US Pat. No. 10,924,570

NOTIFICATION UPDATES FOR SAVED SITES

Microsoft Technology Lice...

1. A computer system comprising:a processor; and
a computer readable storage medium having stored thereon program code that, when executed by the processor, causes the processor to:
receive a signal to associate a website with an entity on a user interface, the website being run in an application and the entity running separately from the application in the user interface, wherein the entity is saved to a location on the user interface and is managed by an operating system running on the computer system;
notify, by the operating system, the application that the entity has been assigned to the location;
in response to the application receiving the notification, receive, by the operating system, a request from the application to retrieve metadata for the entity that includes a location identifier for the website and an interface to use to establish a push channel;
receive, using the interface to use to establish the push channel, a request to associate the entity with the push channel that is configured to push updates from the location identifier for the website, wherein an entity identifier used by the operating system for the entity is used to configure the entity as an endpoint for the push channel;
receive an update via the push channel at the operating system;
associate the update with the entity by correlating the endpoint of the push channel to the entity identifier for the entity; and
cause a notification to be output for the entity at the location on the user interface using the operating system.

US Pat. No. 10,924,568

MACHINE LEARNING SYSTEM FOR NETWORKING

shallow.AI Inc., Los Alt...

1. A method comprising:providing a social networking service comprising a content spreading engine;
for the content spreading engine, using an electronic processor, calculating a spreadability (Si) component of a given content using an equation Si=f(w sT), where f(x)=1/(1+e?x), wherein w comprises a vector of weights, s comprises a vector of factors affecting spreadability Si, and T represents a transpose operation;
calculating a reaction (Rij) component of the given content using an equation Rij=f(w tT), where f(x)=1/(1+e?x), wherein t comprises a vector of factors affecting reaction Rij; and
based on the spreadability and reaction components, making a determination whether to deliver the given content to other users of the social networking service or killing the given content, preventing its delivery to other users of the social networking service.

US Pat. No. 10,924,566

USE OF CORROBORATION TO GENERATE REPUTATION SCORES WITHIN VIRTUAL REALITY ENVIRONMENTS

High Fidelity, Inc., San...

1. A method for use with a computer implemented virtual reality (VR) environment that enables users of the VR environment to explore the VR environment and interact with one another within the VR environment using client computing devices that are being used by the users, the method comprising:(a) receiving, from a client computing device used by a first user of the VR environment, information indicative of a positive gesture that an avatar of the first user made towards an avatar of a second user of the VR environment, which positive gesture is indicative of the first user having a positive impression of the second user,
wherein the positive gesture is selected from the group consisting of nodding, thumbs up, hand shaking, clapping, and waving;
(b) receiving, from a client computing device used by a third user of the VR environment, further information that is used to either corroborate or contradict that the avatar of the first user actually made the positive gesture towards the avatar of the second user within the VR environment,
wherein the further information, which is used to either corroborate or contradict that the avatar of the first user actually made the positive gesture towards the avatar of the second user within the VR environment, comprises objective information indicative of whether the third user, or an avatar of the third user, objectively witnessed the avatar of the first user making the positive gesture towards the avatar of the second user while the positive gesture was actually occurring;
(c) determining, based on the further information received from the client computing device used by the third user of the VR environment, that the positive gesture is corroborated;
(d) in response to determining that the positive gesture is corroborated, increasing a reputation score associated with the second user of the VR environment; and
(e) enabling each of one or more users of the VR environment to access, using the client computing device they are using, the reputation score associated with the second user of the VR environment;
wherein in order for the third user, or the avatar of the third user, to witness the avatar of the first user actually making the positive gesture towards the avatar of the second user, the avatar of the third user is within a specified distance of the avatars of the first and second users within the VR environment while the avatar of the first user makes the positive gesture towards the avatar of the second user, the avatar of the third user is facing the avatars of the first and second users while the avatar of the first user makes the positive gesture towards the avatar of the second user, and the avatars of the first and second users are not blocked from the view of the avatar of the third user by an intervening virtual object while the avatar of the first user makes the positive gesture towards the avatar of the second user.

US Pat. No. 10,924,565

TRACKING EVENT ATTENDANCE

Facebook, Inc., Menlo Pa...

1. A method, comprising:by one or more computer systems, receiving one or more input signals comprising one or more event signals associated with an event and one or more user signals associated with a user,
wherein the input signals comprise one or more time-based signals, and each time-based signal comprises an event time, a user arrival time, or a combination thereof,
wherein the input signals further comprise one or more location-based signals, and each location-based signal comprises an event location, a user location, or a combination thereof;
by the one or more computer systems, determining, using a trained machine-learning model, whether the user attended the event according to the input signals; and by the one or more computer systems, presenting, to a target user, an indication, based on the determining, of whether the user attended the event; and
wherein the input signals further comprise one or more friend engagement signals indicating how one or more friends of the user engaged with the event; and
wherein the one or more friend engagement signals comprise one or more of:
a signal indicating how many of the user's friends indicated they would attend the event, and
a signal indicating how many of the user's friends have viewed the event in a user interface.

US Pat. No. 10,924,564

APPARATUS AND METHODS FOR PROVIDING RECOMMENDATIONS BASED ON ENVIRONMENTAL DATA

Intel Corporation, Santa...

1. A network of sensors, comprising:first one or more sensors included in first one or more sensor devices to collect first physical environmental data of a first plurality of environmental parameters of an environment surrounding a first user; and
second one or more sensors included in second one or more sensor devices to collect second physical environmental data of a second plurality of environmental parameters of the environment, the first and second plurality of environmental parameters being different environmental parameters;
wherein at least selected ones of the first and second one or more sensors formed a mesh network;
wherein the first and second one or more sensors forward the first and second physical environmental data to a remote server, through first one or more user devices of the first user;
wherein the first one or more user devices further collect and forward contextual data of the first user reflective of interactions of the first user with the environment, to the remote server;
wherein the remote server, in addition to the first and second physical environmental data, further receives third physical environmental data of the environment from second one or more user devices of a second user; and
wherein the remote server forms a physical behavioral model of the first user, based at least in part on the third physical environmental data, and at least one of the first or second physical environmental data, and the contextual data of the first user, formulates a recommendation for the first user using the physical behavioral model of the first user, and sends the recommendation to a user device of the first user.

US Pat. No. 10,924,563

METHOD, SYSTEM AND RECORDING MEDIUM FOR PROVIDING REAL-TIME CHANGE IN SEARCH RESULT

NAVER CORPORATION, Seong...

1. A search result providing method implemented in a computer, the method comprising:receiving a keyword;
extracting social network service (SNS) documents corresponding to the keyword by conducting a search on documents registered to an SNS platform;
determining a ranking of each of the SNS documents relative to each other based on user feedback information and newness information corresponding to an elapse of time from the creation or registration of each of the SNS documents;
providing a search result associated with the keyword by selecting and sorting SNS documents to be displayed on a user terminal according to the rankings based on the user feedback information and the newness information;
repeatedly performing the extracting of the SNS documents and the determining of the ranking of each of the SNS documents based on updated user feedback information and updated newness information; and
providing an updated search result from the search result associated with the keyword by selecting and sorting SNS documents to be displayed on the user terminal according to the rankings obtained by the repeated performance of the extracting of the SNS documents and the determining of the ranking of each of the SNS documents based on the updated user feedback information and the updated newness information,
wherein the updated search result is provided automatically without a user input request to provide the updated search result, and
wherein the determining of the ranking of each of the SNS documents comprises,
calculating user feedback count, a first time, and a second time with respect to each of the SNS documents, the first time denoting a time elapsed after receiving a recent user feedback and the second time denoting the time elapsed from a point in time at which corresponding SNS document is created or registered,
determining whether the second time has passed a third time that denotes a standard time for determining a newness of the corresponding SNS document,
setting a weight value in proportion to the elapsed time of the second time as a first weight of the third time if the second time has passed the third time,
setting a default value as the first weight of the third time if the second time has not passed the third time,
determining whether the first time has passed a fourth time that denotes an initial display maintain time for guaranteeing an initial display time of the corresponding SNS document,
setting a weight value to be inverse proportion to the user feedback count and in proportion to the first weight as a second weight of the fourth time if the first time has passed the fourth time, and
setting a default value as the second weight of the fourth time if the first time has not passed the fourth time.

US Pat. No. 10,924,562

REAL-TIME MONITORING OF IO LOAD AND LATENCY

Amazon Technologies, Inc....

1. A system for influencing latency characteristics of one or more hosted services by controlling an admittance rate, the system comprising:one or more computing nodes hosting at least a first service, the one or more computing nodes comprising a first capacity for processing requests directed to the first service; and
one or more memories comprising computer-readable instructions that, upon execution by a computing device, cause the system at least to:
admit a first request, based at least in part on a first rate value for the admittance rate, the first rate value based at least in part on the first capacity;
determine an elapsed time for processing the first request;
calculate a latency error value for the processing of the first request based at least in part on a difference between the elapsed time for processing the first request and a target elapsed time for processing the first request, the target elapsed time based at least in part on a classification of the first request;
adjust the admittance rate to a second rate value, wherein the second rate value is based at least in part on an output of a computation utilizing, as input, the first rate value, the latency error value, a history of latency error values, and a prediction of future latency error values; and
admit a second request based at least in part on the adjusted admittance rate.

US Pat. No. 10,924,561

SYSTEM AND METHOD FOR PREDICTIVE DELIVERY OF PRIORITIZED CONTENT

1. A method comprising:aggregating, by a processing system including a processor, predictions of requests from subscriber devices located in a region for media content to obtain a content request prediction for the region, the content request prediction comprising a list of media content items;
analyzing, by the processing system, the content request prediction to determine a priority order for the media content items according to a number of the subscriber devices predicted to request the media content items while at a predicted future location during a predetermined future time period, the number corresponding to a predicted audience, each of the media content items having a priority based at least in part on a time remaining until a time of a largest predicted audience;
monitoring, by the processing system, traffic on a network used by the subscriber devices, and added traffic on the network due to copying of media content items to a storage device on the network, to predict a period of decreased network load;
scheduling, by the processing system, copying of the media content items from a content server to the storage device located in the region, wherein the copying is scheduled to be performed during the predicted period of decreased network load and in accordance with the priority order; and
copying, by the processing system, the media content items to the storage device according to the scheduling.

US Pat. No. 10,924,560

DETERMINING GEOGRAPHIC LOCATIONS OF NETWORK DEVICES

Facebook, Inc., Menlo Pa...

1. A method, comprising:by one or more computer systems, receiving one or more communication network addresses and one or more first geographic locations of each network address;
by the one or more computer systems, for each network address, determining one or more location-related features based on the network address;
by the one or more computer systems, generating one or more predicted locations of the network address, wherein each predicted location corresponds to one of the first geographic locations of the network address, and each predicted location is associated with a time stamp representing an age of the predicted location;
by the one or more computer systems, determining, based on the location-related features and the time stamps, a weighting factor representing a probability that at least one of the predicted locations of the network address corresponds to a true location of the network address;
by the one or more computer systems, determining, for each of the predicted locations, a weight based on at least the weighting factor, wherein the weight represents a probability that the predicted location corresponds to the true location of the network address;
by the one or more computer systems, storing the predicted locations of the network address and the associated weights in a table of predicted locations in association with the network address; and
by the one or more computer systems, providing, in response to a request to identify a geographic location for a particular network address, one or more of the predicted locations that correspond to the particular network address.

US Pat. No. 10,924,558

NETWORK FUNCTION INFORMATION INTERACTION METHOD AND DEVICE, AND COMPUTER STORAGE MEDIUM

China Mobile Communicatio...

1. A method for interaction of network function (NF) information, comprising:receiving, by a network repository function (NRF), a service discovery request from an NF requester, wherein the service discovery request comprises a service identifier (ID) of a service requested by the NF requester;
querying, based on the service ID, for at least one of an ID of an NF provider capable of providing the service requested by the NF requester or service-related information of the NF provider capable of providing the service requested by the NF requester, wherein the service-related information is to indicate related information of a plurality of services provided by the NF provider; and
sending at least one of the ID of the NF provider or the service-related information to the NF requester through a service discovery response.

US Pat. No. 10,924,557

MANAGEMENT SERVICE MIGRATION USING MANAGED DEVICES

AIRWATCH LLC, Atlanta, G...

1. A system, comprising:a client device, the client device being enrolled with a first management service; and
a migration application executable in the client device wherein the migration application, when executed, causes the client device to at least:
identify migration information for a migration of the client device from the first management service to a second management service that is different from the first management service, the migration information comprising: a first server address, and a second server address that is different from the first server address;
enable, by the migration application, a network adapter of the client device to identify a device identifier associated with the client device, wherein the device identifier is unavailable unless the network adapter is enabled;
send a request to un-enroll the client device from the first management service, the request comprising: the first server address, and the device identifier;
cause the client device to be un-enrolled from the first management service by causing a first management profile associated with the first management service to be removed from the client device;
send a request to enroll the client device with the second management service, the request comprising: the second server address, and the device identifier; and
cause the client device to be enrolled with the second management service by causing a second management profile associated with the second management service to be installed on the client device.

US Pat. No. 10,924,556

REAL TIME DYNAMIC TIMEOUT PREDICTION

SAP SE, Walldorf (DE)

1. A computer implemented method comprising:storing data on a client system, the data corresponding to a plurality of previous data requests from the client system to a server system over a network, the data comprising a load time and a plurality of parameters describing context for each data request;
receiving an instruction to perform a first data request;
determining weights corresponding to the plurality of parameters, the weights indicating a contribution of each parameter to the load time;
determining a load time offset value based on the stored data;
estimating a first load time for the first data request by combining the weights corresponding to the plurality of parameters and a plurality of parameters describing context for the first data request, and in accordance therewith, producing an estimated load time;
adding the load time offset value to the estimated load time to produce a first timeout value; and
performing the first data request, wherein a timeout for the first data request is set to the first timeout value.

US Pat. No. 10,924,555

TRANSACTION RESOURCES FOR STATELESS MESSAGE PROTOCOL

Intel Corporation, Santa...

1. A communications device, comprising:a computing platform, including a processor, a data store, and communication facilities, the computing platform to implement:
an entity resource to originate or consume data;
core resources to facilitate stateless messaging with a remote device, the stateless messaging including operations for data associated with the entity resource; and
transaction resources to interface with the entity resource and manage a transaction with the remote device that includes a sequence of stateless messages associated with the entity resource, wherein the transaction resources provide abstraction to limit direct communication with the entity resource for the transaction, the transaction resources including:
a transaction state machine to represent a current intra-transactional ephemeral state from among a plurality of intra-transactional ephemeral states representing progression of the sequence of stateless messages for the transaction;
a commit handler to institute a persistent state change related to the entity resource in response to a successful completion of the transaction; and
a transaction communicator to conduct intra-transaction communications via the core resources directed to corresponding transactional resources of the remote device.

US Pat. No. 10,924,554

APPLICATION CUSTOMIZATION

Citrix Systems, Inc., Fo...

1. A method, comprising:receiving, by a computing device, an enrollment request from a mobile device to enroll in a mobile device management (MDM) system;
generating, by the computing device, a session cookie after receipt of the enrollment request, the generation of the session cookie including use of a device identifier of the mobile device and an identifier of the MDM system, and the session cookie being unique to an enrollment session of the mobile device into the MDM system, so that the mobile device receives different session cookies in response to the mobile device requesting enrollment in the MDM system on different occasions;
prior to providing a client agent to the mobile device:
embedding the session cookie into a client agent application template, wherein the session cookie enables a client agent application to access the MDM system after enrollment and during a first-time use of the client agent;
embedding enterprise uniform resource locators (URLs) into the client agent application template, wherein the enterprise URLs correspond to enterprise resources of the MDM system;
embedding one or more policies into the client agent application template to configure the client agent application template, the one or more policies being based on at least one of the device identifier and an identity of a user of the mobile device; and
building the client agent application comprising the session cookie, the enterprise URLs and the one or more policies;
providing the client agent to the mobile device by transmitting the client agent application comprising the session cookie, the enterprise URLs and the one or more policies to the mobile device; and
permitting, by the computing device, based on the session cookie, the client agent application to automatically access the MDM system with Single-Sign-On (SSO) during the first-time use of the client agent after the enrollment.

US Pat. No. 10,924,553

MEDICAL DEVICE MANAGEMENT

ZOLL Medical Corporation,...

1. An automated external defibrillator (AED) comprising:at least one battery;
defibrillation electrode pads with a cardiopulmonary resuscitation (CPR) sensor;
a communication component configured to facilitate communication with a management server based on registration information associated with the AED and with a registration account user and stored in a database by the management server; and;
a memory, a processor, and associated circuitry, the memory including processor-executable instructions, wherein the processor is communicably coupled to the memory, the at least one battery, the defibrillation electrode pads, and the communication component and is configured to:
initiate a self-test at an administrator configured self-test interval of at least one of daily and weekly, wherein the self-test interval is a user role based configuration setting,
receive and analyze signals from the self-test from the at least one battery and the defibrillation electrode pads during the self-test,
generate device readiness information about the AED based at least in part on the received and analyzed signals from the at least one battery and the defibrillation electrode pads,
store the device readiness information in the memory,
determine a commencement of a clinical event,
record clinical event information during the clinical event, the clinical event information comprising CPR performance data based on signals from the CPR sensor,
detect a termination of the clinical event,
save a clinical event file comprising the clinical event information at the detected termination,
control the communication component to automatically transmit the device readiness information to the management server, via a network, without a request from the management server, at a monthly interval that is different than the administrator configured self-test interval of at least one of daily and weekly, and
control the communication component to transmit the clinical event file to the management server, via the network, in a separate communication transmission from the automatic transmission of the device readiness information.

US Pat. No. 10,924,552

HYPER-CONVERGED FLASH ARRAY SYSTEM

TOSHIBA MEMORY CORPORATIO...

1. A host device for a first storage system including a plurality of storage devices each including a nonvolatile semiconductor memory, the host device comprising:an internal interface controller connectable to the plurality of storage devices;
an external network interface connectable to a plurality of storage systems including a second storage system through a storage system network;
a memory; and
a processor configured to:
upon receipt of an access command from the second storage system through the storage system network, temporarily store the access command in the memory, and
control the internal interface controller to transmit the access command to one of the storage devices so that said one of the storage devices accesses the nonvolatile semiconductor memory thereof in accordance with the access command,
wherein the access command is issued by an operating system executed by the second storage system, which works with an operating system executed by the first storage system in a coordinated manner.

US Pat. No. 10,924,551

IRC-INFOID DATA STANDARDIZATION FOR USE IN A PLURALITY OF MOBILE APPLICATIONS

Sprinklr, Inc., New York...

1. A method of generating user preference IRC-Infoids comprising:identifying approved users;
collecting user level of access to the data and determining security status of individual users for each identified user;
collecting user preferences;
compiling a user profile for each individual user;
inputting the user profiles for each of the identified approved users into an Infoid runner;
formatting the input user profiles to produce a nested IRC-Infoid of the profile for each of the individual users;
checking the IRC-Infoid to ensure that the IRC-Infoid conforms to a structure of the IRC-Infoids;
checking the IRC-Infoid for conformity to rules of the IRC-Infoids; and
saving and linking the checked IRC-Infoids of the individual users.

US Pat. No. 10,924,550

FRAMEWORK FOR DISTRIBUTED KEY-VALUE STORE IN A WIDE AREA NETWORK

VMWARE, INC., Palo Alto,...

1. A method comprising:storing complete copies of an entire key-value (KV) store into each of a plurality of first computing systems in a data center;
storing at most a subset of the KV store into each of a plurality of second computing systems that are outside of the data center;
broadcasting entries among the copies of the KV store that were changed (“changed entries”) to each of the plurality of first computing systems using an unreliable multicast communication protocol, wherein each changed entry is associated with a monotonically increasing sequence number that is broadcast with the changed entry;
storing the changed entries in a retransmit buffer, including retransmitting one of the entries in the retransmit buffer in response to receiving a retransmit request for said one of the entries, wherein the retransmit request includes the sequence number associated with said one of the entries;
using one or more filters to select one or more entries from among the changed entries; and
broadcasting the selected entries to one or more of the second computing systems using a reliable unicast communication protocol.

US Pat. No. 10,924,549

METHOD AND DEVICE FOR DATA VERSION COMPARISON BETWEEN TRANS-TIME ZONE SITES

Advanced New Technologies...

1. A computer-implemented method, comprising:receiving, by a central server from a plurality of trans-time zone sites, target data and a corresponding time stamp from each trans-time zone site, wherein each of the time stamps are based on a respective time zone of a sending trans-time zone site from which the target data and the time stamp were received, wherein the target data comprises account data associated with a login account shared across each of the trans-time zone sites;
modifying, by the central server, each of the received time stamps based on the respective time zone of the sending trans-time zone site for the time stamp and a time zone of the central server;
comparing, by the central server, the received target data from each of the trans-time zone sites to stored target data based on the modified corresponding time stamp; and
storing, by the central server, a latest version of the target data having a modified corresponding time stamp that indicates a later time than each of the other modified corresponding time stamps.

US Pat. No. 10,924,548

SYMMETRIC STORAGE USING A CLOUD-BASED STORAGE SYSTEM

Pure Storage, Inc., Moun...

1. A method comprising:determining, in dependence upon an I/O operation received at a cloud-based storage system included in a set of storage systems synchronously replicating a dataset, a metadata update describing a mapping of segments of content to one or more addresses within one or more storage objects that include the dataset; and
synchronizing metadata on a hardware-based storage system included in the set of storage systems synchronously replicating the dataset by sending the metadata update from the cloud-based storage system to the hardware-based storage system to update a metadata representation on the hardware-based storage system in accordance with the metadata update, wherein the metadata representation on the storage system is structured differently than the metadata representation of the dataset on the cloud-based storage system.

US Pat. No. 10,924,546

STATE CONTAINER SYNCHRONIZATION SYSTEM AND METHOD

eCIFM Solutions Inc., Sa...

11. A method being performed by a mobile computing device, the mobile computing device comprising: at least one memory comprising mobile application instructions and a state container, a graphics processing unit (GPU), and at least one processing device configured for executing the mobile application instructions, the method comprising:creating, while in an offline mode such that the mobile computing device is disconnected from a remote application server, a local update packet corresponding to the state container, the local update packet associated with a first timestamp;
storing the local update packet in the memory of the mobile computing device;
detecting an availability of a wireless network;
establishing, via the wireless network, a network connection with the remote application server, thereby causing the mobile computing device to enter an online mode;
synchronizing the memory of the mobile computing device with the remote application server, the synchronizing comprising:
receiving, from the remote application server, a remote update packet corresponding to the state container, the remote update packet associated with a second timestamp;
comparing the first timestamp associated with the local update packet with the second timestamp associated with the remote update packet;
in response to determining that the first timestamp is earlier than the second timestamp: first modifying contents of the state container based on the local update packet, and second modifying the first modified contents of the state container based on the remote update packet; and
initiating display of, using the GPU, a graphical user interface representation of the second modified contents of the state container to a user of the mobile computing device.

US Pat. No. 10,924,545

COMPUTER SYSTEM PROVIDING MIRRORED SAAS APPLICATION SESSIONS AND RELATED METHODS

CITRIX SYSTEMS, INC., Fo...

1. A computer system comprising:a client computing device configured to run a first Software as a Service (SaaS) application session from a first server within a first browser; and
a second server cooperating with the at least one client computing device to
run a second SaaS application session within a second browser mirroring a state of the first SaaS application session, and
forward data traffic generated by the first SaaS application session to the first server while blocking traffic generated by the second SaaS application session from passing to the first server, and delivering responses from the first server to the data traffic from the first SaaS application session to both of the first and second SaaS application sessions.

US Pat. No. 10,924,544

APPARATUS, METHOD, AND PROGRAM PRODUCT FOR CALENDAR CONTROL

Lenovo (Singapore) PTE. L...

1. An apparatus comprising:a processor;
a memory that stores code executable by the processor to:
detect a triggering calendar entry of a plurality of calendar entries in a first digital calendar corresponding to a first user of the first digital calendar;
determine a pattern of the first digital calendar based on historical calendar entries in the first digital calendar, wherein the historical calendar entries comprise multiple separately entered calendar entries that do not overlap in time;
determine whether the triggering calendar entry is inconsistent with the pattern of the first digital calendar, wherein the triggering calendar entry occupies a time that is inconsistent with data corresponding to the first digital calendar; and
attempt to synchronize the triggering calendar entry with a second digital calendar corresponding to the first user of the first digital calendar without synchronizing each calendar entry of the plurality of calendar entries in response to detecting the triggering calendar entry, wherein, as a result of attempting to synchronize the triggering calendar entry with the second digital calendar not comprising copying the triggering calendar entry to the second digital calendar:
notify a second user of the second digital calendar during occurrence of the triggering calendar entry, wherein the second user of the second digital calendar is notified by showing a popup, showing an alert, sending an email, producing an audible alert, or producing a tactile alert.

