of a plurality of user IDs, a first ciphertext which has been produced by encrypting a user password associated with a respective user ID under a public key pk using a homomorphic encryption algorithm, and
wherein the sending is performed in response to receipt from a user computer of a user ID and the authentication value which was previously determined using a predetermined function of a first ciphertext for that user ID and a second ciphertext produced by encrypting a password attempt under the public key pk using a homomorphic encryption algorithm such that the authentication value decrypts to a predetermined value if the password attempt equals the user password for that user ID;
receiving, by the access control server and from each one of the authentication servers in the subset, a decryption share dependent on the authentication value and produced by a corresponding one of the authentication servers using a key-share ski thereof,
wherein each authentication server stores a respective key-share ski of a secret key sk, shared between a plurality q of the ? servers, of a cryptographic key-pair (pk, sk) where pk is the public key of the key-pair;
using by the access control server at least the decryption shares of the subset of the authentication servers to determine if the authentication value decrypts to the predetermined value, if so permitting access to the resource by the user computer.

US Pat. No. 10,250,590

MULTI-FACTOR DEVICE REGISTRATION FOR ESTABLISHING SECURE COMMUNICATION

Samsung Electronics Co., ...

1. A method of improving security of a computer server system through secure device registration, the method comprising:receiving, by the computer server system, a registration request from a first device via a first connection, the first device being a wearable device having network connectivity, the registration request including a digital certificate uniquely associated with the first device;
validating, by the computer server system, the first device on the basis of the registration request by determining whether the digital certificate is issued by a trusted certification authority;
sending, by the computer server system, a passcode and a nonce to the first device via the first connection in response to successfully validating the first device and instructing the first device to display the passcode;
sending, by the computer server system, a validation failure message to the first device via the first connection in response to a validation failure;
in response to sending the passcode to the first device via the first connection, prompting, by the computer server system, for the passcode on a second device via a second connection different from the first connection, the second device being a network-enabled computer;
receiving, by the computer server system, a passcode input from the second device via the second connection;
in response to receiving the passcode input containing the valid passcode on the second device via the second connection, instructing the first device to display a pairing button;
in response to receiving an activation of the pairing button on the first device, receiving a request for an authorization token from the first device via the first connection, the request for the authorization token including the digital certificate and the nonce;
in response to successfully validating the digital certificate and the nonce, sending, by the computer server system, an authorization token to the first device via the first connection;
in response to sending the authorization token to the first device, completing pairing of the first device with the computer server system;
in response to receiving the passcode input containing an invalid passcode, prompting, by the computer server system, for the passcode from the second device via the second connection for a predetermined number of tries;
in response to receiving the passcode input containing an invalid passcode after the predetermined number of tries, denying, by the computer server system, the registration request from the first device to enforce a secure authentication standard for device registration;
in response to completing the pairing of the first device with the computer server system, storing at the computer server system device parameters associated with the first device and identifying, at the computer server system, a manifest to use with the first device based on the device parameters; and
in response to completing the pairing of the first device with the computer server system, establishing a secure data exchange session between the first device and the computer server system to exchange data packets securely, wherein the first device set headers of data packets to be transmitted to the computer server system using the authorization token and wherein the computer server system exchanges data packets with the first device using the device parameters.

US Pat. No. 10,250,588

SYSTEMS AND METHODS FOR DETERMINING REPUTATIONS OF DIGITAL CERTIFICATE SIGNERS

Symantec Corporation, Mo...

1. A computer-implemented method for determining reputations of digital certificate signers, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a plurality of endpoint devices that have accessed files to which a digital certificate signer has attached digital certificates that assert the files are legitimate;
determining, for each endpoint device, whether a security state of the endpoint device is compromised or uncompromised based on a security analysis of computing events detected on the endpoint device;
classifying the digital certificate signer as potentially malicious by determining that the files were accessed more frequently by endpoint devices with compromised security states than by endpoint devices with uncompromised security states; and
protecting a security state of an additional endpoint device by preventing the additional endpoint device from accessing a file with a digital certificate signed by the digital certificate signer.

US Pat. No. 10,250,587

DETECTING MALICIOUS USAGE OF CERTIFICATES

MICROSOFT TECHNOLOGY LICE...

1. A method for improving network security, comprising:scanning a network to detect certificates deployed within the network;
generating a network map based on the certificates detected as deployed within the network;
comparing the network map to a set of rules;
generating notifications based on the network map relative to the set of rules;
determining whether to change a deployment of certificates in response to the notifications; and
in response to determining to change the deployment of certificates, adjusting the certificates deployed to one or more environments of the network.

US Pat. No. 10,250,586

SECURITY CERTIFICATION AND APPLICATION CATEGORIZATION FOR MOBILE DEVICE MANAGEMENT

SAP SE, Walldorf (DE)

1. A computer-implemented method for managing mobile devices associated with enterprise operations, the method being executed using one or more processors and comprising:receiving, by the one or more processors, a request to access information regarding at least one mobile application for download to and installation on a mobile device of a user, the request comprising an identifier associated with an enterprise, the identifier being unique to the enterprise and distinguishing the enterprise from other enterprises;
receiving, by the one or more processors, a tenant-specific configuration based on the identifier, the tenant-specific configuration comprising a plurality of criteria for mobile applications to be available for download to and installation on mobile devices associated with the enterprise, at least one of the plurality of criteria being associated with vendors of the mobile applications that are independent from the enterprise;
transmitting, by the one or more processors, a request for a list of available mobile applications to an application and certification database, the request comprising the tenant-specific configuration;
receiving, by the one or more processors, the list of available mobile applications, which comprises a subset of mobile applications of a superset of mobile applications, the subset of mobile applications being provided based on the tenant-specific configuration by using automated assessments and integrating an existing certification;
providing, by the one or more processors, graphical representations of each mobile application in the list of available mobile applications for display to the user, the graphical representations being ranked based on at least two different criteria that are selected by the user of the mobile device, the list of available mobile applications further grouped according to the at least two different criteria, at least one of the criteria being a risk of installing each mobile application; and
installing, by the one or more processors and on the mobile device of the user, a mobile application selected from the list of available mobile applications.

US Pat. No. 10,250,585

IDENTITY MIGRATION BETWEEN ORGANIZATIONS

Amazon Technologies, Inc....

1. A non-transitory computer-readable medium embodying a program executable in at least one computing device, wherein when executed the program causes the at least one computing device to at least:receive, via an authentication service executed on the at least one computing device, user login information from a client device, the authentication service being operated by a first organization;
identify, via the authentication service, one of a plurality of second organizations for which the authentication service authenticates users;
verify, via the authentication service, that the user login information is correct according to identity data associated with the one of the plurality of second organizations;
return, via the authentication service, an authentication token to the client device, wherein the authentication token is used by the client device to access resources of a network site operated by the one of the plurality of second organizations; and
send, via the authentication service, a customer identifier for the client device to the network site in response to receiving a request for user information from the network site, the customer identifier being used by the network site to initiate a generation of a session token that correlates a plurality of client device interactions with the network site.

US Pat. No. 10,250,583

SYSTEMS AND METHODS TO AUTHENTICATE USERS AND/OR CONTROL ACCESS MADE BY USERS ON A COMPUTER NETWORK USING A GRAPH SCORE

IDM GLOBAL, INC., Palo A...

1. A controller for user authentication and access control, the controller comprising:at least one microprocessor;
a network interface controlled by the at least one microprocessor to communicate over a computer network with at least one computing site; and
memory coupled with the at least one microprocessor and storing:
graph data representing a graph having nodes and links;
wherein the nodes of the graph represent data elements associated with accesses made using access tokens, and
wherein the links of the graph among the nodes of the graph represent connections between the data elements identified in collected data about the accesses;
instructions which, when executed by the at least one microprocessor, cause the controller to:
receive, from the computing site, input data specifying details of an access made using an access token;
update the graph according to the input data;
determine a plurality of measurements of the graph;
compute a score of the graph based on a weighted average of the measurements; and
process the access made using the access token based on the score.

US Pat. No. 10,250,582

SECURE PRIVATE LOCATION BASED SERVICES

Microsoft Technology Lice...

1. A method for providing secure location based services comprising:receiving, from a user device, a set of initial information comprising a beacon identifier;
identifying a set of services to be provided to authorized users based on the beacon identifier;
sending to the user device, an authentication challenge;
receiving from the user device a response to the authentication challenge, the response to the authentication challenge allowing the user of the user device to be identified;
determining whether the response to the authentication challenge is valid;
responsive to the determination that the response to the authentication challenge is valid;
sending information to the user device describing a subset of the set of services that the user is authorized to access; and
providing access to a selected service of the subset; and
responsive to the determination that the response to the authentication challenge is not valid, denying access to the set of services.

US Pat. No. 10,250,581

CLIENT, SERVER, RADIUS CAPABILITY NEGOTIATION METHOD AND SYSTEM BETWEEN CLIENT AND SERVER

ZTE CORPORATION, Shenzhe...

1. A Remote Authentication Dial In User Service (RADIUS) capability negotiation method, comprising:transmitting, by a client, to servers a first message carrying RADIUS capability parameters of the client, wherein the RADIUS capability parameters of the client indicates RADIUS capability supported by the client;
receiving, by the client, a first announcement message carrying at least one of load information or compulsory switching information of the server, after the client transmits the first message to servers;
selecting, by the client, one server for user accessing from severs according to the load information or the compulsory switching information of one or more severs;
receiving, by the client, a second message carrying a result of matching of the RADIUS capability parameters in the first message with RADIUS capability parameters of the server from the server, wherein the RADIUS capability parameters of the server indicates RADIUS capability supported by the server;
determining, by the client, whether to establish effective communication with the selected server according to the matching result in the second message, and
establishing by the client or the server, effective communication between the selected server and the client when the matching result indicates successful matching.

US Pat. No. 10,250,580

OUT-OF BAND REMOTE AUTHENTICATION

Intel Corporation, Santa...

1. An article comprising a non-transient machine-accessible storage medium including instructions that when executed enable a processor-based system to:authenticate a user to a processor-based host, via a third credential, to determine a user authentication status;
transparently authenticate the user to a processor-based first service provider via (a)(i) the user authentication status, (a)(ii) a first credential that is unequal to the third credential, and (a)(iii) a first out-of-band (OOB) communication;
transparently authenticate the user to a processor-based second service provider via (b)(i) the user authentication status, (b)(ii) a second credential that is unequal to either of the first and third credentials, and (b)(iii) a second OOB communication;
in response to a timed-out session with the first service provider, re-authenticate the user to the first service provider (c)(i) transparently to the user and via another OOB communication, and (c)(ii) without re-authenticating the user to the host.

US Pat. No. 10,250,578

INTERNET KEY EXCHANGE (IKE) FOR SECURE ASSOCIATION BETWEEN DEVICES

QUALCOMM Incorporated, S...

1. A method comprising:performing an Internet Key Exchange (IKE) to create an Internet Protocol security (IPsec) security association (SA) between a first device and a second device based upon both an authentication header (AH) and an encapsulating security payload (ESP), free of creating a child security association, wherein the first device and the second device are configured to communicate through a link; and
allowing information exchanges between the first device and the second device via the link based upon the IPsec SA.

US Pat. No. 10,250,577

SYSTEM AND METHOD FOR AUTHENTICATING AND ENABLING AN ELECTRONIC DEVICE IN AN ELECTRONIC SYSTEM

Anvaya Solutions, Inc., ...

1. An electronic system comprising:a protected device;
a requesting device node, executing on a computing system, the requesting device node including:
a device query data packet generator to generate a device query data packet including data representing trust credentials of the protected device and a particular paired system, the device query data packet including an obfuscation state value and a nonce value; and
an authentication key retriever to obtain an authentication key based on the device query data packet from an authentication provisioning node using an external data communication; and
an obfuscation state machine of the particular paired system configured with a pre-defined quantity of state elements, a pre-defined quantity of the state elements being functional state elements, the obfuscation state machine being programmed with the authentication key to cause the obfuscation state machine to transition the protected device from an initial obfuscation state to a functional state.

US Pat. No. 10,250,576

COMMUNICATION OF MESSAGES OVER NETWORKS

International Business Ma...

1. A system comprising n?2 servers Si, 1?i?n, for communicating messages between sender and receiver computers, connectable to said system via a network, in dependence on authentication of receiver passwords, associated with respective receiver IDs, by the system, wherein each server Si comprises at least one hardware data processor connected with at least one memory that stores software instructions, and wherein execution of the software instructions by the at least one hardware data processor causes each server Si:to store, for each said receiver ID, a first ciphertext produced by encrypting the receiver password associated with that ID under a respective public key via a homomorphic threshold encryption scheme having a threshold t?n, and a key-share ski of a secret key corresponding to that public key;
in response to receipt from a sender computer of an encrypted message, produced by encrypting a message for a said receiver ID under the public key for that ID via said encryption scheme, to store the encrypted message;
in response to receipt from a receiver computer of a said receiver ID, to send said first ciphertext for that ID to the receiver computer and, following receipt from the receiver computer of an authentication value which comprises a predetermined function of that first ciphertext and a second ciphertext produced by encrypting a password attempt under the public key for that ID via said encryption scheme such that the authentication value decrypts to a predetermined value if the password attempt equals the receiver password for that ID, to produce a first decryption share dependent on the authentication value using said key-share ski for that ID; and
in response to receipt of said first decryption share produced by each of (t?1) other servers Si for the authentication value received for said ID, to determine from the t first decryption shares whether the authentication value decrypts to said predetermined value and, if so, to produce a second decryption share of a selected encrypted message using said key-share ski for that ID, and to send the second decryption share to said receiver computer.

US Pat. No. 10,250,572

LOGIC REPOSITORY SERVICE USING ENCRYPTED CONFIGURATION DATA

Amazon Technologies, Inc....

1. A method of providing configurable hardware, the method comprising:receiving a first request to generate configuration data for a field-programmable gate array (FPGA), the first request comprising a reference to a hardware design specifying application logic for implementation on the FPGA, the FPGA comprising host logic and the application logic when the FPGA is configured;
generating a validated bitstream based on the application logic and the host logic, the validated bitstream specifying the configuration data for the FPGA;
encrypting the validated bitstream to generate an encrypted bitstream;
signing the encrypted bitstream using a private key to generate a signed encrypted bitstream, the signed encrypted bitstream comprising a signature and the encrypted bitstream;
transmitting the signed encrypted bitstream to a host server computer in communication with a particular FPGA;
verifying the signature of the signed encrypted bitstream using a public key;
decrypting the encrypted bitstream to generate the validated bitstream; and
programming the particular FPGA with the validated bitstream so that the particular FPGA is configured with the host logic and the application logic.

US Pat. No. 10,250,571

SYSTEMS AND METHODS FOR OFFLOADING IPSEC PROCESSING TO AN EMBEDDED NETWORKING DEVICE

Cavium, LLC, Santa Clara...

1. A system to support offloading of IPSec operations on network traffic comprising:a host running one or more virtual machines (VMs) and configured to:
identify a VM running on the host that requires secured communication with a remote client device;
offload one or more Internet Protocol Security (IPSec) operations of a plurality of data packets exchanged between the VM and the remote client device to an external embedded networking device, wherein the embedded networking device is a hardware-based, software-programmable Network Interface Card (NIC), wherein the NIC is a multi-core network packet processing engine and the NIC includes a IPSec processing component, a network interface component, and a virtual switch component, each component running on independent cores of the multi-core network, and wherein the NIC is configured to:
encrypt the data packets in a tunnel mode if an IPSec policy is found;
send the encrypted data packets to a IPSec VM based on a destination Media Access Control (MAC);
decrypt IPSec-processed packets received by the NIC on a return path from the remote client device if a security association (SA) is found for a corresponding Security Parameter Index (SPI) in the IPSec-processed packets;
send the decrypted packets to the VMs via the IPSec VM after a MAC lookup of the decrypted packets;
perform the offloaded IPSec operations to process the data packets from the VM running on the host that requires secured communication with the remote client device;
support flexible packet processing at various input/output rates; and
transmit the IPSec-processed data packets to the remote client device over a network without returning the data packets back to the host before they are transmitted over the network.

US Pat. No. 10,250,570

SEPARATED INTELLIGENT CONTROL SYSTEM AND METHOD THEREOF

1. A separated intelligent control system comprising a wireless networking intelligent controller, said wireless networking intelligent controller comprising:a wireless networking unit for performing network communication;
a microprocessor connected with said wireless networking unit for data transmission via said wireless networking unit, said data comprising programs or instructions; and
at least one multi-use interface, said multi-use interface comprising a plurality of pins, said plurality of pins being connected to said microprocessor; said microprocessor being used to change function of said plurality of pins of said multi-use interface via firmware;
wherein the separated intelligent control system further comprises an external module connected to said multi-use interface, and said external module comprises a power switch controller or sensor.

US Pat. No. 10,250,568

METHODS AND SYSTEMS FOR CONCEALING INFORMATION

1. A method for concealing information comprising a sequence of symbols, the method comprising the steps of:a concealing system, the concealing system comprising a network interface in communication with the internet and an encoder, obtaining location information obtained using a Uniform Resource Locator (URL);
the concealing system obtaining rule information from a location indicated by the location information, the rule information being indicative of a rule for discarding a plurality of symbols;
the concealing system using the rule information obtained to configure the encoder; and
the encoder forming concealed information by applying to the information comprising the sequence of symbols at least one encoder rule determined by the configuration of the encoder.

US Pat. No. 10,250,567

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication apparatus comprising:a receiver that receives a beacon frame from a first wireless communication apparatus belonging to a basic service set (BSS), the beacon frame including a value indicating a first encryption method, the first encryption method used by the BSS to protect at least one of a broadcast or a multicast, wherein the wireless communication apparatus supports a second encryption method; and
a transmitter that:
transmits an association request frame, to establish a connection with the first wireless communication apparatus, to the first wireless communication apparatus prior to completion of establishment of the connection with the first wireless communication apparatus, the association request frame including a value indicating the second encryption method, if the second encryption method is equal to the first encryption method,
declines to establish the connection with the first wireless communication apparatus, if the second encryption method is not equal to the first encryption method, and
transmits a data frame including a frame body, the frame body including data encrypted by the second encryption method, after a reception of an association response frame including a status code that indicates success of the connection with the first wireless communication apparatus,
wherein the association request frame includes a frame control field and a frame body, the frame body includes the second value, the frame control field includes a type field, and the type field includes a value indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,566

COMMUNICATION SYSTEM, WIRELESS COMMUNICATION APPARATUS, AND COMMUNICATION METHOD

KABUSHIKI KAISHA TOSHIBA,...

1. A wireless communication terminal configured to belong to a first communication group, the wireless communication terminal comprising:an antenna;
a memory configured to store a first encryption method used by the first communication group to protect at least one of broadcast communication or multicast communication in the first communication group;
a transmitter configured to transmit, via the antenna, a beacon frame including information of the first encryption method;
a receiver configured to receive, via the antenna, an association request frame from a first wireless communication apparatus, the association request frame including information of a second encryption method supported by the first wireless communication apparatus; and
circuitry configured to, prior to completion of establishment of a connection between the wireless terminal and the first wireless communication apparatus, check whether the second encryption method is equal to the first encryption method to determine whether a request of the association request frame is permitted or rejected,
wherein the transmitter is further configured to transmit, via the antenna, an association response frame indicating either one of an association successful or an association failure, and the connection between the wireless communication terminal and the first wireless communication apparatus is not established,
wherein the receiver is further configured to receive, via the antenna, a data frame after a transmission of the association response frame indicating the association successful and the completion of establishment of the connection between the wireless communication terminal and the first wireless communication apparatus, a frame body of the data frame including data encrypted by the second encryption method, the data frame is either one of broadcast communication or multicast communication in the first communication group, and one of destinations of the data frame is the wireless communication terminal, and
wherein the association request frame includes a frame control field and a frame body, the frame body includes the information of the second encryption method, the frame control field includes a type field, and the type field includes information indicating that the association request frame is classified as a management frame.

US Pat. No. 10,250,563

SECURE DEVICE AND PROXY FOR SECURE OPERATION OF A HOST DATA PROCESSING SYSTEM

ZANGULI LLC, Boca Raton,...

1. A method comprising:generating, using a processor, a first proxy and a first proxy companion paired with the first proxy;
providing the first proxy to a host data processing system for execution therein;
wherein the first proxy in the host data processing system and the first proxy companion communicate;
detecting a proxy change event for the host data processing system; and
responsive to the detecting, generating a second proxy and a second proxy companion paired with the second proxy and providing the second proxy to the host data processing system for execution therein.

US Pat. No. 10,250,562

ROUTE SIGNALING DRIVEN SERVICE MANAGEMENT

Juniper Networks, Inc., ...

