US Pat. No. 10,171,590

ACCESSING ENTERPRISE COMMUNICATION SYSTEMS FROM EXTERNAL NETWORKS

CA, Inc., New York, NY (...

1. A computer program product for enabling access to an end service in a private communication system from a cloud-based requestor in a public network, comprising: a non-transitory computer readable storage medium storing computer readable program code which when executed by a processor of an electronic device causes the processor to perform operations comprising:establishing a secure bridge connection between a connector service located outside the private communication system and a tenant application in the private communication system, the secure bridge connection extending between the private communication system and the public network to provide secure communications between the connector service located outside the private communication system and the tenant application within the private communication system to enable access to enterprise services operating within the private communication system from requestors located outside the private communication system wherein the secure bridge connection comprises a secure outbound pipe, accessible with first session credentials, that handles all outbound connections and data flow for carrying requests from the connector service to the tenant application and a separate secure inbound pipe, accessible with second session credentials that handles all inbound connections and data flow for carrying responses from the tenant application to the connector service, wherein the secure inbound pipe and the secure outbound pipe are established with separate session credentials;
receiving a request at the connector service from the cloud-based requestor to use services of the end service, the request including information from the cloud-based requestor addressed to the end service;
creating a virtual communication circuit by associating a cloud side work socket with a unique cloud-side network object identifier (NOID-C) attribute that uniquely identifies the cloud-based requestor, a default network object identifier (NOID-Default) attribute associated with the private communications system, and an end service identifier (ESID) attribute that uniquely identifies an instance of the end service in the private communication system;
storing a virtual communication circuit identifier associated with the work socket, the virtual circuit identifier including the ESID, the NOID-default, and the attributes, after creating the virtual communication circuit; and
transmitting the information addressed to the end service along with the NOID-C and ESID attributes to the tenant application in the private communication system.

US Pat. No. 10,171,588

WEB OPERATION PLAYBACK

International Business Ma...

1. A method for playing back a web operation including at least one input selected from a group of inputs consisting of a document object model (DOM) node event, a web request, and a web response, the method comprising:in response to execution of the web operation, identifying an act input from the group of inputs of the web operation, wherein the act input includes the DOM node event or the web response;
recording web response contents and feature information associated with the act input identified, wherein the feature information includes a temporal sequence feature of the act input and a self-constraint feature of the act input by:
generating a data structure comprising a plurality of temporal sequence features by adding a timestamp to each act input identified among web operations, wherein each entry of the temporal sequence feature in the plurality of temporal sequence features of the act input includes an occurrence sequence of the act input, an action, a prerequisite indicating a prior action upon which the action depends, a prerequisite delay expressed in units of time and timeout of each act input that is a time displacement expressed in units of time determined as a difference between the timestamp of a current act input and a timestamp of a previous respective act input on which the current act input depends;
sorting the plurality of temporal sequence features into a predetermined sequence according to respective timestamps;
responsive to the act input being the DOM node event, recording the self-constraint feature of this act input identifying a DOM node on which the DOM node event depends, and a timeout of the DOM node event; and
responsive to the act input being the web response, recording the self-constraint feature of this act input identifying a correspondence between the web response and a web request that triggers the web response, and a timeout of the web response; and
playing back, in the predetermined sequence, the web operation recorded using the feature information and the web response contents recorded by:
determining for a respective entry in an occurrence sequence of act inputs whether a respective self-constraint feature of the act input that identifies the occurrence sequence of act inputs, the action, the prerequisite identifying the prior action upon which the action depends, and the prerequisite delay expressed in units of time is satisfied, wherein the respective self-constraint feature of the act input is satisfied when an elapsed time since occurrence of the prior action meets or exceeds the prerequisite delay;
responsive to determining that the respective self-constraint feature is satisfied, determining whether the timeout expressed in units of time since a previous respective act input on which the current act input depends is satisfied, wherein the timeout since the previous respective act input is satisfied when a second elapsed time since occurrence of the previous respective act input meets or exceeds the timeout; and
responsive to determining that the timeout expressed in units of time since the previous respective act input on which the current act input depends is satisfied, triggering the web operation that was recorded.

US Pat. No. 10,171,587

MASTER DEVICE, SLAVE DEVICE, INFORMATION PROCESSING DEVICE, EVENT LOG COLLECTING SYSTEM, CONTROL METHOD OF MASTER DEVICE, CONTROL METHOD OF SLAVE DEVICE AND CONTROL PROGRAM

OMRON Corporation, Kyoto...

1. A master device, adapted to communicate with at least one slave device for recording generation of a specified event, and the master device comprising:a moment acquiring element, acquiring a moment;
a moment adjustment instructing element, making the slave device to synchronize a moment counted by the slave device and the moment acquired by the moment acquiring element by sending a moment information corresponding to the moment acquired by the moment acquiring element; and
a log receiving element, receiving a first event log from the slave device, wherein the first event log is an information formed by associating a generation moment of the event with an information for determining the event.

US Pat. No. 10,171,586

PHYSICAL ENVIRONMENT PROFILING THROUGH INTERNET OF THINGS INTEGRATION PLATFORM

NEURA, INC., Sunnyvale, ...

1. A method of profiling a physical environment via Internet of Things (IoT) devices connected via an IoT integration platform, comprising:generating a node graph including an entity profile and a user profile, the entity profile being associated with any of a plurality of network-capable devices from which a presence of an entity is detected in a physical environment, the user profile being associated with a subset of the node graph within a certain distance of the user profile;
predicting a semantic label of the entity profile within the certain distance from the user profile based on semantic analysis of the presence of the entity in relation to the user profile; and
updating the entity profile and the node graph with the predicted semantic label.

US Pat. No. 10,171,585

METHOD, SYSTEM, AND COMPUTER PROGRAM PRODUCT FOR DISTRIBUTED STORAGE OF DATA IN A HETEROGENEOUS CLOUD

INTERNATIONAL BUSINESS MA...

1. A method, comprising:associating, in a computational device, a plurality of identifiers with a plurality of data elements, wherein a first data element and a second data element of the plurality of data elements are both associated with a first identifier of the plurality of identifiers;
storing, by the computational device, the first data element with which the first identifier is associated, in a first cloud storage maintained by a first entity; and
storing, by the computational device, the second data element with which the first identifier is associated, in a second cloud storage maintained by a second entity, wherein the first cloud storage is different from the second cloud storage, and wherein data elements that are associated with an identical identifier are stored in cloud storages provided by different entities, wherein a user identifier and a corresponding password are associated with the identical identifier to indicate that the user identifier and the corresponding password are keys to a secure system, and wherein the user identifier is stored in the first cloud storage maintained by the first entity, and one part of the corresponding password is stored in the second cloud storage maintained by the second entity, and another part of the corresponding password is stored in a third cloud storage maintained by a third entity.

US Pat. No. 10,171,583

DISTRIBUTED GLOBAL DATA VAULTING MECHANISM FOR GRID BASED STORAGE

International Business Ma...

1. A computer program product for distributed global data vaulting in a grid of server computers, the computer program product comprising a computer readable storage medium having computer readable program code embodied therein that executes to perform operations, the operations comprising:at one of the server computers of the grid of server computers,
assigning a plurality of vault devices for each data element of a plurality of data elements based on a resiliency level,
wherein, for a first priority, each of the plurality of vault devices assigned to a data element is at a different server computer of the grid of server computers; and
wherein, for a second priority, in response to determining that there are not enough vault devices to assign each of the plurality of vault devices at a different server computer, at least two of the plurality of vault devices is a different vault device of a same server computer of the grid of server computers; and
creating a vault distribution table that identifies the plurality of vault devices for each data element; and
at each of the server computers of the grid of server computers,
determining that there is a system shutdown; and
for each data element at that server computer,
retrieving a list of one or more vault devices at other server computers from the vault distribution table; and
dumping the data element to the one or more vault devices at the other server computers.

US Pat. No. 10,171,581

BLENDED OPERATIONAL TRANSFORMATION FOR MULTI-USER COLLABORATIVE APPLICATIONS

LIVELOOP, INC., Wilmingt...

1. A method for propagating document changes made to a document by a plurality of users that are editing the document concurrently, the method comprising:determining that a first document change comprise a change that is supported by an existing operational transformation of an operational transformation system and:
propagating the first document change to a base version of the document using the existing operational transformation; and
updating the base version of the document with the first document change;
determining that a second document change comprises an opaque change, an opaque change existing when the operational transformation system detects a change has been made to an object in the document but is unable to determine the actual change to the object, and:
converting the second document change to an opaque operation including a binary large object representation of the change and metadata containing instructions to implement the change;
propagating the opaque operation to the base version of the document;
placing the base version of the document into an opaque operation locked out state;
updating the base version of the document with the converted second document change while in the opaque operation locked out state; and
releasing the opaque operation locked out state on the base version of the document when the base version of the document is updated with the opaque operation; and
determining that a third document change comprises a change unsupported by the operational transformation system, a change unsupported by the operational transformation system existing when the change is completely undetected by the operational transformation system or when the change does not expose its content or location to the operational transformation system, and:
converting the third document change to binary-sync operation including a binary large object representation of the entire document including only the third document change and metadata containing instructions to implement the change;
propagating the binary sync operation to the base version of the document;
placing the base version of the document into a binary-sync locked out state;
updating the base version of the document with the binary-sync operation while the base version of the document is in the binary-sync locked out state; and
releasing the binary-sync operation locked out state on the base version of the document when the base version of the document is updated with the binary-sync operation.

US Pat. No. 10,171,580

GRANULAR INSTANT IMPORT OF REPLICATED VTL CARTRIDGE INTO A BACKUP CATALOG

INTERNATIONAL BUSINESS MA...

1. A method for cataloging replicated data in a backup storage environment, by a processor device, comprising:in a storage system using tape library data replication between an originating site and a backup site, replicating catalog data between the originating site and the backup site such that replicated data moved from the originating site to the backup site is placed into a catalog duplicative of the originating site to efficiently import, at the backup site, the replicated data transferred from the originating site; wherein upon completion of initially replicating a volume of a cartridge from the originating site to the backup site such that the volume nor any data thereof has been previously replicated from the originating site to the backup site, the replicated data therein the replicated volume is automatically, and without user intervention, imported into the duplicative catalog of the backup site when the cartridge is moved to an import/export (I/E) slot of the tape library of the backup site in lieu of manually importing the catalog data to the backup site by an administrator, thereby mitigating time spent performing the replication and importation during a disaster recovery (DR) scenario; and
synchronizing appending catalog data by performing each of:
backing up the volume of the cartridge at the originating site;
prior to commencing replication for the replicated data of the volume from the originating site to the backup site, ejecting a copy of the cartridge through a backup application at the backup site; wherein the ejection includes moving the cartridge to the I/E slot of the tape library at the backup site;
responsive to detecting the cartridge is in the I/E slot, automatically shelving the cartridge in the backup application at the backup site;
commencing the replication for the replicated data of the replicated volume from the originating site to the backup site;
subsequent to completing the replication, moving the cartridge back to the I/E slot at the backup site, wherein, upon moving the cartridge back to the I/E slot, the replicated volume is automatically imported into the duplicative catalog of the backup site.

US Pat. No. 10,171,579

MANAGING PRESENCE AMONG DEVICES ACCESSING SHARED AND SYNCHRONIZED CONTENT

Dropbox, Inc., San Franc...

1. A method comprising:receiving, by a content management system from a presence application on a device associated with a user account, presence information describing user interactions with a user interface element associated with a native process of a native application different from and monitored by the presence application, the native process accessing a content item stored on the device and synchronized with the content management system, the presence application configured to simultaneously monitor user interface elements each associated with a different native application of a plurality of native applications, the presence application and the native application both stored at and executed by the device;
updating a set of presence records corresponding to the content item synchronized with the content management system based on the received presence information, each presence record identifying a presence status and an identifier of a monitored user interface element on the device interacting with the content item synchronized with the content management system;
determining a set of devices synchronizing the content item, wherein each device in the set of devices maintains a local copy of the content item and synchronizes the local copy with the content item stored at the content management system;
determining that the native application of the device associated with the user account opened the content item synchronized with the content management system based on the set of presence records corresponding to the content item; and
notifying the set of devices synchronizing the content item that the native application of the device associated with the user account opened the content item.

US Pat. No. 10,171,578

TAPERED COAX LAUNCH STRUCTURE FOR A NEAR FIELD COMMUNICATION SYSTEM

TEXAS INSTRUMENTS INCORPO...

1. A system comprising:a module comprising: a substrate on which a radio frequency (RF) transmitter is mounted, the RF transmitter having an output terminal; a housing having a port region at a surface of the housing; and a tapered transmission line with a conductive element, the conductive element having a first end coupled to the output terminal of the RF transmitter and a second end that terminates at the port region, wherein a characteristic impedance of the tapered transmission line increases along a length of the tapered transmission line from the first end to the second end, and the tapered transmission line has an outside surface separated from the conductive element by a dielectric, in which the dielectric is air.

US Pat. No. 10,171,577

LOCAL AREA NETWORKING SYSTEM

WIFIFACE LLC, Toledo, OH...

1. A local area networking method, the method comprising the steps of:providing a system server in communication with a first mobile device over a wide area network and having a processor coupled to a memory, the memory having processor-executable instructions and at least one database embodied thereon, the at least one database including a listing of unique identifiers associated with mobile devices and a local area server registered with the system server, and a listing of user profiles associated with the mobile devices registered with the system server;
correlating, by the system server, the unique identifiers associated with the mobile devices registered with the system server and the unique identifier associated with the local area server to define an electronic communication or collaboration forum of a local area network, wherein the unique identifiers of the mobile devices registered with the system server are a combination of GPS and either MAC or IP, and the unique identifiers associated with the local area server are BSSID or SSID; and
generating, by the system server on a graphical user interface of the first mobile device, a visual representation of the electronic communication or collaboration forum of the local area network including the mobile devices within the local area network and registered with the system server, the visual representation including a name of the local area network,
at least a portion of the user profiles of the mobile devices within the local area network that are registered with the system server and sharing content,
a notifications control providing at least one of friend requests, application requests and messages to the first mobile device from the mobile devices within the local area network, and
a refresh control configured to allow the first mobile device to force an update of the visual representation, and
wherein at least a portion of the visual representation is shared by all of the registered mobile devices in the local area network,
wherein the first mobile device is permitted to communicate or collaborate with the mobile devices registered with the system server and within the local area network via the graphical user interface,
wherein the first mobile device is permitted to subscribe to a physical location associated with the local area network while in the local area network, and to one of view, communicate to a user, share, and identify an activity of the mobile devices within the local area network and registered with the system server from remote locations by interacting with the visual representation of the electronic communication or collaboration forum of the local area network via the wide area network, and
wherein the system server permits an individual to provide at least one of advertisements, feature offers, discounts, promotions, and items for sale on the visual representation of the local area network.

US Pat. No. 10,171,576

METHOD, APPARATUS, AND SYSTEM FOR INTERACTION BETWEEN TERMINALS

TENCENT TECHNOLOGY (SHENZ...

1. A method for interaction between terminals, comprising:acquiring, by a first terminal, to-be-sent data;
sending, by the first terminal, the to-be-sent data to a second terminal;
displaying, by the first terminal, a display interface;
monitoring whether first operation information from the second terminal is received, the first operation information comprising a processing operation performed by a first user of the second terminal on the to-be-sent data;
updating, by the first terminal, the display interface according to the first operation information, once the first operation information sent by the second terminal is received; and
monitoring, in real time, an operation performed by a second user on the display interface of the first terminal and sending second operation information to the second terminal, wherein the second operation information comprises the operation performed by the second user on the display interface of the first terminal,
wherein:
each of the first terminal and the second terminal comprises a sound sensor for sensing a sound frequency and converting the sound frequency into an electrical signal,
the first operation information and the second operation information are respectively obtained by the sound sensors in the second terminal and the first terminal,
the display interface of the first terminal is updated according to an electrical level of the electrical signal contained in the first operation information from the second terminal,
a low frequency filter is applied to the electrical signal in the first operation information to obtain a filtered signal, the first operation information being sent to the first terminal based on the filtered signal, and
updating the display interface according to the first operation information comprises:
when the electrical level of the electrical signal indicates a first sound frequency, updating a first number of virtual objects on the display interface; and
when the electrical level of the electrical signal indicates a second sound frequency, updating a second number of virtual objects on the display interface.

US Pat. No. 10,171,574

COMPUTER SYSTEM, PROCESSING METHOD, AND COMPUTER-READABLE RECORDING MEDIUM HAVING JOB PROCESSING PROGRAM

FUJITSU LIMITED, Kawasak...

1. A computer system, which has a plurality of computation nodes and performs an arithmetic processing with respect to a job, the computer system comprising:a reference point determining unit that, when the number of pieces of job attribute information is larger than the number of partial networks constituting a network that connects the plurality of computation nodes, allocates a reference point to the partial network, and that, when the number of the pieces of job attribute information is equal to or smaller than the number of partial networks, arranges a plurality of networks to groups as many as the number of the pieces of job attribute information and allocates a common reference point to each of the groups; and
a node set searching unit that searches for a computation node set that is a set of computation nodes satisfying a predetermined condition related to a remote degree that is an estimate index of a communication time from a node allocation reference point in node coordinate spaces and including the computation node that runs no job, based on running job position information that manages a position of a running job allocated to the node coordinate spaces,
the running job position information includes an entry corresponding to a maximum value and a minimum value of a node coordinates of each dimension of the node coordinate spaces, the entry having a pointer of the entry of a management information that manages a running job.

US Pat. No. 10,171,573

SWAPPING NON-VIRTUALIZING AND SELF-VIRTUALIZING DEVICES

International Business Ma...

13. A system for managing cloud computing resources, the system comprising:a consumer device configured to access a cloud computing environment;
a computer, included in the cloud computing environment, wherein the computer comprises a virtualization instance (VI), a first computing device comprising a non-virtualizing type device, and a second computing device comprising a self-virtualizing type device, wherein the VI is configured to use a first virtual device to provide cloud computing services to the consumer device, and wherein the first virtual device comprises a virtual form of the first computing device; and
a QoS manager communicatively coupled to the computer, wherein the QoS manager comprises at least one processor configured to:
receive first Quality of Service (QoS) metrics associated with the VI providing the cloud computing services to the consumer device;
determine, in response to receiving the QoS metrics, and based at least in part on a first comparison of the QoS metrics with VI QoS objectives, that the VI is unable to meet the VI QoS objectives using the first virtual device;
determine, based on the first virtual device comprising the virtual form of the non-virtualizing computing device that a first substitute virtual device, comprising a virtual form of the self-virtualizing computing device, is available to substitute for the first virtual device and that the VI is able to meet the VI QoS objectives using the first substitute virtual device; and
cause, based at least in part on the VI able to meet the VI QoS objectives using the first substitute virtual device, the computer to configure the VI to use the first substitute virtual device in place of the first virtual device.

US Pat. No. 10,171,572

SERVER POOL MANAGEMENT

International Business Ma...

1. A computer-implemented method of managing a system comprising a pool of servers including a number of active servers, the method comprising:monitoring, by one or more processors, utilization of system capacity, the utilization resulting from a workload of the number of active servers; and
detecting a critical utilization of the system, the detecting comprising:
predicting, by the one or more processors, a duration of the detected critical utilization of the system capacity from a monitoring history of the utilization of the system capacity, wherein the predicted duration comprises a first period of time; and
determining, by the one or more processors, based on the predicted duration, if the predicted duration exceeds a defined threshold, wherein the defined threshold comprises a second period of time, wherein by exceeding the defined threshold, the monitored system capacity utilization would deviate from the monitoring history at a relevant point in time by more time than the second period of time, and wherein by exceeding the defined threshold, the one or more processors determine that increased system overhead is required to handle the detected critical utilization for the predicted duration;
based on the predicted duration exceeding the defined threshold, increasing the number of active servers to handle the detected critical utilization for the predicted duration; and
based on the predicted duration not exceeding the defined threshold, invoking an adjustment of throughput performance of the active servers to handle the detected critical utilization for the predicted duration.

US Pat. No. 10,171,571

DETERMINING AND ASSIGNING A DEFAULT VALUE TO A CURRENT SERVER RESPONSE IF THE CURRENT SERVER RESPONSE IS NOT RECEIVED FROM THE SERVER WITHIN A TIME-LIMIT

International Business Ma...

1. A non-transitory computer usable medium having a computer program executed by a data processing system to communicate with a server and to perform operations, the operations comprising:receiving a current submission of a request;
transmitting an indication of the request to the server for receiving a current server response to the current submission of the request;
assigning a default value to the current server response for the request if the current server response is not received from the server within a time limit with respect to the current submission of the request, wherein the default value is assigned to increase responsiveness to the request by avoiding delays beyond the time limit;
logging a set of operations being performed from the assignment of the default value to the current server response;
receiving an actual value of the current server response from the server;
rolling-back the logged operations and resetting the current server response to the actual value if the actual value is different from the default value; and
using the actual value in response to resetting the current server response to the actual value.

US Pat. No. 10,171,569

TRANSMISSION OF DATA TO MULTIPLE COMPUTING DEVICES ACCORDING TO A TRANSMISSION SCHEDULE

Uber Technologies, Inc., ...

1. A network system for managing a network service for a given geographic region comprising:one or more processors; and
one or more memory resources storing instructions that, when executed by the one or more processors, cause the network system to:
receive, from a first user device of a first user, request data corresponding to a first request for service, the request data including information corresponding to a first location;
in response to receiving the request data, identify a set of two or more candidate providers from a plurality of providers, wherein the number of candidate providers identified in the set of two or more candidate providers is based, at least in part, on acceptance metrics of the plurality of providers, and wherein each acceptance metric is indicative of a corresponding service provider's historical record in accepting invitations to fulfill requests for service;
determine a message transmission schedule specifying when to transmit each of a set of invitation messages to a set of two or more provider devices associated with the set of two or more candidate providers, each of the set of invitation messages corresponding to an invitation to fulfill the first request for service and including information corresponding to the first location; and
transmit the set of invitation messages to the set of two or more provider devices in accordance with the message transmission schedule.

US Pat. No. 10,171,568

SELECTING SYSTEM, COMMUNICATION MANAGEMENT SYSTEM, COMMUNICATION SYSTEM, COMPUTER PROGRAM, AND METHOD OF SELECTION

RICOH COMPANY, LIMITED, ...

1. A selecting system that, when a plurality of controllers that control a session between communication terminals are provided, selects a controller to be connected to a requesting communication terminal out of the plurality of controllers, the selecting system comprising:a state management memory that stores, for each controller of the plurality of controllers, state information indicating, for each communication terminal connected to the controller, a state of communication of the communication terminal;
a load management memory that stores, for each state of communication, load information indicating a degree of load related to control to be performed in the corresponding state of communication, wherein the load information stored by the load management memory includes first load information corresponding to a first state in which the communication terminal is in communication with another communication terminal and second load information corresponding to a second state in which the communication terminal is not in communication with any other communication terminal, and the degree of load indicated by the first load information is larger than the degree of load indicated by the second load information; and
processing circuitry configured to
accept a connection request from the requesting communication terminal that is not connected;
calculate, for each controller of the plurality of controllers, the degree of load related to the control based on the state of communication of each communication terminal connected to the controller and the load information for each state of communication stored in the load management memory; and
select a specific controller to be connected to the requesting communication terminal, based on the degree of load calculated for each of the plurality of controllers.

US Pat. No. 10,171,567

LOAD BALANCING COMPUTER DEVICE, SYSTEM, AND METHOD

HUAWEI TECHNOLOGIES CO., ...

1. A method for balancing load among devices, applied to a computer system that comprises at least a first computer device and a second computer device, wherein the first computer device comprises a cloud management platform, and the second computer device comprises at least one virtual machine; the method comprising:obtaining, by the first computer device, configuration information of a load balancer, wherein the configuration information of the load balancer comprises an identifier of the load balancer and a virtual IP address (VIP) of the load balancer;
instructing, by the first computer device, the second computer device to create the load balancer according to the configuration information;
configuring, by the first computer device, a forwarding mode of a service on the second computer device, wherein the service is initiated by the virtual machine, and wherein in the forwarding mode, a service packet of the service is forwarded to the load balancer;
receiving, by the load balancer, the service packet of the service from the virtual machine; and
selecting, by the load balancer, at least one back-end server to execute the service.

US Pat. No. 10,171,563

SYSTEMS AND METHODS FOR AN INTELLIGENT DISTRIBUTED WORKING MEMORY

MICROSOFT TECHNOLOGY LICE...

1. A system for intelligent memory sharing and contextual retrieval across multiple devices and multiple applications of a user, the system comprising:at least one processor; and
a memory for storing and encoding computer executable instructions that, when executed by the at least one processor is operative to:
maintain a shared working memory of the user for temporary storage of information until an occurrence of a condition;
collect data from working memories from at least one device of a plurality of devices associated with the user;
store the data on the shared working memory;
analyze the data utilizing world knowledge to determine elements listed within the data, wherein the world knowledge includes network accessible information;
enrich the elements by adding at least one of a tag or an additional element to the elements utilizing the world knowledge to form enriched elements;
collect relationships between the enriched elements;
determine a user context;
analyze the relationships based on the user context;
determine a response based on the analysis of the relationships and the world knowledge;
send the response to a plurality of active devices of the user and store the response in the shared working memory; and
in response to the occurrence of the condition, delete content stored on the shared working memory.

US Pat. No. 10,171,562

SOCIAL MEDIA DRIVEN INFORMATION INTERFACE

Microsoft Technology Lice...