US Pat. No. 10,924,543

DEPLOYMENT STRATEGY FOR MAINTAINING INTEGRITY OF REPLICATION GROUPS

Amazon Technologies, Inc....

1. A computer-implemented method, comprising:generating a number of deployment groups for a plurality of hosts, each deployment group of the number of deployment groups containing at least one host executing at least one node of at least one data replication group, where each data replication group of the at least one data replication group is a member of a set of data replication groups managed by a replication group service, by at least:
determining a number of nodes to be included in the data replication group; and
determining the number of deployment groups based at least in part on the number of nodes in the data replication group;
assigning a set of hosts to the number of deployment groups, the set of hosts collectively executing the number of nodes of the data replication groups, wherein the assigning is performed based at least in part on evenness criteria such that removing one or more hosts assigned to a particular deployment group preserves a quorum of nodes within the data replication group;
obtaining a request to deploy software to the number of deployment groups;
assigning a set of scores to the number of deployment groups; and
selecting a first deployment group, based on the score, of the number of deployment groups to deploy software to in response to the request.

US Pat. No. 10,924,542

CONTENT DELIVERY SYSTEM

Verizon Patent and Licens...

1. A computer implemented method, comprising:starting, by a processing device and based on instructions received from a host entity, a content delivery micro edge server module to generate a content delivery micro edge server on a web server, wherein the content delivery micro edge server is a virtualized edge server associated with a content delivery network operator and the web server is associated with the host entity that is different than the content delivery network operator;
partitioning web server capacity of the web server into a predetermined level of capacity associated with the content delivery micro edge server and web server capacity, wherein the content delivery micro edge server module reserves web server capacity based on available capacity and utilized capacity;
remotely controlling, by the content delivery network operator and not the host entity, applications, processes, and configuration of the content delivery micro edge server via an encrypted network connection, including:
activating at least one application associated with the content delivery micro edge server to provide content delivery services;
registering, with the content delivery network operator, the content delivery micro edge server to provide the content delivery services;
receiving a request for content to be provided to a client device via a prospective best cost route determined by a master route matrix based on a transmission control protocol (TCP) latency as of a last-identified state of the content delivery micro edge server, and a TCP latency as of a last-identified state of at least one neighboring content delivery micro edge server, wherein the client device is associated with a third party to the host entity and the content delivery network operator;
determining that the at least one neighboring content delivery micro edge server forms part of an actual best cost route for delivering the content to the client device, wherein the actual best cost route is further determined using a micro route matrix based on a comparison of a first expected TCP latency associated with the content delivery micro edge server, and a second expected TCP latency associated with the at least one neighboring content delivery micro edge server;
re-directing, based on the determining, the request for content to the at least one neighboring content delivery micro edge server;
receiving, by the at least one neighboring content delivery micro edge server, the content from a cache dedicated to the content delivery micro edge server; and
delivering, by the at least one neighboring content delivery micro edge server, the content to the client device via the actual best cost route, wherein the actual best cost route does not include the content delivery micro edge server using the predetermined level of capacity; and
terminating, by the processing device and based on instructions received from the host entity, the content delivery micro edge server module.

US Pat. No. 10,924,541

LOW-POWER AND LOW-LATENCY DEVICE ENUMERATION WITH CARTESIAN ADDRESSING

QUALCOMM Incorporated, S...

1. A host device, comprising:a first master interface for coupling over a first point-to-point (P2P) link to a first slave interface in a first slave device;
a second master interface for coupling over a second P2P link to a second slave interface in a second slave device; and
a node aggregator configured to assign a first link identification (ID) to the first P2P link and to assign a second link ID to the second P2P link upon initiation of an enumeration process, the node aggregator being further configured to receive a node ID from the first slave device that equals a concatenation of a slave bit and the first link ID and to receive a node ID from the second slave device that equals a concatenation of a slave bit and the second link ID, wherein the node aggregator is further configured to address the first slave device with a first message including the node ID for the first slave device to re-assign a Cartesian address to the first slave device.

US Pat. No. 10,924,540

LIGHTWEIGHT NAMING SCHEME FOR AGGREGATING REQUESTS IN INFORMATION-CENTRIC NETWORKING

Cisco Technology, Inc., ...

1. A method comprising:receiving, at a device in a network, an interest request for one or more pieces of content data available in the network, wherein the interest request specifies the one or more pieces of content data via one or more bits sets in a content request bitmap of the interest request, each bit of the content request bitmap being associated with a different piece of content data available from the network;
comparing, by the device, the content request bitmap to a content availability bitmap in a forwarding information base (FIB) of the device, wherein the content availability bitmap in the FIB is associated with a particular interface of the device and each bit of the content availability bitmap indicates whether a particular piece of content data is available via the particular interface; and
forwarding, by the device, the interest request via the particular interface of the device, based on the comparison between the content request bitmap and the content availability bitmap in the FIB of the device.

US Pat. No. 10,924,539

METHOD AND DEVICE FOR SELECTING AGGREGATION NODE

BOE TECHNOLOGY GROUP CO.,...

1. A method for selecting an aggregation node, comprising steps of:acquiring a trust value list for each of nodes in a cluster, wherein the trust value list for each of the nodes comprises trust values for each of the nodes, acquired by remaining nodes in the cluster;
acquiring an actual trust value for each of the nodes according to the trust value list for each of the nodes, by using a first predetermined algorithm;
calculating an actual remaining energy ratio of each of the nodes according to a self-calculated remaining energy ratio of each of the nodes calculated by itself and other-calculated remaining energy ratios for each of the nodes calculated by the remaining nodes in the cluster, by using a second predetermined algorithm;
calculating an energy-trust integrated value for each of the nodes according to the actual trust value for each of the nodes and the actual remaining energy ratio of each of the nodes, by using a third predetermined algorithm; and
selecting an aggregation node according to the energy-trust integrated value for each of the nodes,
wherein any of the trust values in the trust value list is acquired according to the following steps:
taking a node for which the trust value is to be acquired as a target node, the remaining nodes in the cluster comprising the target node as monitoring nodes, one of the monitoring nodes as a direct monitoring node, and others of the monitoring nodes as indirect monitoring nodes;
acquiring direct information of the target node through the direct monitoring node;
acquiring indirect information of the target node through the direct monitoring node, wherein the indirect information is information of the target node acquired by the indirect monitoring nodes; and
calculating the trust value for the target node according to the direct information and the indirect information of the target node which are collected by the direct monitoring node; and
wherein the step of selecting an aggregation node according to the energy-trust integrated value for each of the nodes comprises steps of:
comparing the energy-trust integrated values of the nodes with each other, and selecting a node having a maximum energy-trust integrated value as the aggregation node.

US Pat. No. 10,924,538

SYSTEMS AND METHODS OF MONITORING SOFTWARE APPLICATION PROCESSES

THE BOEING COMPANY, Chic...

1. A system comprising:a first compute node of multiple compute nodes that are configured to run multiple instances of a software application, wherein the first compute node comprises:
a process monitor configured to generate process status data for a first instance of the software application running at the first compute node;
a status data analyzer configured to:
determine, based on the process status data, whether an expected process of the first instance of the software application has stopped running at the first compute node; and
selectively restart the first instance of the software application based on determining that the expected process has stopped running at the first compute node;
a process monitor checker configured to:
determine whether the process monitor has stopped running at the first compute node; and
restart the process monitor in response to determining that the process monitor has stopped running at the first compute node; and
a peer monitor configured to:
determine whether a second instance of the software application failed at a second compute node of the multiple compute nodes; and
in response to determining that the second instance failed at the second compute node, perform an action based on incomplete tasks associated with the second instance of the software application; and
the second compute node.

US Pat. No. 10,924,537

SYSTEMS, APPARATUS AND METHODS FOR COST AND PERFORMANCE-BASED MANAGEMENT OF RESOURCES IN A CLOUD ENVIRONMENT

TURBONOMIC, INC., Boston...

1. A computer-implemented method, comprising:determining, by a consumer manager running on a data processor in a computer system, a cost in currency units for running a computational workload on a first computational resource provider, the workload having a resource requirement corresponding to a quantity of one or more resources selected from CPUs, memory, databases, network bandwidth, and/or input-output capacity for use by a component of the computer system;
selecting to run the workload on the first computational resource provider;
determining, after a predetermined period of time has passed since the selection or after the cost for running the workload has increased by at least a predetermined amount, a cost for running the workload on a second computational resource provider, wherein the first computational resource provider is an in-house resource provider and the second computational resource provider is a cloud-based service provider offering a plurality of templates, each of the templates specifying a quantity of one or more resources selected from CPUs, memory, databases, network bandwidth, and/or input-output capacity;
selecting, from among the plurality of templates, an optimal template (i) having resources exceeding the workload resource requirement and (ii) having a lowest cost of all templates having resources exceeding the workload resource requirement;
determining a cost of moving the workload to the second provider using the optimal template;
determining whether any template resources exceeding the workload resource requirement can be deployed by the consumer manager in the computer system;
computing a utilization value for running the workload on the second provider based at least in part on the determined cost of the optimal template on the second provider, the determined cost of moving the workload to the second provider, and whether any template resources exceeding the workload resource requirement can be deployed by the consumer manager in the computer system; and
moving the workload to the second provider if the utilization value exceeds a utilization value of continuing to host the workload on the first provider, wherein the cost of running the workload on the second provider is (i) a dynamic, on-demand price based at least in part on one or more template resources or (ii) a reserved-instance price based at least in part on multiple template resources.

US Pat. No. 10,924,536

METHOD AND SYSTEM FOR SELECTING A STORAGE NODE BASED ON A DISTANCE FROM A REQUESTING DEVICE

Oracle International Corp...

12. A method comprising:receiving, from a requesting device, an initial request to access a file;
responsive to the initial request to access the file:
selecting a first node, from among a plurality of nodes, to provide access to the file, wherein the first node is selected from a subset of the plurality of nodes that store the requested file;
causing transmission of the file from the first node to the requesting device;
determining that the first node is not an appropriate node to provide the file to the requesting device;
responsive to the determining operation, selecting a second node, from among the plurality of nodes, to provide access to the file for subsequent requests to access the file received after the initial request is received; and
causing the second node to retrieve a copy of the file in preparation for causing transmission of the file to the requesting device for the subsequent requests;
wherein the method is performed by at least one device including a hardware processor.

US Pat. No. 10,924,535

RESOURCE LOAD BALANCING CONTROL METHOD AND CLUSTER SCHEDULER

Huawei Technologies Co., ...

1. A resource load balancing control method, comprising:predicting performance data that is of an application deployed on each cluster node and that is in a preset time period, wherein the performance data represents resource usage that is of an application deployed on each cluster node and that is in the preset time period;
calculating a first standard deviation of a cluster system according to the predicted performance data of each cluster node, wherein the first standard deviation represents a resource load balance degree of the cluster system in the preset time period; and
in response to determining that the first standard deviation of the cluster system is greater than a preset threshold, determining an application migration solution according to a resource load balancing rule to balance a current resource load of the cluster system or a resource load of the cluster system in the preset time period after a application migration solution is executed, wherein determining the application migration solution comprises:
sorting all cluster nodes according to a resource load of each cluster node;
classifying the sorted cluster nodes into either a heavy-load cluster node or a light-load cluster node;
traversing an application deployed on the heavy-load cluster node and an application deployed on the light-load cluster node, so as to exchange an application deployed on the heavy-load cluster node with an application deployed on the light-load cluster node;
determining a first application deployed on a first cluster node in the heavy-load cluster node and a second application deployed on a second cluster node in the light-load cluster node by maximizing a difference between a third standard deviation of the cluster system before an application exchange and a fourth standard deviation of the cluster system after the application exchange, wherein the third standard deviation is greater than the fourth standard deviation; and
generating an application migration solution instructing to exchange the first application deployed on the first cluster node with the second application deployed on the second cluster node.

US Pat. No. 10,924,534

DYNAMIC PLACEMENT OF COMPUTING TASKS IN A DISTRIBUTED COMPUTING ENVIRONMENT

Akamai Technologies, Inc....

1. A method for placing a computing task within a distributed computing system having first and second servers, the method comprising:with a first server, receiving a first request, the first request originating from a client;
in response to the first request, the first server sending a forward request;
a second server receiving, directly or indirectly, the forward request;
in response to the receipt of the forward request, the second server determining whether to perform one or more computing tasks at the second server to generate particular content for the first server to provide in response to the first request;
upon a determination by the second server to perform the one or more computing tasks:
(i) the second server performing the one or more computing tasks to generate the particular content for the first server to provide in response to the first request;
(ii) the second server sending to the first server, directly or indirectly, a response comprising the particular content and a computing task locator that identifies any of the second server and a group of servers of which the second server is a member, as having performed the one or more computing tasks; and
(iii) the first server, upon receipt of the particular content and the computing task locator, sending towards the client the response to the first request including both the particular content and the computing task locator;
upon a determination by the second server not to perform the one or more computing tasks:
(iv) the second server sending to the first server, directly or indirectly, a response to the forward request;
(v) the first server performing the one or more computing tasks to generate the particular content; and
(vi) the first server sending, towards the client, the response to the first request including both the particular content and a computing task locator that identifies any of the first server and a group of servers of which the first server is a member as having performed the one or more computing tasks to generate the particular content;
the response to the first request including code executable by the client to cause the client to generate a beacon that includes performance data related to delivery of the particular content to the client and includes the computing task locator the client received, the code executable to cause the client to send the beacon back to the distributed computing system; and,
the distributed computing system:
receiving the performance data; and,
adjusting a probability that the second server determines to perform the one or more computing tasks.

US Pat. No. 10,924,533

SYSTEM, APPARATUS AND METHOD FOR LOAD BALANCING

Telefonaktiebolaget LM Er...

1. A method of performing multi-path load balancing in a communications network comprising a plurality of servers, the method comprising:in a server of the plurality of servers:
receiving a first connection request, from a first load balancer, sent from a first interface of a client device;
sending a first acknowledgement of the first connection request to the first interface of the client device bypassing the first load balancer; and
storing a code representing the server in a database, the code associated with a unique identity of the server;
in a second load balancer:
receiving a second connection request from a second interface of the client device, wherein the second connection request is associated with the first connection request sent from the first interface of the client device to the server, wherein the second connection request includes a token associated with the server, wherein the token associated with the server is received from the second interface of the client device, and wherein the second load balancer is different from the first load balancer;
mapping the token to an entry in the database;
determining the unique server identity associated with the token; and
forwarding the second connection request to the server associated with the unique server identity.

US Pat. No. 10,924,532

PRESENTING SUGGESTION CONTENT IN REACTION TO CONTENT GENERATION

Facebook, Inc., Menlo Pa...

1. A method comprising:storing, in a social networking system, a plurality of reaction content items associated with management of pages in the social networking system;
receiving, through a content generation interface for a page in the social networking system, content generated by a posting user of the social networking system;
generating a user content item based on the received content, the user content item being associated with the page;
determining that the posting user of the social networking system is assigned a role to manage, interactions with, the page;
when the posting user is associated with the role to manage the page,
automatically selecting, by the social networking system, a set of eligible reaction content items from the plurality of reaction content items based on characteristics of the posting user satisfying a plurality of predetermined eligibility criteria to determine eligibility of each reaction content item, of the selected set of eligible reaction content items, to be presented for display to the posting user, wherein each reaction content item from the plurality of reaction content items provides information relating to management of the page by the posting user;
ranking the selected set of eligible reaction content items based on a measure of relevance of each selected reaction content item to the posting user;
automatically selecting, by the social networking system, a reaction content item from the set of eligible reaction content items based on the ranked set of eligible reaction content items;
responsive to the posting user providing the generated user content item, presenting, by the social networking system, the selected reaction content item to the posting user, the selected reaction content item being displayed with an interaction interface, wherein the selected reaction content item is presented to the posting user on a reaction interface immediately consecutive to the content generation interface; and
receiving, from the posting user, an interaction with the selected reaction content item through the interaction interface presented with the selected reaction content item.

US Pat. No. 10,924,531

SOPHISTICATED AUTOMATED RELATIONSHIP ALERTER

Sony Corporation, Tokyo ...

1. An electronic communication device, comprising:communications circuitry to provide near-field transmitting and receiving communications;
a user interface; and
control circuitry configured to:
(a) maintain a friends list comprising personal information of persons known to a user of the electronic communication device, the friends list also includes a first anonymous user indicia for at least a first person known to the user of the electronic communication device, wherein the first anonymous user indicia corresponds to information that identifies the first person in a database accessible by the electronic communication device but does not include personal information of the first person,
(b) activate the communications circuitry to determine near-field presence of a second electronic communication device within communication range of the electronic communication device,
(c) activate the communications circuitry to transmit to the second electronic communication device a portion of the first anonymous user indicia and/or second anonymous user indicia associated with the user of the first electronic communication device, wherein the second anonymous user indicia corresponds to information that identifies the user of the first electronic communication device in a database accessible by the second electronic communication device but does not include personal information of the user of the first electronic communication device,
(d) activate the communications circuitry to receive from the second electronic communication device third anonymous user indicia, wherein the third anonymous user indicia corresponds to a session initiation protocol (SIP) address, an encrypted name of the first person, a 128-bit unique identification number encrypting a name of the person,
(e) coordinate the third anonymous user indicia with information on the friends list to determine the presence of any matches between the first and/or second anonymous user indicia and the third anonymous user indicia; and
(f) provide to the user interface either a list of matches or an indication of no matches, but to share no personal information including at least one of biometric information such as fingerprints, retinal scans, iris scans, hand measurements, voice recognition, photographs of the face, anatomical traits, a record of previous meetings, a list of the first person's known friends and acquaintances, social security number, E-mail address, IP address, audio recordings, video recordings, or passwords, until such time as users of the first electronic communication device and the second electronic communication device have decided to meet, thereby unambiguously identifying near-field users of electronic communication devices who are potential acquaintances in a way that allows anonymity and concealment of personal information until such time as the decision is made to actually make contact and to share such personal information.

US Pat. No. 10,924,530

INTER-PROVIDER FILE TRANSFER SYSTEM AND METHOD

Verizon Patent and Licens...

1. A method comprising:receiving, by a service provider, a file transfer request that includes at least a network location corresponding to a file to be transferred;
determining, by the service provider, whether the network location is internal or external to a service provider network;
modifying the network location when it is determined that the network location included in the file transfer request is external to the service provider network; and
retrieving the file to be transferred using the modified network location.

US Pat. No. 10,924,529

SYSTEM AND METHOD OF TRANSMITTING DATA BY USING WIDGET WINDOW

Samsung Electronics Co., ...

1. A method of transmitting, by a computer, a file by using an execution window of an application that connects the computer to a first mobile terminal, the method comprising:receiving an address book stored in the first mobile terminal from the first mobile terminal;
moving a file selected on a screen of the computer to the execution window of the application;
when the file is moved to the execution window, receiving a keyword that is input to the execution window;
detecting at least one second mobile terminal corresponding to the keyword from the received address book; and
transmitting the file from the computer to the at least one second mobile terminal via the first mobile terminal,
wherein the keyword comprises a textual prefix tag value, and detection targets of the keyword differ from each other according to the textual prefix tag value, the textual prefix tag value corresponding to at least one of a plurality of types of data transmission services supported by the at least one second mobile terminal.

US Pat. No. 10,924,528

METHOD TO DETERMINE USE OF LOCAL AND REMOTE APPLICATIONS IN A DISTRIBUTED MULTIUSER ENVIRONMENT FOR SHARED FILE RESOURCES

Parallels International G...

1. A method comprising:determining, by a first computing device, a set of remote applications hosted by a second computing device, wherein each remote application in the set of remote applications is associated with one or more file types;
determining, by the first computing device, a set of local applications hosted on the first computing device, wherein each local application in the set of local applications is associated with one or more file types; and
for each file type associated with at least one remote application of the set of remote applications:
determining whether the file type associated with a respective remote application is also associated with a local application in the set of local applications; and
responsive to the file type associated with the respective remote application being also associated with the local application, invoking an application programming interface (API) of an operating system of the first computing device to associate the file type with a proxy component, wherein the proxy component for the file type is to determine, based on a network latency and a synchronization time associated with a location of a requested file, whether to open the requested file of the file type with the respective remote application or the local application.

US Pat. No. 10,924,527

DYNAMIC WORKFLOW-BASED COMPOSITE WEB SERVICE SYSTEM AND METHOD

TRANZTEC SOLUTIONS, INC.,...

1. A method for providing dynamic workflow-based composite web services comprising the steps of:providing a management system for receiving an input data request from at least one of a plurality of remote client applications, the request including a request URL;
providing a plurality of web service endpoints, each of the endpoints including a trigger with an associated endpoint URL;
providing a plurality of workflows, each workflow associated with at least one of the endpoints and including a plurality of activities;
providing a plurality of actors, each actor being a standardized data definition shared among the plurality of workflows, each actor providing a standard method for the plurality of workflows to interact with each other using a common data layer, wherein each actor is paired with the plurality of activities to allow the paired actor to automatically communicate with the at least one of the plurality of remote client applications, wherein each client application is different;
triggering one of the triggers having the endpoint URL corresponding to the request URL to load the associated workflow;
executing the loaded associated workflow using the associated actor to generate and send to the one trigger an output data representing serialized actor properties; and
sending the output data from the one trigger to the client application.

US Pat. No. 10,924,526

ADAPTING AN AUDIO BIT RATE BASED ON CHANGING NETWORK CONDITIONS

Verizon Patent and Licens...

1. A first user device, comprising:one or more memories; and
one or more processors, communicatively coupled to the one or more memories, to:
receive information indicating changed network conditions for a network supporting a call with a second user device at a first audio bit rate;
provide, to the second user device, an audio packet instructing use of a second audio bit rate that is different from the first audio bit rate;
start a timer associated with receiving an indication that the second user device is using the second audio bit rate;
receive, from the second user device and based on the audio packet instructing use of the second audio bit rate, a response audio packet at the first audio bit rate;
determine that the timer has expired after receiving the response audio packet at the first audio bit rate;
determine, based on determining that the timer has expired and receiving the response audio packet at the first audio bit rate, that the second user device did not receive the audio packet instructing use of the second audio bit rate;
determine, based on determining that the second user device did not receive the audio packet instructing use of the second audio bit rate and based on a threshold quantity of additional audio packets being provided to the second user device, to cease transmitting audio packets instructing use of the second audio bit rate;
provide, to the second user device, one or more additional audio packets instructing use of the second audio bit rate;
determine that the threshold quantity of additional audio packets have been provided to the second user device;
re-negotiate, based on the threshold quantity of additional audio packets being provided to the second user device, the second audio bit rate with the second user device based on a protocol-based re-invite message provided to the second user device; and
continue the call with the second user device, at the second audio bit rate and without dropping the call, based on the re-invite message.

US Pat. No. 10,924,525

INDUCING HIGHER INPUT LATENCY IN MULTIPLAYER PROGRAMS

Microsoft Technology Lice...

11. A method comprising:at a server computing device including a processor,
receiving a plurality of input streams from a respective plurality of client computing devices, each input stream including a plurality of inputs controlling actions of respective characters in a multiplayer game session of a multiplayer online software program;
determining a latency of each of the input streams based at least on detecting whether inputs were received from each of the plurality of input streams at a target input frequency;
identifying a higher latency input stream and a lower latency input stream among the plurality of input streams, wherein missed inputs not received at the target input frequency are used to identify the higher latency input stream; and
inducing a higher latency in the lower latency input stream to narrow a difference in latency between the higher latency input stream and the lower latency input stream to thereby accommodate the higher latency input stream and the lower latency input stream in the multiplayer game session.

US Pat. No. 10,924,524

COMMUNICATION DEVICES, COMMUNICATION DATA GENERATION METHOD, AND COMMUNICATION DATA PROCESSING METHOD

SATURN LICENSING LLC, Ne...

1. A communication device comprising:a memory that stores instructions;
processing circuitry configured to execute the instructions to
divide media data of a Group of Pictures (GOP) into portions of the media data, the GOP being a processing unit in video encoding to be decoded after all the portions of the media data are gathered, and
generate packets storing the media data of the GOP, each of the packets storing a respective one of the portions of the media data, a header of each of the packets including a segment identifier and an in-GOP location identifier, the segment identifier identifying the GOP, and the in-GOP location identifier indicating whether the respective portion of the media data stored therein corresponds to a first portion, a middle portion, or a last portion of the GOP; and
a transmitter configured to transmit the generated packets.