15. A service gateway system, comprising:a network; and
a plurality of service gateway network devices connected by the network, wherein the plurality of service gateway network devices includes a first service gateway network device and a second service gateway network device, wherein each service gateway network device includes a memory and one or more processors connected to the memory, wherein the one or more processors are configured to:
receive configuration information defining a redundancy set having a master redundancy state and a standby redundancy state, wherein the configuration information includes one or more redundancy policies associated with the redundancy set, the one or more redundancy policies including a service redundancy policy that defines changes to be made in a service when a transition occurs in the state of the redundancy set;
receive configuration information defining events that cause a transition between the master and standby redundancy states in the redundancy set, wherein the events include a first event that causes a transition from the master redundancy state to the standby redundancy state in the redundancy set;
store a plurality of signal-routes, including a first signal-route, wherein each signal-route is a route used by applications to signal changes in application state and wherein each signal-route is associated with one or more of the defined events, wherein the first signal-route is associated with the first event; and
in response to detecting the first event in the service gateway:
transition the redundancy set, within the service gateway, from the master redundancy state to the standby redundancy state;
modify a first signal-route state associated with the redundancy set, wherein modifying includes adding the first signal-route to or removing the first signal-route from a routing information base and advertising, from the service gateway and to peer network devices, the change in the routing information base; and
modify the service based on the service redundancy policy.

US Pat. No. 10,250,560

NETWORK SECURITY METHOD AND DEVICE USING IP ADDRESS

SOOSAN INT CO., LTD., Se...

1. A network security method implemented by a network security device, comprising:maintaining information related to a blocked country with which data communication is to be blocked, in a blocked country database (DB);
identifying an external Internet Protocol (IP) address by extracting at least one of a source IP address and a destination IP address of a communication packet transmitted on a network;
identifying a country to which the identified external IP address belongs;
blocking the communication packet when the identified country corresponds to the blocked country;
maintaining a country and an IP address corresponding to the country in a the country-by-country IP DB; and
identifying a country corresponding to the identified external IP address by referring to the country-by-country IP DB,
wherein the maintaining comprises:
registering all countries as blocked countries in the blocked country DB;
excluding a first country from the blocked countries in the blocked country DB when at least a predetermined first number of packets are transmitted to and received from the first country during a predetermined first time period;
displaying the first country to an administrator when at least the predetermined first number of packets are transmitted to and received from the first country during the predetermined first time period; and
excluding the first country from the blocked countries in the blocked country DB in accordance with an instruction of the administrator,
wherein the maintaining comprises registering the first country as the blocked country in the blocked country DB when at least a predetermined second number of packets are received from and transmitted to, the first country during a predetermined second time period.

US Pat. No. 10,250,559

REVERSIBLE MAPPING OF NETWORK ADDRESSES IN MULTIPLE NETWORK ENVIRONMENTS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first network packet from a client device in a first network, wherein
the first network packet comprises an internal source address, and
the internal source address is a network address of the client device in the first network;
generating a value by executing a hashing function, wherein
the hashing function is reversible by a reverse hashing operation, and
the hashing function associates an external source address with the internal source address by virtue of generating the value based, at least in part, on the internal source address, and
at least a portion of the external source address;
generating a second network packet, wherein
the generating the second network packet comprises
including the external source address in the second network packet, and
including the value in the second network packet,
the external source address is a network address in a second network,
the external source address is associated with the internal source address by the at least the portion of the value, and
the hashing function generates the value such that, upon receipt of a third network packet comprising the value and a destination address, execution of the reverse hashing operation on the value produces the internal source address and the at least the portion of the external source address, such that the third network packet is transmitted to the internal source address, if a comparison between at least a portion of the destination address and the at least the portion of the external source address indicates that the destination address and the external source address are the same;
transmitting the second network packet into the second network; and
upon receipt of the third network packet,
recovering the internal source address and the at least the portion of the external source address by executing the reverse hashing operation, wherein the executing the reverse hashing operation recovers the internal source address without accessing any data structure that is external to both the reverse hashing operation and the third network packet,
determining whether the at least the portion of the external source address and at least a portion of the destination address are the same, and
in response to a determination that the at least the portion of the external source address and the at least the portion of the destination address are the same, transmitting at least a portion of the third network packet to the internal source address.

US Pat. No. 10,250,557

ENABLING MULTI-REALM SERVICE ACCESS FOR A SINGLE IP STACK UE

NOKIA SOLUTIONS AND NETWO...

1. An apparatus comprising:a connection unit configured to provide connection of a user equipment to a first network in a first address realm, wherein the user equipment is located within the first address realm, and
a processor configured:
to serve the user equipment based on a first address in the first network,
to request a second address in a second address realm,
to detect the second address to be used by the user equipment for a service in the second address realm, the second address realm being separately located from the first address realm,
to store the second address together with the first address,
to inform a network policy control element controlling policy in connection with the service in the second address realm about the second address,
to receive a credit control acknowledgment message,
to perform service specific signaling with the first address realm,
to receive a re-authorization request message after the first and second addresses being matched when carrying policy control functions triggers an authentication and/or authorization answer message,
to send a re-authorization answer message to the network policy control element, and
to provide bearers for both internet services located in the first address realm and operator services located in the second address realm simultaneously,
wherein the network policy control element is located outside of the first address realm,
wherein the user equipment is defined in the first address realm, and
wherein the service is defined in the second address realm.

US Pat. No. 10,250,555

METHODS AND SYSTEMS FOR IMPLEMENTING VERY LARGE DNS ZONES

BLUECAT NETWORKS, INC., ...

1. A method of registering DNS hostnames of Internet host devices for a very large domain zone (VLZ) stored on a DNS server on a network, wherein the Internet host devices collectively define a load of the VLZ and further wherein each Internet host device has an original fully qualified domain name (FQDN), comprising:instructions stored in non-transitory memory that, when executed by a processor, cause the processor to perform steps including:
defining a pseudo-zone that represents the VLZ, wherein the pseudo-zone is a unique map from each original FQDN into a hierarchy of a plurality of subzones, each containing a pre-determined number of the Internet host devices such that the load of the VLZ is effectively distributed across multiple servers that are separate but operatively connected to the Internet;
intercepting DNS updates to the pseudo-zone;
mapping the entries in the pseudo-zone into a hierarchy of real parent zones and subzones using a mapping formula, wherein the mapping formula includes a hash function used to establish the plurality of subzones in the pseudo-zone; and
translating DNS updates to the pseudo-zone from the original FQDN into at least one new FQDNs and adding the at least one new FQDNs to an authoritative DNS Server.

US Pat. No. 10,250,554

METHODS, SYSTEMS, AND PRODUCTS FOR MONITORING DOMAIN NAME SERVERS

1. A method, comprising:capturing, by a server, a query requesting a domain name resolution of a domain name;
capturing, by the server, a response to the query, the response generated after performing the domain name resolution;
determining, by the server, a response time of the domain name resolution exceeds a threshold value;
inferring, by the server, that the domain name was not locally cached based on the response time that exceeds the threshold value;
categorizing, by the server, the response in a single category in which the domain name successfully resolved to an Internet Protocol address; and
uniquely categorizing, by the server, the query in which the domain name failed to resolve according to the domain name resolution.

US Pat. No. 10,250,553

ARP OFFLOADING FOR MANAGED HARDWARE FORWARDING ELEMENTS

NICIRA, Inc., Palo Alto,...

1. A non-transitory machine readable medium storing a service node program for processing address resolution protocol (ARP) in a network comprising a plurality of managed software forwarding elements (MSFE) and at least one managed hardware forwarding element (MHFE), the program comprising sets of instructions for:at a service node,
receiving an ARP request from the MHFE;
determining whether a layer 2 (L2) address for replying to the ARP request is stored locally at the service node;
when the L2 address is not stored locally, replicating the ARP request and sending the replicated ARP request to a set of MSFEs;
providing the L2 address to the MHFE when the L2 address is stored locally or when the L2 address is received from one of the MSFEs.

US Pat. No. 10,250,552

L3VPN SERVICE WITH SINGLE IGP/BGP SESSION FROM A MULTI-HOMED CE WITH FAST CONVERGENCE USING EVPN

Cisco Technology, Inc., ...

1. A computer-implemented method for assisting provision of a Layer 3 Virtual Private Network (L3VPN) service using Ethernet VPN (EVPN) for a customer edge (CE) device multi-homed to a plurality of provider edge (PE) devices and operating in a single-active redundancy mode, the method comprising:establishing a communication session between said CE device and a provider edge (PE) device elected, out of said plurality of PE devices, to be a designated forwarder (DF) for said CE device (DF PE device), wherein each of said plurality of PE devices are configured with a same anycast overlay address;
receiving at said DF PE device from said CE device, over said communication session, one or more messages comprising host Internet Protocol (IP) prefixes reachable via said CE device;
sending, by said DF PE device, one or more route advertisement messages advertising the host IP prefixes received at said DF PE device from said CE device, each route advertisement message comprising an indication of said CE device;
detecting, by said DF PE device, a failure of said communication session between the DF PE device and said CE device; and
in response to the failure of said communication session, withdrawing a pseudowire used by said communication session, wherein withdrawing the pseudowire triggers one of the other non-DF PE devices to establish a second communication session with said CE device.

US Pat. No. 10,250,551

METHOD AND APPARATUS FOR EXPIRING MESSAGES IN ELECTRONIC COMMUNICATIONS

GOOGLE LLC, Mountain Vie...

1. A method comprising:receiving, at one of one or more servers, an electronic communication from a source client device, the electronic communication including a message;
temporarily storing, on a non-durable storage media accessible by at least one of the one or more servers, content of the message;
notifying, by at least one of the one or more servers, a recipient client device of availability of the message;
determining an occurrence of at least one of a first expiration event and a second expiration event, wherein:
the first expiration event includes expiration of an amount of time to live associated with the message as defined on at least one of the one or more servers, and
the second expiration event includes number of times of access of the message as defined on at least one of the one or more servers, based on input received from the recipient client device;
in response to determining the occurrence of the at least one of the first expiration event and the second expiration event, causing the content of the message to be deleted from the non-durable storage media; and
after deletion of the content of the message from the non-durable storage media, notifying the recipient client device that the message is unavailable.

US Pat. No. 10,250,550

SOCIAL MESSAGE MONITORING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A social message monitoring method, comprising:receiving a social message;
performing theme modeling analysis on the social message to obtain a theme probability vector of the social message;
comparing the theme probability vector of the social message with a theme probability vector of a representative message to obtain a theme similarity;
comparing a user of the social message with a user of each representative message to obtain a user similarity between the social message and each representative message;
acquiring a similarity between the social message and the representative message according to the theme similarity, the representative message being a representative social message in a message class;
saving the social message in a message class containing a representative message most similar to the social message, the representative message from each message class being selected by performing weighted averaging on theme probability vectors of all social messages in each message class to obtain a theme probability vector of a representative message of each message class, and when a new social message is added to the message class, selecting, from each message class, a social message matching the theme probability vector of the representative message of the message class as the representative message, and performing weighted averaging again to calculate the theme probability vector of the representative message of the message class; and
outputting the message class to a social network client when a quantity of social messages in the message class reaches a first threshold or themes of social messages in the message class are consistent.

US Pat. No. 10,250,548

SOCIAL MEDIA ENGAGEMENT ENGINE

SAP SE, Walldorf (DE)

1. A method of social media engagement, comprising:receiving a social media message from a person via a social media data connector;
generating processed data by analyzing the social media message, the generating comprising:
extracting data from the social media message,
determining an importance level of the person, and
enriching the extracted data with the determined importance level of the person,
determining, by a rule engine based on the processed data including the determined importance level of the person, whether an engagement is to be manually or automatically conducted with the person;
in response to determining the engagement is to be manually conducted, invoking a response from an agent via an engagement workbench;
in response to determining the engagement is to be automatically conducted, automatically generating the response based on information extracted from an application system; and
transmitting the invoked or generated response to the social media data connector;
wherein at least one predefined rule executed by the rules engine (i) identifies which agent or group of agents to take action in response to the social media message, (ii) what action the identified agent should take, (ii) what information to extract from an external application system.

US Pat. No. 10,250,547

TREND DETECTION FOR CONTENT TARGETING USING AN INFORMATION DISTRIBUTION SYSTEM

TWITTER, INC., San Franc...

1. A method comprising:receiving, by an information distribution system and from one or more client devices, a first plurality of messages composed by one or more users of the one or more client devices, wherein each of the messages in the first plurality of messages includes a first hashtag, and wherein a first message of the first plurality of messages includes first semantic content;
receiving, by the information distribution system and from a second client device, a second message composed by one or more users of the second client device, wherein the second message includes a second hashtag and second semantic content, and wherein the second message does not include the first hashtag;
determining, by the information distribution system, a degree of similarity between the first semantic content included in the first message and the second semantic content of the second message;
in response to determining that the degree of similarity satisfies a similarity threshold, determining, by the information distribution system, that the first hashtag corresponds to the second hashtag;
in response to determining that the first hashtag corresponds to the second hashtag, forming, by the information distribution system, a second plurality of messages that includes the first plurality of messages and the second message;
determining, by the information distribution system and using a set of metrics that are based at least in part on the second plurality of messages, a trending score that represents a magnitude of a trend for the first hashtag and the second hashtag;
in response to determining that the trending score satisfies a threshold, sending, by the information distribution system and to a content provider system, a set of demographic data that describes one or more of the users who associated with the first hashtag or the second hashtag; and
in response to receiving, from the content provider system, targeted content that is based at least in part on the first hashtag, on the second hashtag, and on the set of demographic data, sending, by the information distribution system and for display at one or more of the one or more client devices or the second client device, the targeted content.

US Pat. No. 10,250,546

MANAGING AN E-MAIL RESPONSE

International Business Ma...

1. A method for managing an e-mail response, the method comprising:receiving a first e-mail from a sender sent to a plurality of e-mail addresses, wherein each e-mail address from the plurality of e-mail addresses includes a domain name, and wherein two or more of the e-mail addresses from the plurality of e-mail addresses have different domain names;
initiating a graphical user interface (GUI) associated with the e-mail response;
providing a list of the different domain names associated with the plurality of e-mail addresses and an e-mail address associated with the sender;
generating, based on a selection of one or more of the different domain names, a distribution list, wherein the distribution list comprises one or more e-mail addresses limited to e-mail addresses having a selected domain name; and
providing the distribution list in an addressee field associated with the e-mail response in the GUI,
wherein the GUI includes a plurality of addressee fields and a plurality of dropdown menus respectively associated with each addressee field from the plurality of addressee fields, wherein each dropdown menu from the plurality of dropdown menus lists the different domain names, and
wherein the distribution list is provided in one of the addressee fields from the plurality of addressee fields associated with a dropdown menu from which the selection of one or more of the different domain names is made.

US Pat. No. 10,250,545

METHOD, SYSTEM AND COMPUTER READABLE MEDIUM FOR NOTIFICATION DELIVERY

West Corporation, Omaha,...

1. A method, comprising:a processor assigning a plurality of delivery ports to each of a plurality of delivery channels;
the processor receiving a plurality of message delivery jobs;
the processor assigning each of the message delivery jobs to one of the plurality of delivery channels;
the processor determining a delivery timeframe for each of the message delivery jobs;
the processor assigning a priority to each of the message delivery jobs, wherein each job's priority is based at least in part on its delivery timeframe,
the processor ordering the delivery jobs for delivery according to their priority;
in the case any of the prioritized jobs' delivery timeframe will not be met, increasing that job's priority to ensure its delivery within its delivery timeframe, and reordering the delivery jobs for delivery;
in the case any of the reprioritized jobs' delivery timeframe will not be met, determining, by the processor, a number of ports required by each channel to ensure that each message assigned to that channel is delivered to its respective recipient within its delivery timeframe;
in the case the number of available ports is at least equal to the total number of required ports, reassigning the available ports so that each channel has at least the number of ports it requires; and
in the case the number of available ports is not at least equal to the total number of required ports, reassigning the available ports to maximize the total value of delivering the messages, including any penalties incurred by the inability to delivery every message within its timeframe.

US Pat. No. 10,250,544

ELECTRONIC EQUIPMENT, SYSTEM INCLUDING ELECTRONIC EQUIPMENT AND MANAGEMENT DEVICE, AND METHOD EXECUTED BY ELECTRONIC EQUIPMENT

Seiko Epson Corporation, ...

1. Electronic equipment configured to facilitate secure equipment settings modification through use of a transmitted notification that is triggered for transmission upon detection of a request to change one or more settings of the electronic equipment, the electronic equipment comprising:an instruction receiving unit that receives an instruction of a setting modification regarding the electronic equipment; and
an electronic mail sending unit that sends an electronic mail including access information to access a web page for permission of the setting modification by the modification instruction to a mail address corresponding to a predetermined administrator;
wherein a visual arrangement of content included within the electronic mail is structured in a manner to operate as a notification regarding the setting modification, the visual arrangement being arranged in the following specific manner:
a first list listing the one or more settings of the electronic equipment,
a second list listing proposed modified settings for the same one or more settings of the electronic equipment, wherein the proposed modified settings included in the second list are modified in accordance with the setting modification, and
the access information, which is provided to access the web page for permission of the setting modification, the access information being presented in a selectable form that, when selected, causes the web page to be accessed.

US Pat. No. 10,250,543

DEDUPLICATION OF E-MAIL CONTENT BY AN E-MAIL SERVER

International Business Ma...

1. A method for handling e-mail communication by an e-mail server, the method comprising:receiving an e-mail by the e-mail server;
determining a number of recipients for the e-mail;
based on determining the number of recipients being above a recipient threshold number:
parsing the e-mail to identify a large content item within the e-mail;
generating a modified e-mail by replacing the large content item within the e-mail with an identifier, wherein the identifier comprises a thread identifier, a content identifier, and a nonce, wherein the thread identifier is used to position the large content in a weblog, wherein the content identifier is a series of characters to identify a specific content item of the large item, and wherein the nonce is formed by an encryption function for identification and securing access to the large content; and
storing the large content item, wherein the large content item forms a basis for the weblog associated with the identifier, wherein the weblog comprises one or more large content items that are arranged in reverse chronological order;
sending the modified e-mail; and
receiving a reply e-mail to the modified e-mail, wherein content of the reply e-mail builds an extension to the weblog, and wherein the reply e-mail is generated by replacing the identifier with the large content making the replacement undetectable to a recipient.

US Pat. No. 10,250,541

PREDICTIVE RESPONSES TO INCOMING COMMUNICATIONS

Google LLC, Mountain Vie...

1. A method comprising:receiving, by a computing system, a plurality of message histories, wherein each message history from the plurality of message histories includes one or more of a simple messaging service message history, multimedia messaging service message history, an instant messaging message history, or an email message history;
determining, by the computing system and based on the plurality of message histories, a plurality of message and response pairs;
determining, by the computing system, a number of instances of each response for each message from the plurality of message and response pairs;
classifying, by the computing system, each response from the plurality of message and response pairs as having an information type, wherein the information type is one or more of time type, text type, number type, address type, emoji type, celebrity type, store type, day of week type, date type, or unknown type;
storing, by the computing system and in a data store, an indication of each unique message from the plurality of message and response pairs, an indication of the information type associated with the respective response associated with the unique message, and a number of responses from the plurality of message and response pairs having the information type as message and response information;
receiving, by the computing system and from a computing device, a request for a suggested response to an incoming communication, the request including an indication of the incoming communication;
determining, by the computing system and based on the request and the message and response information stored in the data store, a type of information expected to be included in a response to the incoming communication, wherein the type of information is one or more of the time type, the text type, the number type, the address type, the emoji type, the celebrity type, the store type, the day of week type, the date type, or the unknown type;
predicting, by the computing system, and based on the request and the type of information, one or more candidate response messages; and
sending, by the computing system and to the computing device, an indication of the one or more candidate response messages.

US Pat. No. 10,250,539

METHODS AND APPARATUS TO MANAGE MESSAGE DELIVERY IN ENTERPRISE NETWORK ENVIRONMENTS

VMware, Inc., Palo Alto,...

1. A method to manage delivery of messages in an enterprise network environment, the method comprising:accessing, via a message application programmable interface (API), a message posted to a social media network by a user of the enterprise network environment;
identifying, by executing an instruction with a processor, an occupational position of the user;
scanning, by executing an instruction with the processor, the message for at least one of a plurality of identifiers;
determining, by executing an instruction with the processor, whether the message includes the at least one of the identifiers;
when the message does not include the at least one of the identifiers, delivering the message to at least one of a first plurality of users of an enterprise entity via the message API, the first plurality of users characterized by a same occupational position as the user;
when the message includes the at least one of the identifiers:
identifying, with the processor, a different enterprise entity including a second plurality of users associated with the at least one of the identifiers, at least one of the second plurality of users characterized by a different occupational position than the occupational position of the user; and
delivering the message to at least one of the second plurality of users via the message API, the message API to provide compatibility between different types of social media networks used by the first plurality of users and the second plurality of users by delivering the message using a Hypertext Transfer Protocol.