1. A computing device comprising:one or more processing units; and
one or more computer-readable media comprising computer-executable instructions, which, when executed by the one or more processing units, cause the computing device to:
generate, from social media data created by multiple independent and unrelated individuals and directed to multiple distinct and unrelated topics, a first set of time-delineated social media data, comprising only social media data that correspond to a first time range, by applying a time-based filter to the social media data;
subsequently generate, from the generated first set of time-delineated social media data, multiple topic clusters, each topic cluster comprising multiple, different social media entries, each social media entry in a topic cluster having a topic similarity above a topic clustering threshold associated with the topic cluster;
generate multiple event summaries for the first time range based upon at least some of the generated topic clusters, each event summary comprising a combination of only a subset of text or graphics from each of multiple different and distinct social media entries from a corresponding topic cluster;
generate an information interface comprising multiple annotated timeslots, including a first annotated timeslot that comprises at least some of the generated multiple event summaries, the first annotated timeslot being delineated by the first time range; and
transmit the information interface to a second computing device that is separate from the computing device and is communicationally coupled to the computing device through a computer network;
wherein the second computing device visually generates, on a hardware display device communicationally coupled thereto, the information interface, including the first annotated timeslot and the at least some of the generated event summaries.

US Pat. No. 10,171,561

CONSTRUCT DATA MANAGEMENT BETWEEN LOOSELY COUPLED RACKS

International Business Ma...

1. A computer-implemented method comprising:associating at least a portion of a second rack to a construct;
wherein the associating occurs in response to input received by a first management node of a first rack associated with the construct;
wherein the construct includes a set of distributed resources connected via a network and comprising at least a respective portion of a plurality of respective racks and a set of construct data comprising user data, group data, resource data, and authorization policy data;
wherein each respective rack is independently controlled by a respective management node of a plurality of autonomous management nodes including at least the first management node associated with the first rack and a second management node associated with the second rack;
wherein a respective mutual trust relationship exists between each respective pair of autonomous management nodes of the plurality of autonomous management nodes;
determining, by the second management node, that the second management node contains insufficient construct data to execute an operation associated with the construct; and
synchronizing, in response to the first management node receiving a request from the second management node comprising an authenticated first security token based on a public key of the second management node, at least a portion of the construct data between the first management node and the second management node.

US Pat. No. 10,171,560

MODULAR FRAMEWORK TO INTEGRATE SERVICE MANAGEMENT SYSTEMS AND CLOUD ORCHESTRATORS IN A HYBRID CLOUD ENVIRONMENT

International Business Ma...

1. A modular service management (MSM) engine on a computer system including at least one processor that integrates a plurality of cloud orchestrators and service management (SM) platforms to provide a hybrid cloud environment, comprising:an interface system that includes a first gateway for providing communications with SM platforms that adhere to an SM protocol and a second gateway for providing communications with the plurality of cloud orchestrators, wherein the SM protocol defines a set of management processes for handling service requests;
a service request processing system that processes service requests from SM platforms using selected cloud orchestrators, processes change management requests, and matches a change management request corresponding to an inputted service request, wherein the service request processing system includes a set of management modules in which each management module processes activities associated with a different one of the management processes, wherein the set of management modules includes a request management module for detecting an inputted service request, parsing the inputted service request and translating the inputted service request, and managing, tracking, and reformatting at least one activity associated with the inputted service request;
a rules and conditions engine that parses the inputted service request against a set of rules and conditions values and determines based upon the parsed inputted service request a primary cloud orchestrator to be used to service the inputted service request and a secondary cloud orchestrator to be used as a backup to the primary cloud orchestrator;
a set of data conversion modules, wherein each data conversion module includes logic that converts data associated with an SM platform to a data format required by one of the primary cloud orchestrator and secondary cloud orchestrator; and
wherein the set of management modules includes a change management module for checking the approval of the change management request, and a task management module for creating a new task in the SM platform.

US Pat. No. 10,171,559

VXLAN SECURITY IMPLEMENTED USING VXLAN MEMBERSHIP INFORMATION AT VTEPS

Cisco Technology, Inc., ...

1. A method comprising:at a network device configured as a Virtual Extensible Local Area Network (VxLAN) Tunnel Endpoint (VTEP):
storing VTEP membership information that associates VxLANs each with a corresponding set of VTEPs authorized to originate VxLAN packets on that VxLAN, the VTEP membership information including a VxLAN identifier (VNI) of each VxLAN and an Internet Protocol (IP) address representing a respective source IP address of each VTEP in the corresponding set of VTEPs corresponding to that VNI and that are authorized to originate VxLAN packets;
receiving from a communication network a VxLAN packet that includes an original Ethernet frame encapsulated in a VxLAN encapsulation, the VxLAN encapsulation including a VNI that identifies a VxLAN associated with the VxLAN packet, an outer User Datagram Protocol (UDP) header, an outer IP header including a source IP address of an originating VTEP and a destination IP address, and an optional outer IEEE 802.1Q field;
comparing the source IP address of the originating VTEP to the IP addresses of the set of VTEPs associated with the VNI of the VxLAN in the VTEP membership information that matches the VNI of the VxLAN identified by the VxLAN encapsulation of the received VxLAN packet;
if the comparing indicates that the source IP address of the originating VTEP is not included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, discarding the received VxLAN packet and blocking flooding of network frames to local endpoint systems on a local area network connected to the VTEP, wherein the discarding results in discarding the VxLAN packet when the VxLAN packet is a malicious VxLAN packet in which the IP source address and the VNI do not match the IP addresses and the corresponding VNIs of the membership information, respectively; and
if the comparing indicates that the source IP address of the originating VTEP is included in the IP addresses of the set of VTEPs authorized to originate VxLAN packets, decapsulating the VxLAN packet to recover the original Ethernet frame, and forwarding the recovered original Ethernet frame to a destination Media Access Control (MAC) address specified therein.

US Pat. No. 10,171,558

CROSS DEVICE APPLICATION DISCOVERY AND CONTROL

Microsoft Technology Lice...

1. A system comprising:a processor;
a memory;
one or more applications stored in the memory and executed, at least in part, by the processor; and
a cross device remote control module, stored in the memory, wherein the cross device remote control module is configured to discover remote applications on one or more target devices, and comprises:
a cross device application model client configured to:
connect to the one or more target devices via a network;
determine a level of trust between a device associated with the cross device remote control module and the one or more target devices is above a pre-determined trust level;
send, to the one or more target devices via the network, an application discovery query comprising a request for capability data corresponding to at least one of device information or application information on the one or more target devices; and
receive, from the one or more target devices via the network, one or more application discovery responses comprising an indication of a capability of the one or more target devices regarding the at least one of the device information or the application information; and
a remote application discovery client configured to:
process the one or more application discovery responses to determine the capability of each of the one or more target devices;
select a target device of the one or more target devices based at least in part on a determination of the capability of the target device; and
send a signal to the target device to perform a particular task.

US Pat. No. 10,171,557

METHOD AND DEVICE FOR PROCESSING MEDIA STREAMS BETWEEN A PLURALITY OF MEDIA TERMINALS AND A PROCESSING UNIT ALL CONNECTED TO ONE ANOTHER OVER A COMMUNICATION NETWORK

ALCATEL LUCENT, Boulogne...

1. A method for processing media streams between a plurality of media terminals and a processing unit over a communication network, the method comprising, by the processing unit:receiving, from each of the media terminals, corresponding media streams comprising video transmission and audio transmissions;
monitoring sound activity of each of the media terminals from the audio transmissions;
selecting the N loudest participants based on the monitored sound activity, wherein the selected participants are identified as active participants and non-selected participants are identified as non-active participants;
pausing audio transmissions while permitting video transmissions from the non-active participants by transmitting a first pause signal to the non-active participants to pause the audio transmissions from the non-active participants;
receiving a request from a moderator terminal to permit a selected non-active participant terminal to resume audio transmissions in addition to the video transmissions;
in response to the request, transmitting a resume signal to the selected non-active participant terminal and transmitting a second pause signal to one or more active participants to pause both audio and video transmissions,
wherein the resume signal, first pause signal, and second pause signal are in the form of and RTP/RTCP real-time communication protocol.

US Pat. No. 10,171,554

DISTRIBUTING SUBSCRIBER DATA IN A MOBILE DATA NETWORK

International Business Ma...

1. A mobile data network comprising:an antenna that communicates with user equipment;
at least one basestation coupled to the antenna that communicates with the user equipment via the antenna;
a plurality of data chunks residing in the mobile data network, each data chunk comprising:
a device address that makes the data chunk addressable as a physical device in the mobile data network;
a data portion corresponding to subscriber data for a subscriber;
a network component coupled to the basestation, the network component comprising a subscriber database that includes information relating to physical devices used by the subscriber to access the mobile data network, wherein the information relating to physical devices used by the subscriber comprises the device address of the data chunk;
a subscriber data mechanism residing in a component in the mobile data network that performs the steps of:
identifying a plurality of data chunks corresponding to a selected subscriber in the mobile data network that comprise subscriber data to be distributed;
identifying a plurality of devices in the mobile data network that each can receive at least one of the data chunks, wherein the identified plurality of devices comprises a plurality of mobile devices used by different subscribers of the mobile data network;
distributing the plurality of data chunks to the plurality of devices;
writing location of the plurality of data chunks to a tracking table in the mobile data network; and
writing the location of the plurality of data chunks to each of the plurality of devices.

US Pat. No. 10,171,553

METHOD FOR MONITORING AND CONTROLLING AN ACCESS CONTROL SYSTEM

1. A method for monitoring and controlling an access control system (12) having at least one server (16) and at least one access control device (22) which is connectable to the at least one server (16) for the purpose of data communication, the method comprising:positioning the at least one access control device in a location that facilitates monitoring and controlling the access of people to a controlled area;
providing a user with data goggles (1) for monitoring and controlling the access control system;
wirelessly connecting the data goggles to the at least one server (16) of the access control system (12) and the at least one access control device (22) for the purpose of data communication and receiving data in real time from at least one of the at least one server (16) and the at least one access control device (22), which enable the monitoring of the access control system (12);
displaying the data to the user of the data goggles (1) with a display device (10) of the data goggles (1);
controlling the access control system (12) with control commands which are input by the user into the data goggles (1) and transmitting the control commands from the data goggles to the at least one of the at least one server (16) and the at least one access control device (22);
inputting the control commands by one of voice control via a microphone (8) integrated in the data goggles (1), gesture control by a camera (7) integrated in the data goggles (1), actuation of a touchpad integrated in the data goggles (1), and eye tracking; and
actuating the at least one access control device based on the control commands input by the user into the data goggles to either allow or deny a person access to the controlled area.

US Pat. No. 10,171,549

NOTIFICATION ALERTS BASED ON INCREASED ACCESS TO A DIGITAL RESOURCE

International Business Ma...

1. A method for event notification, the method comprising:identifying, by one or more processors, a profile of a first user, wherein the profile of the first user includes one or more profile elements;
identifying, by one or more processors, a plurality of users having a corresponding profile that includes at least one profile element in common with the identified profile of the first user;
identifying, by one or more processors, a computer network accessible resource;
determining, by one or more processors, an increase in activity of the identified computer network accessible resource by the identified plurality of users;
identifying, by one or more processors, that the user profile of the first user includes another profile element, wherein the other profile element is associated with a location of the first user during a first period of time;
determining, by one or more processors, based on polling one or more devices of the first user via a network, a current physical location of the first user;
identifying, by one or more processors, a second period of time and a physical location related to a temporal occurrence of an event associated with the identified computer network accessible resource;
determining, by one or more processors, based on the other element of the profile of the first user and the determined current physical location of the first user, that the first user is within a physical and a temporal proximity of the temporal occurrence of the event associated with the identified computer network accessible resource; and
responsive to determining that the first user is within the physical and the temporal proximity of the event associated with the identified computer network accessible resource, communicating, by one or more processors, via the network, a notification to the first user utilizing a device of the first user that is active, wherein the communicated notification provides an indication of the determined increase in activity of the identified computer network accessible resource by the identified plurality of users.

US Pat. No. 10,171,547

NEIGHBOR DISCOVERY FOR IPV6 SWITCHING SYSTEMS

Cisco Technology, Inc., ...

1. A method comprising:receiving a first IPv6 traffic at a first switch device of a multi device switching system comprising a plurality of switch devices, the plurality of switch devices linked together through a switching fabric and configured to operate as a single routing entity, wherein each of the plurality of switch devices is associated with a local switch device processor, and wherein the multi device switching system is controlled with a central controller comprising a central controller processor;
determining, at the first switch device, that the first IPv6 traffic comprises a neighbor discovery message, wherein determining that the first IPv6 traffic comprises the neighbor discovery message comprises:
comparing a message type associated with the first IPv6 traffic with a predetermined list of reserved internet control message protocol (ICMP) message types, wherein each of the reserved ICMP message types on the predetermined list are classified as comprising neighbor discovery messages, and
determining the first IPv6 traffic comprises the neighbor discovery message when the message type associated with the first IPv6 traffic matches with one of the reserved ICMP message types on the predetermined list, wherein the predetermined list is stored at the first switch device;
punting the first IPv6 traffic to a first local switch device processor associated with the first switch device only when the first IPv6 traffic comprises the neighbor discovery message;
receive a second IPv6 traffic at the first switch device;
determining, at the first switch device, that the second IPv6 traffic does not comprise the neighbor discovery message; and
punting, when the second IPv6 traffic does not comprise the neighbor discovery message, the second IPv6 traffic to the central controller processor.

US Pat. No. 10,171,544

RADIO BASE STATION

NTT DOCOMO, INC., Tokyo ...

1. A radio base station comprising:a processor that controls communication with a mobile station via one or more sessions in a bearer;
wherein the processor detects a change of at least one of an IP address and an SSRC (Synchronization Source) in a compressed header of a packet,
wherein when (i) a current number of established sessions is equal to a maximum number of sessions that can be supported by the radio base station or the mobile station and (ii) the processor attempts to add a new session in which header compression is applied, upon detection of the change of the at least one of the IP address and the SSRC, the processor deletes one of the established sessions to which header compression is applied and adds the new session; and
a transmitter that transmits the packet via the new session.

US Pat. No. 10,171,543

MEDIA STREAMING METHOD AND ELECTRONIC DEVICE THEREOF

Samsung Electronics Co., ...

1. A method of a first electronic device transmitting packets constituting stream data, to a second electronic device for providing a streaming service, the method comprising:receiving, from the second electronic device, stream information comprising a system time of the second electronic device, a first timestamp of a packet received from the first electronic device at the system time, and a second timestamp of a packet being played in the second electronic device at the system time;
determining, by comparing the first timestamp with the system time, whether a first delay occurs;
determining, by comparing the first timestamp with the second timestamp, whether a second delay occurs; and
controlling, based on determining that at least one of the first delay or the second delay occurs, at least one packet of the stream data to be transmitted to the second electronic device.

US Pat. No. 10,171,541

METHODS, DEVICES, AND COMPUTER PROGRAMS FOR IMPROVING CODING OF MEDIA PRESENTATION DESCRIPTION DATA

Canon Kabushiki Kaisha, ...

1. A proxy for providing a standard manifest for requesting streamed timed media data associated with at least one media item, organized into temporal media segments, the streamed timed media data belonging to partitioned timed media data comprising timed samples, the streamed timed media data being transmitted as media segment files each comprising at least one independently processed component resulting from processing at least one of the timed samples, the proxy comprising at least one microprocessor configured for carrying out the steps of:receiving an enhanced manifest comprising metadata for describing the processed components, the metadata comprising parameters used for describing at least a part of one of the processed components,
wherein at least one of the parameters is a dynamic parameter which value can vary over time, the at least one parameter being associated with an element referring to a metadata resource which is external to the enhanced manifest and which comprises at least one value defining the at least one parameter;
determining which parameters are not resolved from the enhanced manifest as the at least one parameter; and
generating a standard manifest based on metadata of the enhanced manifest and of the at least one value defining the at least one parameter,
wherein the at least one parameter is resolved dynamically using remote information such that at least one parameter from the enhanced manifest may be dynamically re-evaluated without depending upon media presentation description.

US Pat. No. 10,171,540

METHOD AND APPARATUS FOR STREAMING VIDEO SECURITY

HIGH SEC LABS LTD, Yokne...

1. A streaming video security device comprising:an input LAN port for receiving packet-based streaming video input indicative of a video signal;
at least one streaming video decoder for receiving said streaming video input from said input LAN port and converting said streaming video input to raw video display-compatible output, said raw video display-compatible output comprising only non-packet-based image data;
at least one streaming video encoder for receiving said raw video display-compatible output and outputting safe video streaming packets;
at least one unidirectional data flow element having an input connected directly to an output of said at least one streaming video decoder and having an output connected directly to an input of said at least one streaming video encoder, said at least one unidirectional data flow element being configured to enforce transmission of said non-packet-based raw video display-compatible output only in the direction from said at least one streaming video decoder to said at least one streaming video encoder;
an output LAN port for transmitting said safe video streaming packets;
wherein said streaming video input indicative of a video signal undergoes conversion to said raw video display-compatible signal and then converted back to said streaming video output within the streaming video security device to thereby eliminate any malicious data or malicious code from the streaming video output, and
wherein said at least one unidirectional data flow element provides isolation between said at least one streaming video decoder and said at least one streaming video encoder.

US Pat. No. 10,171,539

METHOD AND APPARATUS FOR TIME STRETCHING TO HIDE DATA PACKET PRE-BUFFERING DELAYS

1. A method comprising:while rendering, via a processor, a first data packet in a stream of data packets, generating a fill packet associated with the first data packet; and
after rendering the first data packet, and before rendering a second data packet which is next to and following the first data packet in the stream of data packets, rendering the fill packet at a different speed relative to the rendering of the first data packet.

US Pat. No. 10,171,538

ADAPTIVELY SERVING COMPANION SHARED CONTENT

Google LLC, Mountain Vie...

1. A system comprising:a memory;
a processor, coupled to the memory, to:
provide, via an online service, media content for consumption by a user of a user device, wherein the media content is provided for playback within a media player of the user device;
provide in-stream content to the user device for automatic playback within the media player of the user device without the playback of the media content;
receive an indication of user interaction with the in-stream content that is automatically played back within the media player of the user device without the playback of the media content; and
select companion content to send to the user device based on the indication of user interaction, wherein the companion content is unrelated to the in-stream content and is selected responsive to the indication of user interaction suggesting that the user is uninterested in the in-stream content.

US Pat. No. 10,171,537

SEGREGATION OF ELECTRONIC PERSONAL HEALTH INFORMATION

1. A system, comprising:a processor; and
a memory that stores executable instructions that, when executed by the processor, facilitate performance of operations, comprising:
receiving a first data stream from a device;
determining that the first data stream comprises protected information based on an indication of a type of application associated with the first data stream, and a function of a location of the device, a time that the first data stream is received, and a user profile active on the device, wherein the protected information is electronic personal healthcare information;
in response to determining that the first data stream comprises the protected information, encrypting the first data stream resulting in an encrypted data stream;
adding metadata to the encrypted data stream indicating that the encrypted data stream comprises the protected information resulting in a modified first data stream;
segregating, based on the metadata of the modified first data stream, the modified first data stream from a second data stream provided by the device, the second data stream not comprising the electronic personal healthcare information; and
transmitting the modified first data stream and the second data stream via a network device of a mobile network.

US Pat. No. 10,171,535

CONTROLLING MP3 PLAYER

International Business Ma...

1. A computer system, comprising a computing device, an audio player device, and one or more computer readable hardware storage devices containing program instructions which upon being executed on both the computing device and the audio player device, implement a method for communicating an audio message file from the computing device to the audio player device, said method comprising:said computing device generating or selecting the audio message file;
said computing device creating a control file comprising a first entry, wherein the first entry comprises the identity of the audio player device, a name of the audio message file to be sent to the audio player device, a time stamp denoting a time at which to send the audio message file to the audio player device, and a queue flag having a value of TRUE if an attempt is to be made to send the audio message file to the audio player device later in response to a determination that the audio player device is not currently active;
said computing device parsing the first entry in the control file;
said computing device identifying from said parsing the first entry: the audio player device, the name of the audio message file, the time stamp, and the queue flag;
said computing device ascertaining whether the audio player device is currently active;
if said ascertaining ascertains that the audio player device is currently active, then said computing device sending an intent-to-send preliminary message to the audio player device, wherein the intent-to-send preliminary message contains the name of the audio message file, a size of the audio message file, and an Internet Protocol (IP) address of the computing device;
if said ascertaining ascertains that the audio player device is not currently active, then said computing device determining whether the queue flag has the value of TRUE, and in response to determining that the queue flag has the value of TRUE, said computing device adding the first entry to the control file as a next entry in the control file to process, parsing the first entry, and determining that the audio player device is currently active, and in response, said computing device sending the intent-to-send preliminary message to the audio player device;
after said sending the intent-to-send preliminary message to the audio player device, said computing device receiving, from the audio player device, an OK-to-send message, and in response, said computing device sending the audio message file from the computing device to the audio player device at the time denoted by the time stamp and said computing device deleting the first entry in the control file;
said audio player device receiving the audio message file sent from the computing device to the audio player device; and
in response to said receiving the audio message file, said audio player device halting play of a song or other audio content that was being played by the audio player device at a time of receipt of the audio message file and playing the audio message file approximately upon said halting play of the song or other audio content.

US Pat. No. 10,171,532

METHODS AND SYSTEMS FOR DETECTION AND CLASSIFICATION OF MULTIMEDIA CONTENT IN SECURED TRANSACTIONS

Citrix Systems, Inc., Fo...

31. A method for classifying multimedia content in one or more transactions, the method being performed by one or more processors, comprising:acquiring one or more transactions between a client device and a server device, wherein the one or more transactions include one or more requests from the client device and one or more corresponding responses from the server device;
detecting boundaries of the one or more transactions;
generating a multimedia session object based on the detected boundaries, the multimedia session object providing an indication of a number of transactions for communicating the multimedia content associated with a multimedia session between the client device and the server device; and
classifying the multimedia content based on the number of transactions indicated by the multimedia session object.

US Pat. No. 10,171,527

GOAL-BASED CONNECTION MANAGEMENT BETWEEN PARTIES

International Business Ma...

1. A computer-implemented method for managing electronic communication connections, the computer-implemented method comprising:receiving, by a monitoring computer system, a message from a first party, wherein the message identifies a goal of the first party;
receiving, by the monitoring computer system, an identity of a second party that has been selected by the first party to assist the first party in achieving the identified goal of the first party;
creating, by the monitoring computer system, an electronic communication connection for electronic communications between the first party and the second party, wherein the electronic communications are related to accomplishing the identified goal of the first party;
monitoring, by the monitoring computer system, the electronic communications between the first party and the second party, wherein said monitoring executes message analytics to determine a status of the identified goal of the first party, wherein the message analytics identifies key words in the electronic communications that are related to the identified goal of the first party;
receiving, by the monitoring computer system, a goal abandonment message from the first party, wherein the goal abandonment message identifies an abandonment of the identified goal by the first party;
in response to receiving the goal abandonment message from the first party, disconnecting, by the monitoring computer system, the electronic communication connection between the first party and the second party;
determining, by the monitoring computer system, that a quantity of key words in the electronic communications between the first party and the second party falls below a predetermined frequency over a predefined period of time; and
in response to determining, by the monitoring computer system, that the quantity of key words in the electronic communications between the first party and the second party falls below the predetermined frequency over the predefined period of time, establishing, by the monitoring computer system, a new electronic communication connection between the first party and a third party that has been predetermined to be able to assist the first party in reaching the identified goal of the first party.

US Pat. No. 10,171,526

ON DEMAND IN-BAND SIGNALING FOR CONFERENCES

ATLASSIAN PTY LTD, Sydne...

1. A computer implemented method comprising:transmitting initial signaling data for a video conference using Web Real Time Communication (WebRTC) from a signaling server over a WebRTC signaling channel to a plurality of client computing devices, wherein the initial signaling data comprises data needed for a client computing device to connect to the video conference and wherein the initial signaling data omits identifiers for media data;
establishing, by a media server, the video conference with the plurality of client computing devices, the plurality of client computing devices having used the initial signaling data to connect to the media server;
sending, by the media server, media data for a subset of the plurality of client computing devices to the plurality of client computing devices;
sending, by the media server, identifiers of the media data to the plurality of client computing devices.

US Pat. No. 10,171,525

AUTONOMIC MEETING EFFECTIVENESS AND CADENCE FORECASTING

INTERNATIONAL BUSINESS MA...

1. A method comprising:configuring an autonomous system to receive meeting participation data from a meeting participation tool that is configured in a meeting environment;
collecting, using the autonomous system via the meeting participation tool of the meeting environment, the meeting participation data of a meeting in-progress, the meeting comprising a group of participants;
analyzing, using the autonomous system, the meeting participation data to identify a topic being discussed in the meeting;
forecasting, using the autonomous system, using a processor and a memory, using a trend of affective states of a participant, a future affective state of the participant relative to the topic;
evaluating, using the autonomous system, the future affective state to conclude that data contributed by the participant at a future time in the meeting is not likely to progress the topic to completion by at least a specified degree;
selecting, using the autonomous system, a cognitive system (cog) trained in the subject-matter; and
adding, using the autonomous system, the cog to the meeting before the future time and while the meeting is in-progress, the adding the cog causing the cog to receive the meeting participation data from the meeting participation tool in the meeting environment, and further causing the cog to insert a cog output in the meeting participation data.

US Pat. No. 10,171,524

METHODS AND SYSTEMS FOR ESTABLISHING, HOSTING AND MANAGING A SCREEN SHARING SESSION INVOLVING A VIRTUAL ENVIRONMENT

Adobe Systems Incorporate...

1. A web conferencing system comprising:one or more processors of a web conferencing server; and
one or more computer storage media storing computer-executable instructions that, when executed by the one or more processors, implement a method comprising:
receiving, from a web conferencing application executing at a host computing device, a request to establish a web conferencing session, the web conferencing session including the host computing device and a participant computing device,
based on the request to establish the web conferencing session, establishing the web conferencing session,
receiving, from the web conferencing application executing at the host computing device, a request to establish a remote desktop connection with a remote computing device, wherein the remote desktop connection enables the host computing device to control the remote computing device and provides for sharing a graphical user interface that is generated by the remote computing device for presentation at a display of the remote computing device, and wherein the request to establish the web conferencing session and the request to establish the remote desktop connection are received in a single communication session between the host computing device and the web conferencing server,
receiving, from the web conferencing application executing at the host computing device, an indication of an identity of the remote computing device, wherein the indication of the identity of the remote computing device is received based on a prompt for information identifying the remote computing device,
based on the request to establish the remote desktop connection with the remote computing device and on the indication of the identity of the remote computing device, establishing the remote desktop connection with the remote computing device, and
based on the remote desktop connection, sharing the graphical user interface that is generated by the remote computing device with the host computing device and the participant computing device.