US Pat. No. 10,924,523

ENCODINGLESS TRANSMUXING

Verizon Digital Media Ser...

1. A method comprising:obtaining a single file encoding media content, the single file comprising metadata and binary data, wherein the binary data stores frame information for a plurality of frames representing the media content, and wherein the plurality of frames comprises a set of key frames irregularly intermixed with other frame types;
detecting positions of first, second, and third key frames of the set of key frames from said metadata;
transmuxing the single file into a plurality of segments based on a segment duration parameter, wherein said transmuxing comprises:
commencing a first segment of the plurality of segments with the first key frame;
determining that the third key frame is closer than the second key frame to a position that is the segment duration parameter from the first key frame in the media content, and wherein the third key frame is at a different position in the media content than the position that is the segment duration parameter from the first key frame;
commencing a second segment of the plurality of segments with the third key frame, wherein the second segment immediately follows said first segment during playback of the media content;
serving the first segment in response to a user request for the first segment, wherein said serving comprises providing a subset of the binary data without encoding, decoding, or modifying two or more frames falling within the subset of the binary data, wherein the subset of the binary data commences at binary data encoding the first key frame, spans binary data encoding the second key frame and other frames between the first key frame and the third key frame, and ends with a frame immediately before binary data encoding the third key frame.

US Pat. No. 10,924,522

AD HOC NETWORK-BASED COLLABORATION USING LOCAL STATE MANAGEMENT AND A CENTRAL COLLABORATION STATE UPDATE SERVICE

Anthill, Inc., Wellesley...

1. A method operative in a centralized computing infrastructure, comprising:responsive to receipt of a request, establishing an ad hoc collaboration session to which participating computing devices subscribe, synchronously or asynchronously with respect to one another, over an unrestricted time period, each of the participating computing devices have a gesture-responsive display interface;
as a participating computing device subscribes to the collaboration session or provides information about a change to its local state, providing a real-time state update to one or more other computing devices that are participating in the session such that the participating computing devices continually maintain their respective local state; and
executing a collaborative interaction among the participating computing devices;
wherein the collaborative interaction is associated with a sequence of a source media file having a timeline and at least one decision point in the timeline associated with a branch, the source media file having been delivered to each of the participating computing devices, and wherein the collaborative interaction comprises:
responsive to a determination based on the real-time state updates that the decision point in the timeline has been reached, transitioning the collaboration session to a collaboration state;
during the collaboration state, and responsive to receipt of data from a given subset of the participating computing devices, determining a next state, wherein the data from at least one participating computing device includes a result of a swipe gesture on the gesture-response display interface indicating a preference for the next state; and
responsive to determining the next state, providing each of the participating computing devices an update identifying the next state;
wherein the next state is associated with delivery to each of the participating computing devices in the collaboration session of an additional portion of the source media file as determined by the given subset of the participating computing devices.

US Pat. No. 10,924,521

SYNCHRONOUS DELIVERY OF MEDIA CONTENT IN A COLLABORATIVE ENVIRONMENT

Match Group, LLC, Dallas...

1. A method for facilitating a display of a time-based media object, the method comprising:receiving a first command to control the media object on a display of a first device;
generating an estimate of a communication time between the first device and a second device, based on pinging the second device; and
in response to a selection of a button in an instant messaging application at the first device or an entry of text in the instant messaging application at the first device, causing communication of a seek command and a metric associated with the media object to the second device to synchronize the display of the media object on the first device with a display of the media object on the second device, the metric based on an offset from a specified position in the media object.

US Pat. No. 10,924,520

ONLINE CHARGING MECHANISMS DURING OCS NON-RESPONSIVENESS

Microsoft Technology Lice...

1. A method of accommodating non-responsiveness of an online charging node in a networked system, comprising:receiving a request from a subscriber;
identifying that an online charging node is non-responsive, wherein identifying that the online charging node is non-responsive comprises at least one of detecting a lack of a heartbeat from the online charging node or identifying a timeout of a request to the online charging node;
assigning a default quota to the subscriber, the default quota being assigned by an entity other than the online charging node while the online charging node is non-responsive, the default quota defining a service usage threshold for the subscriber;
providing service to the subscriber based on the default quota, wherein the providing service to the subscriber based on the default quota includes tracking a usage associated with the service;
identifying that the online charging node has become responsive; and
reconciling with the online charging node the usage associated with the service, wherein the reconciling with the online charging node the usage associated with the service includes reporting one or more of the tracked usage associated with the service or the default quota to the online charging node.

US Pat. No. 10,924,519

METHOD, APPARATUS, SYSTEM, AND NON-TRANSITORY COMPUTER READABLE MEDIUM FOR INTERWORKING BETWEEN APPLICATIONS OF DEVICES

LINE CORPORATION, Tokyo ...

1. A non-transitory computer-readable medium storing computer readable instructions, which when executed by at least one processor, cause the at least one processor to perform a method for application interworking between devices, wherein the application interworking method comprises:establishing a communication session on a messaging service associated with a first account of a first user of a first electronic device using a first application executed on the first electronic device, the communication session including at least a second account of a second user of a third electronic device, the first account and the second account associated with the messaging service;
generating a user interface for creating a control instruction in a chatroom associated with the communication session, the chatroom including the first account and the second account, the user interface allowing the first account to control a second electronic device associated with the first account;
receiving a user input via the user interface from the first user using the first electronic device, the user input corresponding to an action to be performed by the second electronic device; and
transmitting a control instruction that includes a session identifier of the communication session to the second electronic device associated with the first account corresponding to the user input,
the control instruction causing the second electronic device to start execution of a second application on the second electronic device,
the control instruction further including instructions for the second electronic device that cause the second electronic device to execute the action to be performed by the second electronic device, and transmit results of the executed action to the chatroom using the session identifier, and
the action to be performed by the second electronic device including executing a camera included in the second electronic device, and transmitting an image created using the executed camera via the chatroom to the first electronic device and/or the third electronic device.

US Pat. No. 10,924,518

UPF PROGRAMMING OVER ENHANCED N9 INTERFACE

Cisco Technology, Inc., ...

1. A method comprising: determining, by a first packet gateway controller connected to a first session manager device, that a user equipment moved to a geographical area that is served by a second session manager device; receiving, by the first packet gateway controller, a set of information for a second packet gateway controller; transmitting, by the first packet gateway controller, a session establishment request via a first network interface to the second packet gateway controller using segment routing via a second network interface; receiving, by the first packet gateway controller, a session establishment response of a first network interface type from the second packet gateway controller, via the second network interface, confirming the second packet gateway controller's ability to meet a requested quality of service and maximum bit rate, and providing the second packet gateway controller's address, and a set of tunnel identifiers; and transmitting, by the first packet gateway controller, the session establishment response of the first network interface type, to the first session manager device.

US Pat. No. 10,924,517

PROCESSING NETWORK TRAFFIC BASED ON ASSESSED SECURITY WEAKNESSES

Sophos Limited, Abingdon...

1. A method of securing a computer network, the method comprising:selecting a security weakness for users of an enterprise network;
transmitting electronic communications to the users of the enterprise network, the electronic communications containing a response object corresponding to the security weakness;
detecting a request from an endpoint associated with the response object;
determining that a threat assessment failure related to the security weakness has occurred based on detecting the request from the endpoint;
for a user associated with the endpoint, adjusting a profile of the user based on a determination that the threat assessment failure occurred, wherein adjusting the profile of the user includes adjusting a security profile for one or more additional endpoint devices previously identified in a database of network users as associated with the user; and
processing network traffic to and from the endpoint and the one or more additional endpoint devices according to the adjusted profile of the user associated with the endpoint.

US Pat. No. 10,924,516

MANAGING NETWORK CONNECTIONS BASED ON THEIR ENDPOINTS

Snowflake Inc., San Mate...

1. A method comprising:storing a master connection file comprising a list of desired connections for a plurality of networked resources, wherein each connection in the master connection file defines a first resource and a second resource between which the connection exists;
obtaining, for each of one or more of the plurality of networked resources, a connection indication file indicating one or more actual connections maintained by the networked resource;
detecting one or more differences between the master connection file and the actual connections maintained by the one or more of the plurality of networked resources by comparing at least one entry in the master connection file with the one or more actual connections of each networked resource as indicated by a connection indication file of each networked resource; and
providing a notification of any detected differences between the master connection file and the actual connections maintained by the one or more of the plurality of networked resources indicated by the connection indication file.

US Pat. No. 10,924,515

METHODS AND SYSTEMS FOR PROTECTING A SECURED NETWORK

Centripetal Networks, Inc...

1. A method of filtering packets at a packet security gateway that provides an interface across a boundary of a network protected by the packet security gateway and one or more networks other than the network protected by the packet security gateway, the method comprising:receiving, by the packet security gateway and from a security policy management server located in the one or more networks other than the network protected by the packet security gateway, a dynamic security policy comprising a first set of packet filtering rules to be applied to all network traffic traversing the boundary via the packet security gateway, wherein one or more first packet filtering rules of the first set of packet filtering rules were automatically created by the security policy management server based on malicious traffic information received from one or more malicious host tracker services, and wherein each packet filtering rule of the first set of packet filtering rules comprises:
at least one packet matching criterion,
one or more corresponding packet transformation functions, and
metadata indicating at least one malicious host tracker service, of the one or more malicious host tracker services, corresponding to the respective packet filtering rule, wherein the metadata comprises an identification of a feed managed by the at least one malicious host tracker service that provides network addresses of malicious hosts;
configuring, based on the first set of packet filtering rules, the packet security gateway;
performing packet filtering on a first portion of packets associated with the network protected by the packet security gateway based on the first set of packet filtering rules by performing at least one of multiple packet transformation functions specified by one or more packet filtering rules of the first set of packet filtering rules on the first portion of packets, wherein the at least one of the multiple packet transformation functions specified by the one or more packet filtering rules of the first set of packet filtering rules corresponds to a packet digest logging function that supports a network communications awareness service and comprises generating a record comprising:
first data, from a packet, that matches first packet matching criterion of a packet filtering rule, wherein the packet filtering rule corresponds to the packet digest logging function; and
second data that comprises:
the first packet matching criterion,
the one or more corresponding packet transformation functions, and
the metadata indicating the at least one malicious host tracker service corresponding to the respective packet filtering rule,
wherein the network communications awareness service is provided based on one or more criteria that are indicative of packet communications that are of interest to an organization that operates the network;
reformatting, in accordance with a logging system standard, the record; and
forwarding, by the packet security gateway and to the network communications awareness service, the reformatted record.

US Pat. No. 10,924,514

MACHINE LEARNING DETECTION OF FRAUDULENT VALIDATION OF FINANCIAL INSTITUTION CREDENTIALS

Intuit Inc., Mountain Vi...

1. A method for increasing security in a computer network, the method comprising:receiving, in a software program executing on a first internal computer, a first request to attach a first user account for the software program to an external secure account, wherein the first request comprises a first set of user credentials for accessing the external secure account and a first unverified email address, the external secure account controlled by a second external computer;
receiving, after receiving the first request and at the first internal computer, a plurality of features comprising a plurality of metrics, the plurality of metrics describing at least creation of the first user account and including at least the first unverified email address;
calculating, by a machine learning model processing the plurality of features and executing on the first internal computer, a probability score that the first request is fraudulent;
comparing, by the first internal computer, the probability score to a first threshold to form a comparison result; and
performing, by the first internal computer, a security action with respect to attaching the first user account to the external secure account in response to the comparison result.

US Pat. No. 10,924,513

ACTION DETECTION AND NETWORK SECURITY POLICY ENFORCEMENT BASED ON WIRELESS-TRANSMISSION INTERFERENCE PATTERNS

NORTONLIFELOCK INC., Tem...

15. A system comprising:one or more processors; and
a non-transitory memory storing one or more instructions that, when executed on the one or more processors, perform an operation, the operation comprising:
collecting, at a web security gateway that enforces a network security policy, time-series data describing interference patterns in a series of wireless transmissions sent between the web security gateway and an endpoint device, wherein the wireless transmissions occurred at least partially concurrently with an action performed upon a user interface at the endpoint device and the time-series data comprises at least one of channel state information (CSI) values, received signal strength (RSS) values, or Doppler shift values;
sending the time-series data to a remotely executed network security service via a network;
receiving, from the remotely executed network security service in response to the sending, an action type of the action, the action type indicating at least one of a scrolling action, a pressing action, and a clicking action;
comparing the action type to the network security policy; and
blocking a network communication associated with the action based at least in part on the comparison.

US Pat. No. 10,924,512

SECURE EMAIL GATEWAY WITH DEVICE COMPLIANCE CHECKING FOR PUSH NOTIFICATIONS

VMware, Inc., Palo Alto,...

1. A method for providing secure access to an email server, comprising:receiving, at a gateway server, a request from a notification server for notification information from the email server, wherein the request includes a header identifying a plurality of at least two devices associated with a same user;
determining whether each of the plurality of identified devices complies with at least one compliance rule;
if at least one of the identified devices complies with the at least one compliance rule, passing the request from the gateway server to the email server;
receiving a response from the email server at the gateway server; and
sending a response message from the gateway server to the notification server, the response message including a response header indicating whether each of the plurality of devices is or is not compliant with the at least one compliance rule.

US Pat. No. 10,924,510

METHOD AND SYSTEM FOR A DISTRIBUTED EARLY ATTACK WARNING PLATFORM (DEAWP)

PRAESIDEO B.V., Utrecht ...

9. A computer implemented method for a system for a distributed early attack warning platform (DEAWP), the method comprising:coupling a plurality of protected computer devices to a first communications network;
respectively coupling a plurality of monitoring node devices between the plurality of protected computer devices and the first communications network and monitoring with the plurality of monitoring node devices data communications transmitted over the first communications network between the plurality of protected computer devices;
coupling a second communications network separate from the first communications network to the plurality of monitoring node devices, wherein data transmission in the second communication network is faster than in the first communication network; and
based on the monitored data communications transmitted over the first communications network, the plurality of monitoring node devices communicating information over the second communications network regarding potential cyber-threats on the plurality of protected computer devices or the first communications network.

US Pat. No. 10,924,509

CROSS-SITE REQUEST FORGERY PROTECTION

salesforce.com, inc., Sa...

1. A server digital data device (“server”) comprising:web server software executing within an application layer on the server,
the web server software responding to a first and second requests received from one or more client digital data devices (each, a “client”) over a network by, for each such request, (i) validating a key encoded with a time-based code and received from the client with that request, (ii) generating a result code indicative of a success of that validation, wherein the result code is a “valid” code if the validation of the key was successful and a “defer” code if the validation of the key was not successful and storing the result code in a buffer accessible outside the application layer (iii) initiating processing of that request, including invoking server resource software executing outside the application layer,
the server resource software executing outside the application layer and checking the result code stored in the buffer upon invocation and before performing a protected operation required for processing the first request, the result code indicating success of validation of the key received with that first request, and the server resource software responding to that result code being a “defer” code by exiting before executing the protected operation, and
the server resource software processing the second request without checking the result code indicating success of validation of the key received with the second request, the second request not necessitating a protected operation.

US Pat. No. 10,924,508

PROVIDING ACCESS TO DATA IN A SECURE COMMUNICATION

SonicWALL Inc., Milpitas...

1. A method for securely providing access to data in a secure communication, the method comprising:receiving an indication that a client device is initiating a secure communication connection with a computing device at a first processing core of a multi-core processing system;
receiving a first packet sent between the client device and the computing device via the secure communication connection;
receiving handle information that includes a virtual address and a physical memory address;
storing translation information based on the receipt of the handle information, wherein the stored translation information associates the virtual address and the physical memory address with the secure communication connection;
creating session keys and secure keying material related to the secure communication connection;
storing the created session keys and the secure keying material in a physical memory, wherein the created session keys and the secure keying material that are stored in the physical memory are available to decrypt data included in subsequent data packets associated with the secure communication connection;
creating a new packet to send to a destination from data included in the first packet, wherein the newly created packet secures the data included in the first packet based at least in part on the created session keys;
allowing the newly created packet to be sent to the destination;
allowing access to the physical memory address based on the translation information associating the virtual address with the physical memory address and the secure communication connection; and
accessing by the first processing core data stored at the physical memory address based on a request that includes the virtual address.

US Pat. No. 10,924,507

AUTO CONFIGURATION SERVER AND METHOD

Alcatel Lucent, Nozay (F...

1. A method to prevent internet protocol address spoofing for execution by an Auto Configuration Server being coupled via at least one load balancer in a broadband network to at least one device comprising at least one gateway device, in at least one home network said method comprises remotely managing said device by using a CPE WAN Management Protocol on top of a Hypertext Transfer Protocol, said method comprises:receiving from said device a CWMP Inform message;
determining from said CWMP Inform message according to a CWMP data model parameter a public IP address of said gateway device;
retrieving from a X-Forwarded For field in a http header field at a http level of said CWMP Inform message a Forwarded IP address;
comparing said public IP address with said Forwarded IP address; and
deciding based on the comparison whether spoofing is present,
wherein the retrieving includes,
predetermining a number n of said at least one load balancers, according to a network topology in said broadband network, through which the CWMP Inform message passes in order to reach said Auto Configuration Server; and
retrieving said Forwarded IP address in said X-Forwarded For field as a function of an n-most last IP address.

US Pat. No. 10,924,506

MONITORING CLOUD COMPUTING ENVIRONMENTS

Red Hat, Inc., Raleigh, ...

1. A method comprising:receiving, by a processor, a request to subscribe to a monitoring service with respect to computing resources associated with a user account, the request specifying a first application and access information for a cloud computing system comprising a plurality of virtual machines associated with the computing resources;
monitoring, using the access information, resource usage by a plurality of applications running on the plurality of virtual machines, wherein the plurality of applications comprises the first application and a second application spawned by the first application, wherein the resource usage differs between virtual machines of the plurality of virtual machines;
receiving, in view of the monitoring, resource usage data reflecting types and duration of usage of the computing resources;
identifying, in view of the resource usage data, a virus-infected application running on a virtual machine of the plurality of virtual machines, wherein the virus-infected application is one of: the first application or the second application;
terminating, by the processor, the virus-infected application; and
generating, in view of a set of user rights associated with each virtual machine of the plurality of virtual machines, a report comprising resource usage information for the virtual machine, where the report indicates the difference in resource usage due to termination of the virus-infected application.

US Pat. No. 10,924,505

PASSCODE BASED ACCESS-CONTROL WITH RANDOMIZED LIMITS

Red Hat, Inc., Raleigh, ...

1. A method comprising:accessing an account that is associated with a set of computing resources and comprises a first passcode and a plurality of second passcodes, wherein the account is associated with a limit to a number of passcodes and wherein the first passcode enables access to the set of computing resources and wherein the plurality of second passcodes enable constrained access to the set of computing resources;
associating, by a processing device, the plurality of second passcodes with respective randomized resource limit that restrict a number of sub passcodes that can be created, wherein the respective randomized resource limit comprise different values that are each less than the limit for the account;
receiving a first request to create a sub passcode, wherein the first request is associated with one of the second passcodes having constrained access;
denying the first request in response to a first attempt to create the sub passcode associated with one of the second passcodes in excess of the respective randomized resource limit;
receiving, from a computing thread, a second request to create a passcode for the account; and
denying the second request to create the passcode in response to a second attempt to create the passcode for the account in excess of the respective randomized resource limit, wherein the computing thread is unable to determine a value for the respective randomized resource limit.

US Pat. No. 10,924,504

DUAL-PORT MIRRORING SYSTEM FOR ANALYZING NON-STATIONARY DATA IN A NETWORK

International Business Ma...

1. A method of analyzing non-stationary data in a network of computerized units, wherein the network further comprises a switch in data communication with one or more of said computerized units, wherein the method comprises:aggregating, by the switch, data received via input ports of the switch;
mirroring distinct sets of the data via two switch ports that comprise a first port and a second port, the first port mirroring the aggregated data and the second port mirroring the data selectively according to the second port's latest configuration, the mirroring via the first port and via the second port being performed concurrently; and
while mirroring said distinct sets of the data:
analyzing first data obtained from data mirrored at the first port;
based on the first data analyzed, reconfiguring the switch for the second port to mirror second data selected from data communicated via the switch; and
analyzing the second data mirrored at the second port.

US Pat. No. 10,924,503

IDENTIFYING FALSE POSITIVES IN MALICIOUS DOMAIN DATA USING NETWORK TRAFFIC DATA LOGS

Amazon Technologies, Inc....

1. A method comprising:receiving, by one or more computer processors coupled to at least one memory, a set of malicious domain name identifiers from a subscription service server, the set of malicious domain name identifiers comprising a first domain name identifier and a second domain name identifier;
determining, using a domain name system (DNS) lookup tool, a first set of internet protocol (IP) addresses comprising a first IP address associated with the first domain name identifier;
determining, using the DNS lookup tool, a second set of IP addresses comprising a second IP address associated with the second domain name identifier;
determining a first virtual private cloud (VPC) flow log for a first VPC comprising network traffic corresponding to the first IP address, the first VPC flow log comprising flow log records representing network flow for each network interface in the first VPC;
generating a first data object representative of the first VPC flow log;
determining a second VPC flow log for a second VPC comprising network traffic corresponding to the second IP address, the second VPC flow log comprising flow log records representing network flow for each network interface in the second VPC;
generating a second data object representative of the second VPC flow log;
determining a first distance between the first data object and a cluster of data objects that is representative of VPC flow log data for non-malicious network traffic;
determining a second distance between the second data object and the cluster of data objects;
determining that the first distance is less than a threshold value;
determining that the first IP address is associated with non-malicious network traffic;
generating a whitelist indication for the first domain name identifier;
determining that the second distance is equal to or greater than the threshold value; and
determining that the second IP address is associated with malicious network traffic.

US Pat. No. 10,924,501

CYBER-SECURITY PRESENCE MONITORING AND ASSESSMENT

Allstate Insurance Compan...

1. A cyber-security system, comprising:one or more processors;
a memory unit storing computer-executable instructions, which when executed by the one or more processors, cause the cyber-security system to:
monitor a communications network for confidential information associated with a consumer account of a consumer;
determine, based on a plurality of digital accounts associated with the consumer on the communications network, a digital safety value indicative of a risk of a data breach of the confidential information;
detect an action event associated with the confidential information, wherein the action event comprises that the consumer has consolidated the plurality of digital accounts with a centralized login; and
adjust the digital safety value based on the detected action event.

US Pat. No. 10,924,499

DETECTION OF GENUINE SOCIAL MEDIA PROFILES

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method for performing a detection of genuine social media profiles, the computer-implemented method comprising:receiving from a requesting user, by a processor, a request for a target user;
responsive to receiving the request from the requesting user, analyzing one or more categories associated with user profile information of at least one of the requesting user or the target user based at least in part on the request;
calculating one or more category scores for the one or more categories, wherein the one or more category scores comprises a post sub-category score, wherein calculating the post sub-category score comprises:
obtaining posts from a requesting user profile of the requesting user;
comparing the obtained posts of the requesting user to user profile information for the target user, wherein the requesting user is different than the requesting user;
calculating a total score from the one or more category scores; and
providing a notification to the target user based on the total score prior to the user accepting the request.

US Pat. No. 10,924,498

SYSTEM AND METHOD FOR REGISTERING SUBSCRIBABLE STATES IN BLOCKCHAIN

ADVANCED NEW TECHNOLOGIES...

1. A computer-implemented method, comprising:obtaining, by one or more servers, a request for registering a workflow;
deploying in a blockchain, by the one or more servers, a blockchain contract comprising the workflow, wherein the deployed blockchain contract is executable to update a current state of the workflow among one or more states of the workflow; and
creating, by the one or more servers, one or more local states of a state machine off the blockchain, the created one or more local states respectively mapped to the one or more states of the workflow in the blockchain.

US Pat. No. 10,924,497

JUST-IN-TIME ACCESS BASED ON GEOLOCATION TO MAINTAIN CONTROL OF RESTRICTED DATA IN CLOUD COMPUTING ENVIRONMENTS

MICROSOFT TECHNOLOGY LICE...