US Pat. No. 10,250,538

DETECTING MESSAGES WITH OFFENSIVE CONTENT

1. A method comprising:receiving input that includes message content using a virtual keyboard that is generated for output on a display of a user device, the virtual keyboard being generated by an application program installed on the user device that includes multiple software modules;
determining, by the user device and using one or more of the software modules of the application program, whether the message content includes offensive content, wherein determining, by the user device and using one or more of the software modules of the application program comprises:
determining whether the received message content includes an offensive trigger word;
in response to determining that the received message content includes an offensive trigger word, analyzing the context in which the offensive trigger word is used in the message content, wherein analyzing the context in which the offensive trigger word is used comprises:
determining whether the offensive trigger word falls within a predetermined proximity of (i) a pronoun that refers to a person other than the user of the user device or (ii) an entity name that refers to a person other than the user of the user device; and
in response to determining, by the user device and using one or more of the software modules of the application program, that the received message content includes an offensive trigger word that falls within a predetermined proximity of (i) a pronoun that refers to a person other than the user of the user device or (ii) an entity name that refers to a person other than the user of the user device, generating an alert message for display on the user device that provides an indication that the received message content includes offensive content.

US Pat. No. 10,250,537

METHODS AND APPARATUSES FOR ANIMATED MESSAGING BETWEEN MESSAGING PARTICIPANTS REPRESENTED BY AVATAR

1. A data processing system for rendering an avatar of a sender of a message on a device of a recipient of the message, the data processing system comprising:a memory storing a program; and
at least one processor to execute the program, wherein execution of the program configures the at least one processor to:
receive an animation markup record listing visible attributes of the sender;
receive an indication of a selected art style for the recipient;
query a database storing art styles, including the selected art style, each art style including graphic elements that can be combined to create a corresponding avatar of the sender in a corresponding animation style of the recipient; and
relate the visible attributes of the sender to the graphic elements of the selected art style to render the avatar in the corresponding animation style of the recipient.

US Pat. No. 10,250,534

CLOUD-BASED UNIVERSAL COLLABORATIVE MESSAGING SYSTEM AND METHOD

Avaya Inc., Santa Clara,...

1. A server, comprising:a processor;
a memory; and
a universal collaborative messaging system (UCMS) application contained in the memory and executed by the processor, wherein the UCMS application: receives messages from a plurality of different messaging sources, wherein the messages are configured as communications from a sender to at least one recipient including a user; transforms a received message from a first messaging format into a second messaging format compatible with standardized file management systems, wherein the second messaging format is configured as a folder including one or more files, each file of the one or more files representing content of the received message, and wherein a size of the transformed message is less than a size of the received message; stores the transformed message in the second messaging format in a secure central memory in communication with the server, wherein the secure central memory is part of a cloud storage platform; and sends a notification to a communication device of the user, wherein the notification activates a universal message viewing application on the communication device without transmitting the transformed message to the communication device and enables a connection to the secure central memory via the communication device and the server, and wherein the communication device is caused to render at least a portion of the transformed message that is hosted by the server and the secure central memory.

US Pat. No. 10,250,532

SYSTEMS AND METHODS FOR A PERSONALITY CONSISTENT CHAT BOT

Microsoft Technology Lice...

9. A method for automated chatting with personality consistency, the method comprising:identifying that a first reply is warranted from a chat bot regarding a first entity to a user;
searching an entity-based disposition memory graph for the chat bot based on the first entity;
identifying a chat bot disposition for the first entity that was previously provided by the chat bot based on the searching of the entity-based disposition memory graph for the chat bot;
generating the first reply about the first entity based on the chat bot disposition for the first entity; and
providing the first reply to the user.

US Pat. No. 10,250,527

PORT EXTENDER ID ASSIGNMENT IN AN EXTENDED BRIDGE

ARRIS Enterprises LLC, S...

1. A method comprising:storing, by a controlling bridge (CB) in an extended bridge, a set of one or more port extender (PE) ID configurations, wherein at least one PE ID configuration in the stored set includes:
an identity of a first CB port; and
a plurality of PE IDs corresponding to a plurality of PEs connected to the first CB port, the plurality of PE IDs being sorted in connection order, and
wherein the stored set further comprises a second PE ID configuration that includes a provisional PE ID for a PE that has not yet joined the extended bridge.

US Pat. No. 10,250,525

INTENT-BASED SERVICES ORCHESTRATION

CenturyLink Intellectual ...

1. A method, comprising:receiving, with a computing system over a network, a request for network services from a customer, the request for network services comprising desired performance parameters for the requested network services, without information regarding any of specific hardware, specific hardware type, specific location, or specific network for providing the requested network services;
allocating, with the computing system, one or more network resources from one or more first networks of a first set of networks for providing the requested network services, based at least in part on the desired performance parameters and based at least in part on a determination that the one or more first networks is capable of providing network resources each having the desired performance parameters;
determining, with the computing system, whether at least one first network of the one or more first networks can no longer provide at least one first network resource, of the one or more network resources, having the desired performance parameters, based at least in part on one or more network performance metrics; and
based on a determination that at least one first network can no longer provide at least one first network resource having the desired performance parameters, allocating, with the computing system, at least one second network resource from at least one second network of a second set of networks for supplementing provision of the requested network services having the desired performance parameters, based at least in part on one or more updated network performance metrics, thereby replacing or augmenting the at least one first network resource provided from the one or more first networks of the first set of networks.

US Pat. No. 10,250,522

SECURE DISTRIBUTED COMPUTING USING CONTAINERS

1. A computer-implemented method for performing distributed computing in a secure manner, said method comprising the steps of:(a) encrypting, via one or more processors, a data set using a homomorphic encryption algorithm;
(b) generating a plurality of application containers configured to process the encrypted data set encrypted in step (a), wherein the application containers are self-contained applications that comprise all dependencies necessary for execution and operation of the application containers;
(c) providing, over one or more communications networks, the encrypted data set to a plurality of compute node resources;
(d) deploying, over the one or more communications networks, the application containers to the compute node resources, wherein the compute node resources are configured to execute the application containers to process the encrypted data set to obtain a processed encrypted data set;
(e) receiving, over the one or more communications networks, the processed encrypted data set from the compute node resources;
(f) decrypting, via one or more processors, the processed encrypted data set to obtain a decrypted processed data set;
(g) managing the compute node resources with a management resource; and
(h) tracking, via the management resource, metrics associated with each of the compute node resources.

US Pat. No. 10,250,520

CUSTOMER ENGAGEMENT PLATFORM AND PORTAL HAVING MULTI-MEDIA CAPABILITIES

SAMSUNG ELECTRONICS CO., ...

1. A system for managing customer engagement, comprising:a customer engagement portal to be disposed at a site, said customer engagement portal configured to receive inputs, including inputs related to media information;
at least one memory storing instructions;
at least one processor associated with said customer engagement portal and configured to execute the instructions stored in said at least one memory to manage said media information;
a first network device to be disposed at said site and communicatively coupleable with said at least one processor to wirelessly transmit a media stream therebetween, said first network device configured to output said media stream, and said first network device having an operating condition capable of being altered;
a second network device to be disposed at said site and communicatively coupleable with said at least one processor to wirelessly transmit another media stream therebetween, said second network device configured to output said other media stream, and said second network device having another operating condition capable of being altered;
a mobile device associated with said site and configured to initiate a change of at least one of said operating condition of said first network device while said first network device outputs said media stream and said other operating condition of said second network device while said second network device outputs said other media stream; and
a customer engagement platform communicatively couplable with both said customer engagement portal and said mobile device, the customer engagement platform configured to provide the media information based on both a present location of said mobile device relative to said customer engagement portal and a tracked travel pattern of a user associated with the mobile device,
wherein the tracked travel pattern of the user includes a determined frequency of the user being at the site and a previous movement of the user from one location to another location,
wherein said operating condition and said other operating condition are independent of and unrelated to said media stream and said other media stream, and
wherein said customer engagement portal is integrated into one of said first network device or said second network device.

US Pat. No. 10,250,519

SYSTEM AND METHOD FOR SUPPORTING A DISTRIBUTED DATA STRUCTURE IN A DISTRIBUTED DATA GRID

ORACLE INTERNATIONAL CORP...

1. A system for supporting a distributed queue, comprising:one or more microprocessors;
a distributed data grid comprising a plurality of member nodes operating on the one or more microprocessors;
a plurality of buckets distributed over the plurality of member nodes in the distributed data grid, wherein the plurality of buckets are maintained as a distributed queue, including a current tail bucket that acts as a tail of the distributed queue, and wherein each of the plurality of buckets are configured to store one or more elements of the distributed queue;
a queue state owner member node of the plurality of member nodes, wherein the queue state owner member node executes a queue state owner process, wherein the queue state owner process holds queue state information for the distributed queue, and wherein the queue state owner process provides the state information about the distributed queue to a client process; and
wherein said client process is configured to
store a local version of the queue state information for the distributed queue, and
use the local version of the queue state information about the distributed queue to perform an operation on one or more elements in a bucket in the distributed queue.

US Pat. No. 10,250,514

SYSTEMS, METHODS, AND DEVICES FOR ADDRESSED DATA COMMUNICATIONS

QUIET COACH INC., Waterl...

1. A communications system for sending a data packet, comprising:(a) a first device, comprising:
(i) a processor, the processor configured to compose an addressing bitmask and, address the data packet with the bitmask; and,
(ii) a transmitter connected to the processor for transmitting the addressed data packet;
(b) a second device, comprising:
(i) a receiver for receiving the addressed data packet; and,
(ii) a processor attached to the receiver, the processor configured to perform a bitmask test on the bitmask contained in the addressed data packet such that, if the test is failed, then the addressed data packet is discarded;
wherein the data packet comprises encoded audio data,
wherein the encoded audio data is encoded with pulse code modulation;
wherein:
(a) the processor of the first device is further configured to segment the addressed data packet into at least one datagram;
(b) the transmitter of the first device transmits the addressed data packet as a part of the at least one datagram, the at least one datagram being transmitted using a multi-casting protocol;
(c) the receiver of the second device receives the addressed data packet as a part of at least one datagram;
(d) the processor of the second device is further configured to reconstitute the data packet from the at least one datagram;
wherein: the datagrams are User Datagram Protocol (UDP) datagrams; and, the multi-casting protocol uses the Internet Protocol multi-casting (IP multicasting) protocol;
wherein at least one of the transmitter of the first device and the receiver of the second device are configured for use over a private wireless local area network; and
wherein the private wireless local area network uses at least one IEEE 802.11 standard.

US Pat. No. 10,250,512

SYSTEM AND METHOD FOR TRAFFIC DIRECTOR SUPPORT IN A MULTITENANT APPLICATION SERVER ENVIRONMENT

ORACLE INTERNATIONAL CORP...

1. A system for traffic director support in a multitenant application server environment, comprising:one or more computers, including an application server that enables deployment and execution of software applications, wherein the application server is associated with a domain configuration that is used at runtime to define a domain for the execution of the software applications, together with
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of the domain,
one or more resource groups, wherein each of the one or more resource groups is associated with a partition of the one or more partition,
a plurality of virtual targets,
an instance of a traffic director, the instance of a traffic director comprising a configuration, and
a traffic director plugin instantiated within the domain, the traffic director plugin providing access to the domain, the traffic director plugin further providing access to a plurality of lifecycle operations of the domain;
wherein each of the plurality of partitions and the one or more resource groups are targeted to a virtual target of the plurality of virtual targets;
wherein the configuration of the instance of a traffic director is configured to direct network traffic to the plurality of partitions and the one or more resource groups, the configuration of the instance of the traffic director comprising one or more routes; and
wherein the instance of a traffic director provides load balancing among one or more servers of a server pool.

US Pat. No. 10,250,510

INTELLIGENT NETWORK RESOURCE MANAGER

Oracle International Corp...

1. A method comprising:assigning a selected priority and a selected category to each of a plurality of virtual channels selected from a set of virtual channels associated with a physical communication channel within a switched fabric;
wherein each selected priority is selected from a plurality of priorities comprising a first priority and a second priority;
wherein each selected category is selected from a plurality of categories comprising a first category and a second category, wherein the first category is based on a first message size and the second category is based on a second message size that is larger than the first message size, wherein more virtual channels are assigned the first category than the second category;
directing outbound messages to the plurality of virtual channels based on a category and a priority of each outbound message;
segmenting each outbound message into one or more respective packets to generate a plurality of packets that each do not exceed a maximum packet size, wherein said second message size exceeds said maximum packet size;
processing the plurality of virtual channels in a circular order to send a same amount of packets from said plurality of packets for each virtual channel over the physical communication channel within the switched fabric;
wherein the method is performed by one or more computing devices.

US Pat. No. 10,250,509

INCREMENTAL APPLICATION OF RESOURCES TO NETWORK TRAFFIC FLOWS BASED ON HEURISTICS AND BUSINESS POLICIES

Level 3 Communications, L...

12. A non-transitory computer-readable medium having instructions stored thereon that, when executed by at least one computing device, causes the at least one computing device to perform a method for operating a network service provider, the method comprising:receiving a first portion of a traffic flow in a network, wherein the traffic flow satisfies a first condition;
inspecting the first portion of the traffic flow at a first level of detail;
determining, based on the inspecting, that the traffic flow satisfies a second condition;
in response to determining that the traffic flow satisfies the second condition, sending a message to a controller, the message indicating that the second condition is satisfied, wherein the controller is configured to instruct one or more routers to transmit a second portion of the traffic flow to the network service provider based on the determining that the traffic flow satisfies the second condition;
subsequent to sending the message, receiving the second portion of the traffic flow, wherein the second portion of the traffic flow comprises a larger amount of information than the first portion of the traffic flow; and
in response to receiving the second portion of the traffic flow, inspecting the second portion of the traffic flow at a second level of detail, wherein the inspecting at the second level of detail requires a different amount of computing resources than the inspecting at the first level of detail.

US Pat. No. 10,250,508

LOAD BALANCING METHOD AND SYSTEM

ZTE Corporation, Shenzhe...

1. A load balancing method, comprising:collecting load information of a load balancing object, and generating a load balancing group table according to the load information;
generating a load balancing group routing table according to information of the load balancing group table; and
forwarding a data packet according to the load balancing group routing table,
wherein information in the load balancing group routing table at least comprises:
a group identifier, group identification information, branch object load weight information, and/or a subgroup object switch egress port,
wherein, the branch object load weight information is represented by a bearing space value, branch objects in the load balancing group routing table are arranged according to an order of bearing space values from small to large, and a load proportion corresponding to each branch object is equal to a bearing space value corresponding to the branch object minus a bearing space value corresponding to a previous branch object and divided by a maximum branch bearing space value in a group having the group identifier.

US Pat. No. 10,250,507

PERSISTENT CONNECTION REBALANCING

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method of rebalancing persistent client connections to a cluster of servers, the method comprising:identifying, by one or more processors of a computer system, an increase in a total client connection capacity of the cluster of servers with a network connection balancing component, wherein the increase in the total client connection capacity of the cluster of servers is due to one or more new servers being added to the cluster of servers;
determining, by the one or more processors of a computer system, a target client connection capacity utilization with the network connection balancing component from the increased total client connection capacity of the cluster of servers and the number of persistent connections to the cluster of servers; and
for each server in a selection of servers in the cluster of servers:
determining, by the one or more processors of a computer system, a current client connection capacity utilization of the server from the number of persistent connections to the server and a current capacity of the server;
comparing, by the one or more processors of a computer system, the current client connection capacity utilization with the target client connection capacity utilization; and
terminating, by the one or more processors of a computer system, a selection of its persistent client connections by the server based on the current client connection capacity utilization exceeding the target client connection capacity utilization.

US Pat. No. 10,250,505

EMERGENCY SIGNAL FOR M2M DEVICES

1. A method comprising:receiving, at a server connected to a network, messages from a plurality of devices connected to the network, wherein the messages comprise a first subset and a second subset;
consolidating the first subset into a consolidated message;
consolidating the second subset into another consolidated message;
prioritizing the second subset lower than the first subset based on a first message type indicated by the first subset being ranked higher than a second message type indicated by the second subset; and
causing the consolidated message to be provided to a recipient at a first transport quality of service (QoS) level before causing an indication of the another consolidated message to be provided to the recipient at a lower QoS level than the first transport QoS level.

US Pat. No. 10,250,504

LONGEST PREFIX MATCHING OPERATIONS ON A VALUE IN MULTIPLE INTERSPERSED PREFIX LENGTH SEARCH SPACES TO DETERMINE AN OVERALL LONGEST PREFIX MATCHING RESULT IN A PACKET SWITCHING SYSTEM

Cisco Technology, Inc., ...

1. A method, comprising:determining, by a packet switching system, an overall longest prefix matching (LPM) result for a particular lookup value associated with a packet, wherein said determining the LPM result includes:
performing a first LPM operation, by a first LPM lookup unit, on the particular lookup value in a first search space determining a first longest matching prefix and resulting in an identification of a first LPM result including processing information identified directly or indirectly and a first length value specifying a prefix length of the first longest matching prefix, which is not a default route;
performing a second LPM operation, by a second LPM lookup unit, on the particular lookup value in a second search space determining a second longest matching prefix and resulting in an identification of a second LPM result including processing information identified directly or indirectly and a second length value specifying a prefix length of the second longest matching prefix, which is not a default route;
selecting as the overall LPM result the first LPM result when the first length value is greater than the second length value else the second LPM result, which includes comparing the first and second length values; and
processing the packet according to the overall LPM result;
wherein the first search space and the second search space include non-default route prefixes with interspersed prefix lengths matching a same value.

US Pat. No. 10,250,503

ROUTING METHOD AND WIRELESS NODE FOR WIRELESS MESH NETWORK

Industrial Technology Res...

1. A routing method for a wireless mesh network, the routing method being performed on a wireless node of a plurality of nodes of the wireless mesh network and comprising:transmitting a control message packet for finding a plurality of available paths to reach a destination node of the plurality of nodes by performing a route algorithm to discover a topology of the wireless mesh network, and stopping performing the route algorithm after the plurality of available paths are found;
recording the available paths to reach the destination node, at least one parent-child node relationship corresponding to the available paths, and at least one link-state corresponding to the available paths in a route table;
using an optimal path among the available paths to transmit data or transfer data;
in response to the optimal path reaching the destination node being not operable, selecting another available path as the optimal path from the available paths, updating the route table, and notifying at least one parent wireless node on the optimal path of a node-deleted message;
in response to a node-added message being received from a newly-added node, relaying the node-added message and performing a block route algorithm for creating a block route table in a block to which the newly-added node belongs, updating the route table according to the block route table to acquire a plurality of updated available paths, selecting a path as the optimal path from the updated available paths, and notifying the at least one parent wireless node on the optimal path of the node-added message, wherein the block to which the newly-added node belongs is consist of the newly-added node and a part of the wireless mesh network and the part of the wireless mesh network comprises at least one adjacent node of the newly-added node in the wireless mesh network, and the wireless node is one of the at least one adjacent node; and
in response to the node-added message not being relayed from any wireless node in the block, not relaying the node-added message and not performing the block route algorithm.

US Pat. No. 10,250,502

SOFTWARE DEFINED NETWORK-BASED DATA PROCESSING METHOD, NODE, AND SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A software defined network-based data processing system, comprising:a plurality of nodes, each of which comprises a processor and memory, wherein the plurality of nodes comprises a source data node, a source control node, and a destination control node;
wherein the source data node is configured to receive a first data packet, and send the first data packet to the source control node, wherein the first data packet includes a destination address of the first data packet;
wherein the source control node is configured to receive the first data packet sent by the source data node, and determine the destination control node according to the destination address of the first data packet;
wherein the destination control node is, configured to receive the first data packet sent by the source control node, and generate a second data packet according to the first data packet and a matching policy rule;
wherein the source data node further stores a flow table to store sub-tuple information of a service flow data packet and a processing rule corresponding to the sub-tuple information of the service flow data packet;
wherein the destination control node is further configured to add a control node number field and a service parameter field in the flow table of the source data node, the control node number field to represent an index of the destination control node corresponding to the source data node, and the service parameter field to represent an index corresponding to a processing result of the sub-tuple information of the service flow data packet;
wherein, the destination control node is further configured to add, in the flow table of the source data node, a control node number field and a service parameter field corresponding to the first data packet, wherein, the control node number field represents an index of the destination control node corresponding to the source data node, wherein the service parameter field corresponding to the first data packet represents an index of a matching policy rule corresponding to the sub-tuple information of the first data packet, wherein, a service parameter corresponding to a third data packet comprises the index of the matching policy rule corresponding to the sub-tuple information of the first data packet; and
wherein the source data node is further configured to send the third data packet to the destination control node, wherein the index of the matching policy rule corresponding to the sub-tuple information of the first data packet is carried in the third data packet, and wherein the destination control node is further configured to determine, according to a matching policy rule corresponding to the index of the matching policy rule of the sub-tuple information of the first data packet and an application layer information of the third data packet, an action parameter or a policy parameter executed for the third data packet, so as to generate a fourth data packet.