US Pat. No. 10,171,523

MULTI-TIER PUSH SERVICE CONTROL ARCHITECTURE FOR LARGE SCALE CONFERENCE OVER ICN

Futurewei Technologies, I...

1. A multi-tier conference service controller comprising:a network interface connecting the conference service controller to a plurality of conference service proxies and further connecting the conference service controller to a plurality of conference service clients via the conference service proxies to form a multi-tier conference service network;
a memory configured to store a conference digest log, the conference digest log comprising a plurality of conference events performed by the conference service clients, each of the conference events comprising a fingerprint (FP) update, the conference digest log comprising a plurality of entries associated with previous FP updates for the conference events performed by the conference service clients; and
a processor coupled to the network interface and the memory, wherein the processor is configured to:
receive, via the network interface, a first message from a first conference service proxy, the first message comprising a first FP update associated with a recent conference event performed by a first conference service client associated with the first conference service proxy, the first FP update comprising a type of the recent conference event, a signature profile of a conference participant associated with the first conference service client, and a non-location based address of a data object associated with the recent conference event and being related to content that is accessed during the recent conference event;
update the conference digest log according to the first FP update;
push, via the network interface, a second message to a second conference service proxy, the second message comprising a current entry for the first conference service proxy in the conference digest log, a last entry for the first conference service proxy obtained from the entries associated with the previous FP updates, and the first FP update of the first message;
perform a third update to the conference digest log by removing the first conference service client from the conference digest log; and
push, via the network interface, a third message indicating the removal of the first conference service client to the second conference service proxy.

US Pat. No. 10,171,522

VIDEO COMMENTARY

Google LLC, Mountain Vie...

1. A computer-implemented method, comprising:receiving, at a computing device associated with a viewing user, video media content, wherein the viewing user is a member of a social network;
displaying, at the computing device, a graphical user interface (GUI) that includes a media display portion for the video media content and a comment display portion for comments received from one or more other users, wherein the GUI further includes at least one user selectable option to selectively display comments from the one or more other users;
playing, at the computing device, the video media content; and
receiving, at the computing device via the at least one user selectable option of the GUI, a first selection of a first set of the one or more other users who are members of the social network,
wherein the first selection indicates a request of the viewing user to view comments associated with the first set of the one or more other users,
wherein one or more of the comments associated with the first set of the one or more other users are displayed in the comment display portion of the GUI in response to receiving the first selection.

US Pat. No. 10,171,520

SEAMLESSLY CONFERENCING A PREVIOUSLY-CONNECTED TELEPHONE CALL

INTERNATIONAL BUSINESS MA...

1. A system for seamlessly conferencing a telephone call, comprising:a computer comprising a processor; and
instructions which are executable, using the processor, to implement functions comprising:
establishing a telephone call connecting a first party and a second party, comprising creating a first session for the first party and a second session for the second party, the telephone call being a 2-party telephone call that is distinct from a conference call;
storing, for the telephone call, first session information describing the first session and second session information describing the second session, the first session information comprising a first phone number in use by the first party for the telephone call and a session identifier of the first session and the second session information comprising a second phone number in use by the second party for the telephone call and a session identifier of the second session;
receiving, while the telephone call continues to connect the first party and the second party, a request from the first party to create a conference call for adding a third party in communication with the first party and the second party;
determining, responsive to the receiving, that an active call record exists in which the first phone number and the second phone number are both specified, and thus concluding that the first party is already connected to the second party in the existing connected telephone call; and
non-disruptively establishing the requested conference call by moving the existing first session and the existing second session from the connected telephone call to a media server that provides the requested conference call, responsive to the concluding, without terminating the existing connected telephone call and without requiring acceptance of the conference call by the first party or the second party, further comprising:
retrieving the stored first and second session information;
generating a conference session identifier to represent the conference call;
generating a conference record and storing therein the conference session identifier, a link to the stored first session information, and a link to the stored second session information; and
updating the stored first session information and the stored second session information to include therein the conference session identifier.

US Pat. No. 10,171,518

PERFORMING AN ACTION ON CERTAIN MEDIA STREAMS IN A MULTIMEDIA COMMUNICATIONS NETWORK

Telefonaktiebolaget LM Er...

1. A method for controlling a media session involving a plurality of media streams within a communications network, wherein the communications network comprises a media resource node and a media control node controlling the media resource node, the method comprising the media control node:determining that selected media streams out of the plurality of media streams are associated to each other in the media session;
generating a first instruction to group the determined selected media streams, the first instruction comprising a description packet for each of the determined selected media streams associated to a termination of the media resource node;
transmitting, to the media resource node, the first instruction to group the determined selected media streams; and
transmitting, to the media resource node, a second instruction to prepare for performing an action with respect to the determined selected media streams, wherein the second instruction comprises an indication of a media stream identifier representing the group of the determined selected media streams and an indication of the action to be performed.

US Pat. No. 10,171,517

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer system for handling notification about a malformed SIP response, the computer program product, the computer system comprising:a processor(s) set;
a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication,
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,516

NOTIFYING RESPONSE SENDER OF MALFORMED SESSION INITIATION PROTOCOL (SIP) RESPONSE MESSAGES

International Business Ma...

1. A computer program product for handling notification about a malformed SIP response comprising:a non-transitory computer readable storage medium; and
program instructions stored on the non-transitory computer readable storage medium, with the program instructions including computer code for causing a processor(s) set to perform at least the following operations:
in response to program instructions to receive a malformed response message at a session initiation protocol (SIP) client, from a SIP server, producing a dedicated acknowledgment (ACK) message,
sending the dedicated ACK message to the SIP server, wherein the dedicated ACK message includes the malformed response message and a header of the malformed response in a raw body,
receiving, by the SIP server, the dedicated ACK message including the malformed response message,
amending, by the SIP server, contents of the dedicated ACK message to correct the malformed response message and thereby obtain a well-formed response message that includes all of the following: an Error-In-Response header including information indicative of a reason for the malformation of the malformed response message, and headers of the malformed response message as a raw body of the well-formed response message, and
sending, by the SIP server, the well-formed response message to the SIP client, to establish a communication;
wherein the sending of the dedicated ACK message to the SIP server further includes passing the dedicated ACK message through a plurality of proxy servers before arriving at the SIP server.

US Pat. No. 10,171,511

MEDIA SESSION BETWEEN NETWORK ENDPOINTS

Microsoft Technology Lice...

1. A computer-implemented method of establishing a media session between a first endpoint and a second endpoint via a communication network based on connectivity checks performed by the endpoints, the method comprising performing operations by the first endpoint, comprising:generating at the first endpoint a set of candidate pairs for connectivity checks by exchanging network addresses between the first and second endpoints;
assigning, by the first endpoint, a respective priority to each candidate pair of the candidate pair set to produce a first priority ordering of the candidate pairs;
determining by the first endpoint whether one or more connectivity check modification criteria is met for each candidate pair of the candidate pair set, wherein the connectivity check modification criteria is evaluated for each candidate pair based on characteristics of a potential network path operable between the first endpoint and the second endpoint that uses the candidate pair;
modifying, by the first endpoint and based on the determination of whether the connectivity check modification criteria is met, the respective priority of each candidate pair of the candidate set to produce a second priority ordering of the candidate pairs, such that candidate pairs that meet the connectivity check modification criteria are assigned a higher priority than any candidate pair that does not meet the connectivity check modification criteria;
determining the validity of at least two of the candidate pairs by performing connectivity checks in turn according to the second priority ordering of the candidate pairs; and
establishing the media session using a candidate pair determined to be valid.

US Pat. No. 10,171,509

FILTERING AND REDACTING BLOCKCHAIN TRANSACTIONS

International Business Ma...

1. A method, comprising:identifying a blockchain transaction;
processing content of the blockchain transaction to identify prohibited content;
determining whether to approve or disapprove the blockchain transaction based on the content of the blockchain transaction;
determining that the content is disapproved after the blockchain transaction is logged in a blockchain;
determining to redact the blockchain transaction; and
redacting the blockchain transaction logged in the blockchain by creating and storing a transaction redaction contract in a genesis block of the blockchain.

US Pat. No. 10,171,506

NETWORK SECURITY MANAGEMENT VIA SOCIAL MEDIA NETWORK

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving, by a network security appliance of a private network of an enterprise, an authentication request from a client machine coupled in communication with the private network;
responsive to the authentication request, causing a user of the client machine to be authenticated by a social media network through a personal social media network account of the user by directing, by the network security appliance, the client machine to a social login interface of the social media network;
responsive to a successful authentication by the user with the social media network via the social login interface, receiving, by the network security appliance, an access token from the social media network;
retrieving, by the network security appliance, a user profile of the user from the social media network by requesting the user profile via an application programming interface (API) of the social media network and supplying the access token;
determining, by the network security appliance, social relationship information from the user profile;
assigning, by the network security appliance, a local network security policy to the user based on the social relationship information, wherein the local network security policy defines access rights by the user for a subset of network resources of a plurality of network resources associated with the private network; and
applying, by the network security appliance, the local network security policy to access requests made by the client device in relation to one or more of the plurality of network resources.

US Pat. No. 10,171,505

PREVENTATIVE ENTERPRISE CHANGE MANAGEMENT

INTERNATIONAL BUSINESS MA...

1. A method for implementing change control management in computing center environments by a processor, comprising:monitoring, by a hardware component configured to be worn by the user, a physical activity of a user performing an action associated with computing component repair or replacement in the computing center environment;
using the hardware component to biometrically identify the user as authorized to perform the action in the computing center environment; and
when the monitored activity is one of determined to be contrary and predicted to be contrary to a preferred, predetermined action for the computing center environment, performing each of:
alerting the user that the action is contrary using the hardware component configured to be worn by the user, and
performing an operation that secures data in the computing center environment from damage potentially caused by the contrary action; wherein the operation comprises putting at least a portion of the computing center environment into a recoverable downstate including initiating a data dump operation.

US Pat. No. 10,171,504

NETWORK ACCESS WITH DYNAMIC AUTHORIZATION

Cisco Technology, Inc., ...

1. A method comprising:receiving at an enforcement node, a request to access a network from an endpoint;
transmitting at the enforcement node, the access request to a policy server;
receiving at the enforcement node from the policy server, a dynamic authorization for a communication session between the endpoint and the network, the dynamic authorization comprising a plurality of ranks and a policy for access to the network by the endpoint during the communication session for each of said ranks;
assigning the endpoint to one of said ranks and applying said policy associated with said rank to traffic received from the endpoint at the enforcement node during the communication session between the endpoint and the network; and
assigning the endpoint to a different one of said ranks and applying said policy associated with said rank to the traffic received from the endpoint during the communication session between the endpoint and the network without reauthentication of the endpoint;
wherein assigning comprises dynamically promoting or demoting the endpoint to a different one of said ranks.

US Pat. No. 10,171,500

SYSTEMS, APPARATUSES, AND METHODS FOR ENFORCING SECURITY ON A PLATFORM

INTEL CORPORATION, Santa...

1. A system comprising:a manageability engine of a computer platform comprising a processor, the manageability engine to detect if a software agent of the computer platform is removed by using a watchdog service that detects if there is a presence of the software agent by detecting the software agent sending a presence message within a certain time period or frequency of sending the presence message, wherein the manageability engine is isolated from the processor of the computer platform; and
a software agent enclave, wherein the software agent enclave and manageability engine each include a specific session key to be used for communications between the software agent enclave and the manageability engine, and wherein the software agent is run in the software agent enclave; wherein the manageability engine includes a service layer to maintain a table of manageability engine services, software agent enclaves, and their corresponding keys and restarts the software agent or shuts down the system if the watchdog service does not detect the presence of the software agent.

US Pat. No. 10,171,499

ZONE-BASED SECURITY ARCHITECTURE FOR INTRA-VEHICULAR WIRELESS COMMUNICATION

1. A method for vehicular communication, comprising:establishing two or more secure zones on a vehicle system, each secure zone belonging to a secured network segment which is not a public network segment and to which predefined authorized users have access and unauthorized users do not have access and having a respective one or more node devices;
performing an authentication procedure to authenticate and authorize the one or more node devices;
establishing at least one secure wireless communication tunnel between the two or more secure zones; and
establishing a dynamic address learning mechanism for data routing between the two or more secure zones.

US Pat. No. 10,171,496

BEACON SPOOFING PREVENTION

Cisco Technology, Inc., ...

1. A method comprising:at a server configured to communicate with a mobile device over a network:
receiving, from the mobile device, information derived by the mobile device from a proximity beacon signal transmitted to the mobile device by a beacon device, the information including: a unique identifier representing a serial number of the beacon device; non-unique identifiers including a major code indicative of a first location area and a minor code indicative of a second location area that is a subset of the first location area; and a beacon authentication value that increments from an initial seed value based on time according to a security algorithm;
incrementing a local verification value from the initial seed value based on a clock according to the security algorithm;
performing a comparison of the beacon authentication value to a past incremented local verification value, instead of a current incremented local verification value, to account for time delays caused by transmission of the proximity beacon signal to the beacon device and transmission of the information from the mobile device to the server;
if the comparison indicates a match, providing access to a location service based on at least one of the unique identifier and the non-unique identifiers, and providing the location service to the mobile device based on the comparison; and
if the comparison does not indicate a match, removing the unique identifier received so that no location service is applied in the future for the beacon device.

US Pat. No. 10,171,495

DETECTION OF MODIFIED REQUESTS

AMAZON TECHNOLOGIES, INC....

1. A computer-implemented method, comprising:receiving, to a resource provider environment, a request for a connection to a resource;
determining a set of connection parameters for the request, the connection parameters selected from at least two layers of a networking framework;
analyzing the set of connection parameters, prior to establishing the connection to the resource, to determine connection parameter data corresponding to at least one combination of at least a subset of the set of connection parameters;
comparing the connection parameter data to a set of connection parameter signatures, each connection parameter signature corresponding to a previously determined combination and ordering of connection parameters having a determined probability of corresponding to a man-in-the-middle attack on a respective connection;
determining one or more matching signatures, of the set of connection parameter signatures, corresponding to the connection parameter data;
calculating, for the request, a request probability value based at least in part upon the respective probabilities of the one or more matching signatures;
comparing the request probability value to a probability threshold; and
performing at least one determined action in response to the request probability value exceeding the probability threshold.

US Pat. No. 10,171,492

DENIAL-OF-SERVICE (DOS) MITIGATION BASED ON HEALTH OF PROTECTED NETWORK DEVICE

Fortinet, Inc., Sunnyval...

1. A method comprising:receiving from an administrator of a private network, by a Denial of Service (DoS) mitigation device associated with the private network and logically interposed between a plurality of computing devices residing external to the private network and a network device protected by the DoS mitigation device, information indicative of a traffic metric threshold and one or more health parameter thresholds;
receiving, by the DoS mitigation device, traffic directed to the protected network device from the plurality of computing devices; and
tracking, by the DoS mitigation device, a traffic metric representing a measure of the traffic being processed by the protected network device; and
selectively forwarding or dropping, by the DoS mitigation device, the traffic based on a combination of the traffic metric, the traffic metric threshold, one or more health parameters associated with the protected network device and the one or more health parameter thresholds by:
when the traffic metric is at or below the traffic metric threshold, forwarding, by the DoS mitigation device, the traffic to the protected network device; and when the traffic metric is greater than the traffic metric threshold:
monitoring, by the DoS mitigation device, the one or more health parameters associated with the protected network device, the one or more health parameters individually or collectively indicative of an ability or an inability of the protected network device to handle additional traffic;
when a health status of the protected network device resulting from a comparison of the one or more health parameters to corresponding thresholds of the one or more health parameter thresholds is indicative of the ability of the protected network device to handle additional traffic, forwarding, by the DoS mitigation device, the traffic to the protected network device; and
when the health status is indicative of the inability of the protected network device to handle additional traffic, preventing, by the DoS mitigation device, the traffic from being received by the protected network device by dropping the traffic.

US Pat. No. 10,171,491

NEAR REAL-TIME DETECTION OF DENIAL-OF-SERVICE ATTACKS

Fortinet, Inc., Sunnyval...

1. A method for detecting a distributed denial-of-service (DDoS) attack, the method comprising:receiving, at a network device, a plurality of access requests from a source Internet Protocol (IP) address;
storing, in a first database operatively coupled with the network device, temporal information relating to the plurality of access requests from the source IP address;
determining, by the network device, based on a first defined condition, whether compression is to be performed on the stored temporal information;
compressing the stored temporal information, by the network device, when a result of said determining is affirmative;
computing, by the network device, a compression ratio of the compressed temporal information with respect to the stored temporal information in uncompressed form; and
identifying, by the network device, the source IP address as malicious when the compression ratio is greater than a defined baseline value.

US Pat. No. 10,171,489

METHOD FOR COMPUTER SECURITY BASED ON MESSAGE AND MESSAGE SENDER

HUAWEI TECHNOLOGIES CO., ...

1. A method, comprising:receiving an email message that is associated with HyperText Markup Language (HTML);
determining a sender of the email message;
determining whether the sender of the email message is trusted, wherein determining whether the sender of the email message is trusted includes determining whether the sender of the email message is associated with a whitelist;
retrieving domain-related information by performing a DNS query on a domain associated with the sender of the email message;
based on at least in part on the domain-related information, determining whether the sender of the email message is verified;
when the sender is both trusted and verified, treating the email message as trustworthy;
in response to treating the email message as trustworthy, rendering the HTML when displaying the email message;
when the sender is not trusted and verified, treating the email message as not trustworthy; and
in response to treating the email message as not trustworthy, displaying a restricted version of the email message.

US Pat. No. 10,171,487

GENERATING A VIRTUAL DATABASE TO TEST DATA SECURITY OF A REAL DATABASE

International Business Ma...

1. A computer system for determining a data security risk level of a virtual database, the computer system comprising:a bus system;
a storage device connected to the bus system, wherein the storage device stores program instructions; and
a processor connected to the bus system, wherein the processor executes the program instructions to:
import an object catalog corresponding to a real database into the virtual database;
organize objects in the object catalog by levels within the virtual database;
determine whether one or more data security policy definitions corresponding to a set of objects referenced by test query message traffic performed an action in response to determining that one or more test query messages in the test query message traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions;
return a data security test failure result in response to determining that one or more of the data security policy definitions corresponding to the set of objects referenced by the test query message traffic did not perform the action in response to determining that one or more test query messages in the traffic run on the virtual database did not satisfy respective parameters of the one or more data security policy definitions; and
determine a data security risk level for the virtual database based on the returned data security test result.

US Pat. No. 10,171,486

SECURITY AND AUTHENTICATION DAISY CHAIN ANALYSIS AND WARNING SYSTEM

International Business Ma...

1. A method, implemented by an information handling system that includes one or more processors and a memory accessible by at least one of the processors, the method comprising:monitoring a plurality of sets of user authentication data pertaining to a first plurality of network sites, wherein each of the sets of user authentication data is used by a user to access one of the first plurality of network sites;
storing a first set of metadata pertaining to the plurality of sets of user authentication data in a database;
gathering a plurality of outputs displayed by a second plurality of network sites, wherein the first plurality of network sites is a subset of the second plurality of network sites;
storing a second set of metadata pertaining to the plurality of outputs in the database;
performing an analytical analysis based on the sets of user authentication data and the gathered outputs; and
alerting the user regarding one or more security vulnerabilities, wherein at least one of the vulnerabilities corresponds to a selected one of the plurality of outputs matching at least a portion of a selected set from the user authentication data, and wherein the alerting further comprises providing a visual representation that depicts one or more links between the first set of metadata and the second set of metadata.

US Pat. No. 10,171,485

SYSTEM CONVERSION IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

1. A method of providing security in a networked computing environment, comprising:detecting, by at least one computer device, a breach of a first system in the networked computing environment;
determining a distance between a second system in the networked computing environment and the first system, the second system being a non-breached system;
determining whether or not the non-breached second system is an at-risk system based on whether or not the determined distance between the non-breached second system and the first system exceeds a threshold; and
in response to determining that the non-breached second system is the at-risk system, re-generating, by the at least one computer device, the non-breached second system as a new virtual machine at a new location in the networked computing environment,
wherein the determining whether or not the non-breached second system is the at-risk system comprises determining a risk factor for the non-breached second system and comparing the risk factor to the threshold.

US Pat. No. 10,171,484

SECURING SERVICES IN A NETWORKED COMPUTING ENVIRONMENT

INTERNATIONAL BUSINESS MA...

4. A system, comprising:a CPU, a computer readable memory and a computer readable storage medium associated with a computer device of a service provider;
program instructions to receive, by the computer device, a breach notification from a user device, wherein the user device includes a client that corresponds to the service provider, and the breach notification indicates a potential security compromise of the user device;
program instructions to identify, by the computer device, a plurality of user devices that have the client; and
program instructions to transmit, by the computer device, a respective security profile, from among a plurality of security profiles, to each of the identified plurality of user devices, wherein each of the plurality of security profiles defines a security challenge that must be completed by a respective user device, from among the plurality of user devices, to obtain access,
wherein the program instructions are stored on the computer readable storage medium for execution by the CPU via the computer readable memory,
wherein each respective security profile, from among the plurality of security profiles, is specific to a corresponding one of the plurality of user devices, and different from security profiles of others of the plurality of user devices.

US Pat. No. 10,171,483

UTILIZING ENDPOINT ASSET AWARENESS FOR NETWORK INTRUSION DETECTION

Symantec Corporation, Mo...

1. A method comprising:determining, by a prioritizing scan, a destination identifier from a network payload;
performing, by the prioritizing scan, a hash function on the destination identifier to compute a hash value, wherein a destination endpoint is determined by using the hash value as a key to query destination mapping data and wherein the hash function is defined in stored configuration data;
determining, by a processing device executing an intrusion device, a sensitivity level of the destination endpoint that was determined based on the hash value, wherein the sensitivity level is based at least in part on a content of data stored at the destination endpoint;
identifying one or more rules that correspond to sensitive content data stored at the destination endpoint, wherein the one or more rules describe a number of signatures in a subset of the plurality of signatures and specify individual signatures from the plurality of signatures to be included in the subset of the plurality of signatures and a prioritization action;
wherein the subset of signatures specific to the sensitive content data stored at the destination endpoint comprises a number of signatures that is proportional to a sensitivity level of content data stored at the destination endpoint, and wherein first content of the specific subset of the plurality of signatures is distinct from second content of other subsets of the plurality of signatures that correspond to other sensitivity levels; and
determining, by the intrusion device, whether network data comprises an intrusion in view of the subset of signatures, wherein determining whether the network data comprises an intrusion comprises prioritizing scanning of the network data in view of one or more thresholds for various sensitivity levels of the destination endpoint, and applying the prioritization action to the network data.

US Pat. No. 10,171,482

PRE-PROCESSING BEFORE PRECISE PATTERN MATCHING

International Business Ma...

1. A computer system for identifying a target pattern from a stream of patterns, the target pattern and the stream of patterns comprises consecutive elements and the target pattern comprises one or more of the consecutive elements of the stream of patterns, the method comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on the one or more computer-readable storage media for execution by at least one of the one or more computer processors, the program instructions comprising:
program instructions to acquire a first occurrence value for each element in the target pattern, wherein the first occurrence value is equal to the number of times each element occurs in the target pattern;
program instructions to store a predetermined number of consecutive elements from the stream of patterns in a buffer as a section of elements, wherein the section of elements is defined by a buffer starting point indicator and a buffer ending point indicator;
program instructions to determine a second occurrence value for each element in the target pattern, wherein the second occurrence value is equal to the number of times each element in the target pattern occurs in the section of elements stored in the buffer;
program instructions to update the buffer to include one additional element in the section of elements by moving the buffer ending point indicator towards the end of the stream of patterns by one element;
program instructions to repeat determining the second occurrence value and updating the buffer until the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to output the elements in the buffer in response to determining the second occurrence value matches the first occurrence value for each element in the target pattern;
program instructions to perform a precise pattern matching operation on the outputted elements of the buffer to determine if the target pattern is contained within only the last x elements of the buffer, wherein x is equal to the number of elements in the target pattern; and
in response to determining the target pattern is not contained within the last x elements of the buffer, program instructions to reset the buffer to its initial length by updating the buffer starting point indicator to indicate the (y ?x +1)th character, wherein y is equal to the buffer ending point indicator.

US Pat. No. 10,171,481

SYSTEM AND METHOD FOR ENHANCED DISPLAY-SCREEN SECURITY AND PRIVACY

INTERNATIONAL BUSINESS MA...

1. A security system comprising:a memory;
a hardware processor coupled to the memory;
a sensitivity determining module including instructions on said memory executed by the hardware processor for assigning a sensitivity value for text in a communication, wherein when the communication includes keywords in a sequence designated as being sensitive the sensitivity value is greater than a threshold sensitivity level, and when the communication does not include said keywords designated as being sensitive, the sensitivity values is less than the threshold sensitivity level;
a parsing module including instructions on said memory executed by the hardware processor for parsing the communication into a sequence of text fragments when the value of sensitivity assigned to said text in the communication by the sensitivity determining module exceeds the threshold sensitivity value, and indicates a sensitive message, or not parsing the communication when the value of the sensitivity assigned to said text in the communication by the sensitivity determining module does not exceed the threshold sensitivity value, and indicates a message that is not sensitive, wherein the parsing module for parsing sensitive communications changes the order of letters in each word of the communication except for the first letter and last letter of said each word; and
a transmission module including instructions on said memory executed by the hardware processor for transmitting the communication of the sensitive message as the sequence of text fragments as a rapid serial visualization (RSV) presentation, or transmitting the communication without parsing when the message is not sensitive.