1. A computerized system comprising:one or more hardware processors; and
one or more computer storage media storing computer-useable instructions that, when used by the one or more hardware processors, cause the one or more hardware processors to:
receive, at a service within a cloud computing environment, a request for just-in-time (JIT) access to a resource within a production environment of the cloud computing environment, the request specifying request parameters including a level or type of access requested and information regarding an incident in the cloud computing environment;
access, from a database of JIT policies stored in the cloud computing environment for a plurality of resources within the production environment of the cloud computing environment, a JIT policy for the resource specified by the request, the JIT policy stored in the database for processing by the service within the cloud computing environment to allow the service to automatically determine whether to grant JIT access to the resource;
determine, from the JIT policy for the resource, geolocation criteria restricting JIT access to the resource based on geolocation;
determine, by the service within the cloud computing environment, to approve the request for JIT access based at least in part on automatically evaluating the request parameters using the JIT policy for the resource to determine whether the level or type of access requested is automatically approved depending on a type of the incident and whether the incident is active and comparison of the geolocation criteria to a geolocation of a device associated with the request for JIT access; and
based on determining to automatically approve the request for JIT access, provision a JIT access session for the device including setting a time limit for the JIT access session.

US Pat. No. 10,924,496

SYSTEMS AND METHODS FOR MANAGING LOCATION-BASED ACCESS CONTROL LISTS

NORTONLIFELOCK, INC., Te...

1. A computer-implemented method for managing location-based access control lists, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:identifying a collection of devices that are located within a physical space, wherein the collection of devices comprises monitoring devices that are capable of monitoring user activity within the physical space;
determining, based on user activity data received from the collection of devices, that an authorized user is attempting to modify, on a location-based access control list for a wireless network, access rights of a target computing device near a location indicated by the authorized user in the physical space;
detecting, based on the user activity data, the target computing device near the location indicated by the authorized user; and
in response to detecting the target computing device indicated by the authorized user, modifying, on the location-based access control list, the access rights of the target computing device, thereby enabling the target computing device to join the wireless network.

US Pat. No. 10,924,495

VERIFICATION METHOD, APPARATUS, AND SYSTEM USED FOR NETWORK APPLICATION ACCESS

Huawei Technologies Co., ...

1. A verification method used for network application access, wherein the method comprises:receiving, by a control device, a first encrypted token sent by a verification server, wherein the first encrypted token is an encrypted token generated by the verification server, the first encrypted token comprises first location information and an access permission of a user, and the first location information is used to identify a network location at which a terminal is located when sending a user verification request, and the access permission of the user comprises a list of content that can be accessed by the user;
decrypting, by the control device, the first encrypted token to obtain the first location information and the access permission of the user;
generating, by the control device, a second encrypted token according to the first encrypted token, wherein the second encrypted token comprises the first location information;
sending, by the control device, the second encrypted token to the terminal;
receiving, by the control device, a fourth encrypted token from the terminal and forwarded by a forwarding device, the fourth encrypted token is carried in a content access request sent by the terminal to the forwarding device;
verifying, by the control device, whether the fourth encrypted token is the same as the second encrypted token based on the first location information in the first encrypted token; and
in response to the control device verifying that the fourth encrypted token is the same as the second encrypted token, sending, by the control device, a first message to the forwarding device, wherein the first message comprises the access permission of the user, and the first message indicates that the terminal succeeds in the verification.

US Pat. No. 10,924,494

METHOD AND APPARATUS FOR PROVIDING AN ADAPTABLE SECURITY LEVEL IN AN ELECTRONIC COMMUNICATION

BlackBerry Limited, Wate...

1. A method for providing security in an electronic communication system, comprising:preparing, by a communication device, a plurality of frames, wherein each individual frame in the plurality of frames has a header and data, wherein the preparing the plurality of frames comprises;
for each individual frame:
determining a security level for the individual frame, the security level indicating whether to provide encryption for the individual frame and whether to provide integrity for the individual frame;
based on the security level, including security control bits in the header of the individual frame, wherein the security control bits include one or more security mode bits and integrity level bits, the one or more security mode bits indicate whether encryption is on or off, the integrity level bits indicate which of at least three integrity levels is utilized, the integrity levels corresponding to signing operations of a sender of increasing strength; and
encrypting the data according to the security level for the frame; and
transmitting the plurality of frames to a recipient device.

US Pat. No. 10,924,493

SECURE, NON-DISRUPTIVE FIRMWARE UPDATING

IMPRIVATA, INC., Lexingt...

1. A thin client device comprising:at least one peripheral device facilitating interaction with a user;
a processor;
a network interface; and
writable, nonvolatile memory for storing firmware instructions executable by the processor, the firmware instructions defining:
(i) a caching loader which, when executed by the processor, causes (A) communication, via the network interface, with a remote firmware server, (B) identification of at least one firmware application needed by the client device but not stored thereon, (C) downloading for storage, in the nonvolatile memory, of the at least one identified firmware application, (D) identification of at least one newer versions of the at least one identified firmware application following initial download thereof, and (E) management of transition, on the thin client device, to the downloaded at least one newer version of the at least one identified firmware application, and
(ii) a self-launching base loader which, when executed by the processor, causes (A) communication, via the network interface, with the remote firmware server, and (B) downloading for storage, in the nonvolatile memory, of the caching loader.

US Pat. No. 10,924,492

INFORMATION LEAKAGE PREVENTION SYSTEM AND METHOD

HITACHI SOLUTIONS, LTD., ...

1. An information leakage prevention system comprising:a plurality of client terminals, wherein each client terminal of the plurality of client terminals includes a client processing unit; and
a management server which controls accesses from the plurality of client terminals to a Command & Control server (C&C server) and a network, wherein the management server comprises:
a user database which stores information concerning a plurality of users of the plurality of client terminals;
a security policy database which stores a plurality of security policies for the plurality of users of the plurality of client terminals, wherein each security policy of the plurality of security policies is assigned to each attribute of each user of the plurality of users, each attribute includes an affiliation and position of a corresponding user and a predetermined time period for delivery of a security policy that corresponds to the corresponding user;
and a server processing unit,
wherein upon detecting a malware infection by a client terminal of the plurality of client terminals, the client terminal transmits malware detection information including C&C server information and information of a user of the client terminal to the management server;
wherein in response to receiving the malware detection information, the management server:
searches the security policy database, based on a time of delivery of the malware detection information and predetermined time period of delivery for each of the plurality of security policies;
selects, using the server processing unit, at least one security policy of the plurality of security policies stored in the security policy database that corresponds to the time of delivery of the malware detection information;
transmits, using the server processing unit, the at least one security policy selected to at least one client terminal;
wherein in response to receiving the at least one security policy selected, the at least one client terminal prohibits connection from the at least one client terminal to the network if the at least one security policy selected prohibits connection to the network, and prohibits connection from the at least one client terminal to the C&C server if the at least one security policy selected prohibits connection to the C&C server.

US Pat. No. 10,924,491

PROCESS MANAGER FOR DIGITAL COMMUNICATION

SAP SE, Walldorf (DE)

1. A computing system comprising:a network interface configured to receive a communication request from a sending device which comprises a process identifier and an action identifier; and
a hardware processor configured to identify a communication process comprising a sequence of steps based on the process identifier and a step within the sequence of steps of the communication process based on the action identifier, identify completed steps in the sequence of steps of the communication process that have been completed based on status information associated with the sending device, and dynamically determine whether the identified step is allowed based on the identified completed steps,
wherein, in response to determining the is identified step is allowed, the hardware processor is further configured to control the network interface to transmit the received communication request to a receiving device.

US Pat. No. 10,924,490

SHARING SENSOR MEASUREMENTS

Aetna Inc., Hartford, CT...

1. A server for sharing sensor measurements, the server comprising:one or more processors; and
a non-transitory computer-readable medium having processor-executable instructions stored thereon, wherein the processor-executable instructions, when executed by the one or more processors, facilitate:
receiving friend information from business to consumer (B2C) entity servers;
receiving sensor information from a user device for gaining access to the sensor measurements;
receiving policy information from the user device, wherein the policy information comprises one or more policies indicating a customizable area for sharing the sensor measurements with a friend device;
receiving a request for the sensor measurements from the friend device, wherein the request comprises a location of the friend device;
determining whether the friend device is authorized to receive the sensor measurements based on the friend information and the location of the friend device being within the customizable area indicated by the received policy information; and
sending, to the friend device, the sensor measurements in response to determining the friend device is authorized to receive the sensor measurements.

US Pat. No. 10,924,489

BUILDING TRUSTED PUBLIC BLOCKCHAIN NETWORKS BASED ON PARTICIPANTS' DIGITAL SOCIAL BEHAVIOR

International Business Ma...

1. A method implemented by at least one hardware processor comprising:receiving, by a privileged peer of a public blockchain network, a request for changing a privilege of a peer of the public blockchain network;
in response to receiving the request for changing the privilege, automatically submitting, by the privileged peer, a trust query for the peer to a trust verification entity of a pre-determined set of trust verification entities;
receiving, by the privileged peer, from the trust verification entity, a trust score associated with the peer;
comparing, by the privileged peer, the received trust score to a pre-determined threshold, the pre-determined set of trust verification entities and the pre-determined threshold being pre-defined as a transaction in a public blockchain;
determining, based on the comparison, whether or not the trust score is greater than the predetermined threshold;
in response to determining that the trust score is greater than the pre-determined threshold, automatically voting, by the privileged peer, that the request be granted;
in response to determining that the trust score is less than or equal to the pre-determined threshold, automatically voting, by the privileged peer, that the request be denied;
receiving, by the privileged peer, votes of other privileged peers of the public blockchain network, the received votes being based on trust scores received by the other privileged peers from at least one trust verification entity in response to trust queries submitted by the other privileged peers responsive to a receipt of the request by the other privileged peers, wherein each of the at least one trust verification entity is a social media platform, each of the received votes from respective other privileged peers determined based on a comparison of a respective trust score against a respective associated pre-determined threshold, each social media platform from which a respective trust score is received having a different associated pre-determined threshold;
determining, by the privileged peer, that a number of the votes for granting the request is sufficient to grant the request; and
in response to determining that the number of votes is sufficient, automatically executing, by the privileged peer, the requested changing of the privilege of the peer, the executing of the requested changing of the privilege comprising one or more of: granting an ability of the peer to submit new transactions to the blockchain, to execute transactions on the blockchain, and to write to the public blockchain.

US Pat. No. 10,924,488

CUSTOMIZATION OF DATA SESSION RETRY MECHANISM IN A WIRELESS PACKET DATA SERVICE NETWORK

BlackBerry Limited, Wate...

1. A method by a mobile communications device, comprising:sending a request for activation of a data session with a node of a wireless network;
receiving, at the mobile communications device, a message in response to the request for activation of the data session, the message comprising a rejection of the request for activation of the data session and a cause code, wherein, a retry configuration is associated with the cause code, the retry configuration being configured by the wireless network and indicating whether a data session retry mechanism is to be disabled or enabled, wherein the retry configuration associated with the cause code is stored in a cause code resource file at the mobile communications device;
determining that the retry configuration indicates that the data session retry mechanism is to be disabled;
disabling, by the mobile communications device, a further request for activation of the data session with the node in response to determining that the retry configuration indicates that the data session retry mechanism is to be disabled;
receiving a second retry configuration associated with the cause code indicating that the data session retry mechanism is to be disabled or enabled;
determining that the second retry configuration indicates that the data session retry mechanism is to be enabled; and
in response to the second retry configuration associated with the cause code indicating that the data session retry mechanism is to be enabled, enabling, by the mobile communications device, a third request for activation of the data session with the node.

US Pat. No. 10,924,487

RESTRICTED WI-FI ACCESS BETWEEN PUBLIC AND PRIVATE SSIDS

CenturyLink Intellectual ...

1. A method, comprising:receiving, with a network device and from a user device having a second identifier associated with the user device, a request for network public access to a network through the network device;
determining, with the network device, whether the user device is associated with a first identifier that is associated with a user having network private access to the network through the network device, wherein determining comprises
accessing, with the network device, a database containing a list of identifiers, and
comparing, with the network device, the second identifier with the first identifier; and
based on a determination that the user device is associated with a first identifier that is associated with a user having network private access to the network through the network device and that the second identifier matches the first identifier, preventing, with the network device, the user device from having network public access to the network.

US Pat. No. 10,924,486

SECURE ACCESS MANAGEMENT FOR TOOLS WITHIN A SECURE ENVIRONMENT

International Business Ma...

1. A computer-implemented method for secure access management for tools within a secure environment, wherein the secure environment has a secure perimeter, the method carried out at a server in the secure environment comprising:accessing a virtual file system for a user in memory on a server side in the secure environment as part of an authenticated user session including a user command instigated by a user;
obtaining at the virtual file system an encrypted file stored in the secure environment, wherein the file holds sensitive data and is encrypted using a public key of the user;
intercepting, by a processor, a read operation at the virtual file system of the encrypted file and sending the encrypted file to a client at a user system external to the secure environment over a secure connection for decryption by a remote cryptography device of the user system using the user's private key; and
receiving, by the processor, the decrypted file at the virtual file system enabling the user to run the required user command.

US Pat. No. 10,924,485

ELECTRONIC SIGNING AUTHORIZATION SYSTEM

Interface Technology (Che...

1. An electronic signing authorization method implemented in a terminal device, the electronic signing authorization method comprising:converting a signing request submitted by an end user into a predetermined format, the predetermined format comprising at least one of a text format, an audio format, or a video format;
verifying an identity of an authorizing user of an authorization layer according to a predetermined verification process;
accepting input data of the authorizing user of the authorization layer when the identity of the authorizing user of the authorization layer is verified;
outputting an authorization command according to the input data when the input data comprises authorization data, the authorization command comprising rejecting the signing request, not authorizing the signing request, or authorizing the signing request;
wherein the predetermined verification process comprises at least one of a password verification process, a fingerprint verification process, a voice recognition verification process, an iris verification process, and a facial recognition verification process; and
wherein after accepting the input data of the authorizing user, the method further comprises:
when the input data comprises data in a text format, using a text recognition engine to recognize keywords of the input data, and determining the authorization command according to the keywords of the input data;
when the input data comprises data in an audio format, using a speech recognition engine to recognize audio features of the input data, and determining the authorization command according to the audio features of the input data;
when the input data comprises data in a video format, using an image recognition engine to recognize image characteristics of the input data, and determining the authorization command according to the image characteristics of the input data.

US Pat. No. 10,924,483

PACKET VALIDATION IN VIRTUAL NETWORK INTERFACE ARCHITECTURE

Xilinx, Inc., San Jose, ...

1. An apparatus comprising:a network interface device to interface between a network and a host device, the network interface device comprising:
at least one receive queue resource configured to store at least one characteristic of at least one receive queue of said host device, the at least one receive queue resource having at least one pointer to at least one next available location for data in the at least one receive queue in at least one storage of said host device;
at least one event queue resource configured to store at least one characteristic of at least one event queue of said host device, the at least one event queue resource being configured to use an identification of a location identified by a pointer of the at least one pointer of the at least one receive queue resource to cause data received from the network to be written to the location identified by the pointer, and to write an event to an event queue in the at least one storage of the host device; and
a controller configured to, for an operation of exchanging data between a receive queue resource of the at least one receive queue resource and an event queue resource of the at least one event queue resource, determine whether the receive queue resource is permitted to communicate with said event queue resource and/or whether the event queue resource is permitted to communicate with the receive queue resource, wherein the operation of exchanging data comprises the receive queue resource providing the pointer of the at least one pointer to the event queue resource when it is determined that communication is permitted.

US Pat. No. 10,924,481

PROCESSING SYSTEM FOR PROVIDING CONSOLE ACCESS TO A CYBER RANGE VIRTUAL ENVIRONMENT

Bank of America Corporati...

1. A system, comprising:a user device;
a secure console host platform;
a virtual air gap; and
a cyber-range host platform,
wherein:
the cyber-range host platform is on a physically separate network than the user device, the secure console host platform, and the virtual air gap;
the cyber-range host platform is configured to host one or more simulated cyber attacks;
user authentication occurs in the virtual air gap, away from the user device and away from the cyber-range host platform;
the user device and the secure console host platform are associated with a first area, the virtual air gap is associated with a second area, and the cyber-range host platform is associated with a third area;
the second area and the third area are physically separate and cannot communicate with each other;
the first area and the third area are physically separate and cannot communicate with each other unless and until a broker authenticates and authorizes a connection within the virtual air gap between the secure console host platform and the cyber-range host platform;
a user of the user device in the first area authenticates in the second area to gain access to the third area; and
access to the broker is granted upon verification of authentication credentials associated with the user device, and the broker then grants access to a console hosted by the secure console host platform and located behind a firewall, wherein the user device is configured to prompt for user input that causes simulation of a cyber attack mitigation procedure at the cyber-range host platform after the access to the broker is granted.

US Pat. No. 10,924,480

EXTENDED TRUST FOR ONBOARDING

Cisco Technology, Inc., ...

1. An Internet of Things (loT) server that provides services of an IoT-based system for a plurality of IoT devices, comprising:processing circuitry;
an input/output (I/O) module operative to communicate with at least an IoT device of the plurality of IoT devices and a vendor network server; and
an onboarding application to be executed by the processing circuitry and operative to at least:
receive an onboarding request from the IoT device via the I/O module,
send a confirmation request to the vendor network server via the I/O module, wherein the confirmation request indicates a request to confirm an identity of the IoT device by confirming that the IoT device is connected to a network device authenticated by the vendor network server, wherein the network device comprises a router or switch that has a secure trust mechanism installed,
receive a confirmation response from the vendor network server via the I/O module, wherein the confirmation response indicates whether the IoT device is connected to the network device and is based on a successful authentication of the network device with the vendor network server using the secure trust mechanism, and
upon determining that the confirmation response is a positive confirmation response that indicates the IoT device is connected to the network device, onboard the IoT device for participation in the IoT-based system.

US Pat. No. 10,924,479

SYSTEM AND METHODS TO ESTABLISH USER PROFILE USING MULTIPLE CHANNELS

Aetna Inc., Hartford, CT...

1. A method for authenticating a user to access information and services protected by an authentication system, the method comprising:receiving a request from a user device to access the information and services protected by the authentication system;
capturing device, application and user authentication attributes during the authentication;
comparing the captured device, application and user authentication attributes against previously obtained device, application and user authentication attributes stored in a database associated with the user device and stored as part of a user profile containing the previously obtained device, application and user attributes, wherein the user profile is stored in association with one or more user device profiles, one or more user application profiles, and one or more user authentication profiles, and wherein the one or more user device profiles uniquely identifies at least one device associated with the user;
calculating a risk score based on the comparison of the captured device, application and user authentication attributes against the previously obtained device, application and user authentication attributes; and
determining whether to grant the user device access to the information and services based on the risk score,
wherein the determining whether to grant access to the information and services based on the risk score comprises:
comparing the risk score to one or more of a first predetermined threshold risk level and a second predetermined threshold risk level, wherein the first predetermined threshold risk level is set such that when the risk score meets or exceeds the first predetermined threshold risk level, authentication of the user to access the information and services is achieved with high assurance, and the second predetermined threshold risk level is set such that when the risk score meets or exceeds the second predetermined threshold risk level but not the first predetermined threshold risk level, authentication of the user to access the information and services is achieved with low assurance;
granting access to the information and services in response to the risk score meeting or exceeding either the first predetermined threshold risk level or the second predetermined risk level,
wherein when the risk score meets or exceeds the first predetermined threshold risk level, the method further comprises:
updating the user profile with the captured device, application and user authentication attributes in response to the authentication of the user to access the information and services being achieved with high assurance, and
wherein when the risk score meets or exceeds the second predetermined threshold risk level but not the first predetermined risk threshold level, the method further comprises:
comparing device attributes of the captured device, application and user authentication attributes against device attributes of the previously obtained device, application and user authentication attributes;
in response to common device attributes between the captured device, application and user authentication attributes and the previously obtained device, application and user authentication attributes, upgrading from the low assurance of the authentication to an authentication with high assurance and updating the user profile with the captured device, application and user authentication attributes; and
in response to no common device attributes between the captured device, application and user authentication attributes and the previously obtained device, application and user authentication attributes, the authentication remains at low assurance and the user profile is not updated with the captured device, application and user authentication attributes.

US Pat. No. 10,924,478

IDENTIFICATION BASED ON SNAPSHOT OF DEVICE MEMORY

PayPal, Inc., San Jose, ...

1. A computer system, comprising:one or more computer-readable memories storing program instructions; and
one or more processors configured to execute the program instructions to cause the system to perform operations comprising:
identifying one or more characteristics corresponding to a memory of a trusted device based on analyzing information stored in the memory of the trusted device during one or more instances of a first time period;
detecting an untrusted device attempting to access an account during a second time period, wherein the account corresponds to the trusted device;
in response to the detecting the untrusted device attempting to access the account:
capturing, at the second time period, a snapshot of a memory of the untrusted device,
analyzing the snapshot to identify one or more characteristics of information stored in the memory of the untrusted device during the second time period, and
comparing the identified one or more characteristics of the information stored in the memory of the untrusted device to the identified one or more characteristics corresponding to the memory of the trusted device, wherein the comparing the identified one or more characteristics of the information stored in the memory of the untrusted device to the identified one or more characteristics corresponding to the memory of the trusted device is based on determining that one or more characteristics of the second time period corresponds to one or more characteristics of the first time period; and
in response to determining that a similarity level between the one or more characteristics of the information stored in the memory of the untrusted device during the second time period and the identified one or more characteristics corresponding to the memory of the trusted device is above a threshold level, allowing access to the account.

US Pat. No. 10,924,477

SYSTEM AND METHODS FOR CLIENT IDENTIFICATION AND VERIFICATION

Mastercard International ...

1. An identity verification system for client identification and verification, said identity verification system comprising:a memory device for storing data; and
a processor communicatively coupled to said memory device, said processor programmed to:
receive merchant identification data corresponding to a merchant, the merchant identification data including identification data relating to the identity of the merchant and a primary authorized user for the merchant;
generate a merchant profile from the merchant identification data for the merchant;
generate an activation code for authenticating the primary authorized user based on the merchant profile;
transmit the activation code to the primary authorized user;
receive, from the primary authorized user in response to the activation code, one or more biometrics of the authorized user;
validate the one or more biometrics of the authorized user; and
upon validation of the biometrics, activate a merchant account.

US Pat. No. 10,924,476

SECURITY GESTURE AUTHENTICATION

NCR Corporation, Duluth,...

19. A system (SST), comprising:a device;
at least one camera interfaced to the device; and
a server having a facial and gesture authenticator;
wherein the facial and gesture authenticator is configured to: (i) execute on at least one hardware processor of the server; (ii) dynamically perform facial authentication on a face of a user during a transaction being processed on the device by performing a facial recognition on the face and a depth analysis on a captured image of the face that determines a detected depth of the face within the captured image by using color analysis and determining when the captured image is taken of the face of the user and when the captured image is taken from a user-presented image of the face associated with the user by comparing image colors for the captured image against known first distinctive colors associated with printed images and known second distinctive colors associated with skin tones, comparing a scale of the captured image against a known scale for a field of view of a camera that captures the image, determining based on first abnormalities between the image colors as compared against the known first distinctive colors and the known second distinctive colors and determining based on second abnormalities of the scale of the captured image as compared to the known scale whether the captured image is the face of the user or is the user-presented image, (iii) dynamically perform security gesture authentication on a gesture made by the user during the transaction, and (iii) provide an indication to the device as to whether the user was successfully authenticated for the facial authentication and the security gesture authentication for the user to continue with the transaction on the device.

US Pat. No. 10,924,475

MANAGEMENT OF RELATIONSHIPS BETWEEN A DEVICE AND A SERVICE PROVIDER

ARM LIMITED, Cambridge (...

1. A method for registering an agent device with a remote resource, the method comprising:establishing a communication connection between the agent device and an authentication device;
performing local verification of information received from an interface at the authentication device prior to establishing communication with the remote resource and prior to establishing a relationship between the agent device and the remote resource;
selecting, at the authentication device, the remote resource and initiating registration of the agent device with the remote resource;
generating, at the authentication device, a key pair for authenticating the agent device with the remote resource, the key pair including a first key for the agent device and a second key for the remote resource; and
providing the first key to the agent device for storage at the agent device, and providing the second key to the remote resource for storage at the remote resource, thereby forming a secret data communication channel based on the stored first and second keys between the agent device and the remote resource,
wherein the method further comprises requesting user consent to the registration of the agent device with the remote resource, after generating the key pair for authenticating the agent device with the remote resource.

US Pat. No. 10,924,474

USER SECURITY AUTHENTICATION SYSTEM IN INTERNET AND METHOD THEREOF

EBAY KOREA CO., LTD., Se...