US Pat. No. 10,250,501

SERVICE PACKET FORWARDING METHOD AND APPARATUS

HUAWEI TECHNOLOGIES CO., ...

1. A service packet forwarding method implemented by a forwarder, the method comprising:receiving from a classifier a second service packet comprising a first service packet and at least two pieces of service chain information, each piece of service chain information indicating a route of one service chain, the routes of all the service chains forming an entire path for forwarding the second service packet, the first service packet comprising a plurality of packet characteristics, and each of the packet characteristics corresponding to a classification rule such that the second service packet corresponds to a plurality of classification rules; and
forwarding the second service packet according to the at least two pieces of service chain information.

US Pat. No. 10,250,500

PERFORMING A SERVICE ON A PACKET

Juniper Networks, Inc., ...

1. A first device, comprising:a memory; and
one or more processors to:
receive first route information from a second device,
the first route information identifying the second device as a next hop for a packet to be sent toward a destination other than the first device, and
the first route information including a source identifier that identifies a source from which the packet is provided;
generate second route information based on receiving the first route information,
the second route information identifying the first device as the next hop for the packet when the packet is to be sent toward the destination;
provide the second route information to a third device based on generating the second route information,
the third device being the source of the packet;
receive the packet from the third device after providing the second route information to the third device;
perform a service on the packet based on receiving the packet from the third device,
the service being performed on the packet prior to providing the packet to the second device,
the first device performing the service based on the first device being identified by the second route information as the next hop for the packet; and
perform an action related to the packet based on performing the service on the packet,
the action including:
providing the packet toward the destination, via the second device, according to the first route information, or
dropping the packet.

US Pat. No. 10,250,498

SESSION AGGREGATOR BROKERING OF DATA STREAM COMMUNICATION

Sprint Communications Com...

1. A method of providing secure streamed data sessions over the Internet, comprising:collecting data communication performance metrics on a plurality of routers in the Internet by an orchestrator virtualized network function (VNF), where the orchestrator VNF is provided by execution on a virtual computing platform;
receiving a request for a secure streamed data session by the orchestrator VNF from a customer premises equipment (CPE) node, where the request identifies a service level agreement (SLA) to be supported by the secure streamed data session;
analyzing the metrics on the plurality of routers by the orchestrator VNF based on the SLA identification in the request;
determining a secure routing path for the requested secure streamed data session by the orchestrator VNF based on the analyzing;
creating a routing instruction set that defines the secure routing path by the orchestrator VNF;
transmitting the routing instruction set to a session aggregator node by the orchestrator VNF;
establishing trusted end-to-end communication links between the session aggregator node and each of the CPE node, a first edge router, a second edge router, and at least one of the plurality of routers by the session aggregator node, wherein applications engaged in the trusted end-to-end communication links with the session aggregator node execute in a trusted security zone;
configuring the routing instruction set into each of the first edge router, the second edge router, and the at least one of the plurality of routers by the session aggregator node via the trusted end-to-end communication links; and
providing the secure streamed data session, wherein the secure streamed data session is dynamically defined and initiated based at least in part on configuring the routing instructions set.

US Pat. No. 10,250,497

AVOIDING FALSE DUPLICATE NETWORK ADDRESS DETECTION IN VIRTUAL ROUTER REDUNDANCY PROTOCOL (VRRP) SCENARIOS

Juniper Networks, Inc., ...

15. A method, comprising:activating, by a first network device, the first network device as being associated with a Virtual Router Redundancy Protocol (VRRP) group,
where the VRRP group includes a plurality of network devices;
receiving, by the first network device and from a second network device, a duplicate address detection message,
where the plurality of network devices includes the second network device;
comparing, by the first network device, a data link layer address associated with the duplicate address detection message and a Virtual Media Access Control (VMAC) address of the VRRP group; and
disregarding, by the first network device, the duplicate address detection message after comparing the data link layer address and the VMAC address of the VRRP group.

US Pat. No. 10,250,496

ROUTER BASED MAXIMUM TRANSMISSION UNIT AND DATA FRAME OPTIMIZATION FOR VIRTUALIZED ENVIRONMENTS

International Business Ma...

1. A method, comprising:receiving a first data frame and a second data frame by a device driver of a first virtual network interface controller (vNIC) of a plurality of vNICs sharing a physical network interface controller (NIC) of a computing system;
storing, by the device driver of the first vNIC, the first and second data frames in a first queue for the first vNIC;
generating, by the device driver of the first vNIC, an optimized data frame comprising the first and second data frames, wherein the optimized data frame specifies a modified Ethernet preamble; and
sending the optimized data frame to a hypervisor of the computing system.

US Pat. No. 10,250,495

TUNNEL PROVISIONING WITH LINK AGGREGATION

ORCKIT IP, LLC, Dover, D...

1. A method performed by an Ethernet switch that comprises multiple physical ports cooperating as an Ethernet Link Aggregation Group (LAG) and a first Ethernet port, the method comprising:assigning a distinct number to each port of the multiple physical ports;
receiving, by the switch via the first Ethernet port, multiple messages, each of the messages comprises a frame or packet that comprises a source address field, a destination address field, and a first value carried in a first field other than the source or destination addresses fields;
applying a hash function to each of the values in the first field of each of the received multiple messages;
selecting, by the switch, a first port from the multiple physical ports in response to the first value; and
sending, by the switch, each of the received multiple messages via the selected first port,
wherein the hash function maps a respective assigned port number to each one of the values in the first field, and
wherein the selecting comprises selecting the port that is assigned the result of the hash function of the respective message.

US Pat. No. 10,250,494

SEGMENT ROUTING LABEL SWITCH PATHS IN NETWORK FUNCTIONS VIRTUALIZATION COMMUNICATIONS NETWORKS

Cisco Technology, Inc., ...

1. A method comprising:receiving a request to create a path through a network, wherein the path originates on a first network device and terminates on a second network device;
proxying control plane functions for the first network device by a first controller;
proxying control plane functions for the second network device by a second controller;
computing the path using the first controller as a source and the second controller as a destination; and
installing the computed paths on the first and second network devices to enable the first network device to transfer data to the second network device over the network.

US Pat. No. 10,250,493

ASYMMETRIC NETWORK ELEMENTS SHARING AN ANYCAST ADDRESS

NICIRA, INC., Palo Alto,...

1. A method comprising:receiving, at a first host implementing (1) a distributed logical router and (2) a plurality of logical switches of a logical network along with other hosts, a message from a first data compute node (DCN) executing on the first host;
logically forwarding the message to the distributed logical router that uses a particular anycast internet protocol (IP) address using a first media access control (MAC) address;
determining that the message requires processing by a centralized logical router executing on an edge node host; and
forwarding the message to the centralized logical router that uses the same anycast IP address using a second, unique MAC address.

US Pat. No. 10,250,492

SEGMENT RECOVERY IN CONNECTION-ORIENTED NETWORK

TELEFONAKTIEBOLAGET LM ER...

1. A method of operating a node in a connection-oriented network in which there is a working path and a segment recovery path for a segment of the working path, the working path having a branch node at an end of the segment where the segment recovery path connects to the working path, the branch node not being located at an end node of the working path, the method comprising:receiving control plane signalling at the end node of the working path from a node along the working path, indicating that a failure has occurred along the working path;
determining, from the received control plane signalling, if the failure has occurred outside the segment of the working path; and
when it is determined that the failure has occurred outside the segment of the working path, notifying the branch node.

US Pat. No. 10,250,491

IN-FLOW PACKET PRIORITIZATION AND DATA-DEPENDENT FLEXIBLE QOS POLICY

QUALCOMM Incorporated, S...

1. A method, operational at a device, comprising:receiving at least one packet belonging to a first set of packets of a packet flow marked with an identification value;
determining that the at least one packet is marked with the identification value;
determining to change a quality of service (QoS) treatment of packets belonging to the first set of packets marked with the identification value that are yet to be received; and
sending a request to change the QoS treatment of packets belonging to the first set of packets marked with the identification value that are yet to be received to trigger a different QoS treatment of packets within the packet flow, responsive to determining to change the QoS treatment.

US Pat. No. 10,250,490

METHOD AND NETWORK NODE FOR ROUTING BACKHAUL PACKETS

Telefonaktiebolaget LM Er...

5. A method in an intermediate network node for routing backhaul packets, the intermediate network node being located between a radio access network node and a core network, the method comprising:forwarding to a core network node an attach request originated from a User Equipment (UE);
receiving from the core network node a response message indicating that the UE is a backhaul UE, the response message comprising:
an attach response destined to the UE; and
a predetermined gateway Internet Protocol (IP) address for a reserved IP address that only notifies the radio access network node that the UE is the backhaul UE such that the response message indicates that the UE is the backhaul UE;
modifying the response message by setting a gateway (GW) IP address in the response message to an IP address of the intermediate network node and transmitting the modified response message to the radio access network node;
decapsulating, upon receiving a General Packet Radio Service (GPRS) Tunnel Protocol (GTP) packet from the radio access network node, the GTP packet to obtain an IP packet contained in the GTP packet;
determining that the IP packet is originated from the UE; and
routing the IP packet based on a destination IP address of the IP packet.

US Pat. No. 10,250,488

LINK AGGREGATION MANAGEMENT WITH RESPECT TO A SHARED POOL OF CONFIGURABLE COMPUTING RESOURCES

International Business Ma...

1. A method for use with a computing system including a compute host having a plurality of Ethernet ports, the method comprising:for each given Ethernet port of the plurality of Ethernet ports, setting a link aggregation (LAG) setting, so that the computing system has a first LAG configuration;
monitoring applications running in the computing system to identify a first set of networking requirements, with the first set of networking requirements including information indicative of an optimal network utilization level such that the applications running in the computing system do not overload hardware of the computing system;
determining that the optimal network utilization level has been exceeded such that the applications running in the computing system have overloaded the hardware of the computing system; and
responsive to the determination that the optimal network utilization level has been exceeded, adjusting LAG mode settings on at least some Ethernet ports of the plurality of Ethernet ports based, at least in part, upon the first set of networking requirements to configure the computing system in a second LAG configuration.

US Pat. No. 10,250,487

DYNAMIC MODIFICATION OF BYPASS LABEL-SWITCHED PATHS BASED ON MONITORING NETWORK TRAFFIC CONDITIONS

Juniper Networks, Inc., ...

1. A multiprotocol label switching device, comprising:a memory; and
one or more processors to:
determine a dynamic set of bypass label-switched paths (LSPs), to protect one or more protected LSPs, based on configuration information,
the dynamic set of bypass LSPs being initially determined to include zero or more bypass LSPs, and
the configuration information indicating:
a first condition for adding a bypass LSP to the dynamic set of bypass LSPs,
a second condition for removing a bypass LSP from the dynamic set of bypass LSPs, and
a maximum quantity of bypass LSPs permitted to be established for the dynamic set of bypass LSPs;
monitor the dynamic set of bypass LSPs for a network traffic condition;
determine that the network traffic condition, associated with the dynamic set of bypass LSPs, is satisfied based on monitoring the dynamic set of bypass LSPs;
modify the dynamic set of bypass LSPs to add one or more bypass LSPs based on determining that the network traffic condition is satisfied,
where the one or more processors, when modifying the dynamic set of bypass LSPs, are to:
verify that the maximum quantity of bypass LSPs will not be exceeded by adding a bypass LSP to the dynamic set of bypass LSPs; and
add the bypass LSP to the dynamic set of bypass LSPs based on verifying that the maximum quantity of bypass LSPs will not be exceeded; and
forward a data packet to a network node using a bypass LSP included in the modified dynamic set of bypass LSPs.

US Pat. No. 10,250,486

SYSTEM AND METHOD FOR ISOCHRONOUS SWITCHING OF PACKETIZED MEDIA STREAMS

GVBB HOLDINGS S.A.R.L., ...

1. A method for isochronous switching of a packetized media stream, the method comprising:receiving at least one packetized media stream by an input port of an IP packet router, the at least one packetized media stream comprising a plurality of frames each containing video data;
routing, by the IP packet router, the received at least one packetized media stream to a first output port of a plurality of output ports of the IP router;
parsing, by the IP packet router, RTP header information in each frame of the at least one packetized media stream to identify respective RTP time stamps in each frame;
determining a change in the RTP time stamp between two consecutive frames in the at least one packetized media stream;
comparing a value of the respective RTP time stamp with a trigger value when a change is determined in the RTP time stamp between the two consecutive frames; and
rerouting the at least one packetized media stream by switching from the first output port of the IP packet router to a second output port of the plurality of output ports when the value of the RTP time stamp matches the trigger value.

US Pat. No. 10,250,485

BROADCAST MESSAGE TRANSLATION IN A NETWORK DEVICE

ABL IP Holding LLC, Atla...

1. A network switch, comprising:a plurality of network interfaces, wherein one of the network interfaces is configured to receive broadcast messages from a control console, and one or more of the network interfaces is associated with a multicast address;
a processor;
a memory accessible to the processor; and
a message translator service executed by the processor, the message translator service causing the network switch to:
obtain a configuration for translating a destination address of a specified type of broadcast message to a different destination address;
receive a broadcast message matching the specified type, wherein the broadcast message is received from the control console and includes an instruction for a group of network nodes;
generate a multicast message based upon the broadcast message and the configuration, wherein the multicast address used as a destination for the multicast message corresponds to the multicast address for the group of network nodes specified by the configuration; and
transmit the multicast message from the one or more network interfaces associated with the multicast address for the group of network nodes, wherein the multicast message includes the instruction for the group of network nodes.

US Pat. No. 10,250,484

NETWORK SERVICE COMPUTATION SYSTEM

FUJITSU LIMITED, Kawasak...

1. A method, comprising:receiving a network request at a first network controller, the network request specifying a source vertex and a destination vertex, wherein the source vertex is located in a first network domain managed by the first network controller, and wherein the destination vertex is located in a second network domain managed by a second network controller;
performing distributed graph processing at a plurality of network controllers, including the first network controller and the second network controller, corresponding to a plurality of network domains to determine a network path between the source vertex and the destination vertex, the distributed graph processing including:
within each network domain, executing a plurality of supersteps, wherein each superstep includes identifying a minimum path distance between each vertex in the network domain and the source vertex;
sending, subsequent to each superstep, a controller message among the plurality of network controllers, wherein the controller message includes a first field specifying a sending vertex identifier, a second field specifying a target vertex identifier, and a third field specifying the minimum path distance from the source vertex to a target vertex corresponding to the target vertex identifier, wherein a sending vertex corresponding to the sending vertex identifier is included in a network domain of a network controller sending the controller message and the target vertex is included in a network domain of a network controller receiving the controller message;
repeating, after each superstep, sending a controller message until all network paths between the source vertex and the destination vertex are recorded, wherein the path information does not change based on a given network topology among the plurality of network domains;
recording, by each network controller for each vertex in the network domain corresponding to the network controller, path information comprising: the minimum path distance from the source vertex to the vertex; and a parent vertex identifier for a parent vertex from the vertex resulting in the minimum path distance to the source vertex;
receiving new path information for the respective vertex after path information is recorded for a respective vertex; and
discarding new path information for the respective vertex when the new path information for the respective vertex specifies a value for the minimum path distance greater than the minimum path distance recorded in the path information; and
providing at least one network service to at least one customer of a service provider using an output path, wherein the output path is computed based on the path information.

US Pat. No. 10,250,483

SYSTEM AND METHOD THEREOF FOR DYNAMICALLY TESTING NETWORKED TARGET SYSTEMS THROUGH SIMULATION BY A MOBILE DEVICE

CA, Inc., Islandia, NY (...

1. A method, comprising:receiving, from a mobile device by a server system not under test, at least one test specification designating at least a type of test and a number of step repeater devices (SRDs) required for the test;
receiving, from the mobile device by the server system, a request to establish a secure connection;
in response to the request to establish the secure connection, transmitting, to the mobile device by the server system, a trusted certificate corresponding to a networked target system (NTS) to impersonate the NTS;
establishing by the server system, the secure connection with the mobile device, wherein the secure connection is established after verification of the certificate by the mobile device;
capturing, by the server system, a sequence of requests over the secure connection, wherein the requests originate from the mobile device and correspond to user actions performed by a user of an application on the mobile device, the application being configured to operate in conjunction with the NTS;
determining, by the server system, a sequence of captured steps that were performed within the application based on the sequence of requests;
configuring, by the server system, all SRDs designated in the test specification with each captured step, thereby causing each of the SRDs to perform the sequence of captured steps by transmitting one or more requests to the NTS; and
receiving, from the SRDs, information about the performance of the NTS.

US Pat. No. 10,250,481

DYNAMIC NETWORK MONITORING

INTERNATIONAL BUSINESS MA...

1. A computer program product for monitoring performance in a networked environment, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions being executable by a hardware computer device to cause the hardware computer device to:automatically adjust, by the hardware computer device, a monitoring threshold based on a virtual machine being migrated from a first host to a second host,
wherein the adjusting comprises determining a multiplier based on a comparison of the first host to the second host,
wherein the adjusting comprises determining an adjusted monitoring threshold by multiplying an initial monitoring threshold used with the first host by the multiplier.

US Pat. No. 10,250,480

POLLING PARAMETER ADJUSTMENT

International Business Ma...

1. A method for adjusting polling parameters, comprising:polling, by one or more processors, an endpoint application using an initial polling quantity and an initial polling frequency;
determining, by the one or more processors, a first number of events not consumed in a queue of a listening application and a second number of events in a queue at the endpoint application at an end of a polling cycle; and
comparing, by the one or more processors, the first number of events not consumed in the queue of the listening application and the second number of events in the queue at the endpoint application at the end of the polling cycle.

US Pat. No. 10,250,479

DETECTING PATTERNS OF EVENTS IN INFORMATION SYSTEMS

INTERNATIONAL BUSINESS MA...

1. A first networked peer-to-peer device comprising:a processor configured to independently or as a group of processors, perform a method comprising,
identifying a new pattern data event at the first networked peer-to-peer device or a second networked peer-to-peer device in a network of the first networked peer-to-peer device;
reading previous pattern data events from a peer-to-peer device in the network, the previous pattern data events stored at a storage device;
and
determining if the new pattern data event at a peer-to-peer device in the network corresponds with a pattern data event that has previously occurred in one or more peer-to-peer devices of the network, and is stored at the storage device,
wherein the storage device stores a plurality of patterned data events previously occurring at one or more peer-to-peer devices of the peer-to-peer devices of the network and,
wherein identifying comprises identifying a new pattern data event at one or more peer-to-peer devices of the peer-to-peer devices of the network.

US Pat. No. 10,250,477

METHOD AND CONTROLLER FOR ANNOUNCING BANDWIDTH OF CLUSTER SYSTEM

Huawei Technologies Co., ...

1. A method for announcing a bandwidth of a cluster system, wherein the cluster system comprises a controller, a first edge node, a second edge node, and at least two other nodes, wherein at least two transmission paths exist between the first edge node and the second edge node, and each of the transmission paths comprises at least two transmission links, the method comprising:determining, by the controller, at least two transmission paths between the first edge node and the second edge node, by:
determining, by the controller, all transmission paths between the first edge node and the second edge node;
determining, by the controller, a cost value of each of the transmission paths and a bandwidth of each of the transmission paths; and
determining, by the controller according to the cost values and the bandwidths, a transmission path whose bandwidth is not zero, and deducting the bandwidth of the determined transmission path from a bandwidth of each transmission link in the determined transmission path, continuing to perform the action of determining the transmission path whose bandwidth is not zero until a transmission link whose current bandwidth is zero exists in each of the other transmission paths in all the transmission paths except the already determined transmission path;
determining, by the controller according to bandwidths of the at least two transmission paths, a bandwidth provided by the cluster system, wherein the bandwidth provided by the cluster system is less than a sum of bandwidths of at least two transmission links connected to the first edge node, the at least two other nodes are connected to the first edge node via the at least two transmission links, and the at least other two nodes and the at least two transmission links are in a one-to-one correspondence; and
announcing, by the controller, the bandwidth provided by the cluster system to a node outside the cluster system.