US Pat. No. 10,171,480

CLOUD-BASED SURVEILLANCE WITH INTELLIGENT TAMPER PROTECTION

INTERNATIONAL BUSINESS MA...

1. A computer implemented method for managing a security system, the computer-implemented method comprising:receiving, at a central communication unit from a first surveillance device, a recording of first surveillance data captured by the first surveillance device, wherein the first surveillance data is received by way of at least one of a first transmission channel and a second transmission channel between the first surveillance device and the central communication unit, wherein the second transmission channel is redundant with the first transmission channel;
transmitting the first surveillance data, from the central communication unit to a cloud storage, wherein the first surveillance data is transmitted by way of at least one of a third transmission channel and a fourth transmission channel between the first surveillance device and the central communication unit, wherein the fourth transmission channel is redundant with the third transmission channel; and
performing buffering preparations on the first surveillance data prior to the central communication unit transmitting the first surveillance data to the cloud storage, wherein the buffering preparations performed are dependent on a current state of the security system.

US Pat. No. 10,171,479

FAST MULTICAST MESSAGING ENCRYPTION AND AUTHENTICATION

SONY INTERACTIVE ENTERTAI...

1. A sender device comprising:at least one computer memory that is not a transitory signal and that comprises instructions executable by at least one processor to:
access a first key;
encrypt the first key with a second key to render an encrypted key;
encrypt the encrypted key with a key of at least a first recipient device to render a first device key (FDK);
concatenate the first FDK and the encrypted key to render a concatenation;
sign the concatenation to render a signed concatenation; and
distribute the signed concatenation to at least the first receiver for use in securely exchanging digital information at least in part by using the sender device to transmit the signed concatenation to the first receiver.

US Pat. No. 10,171,478

EFFICIENT AND SECURE METHOD AND APPARATUS FOR FIRMWARE UPDATE

1. A vehicle, comprising:an untrusted electronic control unit (ECU) comprising a receiver, a processor, and a memory, the receiver configured for receiving from a secure server a firmware update package including one or more firmware updates, and the memory of the untrusted ECU configured to store the firmware update package;
a secure ECU operatively coupled to the untrusted ECU, the secure ECU configured for authenticating the firmware update package; and
one or more target ECUs, each operatively coupled to the untrusted ECU and to the secure ECU, each respective target ECU comprising a bootloader configured for computing a checksum for a respective firmware update of the one or more firmware updates and signing the checksum with a unique key associated with the respective target ECU.

US Pat. No. 10,171,477

AUTHENTICATED DATA STREAMING

Amazon Technologies, Inc....

1. A non-transitory computer-readable storage medium having stored thereon executable instructions that, as a result of being executed by one or more processors of a computer system, cause the computer system to at least:establish a Hypertext Transport Protocol (“HTTP”) connection to a service;
send a header of an HTTP multipart request to the service via the HTTP connection;
acquire data representing a portion of a content stream;
after sending the header, send the data to the service via the HTTP connection as a first part of the HTTP multipart request;
determine an authentication code for the portion of the content stream; and
send the authentication code to the service via the HTTP connection as a second part of the HTTP multipart request after sending the first part.

US Pat. No. 10,171,476

SYSTEM AND METHOD FOR PROTECTING THE PRIVACY OF IDENTITY AND FINANCIAL INFORMATION OF THE CONSUMER CONDUCTING ONLINE BUSINESS

1. A method of providing verification of an individual to a third party by providing to the third party a representation of an originally issued identity document associated with information provided by the individual during the verification process comprising:providing to a first electronic device first credential information relating to the individual associated with the first electronic device; the first credential information authorizing submission of a first message to a remote server;
transmitting first data from the first electronic device to the remote server, the first data comprising an authorization to submit information derived from the originally issued identity document to a second device associated with the third party;
transmitting second data from the first electronic device to the remote server, the second data comprising second credential information needed to complete independent verification of the first data by the remote server;
the remote server cryptographically combining the first data and the second data to generate a result and using the result to locate a matching verification entry in a database or similar data storage entity;
in response to locating the match of verification entry, delivering third data by the remote server to a second electronic device associated with the third party, the third data consisting of the information derived from the originally issued identity document required by the third party; and
denying delivering the third data when the matching verification entry cannot be located.

US Pat. No. 10,171,475

CLOUD EMAIL MESSAGE SCANNING WITH LOCAL POLICY APPLICATION IN A NETWORK ENVIRONMENT

McAfee, LLC, Santa Clara...

1. At least one machine readable storage medium including instructions that, when executed by at least one processor, cause the at least one processor to perform operations comprising:receiving, at a gateway device in a protected network from a cloud services device connected to the gateway device via a network connection, message metadata of an email message received at the cloud services device en route to an intended recipient associated with the protected network from a sender in an external network, wherein the message metadata is to be received without receiving the email message, is communicated as a bespoke extension to SMTP protocol, and includes at least one of connection information for the email message and protocol information for the email message, the connection information for the email message including at least one of an IP address of a sending host and a domain of the sending host and the protocol information for the email message including at least one of a sender email address, a sender domain name, a recipient email address, and a recipient domain name;
sending from the gateway device to the cloud services device a request for scan results data of the email message based on determining by the gateway device that receiving the email message is not prohibited by one or more metadata policies;
receiving the scan results data without receiving the email message;
based, at least in part, on the scan results data, sending a response to cause the email message to be forwarded from the cloud services device to the protected network;
receiving the email message in the protected network;
scanning the received email message for content prohibited by one or more local scan policies; and
blocking the email message from being forwarded to the intended recipient based, at least in part, on determining that sending the email message to the intended recipient is prohibited by at least one of the one or more local scan policies.

US Pat. No. 10,171,473

CONTENT FILTERING FOR PERSONAL PRODUCTIVITY APPLICATIONS

International Business Ma...

1. A method comprising:determining a set of content rules that controls delivery of messages stored on a user device by an e-mail application running on the user device according to a first context profile;
receiving a selection of the first context profile from a set of context profiles;
responsive to the selection of the first context profile, filtering a first set of messages associated with the e-mail application to identify context-specific messages by applying the set of content rules; and
causing the e-mail application to deliver only the context-specific messages for display on the user device;
wherein:
each context profile of the set of context profiles is associated with a corresponding set of content rules; and
the determining a set of content rules includes identifying the corresponding set of content rules associated with a context profile selected from the set of context profiles.

US Pat. No. 10,171,472

ROLE-SPECIFIC SERVICE CUSTOMIZATION

Microsoft Technology Lice...

1. One or more computing devices comprising:one or more processors; and
one or more memory storing computer-executable instructions, which, when executed by the one or more processors, cause the one or more computing devices, in aggregate, to:
provide a computer-network-accessible service that is interacted with by an individual user, the individual user having multiple roles and interacting with the service differently depending on which of the multiple roles the individual user has assumed during the individual user's interaction with the service;
receive a detected action of the individual user;
select, from among the multiple roles, a current role of the individual user based on the detected action of the individual user, the detected action having been previously associated with the current role as a role determinant of the current role; and
select a current role profile, which controls the individual user's interactions with the service, based on the selected current role, the current role profile comprising an explicit enumeration of both: (1) at least one included profile detail and (2) at least one excluded profile detail.

US Pat. No. 10,171,471

EVIDENCE-BASED ROLE BASED ACCESS CONTROL

International Business Ma...

1. A method for assigning roles to multiple users of a computer system, comprising:assigning, to the multiple users, respective sets of original roles for accessing data stored on the computer system;
performing, in response to requests from the multiple users, multiple operations on the data;
generating a transaction log file comprising a plurality of entries, each of the entries storing attributes of a given operation;
identifying, by a processor based on the entries in the log file, a respective set of learned roles for each of the multiple users by defining, for each transaction log entry, a connection comprising one or more of the attributes and indicating a path from one of the multiple users to a given table accessed by the one of the users, identifying a unique set of the connections, defining a set of initial roles in a one-to-one correspondence with the unique set of the connections, each of the initial roles comprising an initial set of the users and a set of initial permissions, and applying, by the processor to the initial roles, a Hierarchical Clustering algorithm to identify the set of learned roles, each of the learned roles comprising a set of clustered permissions and associated with a subsequent set of the users;
assigning, to each given user, the respective sets of the learned roles associated with the given user; and
restricting, to the multiple users based on their respective assigned learned roles, access to the data on the computer system.

US Pat. No. 10,171,469

INFORMATION PROCESSING SYSTEM, ACCESS METHOD, AND TERMINAL DEVICE

Ricoh Company, Limited, ...

1. An information processing system comprising:a terminal device; and
an information processing apparatus including,
a processor configured to register information, the information linking a content to a target image, and
a memory configured to store a medium code and device information such that the medium code is associated with the device information, the device information identifying the terminal device wherein
the terminal device including a processor configured to,
obtain a captured image by capturing a subject, the captured image including the target image and a code image extractable from the captured image, the code image being on the target image, the code image being designable based on the target image,
acquire access destination information from the information processing apparatus based on the captured image, the access destination information indicating a source of the content,
retrieve, via the source, the content corresponding to the captured image based at least on the medium code acquired from the code image such that, if the medium code is registered to a different terminal device, the processor of the terminal device is unable to retrieve the content from the source, and
provide, via a display, the content linked to the target image included in the captured image based on the code image extracted from the captured image.

US Pat. No. 10,171,468

SELECTIVE PROCESSING OF APPLICATION PERMISSIONS

International Business Ma...

1. A method for processing application permission requests, the method comprising:detecting, by a processor of a computing system, that an application has been downloaded to the computing system;
establishing, by the processor, a data exchange between the application and a gateway interface of the computing system to prevent a data exchange between an operating system of the computing device and the application, by at least one of intercepting and overriding APIs of the application, in response to the application being downloaded to the computing system;
receiving, by the processor, one or more permission requests from the application for resources located on the computing system;
determining, by the processor, that at least one of the one or more permission requests is a required permission of the application;
prompting, by the processor, the user to decide the one or more permission requests;
receiving, by the processor, a denial of the required permission from the user, in response to the prompting;
responding, by the processor, to the application by providing spoofed resources to the application to satisfy the required permission of the application;
generating, by the processor, one or more templates of simulated spoofed resources over time based on a learning algorithm that analyzes historical responses of spoofed resources to required permissions; and
storing, by the processor, the one or more templates for automatically simulating spoofed resources to satisfy the required permissions of subsequent applications downloaded to the computing system.

US Pat. No. 10,171,467

DETECTION OF AUTHORIZATION ACROSS SYSTEMS

International Business Ma...

1. A computer-implemented method comprising:receiving, at a first system and from a second system unauthorized by the first system, a request for operating a resource of the first system;
in response to an authorization chain being detected based on a first record, authorizing the operation of the resource of the first system, the authorization chain including at least a third system that authorizes the second system and is authorized by the first system, the first record at least indicating one or more systems that are authorized by the first system to operate resources of the first system wherein a record associated with the authorization chain is updated, based on a user input, creating a dynamic authorization relationship.

US Pat. No. 10,171,466

MAINTAINING A COMMON IDENTIFIER FOR A USER SESSION ON A COMMUNICATION NETWORK

Sprint Communications Com...

1. A method of operating a communication network comprising:an access node receiving an access request from a user device and responsively transferring a first authentication request for the user device to an authentication node;
the authentication node receiving the first authentication request for the user device and authorizing a communication session for the user device;
the authentication node transferring a billing identifier for the communication session for the user device to the access node responsive to the communication session authorization;
the access node receiving the billing identifier for the communication session for the user device and responsively transferring an application registration for the user device to an application node;
the application node receiving the application registration for the user device and responsively transferring a second authentication request for the user device to the authentication node;
the authentication node receiving the second authentication request for the user device, correlating the second authentication request to the authorized communication session for the user device, and transferring the billing identifier for the communication session for the user device to the application node;
the application node receiving the billing identifier for the communication session for the user device;
the access node tracking network usage for the user device over the communication session and transferring network usage records having the billing identifier for the communication session for the user device to a billing node;
the application node tracking mobile internet application usage for the user device over the communication session and transferring mobile internet application usage records having the billing identifier for the communication session for the user device to the billing node; and
the billing node receiving the network usage records and the mobile internet application usage records and responsively reconciling the network usage and the mobile internet application usage for the user device based on the billing code.

US Pat. No. 10,171,465

NETWORK AUTHORIZATION SYSTEM AND METHOD USING RAPIDLY CHANGING NETWORK KEYS

1. A method for authenticating a client device for access to a host device, the client device having a device identifier, the method comprising the steps of:generating a first timestamp in the client device, the first timestamp including at least two time unit values;
retrieving a first group of character strings from a host string table in the client device, each character string within the first group being related within the host string table to a time unit value of the first timestamp;
combining the first group of character strings into a first string set;
creating an initiating string in the client device, the initiating string including the device identifier, the first timestamp, and the first string set;
sending the initiating string to the host device;
retrieving a second group of character strings from a host string table in the host device,
each character string within the second group being related within the host string table to a time unit value of the first timestamp;
combining the second group of character strings into a second string set;
comparing the first string set to the second string set;
generating a second timestamp in the host device, the second timestamp including at least two time unit values;
sending the second timestamp to the client device;
retrieving a third group of character strings from a client string table in the client device,
each character string within the third group being related within the client string table to a time unit value of the second timestamp;
combining the third group of character strings into a third string set;
creating a verification string in the client device, the verification string including the device identifier, the second timestamp, and the third string set;
sending the verification string to the host device;
retrieving a fourth group of character strings from a client string table in the host device, the client string table being associated with the client device, each character string within the fourth group being related within the client string table to a time unit value of the second timestamp;
combining the fourth group of character strings into a fourth string set; and
comparing the fourth string set with the third string set;
granting the client device access to an advanced login stage when the fourth string set is identical to the third string set;
generating a third timestamp in the client device, the third timestamp including at least two time unit values;
sending the third timestamp to the host device;
retrieving a fifth group of character strings from a client string table in the host device, each character string within the fifth group being related within the client string table to a time unit value of the third timestamp;
concatenating the fifth group of character strings into a fifth string set in an order determined by a client sequence table in the host device, the client sequence table relating an order of time units to the value of one of the time units;
sending the third timestamp and third string set to the client device;
retrieving a sixth group of character strings from a client string table in the client device, each character string within the sixth group being related within the client string table to a time unit value of the third timestamp;
concatenating the sixth group of character strings into an order determined by a client sequence table in the client device, the client sequence table relating an order of time units to a time unit value of the third timestamp; and
comparing the sixth string set with the fifth string set; and
blocking the host device from accessing the client device when the fifth string set does not match the sixth string set.

US Pat. No. 10,171,464

DATA PROCESS APPARATUS, DATA SHARING METHOD, AND DATA PROCESS SYSTEM

Ricoh Company, Ltd., Tok...

1. A data process apparatus comprising:a processor that is configured to:
receive a creation request for creating a sharable data storage space from an unauthenticated data terminal that is not authenticated to access the sharable data storage via a first authentication route and transmit a response to the unauthenticated data terminal, the response including access data indicating authorization for accessing the sharable data storage space via a second authentication route that is different from the first authentication route and data indicating the sharable data storage created in association with the access data;
authenticate the access data when the data process apparatus receives an access request including a designation of the access data for accessing the shared data storage space from an unauthenticated data terminal connected to a same network as the data process apparatus;
receive the access request from the unauthenticated data terminal when the authentication of the access data succeeds and perform a predetermined process in accordance with the access request, and
automatically generate the access data including an access code for each sharable data storage space and transmit the response including the access data in response to the creation request from the unauthenticated data terminal the access,
wherein the data process apparatus has a table in which the access data including the access code is managed in association with said each shareable data storage.

US Pat. No. 10,171,463

SECURE TRANSPORT LAYER AUTHENTICATION OF NETWORK TRAFFIC

Amazon Technologies, Inc....

1. A method for authenticating secure transport layer network packets, the method comprising:receiving, at a computing device, a secure transport layer network packet sent from a source computing device and addressed to a destination computing device, the secure transport layer network packet comprising a transport layer network packet and a token packet associated with the transport layer network packet, wherein the secure transport layer network packet comprises one of a User Datagram Protocol (UDP) packet or a Transmission Control Protocol (TCP) packet;
obtaining, by the computing device, a verification key for the secure transport layer network packet;
utilizing, by the computing device, the verification key to verify authenticity of the secure transport layer network packet based on data contained in the token packet;
determining, by the computing device, that the verification is successful; and
in response to determining that the verification is successful, forwarding, by the computing device, the transport layer network packet to the destination computing device.

US Pat. No. 10,171,459

METHOD OF PROCESSING A CIPHERTEXT, APPARATUS, AND STORAGE MEDIUM

FUJITSU LIMITED, Kawasak...

1. A method executed by an authentication system that includes a terminal device and an encryption processing device, the method comprising:acquiring, by a sensor included in the terminal device, biometric information;
generating, by a first processor included in the terminal device, a ciphertext from the acquired biometric information;
receiving, by a second processor included in the encryption processing device, a request for an authentication from the first processor, the request including the generated ciphertext;
acquiring a part of a plurality of encrypted elements included in the ciphertext, each of the plurality of encrypted elements being an encrypted element in which values of a plurality of elements in a multidimensional determination target vector are respectively encrypted by homomorphic encryption, in response to the request;
decrypting the acquired part of the plurality of encrypted elements; and
determining that the authentication is failed when at least one of values obtained by the decrypting is a value other than 0 and 1.

US Pat. No. 10,171,458

WIRELESS PAIRING AND COMMUNICATION BETWEEN DEVICES USING BIOMETRIC DATA

Apple Inc., Cupertino, C...

1. A system for wireless pairing and communication between devices using biometrics, the system comprising:a device, comprising:
a processing unit;
a wireless communication component coupled to the processing unit;
a touchscreen display coupled to the processing unit;
a biometric sensor coupled to the processing unit; and
a non-transitory storage medium storing instructions executable by the processing unit to cause the device to:
display a pairing prompt on the touchscreen display when a host and the device are in wireless communication range of each other;
capture biometric data using the biometric sensor when a user initiates pairing using the touchscreen display; and
receive a configuration file from the host based at least on the captured biometric data, wherein:
the configuration file specifies an arrangement of one or more navigation items in a user interface of the host; and
the device reconfigures, based at least in part on the configuration file, an arrangement of one or more navigation items in a user interface of the device according to the arrangement of the one or more navigation items in the user interface of the host, thereby causing a configuration of the device to resemble the configuration of the host.

US Pat. No. 10,171,457

SERVICE PROVIDER INITIATED ADDITIONAL AUTHENTICATION IN A FEDERATED SYSTEM

International Business Ma...

1. A method for accessing, initiated by a service provider, a high value transaction website using an additional authentication, the method comprising:accessing, by a processor, a website hosted by a service provider, wherein;
the access to the website requires an authorization of a user identification associated with the user and a password associated with the user; and
the website utilizes Federated Single Sign-On (FSSO) along with a plurality of websites;
responsive to receiving a validated user identification associated with the user and password associated with the user, requesting, by the processor, a token from an identity provider that maintains the FSSO credentials for the website, wherein;
the token provides access to an application programming interface (API) for the plurality of websites utilizing FSSO;
the token restricts the user to access only a transaction at the website; and
the transaction requires an additional credential, beyond the user identification associated with the user and the password associated with the user, to acquire access;
receiving, by the processor, the token and causing the token to be stored at the service provider;
receiving a second indication, by the processor, that the token has been inserted into a security protocol and is validated by the identity provider, wherein the security protocol is an open standard data format for exchanging authentication and authorization data between a plurality of processors;
receiving, by the processor, a second indication that the user's session of the website has expired;
subsequent to the second indication that the user's session of the website has expired, requesting to access, by the processor, the transaction at the website;
executing, by the processor, the API, using the token, to determine the service provider has access to the token associated with the user and to request a one-time password, from the identity provider, for access to the transaction at the website;
subsequent to the second indication that the user's session of the website has expired, causing, by the processor, the one-time password to be transmitted to the user without the user resubmitting the user identification associated with the user and the password associated with the user; and
responsive to validation of a submission of the one-time password accessing, by the processor, the transaction at the website hosted by the service provider.

US Pat. No. 10,171,455

PROTECTION OF APPLICATION PASSWORDS USING A SECURE PROXY

International Business Ma...

1. A computer system comprising one or more hardware processors, one or more tangible computer readable storage media, a memory, and program instructions stored on at least one of the one or more tangible computer readable storage media, which, when executed by at least one of the one or more hardware processors, cause the at least one of the one or more hardware processors to perform a method comprising:receiving, by a proxy server from a client computer, a request to access a protected resource located on a target server;
sending, by the proxy server to the client computer, an authentication challenge;
receiving, by the proxy server from the client computer, a response to the authentication challenge;
in response to authenticating, by the proxy server, the received response to the authentication challenge, initiating a secure active session between proxy server and client computer;
forwarding, by the proxy server to the target server, the protected resource access request;
receiving, by the proxy server from the target server, an access request response, wherein the access request response is a credential form including credential fields required to access the protected resource;
injecting, by the proxy server, into each required credential field, a corresponding credential field tag;
sending, by the proxy server to the client computer, the tagged credential form;
receiving, by the proxy server from the client computer, the tagged credential form with tagged credentials in the required credential fields with the credential field tags;
retrieving, by the proxy server from a protected datastore, target credentials mapped by the credential field tags;
replacing, by the proxy server, the tagged credentials in the tagged credential form with the corresponding retrieved target credentials;
sending, by the proxy server to the target server, the target credentials;
receiving, by the proxy server from the target server, an indication that the target credentials are invalid;
updating, by the proxy server, the target credentials and storing the updated target credentials in the protected data store without client computer intervention;
sending, by the proxy server to the target server, the updated target credentials; and
allowing, by the proxy server, the client computer to access the protected resource, in response to the target server validating the updated target credentials.

US Pat. No. 10,171,454

METHOD FOR PRODUCING DYNAMIC DATA STRUCTURES FOR AUTHENTICATION AND/OR PASSWORD IDENTIFICATION

1. A method for generating a changing authentication input or password required for a user in an access attempt for accessing a computing device such as a smartphone or server over a network, where said computing device is in operative communication with both a display capable of rendering objects in a Graphic User Interface (GUI) and an alphanumeric input component such as a keyboard, and running software adapted for operation and the steps of:communicating to said user, a GUI for input of a static code for and storing said static code in electronic memory as a stored static code;
communicating a GUI to said user for inputting of recognizable objects to be depicted amongst said objects;
storing said recognizable objects input by said user in electronic memory as uploaded recognizable objects;
having said user employ said input component to communicate alphanumeric characters associated to each respective uploaded recognizable object;
storing said alphanumeric characters communicated from said user in electronic memory as inputted alphanumeric characters which are associated with each said uploaded recognizable object, in a relational database;
upon an access attempt to said computing device, communicating a said GUI displaying at least one said uploaded recognizable object as at least one recognizable object depicted in a group of depicted said objects;
communicating a said GUI directing said user to input alphanumeric characters identifying said at least one recognizable object,
having said user communicate a current input of said static code;
generating an alphanumeric string from a combination of said alphanumeric characters input as identifying said at least one recognizable object in a combination with said current input of said static code input by said user;
generating a comparative authentication string from said inputted alphanumeric characters stored in electronic memory which are associated with said uploaded recognizable object depicted as said at least one recognizable object, in combination with said stored static code; and
authenticating said user if said comparative authentication string is determined to have a match with said alphanumeric string whereby access security for users of computers, websites and servers is enhanced by generation of different alphanumeric strings which must match differently generated comparative authentication strings, with each access attempt.

US Pat. No. 10,171,453

GENERALIZED CERTIFICATE USE IN POLICY-BASED SECURE MESSAGING ENVIRONMENTS

INTERNATIONAL BUSINESS MA...

1. A system, comprising:a memory; and
a processor programmed to execute a secure messaging component to:
determine, at the secure messaging component as part of providing a generalized certificate use service within a secure messaging environment, that a request to send a message has been generated by a message sender, where the generalized certificate use service provides real-time selective use of different secured digital certificates for different messages sent by the message sender, and the different secured digital certificates are digital certificates other than a digital certificate of the message sender;
identify, within the memory, a message protection policy configured to process the message under the generalized certificate use service within the secure messaging environment, where the message protection policy specifies the different secured digital certificates that are each configured with an associated private key to digitally sign the message on behalf of the message sender;
determine, based upon the message protection policy, to digitally sign the message using the private key of a secured digital certificate selected from the different secured digital certificates specified in the message protection policy; and
sign the message on behalf of the message sender using the private key of the selected secured digital certificate.

US Pat. No. 10,171,452

SERVER AUTHENTICATION USING MULTIPLE AUTHENTICATION CHAINS

International Business Ma...

1. A method to authenticate a server to a client, the server having an associated public key, comprising:associating “n” distinct certificates to the server's public key, each of the “n” distinct certificates being issued by a distinct certificate authority (CA), wherein each of the distinct certificates has a certification chain with a different root certificate authority, wherein the certificate chains for the “n” distinct certificates are valid and non-overlapping with respect to their intermediate and root CAs;
responsive to the client initiating a request for a secure channel to the server during a cryptographic handshake, providing the client the “n” distinct certificates; and
responsive to receipt from the client of an indication that the public key satisfies a client public key acceptance policy, establishing completing the cryptographic handshake to establish the secure channel between the client and the server;
the client public key acceptance policy specifying a required number of valid, non-overlapping certificate chains that must be present to satisfy a client threshold level of trust to thereby improve security of the cryptographic handshake.

US Pat. No. 10,171,451

DISTRIBUTED SINGLE SIGN-ON

International Business Ma...