1. A system for providing security authentication in an Internet environment, the system comprising:one or more servers having one or more processing circuits and a non-transitory storage medium, the non-transitory storage medium having computer code that is executable by the one or more processing circuits to cause the one or more servers to perform operations comprising:
generating, for display on a user device, a webpage for receiving user authentication information from a user, the user authentication information comprising user credentials and a selection of at least one of a plurality of displayed code objects, the plurality of displayed code objects each having a unique code value comprising at least two characters;
receiving, from the user device, the user authentication information comprising data that combines the user credentials and the unique code value of the selected at least one of the plurality of displayed code objects;
determining whether the data of the received user authentication information corresponds to previously stored member authentication data for the user, the previously stored member authentication data comprising a preselected at least one of the plurality of displayed code objects; and
enabling the user device to access a web service in response to determining that the data of the received user authentication information corresponds to the previously stored member authentication data for the user.

US Pat. No. 10,924,473

TRUST STAMP

T STAMP INC., Atlanta, G...

1. A computer-implemented method of determining a numerical score related to a trustworthiness of a subscriber, the computer-implemented method being executed by a processor and comprising the steps of:receiving data values from various public or private databases over a network to a host computer with a non-transitory computer readable medium;
receiving, from the subscriber at least one element of subscriber information;
storing at least one data value of the data values or the at least one element of the subscriber information on the host computer with the non-transitory computer readable medium;
providing a first algorithm on the host computer capable of comparing the at least one data value to either at least one other data value of the data values or at least one other element of the subscriber information for similarities or discrepancies to determine a consistency of the data values or of the subscriber information;
providing a second algorithm on the host computer capable of analyzing a quantity, longevity, relevance, and accuracy of the data values and of the subscriber information to apply a weight to each of the quantity, the longevity, the relevance, and the accuracy;
providing a third algorithm on the host computer capable of calculating a numerical value for a trustworthiness of the subscriber based on factors contained in the data values and the subscriber information, similarities or discrepancies between the data values or the subscriber information, and the weights applied to the data values or the subscriber information based on the quantity, the longevity, the relevance, or the accuracy, wherein the first, second, and third algorithms are each separate algorithms;
displaying, to the subscriber, a recommendation to redact one or more sensitive attributes corresponding to the subscriber information, wherein redacting the one or more sensitive attributes excludes the one or more sensitive attributes from being included in trustworthiness score calculations;
generating, with the processor, a composite trust score corresponding to the subscriber based upon the first, second, and third algorithms;
displaying the composite trust score to the subscriber;
transmitting, via the processor, the composite trust score to a digital badge worn by the subscriber;
embedding the composite trust score into the digital badge worn by the subscriber;
detecting at least one trigger event, wherein the at least one trigger event comprises detecting a system and/or electronic computing device operable to receive the composite trust score;
in response to detecting a particular trigger event comprising identifying a physically proximate electronic computing device corresponding to a potential viewer, transmitting the composite trust score from the digital badge worn by the subscriber to the potential viewer wirelessly from the group consisting of Short Message Service (“SMS”), Multimedia Messaging Service (“MMS”), infrared, Bluetooth, and Near Field Communication (“NFC”), wherein the potential viewer may be provided with a dashboard that permits the potential viewer to see the composite trust score with variable combinations of weightings of underlying data based upon criteria in which the potential viewer has greatest confidence, wherein the variable combinations of weightings are adjustable responsive to the potential viewer interacting with the dashboard; and
continually updating the composite trust score of the subscriber by recalculating the composite trust score based on an interval set by a timer to account for new or updated data values and new or updated subscriber information.

US Pat. No. 10,924,472

WEARABLE COMMUNICATION DEVICES FOR SECURED TRANSACTION AND COMMUNICATION

SHENZHEN GOODIX TECHNOLOG...

1. A wearable device for capacitive coupled communications, the wearable device comprising:capacitive sensor transceiver circuitry configured to receive a capacitive coupled signal from a host device, wherein the capacitive coupled signal is received through a body of a user of the wearable device and is modulated to include a request for authentication data including encrypted identification information identifying the wearable device to authenticate the wearable device with the host device, and wherein the capacitive coupled signal is an electrical signal; and
processing circuitry in communication with the capacitive sensor transceiver circuitry to process the received capacitive coupled signal, and transmit, by the wearable device, authentication data, stored in a memory of the wearable device, comprising encrypted identification information and password information modulated on a capacitive coupled reply signal to the host device,
wherein the capacitive coupled reply signal modulated with the authentication data is transmitted through the body of the user of the wearable device, wherein the capacitive sensor transceiver circuitry is configured to receive another capacitive coupled signal from the host device modulated with information including a confirmation indicating a successful authentication of the wearable device with the host device and indicating that the host device is ready for operation, and
wherein in response to the received confirmation, the processing circuitry causes the wearable device to stop transmitting the authentication data.

US Pat. No. 10,924,471

METHOD FOR ENABLING AND/OR REQUESTING ACCESS BY A FIRST NETWORK SUBSCRIBER TO A SECOND NETWORK SUBSCRIBER IN A NETWORK

Robert Bosch GmbH, Stutt...

1. A method for enabling access by a first network subscriber to a second network subscriber in a network, the method comprising:transmitting an identification message from the first network subscriber to the second network subscriber;
receiving a communication request from the first network subscriber with the second network subscriber;
after receiving the communication request, determining whether the second network subscriber has carried out an authentication of the first network subscriber during a first phase;
allowing communication with the first network subscriber if the second network subscriber has carried out the authentication;
receiving an access request from the first network subscriber with the second network subscriber;
after receiving the access request, determining a level of trustworthiness of the first network subscriber; and
enabling access or rejecting access of the first network subscriber based on determined level of trustworthiness,
wherein the identification message includes identification of the first network subscriber and information regarding which services the first network subscriber provides.

US Pat. No. 10,924,470

SECURED NETWORK ARCHITECTURE

NOKIA SOLUTIONS AND NETWO...

1. A method of providing network security in a communications system, said method comprising:providing, in a first apparatus and in a second apparatus, a secure storage for an X.509v3 digital certificate;
mutually authenticating ports of the first apparatus and the second apparatus by using IEEE 802.1X port based authentication and IEEE 802.1AR secure device identity certificates, wherein a number of media access control (MAC) addresses is limited to a configurable number per port in the first apparatus and the second apparatus;
dividing traffic types using an operator-configurable selector function into at least one of user plane, control plane, synchronization plane, and management plane traffic types, or one or more further traffic types;
wherein for Ethernet transport, the method comprises:
creating a virtual port for each selected traffic type;
creating a different media access control security (MACsec) secure connectivity association (CA) for each virtual port;
maintaining an operator-programmable security policy for each of the selected traffic types; and
repeatedly re-authenticating a port by means of an operator-definable timer value.

US Pat. No. 10,924,469

SINGLE SIGN-ON (SSO) FOR INTERNET OF THINGS (IOT) APPLICATIONS

VERIZON MEDIA INC., New ...

1. A method, comprising:establishing, by an Internet of Things (IoT) application of an IoT device, a connection with a mobile application of a mobile device;
sending, by the IoT application, a request to a remote server to return a connector code, the request comprising an identification of the connection;
receiving, by the IoT application, the connector code from the remote server or a second server;
receiving, by the IoT application and from the remote server, an interval for use in polling the remote server in connection with completion of an authorization of the IoT application;
transferring, by the IoT application, the connector code to the mobile application via the connection,
wherein the mobile application sends a consent communication to the remote server that comprises the transferred connector code and a consent to authorize the IoT application, and
wherein the remote server generates an authorization code to send to the IoT application based on at least the consent communication from the mobile application; and
receiving, by the IoT application, the generated authorization code from the remote server.

US Pat. No. 10,924,468

REMOTE DESKTOP PROTOCOL PROXY WITH SINGLE SIGN-ON AND ENFORCEMENT SUPPORT

Citrix Systems, Inc., Fo...

1. A method for launching a connection to a resource link from a client device, the method comprising:authenticating, by a device intermediary to a client device and one or more servers, the client device for access to a plurality of resource links accessible via the one or more servers, the plurality of resource links include one or more remote desktop protocol (RDP) connections;
providing, by the device to the client device, a list of the plurality of resource links responsive to the authentication;
receiving, by the device, a request from the client device, identifying a first resource link from the plurality of resource links and information indicating at least one server of the one or more servers to establish an RDP connection; and
causing, by the device, first authenticated credentials for the first resource link to be stored on the client device via a script downloaded to the client device from the device and responsive to the request, the first authenticated credentials corresponding to the client device to access the first resource link through the RDP connection via the at least one server of the one or more servers, and wherein the client device is configured to launch a connection to the first resource link from the client device using the first authenticated credentials stored on the client device.

US Pat. No. 10,924,467

DELEGATED AUTHORIZATION FOR ISOLATED COLLECTIONS

Microsoft Technology Lice...

1. A system comprising:at least one processor; and
memory coupled to the at least one processor, the memory comprising computer executable instructions that, when executed by the at least one processor, performs a method comprising:
receiving, from a requestor, a request to access a graph database comprising a resource identifier, wherein access to the graph database is based on a first set of security permissions;
locating an underlying resource corresponding to the resource identifier, wherein access to the underlying resource is based on a second set of security permissions;
determining whether the requestor satisfies the second set of security permissions, wherein determining whether the requestor satisfies the second set of security permissions comprises sending a credential associated with the requestor to a resource provider associated with the underlying resource; and
when the requestor satisfies the first set of security permissions and does not satisfy the second set of security permissions, providing access to the graph database without providing access to the underlying resource.

US Pat. No. 10,924,466

SYSTEM AND METHOD FOR IOT SECURITY

SmartAxiom, Inc., Fuller...

1. A method of enabling secure access to at least one Internet of Things (JOT) device on a network by an JOT security system, comprising:receiving, by a processor of an JOT gateway device of the JOT security system, at least one encrypted block generated by at least one JOT device on the network, wherein the at least one encrypted block comprises a unique device identification (ID), a previous device token, a current device token, a time stamp, and an event data;
parsing, by the processor, the at least one encrypted block received to determine the unique device ID of the at least one JOT device;
verifying, by the processor, the authenticity of the at least one JOT device using a device chain to validate a device signature and identity of the at least one JOT device;
determining, by the processor, access to an event chain using a previous event token and a current event token of the at least one encrypted block, upon successful verification of the at least one JOT device;
validating, by the processor, the received event data by time synchronizing the device chain and the event chain;
updating, by the processor, the event chain with the received event data upon verifying the received event data using the time stamp, the previous device token and the current device token of the at least one encrypted block.

US Pat. No. 10,924,465

SPLIT AUTHENTICATION NETWORK SYSTEMS AND METHODS

Extreme Networks, Inc., ...

1. A method, comprising:receiving one or more packets wirelessly transmitted from a user device through a wireless access point to access a trusted network;
extracting onboarding characteristics from the one or more packets, wherein the onboarding characteristics comprise information on one or more of a device type, an authentication stage of the one or more packets, a device manufacturer, a device operating system (OS), and a device owner;
determining, based on the onboarding characteristics, a type of an Extensible Authentication Protocol (EAP) associated with the user device based on the one or more packets;
upon determining that the type of the EAP associated with the user device is a first EAP, routing the one or more packets to a first authentication server provided in the trusted network and associated with the first EAP, for authentication of the user device according to the first EAP, wherein the first EAP is configured to authenticate the user device using a server certificate and independent of a self-signed user certificate; and
upon determining that the type of the EAP associated with the user device is a second EAP different from the first EAP, routing the one or more packets to a second authentication server provided in the trusted network and associated with the second EAP, for authentication of the user device according to the second EAP.

US Pat. No. 10,924,464

AUTOMATIC CREDENTIAL ROTATION

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving a first request for access to at least one resource, the first request including a first credential string corresponding to an output of a key stretching algorithm operated on an access credential for a first number of iterations;
receiving a second credential string, the second credential string corresponding to the output of the key stretching algorithm operated on the access credential for a second number of iterations;
generating a local copy of the second credential string, using the first credential string processed by the key stretching algorithm for the second number of iterations;
determining that the second credential string matches the local copy of the second credential string; and
granting, in response to a second request, access to the at least one resource.

US Pat. No. 10,924,463

DELEGATING INTERMEDIATION ON AN EXCHANGE OF ENCRYPTED DATA

ORANGE, Paris (FR)

1. A method for processing data, implemented within an intermediary module between a customer module and a server module connected through a communications network and communicating via a data transmission protocol, the data transmission protocol defining a control stream readable by the intermediary module, in addition to a data stream of encrypted data exchanged between the customer module and the server module, the control stream being independent and distinct from the data stream and transmitted in parallel of the data stream, wherein the method comprises the following acts:receiving a message identifying a data frame of said data stream of encrypted data, said data frame comprising an intermediation request identifying an intermediation operation to be performed relative to said data stream of encrypted data, said message being transmitted within said control stream;
after the reception of said message, receiving, from one among the customer and server modules, the data frame identified by the message, said data frame having:
a first part in which pieces of the encrypted data, whose content is not accessible by the intermediary module, are transported; and
a second part forming said intermediation request, readable by the intermediary module, the second part comprising a field identifying the intermediation operation to be performed; and
processing relative to said encrypted data as a function of said operation of intermediation said field identifying the intermediation operation to be performed.

US Pat. No. 10,924,462

CRYPTANALYSIS METHOD AND SYSTEM

1. A system for decrypting an encrypted cellular digital communication transmitted to or by a tranceiver of a client device, said system comprising:communication circuitry configured to receive the encrypted cellular digital communication, wherein the encrypted digital communication is encrypted according to a given encryption algorithm which employs an XORing of bits of digital communication with a keystream generated from an encryption key to generate the encrypted digital communication, and the digital communication is characterized by a given error correction coding scheme employed prior to encryption, where the error correction coding is based on a binary matrix associated with a characterized linear redundancy data streams generated using a convolutional error correction coding;
processing circuitry configured to recover the encryption key from the encrypted cellular digital communication with a recovery process of the encryption key that comprises deriving equations based on redundancy introduced by the error correction coding and using an XORing function over data bits of the encrypted cellular digital communication.

US Pat. No. 10,924,461

SECURE TWO-WAY BEACON IN AN INTERNET OF THINGS (IOT) SYSTEM

Afero, Inc., Los Altos, ...

1. A system comprising:a beacon to transmit a first advertisement packet associated with 1-way functions available from the beacon and to further transmit a second advertisement packet associated with 2-way functions available from the beacon, wherein the first advertisement packet and the second advertisement packet are transmitted concurrently by the beacon within a same time interval but at different frequencies and/or over different channels;
the first advertisement packet to cause an app and/or hub to be initialized on a mobile device; and
the second advertisement packet to cause the beacon to establish a first secure communication channel to a cloud service through the app and/or hub on the mobile device, wherein the beacon is to receive data from the cloud service over the first secure communication channel.

US Pat. No. 10,924,460

SYSTEMS AND METHODS FOR DIVIDING FILTERS IN NEURAL NETWORKS FOR PRIVATE DATA COMPUTATIONS

TRIPLEBLIND, INC., Kansa...

1. A method comprising:dividing, via one or more computing devices, a plurality of filters in a first layer of a neural network into a first set of filters and a second set of filters;
applying, via the one or more computing devices, each of the first set of filters to an input of the neural network to yield a first set of outputs;
obtaining a second set of outputs associated with the second set of filters, the second set of outputs being based on an application of each of the second set of filters to the input of the neural network;
for each set of filters in the first set of filters and the second set of filters that corresponds to a same filter from the plurality of filters, aggregating, via the one or more computing devices and at a second layer of the neural network, a respective one of the first set of outputs associated with a first filter in the set of filters with a respective one of a second set of outputs associated with a second filter in the set of filters to yield a set of aggregated outputs associated with the first set of filters and the second set of filters;
splitting, via the one or more computing devices, respective weights of specific neurons activated in each remaining layer of the neural network to yield a first set of weights and a second set of weights, the specific neurons being activated based on one or more activation functions applied to the set of aggregated outputs;
at each specific neuron from each remaining layer, applying, via the one or more computing devices, a respective filter associated with each specific neuron and a first corresponding weight from the first set of weights to yield a first set of neuron outputs;
obtaining a second set of neuron outputs associated with the specific neurons, the second set of neuron outputs being based on an application of the respective filter associated with each specific neuron to a second corresponding weight from the second set of weights;
for each specific neuron, aggregating one of the first set of neuron outputs associated with the specific neuron with one of a second set of neuron outputs associated with the specific neuron to yield aggregated neuron outputs associated with the specific neurons; and
generating an output of the neural network based on one or more of the aggregated neuron outputs.

US Pat. No. 10,924,459

LOCATION CONTROL AND ACCESS CONTROL OF EMAILS

Futurewei Technologies, I...

1. A sender device comprising:a processor configured to:
generate an email;
generate a control mechanism for the email, the control mechanism instructs a security server to implement a location control policy that affects a recipient device's use of the email, the control mechanism comprises an invalidation number field, an allowed location field, and a maximum openings number field, the invalidation number field requires that the email be destroyed when an invalidation counter exceeds an invalidation number, the invalidation counter is based on a recipient identifier (ID) and increments when a universally unique identifier (UUID) is not in an encryption record table, the UUID uniquely identifies an encryption record of the email, and the recipient ID uniquely identifies an email account of a recipient of the recipient device;
integrate the control mechanism into the email to generate an integrated email; and
generate a recall request requesting that the security server instruct the recipient device to destroy the email, wherein the recall request comprises the UUID or a sender ID;
a transmitter coupled to the processor and configured to transmit the integrated email to the security server for the security server to implement the control mechanism; and
a receiver coupled to the processor and configured to receive, from the security server and in response to the recall request, a destruction confirmation confirming that the recipient device destroyed the email.

US Pat. No. 10,924,458

GENERATING AN APPLICATION-BASED PROXY AUTO CONFIGURATION

Juniper Networks, Inc., ...

1. A network device, comprising:one or more memories; and
one or more processors to:
identify an application signature associated with a web application;
determine, based on an application-based policy associated with the web application, an access method to be used to transmit traffic associated with the web application;
generate a proxy auto configuration (PAC) file using:
the application signature associated with the web application,
the access method to be used to transmit the traffic associated with the web application, and
wherein the one or more processors, when generating the PAC file, are to:
dynamically generate the PAC file based on network endpoint information, associated with the web application, being added to a cache and identified in the cache; and
provide the PAC file to a client device to permit the client device to transmit the traffic associated with the web application based on the PAC file.

US Pat. No. 10,924,457

PACKET CLEANING METHOD AND APPARATUS

ALIBABA GROUP HOLDING LIM...

1. A packet cleaning method, comprising:acquiring a packet type and a destination address of a target packet;
acquiring, from a configuration file, a first attack type set according to the packet type, and a second attack type set according to the destination address, wherein the second attack type set comprises types of attacks that a device corresponding to the destination address receives from within a period of time;
generating a cleaning strategy chain corresponding to the target packet according to the first attack type set and the second attack type set; and
cleaning the target packet based on the cleaning strategy chain, comprising:
calling each cleaning strategy according to an order of cleaning strategies in the cleaning strategy chain, and
determining whether to discard the target packet according to the called cleaning strategy;
sending the target packet to the device corresponding to the destination address in response to the determination of not discarding the target packet.

US Pat. No. 10,924,456

METHODS AND SYSTEMS FOR EFFICIENT ENCRYPTED SNI FILTERING FOR CYBERSECURITY APPLICATIONS

Centripetal Networks, Inc...

1. A method comprising:receiving, by a packet-filtering device from an intelligence provider, one or more threat indicators, wherein the one or more threat indicators comprise a plurality of domain names associated with one or more threats;
determining a plurality of packet-filtering rules associated with each of the one or more threat indicators, wherein the one or more threat indicators comprise a matching criterion for the plurality of packet-filtering rules;
receiving, from a first device, a plurality of packets, wherein the plurality of packets comprise ciphertext comprising an encrypted server name indication (eSNI) value;
determining whether a plaintext hostname is resolvable from the ciphertext;
determining, based on a determination that the plaintext hostname is resolvable from the ciphertext, whether the plaintext hostname matches at least one of the one or more threat indicators; and
applying, based on a determination that the plaintext hostname matches at least one of the one or more threat indicators, a packet filtering operation associated with one or more of the plurality of packet-filtering rules to the plurality of packets, wherein the packet filtering operation comprises at least one of: blocking the plurality of packets from continuing toward its intended destination, allowing the plurality of packets to continue to its intended destination and forwarding a copy of the plurality of packets to a first proxy for monitoring, or forwarding the plurality of packets to a second proxy.

US Pat. No. 10,924,455

METHOD AND SYSTEM FOR IMPLEMENTING A CLUSTER-WIDE COMMUNICATION OVER A SINGLE PORT

Dell Products L.P., Roun...

1. A system for implementing a handshake between a source node cluster having file domains and a destination node cluster to which said file domains are replicated, the system comprising:a source node cluster having a plurality of nodes and a replication manager; and
a destination node cluster having a plurality of nodes, a replication manager and a single port manager for each node of the destination node cluster, wherein a number of the nodes at the destination node cluster and the number of nodes at the source node cluster is unequal,
wherein each of the single port managers is configured to inform the replication manager at the source node cluster of the node at the destination cluster node where the replication manager of the destination node cluster is located, via a single port opened in a firewall monitoring communication going between the source node cluster and the destination node cluster, wherein said single port is an only port that is opened for communication via said firewall between said source node cluster and said destination node cluster,
wherein the replication managers of the source and destination node clusters are configured to replicate all files and processes on the nodes of the source node cluster to the nodes of the destination node cluster via said single port,
wherein all replicated file domains register with the single port manager of the node on which they are replicated, and
wherein the single port manager is configured to communicate with the source node cluster via said single port to provide descriptors of replicated file domains, in response to inquiries from the source node cluster.

US Pat. No. 10,924,454

COMPUTING DEVICE AND METHOD FOR GENERATING A FABRIC-WIDE IPV6 ADDRESS

KALOOM INC., Montreal (C...

1. A computing device comprising:memory for storing a configuration file, the configuration file comprising an Internet Protocol version 6 (IPv6) base prefix and a fabric identifier; and
a processing unit for:
determining a host identifier;
generating an IPv6 prefix by combining the IPv6 base prefix stored in the configuration file and the fabric identifier stored in the configuration file; and
generating an IPv6 address by combining the IPv6 prefix and the host identifier.

US Pat. No. 10,924,453

METHOD FOR ASSIGNING CONTROLLABLE LUMINAIRE DEVICES TO CONTROL GROUPS

IDEAL Industries, Inc., ...

1. A method for automatically assigning a group address to a controllable luminaire device of a plurality of controllable luminaire devices, comprising:receiving an indication that the controllable luminaire device is to be added to a logical community of controllable luminaire devices;
determining that adding the controllable luminaire device to the logical community causes a number of controllable luminaire devices within the logical community to exceed an established threshold; and
in response to determining that adding the controllable luminaire device to the logical community causes the number of controllable luminaire devices within the logical community to exceed the established threshold, automatically assigning to each of the plurality of controllable luminaire devices within the logical community a group address and thereafter using a command addressed to the group address to commonly control those controllable luminaire devices of the plurality of controllable luminaire devices within the logical community as a group.

US Pat. No. 10,924,452

AUDITING IP ADDRESS ASSIGNMENTS

Amazon Technologies, Inc....

1. A system for validating a stored association between an IP address and a use for the IP address, comprising:a memory bearing instructions that, upon execution by a processor, cause the system at least to:
obtain information about the IP address from at least one source of information about IP addresses;
determine, based on the stored association, data indicating the use for the IP address;
determine from the information whether the IP address is being used in a manner identified by the use for the IP address based at least in part on a determination of whether the information about the IP address received from at least one source matches at least one criteria determined based on the data indicating the use;
store an indication of whether the IP address is being used in a manner identified by the use for the IP address in a memory;
obtain information about a second IP address from the at least one source of information about IP addresses wherein the IP address and the second IP address belong to a range of IP addresses; and
determine whether the second IP address is being used in a manner identified by the use for the second IP address based at least in part on the information about the IP address received from the at least one source.

US Pat. No. 10,924,451

COMMUNICATION DEVICE, CONTROL METHOD OF COMMUNICATION DEVICE, AND STORAGE MEDIUM

CANON KABUSHIKI KAISHA, ...