US Pat. No. 10,250,474

CALCULATING LATENCY IN COMPUTER NETWORKS

Cisco Technology, Inc., ...

1. A method comprising:communicating data from a source device to a destination device along a flow path, the data comprising user traffic in packets of media content;
transmitting a request from the source device to an intermediary device of the flow path, wherein the request includes an identification of packets of the data and includes a query for timestamps for the identified packets of the data arrived at the intermediary device from the source device, wherein the request comprises a route discovery request for the flow path, wherein the route discovery request comprises the identification as filter and sampling parameters of the data;
receiving, from the intermediary device and in response to the request, the timestamps for the identified packets of the data arrived at the intermediary device from the source device; and
calculating, by the source device, a latency of the identified packets of the data on the flow path from the source device to the intermediary device using the timestamps.

US Pat. No. 10,250,473

RECOVERY FROM A NETWORKING BACKEND DISCONNECT

1. A method of processing one or more buffers in a networking queue, comprising:receiving, by a hypervisor, one or more transmit requests or receive requests from a guest running on a virtual machine, the virtual machine and the hypervisor running on a host machine;
detecting, by the hypervisor, that a networking backend has stopped processing buffers from a networking queue, each queued buffer corresponding to a transmit request or receive request; and
in response to detecting that the networking backend has stopped processing buffers from the networking queue, flushing, by the hypervisor, one or more buffers stored in the networking queue.

US Pat. No. 10,250,472

ANONYMIZATION OF TRAFFIC PATTERNS OVER COMMUNICATION NETWORKS

International Business Ma...

1. A computer system for obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a computer server, the computer system comprising:one or more processors, one or more computer-readable memories, one or more non-transitory computer-readable storage devices, and program instructions stored on at least one of the one or more non-transitory storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising:
detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol;
accessing, at the first communications device, a first traffic pattern based on the detected data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
accessing, at the first communications device, a second traffic pattern based on the data communication sessions, the second traffic pattern determining communication occurrences between the first and the second communications devices over a second predefined time period that occurs after the first predefined time period; and
generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device, wherein the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions, and wherein the dummy data communication pattern comprises one or more randomly generated binary values based on the randomization process, wherein the one or more randomly generated binary values include a binary ‘1’ value or a binary ‘0’ value, the binary ‘1’ value establishing a dummy communication session between the first and the second communications devices, and the binary ‘0’ value restricting a communication session between the first and the second communications devices.

US Pat. No. 10,250,471

APPARATUS AND METHOD FOR COLLECTING AND ANALYZING LOGS TO OBTAIN INFORMATION ABOUT PROGRAM COMPONENTS USED BY APPLICATIONS

FUJITSU LIMITED, Kawasak...

1. A non-transitory computer-readable recording medium storing a computer program that causes a computer to perform a procedure comprising:specifying a difference component between a first program and a second program by comparing a first program code and a second program code, the first program being made from the first program code and including a first plurality of components, the second program being made from the second program code and including a second plurality of components;
sending program execution requests to an execution apparatus to execute the second program, while explicitly designating the difference component as a component to be monitored by the execution apparatus and instructing the execution apparatus to record a first log that describes which of the execution requests causes execution of the designated difference component;
obtaining the first log from the execution apparatus;
specifying a relevant program execution request among the program execution requests, when the obtained first log indicates that the relevant program execution request has caused the execution apparatus to execute the difference component;
sending the specified relevant program execution request to the execution apparatus to execute the second program, while instructing the execution apparatus to monitor the second plurality of components and record a second log about execution of the second plurality of components;
obtaining the second log from the execution apparatus, the second log indicating which of the second plurality of components the execution apparatus has executed in response to the relevant program execution request; and
generating, based on the obtained second log, path information that describes a collection of components that are used by the second program in response to the relevant program execution request.

US Pat. No. 10,250,469

METHOD AND APPARATUS FOR MONITORING ACTIVITY OF AN ELECTRONIC DEVICE

SONY INTERACTIVE ENTERTAI...

1. A method for monitoring activity of a module of an electronic device comprising:associating an electronic device with one or more activity modules;
establishing selectable activity parameters for activities of the activity module, including setting of priorities of the activity parameters;
identifying actuation at the electronic device of one or more of the activity parameters of the activity module and the priorities of the activity parameters;
displaying at least predetermined ones of the activity parameters that have been actuated, including time of actuation of the predetermined activity parameters and the priority of the displayed activity parameters;
generating an accumulation of identified actuations and the priorities of the activity parameters that have been actuated; and
providing the accumulation of identified actuations utilizing a pre-selected protocol.

US Pat. No. 10,250,468

MANAGING FLEET OF OUTPUT DEVICES AND DETECTING CHANGE IN OPERATIONS THEREOF

RICOH COMPANY, LTD., Tok...

1. A device management system comprising:a processor; and
a non-transitory computer readable medium storing one or more programs of instructions
executable by the processor to configure said device management system to perform a method comprising:
(a) retrieving, for a fleet of output devices managed by the device management system, data maintained in a device database of device data for managed devices;
(b) determining plural fleet metrics of the fleet as a whole, based on one or more of (i) the data maintained in the device database for the fleet of output devices and (ii) data collected from the fleet of output devices;
(c) determining, based on a comparison of (I) a normal state of the plural fleet metrics
over a predetermined period of time with (II) a current state of the plural fleet metrics, whether changes to the fleet as a whole or to operations of the fleet as a whole exceed a predetermined alert threshold; and
(d) generating, and outputting to a predetermined notification target, upon determining in
(c) that the changes to the fleet as a whole or to the operations of the fleet as a whole exceed the predetermined alert threshold, an alert notification indicating a need to check the fleet of output devices, and providing, in the alert notification, a user-operable part to request a summary of the changes, by which the predetermined alert threshold was exceeded,
the current state of each of the plural fleet metrics determined in (b) being an average value of each of said plural fleet metrics since a most recent determination of the plural fleet metrics.

US Pat. No. 10,250,467

ALLOCATING OPERATORS OF A STREAMING APPLICATION TO VIRTUAL MACHINES BASED ON MONITORED PERFORMANCE

International Business Ma...

1. An apparatus comprising:at least one processor;
a memory coupled to the at least one processor;
a streaming application residing in the memory and executed by the at least one processor, the streaming application comprising a flow graph that includes a plurality of operators that process a plurality of data tuples;
a plurality of performance thresholds residing in the memory for the plurality of operators in the flow graph that define when at least a portion of the flow graph is underperforming and overperforming; and
a streams manager residing in the memory and executed by the at least one processor, the streams manager deploying the flow graph on at least one virtual machine (VM), monitoring performance of the streaming application, and when performance of a first portion of the streaming application in a selected VM does not satisfy at least one of the plurality of performance thresholds, thereby indicating the first portion of the streaming application in the selected VM is underperforming, the streams manager splits the first portion of the streaming application in the selected VM into second and third portions of the streaming application that are deployed to a plurality of VMs, wherein the streams manager continuously monitors performance of all portions of the flow graph and dynamically changes allocation of portions of the flow graph that are underperforming by splitting at least one portion of the flow graph to different VMs and changes allocation of portions of the flow graph that are overperforming by coalescing at least one portion of the flow graph to a single VM.

US Pat. No. 10,250,466

APPLICATION SIGNATURE GENERATION AND DISTRIBUTION

Juniper Networks, Inc., ...

1. A network device, comprising:a memory; and
one or more processors to:
receive network traffic for an application;
identify an application layer protocol being used for the network traffic,
the application layer protocol being a secure protocol;
obtain contextual information, from the network traffic, to obtain an item of contextual information,
the item of contextual information being selected based on the application layer protocol;
determine that the item of contextual information matches a stored item of contextual information,
the item of contextual information including at least one of:
a server hostname,
a uniform resource identifier (URI) that is being requested,
a common name for a server certificate, or
a server name extension from a client hello message;
identify a hit count corresponding to the stored item of contextual information;
determine that the hit count satisfies a threshold with regard to the stored item of contextual information;
generate, after determining that the hit count satisfies the threshold, an application signature for the application based on the item of contextual information; and
send the application signature to another device to permit the other device to identify the application based on the application signature.

US Pat. No. 10,250,465

NETWORK TRAFFIC MONITORING AND CLASSIFICATION

Cisco Technology, Inc., ...

1. A method comprising:identifying a plurality of core domains, each core domain of the plurality of core domains corresponding to a primary service provided by a given server configured to be directly accessed by network flows via one or more networks;
for each core domain of the plurality of core domains, generating one or more models of traffic activity resulting from access to the corresponding primary service by a network flow, wherein generating the one or more models comprises identifying at least one support domain flow triggered by the access to the corresponding primary service by the network flow;
based on the one or more models of traffic activity, associating real-time network traffic flows to a selected one of the core domains;
generating one or more network traffic management records for monitoring and policy enforcement within the one or more networks, wherein the one or more network traffic management records indicate the association of one or more real-time network traffic flows to the selected one of the core domains; and
based on the one or more network management traffic records, blocking at least one of the one or more real-time network traffic flows.

US Pat. No. 10,250,463

METHODS AND SYSTEMS FOR ONLINE MONITORING USING A VARIABLE DATA SAMPLING RATE

General Electric Company,...

1. A method for online monitoring of a physical environment using a variable data sampling rate, the method implemented by a computing device, the method comprising:receiving, from a monitoring system using the computing device, a data set associated with the physical environment using a first sampling rate while the data set indicates that the physical environment is in a first state;
updating the first sampling rate to a second sampling rate by generating sampling rate increase request to cause the monitoring system to sample the data set of the physical environment at the second sampling rate upon receiving a first data point of the data set that indicates that the physical environment is in a second state, wherein the second sampling rate is greater than the first sampling rate;
updating the second sampling rate to the first sampling rate by generating a sampling rate decrease request to cause the monitoring system to sample the data set of the physical environment at the first sampling rate upon receiving a predetermined number of consecutive data points of the data set that indicate that the physical environment is in the second state; and
delaying the updating of the first sampling rate based on a presence of a state sequence in the physical environment.

US Pat. No. 10,250,462

MANAGING CHANGE IN AN INFORMATION TECHNOLOGY ENVIRONMENT

International Business Ma...

1. A method for managing change in an information technology (IT) environment, the method comprising:identifying, by one or more processors, one or more components of the IT environment that are associated with at least one change operation included in an open change ticket;
identifying, by one or processors, information associated with the identified one or more components of the IT environment;
determining, by one or more processors, a listing of allowable change operations for the identified one or more components of the IT environment and in the change ticket based on the identified information associated with the identified one or more components of the IT environment;
identifying, by one or more processors, a user requested change operation; and
responsive to determining that the identified user requested change operation is included in the determined listing of allowable change operations for the identified one or more components of the IT environment and in the change ticket, executing, by one or more processors, the user requested change operation.

US Pat. No. 10,250,461

MIGRATING LEGACY NON-CLOUD APPLICATIONS INTO A CLOUD-COMPUTING ENVIRONMENT

International Business Ma...

1. A method for automatically migrating a legacy non-cloud application into a cloud-computing environment, the method comprising:receiving, by a processor of a cloud-management system of the cloud-computing environment, infrastructure information about a virtualized computing infrastructure of a legacy virtualized non-cloud computing environment,
where the infrastructure information is automatically identified by an infrastructure-discovery module hosted by the cloud-computing environment,
where the virtualized computing infrastructure comprises a first virtual machine, provisioned on a first physical computer, that hosts a first application, and
where the received infrastructure information comprises a characteristic of the first virtual machine; and
inserting, by the processor, a new entry into a service catalog of the cloud-computing environment
where the new entry is configured as a function of the received infrastructure information, of a characteristic of the cloud-computing environment, and of a characteristic of a virtual service required by the first application,
where the virtual service is a legacy application hosted on the legacy virtualized non-cloud computing environment, and
where the new entry comprises information associated with migrating the virtual service from the legacy virtualized non-cloud environment to the cloud-computing environment.

US Pat. No. 10,250,460

MULTIFUNCTIONAL PLATFORM SYSTEM WITH DEVICE MANAGEMENT MECHANISM AND METHOD OF OPERATION THEREOF

HP PRINTING KOREA CO., LT...

1. A platform management system, comprising:an agent host device, including:
a controller to implement a device smart agent of the agent host device to:
receive a management request to maintain and/or manage at least one device, the management request being other than a request for the at least one device to perform a primary device function of the at least one device,
calculate a projected resource usage for the agent host device, the projected resource usage reflecting a consumption of power and/or memory for an anticipated execution of the management request,
determine a performance degradation of a primary device function of the agent host device based on the projected resource usage,
determine a request type of the management request and generate an inter-device communication based on the request type of the management request, when the performance degradation is less than a performance degradation threshold value, and
generate a platform management response to notify a platform management unit that execution of the management request will degrade performance of the primary device function of the agent host device, when the performance degradation is not less than the performance degradation threshold value; and
a communication unit, comprising at least one electronic component, coupled to the controller, to transmit the inter-device communication from the device smart agent for receipt by a non-agent device or an agent enabled device and to transmit the platform management response to the platform management unit.

US Pat. No. 10,250,459

BANDWIDTH ON-DEMAND SERVICES IN MULTIPLE LAYER NETWORKS

Cisco Technology, Inc., ...

1. A method comprising:monitoring, by a stateful path computation element, bandwidth usage of an existing communication tunnel between a first network device and a second network device, wherein the existing communication tunnel operates in a first network layer;
determining, by the stateful path computation element, that additional bandwidth is required for communication between the first network device and the second network device;
determining, by the stateful path computation element, that providing the additional bandwidth would exceed available bandwidth of the existing communication tunnel; and
establishing the additional bandwidth through an additional communication tunnel between the first network device and the second network device, operating in a second network layer in parallel with the existing communication tunnel, via a Generalized Multiprotocol Label Switching (GMPLS) label-switched path, wherein establishing the GMPLS label-switched path comprises sending a first GMPLS signaling message to a third network device in the first network layer that is located at an ingress point in the second network layer.

US Pat. No. 10,250,458

DETERMINING SERVER UTILIZATION

MICROSOFT TECHNOLOGY LICE...

1. A method of determining server utilization for managing work and capacity across multiple servers, comprising:for a group of servers within a distributed cloud-computing network, selecting a server of the group of servers for monitoring;
determining a first weighted utilization factor based on a processor utilization and a first resource value of a processing device corresponding to the selected server, the processor utilization generated as a function of processor work and capacity;
determining a second weighted utilization factor based on a storage utilization and a second resource value of a storage device corresponding to the selected server, the storage utilization generated as a function of storage work and capacity;
calculating an aggregated server utilization factor based on the first weighted utilization factor and the second weighted utilization factor;
calculating an overall aggregated server utilization metric for the selected server based on the aggregated server utilization factor and a total resource value of the processing device and the storage device; and
allocating computing resources for a server of the group of servers within the distributed cloud-computing network based on the overall aggregated utilization metric of the selected server and utilization metrics calculated for the other servers.

US Pat. No. 10,250,456

OPERATIONAL MANAGEMENT IN CLOUD COMPUTING SYSTEMS

Microsoft Technology Lice...

1. A method of managing operations in a cloud computing system having one or more software applications deployed on one or more servers of the cloud computing system and configured to provide a cloud service, the method comprising:receiving, at a control server, data representing a guaranteed value of a performance metric of the cloud service according to a service level agreement and data representing an error budget associated with the performance metric;
deriving, at the control server, a switching threshold based on a combination of the received data representing the value of the performance metric and the error budget;
determining, at the control server, a current value of the performance metric of the cloud service provided by the cloud computing system;
determining whether the current value of the performance metric exceeds the derived switching threshold; and
in response to determining that the current value of the performance metric exceeds the switching threshold, with the control server, deploying one or more remedial packages to the one or more servers at which the software applications are deployed while disallowing submission, configuration, or deployment of any new build of the one or more software applications to any of the one or more servers in the cloud computing system, the remedial packages being configured to improve performance of the already deployed one or more software applications, thereby delivering the cloud service at or above the guaranteed value of the performance metric according to the service level agreement.

US Pat. No. 10,250,455

DEPLOYMENT AND MANAGEMENT OF TENANT SERVICES

Amazon Technologies, Inc....

1. A system, comprising:a host computer having a plurality of tenant services deployed thereto at a deployment time, and executing a tenant management service that is configured to:
receive a tenant configuration from a fleet management service that includes data defining processing requirements of the plurality of tenant services;
utilize the tenant configuration to identify first tenant services of the plurality of tenant services that are to be executed on the host computer at the deployment time, and
identify second tenant services of the plurality of tenant services that are not to be executed on the host computer at the deployment time;
cause at least one of the second tenant services not executing on the host computer to be executed on the host computer at a time subsequent to the deployment time, in response to receiving a command from the fleet management service, and in response to, at least in part, the processing requirements;
periodically provide status information to the fleet management service for tenant services executing on the host computer; and
receive a command from the fleet management service to terminate one or more of the tenant services executing on the host computer.

US Pat. No. 10,250,454

COMPRESSING TOPOLOGICAL INFORMATION PERTAINING TO MANAGED RESOURCES TO ENHANCE VISUALIZATION

International Business Ma...

1. In association with a managed system having a substantial number of resources included in a group of resources, a method comprising the steps of:selecting an attribute that is common to said group of resources, wherein each resource of said group of resources has a status in regard to said selected attribute that is one of a plurality of prespecified statuses available for said attribute;
compressing said group of resources into a set of subgroups, wherein each subgroup of said set of subgroups corresponds to a different prespecified status of said plurality of prespecified statuses, and each resource of said group of resources having a given status of the plurality of prespecified statuses is placed into a given subgroup of said set of subgroups corresponding to said given status;
representing each of said subgroups of said set of subgroups as a display element on a single computer display screen; and
displaying specified information with each display element that pertains to the resources in the subgroup represented by the display element, wherein:
the number of discrete display elements displayed on said display screen does not exceed a prespecified threshold, and the compressing step is performed responsive to a number of resources associated with a view generated for presentation exceeding the prespecified threshold.

US Pat. No. 10,250,453

SYSTEM FOR SUPPORTING A MULTI-TENANT DATA ARCHITECTURE

INTUIT INC., Mountain Vi...

1. A computer-implemented method comprising:receiving an authentication request from a user affiliated with a tenant, wherein each tenant in a set of tenants is associated with a separate database in a set of databases, and further wherein the authentication request includes an identifier corresponding to the tenant;
extracting the identifier from the authentication request;
retrieving a tenant-specific context from a hash table based on the identifier;
rendering a tenant-specific user interface to the user based on the identifier;
receiving an input from the user, wherein the input requires an operation to be performed on a database associated with the tenant in the set of databases;
obtaining, from the tenant-specific context, a tenant-agnostic service object that comprises:
a first set of class methods corresponding to a set of tenant-agnostic operations for performing on any of the set of databases; and
a tenant-specific data access object comprising a second set of class methods corresponding to a set of operations specific to the database associated with the tenant;
invoking, on the tenant-agnostic service object, a first class method from the first set of class methods;
invoking, on the tenant-specific data access object, a second class method from the second set of class methods, wherein the second class method corresponds to the first class method, and
performing the operation on the database based on the second class method.

US Pat. No. 10,250,452

PACKAGING TOOL FOR FIRST AND THIRD PARTY COMPONENT DEPLOYMENT

MICROSOFT TECHNOLOGY LICE...

1. A system for managing a cloud design, comprising:a processor and a memory storing thereon computer-executable instructions, the system communicatively coupled to a storage device storing a database of available cloud design components, where the available cloud design components comprise one or more of user resources, database resources, and feature resources, where the available cloud design components have a standard Interface, and where the available cloud design components are congruent with a descriptor language including standardized parameters for the available cloud design components,
the system being configured such that, when executed by the processor, the computer-executable instructions cause the system to:
cause a generation of a graphical user interface at a computing device that includes a listing of the available cloud design components;
receive, via the graphical user interface generated at the computing device, a selection of the available cloud design components for the cloud design; and
adjust performance of one or more of the selected components using the descriptor language to specify component parameters,
wherein a single cloud design comprising the available cloud design components is used to create a live environment for use and a test environment for development, and
wherein the listing of the available cloud design components comprises nested hierarchies of component groupings, where component parameters are maintained separately for each instance of a component in a hierarchy of the nested hierarchies of component groupings, allowing reuse of one or more of the available cloud design components in one or more cloud designs.

US Pat. No. 10,250,450

DISTRIBUTED NETWORK TROUBLESHOOTING USING SIMULTANEOUS MULTI-POINT PACKET CAPTURE

NICIRA, INC., Palo Alto,...