1. A method for use, at an authentication server being one of a plurality of n such authentication servers connectable to a user computer via a network, in generating a cryptographic token for authenticating the user computer to one of plurality of verifier servers under a username identifying the user computer to that verifier server, the method comprising:storing one of n cryptographic shares of password data, which is dependent on a predetermined user password, such that a plurality t1 storing one of n cryptographic shares of secret data, which enables determination of said username for each verifier server, such that a plurality t2=t1 of the n secret data shares, each being stored by a respective one of the n authentication servers, is needed to reconstruct the secret data, wherein said username is different for every verifier server, and wherein said secret data comprises data indicative of said username for each verifier server;
on receipt from the user computer of an authentication request sent to each of at least t1 authentication servers on input of a password attempt at the user computer, communicating via said network to implement an authentication procedure in which said password data shares of those authentication servers are used to determine if said user password matches the password attempt and, if so, the user computer receives at least t2 secret data shares from respective authentication servers;
on receipt from the user computer of a token request sent to each of at least a plurality T=t1 of said at least t1 authentication servers on reconstruction of said secret data, communicating with the user computer to implement a token generation procedure in which, via communication with said at least T authentication servers, the user computer uses said secret data to generate a cryptographic token for authenticating the user computer to a selected verifier server, secret from said at least T servers, under said username for the selected verifier server.

US Pat. No. 10,171,450

GLOBAL TIME BASED AUTHENTICATION OF CLIENT DEVICES

Sprint Communications Com...

1. A system for authenticating client devices for communication with one or more wireless communications networks, the system comprising:a time tracking system; and
a security gateway comprising a processor and a non-transitory computer storage medium storing computer-useable instructions that, when used by the processor, cause the processor to:
receive at least one gateway global time from the time tracking system, the gateway global time being synchronized with a client global time;
provide an authentication challenge to the client device, the authentication challenge generated based on the at least one gateway global time and a client device identifier;
generate an expected response to the authentication challenge based on at least the authentication challenge, the client device identifier, and the client global time;
receive a response to the authentication challenge, the response generated by the client device; and
authenticate the client device on a wireless communications network based on comparing the response and the expected response using a matching function.

US Pat. No. 10,171,449

ACCOUNT LOGIN METHOD AND DEVICE

TENCENT TECHNOLOGY (SHENZ...

1. An account login method, comprising:storing, by a server, an association relation between a first account and a second account, and storing information of a login target corresponding to the second account;
receiving, by the server, a login request for using the first account to log in to the login target corresponding to the second account, retrieving login configuration information of the second account based on the association relation between the first account and the second account, and sending the login configuration information of the second account to the login target corresponding to the second account; and
logging in to the login target corresponding to the second account according to the login configuration information of the second account;
wherein the login request is a common login request that comprises an account identity of the first account, an account password of the first account, and the information of the login target corresponding to the second account; and the method further comprises:
authenticating the first account based on the account identity of the first account and the account password of the first account.

US Pat. No. 10,171,445

SECURE VIRTUALIZED SERVERS

International Business Ma...

13. A computer program product for providing secure access to physical resources via a partitionable input/output server in a virtualized environment, wherein the physical resources are partitioned using Kerberos security, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, wherein the computer readable storage medium is not a transitory signal per se, the program instructions executable by a computer processing circuit to cause the circuit to perform the method comprising:receiving, from an administrator, a request to access the physical resources, wherein the administrator is a user of a cloud tenant, and wherein the tenant is assigned to a particular working load partition (WPAR) of a plurality of WPARs hosted on a virtualized server in the virtualized environment, and wherein the physical resources are assigned to the particular WPAR;
accessing, in response to the request, a remote Kerberos server, the remote Kerberos server is hosted in a private domain, and the remote Kerberos server is able to authenticate access to the physical resource;
receiving, from the Kerberos server, a valid ticket,
granting, to the administrator, based on the valid ticket, and for a lifetime of the ticket, access to the physical resources via access to the WPAR, wherein the granting access to the physical resources further comprises granting access to clients assigned to the physical resources.

US Pat. No. 10,171,444

SECURITIZATION OF TEMPORAL DIGITAL COMMUNICATIONS VIA AUTHENTICATION AND VALIDATION FOR WIRELESS USER AND ACCESS DEVICES

IronClad Encryption Corpo...

1. One or more access devices or one or more user devices or both one or more access devices and one or more user devices comprising: at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory; one or more real or one or more virtual master distributed auto-synchronous array (DASA) databases or both one or more real and one or more virtual master distributed auto-synchronous array (DASA) databases located within or external to said access devices and said user devices, where said master (DASA) databases at least store and retrieve data and also include at least two or more partial distributed auto-synchronous array (DASA) databases, wherein said partial DASA databases function in either an independent manner, a collaborative manner or both an independent manner and a collaborative manner, wherein said master and said partial DASA databases analyze and provide information in a form of data and act to control one or more output devices, wherein said output devices are computing devices, wherein said one or more output devices create user devices, and wherein said master and said partial DASA databases configure bi-directional transmission of data to and from multiple partial user devices, to and from multiple partial access devices or to and from both multiple partial user and multiple partial access devices, wherein said user devices and said access devices are computing devices, and wherein one or more partial user and one or more partial access devices store and provide at least partial copies of portions of said master DASA databases, and wherein said master DASA databases, said partial DASA databases or both said partial DASA databases and said master DASA databases are linked and communicate with each other as well as inclusion of one or more logging and monitoring databases that provide statistical and numerical calculations utilizing data, wherein said one or more access devices authenticate using a first set of computing operations, and validate using a second set of computing operations, and wherein a third set of computing operations controls access for a specified set of users, wherein said computing operations define rules utilized to provide logic with regard to communications between said master and said partial DASA databases and said partial user and said partial access devices.

US Pat. No. 10,171,443

DISPLAYING THE ACCESSIBILITY OF HYPERLINKED FILES

International Business Ma...

1. A method for displaying an accessibility of a hyperlinked file, the method comprising:extracting a hyperlink from a target file, wherein the hyperlink references a resource displayable on a display apparatus, wherein the hyperlink is extracted from the target file in response to determining that a predetermined duration of time has lapsed since a previous determination of the accessibility of the resource, wherein extracting a hyperlink from a target file further comprises:
retrieving a FORM tag from a source code of the resource;
determining the source code of the resource comprises a first INPUT tag having a first attribute comprising a password attribute;
determining the source code of the resource comprises a second INPUT tag having a second attribute comprising a submit attribute;
determining the source code of the resource comprises a third INPUT tag having a third attribute that is not a password attribute and not a submit attribute; and
determining the hyperlink includes an authentication screen;
attempting to acquire the resource by performing a first authentication operation configured to fail and, in response, receiving a first object, wherein the first authentication operation configured to fail comprises the first authentication operation configured to generate an error screen, wherein the first object comprises a first screenshot of the error screen, wherein the first authentication operation includes inputting into an authentication screen a character string that includes characters that are not permitted to be used as the authentication information;
acquiring a second object by performing a second authentication operation using pre-determined authentication information, wherein the second object comprises a second screen shot of a screen resulting from the second authentication operation, wherein the pre-determined authentication information is associated with network position information of the resource, and wherein the second authentication operation is based, at least in part, on the network position information, wherein the pre-determined authentication information comprises a user identifier, a password, a determination date, and a determination time for the network position information, wherein the determination date indicates a date the second authentication operation was previously performed, and wherein the determination time indicates a time that the second authentication operation was performed on the determination date;
comparing the first object and the second object to determine if the first object is the same as the second object, wherein comparing the first object and the second object comprises comparing the first screen shot to the second screen shot; and
presenting, via the display apparatus, information indicating the accessibility of the resource, wherein the information is based, at least in part, on the comparison between the first object and the second object and further based, at least in part, on the target file.

US Pat. No. 10,171,442

PREDICTING A NEED FOR AND CREATING TEMPORARY ACCESS TO A COMPUTER COMPONENT IN INFRASTRUCTURE INFORMATION TECHNOLOGY

International Business Ma...

1. A method of provisioning temporary access to a computer component, the method performed by at least one hardware processor, the method comprising:based on monitoring the computer server, receiving a signal comprising a request that requires executing an action on a computer server;
determining a server configuration associated with the computer server by accessing at least one storage device storing a configuration database;
determining based on the server configuration, a technology associated with executing the action on the computer server;
searching a user profile database stored on the at least one storage device to identify candidate users having a skill set associated with the technology;
determining availability, location and a skill level of the candidate users;
predicting based on historical data a duration the candidate users would take to execute the action on the computer server;
based on at least the duration, the availability, the location and the skill level of the candidate users, determining at least one user from the candidate users to execute the action on the computer server; and
creating a temporary access credential for the at least one user to access the computer server to execute the action, the temporary access credential having expiration duration, the expiration duration covering a duration of time the at least one user takes to perform the action,
wherein the temporary access credential is created by interfacing with an authentication system associated with the computer server, and wherein the action is executed on the computer server.

US Pat. No. 10,171,441

SYSTEM AND METHOD FOR TRANSFORMING CHANNEL ID COMMUNICATIONS IN MAN-IN-THE-MIDDLE CONTEXT

International Business Ma...

1. A computer implemented method in a data processing system comprising a processor and a memory comprising instructions, which are executed by the processor to cause the processor to implement a system for transforming a Channel ID communication, the method comprising:generating, by a Secure Socket Layer (SSL)/Transport Layer Security (TLS) inspector, a secret;
receiving, from a client, the Channel ID communication comprising a public key value;
deriving, by the SSL/TLS inspector, a random seed value for a private key using the secret and the public key value of the Channel ID communication;
generating, by the SSL/TLS inspector, a new private key based upon the random seed value;
deriving, by the SSL/TLS inspector, a new public key based upon the new private key;
generating, by the SSL/TLS inspector, a transformed Channel ID communication based upon the new private key and the new public key; and
forwarding, by the SSL/TLS inspector, the transformed Channel ID communication to a server.

US Pat. No. 10,171,440

METHOD AND APPARATUS FOR MANAGING ENCRYPTION KEYS FOR CLOUD SERVICE

SAMSUNG SDS CO., LTD., S...

1. A key management method, comprising:encrypting a service key used by an instance of a first user of a cloud service, by using a master key;
generating, with a key access server, two or more key pieces for reconstructing the master key;
distributing, by the key access server, the two or more key pieces to two or more host servers included in a host group for providing the cloud service via a key sharing protocol, and storing each key piece in a different host server;
receiving a request for the service key from the instance of the first user;
receiving, at the key access server, the two or more key pieces from the two or more host servers and reconstructing, by the key access server, the master key based on the received two or more key pieces; and
decrypting the encrypted service key by using the reconstructed master key, wherein the key sharing protocol is a protocol which permits data communication between the key access server and the two or more host servers and does not permit data communication between the two or more host servers, and
wherein the two or more host servers determine whether the key access server is a malicious server by verifying key pieces opened by the key access server.

US Pat. No. 10,171,439

OWNER BASED DEVICE AUTHENTICATION AND AUTHORIZATION FOR NETWORK ACCESS

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method comprising:granting access to a network to any one of multiple devices of a same-owner,
each of said multiple devices having been previously associated with said same-owner at an authentication server, with the result that a plurality of device keys for authenticating said multiple devices are stored on said authentication server; and
said same-owner has previously been authorized to gain access to said network, such that a same-owner identification (ID) is stored on said authentication server;
listing of a device selected from any one of said multiple devices of said same-owner on said authentication server controlled by a network operator;
adding said same-owner ID to a same-owner-based access list of said same-owner associated with an operator ID of said network operator;
for each said device of said multiple devices, a private key is stored on said device, whereas a public key, associated with said same-owner, is stored on said authentication server on the public internet in the cloud;
associating each of said plurality of said device keys with a respective one of a plurality of device identification (IDs) or at least one of said multiple devices in said same-owner-based access list;
updating said same-owner-based access list to associate at least one of said plurality of device keys, or at least one of said plurality of device IDs with said same-owner ID;
receiving by said network operator, a network access request from and for said device to connect to said network, said device being one of said multiple devices of said same owner, wherein said network access request includes a device ID of said device requiring said network access request to be identified by said authentication server, but said network access request does not include said same owner ID;
receiving, by said authentication server from said network operator the network access request for said device;
authenticating, by said authentication server, said device using said device ID included in said network access request and a device key selected from said plurality of device keys, that is associated with said device ID on said same-owner-based access list and stored on said authentication server;
performing additional authentication in a challenge-response process between said authentication server and said device, based on the device key;
confirming, responsive to the additional authentication being successful, that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list; and
sending a notification causing said network operator to grant said device selected from any one of said multiple devices of said same-owner, access to said network, upon authenticating said device and confirming that at least one of said device ID and said device key is associated with said same-owner ID on said same-owner-based access list;
wherein said network access request is confirmed by said authentication server, if said device, selected from any one of said multiple devices of said same-owner, is successfully authenticated, or if said same-owner of said device is confirmed to be associated to said device on said authenticated server, such that, in either case, said same-owner is authorized to access said network with the result that the access is same-owner-based and not device-based.

US Pat. No. 10,171,438

GENERATING A PASSWORD

INTERNATIONAL BUSINESS MA...

1. A method for generating a password, the method comprising:receiving, by a computer system, user input from a user for identifying a particular account from among a plurality of accounts;
selecting, by the computer system, a set of questions specific for the particular account from among a plurality of questions;
receiving, by the computer system, further user input comprising one or more received responses to each question of the set of questions;
determining, by the computer system, at least one hash by applying a hash function to the one or more received responses of each question of the set of questions;
generating, by the computer system, a password for the account based on the one or more received responses by selecting at least one hashed character from the at least one hash as one or more characters of a plurality of characters of the password; and
associating, by the computer system, an ordered index of the set of questions from among the plurality of questions and a particular character position of each at least one hashed character within the at least one hash, for use in recreating the password.

US Pat. No. 10,171,437

TECHNIQUES FOR SECURITY ARTIFACTS MANAGEMENT

Oracle International Corp...

1. A method comprising:receiving a request to manage security of an application;
identifying, by a computer system of a security management system, a plurality of security artifacts related to security for accessing the application, wherein the computer system is in a secure zone protected by one or more security measures;
determining, by the computer system, security access for accessing the application;
generating, by the computer system, a security artifact archive for the application, the security artifact archive including security data and security artifact data, wherein the security data is based on the security access, wherein the security data includes an access policy that indicates the security access and the security data includes attribute data indicating one or more attributes of the application, and wherein the security artifact data identifies one or more of the plurality of security artifacts;
storing the security artifact archive in association with an application identifier that identifies the application and a version identifier corresponding to the application, wherein the version identifier indicates a version of the security artifact archive, and wherein different versions of the security artifact archive correspond to changes in security access based on a different version of the application; and
responsive to the request, transmitting, by the computer system, the security artifact archive to the application, wherein the application operates to manage security for accessing the application based on the security artifact data and the security access in the security data of the security artifact archive, and wherein the application is outside the secure zone.

US Pat. No. 10,171,436

DISTRIBUTED LEARNING AND AGING FOR MANAGEMENT OF INTERNET PROTOCOL (IP) ADDRESSES

Juniper Networks, Inc., ...

1. A method comprising:receiving, by a device, a packet associated with a malicious source,
the device including a plurality of security process units (SPUs) arranged in a ring of SPUs;
receiving back, by a first SPU in the ring of SPUs, a delete query message generated by the first SPU;
changing, by the first SPU, a first entry, associated with the packet, of the first SPU based on receiving back the delete query message; and
providing, by the first SPU and based on changing the first entry of the first SPU, a delete action message to a second SPU in the ring of SPUs,
the delete action message including an instruction to change a state of a second entry of the second SPU, and
the second entry corresponding to the first entry.

US Pat. No. 10,171,435

DEVICES THAT UTILIZE RANDOM TOKENS WHICH DIRECT DYNAMIC RANDOM ACCESS

IronClad Encryption Corpo...

1. One or more devices that encrypt data transmitted to or decrypt data received from or both transmit said data to and decrypt said data received from said devices that utilize one or more master keys comprising:at least one computer processing unit (CPU) with computational capabilities that is connected to and controls a computer memory via an address bus and a data bus where said address bus accesses a designated range of computer memories and range of memory bits and said data bus provides a flow of transmission(s) into and out of said CPU and computer memory;
at least one encrypter or decrypter or both an encrypter and a decrypter that encrypt or decrypt or both encrypt and decrypt said data or associated data files or both said data and said associated data files that utilize one or more master keys and one or more key selectors, where one or more key selectors provide selection and provision of one or more encryption keys for each segment of bit by bit data or byte by byte data or both bit by bit data and byte by byte data, wherein said master keys and said key selectors produce a specific set of one or more executable encryption keys that encrypt or decrypt or both encrypt and decrypt said data or said associated data files or both said data and said associated data files where one or more said key selectors coincide with at least one value that directly corresponds with created cipher data or created cipher data files or both said created cipher data and said created cipher data files,
and wherein said key selectors are also encrypted and decrypted,
and wherein said key selectors and said created cipher data and said created cipher data files produce result data and result data files where said created cipher data and said created cipher data files together with said result data and said result data files are sealed to produce encrypted data and encrypted data files that are only encrypted and decrypted with one or more said master keys and one or more said key selectors.

US Pat. No. 10,171,431

SECURE MESSAGE HANDLING OF AN APPLICATION ACROSS DEPLOYMENT LOCATIONS

International Business Ma...

1. A method for secure message handling of an application across deployment locations, said method comprising:dividing, by one or more processors of a computer system, the application into multiple processing nodes which process messages and which can be deployed in multiple different locations, wherein the application processes a message comprising a plurality of data aspects, wherein each data aspect in the message includes aspect data having a data aspect value in one or more fields in the message, and wherein one or more data aspects of the plurality of data aspects include respective deployment constraints on locations in which the aspect data in the one or more data aspects is deployed;
said one or more processors analyzing the application to identify one or more processing nodes of the multiple processing nodes that reference the one or more data aspects;
said one or more processors ascertaining whether the one or more data aspects are accessed by an identified processing node of the multiple processing nodes, wherein access to each data aspect of the one or more data aspects requires a data aspect value of said each data aspect of the one or more data aspects to be known;
if said ascertaining ascertains that the one or more data aspects are accessed by the identified processing node, then said one or more processors determining a restriction for the identified processing node based on the respective deployment constraints included in the accessed one or more data aspects and deploying the identified processing node according to the determined restriction for the identified processing node;
if said ascertaining ascertains that none of the one or more data aspects are accessed by the identified processing node, then said one or more processors marking the identified processing node or a preceding processing node that precedes the identified processing node to indicate a required tokenization of the one or more data aspects, said tokenization removing the deployment constraints for the identified processing node.

US Pat. No. 10,171,430

MAKING A SECURE CONNECTION OVER INSECURE LINES MORE SECURE

1. A communication system comprising:encryption circuitry;
formatter circuitry electrically coupled with the encryption circuitry; and
transmitter circuitry electrically coupled with the formatter circuitry, wherein:
the encryption circuitry is configured for:
receiving user datagrams;
determining a first packet-to-packet boundary, a second packet-to-packet boundary, and a third packet-to-packet boundary of the user datagrams;
encrypting the user datagrams to provide encrypted datagrams;
calculating a first checksum for encrypted data between the first packet-to-packet boundary and the second packet-to-packet boundary, wherein the first checksum is a first quantity of bits;
inserting the first checksum to the encrypted datagrams at the second packet-to-packet boundary;
calculating a second checksum for encrypted data between the second packet-to-packet boundary and the third packet-to-packet boundary, wherein the second checksum is a second quantity of bits and the second quantity of bits is greater than the first quantity of bits; and
inserting the second checksum to the encrypted data at the third packet-to-packet boundary, and
providing the encrypted datagrams, the first checksum, and the second checksum to the formatter circuitry,
wherein the encryption circuitry is further configured to provide an overhead communications channel having a variable bitrate,
wherein the variable bitrate is determined at least in part by a datagram bitrate and a fixed payload availability of the formatted bit stream;
the formatter circuitry is configured for:
inserting the encrypted datagrams, the first checksum, and the second checksum as payload data to a formatted bit stream having a total bitrate of approximately 10 gigabits per second; and
providing the formatted bit stream to the transmitter circuitry, wherein the formatted bit stream is compliant to a public switched network; and
the transmitter circuitry is configured for optically transmitting the formatted bit stream over the public switched network.

US Pat. No. 10,171,429

PROVIDING SECURITY TO VIDEO FRAMES

ARRIS Enterprises LLC, S...

1. A method of processing a compressed and encrypted video media program, comprising:processing at least a portion of the video media program in a video player that includes a computer processor for processing at least a portion of the video media program, the video player operable for:
receiving the media stream, wherein the video media stream is comprised of one or more chunks;
subdividing the chunks into one or more packets, wherein one or more of the packets include video data;
obfuscating or de-obfuscating at least some of the video data, wherein the step of obfuscating or de-obfuscating comprises obfuscating or de-obfuscating the video data using a caption handling with skip and select approach where only the video data in a first set of packets is de-obfuscated so that caption data is extracted; and
concatenating the video data into one or more frames for playback by the video player.

US Pat. No. 10,171,428

CONFIDENTIAL DATA MANAGEMENT METHOD AND DEVICE, AND SECURITY AUTHENTICATION METHOD AND SYSTEM

Rowem Inc., Seoul (KR)

1. A secure authentication method for performing secure authentication of a user by an authentication system, the secure authentication method comprising:receiving, by a service server, a service request from a first communication terminal;
transmitting, by a security server, a notification message including a stored decryption key to a second communication terminal in response to a notification message transmission request received from the service server;
decrypting, by the second communication terminal, a stored encrypted code table using the decryption key received from the security server;
outputting, by the second communication terminal, a security keypad to a screen, and when at least one input value is received through the security keypad, identifying each code mapped to the received at least one input value in the decrypted code table;
generating, by the second communication terminal, authentication information consisting of a combination of each identified code, and transmitting the authentication information to the service server; and
authenticating, by the service server, the first communication terminal based on the authentication information received from the second communication terminal.

US Pat. No. 10,171,424

PRIVACY ENHANCING NETWORKS

MINDTOP, INC., Melrose, ...

1. A method for obscuring data flow paths through a network of gateways, the method comprising:providing a controller in communication with each gateway in the network of gateways;
receiving, at the controller, a request for a flow path through the network of gateways from an originating gateway to a destination gateway;
computing, by the controller in response to the request, a unique flow path comprising a random sequence of intervening gateways between the originating gateway and the destination gateway; and
sending, from the controller to each intervening gateway in the computed flow path, flow transformation information to enable each intervening gateway to forward received data traffic to the next intervening gateway in the random sequence.

US Pat. No. 10,171,423

SERVICES OFFLOADING FOR APPLICATION LAYER SERVICES

Juniper Networks, Inc., ...

1. A method, comprising:receiving, by a device, network traffic;
identifying, by the device, a first portion of the network traffic for an application layer inspection;
performing, by the device, the application layer inspection on the first portion of the network traffic based on identifying the first portion of the network traffic;
determining, by the device, a context regarding the network traffic based on the application layer inspection on the first portion of the network traffic;
selectively offloading, by the device, a second portion of the network traffic for transport layer inspection without the application layer inspection based on whether the context regarding the network traffic has changed for the second portion of the network traffic;
providing, by the device, the second portion of the network traffic to a destination without causing the second portion of the network traffic to be provided for application layer inspection;
determining, by the device, that a trigger associated with the network traffic is satisfied;
identifying, by the device, a third portion of the network traffic based on determining that the trigger is satisfied; and
causing, by the device, the third portion of the network traffic to be provided for application layer inspection based on identifying the third portion of the network traffic.

US Pat. No. 10,171,421

INTRUSION PREVENTION AND DETECTION IN A WIRELESS NETWORK

TRAFFIC OBSERVATION VIA M...

1. A non-transitory computer-readable storage medium storing executable instructions which, when executed on one or more processors of a device of a wireless network, causes the one or more processors to:provide a security element comprising an intrusion detection and prevention (IDS) computer program, the security element located in between a physical layer of a receiver of the device and a media access control (MAC) layer of the device, the security element configured to interface with a driver of a wireless network interface of the receiver and control traffic flow between the physical layer of the receiver of the device and the MAC layer of the device;
receive wireless traffic, at the physical layer of the receiver of the device, the wireless traffic comprising first traffic and second traffic;
pass the first traffic and the second traffic to the security element located in between the physical layer of the receiver and the MAC layer of the device;
the security element is further configured to:
detect that the first traffic is allowed to pass to the MAC layer of the device by applying one or more rules from a group of rules comprising: denial of service (DoS), man-in-the-middle (MiTM), traffic inspection, Transport Control Protocol (TCP), and Internet Protocol (IP) rules to:
identify a first MAC management frame in the first traffic, instead of a MAC control frame or a MAC data frame;
detect whether a predefined information element is present in an authentication field of the first MAC management frame; and
determine that the first traffic is allowed and not malicious, responsive to detecting that the predefined information element is present in the authentication field of the first MAC management frame; and
detect that the second traffic is not allowed to pass to the MAC layer of the device by applying the one or more rules from the group of rules to:
identify a second MAC management frame in the second traffic, instead of a MAC control frame or a MAC data frame;
detect whether the predefined information element is present in an authentication field of the second MAC management frame; and
determine that the second traffic is malicious and not allowed, responsive to a failure to detect the predefined information element in the authentication field of the second MAC management frame.

US Pat. No. 10,171,420

SPATIAL REUSE FOR UPLINK MULTIUSER TRANSMISSIONS

Intel IP Corporation, Sa...

1. An apparatus of a station, the apparatus comprising: a memory; andprocessing circuitry coupled to the memory, wherein the processing circuitry is configured to:
decode a first portion of a physical layer convergence procedure (PLCP) protocol data unit (PPDU); and
if the PPDU is an overlapping basic service set (OBSS) PPDU, and a receive power of the PPDU is below an overlapping power detect level, configure the station to transmit a frame.

US Pat. No. 10,171,419

IP ROUTE CACHING WITH TWO SEARCH STAGES ON PREFIX LENGTH

Mellanox Technologies TLC...