1. A communication device that has a network interface and allocates an IP address obtained from a DHCP server to the network interface and communicates with an external device by using the IP address, comprising:at least one memory that stores instructions; and
at least one processor that executes the stored instruction to:
set, based on a user's operation via a setting screen, an operation setting of the communication device as to whether or not to change a communication speed to a low speed in a case where the communication device shifts to a power save mode,
when the communication device detects link-up of the network interface, determine that it is unnecessary to obtain the IP address from the DHCP server again if it is set as the operation setting to change the communication speed to the low speed in a case where the communication device shifts to the power save mode, and determine that it is necessary to obtain the IP address from the DHCP server again if it is set as the operation setting not to change the communication speed to the low speed in a case where the communication device shifts to the power save mode; and
in accordance with occurrence of link-up of the network interface, perform control to transmit a DHCP DISCOVER packet onto the linked-up network, to search for a DHCP server on the network, and to allocate, to the network interface, an IP address distributed from the DHCP server found by the search if it is determined to be necessary to obtain the IP address again;
wherein, if it is determined to be unnecessary to obtain the IP address again, the DHCP DISCOVER packet is not transmitted onto the linked-up network even in a case where link-up of the network interface occurs,
wherein, if it is set as the operation setting to change the communication speed to the low speed in a case where the communication device shifts to the power save mode, the communication device detects the link-up of network interface at least in a case where the communication transitions from the power save mode to a normal power mode.

US Pat. No. 10,924,450

ALLOCATION OF RESOURCES DURING SPLIT BRAIN CONDITIONS

TELEFONAKTIEBOLAGET LM ER...

1. A first resource allocation device having control of a first set of network addresses and cooperating with a second resource allocation device having control of a second set of network addresses, the first resource allocation device comprising a processor acting on computer instructions whereby said first resource allocation device is operative to:receive a request for a network address, wherein the request was transmitted by a requestor;
in response to the request for the network address transmitted by the requestor, select a first network address, wherein the first network address is included in the second set of network addresses which is controlled by the second resource allocation device and further wherein the first network address is not included in the first set of network addresses which is controlled by the first resource allocation device;
after selecting the first network address, transmit to the second resource allocation device a resource allocation message comprising the selected first network address;
determine whether the first resource allocation device has received, within a predetermined response time, an acknowledgment of the resource allocation message transmitted by the second resource allocation device; and
as a result of determining that the first resource allocation device has received the acknowledgment of the resource allocation message within the predetermined response time, transmit to the requestor a response message responding to the request transmitted by the requestor, wherein the response message comprises a protocol data unit comprising a header and payload, wherein the payload comprises the first network address.

US Pat. No. 10,924,449

INTERNET PROTOCOL (IP) ADDRESS ASSIGNMENT

Facebook, Inc., Menlo Pa...

1. A method comprising:by a computing device, partitioning a block of Internet protocol (IP) addresses into one or more sets of continuously sequential IP addresses, wherein each set of IP addresses corresponds to a particular one of a plurality of geographically-distributed Internet points of presence (PoPs), wherein each of the IP addresses in the block corresponds to one of a plurality of global services, and wherein each of the plurality of PoPs delivers one or more of the global services from one of a plurality of geographic locations of the PoP;
by the computing device, assigning a respective one of the sets of continuously sequential IP addresses to each PoP, wherein a prefix of each set of continuously sequential IP addresses comprises a first portion that is fixed for all of the plurality of PoPs and a second portion that is unique for a particular PoP;
by the computing device, partitioning each set of IP addresses of each of the plurality of PoPs into a plurality of subsets of continuously sequential IP addresses, wherein one or more of the subsets of continuously sequential IP addresses each corresponds to a respective global service;
by the computing device, mapping a particular global service associated with two or more PoPs located at different geographic locations to a suffix range of continuously sequential IP addresses of the one or more of the subsets, wherein the suffix range of the continuously sequential IP addresses mapped to the particular global service is fixed across the two or more PoPs located at different geographic locations; and
by the computing device, assigning a price level to the suffix range of the continuously sequential IP addresses based on the mapped particular global service.

US Pat. No. 10,924,448

CONTENT DELIVERY FROM HOME NETWORKS

CISCO TECHNOLOGY, INC., ...

1. A method comprising:receiving, at a routing device of a home network, a request for content from a first device of the home network, the request identifying the content using an IPv6 address for the content;
determining, by the routing device of the home network in response to receiving the request for the content, whether the content is stored in a cache of a second device of the home network, wherein each of a plurality of devices of the home network is operative to advertise presence of the content and the IPv6 address of the content to other of the plurality of devices of the home network;
upon determining the content is stored in the cache of the second device, determining, by the routing device of the home network, that accessing the content from the second device in the home network has a lower latency than accessing the content from a content server;
sending, by the routing device of the home network in response to determining that accessing the content from the second device has a lower latency than accessing the content from a content server, the request to the second device for the content using the IPv6 address of the content; and
forwarding the content to the first device from the second device, wherein the first and second devices are part of the same layer 2 domain.

US Pat. No. 10,924,447

METHOD AND SYSTEM TO CONVERSE ACROSS FRAGMENTED MESSAGING SERVICES BASED ON DISCUSSION TOPICS

Medallia, Inc., San Fran...

1. A method of managing messages across a plurality of messaging services, comprising:receiving, via a first messaging channel and at a message aggregator, a first message from a first messaging service, wherein the first message is sent by a first user;
sending the first message to a second user via a second messaging channel;
receiving, via the second messaging channel and at the message aggregator, a second message, wherein the second message is sent by the second user;
in response to a request from the first user to continue a conversation via a second messaging service, opening, by the message aggregator, a third messaging channel to the second messaging service, the third messaging channel associated with an account of the first user on the second messaging service, and wherein the conversation is terminated in absence of receiving the request from the first user to continue the conversation via the second messaging service;
sending the second message via the third messaging channel to the first user;
determining that a conversation between the first user and the second user is finished; and
sending a survey, follow-on information, or both, in response to a determination that a conversation is finished.

US Pat. No. 10,924,446

DIGITAL STORY REPLY CONTAINER

Facebook, Inc., Menlo Pa...

1. A computer-implemented method comprising:displaying a shared story, comprising a collection of individual stories composed by a plurality of different contributors, within a stories interface of a story consumption channel provided via a social media application running on a viewer's computing device by ephemerally presenting the individual stories one by one, transitioning from presenting one story to the next automatically, wherein (1) rights to contribute to the shared story are limited to a first group of users invited to contribute to the shared story as contributors and (2) rights to view the shared story are limited to a second group of users indicated by a privacy setting selected by one or more contributors;
receiving user input, from the viewer of the shared story, selecting a selectable reply element associated with the shared story within the stories interface and, in response to receiving the user input selecting the selectable reply element, providing the viewer with a chat room selection prompt that provides the viewer with a choice to select to join an inclusive private chat room or a limited private chat room, wherein (1) rights to access the inclusive private chat room are limited to a third group of users comprising each viewer who has replied to the shared story and each contributor to the shared story and (2) rights to access the limited private chat room are limited to a fourth group comprising the viewer and a subset of the shared story's contributors;
receiving an additional user input to the chat room selection prompt selecting to join the inclusive private chat room in lieu of the limited private chat room;
in response to receiving the additional user input, digitally adding the viewer to the inclusive private chat room associated with the shared story;
transitioning from displaying the stories interface to displaying a chat room interface corresponding to the inclusive private chat room;
receiving user-generated text submitted to a text box within the chat room interface; and
posting, to the chat room interface, a message from the viewer comprising the user-generated text.

US Pat. No. 10,924,445

NOTIFICATION TARGETING

Facebook, Inc., Menlo Pa...

1. A method comprising:by a computing device of a social networking system, receiving a plurality of push notifications of activity on the social-networking system relevant to a user, wherein each push notification has an associated type that is based on activity on the social-networking system;
by the computing device, accessing, from a data store of the social-networking system, previous interactions of the user to notifications having a respective type that is the same as the type associated with the received push notifications;
by the computing device, calculating an interest of each of the associated types of received notifications for the user based at least in part on the previous interactions of the user with the associated type of each received push notification, times at which previous push notifications were sent to the user, and one or more communication media channels that the user used to interact with the previous push notifications;
by the computing device, ranking the received push notifications based at least in part on the calculated interest notification;
by the computing device, determining a push threshold ranking that a notification in the received push notifications requires to satisfy in order to be sent to the user at a given time period;
by the computing device, sending one or more of the push notifications to the user at the given time period, wherein each of the sent push notifications has a ranking higher than the push threshold ranking, and wherein each of the sent push notifications is sent through a particular communication media channel by which the user is likely to interact with the notification during the given time period based on the previous interactions of the user;
by the computing device, monitoring in real-time, using one or more counters, a conversion rate of a set of push notifications of each type from the sent push notifications, the conversion rate indicating number of push notifications of each type from the sent push notifications for which the user has completed a particular action on the social-networking system; and
by the computing device, automatically adjusting in real-time the push threshold ranking for the one or more of the push notifications of a particular type based on results of the one or more counters, wherein the push threshold ranking is adjusted, without explicit user input, to maintain a target conversion rate for the particular type of the push notifications based on the results of the one or more counters.

US Pat. No. 10,924,444

DEVICE, METHOD, AND GRAPHICAL USER INTERFACE FOR MANAGING CUSTOMER RELATIONSHIPS USING A LIGHTWEIGHT MESSAGING PLATFORM

FACEBOOK, INC., Menlo Pa...

1. A method comprising:at a server system with a processor and memory storing instructions for execution by the processor:
receiving a first message from an electronic device of a first user to an electronic device of a second user;
generating a set of potential reply messages, for the second user, based on one or more reply factors, including content from one or more messages between the first user and the second user;
sending, to the electronic device of the second user, a data structure that includes a hierarchical interaction tree having a plurality of interaction nodes, wherein each interaction node of the plurality of interaction nodes corresponds to a respective one of the potential reply messages;
in accordance with a determination that a predefined time period has elapsed without the second user selecting a potential reply message, removing, from the hierarchical interaction tree, one or more of the interaction nodes corresponding to respective potential reply messages that are no longer selectable; and
receiving, from the electronic device of the second user, a first reply message that is selected from the set of potential reply messages and corresponds to a respective interaction node of the plurality of interaction nodes in the data structure.

US Pat. No. 10,924,443

ELECTRONIC MESSAGING SYSTEM AND COMMUNICATION DEVICE THAT MONITORS ITS POSITION

Scout Brands LLC, Dover,...

1. An electronic messaging system comprising:a memory operable to store one or more modules; and
a processor operably coupled to the memory, the processor operable to execute the one or more modules to:
receive an electronic message package from a sender, the electronic message package comprising a secret message from the sender associated with a first communication device, an indication of at least one intended recipient, at least one condition for when the secret message is to be viewable by the at least one intended recipient, the at least one condition comprising at least one location condition specified by the sender, the at least one condition specifying where the at least one intended recipient is to be for the secret message to be viewable by the at least one intended recipient, and a teaser composed by the sender that is immediately viewable by the at least one intended recipient before the secret message is viewable, the teaser comprising a hint of the secret message that does not reveal the secret;
monitor, by a sensor, a location of the at least one intended recipient;
obtain, by the sensor, a first location of the at least one intended recipient and at least a second location of the at least one intended recipient;
determine at least one of a speed or a velocity of the at least one intended recipient based on the first location of the at least one intended recipient and the at least a second location of the at least one intended recipient;
determine that the at least one location condition has been met based on the location of the at least one intended recipient;
initiate delivery of the secret message at a second communication device so that the secret message is viewable by the at least one intended recipient only when the at least one condition has been met while the teaser is immediately viewable by the at least one intended recipient; and
terminate monitoring of the location of the at least one intended recipient after the at least one location condition has been met.

US Pat. No. 10,924,441

DYNAMICALLY GENERATING VIDEO CONTEXT

Google LLC, Mountain Vie...

1. A computer-implemented method comprising:receiving a comment of a user of a first content-sharing platform, wherein the comment has originated on the first content-sharing platform, is associated with a media item, and includes a uniform resource locator (URL);
determining a comment thread in which the comment originated on the first content-sharing platform is to be rendered on a second content-sharing platform; and
causing, by a processing device, presentation, on the second content-sharing platform, of the URL to be modified and included in the comment originated on the first content-sharing platform, wherein causing the presentation of the URL to be modified comprises:
determining whether information in the URL is redundant in view of the comment thread in which the comment originated on the first content-sharing platform is to be rendered, and responsive to determining that the information in the URL is redundant, causing the redundant information to be removed from the URL;
determining whether the URL includes a timestamp portion, and responsive to determining that the URL includes the timestamp portion, causing the timestamp portion of the URL to be converted into a time presentation format and
determining whether the URL identifies a derivative media file, and responsive to determining that the URL identifies the derivative media file, causing the URL to be replaced with an image associated with the derivative media file,
wherein instructions associated with a resulting modified presentation of the URL are provided to a client device.

US Pat. No. 10,924,440

METHOD AND APPARATUS FOR PROMPTING WORK STATUS

Alibaba Group Holding Lim...

1. A method implemented by one or more computing devices, the method comprising:obtaining a work status of a preset contact person in an instant communication application including:
obtaining corporate management events from a plurality of management subsystems of a company, the corporate management events being associated with the preset contact person; and
analyzing the corporate management events to determine the work status of the preset contact person, the work status including at least one of normal working, on a business trip, and on vacation;
detecting that a preset function page of the instant communication application is triggered related to the preset contact person;
presenting the work status of the preset contact person in the preset function page when the preset function page is related to the preset contact person; and
displaying supplementary information related to the work status in the preset function page,
wherein the supplementary information includes a proxy contact person corresponding to the preset contact person when the work status of the preset contact person includes at least one of on a business trip or on vacation.

US Pat. No. 10,924,439

HYBRID CONVERSATIONAL CHAT BOT SYSTEM

HRB Innovations, Inc., L...

1. A method of conducting an interview with a user comprising the steps of:loading an interview script including a plurality of interview questions;
determining a question for the user based on the interview script and one or more prior responses previously given by the user;
determining a prompt for the question based on the question, a level of expertise of the user, and a current context of the interview;
determining one or more response widgets of a plurality of types of response widgets for the question based at least in part on a type of information being sought by the question;
presenting a rich chat message to the user including the one or more response widgets and a free-text widget;
receiving, from the user, a free-text response to the question via the free-text widget;
maintaining context throughout the interview based on a user history data store comprising data from a past interaction with the user; and
presenting, to the user, a context-appropriate further explanation based at least in part on the free-text response and the context, wherein the context-appropriate further explanation is a clarified reformulation of the prompt.

US Pat. No. 10,924,437

INTELLIGENT NETWORK SWITCH

VIDEOTEC S.P.A., Schio (...

1. A method for controlling the transfer of data packets in an IP network, wherein the IP network includes a plurality of switches and a plurality of devices connected to the plurality of switches, wherein each switch of the plurality of switches is configured to receive on an input port data packets transmitted from a device of the plurality of devices, the method comprising the following steps performed by the switch:a) analysing the data packets received from said device and extracting information identifying the type of device connected,
b) based on said identifying information, identifying in an internal memory area, criteria to set operating parameters of a software application executed by said device,
c) providing to the device said operating parameters calculated on the basis of the criteria contained in said internal memory area,
d) communicating with other switches of said plurality of switches to receive information about devices connected to said other switches,
e) storing in a memory, topology information relating to the IP network, said topology information comprising:
connection links between all the switches of said plurality of switches,
a list of devices of said plurality of devices connected to each switch of said plurality of switches, and
bandwidth requirements for each of the plurality of devices,
f) calculating, for each of the connection links, a bandwidth request necessary to satisfy data transfer requests for each device, and
g) coordinating with said other switches of said plurality of switches to identify an output port on which to transmit the data packets received at the input port, thereby balancing the total network load between each of the connection links of the IP network;
wherein when the coordination with the other switches of said plurality of switches results in routing rules of the data packets such that a link of the IP network is a critical link with a bandwidth capacity less than that required by the devices of said plurality of devices of said IP network, each switch of said plurality of switches performs a same bitrate reduction algorithm, the bitrate reduction algorithm comprising the steps of:
calculating a reduction factor of the bitrate of one or more devices of said plurality of devices whose data packets transport said critical link, said reduction factor of the bitrate being such that by reducing the bitrate of said one or more devices by the bitrate reduction factor, the bandwidth capacity of the link is greater than the bandwidth request of all the devices whose data packets pass on said critical link,
transmitting to said one or more devices new operating parameters such that the bitrate of the data packets transmitted by said one or more devices is reduced by a factor greater than or equal to said reduction factor, and
performing, on said one or more devices, said software application using the new operating parameters provided by the switch.

US Pat. No. 10,924,436

METHOD AND SYSTEM FOR MANAGING WORKLOADS IN A CLUSTER

Arista Networks, Inc., S...

1. A method, comprising:receiving, by a NameNode server, a link down message from a switch, wherein the link down message indicates that a connection to a first DataNode server is disrupted, and wherein the first DataNode server comprises stored data; and
in response to receiving the link down message:
identifying, using global switch load information, a plurality of other DataNode servers, wherein the global switch load information specifies bandwidth utilization of a plurality of switches connected to the plurality of other DataNode servers;
initiating replication of a copy of the stored data to a second DataNode server of the plurality of other DataNode servers based on the global switch load information;
identifying that a third DataNode server of the plurality of other DataNode servers comprises a disproportionate amount of data relative to remaining DataNode servers of the plurality of other DataNode servers; and
triggering, based on the identification of the third DataNode server, a data storage rebalancing among the plurality of other DataNode servers based on a rebalancing policy.

US Pat. No. 10,924,435

SYSTEM AND METHOD FOR PORT REDUCTION USING MULTIPLE CHASSIS LINK AGGREGATION GROUP FOR STACKED DEVICES

Dell Products, L.P., Rou...

1. A server system, comprising:a plurality of servers that are connected in series; and
a top of rack (TOR) switch including a first TOR switch port and a second TOR switch port that are connected to a first end and a second end, respectively, of the series connected servers, wherein a multi chassis link aggregation group (MCLAG) is established on the first TOR switch port and the second TOR switch port to transform the series connected servers into a single logical channel, wherein a highest media access control (MAC) address is determined from the servers to represent the single logical channel, wherein the servers include respective network identification card (NIC) microcontrollers configured to exchange protocol messages to determine the server with the highest MAC address, wherein the NIC microcontroller receives a forwarded MAC address, determines a higher MAC address between the received forwarded MAC address and the MAC address of the receiving server, and forwards the determined higher MAC address to an adjacent server.

US Pat. No. 10,924,434

GRACEFUL DESIGNATED ROUTER HANDOFF

Cisco Technology, Inc., ...

1. A method comprising:receiving, by a first router from a second router, a first Hello message with a first option descriptor and a first priority, wherein the second router is a designated router in a sub-network;
in response to receiving the first Hello message, participating in a designated router election which elects the first router as a new designated router from among a plurality of other routers in the sub-network; and
initiating a staggered handoff process in response to the first option descriptor, the staggered handoff process causing the second router to continue forwarding multicast traffic from a first network to at least one receiver until the new designated router has built a multicast routing tree to receive the multicast traffic from the first network.

US Pat. No. 10,924,433

MIRROR PACKET CONTROL METHOD AND MIRROR PACKET CONTROL DEVICE

FUJITSU LIMITED, Kawasak...

1. A non-transitory computer-readable recording medium having stored therein a program that causes a computer to execute a process, the process comprising:detecting a notification of a completion of movement of a first virtual machine from another device to the computer;
referring, upon the detection of the notification, to first correspondence information to identify a transmission source that transmits a first mirror packet to the first virtual machine, the first correspondence information including a first item associating first identification information of the first virtual machine with second identification information of the transmission source;
transmitting a first deletion instruction to the transmission source, the first deletion instruction instructing deletion of a second item included in second correspondence information stored in the transmission source, the second item associating the first identification information with identification information of a first port of the transmission source through which the first mirror packet is transmitted to the first virtual machine;
detecting that a second virtual machine is stopped, the second virtual machine being coupled to a virtual switch of the computer, the second virtual machine outputting a mirror packet obtained by duplicating a first packet registered in a first buffer used for input/output from/to a third virtual machine coupled to the virtual switch;
storing a second packet in a second buffer different from the first buffer while the second virtual machine is stopped, the second packet being input/output from/to the third virtual machine; and
registering, when the second virtual machine is resumed, the second packet stored in the second buffer in the first buffer.

US Pat. No. 10,924,432

SYSTEM AND METHOD FOR FABRIC LEVEL VERIFICATION OF HOST DEFINED PORT GUIDS IN A HIGH PERFORMANCE COMPUTING NETWORK

ORACLE INTERNATIONAL CORP...

1. A system for fabric level verification of host defined port global unique identifiers (GUIDs) in a high performance computing network, comprising:one or more microprocessors;
a first subnet, the first subnet comprising
a plurality of switches,
a plurality of host channel adapters (HCAs), wherein each of the host channel adapters comprise at least one host channel adapter port, at least one physical function, and at least one virtual function, and wherein the plurality of host channel adapters are interconnected via the plurality of switches,
a plurality of end nodes, the plurality of end nodes comprising at least one virtual machine, and
a subnet manager, the subnet manager running on one of the plurality of switches and the plurality of host channel adapters, the subnet manager being associated with a virtual machine fabric profile;
wherein the first subnet is arranged according to an architecture model selected from the list of architecture models consisting of shared port, virtual switch, and virtual port;
wherein the at least one virtual machine is associated with a plurality of GUIDs and a partition of a plurality of partitions, wherein said association of the at least one virtual machine with the plurality of GUIDs is defined within the virtual machine fabric profile, and wherein said association of the at least one virtual machine with the partition of the plurality of partitions is defined within the virtual machine fabric profile;
wherein the subnet manger receives, in response to an assignment of the at least one virtual machine upon to a virtual host channel adapter, a request from a host channel adapter comprising the vHCA, the request comprising a validation check of the at least one virtual machine virtual host channel adapter; and
wherein the subnet manger validates the at least one virtual machine with respect to the virtual machine fabric profile, and upon such validation, a port associated with the vHCA is initialized in accordance with the virtual machine fabric profile.

US Pat. No. 10,924,431

DISTRIBUTED PROCESSING OF NORTH-SOUTH TRAFFIC FOR LOGICAL NETWORK IN PUBLIC CLOUD

NICIRA, INC., Palo Alto,...

1. A non-transitory machine readable medium storing a managed first forwarding element, which when executed by at least one processing unit of a first host machine in a public datacenter implements a logical network, the managed first forwarding element executing within a first data compute node that operates on the first host machine, the managed first forwarding element comprising sets of instructions for:receiving a data packet from an application, also executing on the first data compute node, that sends and receives data packets through the logical network;
when the data packet has a destination address associated with the logical network, encapsulating the data packet and sending the encapsulated data packet to a managed second forwarding element configured to implement the logical network, the managed second forwarding element configured to implement the logical network, the managed second forwarding element executing within a second data compute node that operates on a second host machine within the datacenter; and
wherein when the data packet has a destination address that is not associated with the logical network, performing network address translation (NAT) to convert a source address of the data packet to an address associated with an interface of the first data compute node and sending the data packet directly to a third forwarding element configured by an administrator of the public datacenter without encapsulating the data packet.

US Pat. No. 10,924,430

STREAMING PLATFORM FLOW AND ARCHITECTURE FOR AN INTEGRATED CIRCUIT

Xilinx, Inc., San Jose, ...

1. A system, comprising:a host system; and
an integrated circuit coupled to the host system through a communication interface and configured for hardware acceleration, wherein the integrated circuit includes:
a direct memory access circuit coupled to the communication interface;
a kernel circuit;
a stream traffic manager circuit coupled to the direct memory access circuit and the kernel circuit, wherein the stream traffic manager circuit is configured to control data streams exchanged between the host system and the kernel circuit;
a first stream interconnect configured to receive data streams from the stream traffic manager circuit and distribute the data streams to the kernel circuit; and
a second stream interconnect configured to receive data streams from the kernel circuit and provide the data streams to the stream traffic manager circuit.

US Pat. No. 10,924,429

USING EDGE-OPTIMIZED COMPUTE INSTANCES TO EXECUTE USER WORKLOADS AT PROVIDER SUBSTRATE EXTENSIONS

Amazon Technologies, Inc....

4. A computer-implemented method comprising:receiving a first request to create an application profile, the first request including values for parameters related to execution of a workload at provider substrate extensions of a service provider network, wherein the parameters include a latency profile for execution of the workload at provider substrate extensions;
receiving a second request to execute an instance of the workload, the second request identifying the application profile; and
sending, to a provider substrate extension, instructions to launch a compute instance based on the application profile, the compute instance to be used execute the workload at the provider substrate extension.

US Pat. No. 10,924,428

ONBOARD DEVICE AND METHOD OF TRANSMITTING PROBE DATA

Toyota Jidosha Kabushiki ...