1. A method for performing a multi-point capture of packets in a network, the method comprising:identifying a plurality of nodes for the multi-point capture in the network;
configuring each node of the plurality of nodes to capture a set of packets by identifying a staggered start time by exchanging a number of packets with each node and computing a round-trip time for each node based on the exchanged packets for each node, wherein each node waits for the staggered start time before beginning a capture;
receiving a plurality of captured packet sets from the plurality of nodes; and
analyzing the plurality of captured packet sets.

US Pat. No. 10,250,449

METHOD AND MECHANISM FOR EFFICIENTLY MANAGING FLOWS

NICIRA, INC., Palo Alto,...

1. For a network controller that manages a flow-based managed forwarding element (MFE), a method comprising:maintaining a flow entry output table at the network controller, the flow entry output table comprising:
a first set of records for flow entries generated by the network controller for the MFE and determined to have a matching flow entry installed on the MFE that should be installed on the MFE;
a second set of records for flow entries generated by the network controller to be installed on the MFE but without a matching flow entry yet installed on the MFE; and
a third set of records for flow entries installed on the MFE but which the network controller has either (i) not generated for the MFE or (ii) indicated as flow entries to be removed from the MFE; and
using the first, second, and third sets of records of the flow entry output table to determine and rectify differences between the flow entries installed on the MFE and the flow entries that the network controller indicates should be installed on the MFE by directing the MFE to (i) install flow entries corresponding to the second set of records and (ii) remove flow entries corresponding to the third set of records.

US Pat. No. 10,250,448

METHOD OF COMMUNICATING INFORMATION BETWEEN NODES

KONINKLIJKE PHILIPS N.V.,...

1. A method of communicating information from a plurality of first nodes to a second node wherein each first node includes a wearable device including at least one of an accelerometer, a magnetometer, and a gyroscope configured to detect falls, and at least one processor and a transmitter and the second node is a base station including a transceiver, at least one processor, and a memory, the method comprising,during a discovery phase:
with the at least one first node processor of each of a plurality of wearable devices, adapting or amending a device name for each first node to include an indication of events at the first node, the events including at least a fall of a user wearing the wearable device;
with the base station, scanning an air interface to access each of the first nodes;
with each wearable device, transmitting the adapted or amended device name for each accessed wearable device corresponding to each of the events; with the base station, storing the adapted or amended device names corresponding to each event of each wearable device in the base station memory;
during a fall detection phase:
in response to one of the wearable devices detecting a fall, powering up the transmitter;
with the base station, periodically accessing wearable devices whose transmitter is powered up;
with the wearable device whose transmitter is powered up in response to being accessed by the base station, transmitting its adapted or amended name corresponding to a fall event;
with the base station, in response to receiving an adapted or amended device name, accessing the base station memory, determining whether the received adapted or amended name is indicative of a fall and in response to the adapted or determined device name is indicative of a fall, issuing a fall notification; and
powering down the transmitter of the wearable device until another event is detected.

US Pat. No. 10,250,447

SYSTEM AND METHOD FOR PROVIDING A U-SPACE ALIGNED KVM/ETHERNET MANAGEMENT SWITCH/SERIAL AGGREGATOR CONTROLLER

Dell Products, LP, Round...

1. A server rack comprising:a rack space including a plurality of rack units for receiving equipment;
an Internet Protocol-based (IP) keyboard-video-mouse (KVM)/Ethernet management switch (EMS)/serial aggregator; and
a plurality of management ports integrated with a power distribution unit of the server rack, wherein each management port is:
coupled to the aggregator;
uniquely associated by the aggregator with a single one of the rack units; and
collocated with the associated rack unit;
wherein the aggregator is operable to:
receive information from a first piece of equipment that is installed into a particular one of the rack units, wherein the information indicates a location of a first management port on the first piece of equipment; and
determine that the first piece of equipment is installed into the particular one of the rack units, based upon the information received from the first piece of equipment and upon the first management port being connected to a second management port of the plurality of management ports via a connector cable that has a length that is long enough to connect between the first management port and the second management port only when the first piece of equipment is adjacent to the particular rack unit, wherein the second management port is associated by the aggregator with the particular rack unit.

US Pat. No. 10,250,446

DISTRIBUTED POLICY STORE

Cisco Technology, Inc., ...

1. A computer-implemented method comprising:generating a plurality of policies based on a user intent statement;
identifying, among the plurality of policies, a set of policies applicable to a network entity;
storing the set of policies applicable to the network entity in a record for the network entity;
storing the record in a file in a distributed file system, wherein the file is associated with a file identifier and the record is stored at a location indicated by an offset; and
storing the file identifier and the offset in an entry for the network entity, wherein the entry is located in an index database separate from the distributed file system.

US Pat. No. 10,250,445

AUTOMATIC LOAD BALANCING OF SWITCHES IN A CLUSTER OF CONTROLLERS IN A SOFTWARE-DEFINED SWITCH NETWORK

Lenovo Enterprise Solutio...

1. A method, comprising:receiving a request to establish a connection from a switch residing in a switch network;
determining whether a network controlling device may establish the connection with the switch based on a load balancing policy for the network controlling device;
determining whether a central processing unit (CPU) requirement and a bandwidth utilization requirement of at least one switch port of the network controlling device exceeds a predetermined threshold;
in response to determining the network controlling device may not establish the connection, determining another network controlling device residing in the switch network for establishing the connection with the switch;
in response to determining that the CPU requirement and the bandwidth utilization requirement exceeds the predetermined threshold, selecting another network controlling device in the switch network; and
communicating, to the switch, a message identifying the other network controlling device for establishment of the connection with the switch.

US Pat. No. 10,250,443

USING PHYSICAL LOCATION TO MODIFY BEHAVIOR OF A DISTRIBUTED VIRTUAL NETWORK ELEMENT

NICIRA, INC., Palo Alto,...

1. For a logical forwarding element (LFE) spanning a plurality of physical locales and implemented by a plurality of managed forwarding elements (MFEs) at the plurality of physical locales, a method of configuring a set of MFEs at a particular locale that implement the LFE along with MFEs of at least one other physical locale, the method comprising:receiving a set of configuration data to define forwarding behaviors for the MFEs that implement the LFE that spans the plurality of physical locales;
using a locale identifier assigned to the particular physical locale to perform a filter operation that eliminates, from the received configuration data set, configuration data that is not applicable to the particular locale, in order to produce a modified configuration data set; and
using the modified configuration data set to configure the set of MFEs at the particular locale that implement the LFE that spans the plurality of physical locales, the modified configuration data set configuring the set of MFEs at the particular locale to have a set of forwarding behaviors that are custom specified for the particular locale and not implemented by the MFEs of at least one other locale.

US Pat. No. 10,250,441

NETWORK CONFIGURATION ACCESS

Hewlett Packard Enterpris...

1. A method for network configuration access, including:a network device joining a network management system (NMS);
searching, by the network management system (NMS) according to a type information of the network device, for a transport layer protocol which is supported by the network device in a transport layer architecture of a network configuration protocol (NETCONF) configuration framework of the NMS and definition information which the transport layer protocol is to use to implement a connection to the network device;
establishing a NETCONF session with the network device by using said transport layer protocol and said definition information;
during establishment of the NETCONF session, comparing a first NETCONF capability set which is obtained from the network device with a second NETCONF capability set that is supported by the NMS and is defined in a metadata definition file of the NETCONF configuration framework, and assigning an intersection of the first NETCONF capability set and the second NETCONF capability set, as an active capability set of the NETCONF session; and
performing, by the NMS, a network configuration access to the network device based on the active capability set of the NETCONF session.

US Pat. No. 10,250,440

MANAGING A GENERATION AND DELIVERY OF DIGITAL IDENTITY DOCUMENTS

International Business Ma...

1. A method of managing requests, the method comprising the steps of:providing a multipurpose messaging queue (MPMQ) as a cloud service located in a first computer accessible through a cloud;
receiving, by the MPMQ, a plurality of requests; and
for each given request included in the plurality of requests:
receiving, by the MPMQ, a specification of whether the given request is a standard request or a critical request based on whether the given request requires an action by a second computer of a third party to respond to the given request,
on condition that the received specification indicates that the given request is the critical request, adding, by the MPMQ, a first message to a critical queue of messages to be accessed by the second computer of the third party, with the first message including response information that is helpful to the second computer of the third party in responding to the given request corresponding to the first message, and
on condition that the received specification indicates that the given request is the standard request, adding, by the MPMQ, a first message to a standard queue of messages.

US Pat. No. 10,250,439

CONFIGURING NETWORK DEVICES

Comcast Cable Communicati...

1. A computing device comprising:one or more processors; and
memory storing instructions that, when executed by the one or more processors, cause the computing device to:
receive:
status information indicating network usage by a network device, and
an identifier of the network device;
determine, based on the status information, to temporarily alter a first communication parameter for a first communication port of the network device;
select, in response to determining to temporarily alter the first communication parameter, an updated communication parameter from a plurality of communication parameters based on the status information and based on the identifier of the network device; and
transmit the updated communication parameter to the network device, wherein the updated communication parameter causes alteration of the first communication port while leaving unchanged a second communication port of the network device.

US Pat. No. 10,250,438

CLOUD BASED DRIVE MONITORING SOLUTION

Rockwell Automation Techn...

1. An apparatus to monitor industrial devices of an industrial facility, comprising:a memory to store program instructions and data; and
a processor configured to execute the program instructions stored in the memory to:
monitor a parameter in a parameters archive received from the industrial devices,
store the parameter in the memory,
collect data indicative of a past state of the industrial devices from the memory according a manifest specific to the industrial facility,
subsequent to the data collection, send the collected data to a cloud platform according to the manifest, and
dynamically reconfigure the processor without interrupting the data collection and sending.

US Pat. No. 10,250,436

APPLYING FRAMING RULES FOR A HIGH SPEED DATA LINK

Intel Corporation, Santa...

1. A physical layer circuit apparatus to process an error in a data packet, the physical layer circuit apparatus comprising:a receiver to receive a data packet from across a multilayer data Link, the data packet comprising a received Framing Token;
logic circuitry to detect an error in a received Symbol of the received Framing Token;
logic circuitry to identify a known Framing Token based on one or more other received Symbols associated with the received Framing Token;
logic circuitry to validate the identified known Framing Token by comparing a received Symbol of the received Framing Token with a corresponding Symbol of the known Framing Token.

US Pat. No. 10,250,435

SYSTEM AND METHOD FOR INTELLIGENT DISCOVERY AND RESCUE OF DEVICES IN AN INTERNET-OF-THINGS NETWORK

Dell Products, LP, Round...

1. A method, comprising:establishing a first communication path between a first Internet-of-things (IoT) device and a monitor system via a gateway device;
determining, by the monitor system, that the gateway device has failed and that the first communication path has been interrupted;
determining, by the monitor system, that a first communication device is within communications range of the first IoT device, wherein determining that the first communication device is within communication range of the first IoT device further comprises:
determining a location of the first IoT device;
selecting the first communication device based upon the location of the first IoT device;
broadcasting the location of the first IoT device to a plurality of communication devices, the plurality of communication devices including the first communication device;
determining, by the first communication device, that the first communication device is within communication range of the first IoT device in response to receiving the location of the first IoT device; and
responding, by the first communication device, to the monitor system that the first communication device is within communication range of the first IoT device wherein selecting the first communication device is in response to the first communication device responding to the monitor system; and
directing the first communication device to establish a second communication path between the first IoT device and the monitor system via the first communication device in response to determining that the first communication device is within communications range of the first IoT device.

US Pat. No. 10,250,434

ELECTRONIC CONTROL APPARATUS

DENSO CORPORATION, Kariy...

1. An electronic control apparatus that is communicable with at least one external device through a communication line and at least receives a communication request from the at least one external device, the communication request including identification information indicating a reception destination and resource information indicating a resource, the electronic control apparatus comprising:a plurality of control portions;
a plurality of resources that individually correspond to each of the control portions, each of the control portions recognizing the communication request including common identification information as the communication request to a corresponding control portion of the control portions;
linking information that links the resources individually corresponding to each of the control portions with respect to the control portions without individually overlapping;
a communication propriety determination portion that determines a communication propriety with the at least one external device corresponding to the communication request, based on the resource information included in the communication request and the linking information in receiving the communication request; and
a communication portion that responds to the communication request and communicates with the at least one external device when the communication propriety determination portion determines that communication is permitted,
wherein:
the communication propriety determination portion determines that the communication with the at least one external device is permitted when the resource information included in the communication request indicates the resource linked with the corresponding control portion; and
the communication propriety determination portion determines that the communication with the at least one external device is not permitted when the resource information included in the communication request does not indicate the resource linked with the corresponding control portion.

US Pat. No. 10,250,433

METHOD AND SYSTEM FOR PEER-TO-PEER OPERATION OF MULTIPLE RECORDING DEVICES

WatchGuard, Inc., Allen,...

1. A method comprising, by a particular recording device in a peer-to-peer recording system comprising a plurality of networked recording devices:receiving a first status message from a first recording device of the plurality of networked recording devices, wherein the first status message comprises:
an indicator of a decision by the first recording device to initiate a first recording; and
a first recording identifier that is specific to the first recording;
determining to initiate a second recording on the particular recording device based, at least in part, on the first status message and configuration settings stored in memory on the particular recording device, wherein the configuration settings comprise a parameter related to whether the particular recording device will participate in group event recording;
initiating a second recording on the particular recording device responsive to the determining;
creating a second recording identifier that is specific to the second recording;
storing information related to the first recording identifier and the second recording identifier in a metadata file for the second recording; and
transmitting a second status message for receipt by other recording devices of the plurality of networked recording devices, the second status message comprising:
an indicator of a decision by the particular recording device to initiate the second recording; and
the second recording identifier.

US Pat. No. 10,250,432

SUPPLYING APPLICATIONS TO MOBILE DEVICES

Open Text SA ULC, Halifa...

1. A method, comprising:requesting, by a mobile device having a processor, a memory, and a display screen, an application from a server computer over a network connection;
receiving, by the mobile device, objects for a page of the application from the server computer, the objects representing a hierarchy of nested elements within the page of the application, wherein each object of the objects corresponds to an element within the page of the application and contains:
data for the page of the application,
an identification of its position within the hierarchy of nested elements within the page of the application, and
an identification of its element type;
receiving, by the mobile device, the layout data for the element types corresponding to the objects for the page of the application received from the server computer, wherein the layout data contains layouts, each layout of the layouts corresponding to an element type of the element types;
processing, by the mobile device, the objects according to the layout data for the element types corresponding to the objects, processing of the objects and the layout data for the page of the application includes:
determining, by the mobile device for each object of the objects, an element type based on the identification of element type contained in the each object and a layout type corresponding to the element type for the each object;
formatting the each object according to the layout type for the each object; and
placing the each object of the objects in accordance with the identification of its position within the hierarchy of nested elements to produce the page of the application; and
displaying, by the mobile device, the page of the application on the display screen, the page of the application displayed on the display screen independently of network connectivity of the mobile device.

US Pat. No. 10,250,430

TRANSMISSION AND RECEIVING METHOD IN A WIRELESS COMMUNICATION SYSTEM

Huawei Technologies Co., ...

1. A transmission method in a wireless communication system, comprising:selecting, by the wireless communication system, K data streams for transmission from a set of Z>K data streams based on a channel quality of a radio channel, wherein each data stream comprises one or more data messages;
for k-th data stream, wherein k=0, . . . , K?1:
encoding and modulating, by the wireless communication system, the one or more data messages of the k-th data stream using a Trellis Coded Modulation (TCM) scheme, TCMk, to generate one or more processed data messages;
interleaving, by the wireless communication system, the one or more processed data messages of the k-th data stream using a stream specific interleaver ?k; and
scrambling, by the wireless communication system, the interleaved one or more processed data messages of the k-th data stream using a stream specific scrambling sequence, wherein coefficients of the scrambling sequence for K=2 maximize a minimum Euclidean distance of the symbols of a signal constellation subject to symbol power constraint, wherein the coefficients of the scrambling sequence for K?{3,4,5}, are uniformly phase spaced in [0,
where ? is a constant dependent on the TCMk, and wherein the coefficients of the scrambling sequence for K?6, are coefficients of a complex pseudo-random sequence;combining, by the wireless communication system, scrambled data messages of the K data streams into at least one transmission signal s(l); and
transmitting, by the wireless communication system, the at least one transmission signal s(l) over the radio channel of the wireless communication system.

US Pat. No. 10,250,428

TRANSMITTER AND RECEIVER AND METHODS OF TRANSMITTING AND RECEIVING

Sony Corporation, Tokyo ...

1. A transmitter for transmitting payload data using Orthogonal Frequency Division Multiplexed (OFDM) symbols, the transmitter comprising:a frame builder circuit configured to receive the payload data to be transmitted and to receive signalling data for use in detecting and recovering the payload data at a receiver, and to form the payload data into data-units for transmission;
a modulator configured to modulate a plurality of sub-carriers of one or more OFDM symbols with the signalling data and the payload data in accordance with a modulation scheme to provide for each of the plurality of sub-carriers a modulation symbol;
a prefixing circuit configured to prefix a guard interval to the one or more OFDM symbols;
a transmission circuit configured to transmit the one or more OFDM symbols, wherein the modulator includes an I/Q interleaver, which is configured to receive real and imaginary components of the modulation symbol for each of the one or more sub-carriers of the one or more OFDM symbols and to interleave the real component of the modulation symbols differently to the imaginary component, at least one of the real components of the modulation symbols or the imaginary components of the modulation symbols being interleaved in time; and
a transforming circuit that includes an I/Q re-combiner configured to recombine signal samples representing one or both of the real or imaginary components into the modulation symbols for transmission, wherein the frequency interleaved real component of the modulation symbols is recombined with the imaginary component to form modulation cells for mapping onto resource elements of the one or more OFDM symbols to carry the signalling data and payload data.

US Pat. No. 10,250,427

RECEIVER, FRAME SYNCHRONIZATION METHOD, TRANSMITTER, TRANSMISSION METHOD, AND PROGRAM

Sony Semiconductor Soluti...

1. A receiver, comprising:a reception unit that receives signals of a frame having a preamble including a frame detection signal sequence, formed by a repetition of one type of known signal sequence of a first length, arranged in a head thereof and a frame synchronization signal sequence, formed by the one type of known signal sequence of a first length or an inverse sequence thereof, arranged subsequent to the frame detection signal sequence;
a convolution arithmetic operation unit that performs a convolution arithmetic operation of a known correlation sequence of a second length determined on the basis of a peak value of cross-correlation between the signal sequence and the frame synchronization signal sequence in the preamble and cross-correlation between a received signal sequence and the frame synchronization signal sequence at a time preceding a predetermined time by a period of time corresponding to a product of an integer greater than or equal to zero and less than a value representing the second length and a value representing the first length; and
a synchronization unit that ensures synchronization of the frame while regarding the predetermined time when a value more than or equal to a threshold value or a maximum value is obtained as a result of the convolution arithmetic operation as a reception time of a last signal sequence that forms the frame synchronization signal sequence.

US Pat. No. 10,250,425

RECEIVER AND RECEIVING METHOD FOR HIERARCHICAL MODULATION IN SINGLE FREQUENCY NETWORKS

SONY CORPORATION, Tokyo ...

1. A receiver, comprising:circuitry configured to receive and recover an Orthogonal Frequency Division Multiplexed (OFDM) signal comprising OFDM symbols representing a first physical layer pipe in the presence of a second physical layer pipe modulated onto subcarriers of an OFDM symbol, the first physical layer pipe comprising first modulation symbols that are more easily recovered than second modulation symbols of the second physical layer pipe due to the first modulation symbols requiring a lower signal to noise ratio for recovery than the second modulation symbols; and
OFDM detector circuitry configured to
recover the first modulation symbols from the first physical layer pipe;
regenerate an estimate of a component of the first physical layer pipe in the received OFDM signal;
subtract the estimate from the OFDM symbol; and
recover the second modulation symbols from the second physical layer pipe,
wherein the received OFDM signal includes OFDM symbols which include both of the first physical layer pipe and the second physical layer pipe, and
wherein the received OFDM signal comprises frames of OFDM symbols.

US Pat. No. 10,250,421

BROADCAST SIGNAL TRANSMISSION DEVICE, BROADCAST SIGNAL RECEPTION DEVICE, BROADCAST SIGNAL TRANSMISSION METHOD, AND BROADCAST SIGNAL RECEPTION METHOD

LG ELECTRONICS INC., Seo...