1. A method, comprising the steps of:maintaining a routing table of destination addresses in a main memory, the destination addresses comprising binary numbers having respective prefixes of most significant bits;
receiving via a data network a packet having a packet destination address;
providing a cache memory having exactly one table of cache entries stored therein, the cache entries comprising respective cached destination addresses and respective delta values (L),
assigning a global mask size (M), wherein the global mask size specifies a number of most significant bits needed for first comparisons between the packet destination address and the cached destination addresses, and the delta value specifies a number of additional most significant bits needed for second comparisons between the packet destination address and the cached destination address;
deriving the delta values by determining a maximum prefix length of the prefixes of the destination addresses in the routing table that are compatible with the respective cached destination addresses;
in a first search of the table of cache entries making a determination that in one of the first comparisons M most significant bits of the cached destination address of a first cache entry and the packet destination address are identical;
computing a sum of the global mask size and the delta value of the first cache entry to yield a new number (M+L);
performing the second comparisons in a second search of the table of cache entries; and
when in one of the second comparisons the new number (M+L) of most significant bits of the cached destination address of a second cache entry and the packet destination address are identical, performing the steps of:
retrieving routing information from the cache memory; and
processing the packet according to the routing information.

US Pat. No. 10,171,418

METHOD AND APPARATUS FOR ACCESSING DEMILITARIZED ZONE HOST ON LOCAL AREA NETWORK

1. A method for accessing a demilitarized zone host in a local area network (LAN), comprising:configuring a mapping relationship between public internet protocol (IP) addresses obtained from a wide area network (WAN) side and private IP addresses of demilitarized zone hosts at a LAN side;
after receiving an access request sent by a client at the WAN side, modifying a destination IP address in the access request to a private IP address of a corresponding demilitarized zone host at the LAN side according to the configured mapping relationship, and sending the modified access request to the demilitarized zone host;
receiving a reply message returned by the demilitarized zone host, modifying a source IP address contained in the reply message to a public IP address of the client at the WAN side, and sending the modified reply message to the WAN side,
wherein before performing said configuring a mapping relationship between public IP addresses obtained from the WAN side and private IP addresses of demilitarized zone hosts at the LAN side, the method further comprises:
configuring slot information used for storing the public IP addresses obtained from the WAN side, wherein the slot information corresponds to the public IP addresses one-to-one,
wherein after performing said configuring the mapping relationship between the public IP addresses obtained from the WAN side and the private IP addresses of the demilitarized zone hosts at the LAN side, the method further comprises:
when dialing through the WAN side, sending an extension tag used to indicate an identity of the client at the WAN side to a server at the WAN side; and
receiving a plurality of IP addresses sent by the server at the WAN side through the extension tag, and filling public IP addresses therein into corresponding slot information.

US Pat. No. 10,171,416

METHOD FOR ESTABLISHING DATA CONNECTION ON MOBILE NETWORK, MOBILE NETWORK, AND POLICY CONTROL ENTITY

HUAWEI TECHNOLOGIES CO., ...

1. A method for establishing data connections on a mobile network performed by a Packet Data Network Gateway (PDN GW), the PDN GW comprising one or more processor in communication with a computer readable storage medium having instructions stored therein, wherein when the instructions are executed, the one or more processors implement the method comprising:establishing a data channel with a User Equipment (UE);
establishing a policy control session with a policy control entity according to a data channel ID provided by the PDN GW, wherein the policy control session is used to implement policy control on the data channel, and the data channel ID is used to identify the data channel established between the UE and the PDN GW;
receiving an address allocation request from the UE;
allocating an Internet Protocol (IP) address to the UE according to the address allocation request sent by the UE; and
sending a policy control session update request carrying the IP address to the policy control entity for updating the policy control session.

US Pat. No. 10,171,412

EMAIL QUOTA MANAGEMENT SYSTEM

International Business Ma...

1. A computer system comprising:one or more computer processors, one or more computer-readable storage media, and program instructions stored on one or more of the computer-readable storage media for execution by at least one of the one or more processors, the program instructions comprising:
program instructions to receive an out of office status a user has indicated on an email application, the email application using a communications network;
program instructions to determine a quota status of a quota for the user based on a previous quota usage pattern and a current quota usage pattern, wherein the quota includes an amount of storage spaced allotted to the user;
program instructions to receive a new email to be delivered to the user;
program instructions to assign a quota status to the new email;
program instructions to assign priority status to the new email, wherein the priority status is based on at least one of the user email history, the user current email trends, the subject matter of the new email, and/or an identification of the sender of the new email;
in response to the assigned quota status and the assigned priority, program instructions to determine, that the new email should not be delivered to the email application of the user and marking the new email as an outstanding email;
program instructions to receive a removal of the out of office status that the user previously indicated on an email application, the email application using a communications network; and
program instructions in response to receiving the available status of the user, delivering the outstanding email to the email application based on the outstanding email assigned quota status and assigned priority.

US Pat. No. 10,171,411

COMMUNICATION MESSAGE CONSOLIDATION WITH CONTENT DIFFERENCE FORMATTING

INTERNATIONAL BUSINESS MA...

1. A method, comprising:detecting, by a processor, a set of similar messages addressed to a user;
identifying redundantly similar portions of the set of similar messages that provide contextual details related to a progressive set of differences between the set of similar messages;
consolidating the set of similar messages into a single consolidated message comprising the redundantly similar portions preserved in association with sequential entries of the progressive set of differences in a sequence as context usable for interpretation of the progressive set of differences, and with the progressive set of differences formatted differently from formatting applied to the redundantly similar portions within the single consolidated message;
configuring a presentation level of difference details that specifies an amount of content of each of the sequential entries of the progressive set of differences viewable within the single consolidated message by the user depending upon how much time is available to the user to process messages;
filtering and removing from view, within the single consolidated message, additional content of the sequential entries of the progressive set of differences other than the specified amount of content of each of the sequential entries in accordance with the configured presentation level of difference details; and
promoting, in response to detecting a level of detail adjustment entered by the user, at least a portion of the additional content of the sequential entries of the progressive set of differences to be viewable within the single consolidated message.

US Pat. No. 10,171,410

CROSS-MODE COMMUNIATION

Microsoft Technology Lice...

1. A method comprising:receiving, from a first cross-channel account associated with a first channel, a command to initiate a cross-channel communication session, wherein the first cross-channel account receives the command via the first channel and from a first user account associated with the first channel;
generating a session identifier based on the command;
receiving, from a second, different cross-channel account associated with a second channel, a request to join the cross-channel communication session, the second channel being different than the first channel, wherein the second account receives the request via the second channel and from a second user account associated with the second channel, and wherein the request comprises the session identifier;
storing an association between the first channel and the first user account, the second channel and the second user account, and the session identifier; and
based at least in part on receiving the command and the request, relaying communication from the first cross-channel account originating from the first user account via the first channel to the second cross-channel account destined for the second user account via the second channel based on the stored association.

US Pat. No. 10,171,409

SYSTEMS AND METHODS FOR PATH OPTIMIZATION IN A MESSAGE CAMPAIGN

Selligent, Inc., Redwood...

1. A method for path optimization for a message campaign, the method being performed by one or more processors, the method comprising:displaying a graphical user interface representation of the message campaign, wherein the message campaign is electronically connected to one or more sources of destination target information, the one or more sources of destination target information collectively defining a plurality of recipients;
receiving a plurality of sets of input instructions, each respective set of input instructions in the plurality of sets of input instructions corresponding to a path in a plurality of paths in the message campaign, wherein, each path defines non-content characteristics of the message campaign according to which associated messages are sent, including: type, quantity, means for sending, recipient, and at least one of interval, order and frequency;
the plurality of paths in the message campaign including:
a first path specifying that a first subset comprising one or more electronic messages is to be sent following a delay of a first predefined wait period to a first subset of recipients, wherein the first subset of recipients includes two or more recipients; and
a second path specifying that a second subset comprising one or more electronic messages is to be sent following a delay of a second predefined wait period, different from the first predefined wait period, to a second subset of recipients, different from the first subset of recipients, wherein the second subset of recipients includes two or more recipients;
for each respective set of input instructions in the plurality of sets of input instructions, sending a respective subset of electronic messages in a first plurality of electronic messages according to a corresponding path in the plurality of paths to a respective subset of recipients in the plurality of recipients, including sending the first subset comprising one or more electronic messages to the first subset of recipients following the delay of the first predefined wait period and sending the second subset of electronic messages to the second subset of recipients following the delay of the second predefined wait period;
monitoring responses to the first subset comprising one or more electronic messages;
determining a winning path from among the plurality of paths based on a path discriminator, the path discriminator using:
i) a correlation of a criterion with a goal for the message campaign for each respective set of input instructions in the plurality of sets of input instructions, and
ii) the responses to the first subset comprising one or more electronic messages;
upweighting, responsive to the determining, the winning path from among the plurality of paths; and
using the message campaign with the upweighted winning path by causing a second plurality of electronic messages to be sent through the winning path to recipients in the plurality of recipients.

US Pat. No. 10,171,402

APPARATUS AND METHOD FOR OUTPUTTING MESSAGE ALERTS

Samsung Electronics Co., ...

1. An apparatus for outputting a message alert, comprising:a memory storing an alert sound, a contact and a keyword;
an audio processor for processing audio information; and
a processor configured to:
in response to receiving a message including an attached alert sound, determine whether to output the stored alert sound or an attached alert sound as an alert for the received message, by:
comparing a sender of the message to the stored contact to determine whether the sender and the stored contact match,
in response to determining that the sender matches the stored contact, parsing the message including the attached alert sound using a speech-to-text recognition to extract text from at least the attched alert sound, and detecting whether the extracted text includes the stored keyword, and
in response to determining that the extracted text does not include the stored keyword, outputting the attached alert sound as the alert for the received message using the audio processor.

US Pat. No. 10,171,398

METHOD AND APPARATUS FOR PROVIDING INFORMATION BY USING MESSENGER

Samsung Electronics Co., ...

1. A method for providing information through a messenger in a user device, the method comprising:displaying, by a display of the user device, a speech window including a conversation exchanged through the messenger and a background image of the messenger, the background image being displayed on a background layer of the messenger, wherein the speech window is displayed on a speech layer of the messenger;
detecting, based on a scheme, by a processor of the user device, text related to a particular content in the conversation;
displaying, by the display of the user device, a content image matched to the particular content, as a background screen in an intermediate layer which is generated between the background layer on which the background image is displayed and the speech layer on which the speech window is displayed, in response to the detecting of the text relating to the particular content; and
providing, by the processor of the user device, information related to the particular content in response to selection of the content image,
wherein the content image is selectable by a touch input,
wherein all of the speech window is displayed and at least part of the content image and at least part of the background image is covered by the speech window during the displaying of the content image, and
wherein the providing of the information related to the particular content comprises:
determining a type of the particular content when the content image has been selected,
executing an internal function or an external function operating in cooperation with the user device according to the type of the particular content, and
displaying the information related to the particular content according to the executed internal or external function.

US Pat. No. 10,171,397

SHARING OF INFORMATION EXTRACTED FROM MESSAGES IN COLLABORATIVE SYSTEMS

International Business Ma...

1. A method for sharing information in a computing infrastructure, the method comprising:intercepting a message sent from a computing machine of a first user to at least one second user;
verifying a sharing permission for sharing a content of the message, the sharing permission comprising one or more user-defined sharing rules defining policies for sharing the content of the message;
based on the sharing permission being verified, prompting, by displaying a pop-up window, the first user to authorize the sharing of the content of the message;
based on the sharing of the content of the message being authorized by the first user, adding a sharing indicator to the message, the sharing indicator comprising a custom sharing tag added to a header of the message;
based on the message comprising the sharing indicator, analyzing the content of the message to identify each matching context of one or more known contexts matching the content of the message, wherein each known context is defined by one or more keywords;
using an analytics engine based on a language processor to calculate a matching index for each known context according to a corresponding keyword comprised in a body of the message;
identifying each known context comprising a matching index higher than a threshold value as a matching context of the message;
organizing each known context comprising the matching index higher than the threshold value in a decreasing order of matching index;
extracting information from the body of the message starting with a known context having the highest matching index, the information comprising one or more questions and associated answers corresponding to the matching context, the information being extracted by implementing a text parser;
generating at least one shared entry for each matching context according to the extracted information corresponding to the matching context;
selecting at least one collaborative system for each shared entry from a plurality of known collaborative systems according to a comparison between one or more characteristics of the shared entry and one or more characteristics of each known collaborative system, wherein the one or more characteristics of the shared entry comprise a language of the shared entry, the matching context and a complexity of the shared entry, and the one or more characteristics of each known collaborative system comprise a language of each known collaborative system, a topic, and a type of participants of the known collaborative system;
formatting each generated shared entry for the at least one collaborative system by enclosing its contents into a block providing an indication of the topic and details of a member; and
submitting each formatted shared entry for publication to the at least one collaborative system corresponding to the matching context of the shared entry.

US Pat. No. 10,171,385

DYNAMICALLY PROVIDING SYSTEM COMMUNICATIONS IN A VIRTUAL SPACE TAILORED TO INDIVIDUAL USERS RESPONSIVE TO SPECIFIC USER ACTIONS AND INDIVIDUAL CURRENT STATES

Kabam, Inc., San Francis...

1. A system configured to dynamically provide system communications tailored to individual users responsive to occurrences of trigger events in a virtual space, the system comprising:one or more processors configured by machine-readable instructions to:
execute an instance of the virtual space, wherein the instance is configured to facilitate interaction between the individual users and with the virtual space, wherein the individual users are associated with individual client computing platforms through which command inputs are provided by the individual users that exercise control by the individual users within the virtual space;
provide an admin interface for presentation to an administrative user of the virtual space for managing system communications of the virtual space, the admin interface being configured to receive information from the administrative user, the information including one or more of new system communications, existing system communications, trigger event definitions, and/or information associated with one or more bases for determining whether an individual current state corresponds to one or more system communications;
monitor actions performed by a user within the virtual space for trigger events including a first trigger event, the first trigger event being a specific user action performed by a first user that has been defined as a trigger event, wherein the specific user action is one or more of registering as a user in the virtual space, establishing a relationship with another user and/or user character in the virtual space, customizing a user character, and/or engaging in gameplay within the virtual space;
obtain current states responsive to trigger events occurring within the virtual space, the current states being separate and discrete from the trigger events, a given current state for the first user including information indicating one or more of:
(a) a frequency of engagement by the first user in the virtual space,
(b) an amount of real-world money the first user has spent toward the virtual space, and/or
(c) total time spent by the first user while engaged in gameplay in the virtual space, wherein a first current state is obtained responsive to the first trigger event;
further responsive to trigger events occurring within the virtual space,
(i) determine whether individual current states correspond to one or more of a plurality of system communications, a given system communication being a communication configured to be provided by the system for presentation to users via one or more communication channels,
(ii) determine whether a first system communication corresponds to the first current state, and
(iii) select the first system communication responsive to the first system communication being determined to correspond to the first current state, such selection being further responsive to occurrence of the first trigger event; and
provide system communications for presentation to users via the one or more communication channels, the first system communication being presented to the first user,
wherein the admin interface includes user responsiveness information indicating user responsiveness to the system communications presented via the one or more communication channels.

US Pat. No. 10,171,383

METHODS AND SYSTEMS FOR PORTABLY DEPLOYING APPLICATIONS ON ONE OR MORE CLOUD SYSTEMS

Sony Interactive Entertai...

1. A method, comprising:receiving attributes of one or more resources and services required on a cloud system for executing an application;
generating a descriptor record for the application using the received attributes, the descriptor record defining an environment profile that is specific for the cloud system, wherein the descriptor record is generated by translating the one or more resources and services required into one or more actions to be taken for provisioning the required resources and services in the cloud system for successful execution of the application, wherein the generated descriptor record identifies a predefined sequence for the one or more actions to be taken based on the received attributes; and
storing the descriptor record in a descriptor file maintained in a deployment system database;
detecting a request for the execution of the application, the detection of the request resulting in a retrieval of the descriptor record for the application from the descriptor file, the retrieval causing automatic triggering of the predefined sequence for the one or more actions identified in the descriptor record resulting in the provisioning of the required services and resources on the cloud system to enable successful execution of the application,
wherein method operations are performed by a processor.

US Pat. No. 10,171,368

METHODS AND APPARATUS FOR IMPLEMENTING MULTIPLE LOOPBACK LINKS

Juniper Networks, Inc., ...

1. An apparatus, comprising:a memory; and
a processor operatively coupled to the memory implementing a route module, an encapsulation module operatively coupled to the route module, and a loopback selection module operatively coupled to the route module and the encapsulation module,
the route module configured to receive a data unit having a header portion,
the encapsulation module configured to receive the data unit from the route module and to append a tunnel header to the data unit to define a tunnel data unit,
the loopback selection module configured to receive the tunnel data unit from the encapsulation module and receive a signal representing bandwidth availability of each loopback link from a plurality of loopback links of a loopback link aggregation group (LAG),
the loopback selection module configured to select a loopback link from the plurality of loopback links of the loopback LAG based on the tunnel header and the bandwidth availability such that data traffic can be load balanced across each loopback link from the plurality of loopback links of the loopback LAG,
the route module configured to receive the tunnel data unit from the loopback selection module via the loopback link and send the tunnel data unit via a tunnel based on the tunnel header.

US Pat. No. 10,171,341

SOFTWARE DEFINED STORAGE STACK PROBLEM DIAGNOSIS AND OPTIMIZATION

INTERNATIONAL BUSINESS MA...

1. A method for storage stack analysis, the method comprising:determining, by a processor, a client configuration of a client storage stack comprising a plurality of layers with configurable parameters to control storage and retrieval of data between an uppermost layer and a lowest layer along an input/output path that selects from a plurality of options at each layer between the uppermost layer and the lowest layer of the client storage stack;
initiating, by the processor, creation of a replica of the client storage stack based on the client configuration to match the input/output path between the uppermost layer and the lowest layer of the client storage stack;
collecting input/output characteristics of a workload executed on the client storage stack using the client configuration;
applying a synthesized workload to the replica of the client storage stack, the synthesized workload based on the input/output characteristics of the workload;
analyzing, by the processor, input/output performance through the layers of the replica of the client storage stack in response to applying the synthesized workload;
identifying one or more configuration issues with the client configuration of the client storage stack based on a result of the analyzing;
generating a modified version of the client configuration as a replica configuration;
repeating the applying of the synthesized workload to the replica of the client storage stack using the replica configuration and analyzing the input/output performance through the layers of the replica of the client storage stack in response to applying the synthesized workload;
determining whether the result of the analyzing has improved based on the replica configuration;
generating a plurality of synthesized workloads that map to a plurality of replica configurations having different combinations of the options selected between the uppermost layer and the lowest layer of the client storage stack as input/output path options;
iteratively examining a plurality of variations of the replica configurations on the replica of the client storage stack using the synthesized workloads to identify a best performing instance of the replica configuration having a fewest number of configuration issues on the replica of the client storage stack; and
updating the client configuration of the client storage stack to align with the best performing instance of the replica configuration.

US Pat. No. 10,171,340

INTERWORKING NETWORK ELEMENT

TEJAS NETWORKS LIMITED, ...

1. A method, comprising:comparing Ethertype of a received frame at a network element based on a service level agreement, with an Ethertype associated with a source domain;
recognizing a destination Ethertype associated with a destination domain determined via lookup of a forward database stored in the network element, wherein the recognizing includes determining if the received frame Ethertype is same as the destination Ethertype or not;
determining if the destination domain is of type 802.1Q, 802.1ad, or 802.1ah, wherein the determining includes recognizing domain types of 802.1Q, 802.1ad, and 802.1ah; and
translating the Ethertype of the received frame to include the Ethertype of the destination domain, wherein the translation includes overwriting or appending the Ethertype of the received frame with an Ethertype associated with the destination domain and/or encapsulating the received frame with an Ethertype associated with the destination domain.

US Pat. No. 10,171,339

POPULATING FORWARDING DATABASE TABLES IN A FABRIC ENVIRONMENT

Lenovo Enterprise Solutio...

1. A computer program product comprising computer readable storage media that is not a transitory signal having program instructions embodied therewith, the program instructions executable by a processor to:maintain a forwarding database table in each of a plurality of interconnected switches forming a network, wherein each forwarding database table includes one or more records, each record identifying a media access control address, a port identifier, and a source identifier, and wherein the plurality of switches includes a first switch having a first forwarding database table;
maintain a node sequence table in each of the plurality of interconnected switches, wherein the node sequence table of any one of the switches identifies, for other switches in the network, the source identifier of the other switch and a sequence number of a synchronization packet last received from the other switch;
receive a frame from a first network device at a first port of the first switch, wherein the frame includes a media access control address of the first network device;
prepare a synchronization packet including the media access control address identifying first network device, a port identifier identifying the first port, a source identifier identifying the first switch, a sequence number that the first switch increments each time the first switch sends out a synchronization packet and an instruction, and wherein the synchronization packet is prepared by the first switch in response to determining that the media access control address is not associated with the first switch in a record of the first forwarding database table;
send the synchronization packet from the first switch to each other switch of the plurality of switches;
determine, by each switch that receives the synchronization packet, whether the sequence number in the synchronization packet is in sequence with the sequence number that is stored in the node sequence table of the switch in association with the source identifier of the first switch;
modify the forwarding database table of one or more of the switches that receive the synchronization packet to implement the instruction included in the synchronization packet in response to determining that the sequence number in the synchronization packet is in sequence with the sequence number that is stored in the node sequence table of the switch in association with the source identifier of the first switch; and
send, by any one or more of the switches that receives the synchronization packet, a negative acknowledgement packet to the first switch requesting that the first switch resend one or more synchronization packets in response to determining that the sequence number in the synchronization packet is not in sequence with the sequence number that is stored in the node sequence table of the switch in association with the source identifier of the first switch.

US Pat. No. 10,171,337

METHOD FOR MANAGING A NETWORK, AND NODE FOR IMPLEMENTING SAID METHOD

SERCEL, Carquefou (FR)

1. Method for electing a master routing node of a given subnet of a network, which given subnet comprises nodes connected together by a same type of interface, wherein the nodes comprising at least two activated interfaces enabling a connection with the given subnet and another different subnet of the network are defined as router nodes, one of the nodes of the network being chosen as target node, said method comprising following steps:determining a first-type address associated with the interface of each node on the given subnet, said first-type address being the address given by a routing table of the next hop on the path leading from said node to the target node, the next hop being a router node or said target node;
determining a second-type address associated with the interface of each node on the given subnet, said second-type address being the determined first-type address if the determined first-type address is on said given subnet, or the address of the interface of said node on the given subnet if the determined first-type address is on another subnet of the network than said given subnet;
sending by each router node of the given subnet a message containing its determined second-type address;
collecting at the interface of each node on the given subnet said sent messages containing a second-type address associated with a router node of said given subnet;
selecting for the interface of each node on the given subnet a third-type address among its determined second-type address and the second-type addresses contained in the collected messages, according to a selection rule known by all nodes of said subnet;
electing as master routing node of said given subnet the node having the selected third-type address.

US Pat. No. 10,171,336

OPENFLOW CONFIGURED HORIZONTALLY SPLIT HYBRID SDN NODES

TELEFONAKTIEBOLAGET LM ER...

1. A method implemented by a network element to execute a forwarding information base (FIB) manager to manage an FIB of the network element and to program a packet forwarding function of the network element, where the FIB manager supports a hybrid control plane with software defined networking (SDN) and local control plane processes, the method comprising:receiving a request to configure a node reachability configuration element, where the node reachability configuration element describes a packet processing instruction for the packet forwarding function to forward packets toward a referred node;
selecting a flow control agent from a set of flow control agents that each manage a separate flow control logical switch instance, the flow control agent to update reachability information to the referred node for an associated flow control logical switch instance, each separate flow control logical switch instance being a data plane implementation of a logical view of the FIB and each separate flow control logical switch having a separate service controller; and
updating a logical forwarding information representation to encode a next hop identifier for the referred node.

US Pat. No. 10,171,334

REAL-TIME DATA ANALYTICS FOR STREAMING DATA

INTERNATIONAL BUSINESS MA...

1. A computer-implemented method, comprising:receiving a plurality of values of a data stream, the plurality of values being generated by a monitored device and being received in real time;
updating, by a computer processing device, one or more statistical moments of the data stream based on each value of the plurality of values;
discarding each value of the plurality of values, after updating the one or more statistical moments of the data stream based on the value;
setting a threshold for the data stream based on the one or more statistical moments wherein the setting the threshold comprises:
associating a first statistical model with a first data type, the first data type being variable data;
associating a second statistical model with a second data type, the second data type being attribute data;
setting an active statistical model as one of the first statistical model and the second statistical model;
detecting a data type of the data stream;
determining that the data type of the data stream differs from the data type associated with the active statistical model;
changing the active statistical model, responsive to the data type of the data stream differing from the data type associated with the active statistical model; and
applying the changed active statistical model to the one or more statistical moments to calculate the threshold;
detecting that the threshold has been passed by the data stream; and
performing a remedial action on the monitored device, responsive to the threshold being passed, the remedial action being associated with the threshold.

US Pat. No. 10,171,333

DETERMINING CONNECTION FEASIBILITY AND SELECTION BETWEEN DIFFERENT CONNECTION TYPES

INTERNATIONAL BUSINESS MA...

1. A method, comprising:by an application (i) executed by a processor and (ii) programmed as part of the application at an application level to pre-test and selectively use a plurality of different available connection types and service interfaces to communicate application-level data over one or more computer networks to a remote computing system:
performing real-time application-level connection pre-testing of an available connection type of the plurality of different available connection types;
measuring real-time application-accessible performance characteristics of the available connection type of the plurality of different available connection types;
determining whether the measured real-time application-accessible performance characteristics of the available connection type satisfy a threshold real-time application-level connection performance criterion specified in accordance with a service-level data transmission formatting option utilized by one of the different available service interfaces;
selecting the available connection type in response to determining that the measured real-time application-accessible performance characteristics of the available connection type satisfy the threshold real-time application-level connection performance criterion specified in accordance with the service-level data transmission formatting option utilized by the one of the different available service interfaces; and
in response to determining that the measured real-time application-accessible performance characteristics of the available connection type do not satisfy the threshold real-time application-level connection performance criterion, the application:
determining that an alternative service interface with an alternative service-level data transmission formatting option selected from a group consisting of text-based serialized data transmission formatting and binary-based serialized data transmission formatting provides satisfactory real-time application-level performance over the available connection type; and
selecting the alternative service interface with the alternative data transmission formatting option.