1. An onboard device mounted in a vehicle, the onboard device comprising:a storage device storing probe data;
a processor and a memory configured to
set priorities depending on a classification of probe data, and
make a first acquisition determination whether first probe data among the probe data has been acquired by the processor and the memory,
a priority of the first probe data being higher than a priority of second probe data among the probe data; and
a communication interface configured to transmit, prior to transmitting the second probe data, the first probe data to a data center via a first communication line among a plurality of communication lines when the processor and the memory determine that the first probe data has been acquired by the processor and the memory, wherein
the processor and the memory are configured to determine whether there is an accessible access point of a second communication line among the plurality of communication lines other than the first communication line,
the communication interface is configured to
connect to the access point of the second communication line when the processor and the memory determine that there is an accessible access point of the second communication line, and
transmit the second probe data to the data center via the second communication line,
the processor and the memory are configured to
make a stop determination whether the vehicle has stopped subsequent to the communication interface transmitting the second probe data;
repeat the first acquisition determination when the processor and the memory determine that the vehicle has stopped, and
the plurality of communication lines includes a mobile phone line, a wireless local area network (LAN), and a wired LAN.

US Pat. No. 10,924,427

HARMONIZED CONTROL PLANES, SYSTEMS AND METHODS

Nant Holdings IP, LLC, C...

1. A networking switch comprising:a plurality of optical physical transport layer resources;
a non-transitory computer readable memory storing virtualized control plane software instructions; and
at least one processor configured to execute the virtualized control plane software instructions to provide a control plane management engine, wherein the control plane management engine is configured to at least:
receive at least one control plane provisioning policy that maps at least one upper layer resource to at least some of the plurality of optical physical transport layer resources;
instantiate at least one virtual control plane by provisioning the at least some of the optical physical transport layer resources for use by the at least one virtual control plane, wherein the at least one virtual control plane operates according to rules of the at least one control plane provisioning policy to configure the at least one virtual control plane to provision at least one lower layer resource based on a request for the at least one upper layer resource; and
manage network traffic among the at least some of the optical physical transport layer resources and external networking nodes according to the at least one virtual control plane.

US Pat. No. 10,924,425

VIRTUAL ELEMENT MANAGEMENT SYSTEM

Cox Communications, Inc.,...

1. A method, comprising:receiving, by an orchestration layer module executing on a computing device, a request via a first input network interface of at least one input network interface, wherein the first input network interface is a Representational State Transfer (REST) interface, wherein the first input network interface is associated with a first type of access network, wherein the at least one network interface includes a second input network interface associated with a second type of access network, and wherein the request is formatted in accordance with a device-independent language;
directing, by a computer processor of the computing device, the orchestration layer module to communicate the request to a control layer module executing on the computing device;
determining, by the computer processor and based on the first type of access network associated with the first input network interface, a first network device to receive the request and an adapter for receiving the request, wherein the adapter is configured to facilitate Internet connectivity via the first type of access network;
directing, by the computer processor, the control layer module to communicate the request to the adapter;
executing, by the computer processor, computer-executable code of the adapter to convert the request to a device-specific language capable of being interpreted by the first network device;
directing, by the computer processor, the adapter to communicate, via a first output network interface, the converted device-specific language request to the first network device, wherein the adapter communicates the device-specific request to the first network device using a communications protocol that provides the first output network interface between the adapter and a data plane comprising the first network device, wherein the data plane is decoupled from a control plane comprising the orchestration layer module and the control layer module;
receiving, by the orchestration layer module, a second request formatted in accordance with the device-independent language; and
directing, by the computer processor, the control layer module to communicate the second request to a virtual machine monitor (VMM), wherein the VMM communicates the second request to a network device proxy, wherein the network device proxy may convert the second request into a device-specific language.

US Pat. No. 10,924,424

SYSTEMS AND METHODS TO VISUALLY ALIGN SIGNALS USING DELAY

BioSig Technologies, Inc....

1. A system for visualization of signals, comprising:a memory comprising:
a first signal module comprising a first digital signal processor (DSP) configured to process a first packet associated with a first biomedical signal, wherein the processing of the first packet incurs a first processing delay;
a second signal module comprising a second DSP configured to process a second packet associated with a second biomedical signal, wherein the processing of the second packet incurs a second processing delay, and wherein signal samples in the first packet are time aligned with signal samples in the second packet;
a configuration path module configured to equalize the first processing delay of the first DSP with the second processing delay of the second DSP, wherein the equalizing causes the first DSP to complete the processing of the first packet approximately simultaneously with the second DSP completing the processing of the second packet;
a display module coupled to the first signal module and the second signal module and configured to display the processed first packet and the processed second packet, wherein the display module is configured to display the processed first packet approximately simultaneously with the processed second packet; and
at least one processor coupled to the memory and configured to execute the first signal module, the second signal module, the configuration path module, and the display module.

US Pat. No. 10,924,422

IMPLEMENTING ENHANCED NETWORK DEVICE LABELING VIA ETHERNET

International Business Ma...

1. A network system for implementing network device identification via a connected Ethernet cable comprising:a server having a port connected by an Ethernet cable, said Ethernet cable connected to a port of a switch;
a processor;
an Ethernet runt packet transmit control tangibly embodied in a non-transitory machine readable medium used in implementing network device identification by use of the processor;wherein the processor is configured for:transmitting, by said processor using said Ethernet runt packet transmit control, a first Ethernet runt packet containing metadata identifying the server name and the port on the cable by the server to the switch;
transmitting a second Ethernet runt packet containing metadata identifying the switch name and the port on the cable by the switch to the server, wherein said processor transmitting the first ethernet runt packet and the second ethernet runt packet comprises:
transmitting intentional ethernet runt packets including 63 byes of less bytes of coded information to determine where the ethernet cable is physically connected; anddynamically identifying and labeling the Ethernet cable, the connected server and port, and the connected switch and port using the transmitted metadata of the first Ethernet runt packet and the second ethernet runt packet.

US Pat. No. 10,924,421

PACKET TRANSMISSION METHOD, TERMINAL, NETWORK DEVICE, AND COMMUNICATIONS SYSTEM

HUAWEI TECHNOLOGIES CO., ...

1. A packet transmission method, comprising:receiving, by a terminal, a retransmitted packet, wherein the retransmitted packet is sent by a server in response to determining that a sent first packet has been lost, wherein a sequence number of the retransmitted packet is the same as a sequence number carried in the first packet; and
upon receiving the retransmitted packet for the first time, sending, by the terminal to the server, a first acknowledgment packet to respond to the retransmitted packet received for the first time, wherein the first acknowledgment packet comprises a repetition indication field for triggering the server to increase at least one of a congestion window size or a slow start threshold.

US Pat. No. 10,924,419

UNDERLAY-OVERLAY CORRELATION

Juniper Networks, Inc., ...

1. A method comprising:collecting, by a network analysis system, flow data for a network having a plurality of network devices and a plurality of virtual networks established within the network, wherein the flow data includes underlay flow data comprising a plurality of underlay data flows and overlay flow data comprising a plurality of overlay data flows,
wherein the underlay flow data identifies, for each underlay data flow included within the underlay flow data, the network devices that have processed network packets associated with the underlay data flow, and
wherein the overlay flow data identifies, for each overlay data flow included within the overlay flow data, one or more of the virtual networks associated with the overlay data flow;
storing, by the network analysis system, the flow data in a data store;
receiving, by the network analysis system, a request for information about a data flow, wherein the request for information specifies a source virtual address for the data flow and further specifies a destination virtual address for the data flow;
querying, by the network analysis system, the data store with the specified source virtual address and the specified destination virtual address to identify, based on correlations between the underlay flow data and the overlay flow data, one or more network devices of the plurality of network devices that have processed at least one packet in the data flow;
determining, by the network analysis system and based on the one or more identified network devices, one or more underlay data paths from the source virtual network to the destination virtual network; and
generating, by the network analysis system, data sufficient to create a user interface illustrating the one or more underlay data paths from the source virtual network to the destination virtual network, wherein generating includes generating a heat map illustrating a traffic level associated with each of the one or more data paths.

US Pat. No. 10,924,418

SYSTEMS AND METHODS FOR FAST DETECTION OF ELEPHANT FLOWS IN NETWORK TRAFFIC

Reservoir Labs, Inc., Ne...

1. A method for sampling a stream of packets arriving at a network node at an optimized sampling rate, so as to facilitate efficient classification of network flows corresponding to the stream of packets arriving at a network node, the method comprising:(a) at a selected sampling rate, sampling a packet from the stream of packets arriving at the network node;
(b) for each candidate number of elephant flows in a set of candidate numbers computing, and storing in a cache of candidate elephant flows associated with the stream of packets, a respective detection likelihood using the sampled packet; and
(c) updating the selected sampling rate according to the one or more detection likelihoods,
wherein the computation of the respective detection likelihood for a particular candidate number of elephant flows is based on pairwise probabilities of relative flow sizes of flow pairs in the cache, and comprises, for each pair of flows in a cache of flows, updating a pairwise probability of relative flow sizes using flow-size metrics of flows in the pair and the sampled packet.

US Pat. No. 10,924,417

COGNITIVE COMMUNICATION CHANNEL-ADAPTATION BASED ON CONTEXT

INTERNATIONAL BUSINESS MA...

1. A computer implemented method comprising:predicting, by one or more processor, an upcoming communication content in a current channel based on learning input data from a plurality of sources relevant to a communication activity of a user, wherein the upcoming communication content is generated by the communication activity of the user;
assessing, by the one or more processor, a response of the user to the upcoming communication content from the predicting;
selecting, by the one or more processor, one of communication channel models based on factors including the upcoming communication content from the predicting and the response of the user from the assessing;
ascertaining, by the one or more processor, that user satisfaction level with the upcoming communication content in the current channel expressed in the response does not meet a predefined threshold for user satisfaction in the communication channel model from the selecting; and
adapting, by the one or more processor, the upcoming communication content in the current channel to another channel by performing an adaptive action corresponding to the communication channel model, wherein the user continues the communication activity by use of the another channel subsequent to the adapting, the predicting comprising:
gathering, from respective sources amongst the plurality of the sources, the input data including, a user profile describing communication capabilities of the user, parameters describing an environment of the communication activity, communication pattern history of the user, and contents being presently and previously communicated in the communication activity; and
producing the upcoming communication content by combining the input data from the gathering according to respective weights corresponding to each item of the input data.

US Pat. No. 10,924,416

METHOD FOR TRAFFIC SHAPING USING A SERIAL PACKET PROCESSING ALGORITHM AND A PARALLEL PACKET PROCESSING ALGORITHM

1. A method for traffic shaping of a packet switched network, including processing of packets to be transmitted in said packet switched network according to at least:a serial packet processing algorithm providing a synchronized utilization of a set of at least one processing unit; and
a parallel packet processing algorithm providing an at least partly unsynchronized utilization of said set of at least one processing unit; wherein
said processing of said packets corresponds to a total packet cost, which is cooperatively shared by said at least one processing unit of said set;
said method comprising the steps of:
determining when said processing according to said parallel packet processing algorithm is used for processing said packets, if shares of said total packet cost for one or more of said at least one processing units; exceed a capacity to process packets for said at least one processing units, respectively, wherein each one of the shares corresponds to one or more packet; and
switching from said processing according to said parallel packet processing algorithm to processing according to said serial packet processing algorithm if said shares of said total packet cost for one or more of said at least one processing units, respectively, is determined to exceed said capacity.

US Pat. No. 10,924,415

DEVICE SHAPING IN A COMMUNICATIONS NETWORK

VIASAT, INC., Carlsbad, ...

7. A method for device shaping traffic in a communications network, the method comprising:receiving a return-link flow at a user-side network node, the return-link flow originating at a source customer premises equipment (CPE) device;
tagging the return-link flow with a device class identifier and with a tunnel identifier that identifies one of a plurality of virtual tunnels, each providing a virtual connection between a provider-side network node and a respective one of a plurality of user-side network nodes via the communications network;
communicating the return-link flow over a provider network to the provider-side network node, the provider-side network node comprising a network address translator (NAT);
storing, at the provider-side network node, the device class identifier in association with a flow identifier of the return-link flow received by the provider-side network node over the provider network, the return-link flow previously tagged with the device class identifier by the user-side network node to indicate one of a plurality of device classes into which the source CPE device of the return-link flow was previously classified according to a predetermined rate-relevant characteristic of the source CPE device;
storing, at the provider-side network node, the tunnel identifier at the provider-side network node in association with the flow identifier;
receiving a forward-link flow at the provider-side network node subsequent to the storing, the forward-link flow indicating a public destination address;
determining, at the provider-side network node, that the forward-link flow corresponds to the return-link flow according to the stored flow identifier and the tunnel identifier by translating the public destination address to a destination tunnel identifier using the NAT and by matching the destination tunnel identifier to the stored tunnel identifier associated with the return-link flow;
identifying, by a device shaper of the provider-side network node, one of a plurality of stored device shaping policies as corresponding to the one of a plurality of device classes of the source CPE device according to the stored device class identifier; and
shaping communication of the forward-link flow over the provider network in accordance with the identified device shaping policy.

US Pat. No. 10,924,414

PROCESSING HIGH VOLUME NETWORK DATA

eBay Inc., San Jose, CA ...

1. A method comprising:receiving, at a sessionization architecture, a plurality of event messages;
detecting that an event message of the plurality event messages is marked as a particular bot type;
responsive to the event message of the plurality of event messages being marked as a particular bot type, transmitting the event message to a bot detector, the transmitting the event message to the bot detector causing a bypass of one or more sessionizers of the sessionizatin architecture, and
processing remaining event messages of the plurality of event messages through the one or more sessionizers.

US Pat. No. 10,924,413

TRANSMISSION PATH DETERMINING METHOD AND APPARATUS

Huawei Technologies Co., ...

1. A method, comprising:determining that a current path is congested, wherein the current path corresponds to a flow to which a to-be-transmitted packet belongs;
determining a target path for the to-be-transmitted packet based on a path congestion information table, wherein each entry of the path congestion information table comprises a respective transmission path and respective congestion information corresponding to the respective transmission path, the respective congestion information of each entry indicates a respective congestion degree of the respective transmission path, and the respective congestion information of each entry comprises an average quantity of explicit congestion notifications (ECNs) of the respective transmission path corresponding to the respective entry;
adding information about the target path to the to-be-transmitted packet, wherein a congestion degree of the target path is less than a congestion degree of the current path; and
sending the to-be-transmitted packet based on the target path.

US Pat. No. 10,924,411

LOAD BALANCED ACCESS TO DISTRIBUTED ENDPOINTS USING ANYCASTED GLOBAL NETWORK ADDRESSES AND NETWORK ADDRESS TRANSLATION

Amazon Technologies, Inc....

1. A system comprising:a plurality of endpoints, each endpoint being situated in a different geographic location and containing at least one server computing device configured to provide a network-accessible service associated with a network address of the network-accessible service, wherein individual endpoints are assigned respective unicast addresses and are not assigned the network address of the network-accessible service;
at least two access points to the network-accessible service, each of the at least two access points comprising a processor, being situated in a different geographic location, and configured to:
utilize anycast methodology to advertise the network address of the network-accessible service as reachable via the access point;
receive from a client device a network packet addressed to the network address of the network-accessible service;
select an endpoint, from the plurality of endpoints, to which to route the network packet based at least partly on a network performance metric between the client device and the endpoint;
transform the network packet addressed to the network address of the network-accessible service, as advertised as reachable via the access point using anycast methodology, according to network address translation (NAT) to result in a transformed packet that includes, as a destination address of the transformed packet, the unicast address of the selected endpoint; and
route the transformed packet to the selected endpoint.

US Pat. No. 10,924,409

METHOD FOR IMPLEMENTING LOAD BALANCING, APPARATUS, AND NETWORK SYSTEM

HUAWEI TECHNOLOGIES CO, ,...

1. A method for implementing load balancing implemented by a system comprising a controller and a mesh network, wherein the mesh network comprises a plurality of switches, wherein the switches are inter-connected to each other within the mesh network, and wherein the method comprises:obtaining, by the controller, a port attribute of each port of a first switch in the mesh network, wherein the port attribute of each port indicates whether the port is a user-side port or a network-side port, wherein the user-side port is a port configured to couple to a server, and wherein the network-side port is a port configured to couple to another switch in the mesh network;
determining, by the controller according to the port attribute of each port of the first switch, a virtual routing and forwarding instance corresponding to each port of the first switch, wherein all user-side ports of the first switch correspond to a first virtual routing and forwarding instance, and wherein all network-side ports of the first switch correspond to a second virtual routing and forwarding instance that is different than the first virtual routing and forwarding instance;
generating, by the controller, a forwarding table of the first switch according to a topology of the mesh network and the virtual routing and forwarding instance corresponding to each port of the first switch, wherein a first forwarding entry of the forwarding table comprises the first virtual routing and forwarding instance corresponding to all user-side ports of the first switch, a first destination network segment corresponding to the first virtual routing and forwarding instance, and at least two forwarding paths corresponding to the first destination network segment; and
sending, by the controller, the forwarding table to the first switch, wherein the forwarding table enables the first switch to select, according to a load balancing algorithm and the first forwarding entry and from the at least two forwarding paths corresponding to the first destination network segment, a target forwarding path for a packet corresponding to the first destination network segment.

US Pat. No. 10,924,408

SYSTEM AND METHOD FOR OPTIMIZING TRAFFIC IN PACKET-SWITCHED NETWORKS WITH INTERNET EXCHANGES

Noction, Inc., Oakland, ...

1. A system for optimizing Internet traffic on a computer network, the system including one or more servers that are configured to communicate with a destination network through one or more Internet service providers and one or more routers on the computer network, the one or more servers configured to execute computer programs steps, the computer program steps comprising:retrieving configurations of the one or more Internet service providers, including one or more Internet transit providers:
identifying an Internet exchange from the configurations of the one or more Internet service providers;
retrieving a routing table from an edge router, of the one or more routers, that is configured to communicate with the Internet exchange identified:
identifying one or more peers on the Internet exchange, based on the routing table, that provide Internet service to the destination network;
identifying network prefixes carrying Internet traffic that can be routed through the one or more peers on the Internet exchange;
determining performance metrics of the one or more peers on the Internet exchange to identify at least one peer of the one or more peers on the Internet exchange to which the network prefixes may be re-routed; and
determining if the network prefixes will be re-routed through the at least one peer of the one or more peers on the Internet exchange based on the performance metrics.

US Pat. No. 10,924,407

METHOD AND DETECTOR FOR RESOLVING UNICAST FLOODING

TELEFONAKTIEBOLAGET LM ER...

1. A method for resolving unicast flooding in a layer 2 broadcast domain, the method performed in a detector having a medium access control (MAC) address and connected to a port of a switch within the layer 2 broadcast domain, the method comprising:receiving a first flooded packet having a destination MAC address that is different from the MAC address of the detector;
determining a type of a destination node for said first flooded packet based on whether a destination MAC address for said packet is a virtual router redundancy protocol (VRRP) MAC address or whether a destination Internet protocol (IP) address for said packet is an address within the layer 2 broadcast domain if the destination MAC address is not a VRRP MAC address; and,
sending a message to a node in the layer 2 broadcast domain, wherein the message is adapted based on said type to trigger the node to announce its MAC address within the layer 2 broadcast domain, thereby causing the unicast flooding to be resolved.

US Pat. No. 10,924,406

CONTROL DEVICE, CONTROL SYSTEM, CONTROL METHOD, AND NON-TRANSITORY COMPUTER-READABLE STORAGE MEDIUM

OMRON Corporation, Kyoto...

1. A control device comprising:a controller circuitry configured to:
control communication of first control data of which arrival in a first guarantee time is guaranteed according to a preset cyclic period and second control data of which arrival in a second guarantee time longer than the cyclic period is guaranteed and of which a sequence of information included is determined; and
manage a communication schedule of the first control data and the second control data,
wherein control communication of the second control data comprising:
storing the second control data in a buffer memory;
dividing the second control data into a plurality of communication data according to the cyclic period and starting to perform communication of the plurality of communication data;
acquiring new second control data during the communication of the plurality of communication data; and
communicating the new second control data according to the cyclic period, wherein a communication target slave device for the new second control data is the same as the communication target slave device of the second control data, and the controller circuitry is further configured to determine a communication sequence of the plurality of the communication data according to priorities of the second control data, wherein the communication target slave device is a robot device or a robot control device,
wherein, when a priority of the new second control data is higher than a priority of the second control data, the controller circuitry temporarily stops any communication of the second control data and performs a communication of the new second control data, and after the communication of the new second control data is completed, the controller circuitry is further configured to resume the communication of the second control data that has been temporarily stopped,
wherein, when a volume of the new second control data does not reach an upper limit volume for second control data secured for one cycle of the cyclic period, the controller circuitry performs communication of the communication data of the second control data that is temporarily stopped according to the same cyclic period as that of the new second control data.

US Pat. No. 10,924,405

SERVICE FUNCTION CHAINING CONGESTION FEEDBACK

Futurewei Technologies, I...

1. A method for reporting congestion to an upstream device implemented by a downstream device, comprising:receiving, by the downstream device from the upstream device, a packet including a first field containing a value notifying the downstream device of congestion on a service function path within a service function chaining architecture and a service path identifier field configured to contain one or more bits that indicate, to the downstream device, service nodes in a service function chain to which the downstream device should apply the packet;
generating, by the downstream device, a congestion report message in response to receiving, from the upstream device, the packet including the first field and the service path identifier field, wherein the congestion report message includes a modified version of the first field containing the value indicating an existence of the congestion on the service function path within the service function chaining architecture and the service path identifier field, wherein the service path identifier field in the congestion report message includes a service path identifier that specifies the service function path of the congestion within the service function chaining architecture by identifying the service nodes in the service function chain; and
transmitting, by the downstream device, the congestion report message to the upstream device without allowing for change in the value to permit the upstream device to alleviate the congestion.

US Pat. No. 10,924,404

MULTI-TENANT MIDDLEWARE CLOUD SERVICE TECHNOLOGY

MICROSOFT TECHNOLOGY LICE...

1. A computing system comprising:one or more processor(s); and
one or more computer-readable hardware storage device(s) having stored thereon computer-executable instructions that are executable by the one or more processor(s) to apply a middleware function to network traffic by at least:
identifying one or more characteristic(s) of the network traffic;
based on the one or more characteristic(s), determining an identity of a computing entity associated with the network traffic;
identifying a middleware policy associated with the computing entity; and
selecting a middleware function to apply to the network traffic based on the identified middleware policy, wherein, prior to the selected middleware function being applied to the network traffic, the selected middleware function is configured based on the middleware policy.

US Pat. No. 10,924,403

USING A SINGLE CACHE TABLE

Hewlett Packard Enterpris...

1. A method, comprising:receiving, by a processor of a switch, a packet having a tuple, wherein the tuple comprises a plurality of fields, wherein the switch operates using a protocol that compares each field of the plurality of fields to a corresponding table of a series of tables;
comparing, by the processor, the plurality of fields of the tuple to a single cache table instead of the series of tables;
responsive to determining that the plurality of fields of the tuple matches a single entry in the single cache table, accumulating, by the processor, a plurality of actions associated with the plurality of fields of the tuple based on the single entry;
responsive to determining that the plurality of fields of the tuple does not match a single entry in the single cache table:
accumulating, by the processor, the plurality of actions associated with the plurality of fields of the tuple based on a search of the series of tables; and
creating a new entry in the single cache table based on the plurality of fields of the tuple and the plurality of actions; and
applying, by the processor, the plurality of actions to the packet.

US Pat. No. 10,924,401

LIVE APPLICATION AND KERNEL MIGRATION USING ROUTING TABLE ENTRIES

INTERNATIONAL BUSINESS MA...

1. A method comprising:creating, by a controller application executing in a controller system, in a routing table of a first system, a routing table entry for a first application in a set of applications, the first application intended for relocation from the first system to a second system, the first application executing in the first system at a first time, a second application in the set of applications not intended for relocation;
commencing, responsive to relocating the first application from the first system to the second system, execution of the first application on the second system;
creating, by the controller application, at the second system responsive to commencing execution of the first application in the second system at a second time, a mapping entry, the mapping entry causing a forwarded packet to be delivered to the first application at the second system; and
modifying, by the controller application, responsive to a notification that the first application is executing in the second system, the routing table entry of the first system, the modified entry causing a packet addressed to the first application to be forwarded from the first system to the second system.

US Pat. No. 10,924,400

CONFIGURING A NETWORK FORWARDING ELEMENT WITH DATA PLANE PACKET SNAPSHOTTING CAPABILITIES

Barefoot Networks, Inc., ...