1. A method of transmitting broadcast data in a broadcast transmitter, the method comprising:encoding service components for a broadcast service;
interleaving the encoded service components;
building at least one signal frame including the interleaved service components;
modulating data in the built at least one signal frame by an Orthogonal Frequency Division Multiplex (OFDM) scheme; and
transmitting a broadcast signal including the modulated data through a first delivery path,
wherein the at least one signal frame further includes first signaling information for a fast service acquisition and second signaling information for acquisition of the service components,
wherein the first signaling information includes first service identification information for identifying the broadcast service, status information for indicating whether the broadcast service is hidden, channel information of the broadcast service, service category information for indicating a type of the broadcast service, and bootstrapping information for access of the second signaling information, and
wherein the second signaling information includes second service identification information for identifying the broadcast service and information to support service continuity of the broadcast service in handoff from the first delivery path to a second delivery path due to degradation of the broadcast signal.

US Pat. No. 10,250,420

METHOD AND APPARATUS FOR RECEPTION OF CONTROL SIGNALING

Motorola Mobility LLC, C...

1. A method in a device, the method comprising:monitoring in a first subframe, a first set of a first number of control channel blind decoding candidates at an aggregation level for a control channel transmission in the first subframe starting from a first orthogonal frequency division multiplexing symbol position in the first subframe;
monitoring in the first subframe, a second set of a second number of control channel blind decoding candidates at the aggregation level for a control channel transmission in the first subframe starting from a second orthogonal frequency division multiplexing symbol position in the first subframe;
decoding downlink control information intended for the device from a candidate in the second set of the second number of control channel blind decoding candidates; and
monitoring in a second subframe, a third set of a third number of control channel blind decoding candidates at the aggregation level for a control channel transmission in the second subframe starting only from a first orthogonal frequency division multiplexing symbol position in the second subframe in response to the downlink control information intended for the device being successfully decoded from a candidate in the second set of the second number of control channel blind decoding candidates,
wherein the third number of control channel blind decoding candidates is greater than the first number of control channel blind decoding candidates and is greater than the second number of control channel blind decoding candidates, and
wherein the first orthogonal frequency division multiplexing symbol position in the first subframe is the same position as the first orthogonal frequency division multiplexing symbol position in the second subframe.

US Pat. No. 10,250,419

DATA TRANSMISSION BETWEEN ASYCHRONOUS ENVIRONMENTS

Advanced Micro Devices, I...

1. A method of providing signals across a first electrical domain and a second electrical domain, the method comprising:outputting a data element from a first electronic element to a second electronic element via at least two duplicate electrical paths, the first and the second electrical domains differing by at least one of: voltage and clock frequency, wherein the first electrical domain transmits data of the data element to the second electrical domain over a selected electrical path of the at least two duplicate electrical paths, the selected electrical path being selected from the at least two duplicate electrical paths in round robin fashion, wherein the data of the data element arrives at the second electronic element in a same order that the data of the data element is outputted from the first electronic element; and
changing the selected electrical path in the round robin fashion with each clock cycle.

US Pat. No. 10,250,417

SERIAL LINK ADAPTIVE EQUALIZATION USING TRACK AND HOLD CIRCUITS

QUALCOMM Incorporated, S...

1. An apparatus comprising:a first stage track and hold circuit configured to subsample a receive equalizer output of a receive equalizer;
a second stage track and hold circuit coupled to the first stage track and hold circuit, the second stage track and hold circuit configured to generate (a) a first signal representative of an average voltage value of a logical value at the receive equalizer output when a high frequency (HF) bit pattern is detected, and (b) a second signal representative of an average voltage value of the logical value at the receive equalizer output when a steady state bit pattern is detected;
a comparator circuit configured to generate a comparator output signal that indicates which of the first signal and the second signal has a greater magnitude; and
a processing circuit that generates at least one equalizer tuning signal based on the comparator output signal, the equalizer tuning signal configured to adjust one or more parameters of an equalizer that affects the receive equalizer output.

US Pat. No. 10,250,413

FACILITY SYSTEM

JTEKT CORPORATION, Osaka...

1. A facility system comprising:a first processing machine and a second processing machine that each include a machine body and a control device that controls operation of the machine body;
a first lower-level network and a second lower-level network connected to the first processing machine and the second processing machine, respectively;
a first gateway programmable logic controller connected to the first processing machine via the first lower-level network;
a second gateway programmable logic controller connected to the second processing machine via the second lower-level network; and
an upper-level network that connects between the first gateway programmable logic controller and the second gateway programmable logic controller, wherein:
the control device controls operation that is executable by the machine body alone; and
the first gateway programmable logic controller is a gateway that connects between the first lower-level network and the upper-level network and the second gateway programmable logic controller is a gateway that connects between the second lower-level network and the upper-level network, and
the first gateway programmable logic controller and the second gateway programmable logic controller control operation mutually associated between the first processing machine and the second processing machine on the basis of mutually associated information acquired from the first processing machine and the second processing machine.

US Pat. No. 10,250,412

SYSTEM AND METHOD FOR ROUTING CALLS ASSOCIATED WITH PRIVATE DIALING PLANS

Level 3 Communications, L...

1. A method for establishing a call associated with a private dialing plan, the method comprising:receiving a call directed to a destination endpoint associated with a private dialing plan (PDP);
requesting an internal egress path identifier;
receiving, in response to the requesting, an internal egress path identifier associated with the destination endpoint, wherein receiving the internal egress path identifier comprises receiving a message comprising the internal egress path identifier and a PDP telephone number;
determining, based on parameters of a call signature for the call, that the message was received on a PDP-enabled trunk that is dedicated to call resolution;
determining, based on the message being received on the PDP-enabled trunk that is dedicated to call resolution, that the PDP telephone number should be ignored; and
routing the call to an egress path identified by the egress path identifier.

US Pat. No. 10,250,411

MESSAGE PROCESSING METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A method for message processing in an optical network termination (ONT), the method comprising:receiving, by the ONT, an uplink frame, wherein the ONT comprises a virtual local area network (VLAN) tagging operation configuration data managed entity (ME) with a VLAN tagging operation table, each entry of the VLAN tagging operation table comprises a group of operation value fields and a group of filter value fields including an outer layer VLAN priority filter value, an outer layer VLAN identifier (VID) filter value, an inner layer VLAN priority filter value and an inner layer VID filter value,
wherein the outer layer VLAN priority filter value is between 0 and 7, the outer layer VID filter value is between 0 and 4094, the inner layer VLAN priority filter value is between 0 and 7, the inner layer VID filter value is between 0 and 4094, and
wherein the operation value fields comprises an inner layer VID operation value and an outer layer VID operation value, the inner layer VID operation value being 4096 indicates to copy an outer layer VID to an inner layer VID of an received uplink frame, and the outer layer VID operation value being 4096 indicates to copy the inner layer VID to the outer layer VID of the received uplink frame;
filtering, by the ONT, the received uplink frame according to a characteristic value of the received uplink frame by the use of at least one of the outer layer VLAN priority filter value, the outer layer VID filter value, the inner layer VLAN priority filter value or the inner layer VID filter value in an entry of the VLAN tagging operation table; and
performing, by the ONT, a VLAN tagging operation for the filtered uplink frame by use of the operation value fields in the entry of the VLAN tagging operation table.

US Pat. No. 10,250,410

PACKET PROCESSING METHOD AND DEVICE

HUAWEI TECHNOLOGIES CO., ...

1. A packet processing method, comprising:receiving, by an aggregation gateway, a first tunnel establishment request message sent by a home gateway, wherein the first tunnel establishment request message is used to request for establishing a first tunnel, and comprises a first address, wherein a first source address of the first tunnel is the first address, and a destination address of the first tunnel is an address of the aggregation gateway, and wherein the first address is an address of the home gateway on a first access network;
sending, by the aggregation gateway, a first tunnel establishment success message to the home gateway in response to the first tunnel establishment request message;
receiving, by the aggregation gateway, a second tunnel establishment request message sent by the home gateway, wherein the second tunnel establishment request message is used to request for establishing a second tunnel, and comprises a second address, wherein a second source address of the second tunnel is the second address, and a destination address of the second tunnel is the address of the aggregation gateway, and wherein the second address is an address of the home gateway on a second access network;
sending, by the aggregation gateway, a second tunnel establishment success message to the home gateway in response to the second tunnel establishment request message;
associating, by the aggregation gateway, the first tunnel with the second tunnel;
performing, by the aggregation gateway, Generic Routing Encapsulation (GRE) for a downlink data packet to obtain a downlink GRE packet, wherein the downlink GRE packet comprises a downlink serial number that is used to indicate a sequence in which the aggregation gateway sends the downlink GRE packet; and
sending, by the aggregation gateway, the downlink GRE packet to the home gateway by using the first tunnel and/or the second tunnel.

US Pat. No. 10,250,409

RECONFIGURABLE DATA DISTRIBUTION SYSTEM

Synexxus, Inc., Arlingto...

1. A reconfigurable data distribution system, comprising:a stream generator implemented at least in part in hardware, configured to:
generate first data packets encapsulating first data received from a first sensor of a plurality of sensors and second data packets encapsulating second data received from a second sensor of the plurality of sensors, wherein the first sensor is configured to operate on a first vendor platform and the second sensor is configured to operate on a second vendor platform;
a processor coupled to a memory having instructions stored thereon that when executed by the processor, causes the processor to:
create a composite image for output to a display by embedding the first data into the second data, wherein the composite image simultaneously displays the first data and the second data; and
control, using operational information comprising one or more control values, the plurality of sensors based at least in part on analyzing the first data or the second data.

US Pat. No. 10,250,408

COMMUNICATION DEVICE

DENSO CORPORATION, Kariy...

1. A communication device comprising:a plurality of controllers;
a plurality of buses that transmit transmission information input to and output from the plurality of controllers; and
a gateway connected collectively to the plurality of buses and instructing at least one of the plurality of controllers to use a specific one or more of the plurality of buses for a transmission of the transmission information, wherein
the plurality of controllers has a pattern table that defines a bus pattern of specifying at least which one of the plurality of buses is to be used for the transmission of the transmission information, and for an input and an output of the transmission information to or from the plurality of controllers, according to the defined bus pattern,
the plurality of controllers is connected to at least two of the plurality of buses, and outputs check information to the gateway to confirm connection via all of the connected buses, and
the gateway determines an interrupted bus from which the check information is withheld, and outputs to at least one of the plurality of controllers a route switch instruction that instructs a use of the pattern table that defines the bus pattern that is without the interrupted bus.

US Pat. No. 10,250,407

COMMUNICATION SYSTEM USING RING NETWORK

Honda Motor Co., Ltd., T...

1. A communication system having a plurality of nodes communicably connected via a ring network,wherein each of at least two of the nodes comprises:
a central processing unit (CPU) comprising:
a software-operated data generator that executes arithmetic processing using software to generate ordinary transmission data and interrupt transmission data to be transmitted to another node; and
a software-operated controller that executes arithmetic processing using software to control hardware serving as a control target; and
a network controller separate from the CPU and implemented by hardware, the network controller comprising:
an ordinary packet send-out block that generates and sends out an ordinary transmission packet containing the ordinary transmission data generated by the software-operated data generator and having a header and a trailer;
an interrupt packet send-out block that generates and sends out an interrupt transmission packet containing the interrupt transmission data generated by the software-operated data generator and having a header and a trailer;
a packet distributor that receives an ordinary packet and an interrupt packet transmitted from another node as an ordinary input packet and an interrupt input packet, respectively, and distributes the received ordinary input packet and interrupt input packet, the ordinary packet containing ordinary data and having a header and a trailer and the interrupt packet containing interrupt data and having a header and a trailer;
an ordinary packet relay block that sends out the ordinary input packet distributed from the packet distributor when a destination of the ordinary input packet is not the own node, to relay the ordinary input packet;
an interrupt packet relay block that sends out the interrupt input packet distributed from the packet distributor when a destination of the interrupt input packet is not the own node, to relay the interrupt input packet;
an output switching unit that receives the interrupt transmission packet, the interrupt input packet, the ordinary transmission packet, and the ordinary input packet, and outputs the received interrupt transmission packet, interrupt input packet, ordinary transmission packet, and ordinary input packet as output packets in such a manner that the interrupt transmission packet and the interrupt input packet are output more preferentially than the ordinary transmission packet and the ordinary input packet;
an ordinary packet accepting block that accepts the ordinary input packet distributed from the packet distributor when the destination of the ordinary input packet is the own node; and
an interrupt packet accepting block that accepts the interrupt input packet distributed from the packet distributor when the destination of the interrupt input packet is the own node and, based on the interrupt data contained in the accepted interrupt input packet, outputs a hardware control signal to the hardware serving as the control target or other hardware associated with the own node such that the hardware serving as the control target or the other hardware is directly controlled based on the hardware control signal without via the software-operated controller,
wherein the software-operated controller executes arithmetic processing based on the ordinary data contained in the ordinary input packet accepted by the ordinary packet accepting block,
wherein when the output switching unit receives an interrupt packet, which is the interrupt transmission packet or the interrupt input packet, while the output switching unit is outputting an ordinary packet, which is the ordinary transmission packet or the ordinary input packet, the output switching unit outputs the received interrupt packet by embedding the received interrupt packet into the ordinary packet that is being output at a position between the header and the trailer of the ordinary packet,
and wherein when the ordinary input packet transmitted from the other node contains an interrupt packet embedded therein, the packet distributor extracts the interrupt packet and distributes the extracted interrupt packet as an interrupt input packet.

US Pat. No. 10,250,406

COMMUNICATION SYSTEM FOR ALLOWING ONE OF MULTIPLE NODES CONNECTED VIA A NETWORK TO CONTROL HARDWARE OF ANOTHER NODE BY TRANSMITTING INTERRUPT DATA

Honda Motor Co., Ltd., T...

1. A communication system having a plurality of nodes communicably connected via a network,wherein each of the plurality of the nodes comprises:
a central processing unit (CPU) comprising:
a software-operated data generator that executes arithmetic processing using software to generate transmission data to be transmitted to another node; and
a software-operated controller that executes arithmetic processing using software to control hardware serving as a control target; and
a network controller separate from the CPU and implemented by hardware, the network controller comprising:
a data transmission unit that sends out the transmission data;
a data accepting unit that accepts data transmitted from another node, wherein the software-operated controller of the CPU executes the arithmetic processing using software based on at least the data accepted by the data accepting unit to control the hardware serving as the control target; and
an interrupt accepting unit that accepts interrupt data generated by another node and, based on the accepted interrupt data, outputs a hardware control signal to the hardware serving as the control target or other hardware associated with the node to directly control the hardware serving as the control target or the other hardware based on the hardware control signal without processing by the software-operated controller,
wherein the hardware serving as the control target is separate from the CPU and the network controller, and the other hardware is separate from the CPU,
wherein the network includes a ring network in which the plurality of nodes are communicably connected in a ring fashion so that each node sends data in one direction along the ring,
and wherein each of the plurality of nodes further comprises:
a data relay unit that sends out data received from an upstream side of the network to relay the data; and
a data output switching unit that switchably outputs one of the data sent out from the data relay unit and the data sent out from the data transmission unit toward another node,
wherein the other hardware associated with the node includes the data output switching unit,
wherein when the interrupt data generated by the other node is a bypass command, the interrupt accepting unit is configured to output the hardware control signal to the data output switching unit, and
wherein the data output switching unit is configured to output, in response to the hardware control signal corresponding to the bypass command, the data sent out from the data relay unit.

US Pat. No. 10,250,405

ADVERTISEMENT MANAGEMENT OF INTERNET COMMUNICATION WITH DEVICES ON A MOBILE PLATFORM

1. A system comprising:a networking device,
a storage, and
a proxy server,
wherein the proxy server is configured to identify a first group of contents from first data received from a content server, to modify the first data to generate second data by replacing the first group of contents with labels, and to transmit the second data to the networking device;
wherein the networking device is configured to read the labels in the second data, to request contents from the storage based on the labels, to replace the labels with the contents received from the storage to generate third data, to transmit the third data to a mobile device;
wherein the first group of contents comprise media data.

US Pat. No. 10,250,402

COMMUNICATION METHOD AND STORAGE MEDIUM STORING COMMUNICATION PROGRAM

Brother Kogyo Kabushiki K...

1. A communication method for performing communication among a plurality of conference servers, a management server, and a plurality of clients, the communication method comprising:transmitting a change request from a first conference server to the management server, the first conference server being connected with each of a plurality of particular clients for controlling a particular conference room in which the plurality of particular clients participate, the change request being a request for changing the first conference server to another conference server;
in response to receiving the change request, determining, by the management server, that a second conference server is a conference server that controls the particular conference room after the first conference server;
transmitting an ID identifying the second conference server from the management server to the first conference server;
in response to receiving the ID, transmitting a control request from the first conference server to the second conference server based on the ID, the control request being for controlling the particular conference room;
performing communication between the second conference server and the management server to confirm, by the management server, whether the second conference server is permitted to control the particular conference room;
when the second conference server is permitted to control the particular conference room, performing an initialization processing by the second conference server to control the particular conference room;
transmitting a completion notification of the initialization processing from the second conference server to the first conference server;
transmitting a change instruction from the first conference server to each of the plurality of particular clients, the change instruction being an instruction for connecting with the second conference server to perform the particular conference room through the second conference server;
connecting each of the plurality of particular clients with the second conference server;
after connecting all of the plurality of particular clients with the second conference server, disconnecting connection between each of the plurality of particular clients and the first conference server;
receiving, by the first conference server, a participation request from another client other than the plurality of particular clients in a period from when the ID is transmitted to the first conference server until connection between each of the plurality of particular clients and the first conference server is disconnected, the participation request being a request for participating in the particular conference room; and
in response to receiving the participation request, connecting the other client with the second conference server.

US Pat. No. 10,250,400

APPARATUS FOR TRANSMITTING BROADCAST SIGNALS, APPARATUS FOR RECEIVING BROADCAST SIGNALS, METHOD FOR TRANSMITTING BROADCAST SIGNALS AND METHOD FOR RECEIVING BROADCAST SIGNALS

LG ELECTRONICS INC., Seo...

1. A method for transmitting broadcast signals by an apparatus for transmitting broadcast signals, the method comprising:encoding Data Pipe (DP) data;
bit interleaving the DP data;
mapping the DP data onto constellations;
time interleaving the DP data;
building a signal frame including the DP data;
modulating data in the built signal frame by an Orthogonal Frequency Division Multiplex (OFDM) scheme, wherein the signal frame includes one of a first edge OFDM symbol preceding data OFDM symbols including the DP data or a second edge OFDM symbol following the data OFDM symbols;
inserting a preamble at a beginning of the built signal frame, wherein the preamble is generated by multiplying a sequence corresponding to signaling information with a Zadoff-Chu sequence, subcarrier allocating the multiplied sequence and Inverse Fast Fourier Transforming (IFFT) the allocated sequence separately from the modulated data in the built signal frame; and
transmitting the broadcast signals having the preamble and the data.

US Pat. No. 10,250,399

MULTICAST ROUTING

CISCO TECHNOLOGY, INC., ...

1. A method for multicast packet forwarding in a network comprising a plurality of line cards and at least one fabric module, where the at least one fabric module is communicatively coupled with each line card, the method comprising:receiving an identification of a multicast route;
identifying, from the plurality of line cards, an ingress line card and one or more egress line cards for the multicast route;
asymmetrically programming a network layer multicast route entry for the multicast route on a sub-set of the plurality of line cards, the sub-set comprising only the ingress line card and the one or more egress line cards identified for the multicast route for which the identification was received; and
programming a data link layer multicast route entry for the multicast route on the at least one fabric module after the ingress line card provides a notification regarding creation of a new network layer multicast entry, the notification being a replicate of the data link layer multicast route entry.

US Pat. No. 10,250,396

SECURE KEY STORAGE SYSTEMS, METHODS AND APPARATUSES

1. An apparatus, comprising:a first non-volatile storage for storing a root private key of a certificate authority for signing digital certificates;
an input device for receiving manual input from an operator;
a communication interface consisting of a one-way transmitter for transmitting information from the apparatus to an intermediate device; and
a processor configured to:
retrieve the root private key from the first non-volatile storage;
receive information in the manual input for a new digital certificate through the input device;
generate the new digital certificate according to the received information;
sign the new digital certificate using the root private key; and
transmit the new digital certificate from the apparatus to one or more client devices via the intermediate device using the one-way transmitter, wherein the apparatus is inaccessible to the one or more client devices.

US Pat. No. 10,250,393

AUTOMATIC E-SIGNATURES IN RESPONSE TO CONDITIONS AND/OR EVENTS

Adobe Inc., San Jose, CA...