US Pat. No. 10,171,330

INTEGRATING A COMMUNICATION BRIDGE INTO A DATA PROCESSING SYSTEM

INTERNATIONAL BUSINESS MA...

1. A method of integrating a further communication bridge into a running data processing system, the method comprising:obtaining, by a master communication bridge of the data processing system, an announcement made at an announcement time by the further communication bridge of the data processing system announcing that the further communication bridge is a slave communication bridge, the further communication bridge being a new or a recovered communication bridge, and wherein the data processing system includes a communication client running a first operating system having no own communication stack, and a first communication bridge running a second operating system having an own communication stack, wherein the first communication bridge is configured to act as the master communication bridge and wherein the further communication bridge is running a third operating system having an own communication stack, wherein master and slave are designations that are switched from one communication bridge to another communication bridge based on a failure of the one communication bridge, wherein the first communication bridge and the further communication bridge communicate by exchanging system state information on a regular basis, the system state information including at least one of information about a data packet count sent or received by the master communication bridge or information about an identifier for a last data packet sent or received;
monitoring, by the master communication bridge, data packets in a queue of its communication stack;
executing, by the master communication bridge, a quiesce process to quiesce processing on a network adapter and on an application programming interface (API) of the communication client based on there being no data packets in the queue with a sending time earlier than the announcement time;
extracting, by the master communication bridge, state of its communication stack and sending it to the further communication bridge;
obtaining, by the master communication bridge, an indication of completion by the further communication bridge of setting the received state in its own communication stack; and
resuming, by the master communication bridge, the network adapter and the API, wherein the master communication bridge and the further communication bridge are in synchronization.

US Pat. No. 10,171,329

OPTIMIZING LOG ANALYSIS IN SAAS ENVIRONMENTS

International Business Ma...

1. A method for optimizing log analysis, comprising:determining, by one or more computer processors, an optimal log analysis location based, at least in part, on an identified file size, an identified network bandwidth, current processing conditions, and a hierarchy of bandwidth thresholds and log file size thresholds, wherein determining an optimal log analysis location comprises:
determining, by the one or more computer processors, whether the identified bandwidth satisfies a first threshold bandwidth,
responsive to determining that the identified bandwidth does not satisfy the first threshold bandwidth, determining, by the one or more computer processors, whether the identified bandwidth satisfies a second threshold bandwidth,
responsive to determining that the identified bandwidth satisfies the second threshold bandwidth, determining, by the one or more computer processors, whether the identified log file size satisfies a first threshold file size, and
responsive to determining that the identified log file size satisfies the first threshold file size, identifying, by the one or more computer processors, the optimal log analysis location as being a second computer system, and
processing, by the one or more computer processors, the identified log file based, at least in part, on the identified optimal log analysis location, wherein processing the identified log file includes splitting portions of the identified log file, pushing log analysis software to a first computer system, transmitting at least a first portion of the identified log file to the first computer system for processing, and transmitting at least a second portion of the identified log file to the second computer system for processing.

US Pat. No. 10,171,327

HANDLING OF NETWORK CHARACTERISTICS

TELEFONAKTIEBOLAGET L M E...

1. A network information system, NIS, for handling network characteristics, the NIS comprising:a core network node comprising at least one processor coupled to at least one memory, the memory comprising:
a first set of instructions that when executed by the at least one processor causes the at least one processor be operable to:
estimate an available bitrate for a media flow, wherein the available bitrate is estimated based on available physical resources of a user equipment node to transmit the media flow;
a second set of instructions that when executed by the at least one processor causes the at least one processor be operable to:
acquire information about a permitted share of physical resources to be used during the transmission of the media flow;
update the estimated available bitrate for the media flow by matching the information to the estimated available bitrate for the media flow;
transmit the updated estimated available bitrate to the user equipment node that transmits the media flow;
transmit an instruction to the user equipment node that transmits the media flow to adjust the bitrate for transmission of the media flow according to the updated estimated available bitrate; and
a third set of instructions that when executed by the at least one processor causes the at least one processor be operable to:
invoke handling of network characteristics by triggering execution of the first set of instructions and the second set of instructions by the at least one processor.

US Pat. No. 10,171,323

DETERMINING A STATE OF A NETWORK DEVICE

PHILIPS LIGHTING HOLDING ...

1. A processor for determining a state of a first network device in a lighting network, the processor being adapted to:ascertain a first count value associated with the first network device and a second count value associated with a second network device adapted to pass messages to the first network device;
determine the state of the first network device based on the first count value and the second count value, wherein if the first count value is within a first predetermined range relative to the second count value, the processor determines that the first network device has been inactive,
wherein the first count value is dependent on a change of an incremental property of the first network device since a last reset of the first count value and the second count value is dependent on a change of an incremental property of the second network device since a last reset of the second count value.

US Pat. No. 10,171,322

DYNAMIC AND SECURE CLOUD TO ON-PREMISE INTERACTION AND CONNECTION MANAGEMENT

INTERNATIONAL BUSINESS MA...

1. A method executed by a passport service executed by at least one processor coupled to at least one memory, comprising:creating a passport on a cloud application that comprises connectivity details for a tunnel, the connectivity details including pre-allocated transmission control protocol ports for a setup of the tunnel, the tunnel securing and directing access by the cloud application to data of an on-premise appliance;
activating the on-premise appliance of an on-premise system by delivering the passport to the on-premise appliance to build the tunnel;
generating a passport token via the passport, wherein the passport token comprises dynamically generated connectivity properties for secure communications; and
binding the cloud application and the on-premise appliance based on the dynamically generated connectivity properties of the passport token and the connectivity details of the passport.

US Pat. No. 10,171,320

ENSURING IMPORTANT MESSAGES ARE VIEWED BY INTENDED RECIPIENT BASED ON TIME-TO-LIVE PATTERN

International Business Ma...

1. A computer program product for ensuring that important messages are viewed by the intended recipient, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising the programming instructions for:identifying a message as being important for a target group based on identifying keywords, based on detecting a flagged attribute or based on receiving a rating of importance from a user, wherein said message is identified as being important while said message is being created or reviewed by an author of said message, wherein said target group corresponds to one or more intended recipients of said message identified as being important, wherein said target group is deduced based on context in which said message is sent;
determining a time-to-live pattern for said message for said target group, wherein said time-to-live pattern indicates a set of presentation criteria for utilization of said message in a network environment, wherein said set of presentation criteria comprises relationship details, behaviors of said message and impression analysis, wherein said set of presentation criteria is based on a number of recipients of said target group;
monitoring, in said network environment, said message with respect to said time-to-live pattern using said set of presentation criteria;
detecting said message being viewed by a recipient of said target group;
adjusting said set of presentation criteria for said time-to-live pattern for said message for said target group in response to said recipient of said target group viewing said message;
determining if said adjusted time-to-live pattern has underachieved within a threshold period of time, wherein said threshold period of time is an amount of time to accomplish requirements of said set of presentation criteria, wherein said underachievement comprises not meeting said requirements of said set of presentation criteria; and
performing an action to increase priority of said message for said target group in response to detecting said underachievement of said time-to-live pattern within said threshold period of time.

US Pat. No. 10,171,317

MANAGEMENT SERVER FOR REMOTE MONITORING SYSTEM

Yanmar Co., Ltd., Osaka-...

1. A remote monitoring system for monitoring a mobile work vehicle or vessel, the mobile work vehicle or vessel having a remote monitoring terminal device mounted thereon, the remote monitoring system comprising:a management server for communicating with the remote monitoring terminal device, the management server configured to have:
a control section configured to process information; the control section having a storage section configured to store the information processed by the control section; and a communication section configured to communicate with the remote monitoring terminal device, wherein, the communication section receives:
a startup date and time of the remote monitoring terminal device from the remote monitoring terminal device when the remote monitoring terminal device is started up; and
a shutdown date and time of the remote monitoring terminal device, and minimum values, maximum values, and average values of data detected by the remote monitoring terminal device during an operation of the mobile work vehicle or vessel, and occurrence counts and durations of predetermined events from the remote monitoring terminal device when the remote monitoring terminal device is shut down,
wherein the control section distinguishes, by a daily report in a unit of an operation day for at least one operation time period from a startup to shutdown, the startup date and time, the shutdown date and time, the minimum values, the maximum values, the average values, and the occurrence counts and the durations of the predetermined events, which are received by the communication section, and the control section stores the received and distinguished information in the storage section in a unit of terminal identification information of the remote monitoring terminal device,
wherein the control section causes a display screen of a display section to selectably display the at least one operation time period for which the mobile work vehicle or vessel is operated,
wherein, when one of the at least one operation time period is selected on the display screen, the control section reads, from the storage section, the minimum values, the maximum values, the average values, and the occurrence counts and the durations of the predetermined events, all of which correspond to the selected operation time period, out of the startup date and time, the shutdown date and time, the minimum values, the maximum values, the average values, and the occurrence counts and the durations of the predetermined events, which are stored in the storage section in a unit of the terminal identification information, and causes another display screen of the display section to display together with the startup date and time and the shutdown date and time, the minimum values, the maximum values, the average values, and the occurrence counts and the durations of the predetermined events, which are read from the storage section, and
the work vehicle or vessel includes at least one work section and the remote monitoring terminal device further includes a power supply control section and multiple types of connection terminals connected to output elements at which data on an operation state is supplied external to the remote monitoring terminal device to various electronic control devices to control multiple operating states of multiple work sections,
wherein the at least one work section includes a startup switch SW and a battery BT,
wherein the power supply control section has a timer function and is connected to the battery BT via a power supply connecting line Lbt to periodically start up a power supply, no matter whether the startup switch SW is being turned off or on, and
wherein the power supply control section periodically starts up the power supply while the startup switch SW of the mobile work vehicle or vessel is being turned off, such that the power supply control section in the remote monitoring terminal device is always fed with electric power from the battery BT, and that the power supply to the control section is not turned off by the power supply control section when the startup switch SW is turned off.

US Pat. No. 10,171,316

INTELLIGENTLY MANAGING PATTERN CONTENTS ACROSS MULTIPLE RACKS BASED ON WORKLOAD AND HUMAN INTERACTION USAGE PATTERNS

International Business Ma...

1. A computer program product for managing pattern contents across multiple racks, the computer program product comprising a computer readable storage medium having program code embodied therewith, the program code comprising the programming instructions for:monitoring workload usage of contents of a pattern in a pattern definition and in a deployed pattern, wherein said pattern is a model of a topology and application environment that encapsulates installation, configuration and management of middleware and applications that run on virtual machines in physical compute nodes in a domain of racks, wherein said pattern definition is said pattern defined by a user;
collecting workload usage characteristics of said contents of said pattern on a primary rack in said domain of racks based on said monitoring of said workload usage of said contents of said pattern in said pattern definition and in said deployed pattern;
ranking said contents of said pattern by analyzing said collected workload usage characteristics of said contents of said pattern on said primary rack in said domain of racks;
determining an order of said contents of said pattern to be updated in a batch mode operation across all racks in said domain of racks based on said ranking; and
performing said batch mode operation across all racks in said domain of racks based on said ranking.

US Pat. No. 10,171,315

ORCHESTRATION PROCESS TEMPLATE FOR GENERATION OF ORCHESTRATION PROCESS TO TOLERATE ERRORS

INTERNATIONAL BUSINESS MA...

1. A method to generate an executable orchestration process, the method comprising:querying a user to enter first computer code for activating a service;
querying the user to enter second computer code for undoing actions performed in the activating;
loading pre-defined third computer code for determining whether the activated service is a success or has an error, based on the service;
loading pre-defined fourth computer code for correcting the error;
generating an executable orchestration function from the first through fourth computer code; and
generating the orchestration process from the executable orchestration function.

US Pat. No. 10,171,313

MANAGING WORKLOAD TO MEET EXECUTION CRITERION IN A HYBRID CLOUD ENVIRONMENT

International Business Ma...

1. A method for managing workload in a computing environment, comprising:monitoring execution behavior of a portion of a job that is executing on a second set of the computing resources, the job running on a first set of computing resources and a second set of computing resources, wherein the first set of computing resources are internal resources of an infrastructure and the second set of computing resources are external resources of the infrastructure, wherein the infrastructure running the job controls the first set of computing resources, but does not have control over the second set of computing resources, the internal resources of the infrastructure being operated solely for a first organization owning the infrastructure, and the external resources are owned by a second organization providing a service to the first organization, wherein the external resources are shared by a plurality of organizations;
comparing the execution behavior of a portion of the job that is running on the second set of the computing resources with target behavior for meeting at least one execution criterion;
responsive to determining that the portion of the job that is running on the second set of the computing resources which are the external resources provided as the service to the first organization, is performing below a level needed to meet the execution criterion, determining whether allocating a third set of computing resources of the internal resources of the infrastructure would improve overall performance of the job in meeting the execution criterion, the determining comprising at least monitoring a capacity of the first set of computing resources and determining whether the capacity of the first set of computing resources is under stress, and responsive to determining that the capacity of the first set of computing resources is under stress, determining that allocating a third set of computing resources of the internal resources of the infrastructure would improve overall performance of the job in meeting the execution criterion;
allocating at least one computing resource internal to the infrastructure in the third set of computing resources to the job responsive to determining that allocating a third set of computing resources internal to the infrastructure would improve overall performance of the job in meeting the execution criterion,
wherein historical behavior of the second set of computing resources that are external resources to the infrastructure are used to allocate internal computing resources that are internal to the infrastructure.

US Pat. No. 10,171,312

OPTIMIZING CLOUD SERVICE DELIVERY WITHIN A CLOUD COMPUTING ENVIRONMENT

International Business Ma...

1. A method for optimizing cloud service delivery within a cloud computing environment, the method comprising:receiving a cloud service request (CSR) from a cloud customer in the cloud computing environment, the cloud service request comprising at least one parameter of one or more existing cloud services accessed by the cloud customer that are provided by one or more existing cloud service providers;
monitoring the at least one parameter of the CSR in a cloud service registry, the cloud service registry comprising:
(i) a plurality of cloud services provided by a plurality of cloud service providers; and
(ii) one or more parameters corresponding to each cloud service of the plurality of cloud services;
based on said monitoring, determining a new cloud service provider having an improvement, related to the at least one monitored parameter, in comparison to the one or more existing cloud service providers, wherein the improvement includes a cost of X-n, wherein X represents the cost of the lowest-cost cloud service provider among the one or more existing cloud service providers, and wherein n represents a pre-determined minimum decrement amount;
determining (i) availability of the new cloud service provider, (ii) a cost of migrating the one or more existing cloud services to the new cloud service provider, and (iii) downtime of the cloud services accessed during said migration;
routing, to the cloud customer, (i) one or more details describing the new cloud service, (ii) the determined availability of the new cloud service provider, (iii) the determined cost of migrating the one or more existing cloud services to the new cloud service provider, (iv) the determined downtime of the cloud services accessed during said migration, and (v) a request for permission to migrate the one or more existing cloud services to the new cloud service provider; and
upon receipt of an affirmative response from the cloud customer to the request, migrating the one or more existing cloud services to the new cloud service provider within the cloud computing environment.

US Pat. No. 10,171,311

GENERATING SYNTHETIC DATA

INTERNATIONAL BUSINESS MA...

1. A method comprising:receiving a model of a dataset, wherein the received model of the dataset includes a tree structure comprising decision branches and leaf nodes;
extracting information from the received model by accessing metadata and a tree structure within the received model;
wherein the extracting information from the received model comprises extracting information on field names and types in the dataset, generating a probability of a record being assigned to each leaf in the tree in response to the number of training records assigned to each leaf and extracting constraints on predictor fields for records assigned to that leaf for each leaf node, and
wherein the extracting information from the received model comprises determining whether the tree structure is a classification tree, in response to the tree structure being a classification tree, determining conditional probabilities of each value of a target field for each leaf, and in response to the tree structure not being a classification tree, determining mean values of the target field for each leaf;
constructing a database view from the extracted information; receiving a query to the constructed database view; and
generating synthetic data from the constructed database view according to the received query, the generating includes generating a base common table expression that incorporates a number of records to be generated, generating a leaf common table expression that assigns each randomly generated record to a leaf node and generates random numbers for each field in a data dictionary; and generating a tree common table expression that assigns values to the predictor fields and target field of each synthetic record of the view, wherein all three common table expressions are generated from the accessed metadata and tree structure and are combined to define the view.

US Pat. No. 10,171,310

ENSURING REGULATORY COMPLIANCE DURING APPLICATION MIGRATION TO CLOUD-BASED CONTAINERS

International Business Ma...

1. A method of ensuring regulatory compliance during application migration to cloud-based containers, the method comprising:receiving, by one or more processors, a message directing an application to be migrated to a container cloud, wherein the container cloud is a cloud of servers and networks that support containers, wherein a container is a class of objects used to store objects following specific access rules;
in response to receiving the message directing the application to be migrated to the container cloud, matching, by one or more processors, the application to multiple containers described in a container registry, wherein each container is matched to a service that provides a server, and wherein the server hosts cloud-based containers whose logical behavior is defined by a set of values and a set of operations;
grouping, by one or more processors, lines of code from the application according to different regulations, wherein a first group of lines of code from the application is regulated by a first regulatory rule, and wherein a second group of lines of code from the application is regulated by a second regulatory rule;
identifying, by one or more processors, at least one regulatory rule as an identified at least one regulatory rule by which the server, the application, and requisite containers are governed;
detecting, by one or more processors, a change to at least one of the server, the application, and the requisite containers so that there is noncompliance with the identified at least one regulatory rule; and
in response to detecting the change, automatically recomposing a chain of compliance services using an artificial intelligence planning technology, wherein the chain of compliance services monitors compliance with the identified at least one regulatory rule by the server and the requisite containers.

US Pat. No. 10,171,308

DYNAMIC CABLE-LINKAGE MANAGEMENT

International Business Ma...

1. A computer-implemented method of dynamic cable-linkage management for a shared pool of configurable computing resources having a set of cable-linkage topology data, the method comprising:sensing, by a first mapping engine which is coupled with a first service processor on a set of control nodes, a first connection between the first service processor and a plurality of compute nodes;
establishing, by the first mapping engine, a first node identifier on a first compute node;
establishing, by the first mapping engine, a second node identifier on a second compute node, wherein the set of cable-linkage topology data includes a first set of cable-link identifiers for the first compute node and a second set of cable-link identifiers for the second compute node;
determining, based on the plurality of node identifiers and the set of cable-linkage topology data, a first device path map includes:
mapping the first node identifier with the first set of cable-link identifiers, and
mapping the second node identifier with the second set of cable-link identifiers:
routing, using the first set of cable-link identifiers, a first subset of the set of data traffic between the first service processor and the first compute node;
routing, using the second set of cable-link identifiers, a second subset of the set of data traffic between the first service processor and the second compute node;
coupling, on the set of control nodes, a second service processor with a second mapping engine;
sensing, by the second mapping engine, a second connection between the second service processor and the plurality of compute nodes;
accessing, by the second mapping engine, the first node identifier on the first compute node and the second node identifier on the second compute node;
determining, based on the plurality of node identifiers and the set of cable-linkage topology data, a second device path map including:
mapping the first node identifier with the second set of cable-link identifiers, and
mapping the second node identifier with the first set of cable-link identifiers;
routing, using the second set of cable-link identifiers, the first subset of the set of data traffic between the second service processor and the first compute node; and
routing, using the first set of cable-link identifiers, the second subset of the set of data traffic between the second service processor and the second compute node.

US Pat. No. 10,171,307

NETWORK MODALITY REDUCTION

International Business Ma...

1. A method for processing a multi-modal network to reduce modality, the method comprising:determining, by one or more computer processors, a plurality of entities connected by a plurality of links within a multi-modal network;
assigning, by the one or more processors, a weighted value to each of the plurality of links connecting the plurality of entities;
converting, by the one or more computer processors, the multi-modal network into a modelled network based, at least in part, on the weighted value assigned to each of the plurality of links;
eliminating, by the one or more computer processors, one or more of the plurality of entities not designated as an entity of interest from the modelled network; and
converting, by the one or more computer processors, the modelled network into a uni-modal network, where the uni-modal network contains a plurality of nodes designated as entities of interest connected by a plurality of resistors designated as simplified weighted links between the entities of interest, where each of the plurality of resistors has an associated resistance representative of a strength of connection between each of the plurality of nodes, with a greater resistance indicating a weaker connection as a resistance between each of the plurality of nodes is an inverse of the weighted value assigned to each of the plurality of entities connected by each of the plurality of links replaced by the plurality of nodes and associated resistance.

US Pat. No. 10,171,304

NETWORK POLICY CONFIGURATION

BlackBerry Limited, Wate...

1. A method comprising:as part of a configuration process of a wireless device by a configurator device:
receiving, by the configurator device from the wireless device, a configuration request including a configuration attribute of the wireless device;
mapping, by the configurator device using a first mapping comprising information that maps between configuration attributes and respective credential attributes, the configuration attribute in the configuration request received from the wireless device to a corresponding credential attribute, the corresponding credential attribute to be mapped to a corresponding network policy; and
sending, by the configurator device, a configuration response including the corresponding credential attribute to the wireless device, the corresponding credential attribute useable by the wireless device to access an access point (AP); and
as part of a configuration process of the AP by the configurator device:
sending, by the configurator device to the AP, a second mapping comprising a mapping table including information that maps between credential attributes and respective network policies, for use by the AP in obtaining, responsive to the corresponding credential attribute received by the AP from the wireless device, the corresponding network policy to apply to a communication of the wireless device.

US Pat. No. 10,171,301

IDENTIFYING HARDCODED IP ADDRESSES

International Business Ma...

1. A computerized network-migration system component of a network-management system comprising a processor, a memory coupled to the processor, a computer-readable hardware storage device coupled to the processor, and an interface to the network-management system, wherein the network-management system identifies network-configuration information that describes at least one component of a computer network to be migrated, wherein the interface allows the network-migration system to interactively access the network-configuration information, and wherein the storage device contains program code configured to be run by the processor via the memory to implement a method for identifying hardcoded IP addresses, the method comprising:the network-migration system requesting a latest version of the network-configuration information;
the network-migration system receiving, in response to the requesting, a subset of the requested network-configuration information; and
the network-migration system choosing, as a function of a way in which an Internet Protocol address of a component of the computer network to be migrated is characterized in the received network-configuration information, where the received network-configuration information does not comprise source code of a software application, a method of identifying whether the Internet Protocol address is hardcoded,
where the method is selected from the group consisting of:
a network-view method that determines whether a received DNS list comprises a first network address identified by a received server-affinity listing
a server-based method that determines whether a received list of ARP address lookups identifies a first network address, and
a trace-log method that determines whether a received TCP trace log identifies a first network address but does not associate a hostname with the first network address.

US Pat. No. 10,171,269

EQUALIZER CIRCUIT AND INTEGRATED CIRCUIT INCLUDING THE SAME

SAMSUNG ELECTRONICS CO., ...

1. An equalizer circuit comprising:an equalizer controller configured to provide an enable signal, a delay control signal, and a voltage control signal based on a control signal; and
at least one equalizer configured to provide an equalizer signal based on the enable signal, the delay control signal and the voltage control signal, the at least one equalizer configured to provide the equalizer signal to a corresponding connection node, the corresponding connection node being connected to a corresponding logic circuit,
wherein the at least one equalizer includes,
a delay control circuit configured to delay a transfer signal from the corresponding logic circuit to provide a delayed transfer signal, the delay control circuit configured to delay the transfer signal based on the delay control signal, and
a voltage control circuit configured to provide the equalizer signal based on the delayed transfer signal and the voltage control signal,
wherein the voltage control circuit includes,
a voltage control inverter configured to provide the equalizer signal based on the delayed transfer signal.

US Pat. No. 10,171,264

DATA CENTER NETWORKS

Tigera, Inc., San Franci...

1. A method, comprising:advertising an external IP address of a packet forwarding function as a next hop IP address for one or more servers external to a data center network to reach a first virtual system, wherein the packet forwarding function includes an internal IP address that is different than the external IP address;
receiving, at the packet forwarding function comprised within a server in the data center network, a data packet being routed to or from the first virtual system having a first IP address and hosted on the server;
determining, by the packet forwarding function, a destination of the received data packet by querying a packet forwarding data store to determine a next hop IP address associated with a destination IP address of the received data packet; and
forwarding, by the packet forwarding function, the data packet based at least in part on the next hop IP address associated with the destination IP address of the received data packet, wherein the next hop IP address includes at least one of the internal IP address, the external IP address, an IP address associated with a border gateway, or an IP address associated with a device within the data center network.

US Pat. No. 10,171,251

TAMPER-PROTECTED HARDWARE AND METHOD FOR USING SAME

Emsycon GmbH, (DE)

1. A tamper-protected hardware module, comprising:a hardware structure providing a Physical Unclonable Function (PUF), the hardware structure being adapted to provide a response to challenges input to the PUF implemented in the hardware structure,
storage memory to store a set of challenges and a set of correct PUF responses for each of said challenges,
processor circuitry to provide at least one challenge from said set of challenges to the hardware structure implementing the PUF, and to receive a PUF response for each challenge provided to the hardware structure implementing the PUF,
the processor circuitry to verify integrity of the tamper-protected hardware module by checking, for each PUF response received for a challenge provided to the hardware structure implementing the PUF, whether the respective PUF response received from the hardware structure implementing the PUF matches the correct PUF response of said challenge stored in the storage memory, and
wherein the processor circuitry makes the tamper-protected hardware module temporarily or permanently unusable if integrity of the tamper-protected hardware module is not verified by the processor circuitry, and wherein the tamper-protected hardware module is a chip or a die, and wherein the tamper-protected hardware module further comprises an on-chip trusted time source for providing the current date and time, wherein the current date and time is used by the tamper-protected hardware module to verify validity of certificates.