1. A method for configuring data plane circuitry of a network forwarding element to produce snapshots of a plurality of data messages passing through the data plane circuitry, the method comprising:at a control plane of the network forwarding element:
configuring a set of snapshot circuitry units in the data plane circuitry to produce a snapshot of contents of a data message processed by the data plane circuitry that matches a set of criteria, wherein the snapshot further comprises a state of the network forwarding element, wherein the state of the network forwarding element further comprises an internal state of the data plane circuitry, and wherein the internal state of the data plane circuitry comprises one or more of: which match tables hit or missed, which match table was accessed, a table pointer to a downstream match-action stage to indicate a next message-processing table to access for a data message, or a message-processing stage error output;
from the data plane circuitry, receiving a notification that a snapshot has been captured; and
retrieving the snapshot from the data plane circuitry, wherein the data plane circuitry comprises a set of match-action stages and the set of match-action stages are to cause storage of a set of attributes associated with a data message that match the set of criteria and based on a set of states, allow a match-action stage to trigger a snapshot capture in a match-action stage.

US Pat. No. 10,924,399

SEGMENT ROUTING PACKET POLICIES AND FUNCTIONS INCLUDING AN ENGINEERED REVERSE REPLY PATH PROVIDING EFFICIENCIES IN COMMUNICATING PACKETS IN A NETWORK

Cisco Technology, Inc., ...

1. A method, comprising:for each particular first segment routing packet of one or more first segment routing packets:
ascertaining a first segment routing policy, by a source node, that comprises a first segment list including a first plurality of segment identifiers in a first forwarding order with the last or second-to-the last segment identifier in the first segment list being a destination segment identifier identifying a destination node in the network and a dynamic return path segment routing function;
sending into the network, by the source node, said particular first segment routing packet including a segment routing source address of the source node as its Internet Protocol source address, a first segment routing header comprising the first segment list, and first data comprising source application information from an application in the source node;
forwarding said particular first segment routing packet through the network to the destination node, including segment routing forwarding according to the first segment list;
receiving said particular first segment routing packet by the destination node;
determining, by a destination application in the destination node, destination application information based on said source application information extracted from said received particular first segment routing packet; and
reacting to the dynamic return path segment routing function which defines a generation of a second segment list and is identified in the destination segment identifier in said received particular first segment routing packet, the destination node sending into the network a second segment routing packet comprising the destination segment identifier or another segment identifier of the destination node as its Internet Protocol source address, second data comprising said destination application information, and a second segment routing header comprising the second segment list generated according to the dynamic return path segment routing function;
wherein the second segment list comprises a plurality of the first plurality of segment identifiers listed in an opposite order of the first forwarding order followed by the segment routing source address acquired from said Internet Protocol source address of said received particular first segment routing packet.

US Pat. No. 10,924,397

MULTI-VRF AND MULTI-SERVICE INSERTION ON EDGE GATEWAY VIRTUAL MACHINES

VMware, Inc., Palo Alto,...

1. A method for a multi-virtual-routing-and-forwarding (“VRF”) and multi-service insertion on edge gateways, the method comprising:detecting a packet;
determining one or more attributes for the packet;
based on, at least in part, the one or more attributes, determining whether the one or more attributes match one or more rule attributes of a particular rule in a rule table;
in response to determining that the one or more attributes match the one or more rule attributes of a particular rule in the rule table:
determining, based on the particular rule, a particular redirection identifier, a particular VRF identifier, a particular next hop, a particular address pair, and a particular BFD status;
based on, at least in part, the particular BFD status, determining whether to redirect the packet; and
in response to determining to redirect the packet, resolving a particular MAC address based on, at least in part, the particular next hop, encapsulating the packet with the particular MAC address, and redirecting the packet toward a service virtual machine from an interface indicated by one of addresses in the particular address pair.

US Pat. No. 10,924,395

SEAMLESS MULTIPOINT LABEL DISTRIBUTION PROTOCOL (MLDP) TRANSPORT OVER A BIT INDEX EXPLICIT REPLICATION (BIER) CORE

CISCO TECHNOLOGY, INC., ...

1. A method comprising:determining that a first plurality of network devices comprise Bit Index Explicit Replication (BIER) edge routers;
creating, in response to determining that the first plurality of network devices comprise BIER edge routers, a Targeted Label Distribution Protocol (T-LDP) session between a first one of the first plurality of network devices and a second one of the first plurality of network devices;
advertising, by the second one of the first plurality of network devices over the T-LDP session, an address of a peer device connected to the second one of the first plurality of network devices; and
placing an entry in a proxy database, wherein the entry indicates a connection between the peer device and the second one of the first plurality of network devices.

US Pat. No. 10,924,393

PER-FLOW CALL ADMISSION CONTROL USING A PREDICTIVE MODEL TO ESTIMATE TUNNEL QOS IN SD-WAN NETWORKS

Cisco Technology, Inc., ...

1. A method, comprising:identifying, by a device, a new traffic flow in a network;
identifying, by the device, a user identifier associated with the new traffic flow;
determining, by the device, a service level agreement (SLA) associated with the new traffic flow based in part on calendar information associated with the user identifier;
using, by the device, a machine learning model to predict whether a particular tunnel in the network can satisfy the determined SLA of the traffic were the traffic flow routed onto the tunnel; and
performing, by the device, call admission control to route the new traffic flow onto the particular tunnel, based on a prediction that the tunnel can satisfy the determined SLA of the traffic.

US Pat. No. 10,924,392

PLANNING AND MANAGING NETWORK PROBES USING CENTRALIZED CONTROLLER

Juniper Networks, Inc., ...

1. A method comprising:constructing, by a network device for a network that includes a plurality of node devices, a topological representation of the network, wherein the topological representation comprises an indication of each of the plurality of node devices and an indication of each link of a plurality of links, each link connecting two node devices of the plurality of node devices; and
for each of the plurality of links:
selecting, by the network device and based on the topological representation of the network, a node device of the two node devices connected by the respective link to measure one or more quality of experience (QoE) metrics for the respective link, wherein the non-selected node device does not measure the QoE metrics for the respective link;
in response to selecting the selected node device to measure the one or more QoE metrics for the respective link, receiving, by the network device and from the selected node device, a set of one or more QoE metrics for the respective link, wherein the set of one or more QoE metrics indicate QoE metrics for data flows flowing from the selected node device to the non-selected node device;
storing, by the network device, the set of QoE metrics for the respective link in a database; and
determining, by the network device and based on the set of one or more QoE metrics for the respective link, a set of one or more counter QoE metrics indicating QoE metrics for data flows flowing from the non-selected node device to the selected node device.

US Pat. No. 10,924,391

SYSTEMS AND METHODS FOR AUTOMATIC TRAFFIC RECOVERY AFTER VRRP VMAC INSTALLATION FAILURES IN A LAG FABRIC

DELL PRODUCTS L.P., Roun...

1. A method for virtual routing redundancy protocol (VRRP) virtual MAC (VMAC) routing failure recovery, the method comprising:responsive to a Link Aggregation Group (LAG) node encountering a VRRP VMAC failure, using a LAG control message to notify a LAG peer node of the VRRP VMAC failure, the LAG node and the LAG peer node being communicatively coupled via an internode link;
determining whether a database associated with the LAG node comprises an entry that indicates that the VRRP VMAC failure has occurred in the LAG peer node; and
responsive to the database not comprising the entry that indicates that the VRRP VMAC failure has occurred in the LAG peer node, generating a forwarding path entry rule for the LAG node to route traffic via the internode link to reduce data loss.

US Pat. No. 10,924,390

UPDATING ENTRIES OF A DISTRIBUTION DATA STRUCTURE

Hewlett Packard Enterpris...

11. A switch comprising:a plurality of ports to connect to a plurality of network paths; and
a controller to:
use a distribution data structure in distributing communications of data packets across the plurality of network paths, wherein the distribution data structure comprises a first data structure with entries pointing to a second data structure; and
responsive to an addition of a new network path or a removal of an existing network path for the switch:
changing entries in the second data structure;
identify selected entries of the first data structure to skip,
update the entries of the first data structure to reflect the change in the second data structure, wherein the selected entries are skipped in the updating,
for each respective network path of the plurality of network paths, compute a respective difference value representing a first number of entries of the distribution data structure mapped to the respective network path prior to the addition or the removal, and a second number of entries of the distribution data structure mapped to the respective network path after the addition or the removal; and
use the difference values in identifying the selected entries of the distribution datastructure to skip.

US Pat. No. 10,924,389

SEGMENT ROUTING BASED ON MAXIMUM SEGMENT IDENTIFIER DEPTH

Telefonaktiebolaget LM Er...

1. A method implemented in an electronic device in a software defined networking (SDN) system, wherein the electronic device serves as a SDN controller in the SDN system, the method comprising:receiving a plurality of values of maximum segment identifier (SID) depths, each from one network element of the SDN system;
identifying a path for one or more packets to transmit through a plurality of network elements, wherein a plurality of SIDs corresponding to the plurality of network elements is ordered to represent the path;
splitting the path into a plurality of sub-paths based on the plurality of values of the maximum SID depths of the plurality of network elements, wherein each network element, for the path, is allocated to process a number of ordered SIDs, and wherein the number is within the network element's maximum SID depth; and
causing packet forwarding of the one or more packets along the plurality of sub paths based on SIDs allocated to the network elements, wherein causing packet forwarding of the one or more packets along the plurality of sub-paths comprises:
sending ordered SIDs of a first sub-path to a selected network element in the first sub-path, wherein the selection is based on the ordered SIDs of the first sub-path;
sending, to a network element that is the last network element in a first sub-path and the first network element in a second sub-path, ordered SIDs of the second sub-path and the same forwarding equivalence class that was sent to the selected network element in the first sub-path.

US Pat. No. 10,924,388

MULTI-PATH ROUTING

Amazon Technologies, Inc....

1. A system comprising:a first computing device comprising one or more processors configured with processor-executable instructions to perform operations comprising establishing real time communications with a second computing device; and
a plurality of intermediate computing devices each corresponding to a physical point of presence in a wide area network implemented by a first service provider, the plurality of intermediate computing devices comprising one or more processors configured with processor-executable instructions to perform operations comprising:
obtaining, from at least one external source, historical performance information regarding a plurality of historical data flows with the first computing device, the historical performance information including a plurality of previously measured latencies of a first data flow of the plurality of historical data flows;
selecting the first data flow from a plurality of established data flows between the first computing device and the second computing device based at least in part on the historical performance information, wherein each of the plurality of established data flows corresponds to a different intermediate computing device of the plurality of intermediate computing devices;
monitoring transmission of at least one data communication along each of the plurality of established data flows;
receiving information from the first computing device or the second computing device, the information responsive to processing the at least one data communication along one or more of the plurality of established data flows; and
selecting a second data flow from the plurality of established data flows based at least in part on the historical performance information and the information received from the first computing device or the second computing device.

US Pat. No. 10,924,387

METHOD AND APPARATUS FOR PREVENTING LOOPS IN A NETWORK TOPOLOGY

Telia Company AB, Solna ...

1. A method for preventing loops in a network topology comprising a plurality of switch devices, the method comprising:assigning, to each switch device, a unique switch identification number, SW-ID;
exchanging each SW-ID between all switch devices;
building, for each switch device, a routing table based on said received SW-IDs, so that the switch devices can reach each other, each entry in the routing table associated with a switch device, and including an assigned SW-ID of the switch device, a dedicated port number, and a number of hops to reach the switch device, the number of hops corresponding to a shortest path to reach the switch device; and
receiving, at a first switch device, a data frame from a second switch device that includes a single switch identification number, namely a source switch identification number, SS-ID, assigned to the second switch device, the data frame is received at a port of the first switch device;
when, according to the routing table of the first switch device, the assigned SW-ID for the port of the first switch device is different from the SS-ID included in the data frame, discarding the data frame, and
when, according to the routing table of the first switch device, the assigned SW-ID for the port of the first switch device is not different from the SS-ID included in the data frame,
processing forwarding the data frame, wherein processing forwarding the data frame comprises:
when the data frame is a broadcast frame or an unknown-unicast frame,
flooding the data frame out from each port of the first switch device that is connected to other switch devices except from the port from which the data frame was received; and
removing the SS-ID from the data frame and flooding the data frame without the SS-ID frame out from each port of the first switch device that is directly connected to at least one host node, and
when the data frame is a known-unicast frame,
checking, using the routing table of the first switch device, if there is any SW-ID assigned to a port number that is associated with a MAC destination address in the data frame; and
when there is no SW-ID, removing the SS-ID from the data frame and forwarding the data frame out from said associated port to its destination MAC address; and
when there is a SW-ID, forwarding the data frame to the switch device having the SW-ID.

US Pat. No. 10,924,386

DATABASE PROTOCOL FOR EXCHANGING FORWARDING STATE WITH HARDWARE SWITCHES

NICIRA, INC., Palo Alto,...

1. A method for a service node to forward packets through a network, the method comprising:at the service node:
receiving an unknown unicast packet for a particular virtual network from a forwarding element that implements the virtual network with a plurality of other forwarding elements that include hardware and software forwarding elements;
replicating the unknown unicast packet; and
sending a replica of the unknown unicast packet to each hardware forwarding element in a first set of hardware forwarding elements comprising at least two hardware forwarding elements from which the service node did not receive the unknown unicast packet,
wherein a hardware forwarding element in the first set of forwarding elements outputs the unknown unicast packet to a port of the hardware forwarding element when the hardware forwarding element identifies the port as being connected to a machine with an address that is the same as a destination address of the unknown unicast packet.

US Pat. No. 10,924,385

WEIGHTED MULTIPATH ROUTING CONFIGURATION IN SOFTWARE-DEFINED NETWORK (SDN) ENVIRONMENTS

NICIRA, INC., Palo Alto,...

1. A method for a network manager to perform weighted multipath routing configuration in a software-defined networking (SDN) environment that includes the network manager, a first node, and multiple next-hop second nodes, the method comprising:obtaining, by the network manager from the multiple next-hop second nodes, state information associated with the multiple next-hop second nodes, wherein the multiple next-hop second nodes each provide a next hop from the first node in multiple respective paths for an egress packet that is destined from the first node to a destination network;
based on the state information associated with the multiple next-hop second nodes, assigning, by the network manager, the multiple next-hop second nodes with respective multiple weights, wherein:
the state information represents a plurality of performance-related parameters that respectively correspond to a plurality of sub-weights,
each particular weight of the multiple weights is computed based on the plurality of sub-weights, and
a value of at least one sub-weight of the plurality of sub-weights is configurable to provide more consideration to the at least one sub-weight in computing the particular weight, relative to other sub-weights of the plurality of sub-weights; and
generating and sending, by the network manager, control information that specifies the multiple weights to the first node to cause the first node to select, based on the multiple weights, a particular next-hop second node from amongst the multiple next-hop second nodes as the next hop to receive the egress packet from the first node.

US Pat. No. 10,924,384

TRAFFIC ENGINEERING FOR BORDER GATEWAY PROTOCOL

Ciena Corporation, Hanov...

1. A method, implemented at a first Border Gateway Protocol (BGP) speaker node of a first autonomous system, the method comprising:receiving an advertisement having information pertaining to available bandwidth on one or more links between the first autonomous system and a second autonomous system, the advertisement received from a second BGP speaker node of the second autonomous system;
performing a BGP best path calculation between the first and second autonomous systems at the first BGP speaker node, by selecting a link from the one or more links, wherein selecting the link is based on the available bandwidth and real traffic data on the one or more links;
determining updated available bandwidth on the one or more links; and
transmitting an updated advertisement to the second BGP speaker node based on the determined updated available bandwidth, wherein the updated advertisement is transmitted it the determined updated available bandwidth has changed from a previous value by more than a configurable threshold.

US Pat. No. 10,924,383

UTILIZING SEGMENT ROUTING DATA AND NETWORK DATA TO DETERMINE OPTIMIZED NETWORK PLANS AND TO IMPLEMENT AN OPTIMIZED NETWORK PLAN

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a device, network data associated with a network,
wherein the network includes a plurality of network devices interconnected by links, and
wherein the plurality of network devices utilizes segment routing;
receiving, by the device, segment routing data associated with the network,
wherein the segment routing data at least includes a list of segments associated with paths provided through the network by two or more of the plurality of network devices and corresponding links of the links;
receiving, by the device, constraints associated with determining a network plan for the network,
wherein the constraints at least include a constraint indicating a particular time period associated with determining a plurality of potential network plans for the network;
merging, by the device, the network data and the segment routing data to generate merged data;
processing, by the device, the constraints and the merged data, with an optimization model, to determine the plurality of potential network plans within the particular time period;
providing, by the device and to a client device, information identifying the plurality of potential network plans;
receiving, by the device and from the client device, information indicating a selection of a potential network plan, from the plurality of potential network plans;
identifying, by the device and based on the selection, the potential network plan; and
performing, by the device, one or more actions based on the potential network plan.

US Pat. No. 10,924,382

RAPID AND VERIFIABLE NETWORK CONFIGURATION REPAIR

Raytheon BBN Technologies...

1. A network configuration repair apparatus, the apparatus comprising:memory with policies, extended topology graphs (ETGs) including an all ETG (aETG), and destination ETGs (dETGs) for each policy destination in the policies, stored thereon; and
processing circuitry configured to:
add a routing adjacency or route redistribution edge to a router of the aETG to generate an enhanced aETG (eaETG);
add, for each dETG of the dETGs, static route edges to the destination of the dETG to generate an enhanced dETG (edETG);
determine, for each of the edETGs, all simple paths from all sources to the destination of the edETG;
determine a set of paths (pathtset) over the determined simple paths that satisfies the policies; and
translate the edge additions and/or removals in the eaETG and in the edETGs to an addition and/or removal of one or more of a routing adjacency, routing filter, or static route based on the determined pathset.

US Pat. No. 10,924,381

SYSTEM AND METHOD OF PROCESSING IN-PLACE ADJACENCY UPDATES

Arista Networks, Inc., S...

1. A non-transitory machine-readable medium having executable instructions to cause one or more processing units to perform a method to process changes to forwarding information of a network element in a network, the method comprising:receiving an indication of a change to a network topology of the network, wherein the forwarding information includes a first plurality of prefixes and a plurality of adjacencies and each of the first plurality of prefixes references one of the plurality of adjacencies;
in response to receiving the indication of the change to the network topology, identifying a change to the plurality of adjacencies; and
updating the plurality of adjacencies in-place with the change to the plurality of adjacencies;
wherein the change in the network topology is a peer up, and the in-place updating of the plurality of adjacencies comprises:
receiving a notification of a new peer;
receiving a second plurality of prefixes;
computing a second next hop list from each of the plurality of prefixes;
performing divergence detection between the second next hop list and a first next hop list computed from the first plurality of prefixes; and
if the first and second next hop lists are not diverged, updating the plurality of adjacencies in-place.

US Pat. No. 10,924,380

ADAPTIVE PRIVATE NETWORK (APN) BANDWIDTH ENHANCEMENTS

TALARI NETWORKS INCORPORA...

1. A method for automated bandwidth testing across an adaptive private network (APN) paths, the method comprising:configuring an automated bandwidth test between a user and a network control node (NCN) of the APN;
sending a sequence of N packets from a first site, each of the packets having a same length L, and comprising a timestamp of when sent on a designated path in the APN across a wide area network (WAN) link to a destination site, wherein each of the N packets are configured as control test packets;
receiving the sequence of N packets at the destination site and marking each received packet with a receive timestamp;
determining a path bandwidth according to the difference between the Nth packet and the first packet; and
determining the path bandwidth for data sent from a small bandwidth link to a bandwidth link having two or more times the bandwidth of the small bandwidth link by only accounting for the control test packets and removing client data packets that are intermingled with the control test packets.

US Pat. No. 10,924,379

METHOD AND DEVICE FOR CONTROLLING TRANSMISSION RATE OF A DEVICE UNDER TEST

1. A method for controlling transmission rate of a device under test (DUT) comprising the steps of:establishing a connection to the DUT,
transmitting an operating mode notification in order to adjust at least one of the operating bandwidth or the spatial stream capabilities of the DUT,
receiving an acknowledgement notification from the DUT regarding the correct reception of the transmitted operating mode notification,
withholding the acknowledgement notification transmission until a target modulation and coding scheme are reached, and
repeating transmitting a corrupted acknowledgement notification until the DUT lowers its modulation and coding scheme to the target modulation and coding scheme.

US Pat. No. 10,924,378

SYSTEM AND METHOD FOR LOOPBACK AND NETWORK LOOP DETECTION AND ANALYSIS

Accedian Networks Inc., ...

1. A method of determining the presence of a tunnel loopback at a port on a device in a network, the method comprising:assigning a section level to one or more section of said network;
assigning a unique domain number to one or more domains wherein one domain comprises one or more sections at the same section level;
storing a protocol data unit (PDU) that includes a Virtual Local Area Network (VLAN) signature;
sending a loopback detection beacon (LPDB) containing said PDU, a domain number and a time stamp;
determining whether a detected LPDB arriving at said port contains information corresponding to said stored PDU, to detect the presence of a loopback.

US Pat. No. 10,924,376

SELECTIVE SENSOR POLLING

Google LLC, Mountain Vie...

1. A system to selectively poll sensors via a computer network, comprising:a natural language processor component executed by a data processing system to receive, via an interface of the data processing system, data packets comprising an input audio signal detected by a microphone of a client device;
the natural language processor component to parse the input audio signal to identify a request and a trigger keyword corresponding to the request;
a direct action application programming interface (“API”) of the data processing system to select, based on the trigger keyword, a template for an action data structure responsive to the request, the action data structure to package one or more parameters used by a third party provider device to perform an operation to provide a type of service or a type of product, the template comprising a first field;
a sensor management component of the data processing system to:
determine not to use a sensor of the client device responsive based on at least one of the sensor in an offline state, failure of the sensor to respond to a ping within a time period, a malfunction of the sensor, or failure by the sensor to pass a diagnostic test;
identify, responsive to the determination to not use the sensor of the client device, a plurality of available sensors not coupled to the client device that are coupled to a plurality of client devices that i) are each associated with an end user account associated with the client device, ii) are each within a threshold distance of the client device, and iii) have each successfully performed a handshaking process with the data processing system using credentials of the end user account and are currently online, the plurality of client devices comprising a second client device and a third client device;
identify a plurality of available sensors configured to obtain information for the first field of the action data structure used by the third party provider device to perform the operation to provide the type of service or the type of product, the plurality of available sensors comprising a first sensor of the second client device and a second sensor of the third client device;
determine a status of each of the plurality of available sensors;
select, based on the status and the determination to not use the sensor of the client device, the first sensor of the plurality of available sensors of the second client device of the plurality of client devices;
poll the first sensor for data corresponding to the first field of the action data structure used by the third party provider device to perform the operation to provide the type of service or the type of product;
the direct action API to populate the first field with the data received by the sensor management component responsive to the poll of the first sensor, and to generate the action data structure to provide the type of service or the type of product based on the first field of the template;
the direct action API to transmit the action data structure to the third party provider device to cause the third party provider device to invoke an operation session between the third party provider device and the client device and perform one or more actions that provide the type of service or the type of product based on the one or more parameters packaged in the action data structure generated by the direct action API; and
the data processing system to receive, from the third party provider device, an indication that the third party provider device established the operation session with the client device.

US Pat. No. 10,924,373

OPTICAL LINE TERMINAL OF OPTICAL NETWORK AND UPLINK SCHEDULING METHOD

MITSUBISHI ELECTRIC CORPO...

1. An optical line terminal for an optical network, which is configured to transmit to and receive from one or a plurality of optical network units in a PON-type optical network, the optical line terminal comprising:a processing circuitry
to manage, for each of the one or plurality of optical network units, a transmission delay time in transmission to the one or plurality of optical network units;
to manage, for each of the one or plurality of optical network units, an acceptable waiting time of uplink data of the one or plurality of optical network units;
to obtain, for each of the one or plurality of optical network units, an uplink transmission start time and data amount of the optical network unit, based on uplink assignment information, which is sent from a node different from the optical line terminal and the one or plurality of optical network units; and
to generate, for each of the one or plurality of optical network units, uplink transmission grant information, which is made up of a time point and time length of uplink transmission to the one or plurality of optical network units,
wherein the processing circuitry determines, for each of the one or plurality of optical network units, the uplink transmission grant information on transmission to the one or plurality of optical network units, based on a transmission delay time of the one or plurality of optical network units, on the uplink transmission start time and data amount of the one or plurality of optical network units, and on the acceptable waiting time of uplink data of the one or plurality of optical network units.