1. An electronic signature method implemented at an electronic signature application server device, the method comprising:receiving, by the electronic signature application server device, from a document sender device that is associated with a document sender, a document containing a variable document term that can be modified by a document recipient, wherein the document is received from the document sender device via a network;
receiving, by the electronic signature application server device, a condition on the variable document term;
defining, by the electronic signature application server device, a recipient's signature block at a first location in the document that is configured to receive a signature of the document recipient;
defining, by the electronic signature application server device, an automatic signature block at a second location in the document that is configured to receive an automatically generated electronic signature authorized by the document sender;
sending the document from the electronic signature application server device, via the network, to a document recipient device that is associated with the document recipient;
receiving, by the electronic signature application server device, from the document recipient device, the document including the variable document term, wherein the document received from the document recipient device includes the signature of the document recipient positioned in the recipient's signature block, and wherein the document is received from the document recipient device via the network;
making a determination, by the electronic signature application server device, that the variable document term received from the document recipient device satisfies the condition; and
in response to making the determination, applying, by the electronic signature application server device, the automatically generated electronic signature to the automatic signature block without user intervention.

US Pat. No. 10,250,391

COMMUNICATION APPARATUS, METHOD OF CONTROLLING THE SAME, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. A control method for controlling a communication apparatus having an internet fax transmitting mode for transmitting image data of Tag Image File Format (TIFF) using electronic mail, the control method comprising the steps of:setting a first email address of the communication apparatus to a From field of a header of electronic mail data;
setting a second email address of a login user who logs in to the communication apparatus to a Sender field of the header of the electronic mail data;
generating a first electronic signature using the first email address set in the From field;
generating a second electronic signature using the second email address set in the Sender field;
adding to the electronic mail data including the image data of the TIFF, the first electronic signature and the second electronic signature; and
transmitting, in the internet fax transmitting mode, the image data of the TIFF as the electronic mail data to which the first electronic signature and the second electronic signature are added.

US Pat. No. 10,250,388

METHODS, NETWORKS AND NODES FOR DYNAMICALLY ESTABLISHING ENCRYPTED COMMUNICATIONS

1. A method of establishing secure communications for control messages between routers in a communication network, the method comprising:transmitting a first message from a first router, said first message including an Internet Protocol (IP) address of the first router;
upon receiving said first message at a second router, generating a first portion of a symmetric key and a second message including the first portion of the symmetric key;
signing the second message based on a preloaded first private key associated with said second router;
encrypting the second message using identity-based encryption with the IP address of the first router as the public key;
transmitting the second message from said second router, said second message including said first portion of said symmetric key and an IP address of the second router;
upon receiving said second message at said first router, generating a second portion of said symmetric key and a third message including the second portion of the symmetric key;
signing the third message based on a preloaded second private key associated with said first router;
encrypting the third message using identity-based encryption with the IP address of the second router as the public key;
transmitting the third message from said first router, said third message including said second portion of said symmetric key; and
at the first and second routers, generating said symmetric key from said first portion of said symmetric key and said second portion of said symmetric key, said symmetric key being used by said first and second routers for subsequent secure communication of control messages therebetween.

US Pat. No. 10,250,387

QUANTUM COMPUTER RESISTANT ALGORITHM CRYPTOGRAPHIC KEY GENERATION, STORAGE, AND TRANSFER DEVICE

1. A computer program product for generating a quantum computer resistant algorithm cryptographic key on a computing device, the computer program product comprising a non-transitory computer readable storage medium having computer readable program code embodied therewith, the computer readable program code being configured to:identify, from a kernel space running in an operating system of the computing device, a hardware noise source in the computing device;
collect entropy, by a kernel run-time/hardware abstraction layer of the computing device's operating system, from the hardware noise source;
provide the entropy to a deterministic Random Bit Generator (DRBG) in a crypto API installed on the computing device; and
generate a cryptographic key from output provided by the DRBG.

US Pat. No. 10,250,386

POWER MANAGEMENT AND SECURITY FOR WIRELESS MODULES IN “MACHINE-TO-MACHINE” COMMUNICATIONS

Network-1 Technologies, I...

1. A method of saving power during machine to machine communication of sensor information over a wireless network comprising steps of:(a) storing, at a wireless module, identity information related to the wireless module;
(b) transmitting, from the wireless module to a communication network server via the wireless network, the identity information to identify the wireless module to the wireless network server and establish a connection with the communication network;
(c) changing, at the wireless module, a processor of the wireless module to a sleep mode and a radio of the wireless module to an off mode;
(d) determining, at the wireless module, whether a predetermined sleep mode time has expired;
(e) changing, at the wireless module when the predetermined sleep mode time has expired, the processor of the wireless module to an active mode and the radio to an on state;
(f) recording, at the wireless module, sensor information;
(g) encrypting, at the wireless module, the sensor information using a derived key based on at least a module private key;
(h) transmitting, from the wireless module via the wireless network, the encrypted sensor information;
(i) receiving, at the wireless module via the wireless network, encrypted confirmation information;
(j) decrypting, at the wireless module, using the derived key the encrypted confirmation information;
(k) confirming, at the wireless module, that the encrypted sensor information was received by an application server based at least on the decrypted confirmation information; and
(l) changing, at the wireless module, by a processor of the wireless module a sleep mode and by a radio of the wireless module an off mode in response to the determination that the encrypted sensor information was received by an application server.

US Pat. No. 10,250,385

CUSTOMER CALL LOGGING DATA PRIVACY IN CLOUD INFRASTRUCTURE

Cloud9 Technologies, LLC,...

1. A system for secure storage of customer data by a remote service provider equipment (SPE), said system comprising:a processor based customer premise equipment (CPE); said CPE having an application programming interface (API) and a key manager;
said CPE configured to generate a secret encryption key;
said key manager is configured to provide a master encryption key to said API for encrypting said secret encryption key;
said CPE is also configured to generate a data, and encrypt said data with said secret encryption key, to encrypt said secret encryption key with said master encryption key and to transmit said encrypted data and said encrypted secret encryption key for receipt and storage by said service provider.

US Pat. No. 10,250,382

UNIFIED MANAGEMENT OF CRYPTOGRAPHIC KEYS USING VIRTUAL KEYS AND REFERRALS

AMAZON TECHNOLOGIES, INC....

1. A system comprising memory to store executable instructions that, as a result of execution by one or more processors, cause the system to:receive, from a client, a request to perform an operation using a cryptographic key, the request specifying a key identifier;
select, based at least in part on the key identifier, a key from a set of keys managed for an entity associated with the client, the set of keys including a subset of virtual keys, the subset of virtual keys being associated with a set of cryptographic keys that is stored in another computing device; and
provide, based at least in part on the key being a member of the subset of virtual keys, a cryptographic configuration and a reference to the computing device, the reference including information usable to cause the other computing device to perform the operation using the cryptographic key.

US Pat. No. 10,250,381

CONTENT VALIDATION USING BLOCKCHAIN

Capital One Services, LLC...

1. A device, comprising:one or more memory devices; and
one or more processors, implemented at least partially in hardware and communicatively connected to the one or more memory devices, to:
receive first content data from a content provider,
the first content data including data identifying content;
generate second content data based on the first content data,
the second content data including information that causes content validation to be performed on the content;
provide the second content data to a content validation node,
the content validation node being included in a content validation network,
the content validation network implementing a blockchain network that includes executable instructions, of an algorithm, for performing content validation;
obtain, from the content validation network, validation results associated with the content,
the validation results including a plurality of validation parameters associated with the content;
generate an evaluation score, indicating a level of accuracy of the content, based on:
the plurality of validation parameters,
the plurality of validation parameters comprising an accurate fact parameter and an inaccurate fact parameter, and
a respective different weight for each of the plurality of validation parameters;
determine that the content is potentially inaccurate, of questionable accuracy, or otherwise unable to be classified as either accurate or inaccurate based on the evaluation score being between a first threshold score and a second threshold score,
the first threshold score being used to determine that the content is accurate, and
the second threshold score being used to determine that the content is inaccurate; and
provide, based on the determination and to a user device, data used to display a validation indicator with the content,
the validation indicator being based on the evaluation score, and
the validation indicator indicating that the content has been validated by a content validation service.

US Pat. No. 10,250,379

CLOCK RECOVERY DEVICE WITH SWITCHABLE TRANSIENT NON-LINEAR PHASE ADJUSTER

MICROSEMI SEMICONDUCTOR U...

1. A clock recovery device for recovering a master clock over a packet network from incoming synchronization packets, comprising:a controlled oscillator for generating an output clock;
a frequency locked loop for generating a control input for said controlled oscillator, said frequency locked loop being responsive to pure offset information obtained from said incoming synchronization packets;
a transient phase adjuster for extracting information from said incoming synchronization packets taking into account transit delays to effect fast frequency adjustment of said control input and to provide a phase adjustment input to said frequency locked loop, said transient phase adjuster being responsive to activate and de-activate commands;
a secondary phase path selectable in response to de-activation of said transient phase adjuster to provide a phase correction to said control input derived from said pure offset information; and
a multiplexer responsive to a select input to select a zero input for said secondary phase path when said transient phase adjuster is active and to select said pure offset information as an input to said secondary phase path when said transient phase adjuster is de-activated.

US Pat. No. 10,250,378

BASE STATION APPARATUS AND METHOD FOR CONTROLLING BASE STATION APPARATUS

NEC CORPORATION, Minato-...

1. A base station apparatus comprising:a radio equipment control that generates a first baseband signal including first data;
a first microwave apparatus that modulates the first baseband signal to a first microwave and transmits the first microwave by radio;
a second microwave apparatus that demodulates the received first microwave to the first baseband signal, then extracts a first clock from a cycle of the first data included in the first baseband signal, imports the first baseband signal in synchronization with the first clock, and plays back the first data; and
a radio equipment that modulates the first data played back by the second microwave apparatus to a first high-frequency signal,
wherein the second microwave apparatus outputs first dummy data instead of the played back first data when a frequency fluctuation amount of the first clock exceeds a predetermined range.

US Pat. No. 10,250,377

DEVICE AND METHOD FOR SUPPORTING CLOCK TRANSFER OF MULTIPLE CLOCK DOMAINS

HUAWEI TECHNOLOGIES CO., ...

1. A device for supporting clock transfer of a plurality of clock domains, comprising:an ith phase frequency detector in N phase frequency detectors configured to:
receive a clock signal from a clock source coupled to the ith phase frequency detector; and
send ith phase difference information between a common reference clock signal and the clock signal to an ith filter in N filters corresponding to the ith phase frequency detector;
the ith filter being configured to:
receive the ith phase difference information from the ith phase frequency detector;
convert the ith phase difference information into ith frequency difference information; and
send the ith frequency difference information to an ith clock reconstructor in N clock reconstructors corresponding to the ith filter; and
the ith clock reconstructor being configured to:
receive the ith frequency difference information from the ith filter;
reconstruct an ith network timing clock in the device according to the common reference clock signal and the ith frequency difference information; and
send the ith network timing clock to an ith clock domain interface in N clock domain interfaces, the N phase frequency detectors respectively coupled to N clock sources, at least two clock sources of the N clock sources do not comprising a same clock source, the N clock domain interfaces comprising a one-to-one correspondence with the N phase frequency detectors, the N filters and the N clock reconstructors, the N comprising an integer greater than or equal to two, and the i comprising an integer satisfying a condition 1?i?N.

US Pat. No. 10,250,376

CLOCK SUSTAIN IN THE ABSENCE OF A REFERENCE CLOCK IN A COMMUNICATION SYSTEM

ANALOG DEVICES, INC., No...

1. A slave node transceiver for low latency communication, comprising:upstream transceiver circuitry to receive a signal transmitted over a bus from an upstream device;
clock circuitry to generate a clock signal at the slave node transceiver based on sync portions of the signal, wherein timing of the receipt and provision of signals over the bus by the slave node transceiver is based on the clock signal;
peripheral device communication circuitry to provide output signals to one or more peripheral devices; and
sustain circuitry to determine that a predetermined number of sync portions have not been received in a predetermined time interval, and in response to the determination, cause the attenuation of the output signals.

US Pat. No. 10,250,375

CLOCK SYNCHRONIZATION

QUALCOMM Incorporated, S...

1. An apparatus comprising:a first circuit configured to:
generate a clock inhibit signal; and
generate a first clock divider reference signal and a second clock divider reference signal, wherein the first clock divider reference signal is phase offset with respect to the second clock divider reference signal and at least one cycle of the first clock divider reference signal and the second clock divider reference signal is inhibited when the clock inhibit signal is asserted; and
a second circuit configured to:
receive the first clock divider reference signal and the second clock divider reference signal;
select a clock signal from one of the first clock divider reference signal or the second clock divider reference signal based on a clock select signal; and
divide the selected clock signal in frequency to generate a divided clock signal, wherein the divided clock signal is based, at least in part, on the clock inhibit signal.

US Pat. No. 10,250,374

HARQ OPERATION WHEN TDD CELL AND FDD CELL ARE INCLUDED IN CARRIER AGGREGATION

LG ELECTRONICS INC., Seo...

1. A method for performing a hybrid automatic retransmit request (HARQ) operation, the method performed by a user equipment (UE) and comprising:determining, by the UE, a physical uplink control channel (PUCCH) format to be used,
wherein the UE is configured with a carrier aggregation (CA) including at least one time division duplex (TDD)-based cell and at least one frequency division duplex (FDD)-based cell,
wherein the at least one TDD-based cell is configured as a primary cell,
wherein the at least one FDD-based cell is configured as a secondary cell;
determining a number of HARQ ACK/NACK bits to be transmitted using the determined PUCCH format; and
generating and transmitting a PUCCH signal using the PUCCH format,
wherein a maximum number of cells included in the CA is limited such that the determined number of HARQ ACK/NACK bits does not exceed a maximum number of bits allowed in the PUCCH format if an uplink-downlink (UL-DL) configuration of the at least one TDD-based cell corresponding to the primary cell corresponds to one of UL-DL configurations 2, 3 or 4, and if the at least one FDD-based cell is configured as the secondary cell.

US Pat. No. 10,250,372

COMPONENT CARRIER (DE)ACTIVATION IN COMMUNICATION SYSTEMS USING CARRIER AGGREGATION

Sun Patent Trust, New Yo...

1. A communication apparatus comprising:a receiver which, in operation, receives a MAC control element including bits which indicate an activation/deactivation status of each of at least one secondary component carrier added to a primary component carrier, which is always activated, each of the at least one secondary component carrier corresponding to one of the bits that indicates whether the secondary component carrier should be activated or deactivated, wherein the MAC control element includes trigger bits which indicate activation/deactivation of sounding reference signal (SRS) transmission, and when any one of the bits indicates that its corresponding secondary component carrier should be activated, the SRS transmission on the corresponding secondary component carrier is triggered according to the trigger bits;
control circuitry which, in operation, activates or deactivates each of the at least one secondary component carrier according to the received MAC control element; and
a transmitter which, in operation, starts an SRS transmission on the activated secondary component carrier(s).

US Pat. No. 10,250,371

DMRS SIGNAL TRANSMISSION METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A signal transmission method, comprising:determining, by a base station, a first parameter value of a user data resource element (RE), an initial parameter value of a demodulation reference signal resource element (DMRS RE), and a compensation parameter value of the DMRS RE, wherein the user data RE is used to carry user data, the first parameter value is used to indicate that the base station transmits the user data using the first parameter value, and the DMRS RE is used to carry a demodulation reference signal (DMRS); the first parameter value comprises a first amplitude value, the initial parameter value comprises an initial amplitude value, and the compensation parameter value comprises an amplitude compensation value;
determining, by the base station according to the initial parameter value and the compensation parameter value, a second parameter value required for transmitting the DMRS; and
transmitting, by the base station, the DMRS, the user data, and the compensation parameter value to user equipment, to enable the user equipment to compute, according to the compensation parameter value and a preset initial parameter value, the DMRS transmitted by the base station using the second parameter value, and to enable the user equipment to obtain a DMRS RE channel estimation value according to the received DMRS and the computed DMRS, and to enable the user equipment to perform interpolation filtering on the DMRS RE channel estimation value to obtain channel information of the user data RE, and further to enable the user equipment to demodulate the user data according to the channel information of the user data RE;
wherein the determining, by a base station, a first parameter value of a user data resource element (RE), an initial parameter value of a demodulation reference signal resource element (DMRS RE), and a compensation parameter value of the DMRS RE, comprises:
determining, by the base station, the first parameter value of the user data RE, the initial parameter value of the DMRS RE, and the compensation parameter value of the DMRS RE according to network configuration information of the base station, wherein the network configuration information comprises a channel estimation algorithm of the user equipment.

US Pat. No. 10,250,370

FRAME STRUCTURE FOR A PHYSICAL CONTROL CHANNEL

Huawei Technologies Co., ...

1. A method for operating an access point comprising:communicating a frame between the access point and at least one station (STA), the frame including at least a first preamble, a first payload, a second preamble, and a second payload, the first preamble including at least a legacy short training field (STF), the second preamble including at least a first STF, the legacy STF being orthogonal to the first STF.

US Pat. No. 10,250,369

BEAM SWITCHING AND RECOVERY

QUALCOMM Incorporated, S...

1. A method of wireless communication for a first device, comprising:transmitting a beam switch message (BSM) to a second device via a first beam set, the BSM including a command to switch from communication via the first beam set to communication via a second beam set at a switch time;
when a response message to the BSM is unreceived, monitoring for communications from the second device via both the second beam set and the first beam set after the switch time; and
in response to the monitoring: maintaining the first beam set for communication with the second device if a message on the first beam set is received from the second device after the switch time; or maintaining the second beam set for communication with the second device if a message on the second beam set is received from the second device.

US Pat. No. 10,250,368

METHOD FOR CONTROLLING UPLINK TRANSMISSION POWER AND WIRELESS DEVICE USING SAME

LG ELECTRONICS INC., Seo...

1. A method for uplink transmission in a wireless communication system, the method comprising:determining, by a user equipment (UE), whether a first uplink signal to be transmitted toward a first cell belonging to a first timing advance group (TAG) at an nth subframe overlaps a second uplink signal to be transmitted toward a second cell belonging to a second TAG at an (n+1)st subframe;
dropping, by the UE. the first uplink signal at the nth subframe, if a total transmission power including the first and second uplink signals exceeds a maximum transmit power, where n is an integer?1; and
transmitting the second uplink signal without the first uplink signal.

US Pat. No. 10,250,367

UPLINK MIMO STBC COMMUNICATION METHOD IN WIRELESS COMMUNICATION SYSTEM AND APPARATUS FOR SAME

LG Electronics Inc., Seo...

9. A user equipment (UE) in a wireless communication system supporting multi-antenna, the UE comprising:a transmitter; and
a processor, operatively coupled to the transmitter,
wherein the processor:
maps first demodulation reference signals (DMRSs) for a first antenna port to a first Orthogonal Frequency Division Multiplexing (OFDM) symbol having a lowest OFDM symbol index in a subframe, wherein the first OFDM symbol is used for Automatic Gain Control (AGC),
maps second DMRSs for a second antenna port to a second OFDM symbol different from the first OFDM symbol,
maps data received from a plurality of antenna ports to one or more OFDM symbols of the subframe other than the first and second OFDM symbols according to a Space-Time Block Code (STBC) scheme,
controls the transmitter to transmit the subframe using a resource allocated for uplink,
wherein, when the one or more OFDM symbols is an odd number of symbols, the second DMRSs for the second antenna port are additionally mapped to a third OFDM symbol among the one or more OFDM symbols, and
wherein the first and second antenna ports are included in the plurality of antenna ports.

US Pat. No. 10,250,365

SYSTEMS AND METHODS FOR SIGNAL CLASSIFICATION

Intel Corporation, Santa...

21. A wireless apparatus, comprising:at least one memory storing computer-executable instructions; and
at least one processor to access the at least one memory, wherein the at least one processor is to execute the computer-executable instructions to:
receive a high efficiency (HE) packet having a physical layer (PHY) preamble, the PHY preamble including a legacy short training field (L-STF), a legacy long training field (L-LTF) immediately following the L-STF, a legacy signal field (L-SIG) immediately following the L-LTF, a repeated signal field (RL-SIG) immediately following the L-SIG, a high efficiency signal field (HE-SIG) immediately following the RL-SIG, a high efficiency short training field (HE-STF) immediately following the HE-SIG, a high efficiency long training field (HE-LTF) immediately following the HE-STF, wherein:
the L-SIG includes a rate field and a length field;
the HE-SIG includes a first high efficiency signal symbol (HE-SIG-1) and a second high efficiency signal symbol (HE-SIG-2);
the RL-SIG is a repetition of the L-SIG; and
a value of the length field of the L-SIG is not divisible by three;
identify the packet as a HE packet based on determining the repetition and based on determining that the value of the length field is not divisible by three.