US Pat. No. 10,171,250

DETECTING AND PREVENTING MAN-IN-THE-MIDDLE ATTACKS ON AN ENCRYPTED CONNECTION

Juniper Networks, Inc., ...

1. A method comprising:determining, by a device, one or more verification domains to be used to verify a public key certificate,
the one or more verification domains being different from a host domain associated with the device;
determining, by the device, one or more resources to be requested to verify the public key certificate;
determining, by the device, one or more actions to perform when the public key certificate is not valid;
generating, by the device, executable verification code, for performing the one or more actions without prompting a user to accept or reject the public key certificate, based on determining the one or more verification domains, based on determining the one or more resources, and based on determining the one or more actions;
embedding, by the device, the executable verification code in other code; and
providing, by the device, the other code, with the executable verification code, for execution by a client device.

US Pat. No. 10,171,249

PRIVACY FRIENDLY LOCATION BASED SERVICES

INTERNATIONAL BUSINESS MA...

1. A cryptographic method for enabling access to services provided by a server in a set of reference areas; the method comprising:obtaining, by a user device, a set of reference credentials of the server that certifies data indicating the set of reference areas, wherein the set of reference areas are defined using Military Grid Reference System (MGRS), wherein at least one reference credential of the set of reference credentials is an attribute-based credential, wherein attributes in the reference credential indicate respective MGRS precision levels of a reference area of the set of reference areas, wherein the set of reference credentials are signed by the server using a predefined signature scheme, wherein the set of reference credentials are obtained from the server by the user device, wherein the user device is connected to a mobile network controller and the server, wherein the mobile network controller is of a network to which the user device is connected, wherein the mobile network controller comprises a mobile network operator server;
obtaining, by the user device, a location credential that certifies location data indicating a current location of the user device, wherein the location credential is an attribute-based credential, wherein attributes in the location credential indicate respective MGRS precision levels of the current location of the user device, wherein the location credential is obtained from the mobile network operator server by the user device, wherein the location credential is signed by the mobile network operator server using the predefined signature scheme;
generating, by the user device, an authentication token comprising a cryptographic proof for proving that the current location of the user device certified by the location credential matches at least one reference area certified by the set of reference credentials, the cryptographic proof proving that the respective MGRS precision levels of the at least one reference area match at least a part of the respective MGRS precision levels of the current location of the user device; and
sending, by the user device, the authentication token to the server for accessing the services in the at least one reference area, wherein the server is configured to determine from the cryptographic proof that the location of the user device matches at least one area of the set of reference areas, wherein the server performs the determining without receiving the current location of the user device.

US Pat. No. 10,171,243

SELF-VALIDATING REQUEST MESSAGE STRUCTURE AND OPERATION

INTERNATIONAL BUSINESS MA...

14. A method for execution by a storage unit (SU), the method comprising:receiving, via an interface of the SU configured to interface and communicate with a dispersed or distributed storage network (DSN) and from a computing device, a self-validating request message, wherein the self-validating request message is generated by the computing device to include a first message authentication code of the computing device, and the self-validating request message is generated by the computing device based on the computing device creating a master key of the computing device, creating a message encryption key based on the master key of the computing device and a secret function, encrypting a message using the message encryption key to generate an encrypted message, encrypting the master key of the computing device using a public key of the SU to generate an encrypted master key;
processing the self-validating request message to verify the first message authentication code of the computing device that is included within the self-validating request message, and when the first message authentication code of the computing device is verified:
decrypting the encrypted master key that is included within the self-validating request message using a private key of the SU to recover the master key of the computing device;
generating the message encryption key based on the master key of the computing device and the secret function; and
decrypting the encrypted message that is included within the self-validating request message to recover the message; and
generating, in response to the self-validating request message, a self-validating response message that includes a second message authentication code and an encrypted response including to:
generating a responder encryption key based on the master key and another secret function; and
encrypting a response to the message based on the responder encryption key to generate the encrypted response; and
transmitting, via the interface of the SU and to the computing device, the self-validating response message.

US Pat. No. 10,171,226

SYSTEMS AND METHODS FOR FREQUENCY DIVISION DUPLEX COMMUNICATION

TCL COMMUNICATION LIMITED...

1. A method of wireless communication using half duplex frequency division duplex, HD-FDD, comprising at a wireless communications device:receiving downlink data during a plurality of downlink subframes; and
transmitting a hybrid automatic repeat request acknowledgement, HARQ-ACK, on an uplink;
wherein the HARQ-ACK relates to downlink data received during at least two of the plurality of downlink subframes and the HARQ-ACK is transmitted during one uplink subframe,
wherein the wireless communications device receives timing data on a downlink channel which indicates a timing association between a downlink data subframe and an uplink transmission subframe for transmitting the HARQ-ACK,
wherein the timing data is received as part of a downlink control indicator in a DCI message which is in DCI format 6-1A.

US Pat. No. 10,171,224

METHOD AND ARRANGEMENT FOR RELAYING IN CASE OF EXTENSION AREAS HAVING UPLINK/DOWNLINK IMBALANCE

Telefonaktiebolaget LM Er...

1. A method in a network node associated with a cell area A and a cell extension area B having an uplink/downlink imbalance in relation to a neighboring base station and the network node, the method comprising:signaling a set of event measurement conditions to a User Equipment (UE), causing the UE to indicate to the network node when an event measurement condition in the set of event measurement conditions is fulfilled, wherein the set of event measurement conditions comprises:
an event measurement condition related to the UE entering or leaving the cell area A, the UE being served in both uplink and downlink in the cell area A; and
an event measurement condition related to the UE entering or leaving the cell extension area B, the UE being served in uplink in the cell extension area B;
based on the indication, determining whether the UE is located in the cell area A or the cell extension area B, wherein the fulfilled event measurement condition defines circumstances, based on measurement values, that trigger the UE to indicate to the network node when any event measurement condition in the set of event measurement conditions is fulfilled;
in response to a determination that the UE is located in the cell area A, serving the UE in both uplink and downlink; and
in response to a determination that the UE is located in the cell extension area B, serving the UE in uplink.

US Pat. No. 10,171,221

SCHEDULING METHOD AND APPARATUS OF MULTI-ANTENNA COMMUNICATION SYSTEM, AND METHOD AND APPARATUS FOR FEEDING-BACK CHANNEL QUALITY INDICATOR

Electronics and Telecommu...

1. A method for feeding back a channel quality indicator (CQI) by a terminal, the method comprising:receiving, from a base station, at least one reference signal through at least one of multiple beams of the base station;
measuring a signal-to-interference plus noise ratio (SINR) for the at least one reference signal;
receiving CQI feed-back mode information from the base station;
deciding the number of bits of a first CQI and an SINR increase range depending on a level of the first CQI based on the CQI feed-back mode information;
determining a first level corresponding to the measured SINR among levels of the first CQI having the decided number of bits and the decided SINR increase range; and
feeding back the first CQ having the first level to the base station,
wherein the first CQ is capable of representing an SINR larger than an SINR which a second CQI is capable of maximally representing, the second CQI being used for data transmission.

US Pat. No. 10,171,218

METHOD FOR ESTIMATING SIGNAL QUALITY OF TRANSMISSION TO A USER EQUIPMENT FROM A TRANSMISSION POINT

Telefonaktiebolaget LM Er...

1. A method performed by a network node for enabling transmissions to a user equipment (UE) from transmission points (TPs) in a coordination cell area in a radio communications network, the method comprising:configuring two or more TPs in the coordination cell area not currently serving the UE to transmit signals on interference measurement (IM) resources of two or more Channel State Information (CSI) processes of the UE according to three or more different interference states;
receiving, from the UE, CSI reports based on the transmitted signals on the IM resources of the two or more CSI processes of the UE;
estimating one signal quality value for each of the three or more different interference states of the transmitted signals and at least one further signal quality value corresponding to at least one interference state that is not part of the three or more different interference states of the transmitted signals, based on the received CSI reports of the two or more CSI processes;
one or more of scheduling coordinated transmissions to the UE from TPs in the coordination cell area and selecting transmission configuration settings for TPs in the coordination cell area, using the estimated signal quality values; and
performing coordinated transmissions to the UE from one or more TPs of the coordination cell area.

US Pat. No. 10,171,212

METHOD AND DEVICE FOR PERFORMING CHANNEL ESTIMATION

LG Electronics Inc., Seo...

1. A method for performing channel state reporting on a downlink channel transmitted through M two-dimensionally arranged antenna ports, the method implemented by a user equipment (UE) and comprising:receiving a channel state information-reference signal (CSI-RS) configuration for N virtual antenna ports formed by applying beamforming to each vertical antenna group of the M two-dimensionally arranged physical antenna ports matrix;
calculating channel state information (CSI) about the downlink channel using the received CSI-RS configuration; and
reporting the CSI to a serving cell associated with the UE,
wherein the reported CSI comprises information about rotational transformation of a first codeword in a codebook for a combination of Q unit vectors orthogonal to each other in an N-dimensional space,
wherein the reported CSI further comprises an indicator indicating whether the rotational transformation to be applied overlaps with a previous rotational transformation, and
wherein N and Q are integers satisfying 2?Q?N, and M is an integer satisfying 2?M.

US Pat. No. 10,171,211

WIRELESS COMMUNICATION SYSTEM AND METHOD, AND WIRELESS COMMUNICATION APPARATUS

PIONEER CORPORATION, Kan...

1. A wireless communication system comprising:a first apparatus and a second apparatus that perform wireless communication with each other,
wherein the first apparatus sends a first reference signal, and starts signal transmission to the second apparatus with a first period from a time point at which a first offset time passes from sending the first reference signal,
the second apparatus starts signal transmission to the first apparatus with the first period from a time point at which a second offset time, which is different from the first offset time, passes from sending the first reference signal, and
the first apparatus transmits a signal indicating a time obtained by adding the first offset time and a fixed time, which is shorter than one period of the first period, as the second offset time to the second apparatus before starting the signal transmission.

US Pat. No. 10,171,199

TUNABLE LASER IN AN OPTICAL ACCESS NETWORK

Google LLC, Mountain Vie...

16. A method comprising:receiving, at data processing hardware, a request to transmit a data packet from an optical network unit (ONU) to an optical line terminal (OLT) of an optical access network having a multiplexer optically coupled between the ONU and the OLT, the multiplexer having a wavelength pass-band, the ONU comprising a tunable laser configured to continuously transmit an optical signal that alternates between a burst-on state and a burst-off state;
triggering, by the data processing hardware, the burst-on state of the tunable laser by transmitting a burst-on current to the tunable laser, the burst-on current biasing the tunable laser to transmit the optical signal at a transmit wavelength within the wavelength pass-band of the multiplexer, the multiplexer configured to allow passage therethrough of the optical signal at the transmit wavelength;
instructing, by the data processing hardware, the tunable laser to transmit the data packet in the optical signal; and
after transmission of the data packet, enabling, by the data processing hardware, the burst-off state of the tunable laser by transmitting a burst-off current to the tunable laser, the burst-off current biasing the tunable laser to transmit the optical signal at a non-transmit wavelength outside of the wavelength pass-band of the multiplexer, the multiplexer configured to block passage therethrough of the optical signal at the non-transmit wavelength.

US Pat. No. 10,171,194

INTERFERENCE MANAGEMENT AND DECENTRALIZED CHANNEL ACCESS SCHEMES IN HOTSPOT-AIDED CELLULAR NETWORKS

Board of Regents, The Uni...

1. A system for decentralized spectrum allocation in a two-tier network, comprising:one or more low power base stations deployed in a secondary tier within a coverage range of a macro cellular base station deployed in a first tier, wherein the macro cellular base station utilizes a wireless frequency band and respective low power base stations utilize a wireless frequency band that is the same as the macro cellular base station wireless frequency band,
wherein respective low power base stations are configured to employ at least one cross-tier interference avoidance technique such that coexistence between the macro cellular base station and the corresponding low power base station is enabled, the at least one cross-tier interference avoidance technique comprising the use of two or more transmit antennas at the low power base station to null interference in the direction of a nearby macro cellular base station's user, and
wherein the direction to null the low power base station's transmissions is determined by channel state feedback sent from the macro cellular base station's downlink user to its associated macro base station.

US Pat. No. 10,171,192

METHOD OF PROVIDING AN EMERGENCY ALERT SERVICE VIA A MOBILE BROADCASTING AND APPARATUS THEREFOR

LG ELECTRONICS INC., Seo...

1. A method of providing an emergency alert in a broadcast transmitter, the method comprising:generating service data of a broadcast service;
generating an emergency alert table including an emergency alert message;
generating an additional content related to the emergency alert message;
generating wake-up information indicating whether a broadcast receiver is to be woken up; and
transmitting a broadcast signal including the service data, the emergency alert table, the additional content, and the wake-up information,
wherein the emergency alert table further includes information for identifying a viewing target for the emergency alert message and emergency-related broadcast service information for an emergency-related broadcast service,
wherein the emergency-related broadcast service information includes information for identifying the emergency-related broadcast service and information for identifying a broadcast stream delivering the emergency-related broadcast service,
wherein the wake-up information indicates a wake-up call by being changed from 0 to 1, and
wherein the wake-up information indicates a different wake-up call from the wake-up call by being changed from 1 to 2.

US Pat. No. 10,171,190

DEVICE AND METHOD FOR TESTING MIMO SCHEME SYSTEM

ANRITSU CORPORATION, Kan...

1. A device for testing a multi input multi output (“MIMO”) scheme system adopting a multicarrier modulation scheme using K carriers in communication with one mobile terminal,a MIMO scheme having the number of transmitting antennas N and the number of receiving antennas M, and a beam forming process scheme for setting radiation beam characteristics based on transmitting antennas having the number of antennas N, in which N×M channels and
a pseudo-propagation channel having U paths in each of the channels are assumed between the transmitting antennas and the receiving antennas, and signals received by the M receiving antennas through the propagation channel are generated to be given to a test object, the device comprising:
a layer frequency domain signal generation unit that generates R×K series of modulation signals in a frequency domain for each of the K carriers with the input of R layers' worth of data signal sequences to be transmitted to the test object;
a window function operation unit that performs a convolution operation of frequency characteristics of a window function in a time domain with the input of the R×K series of modulation signals, output by the layer frequency domain signal generation unit, as a process equivalent to signal excision based on multiplication of the window function in the time domain;
a fading setting unit that obtains propagation channel characteristics of all paths assumed between the transmitting antennas and the receiving antennas;
a beam forming equivalence operation unit that performs an operation process equivalent to the beam forming process for setting the radiation beam characteristics based on the transmitting antennas having the number of antennas N to desired characteristics, with the input of the N×M×U paths' worth of propagation channel characteristics obtained in the fading setting unit;
a Fourier transform unit that performs Fourier transform taking account of a delay for each path with the input of the propagation channel characteristics of all paths obtained by the beam forming equivalence operation unit, and obtains propagation channel characteristics in the frequency domain;
an operation unit that obtains spectrum information of a signal to be received in each of the receiving antennas by multiplications of the propagation channel characteristics in the frequency domain obtained by the Fourier transform unit and operation results of the window function operation unit;
a time domain signal generation unit that performs inverse Fourier transform processes with the input of the operation results of the operation unit, and generates signals in the time domain to be received by the receiving antennas; and
a shift addition unit that shifts and adds the signals in the time domain generated by the time domain signal generation unit by a length of the window function in the time domain, and generates consecutive signals to be received by the receiving antennas.

US Pat. No. 10,171,189

ROBUST POWER DETECTOR FOR WIDEBAND SIGNALS AMONG MANY SINGLE TONE SIGNALS

1. A method performed by a processor of a computing device, the method comprising:receiving signal data from a radar antenna that is in communication with the processor, the signal data comprising a plurality of amplitude values of a signal over a period of time, wherein the signal is received by the antenna, the signal comprising an echo return and a noise signal, the echo return present in the signal for a subset of the period of time;
determining that a ratio of an amplitude value in the amplitude values to a mean amplitude value of the amplitude values over the period of time exceeds a threshold value;
based upon determining that the ratio exceeds the threshold value, outputting an indication that the signal includes the echo return at a time corresponding to the amplitude value; and
isolating the echo return based upon the indication that the signal includes the echo return at the time corresponding to the amplitude value.

US Pat. No. 10,171,170

MULTI-CHANNEL PARALLEL OPTICAL TRANSCEIVER MODULE

Global Technology Inc., ...

1. A multi-channel parallel optical transceiver module, comprising:a shell body and a circuit board located in the shell body;
an optical emitter base soldered to a first end of the circuit board;
a notch located on the optical emitter base for engaging the first end of the circuit board with the first end of the optical emitter base being soldered to two opposite sides of the circuit board;
a plurality of optical emitters disposed in parallel on the optical emitter base, wherein at least two of the optical emitter of the plurality of optical emitters are separated from each other by a block;
a plurality of lasers, each laser of the plurality of lasers disposed at a first side of an associated optical emitter of the plurality of optical emitters;
a plurality of lenses, each lens of the plurality of lenses being associated with a laser of the plurality of lasers and disposed at the first side of an associated optical emitter of the plurality of optical emitters;
a plurality of optical monitors, each optical monitor of the plurality of optical monitors disposed on a second end of the circuit board adjacent to an associated laser of the plurality of lasers, wherein each optical monitor is connected to an associated laser by a bonding wire, each optical monitor of the plurality of optical monitors and laser of the plurality of lasers being connected to a laser controller and a driving chip disposed on the circuit board;
an optical fiber array and a processing chip for received optical signals adhered onto the circuit board;
a first metal shielding mask disposed on the circuit board for covering and sealing the optical fiber array and the processing chip for the received optical signals; and
a second metal shielding mask disposed on the circuit board, for covering and sealing the first metal shielding mask, the optical monitor, the laser controller, and the driving chip.

US Pat. No. 10,171,165

VISIBLE LIGHT SIGNAL GENERATING METHOD, SIGNAL GENERATING APPARATUS, AND PROGRAM

PANASONIC INTELLECTUAL PR...

1. A method comprising:generating a preamble in which a first luminance value and a second luminance value alternately appear along a time axis, the first luminance value and second luminance value being different luminance values from each other;
generating a first payload in which the first luminance value and the second luminance value alternately appear along the time axis by determining a first time length of the first luminance value and a second time length of the second luminance value using a first formula, the first time length being a time length in which the first luminance value continues in the first payload, the second time length being a time length in which the second luminance value continues in the first payload, the first formula determining the first time length and the second time length according to a transmission target signal;
generating a visible light signal by joining the preamble and the first payload; and
transmitting the visible light signal by a change in luminance of a light source.

US Pat. No. 10,171,164

2D BARCODE-BASED BI-DIRECTIONAL WIRELESS TRANSMISSION SYSTEM

NATIONAL CHUNG CHENG UNIV...

1. A 2D barcode-based bi-directional wireless transmission system, comprising:a first apparatus comprising a first display screen, a first processing system and a first camera, the first processing system configured to store information, to execute software, to encode data to be transmitted into one or more 2D barcodes, to capture 2D barcodes of other apparatuses, and to decode the captured 2D barcodes;
a second apparatus comprising a second display screen, a second processing system and a second camera, the second processing system configured to store information, to execute software, to encode data to be transmitted into one or more 2D barcodes, to capture 2D barcode images of other apparatuses and to decode the captured 2D barcode images;
wherein said first apparatus is further configured to encode said data to be sent into multiple 2D barcode images, and then sequentially display said multiple 2D barcode images on the first display screen;
wherein said second apparatus is configured to use the second camera to photograph the first display screen so as to sequentially capture said multiple 2D barcode images from said first apparatus, and then decode the captured said multiple 2D barcode images into a received data for storage;
wherein said second apparatus is further configured to encode a feedback information into a first 2D barcode image and display the first 2D barcode image on the second display screen;
wherein said first apparatus is further configured to capture the first 2D barcode image of said feedback information by aiming the first camera at the second display screen and then decoding the captured first 2D barcode image of said feedback information so as to obtain said feedback information, and
wherein said second apparatus is configured to encode the data to be sent into multiple 2D barcode images and sequentially display the multiple 2D barcode images on the second display screen;
wherein said first apparatus is configured to capture the multiple 2D barcode images from said second apparatus by aiming the first camera at the second display screen, and then decode the captured 2D barcode images into a second received data for storage;
wherein said first apparatus is configured to encode a second feedback information into a second 2D barcode image and display the second 2D barcode image on the first display screen; and
wherein said second apparatus is configured to capture the 2D barcode image of said feedback information by aiming the second camera at the first display screen and then decoding the captured second 2D barcode image of said second feedback information so as to obtain said second feedback information.

US Pat. No. 10,171,157

REPEATER

DENSO CORPORATION, Kariy...

1. A repeater for organizing a communication network, the repeater comprising:a port section having a plurality of ports, the port section configured to transmit and receive frames;
a memory configured to store communication efficiency information and connection information for each of a plurality of communication nodes on the communication network; and
a repeat processor configured
to retrieve a destination address of a frame received by the port section,
to select one of the plurality of the ports of the port section to transmit the received frame based on the destination address and the connection information stored in the memory, and
to transmit the received frame from the selected port, wherein
the repeat processor is further configured to perform a distribute-transfer process when a plurality of frames having a same destination address is received by the port section, by
defining a plurality of communication paths to the same destination address by referencing the connection information stored in the memory,
selecting one or more of the plurality of communication paths as a broadest path based on a preset communication efficiency parameter, the communication efficiency information stored in the memory, and the connection information stored in the memory,
selecting one communication path as the broadest path having a high communication efficiency when more than one of the plurality of communication paths are selected as the broadest path,
distributing one of the plurality of frames having the same destination address and having a highest communication speed to a port in connection with the broadest path, wherein
the communication efficiency information indicates a communication efficiency of each of the plurality of ports of the repeater and of each of a plurality of other ports associated with the communication nodes, and wherein
the connection information indicates connections among the communication nodes on the communication network.

US Pat. No. 10,171,156

APPARATUS AND METHOD FOR TRANSMITTING UPLINK INFORMATION IN A BROADCASTING SYSTEM

Samsung Electronics Co., ...

1. A mobile broadcasting system comprising:a first terminal including a transceiver configured to receive a broadcast signal and at least one processor configured to generate a first uplink signal comprising a first broadcast service identifier (ID) and first data using the broadcast signal;
a second terminal;
a repeater; and
a transmitting station for providing a broadcast service,
wherein the transceiver is further configured to transmit the first uplink signal to the repeater,
wherein a second uplink signal comprising a second broadcast service ID and second data is transmitted from the second terminal to the repeater,
wherein, in response to the first broadcast service ID matching the second broadcast service ID, the first broadcast service ID and the second broadcast service ID are removed, by the repeater, from the first uplink signal and the second uplink signal, respectively, to store the first data and the second data in a queue corresponding to the broadcast service identified by the first broadcast ID and the second broadcast ID, and generate, by the repeater, a third uplink signal comprising the first data and the second data based on information stored in the queue, and
wherein the third uplink signal is transmitted from the repeater to a transmitting station corresponding to the broadcast service identified by the first broadcast service ID and the second broadcast service ID.

US Pat. No. 10,171,154

METHOD FOR REPORTING BEAM INDEX FOR 3D MIMO TRANSMISSION IN WIRELESS COMMUNICATION SYSTEM, AND DEVICE THEREFOR

LG ELECTRONICS INC., Seo...

1. A method of reporting a beam index by a user equipment (UE) to an enhanced Node B (eNB) in a wireless access system, the method comprising:receiving a plurality of reference signals from the eNB;
measuring a plurality of beams using the plurality of the reference signals;
reporting an index of a most preferred beam among the plurality of the beams to the eNB; and
reporting information on at least one second preferred beam, which is determined on the basis of the most preferred beam, to the eNB,
wherein the information on the at least one second preferred beam corresponds to information on an index difference between the most preferred beam and the at least one second preferred beam.

US Pat. No. 10,171,153

METHOD AND APPARATUS FOR TRANSMITTING CHANNEL STATE INFORMATION IN WIRELESS COMMUNICATION SYSTEM

LG ELECTRONICS INC., Seo...

1. A method for transmitting channel state information (CSI) by a user equipment in a wireless communication system, the method comprising:subsampling a first codebook associated with a first PMI (precoding matrix indicator) and a second codebook associated with a second PMI according to a reporting submode for 4 antenna ports,
wherein the subsampling, for selecting Discrete Fourier Transform (DFT) vectors, comprises selecting a second codebook index for the second PMI based on a first codebook index for the first PMI,
wherein the DFT vectors selected are odd-numbered vectors of vectors of a beam group constructing the first codebook if the first codebook index corresponds to an even number, and
wherein the DFT vectors selected are even-numbered vectors of the vectors of the beam group if the first codebook index corresponds to an odd number; and
transmitting the channel state information based on the subsampled first codebook and the second codebook.

US Pat. No. 10,171,147

METHOD FOR TRANSMITTING SIGNAL IN MULTIPLE-ANTENNA WIRELESS COMMUNICATION SYSTEM AND APPARATUS FOR SAME

LG ELECTRONICS INC., Seo...

1. A method of transmitting a signal, the method performed by a first base station (BS) supporting a plurality of vertical beam directions in a wireless communication system that supports multiple antennas and comprising:configuring a group of a plurality of BSs including the first BS for a user equipment (UE) at a location higher than locations of the plurality of BSs;
setting a sector for supporting coverage of the group;
determining whether to perform beamforming on the set sector for the UE;
transmitting information to other of the plurality of BSs included in the group, the information indicating that the first BS will perform beamforming for the UE when it is determined to perform the beamforming for the UE; and
transmitting the signal through the BS transmitting the information to other BSs of the plurality of BSs to the UE in an upward beam direction of the plurality of BSs.